Version in base suite: 6.0.4-2+deb13u3 Base version: incus_6.0.4-2+deb13u3 Target version: incus_6.0.4-2+deb13u4 Base file: /srv/ftp-master.debian.org/ftp/pool/main/i/incus/incus_6.0.4-2+deb13u3.dsc Target file: /srv/ftp-master.debian.org/policy/pool/main/i/incus/incus_6.0.4-2+deb13u4.dsc changelog | 8 ++ patches/107-CVE-2026-23953.patch | 44 ++++++++++++++ patches/108-CVE-2026-23954.patch | 116 +++++++++++++++++++++++++++++++++++++++ patches/series | 2 4 files changed, 170 insertions(+) dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmpvxcj6cu3/incus_6.0.4-2+deb13u3.dsc: no acceptable signature found dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmpvxcj6cu3/incus_6.0.4-2+deb13u4.dsc: no acceptable signature found diff -Nru incus-6.0.4/debian/changelog incus-6.0.4/debian/changelog --- incus-6.0.4/debian/changelog 2025-11-22 15:21:53.000000000 +0000 +++ incus-6.0.4/debian/changelog 2026-01-22 04:06:05.000000000 +0000 @@ -1,3 +1,11 @@ +incus (6.0.4-2+deb13u4) trixie-security; urgency=high + + * Cherry-pick fixes for the following security issues: + - CVE-2026-23953 / GHSA-x6jc-phwx-hp32 + - CVE-2026-23954 / GHSA-7f67-crqm-jgh7 + + -- Mathias Gibbens Thu, 22 Jan 2026 04:06:05 +0000 + incus (6.0.4-2+deb13u3) trixie; urgency=medium * Backport fix for running nested docker in containers (Closes: #1121011) diff -Nru incus-6.0.4/debian/patches/107-CVE-2026-23953.patch incus-6.0.4/debian/patches/107-CVE-2026-23953.patch --- incus-6.0.4/debian/patches/107-CVE-2026-23953.patch 1970-01-01 00:00:00.000000000 +0000 +++ incus-6.0.4/debian/patches/107-CVE-2026-23953.patch 2026-01-21 17:33:27.000000000 +0000 @@ -0,0 +1,44 @@ +From cdf037409fbb35ab0f9fdc4e0e8cc706adbca99e Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?St=C3=A9phane=20Graber?= +Date: Tue, 20 Jan 2026 23:27:25 -0500 +Subject: [PATCH] internal/instance: Prevent line breaks in environment + variables +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +LXC doesn't currently have a syntax to hold a multi-line environment +variable in its configuration. The use of multi-line environment +variables leads to a corrupted configuration file and to a security +issue where additional lines may be added by an unprivileged user to +escalate their privileges. + +This fixes CVE-2026-23953. + +Reported-by: Rory McNamara +Signed-off-by: Stéphane Graber +--- + internal/instance/config.go | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/internal/instance/config.go b/internal/instance/config.go +index 72d7638f67..65216df3dd 100644 +--- a/internal/instance/config.go ++++ b/internal/instance/config.go +@@ -1485,7 +1485,13 @@ func ConfigKeyChecker(key string, instanceType api.InstanceType) (func(value str + // liveupdate: yes + // shortdesc: Free-form environment key/value + if strings.HasPrefix(key, "environment.") { +- return validate.IsAny, nil ++ return func(val string) error { ++ if strings.Contains(val, "\n") { ++ return errors.New("Environment variables cannot contain line breaks") ++ } ++ ++ return nil ++ }, nil + } + + // gendoc:generate(entity=instance, group=miscellaneous, key=user.*) +-- +2.47.3 diff -Nru incus-6.0.4/debian/patches/108-CVE-2026-23954.patch incus-6.0.4/debian/patches/108-CVE-2026-23954.patch --- incus-6.0.4/debian/patches/108-CVE-2026-23954.patch 1970-01-01 00:00:00.000000000 +0000 +++ incus-6.0.4/debian/patches/108-CVE-2026-23954.patch 2026-01-21 17:33:29.000000000 +0000 @@ -0,0 +1,116 @@ +From 70a216856b3929979c25fca64b6b22fe3386ee60 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?St=C3=A9phane=20Graber?= +Date: Wed, 21 Jan 2026 00:04:37 -0500 +Subject: [PATCH] incusd/instance/lxc: Restrict path of template files and + targets +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This fixes three security issues related to file templates: + + - The template target path could be made to be relative or gothrough + symlinks in a way that could lead to arbitrary write to the host + filesystem. + + - The template directory could be relative, allowing for arbitrary read + from the host filesystem. + + - The template file itself could be made relative, allowing for + arbitrary reads from the host filesystem. + +In the case of the template target path, the new logic makes use of the +kernel's openat2 system call which brings a variety of flags that can be +used to restrict path resolution and detect potential issues. + +For the template path itself, we now validate that it is a simple local +file and that the template directory isn't a symlink. + +This fixes CVE-2026-23954 + +Reported-by: Rory McNamara +Signed-off-by: Stéphane Graber +--- + .../server/instance/drivers/driver_lxc.go | 59 ++++++++++++++++++- + 1 file changed, 58 insertions(+), 1 deletion(-) + +diff --git a/internal/server/instance/drivers/driver_lxc.go b/internal/server/instance/drivers/driver_lxc.go +index 8acabfd254..e9649c0637 100644 +--- a/internal/server/instance/drivers/driver_lxc.go ++++ b/internal/server/instance/drivers/driver_lxc.go +@@ -7199,6 +7199,33 @@ func (d *lxc) templateApplyNow(trigger instance.TemplateTrigger) error { + containerMeta["privileged"] = "false" + } + ++ // Setup security check. ++ rootfsPath, err := os.OpenFile(d.RootfsPath(), unix.O_PATH, 0) ++ if err != nil { ++ return fmt.Errorf("Failed to open instance rootfs path: %w", err) ++ } ++ ++ defer func() { _ = rootfsPath.Close() }() ++ ++ checkBeneath := func(targetPath string) error { ++ fd, err := unix.Openat2(int(rootfsPath.Fd()), targetPath, &unix.OpenHow{ ++ Flags: unix.O_PATH | unix.O_CLOEXEC, ++ Resolve: unix.RESOLVE_BENEATH | unix.RESOLVE_NO_MAGICLINKS, ++ }) ++ if err != nil { ++ if errors.Is(err, unix.EXDEV) { ++ return errors.New("Template is attempting access to path outside of container") ++ } ++ ++ return nil ++ } ++ ++ f := os.NewFile(uintptr(fd), targetPath) ++ _ = f.Close() ++ ++ return nil ++ } ++ + // Go through the templates + for tplPath, tpl := range metadata.Templates { + err = func(tplPath string, tpl *api.ImageMetadataTemplate) error { +@@ -7211,8 +7238,38 @@ func (d *lxc) templateApplyNow(trigger instance.TemplateTrigger) error { + return nil + } + ++ // Perform some security checks. ++ relPath := strings.TrimLeft(tplPath, "/") ++ ++ err = checkBeneath(relPath) ++ if err != nil { ++ return err ++ } ++ ++ if filepath.Base(tpl.Template) != tpl.Template { ++ return errors.New("Template path is attempting to read outside of template directory") ++ } ++ ++ tplDirStat, err := os.Lstat(d.TemplatesPath()) ++ if err != nil { ++ return fmt.Errorf("Couldn't access template directory: %w", err) ++ } ++ ++ if !tplDirStat.IsDir() { ++ return errors.New("Template directory isn't a regular directory") ++ } ++ ++ tplFileStat, err := os.Lstat(filepath.Join(d.TemplatesPath(), tpl.Template)) ++ if err != nil { ++ return fmt.Errorf("Couldn't access template file: %w", err) ++ } ++ ++ if tplFileStat.Mode()&os.ModeSymlink == os.ModeSymlink { ++ return errors.New("Template file is a symlink") ++ } ++ + // Open the file to template, create if needed +- fullpath := filepath.Join(d.RootfsPath(), strings.TrimLeft(tplPath, "/")) ++ fullpath := filepath.Join(d.RootfsPath(), relPath) + if util.PathExists(fullpath) { + if tpl.CreateOnly { + return nil +-- +2.47.3 diff -Nru incus-6.0.4/debian/patches/series incus-6.0.4/debian/patches/series --- incus-6.0.4/debian/patches/series 2025-11-22 15:21:53.000000000 +0000 +++ incus-6.0.4/debian/patches/series 2026-01-22 04:05:21.000000000 +0000 @@ -15,3 +15,5 @@ 106a-GHSA-56mx-8g9f-5crf.patch 106b-GHSA-56mx-8g9f-5crf.patch 106c-GHSA-56mx-8g9f-5crf.patch +107-CVE-2026-23953.patch +108-CVE-2026-23954.patch