Multiple vulnerabilities in LXD, a container and virtual machine manager, could lead to privilege escalation or arbitrary command execution. The critical CVE-2026-33897 has a CVSS score of 9.9, and CVE-2026-33542 is rated 4.8. According to NVD data, affected versions are LinuxContainers Incus prior to version 6.23.0, which contains the fixes.
[SECURITY] [DSA 6188-1] lxd security update To : debian-security-announce@lists.debian.org Subject : [SECURITY] [DSA 6188-1] lxd security update From : Moritz Muehlenhoff < jmm@debian.org > Date : Tue, 31 Mar 2026 20:52:43 +0000 Message-id : < [🔎] acw0G5WWFdOa8TAb@seger.debian.org > Reply-to : debian-security-announce-request@lists.debian.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6188-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff March 31, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : lxd CVE ID : CVE-2026-28384 CVE-2026-33542 CVE-2026-33897 Multiple security issues were discovered in LXD, a system container and virtual machine manager, which could result in privilege escalation or the execution of arbitrary commands. For the oldstable distribution (bookworm), these problems have been fixed in version 5.0.2-5+deb12u4. For the stable distribution (trixie), these problems have been fixed in version 5.0.2+git20231211.1364ae4-9+deb13u4. We recommend that you upgrade your lxd packages. For the detailed security status of lxd please refer to its security tracker page at: https://security-tracker.debian.org/tracker/lxd Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmnMNAcACgkQEMKTtsN8 TjYDxA//Q2nv2zwxez9Q+ymzzD8sWA/4Q9hDUHDu54/BLaVkVHUeUwfdYipv22hB /I5g8qCCRHTGFR9DoWnXfIhzLZL5rjxi7U84fVecDCAF96l/vfQ5sdossKAiO7yK QR65SnyySw3/s05N63T0zo9PygvGEHivF/0uVY1c+YZYAQ5CXGMHeWgds0eYa39v ZNYjg8FXNv9NSQOIAlp/9RNR/yMB78A//JTTm3NlmslojDn16dvAPCCbx0d/bAgx eEXfwgUpiIcchhkybdjSgvLd/hCxJiJrOpVQuoVosX5K/4RpABuc1XLgSUrpLTWA yQgkHVeGHmIqKIeJCr56rrL/y/vbCnpZJ/oiH5Gbqabd0/aw1yPHyDHQ3dlRdJA9 +bQaV8EVxYAkd3Ooi6KR36cBK/WWTtn1YhF7aL2Wmu8vFTPj2uxtxhj1VOF5pVL4 APqczyGN+wnBovdF3/a6h7j3F2j2ETibXzen1XOz4ITiKBEjW6fxTnZA2jnfy8iT bc8vXuzudRjsJ43DFrJIRLwUbo/ITzH4+fjbGSlUnn9CvXeoyGn7xmpAlzZIhute JDVhvMDJciJWaM6uvXHdIdIWL85ssaPHGWnAN3n3dT8VZBj1UqUQzGIuYKG+sdpN zXDnu23mh+x8yS91TVO32o2EbbSIMNbPLIX3YhsdhmQ+PP8nR70= =8O84 -----END PGP SIGNATURE----- Reply to: debian-security-announce@lists.debian.org Moritz Muehlenhoff (on-list) Moritz Muehlenhoff (off-list) Prev by Date: [SECURITY] [DSA 6187-1] php-phpseclib3 security update Next by Date: [SECURITY] [DSA 6189-1] libpng1.6 security update Previous by thread: [SECURITY] [DSA 6187-1] php-phpseclib3 security update Next by thread: [SECURITY] [DSA 6189-1] libpng1.6 security update Index(es): Date Thread