Register | Log in

lxd

Powerful system container and virtual machine manager - daemon

Choose email to subscribe with

general

source: lxd (main)
version: 5.0.2+git20231211.1364ae4-9
maintainer: Debian Go Packaging Team (DMD)
uploaders: Mathias Gibbens [DMD]
arch: all any
std-ver: 4.7.2
VCS: Git (Browse)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 5.0.2-5
stable: 5.0.2+git20231211.1364ae4-9

versioned links

5.0.2-5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
5.0.2+git20231211.1364ae4-9: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

golang-github-canonical-lxd-dev
lxd
lxd-agent
lxd-client
lxd-migrate
lxd-tools

package is gone

This package is not in any development repository. This probably means that the package has been removed (or has been renamed). Thus the information here is of little interest ... the package is going to disappear unless someone takes it over and reintroduces it.

action needed

Debci reports failed tests high

unstable: fail (log)
The tests ran in 0:00:22
Last run: 2025-08-27T01:32:05.000Z
Previous status: unknown

testing: pass (log)
The tests ran in 0:03:03
Last run: 2025-08-01T01:31:38.000Z
Previous status: unknown

stable: pass (log)
The tests ran in 0:03:12
Last run: 2025-08-20T12:53:40.000Z
Previous status: unknown

Created: 2025-08-27 Last update: 2025-10-07 18:32

9 security issues in trixie high

There are 9 open security issues in trixie.

8 important issues:

CVE-2025-54286: Cross-Site Request Forgery (CSRF) in LXD-UI in Canonical LXD versions >= 5.0 on Linux allows an attacker to create and start container instances without user consent via crafted HTML form submissions exploiting client certificate authentication.
CVE-2025-54287: Template Injection in instance snapshot creation component in Canonical LXD (>= 4.0) allows an attacker with instance configuration permissions to read arbitrary files on the host system via specially crafted snapshot pattern templates using the Pongo2 template engine.
CVE-2025-54288: Information Spoofing in devLXD Server in Canonical LXD versions 4.0 and above on Linux container platforms allows attackers with root privileges within any container to impersonate other containers and obtain their metadata, configuration, and device information via spoofed process names in the command line.
CVE-2025-54289: Privilege Escalation in operations API in Canonical LXD <6.5 on multiple platforms allows attacker with read permissions to hijack terminal or console sessions and execute arbitrary commands via WebSocket connection hijacking format
CVE-2025-54290: Information disclosure in image export API in Canonical LXD before 6.5 and 5.21.4 on Linux allows network attackers to determine project existence without authentication via crafted requests using wildcard fingerprints.
CVE-2025-54291: Information disclosure in images API in Canonical LXD before 6.5 and 5.21.4 on all platforms allows unauthenticated remote attackers to determine project existence via differing HTTP status code responses.
CVE-2025-54292: Path traversal in Canonical LXD LXD-UI versions before 6.5 and 5.21.4 on all platforms allows remote authenticated attackers to access or modify unintended resources via crafted resource names embedded in URL paths.
CVE-2025-54293: Path Traversal in the log file retrieval function in Canonical LXD 5.0 LTS on Linux allows authenticated remote attackers to read arbitrary files on the host system via crafted log file names or symbolic links.

1 ignored issue:

CVE-2024-6156: Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust store.

Created: 2025-08-09 Last update: 2025-10-04 06:30

9 security issues in bookworm high

There are 9 open security issues in bookworm.

8 important issues:

CVE-2025-54286: Cross-Site Request Forgery (CSRF) in LXD-UI in Canonical LXD versions >= 5.0 on Linux allows an attacker to create and start container instances without user consent via crafted HTML form submissions exploiting client certificate authentication.
CVE-2025-54287: Template Injection in instance snapshot creation component in Canonical LXD (>= 4.0) allows an attacker with instance configuration permissions to read arbitrary files on the host system via specially crafted snapshot pattern templates using the Pongo2 template engine.
CVE-2025-54288: Information Spoofing in devLXD Server in Canonical LXD versions 4.0 and above on Linux container platforms allows attackers with root privileges within any container to impersonate other containers and obtain their metadata, configuration, and device information via spoofed process names in the command line.
CVE-2025-54289: Privilege Escalation in operations API in Canonical LXD <6.5 on multiple platforms allows attacker with read permissions to hijack terminal or console sessions and execute arbitrary commands via WebSocket connection hijacking format
CVE-2025-54290: Information disclosure in image export API in Canonical LXD before 6.5 and 5.21.4 on Linux allows network attackers to determine project existence without authentication via crafted requests using wildcard fingerprints.
CVE-2025-54291: Information disclosure in images API in Canonical LXD before 6.5 and 5.21.4 on all platforms allows unauthenticated remote attackers to determine project existence via differing HTTP status code responses.
CVE-2025-54292: Path traversal in Canonical LXD LXD-UI versions before 6.5 and 5.21.4 on all platforms allows remote authenticated attackers to access or modify unintended resources via crafted resource names embedded in URL paths.
CVE-2025-54293: Path Traversal in the log file retrieval function in Canonical LXD 5.0 LTS on Linux allows authenticated remote attackers to read arbitrary files on the host system via crafted log file names or symbolic links.

1 ignored issue:

CVE-2024-6156: Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust store.

Created: 2024-12-06 Last update: 2025-10-04 06:30

1 security issue in forky high

There is 1 open security issue in forky.

1 important issue:

CVE-2024-6156: Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust store.

Created: 2025-08-09 Last update: 2025-08-13 17:04

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2024-6156: Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust store.

Created: 2024-12-06 Last update: 2025-08-10 06:32

news

[2025-08-14] lxd REMOVED from testing (Debian testing watch)
[2025-05-08] lxd 5.0.2+git20231211.1364ae4-9 MIGRATED to testing (Debian testing watch)
[2025-04-27] Accepted lxd 5.0.2+git20231211.1364ae4-9 (source) into unstable (Mathias Gibbens)
[2025-03-01] lxd 5.0.2+git20231211.1364ae4-8 MIGRATED to testing (Debian testing watch)
[2025-02-23] Accepted lxd 5.0.2+git20231211.1364ae4-8 (source) into unstable (Mathias Gibbens)
[2024-08-20] lxd 5.0.2+git20231211.1364ae4-7 MIGRATED to testing (Debian testing watch)
[2024-08-17] Accepted lxd 5.0.2+git20231211.1364ae4-7 (source) into unstable (Reinhard Tartler)
[2024-08-09] Accepted lxd 5.0.2+git20231211.1364ae4-6 (source) into experimental (Reinhard Tartler)
[2024-06-15] lxd 5.0.2+git20231211.1364ae4-5 MIGRATED to testing (Debian testing watch)
[2024-06-12] Accepted lxd 5.0.2+git20231211.1364ae4-5 (source) into unstable (Mathias Gibbens)
[2024-05-01] lxd 5.0.2+git20231211.1364ae4-4 MIGRATED to testing (Debian testing watch)
[2024-04-11] Accepted lxd 5.0.2+git20231211.1364ae4-4 (source) into unstable (Mathias Gibbens)
[2024-01-24] lxd 5.0.2+git20231211.1364ae4-3 MIGRATED to testing (Debian testing watch)
[2024-01-21] Accepted lxd 5.0.2+git20231211.1364ae4-3 (source) into unstable (Mathias Gibbens)
[2024-01-17] lxd 5.0.2+git20231211.1364ae4-2 MIGRATED to testing (Debian testing watch)
[2024-01-09] Accepted lxd 5.0.2+git20231211.1364ae4-2 (source) into unstable (Mathias Gibbens)
[2024-01-08] Accepted lxd 5.0.2+git20231211.1364ae4-1 (source all amd64) into unstable (Debian FTP Masters) (signed by: Mathias Gibbens)
[2023-11-26] lxd 5.0.2-6 MIGRATED to testing (Debian testing watch)
[2023-11-23] Accepted lxd 5.0.2-6 (source) into unstable (Mathias Gibbens)
[2023-05-12] lxd 5.0.2-5 MIGRATED to testing (Debian testing watch)
[2023-05-05] Accepted lxd 5.0.2-5 (source) into unstable (Mathias Gibbens)
[2023-04-23] Accepted lxd 5.0.2-4 (source) into unstable (Mathias Gibbens)
[2023-03-28] lxd 5.0.2-3 MIGRATED to testing (Debian testing watch)
[2023-03-08] Accepted lxd 5.0.2-3 (source) into unstable (Mathias Gibbens)
[2023-01-24] lxd 5.0.2-2 MIGRATED to testing (Debian testing watch)
[2023-01-18] Accepted lxd 5.0.2-2 (source) into unstable (Mathias Gibbens)
[2023-01-17] Accepted lxd 5.0.2-1 (source) into unstable (Mathias Gibbens)
[2023-01-12] lxd 5.0.1-5 MIGRATED to testing (Debian testing watch)
[2023-01-08] Accepted lxd 5.0.1-5 (source) into unstable (Mathias Gibbens)
[2023-01-03] lxd 5.0.1-4 MIGRATED to testing (Debian testing watch)

1
2

bugs [bug history graph]

all: 1
RC: 1
I&N: 0
M&W: 0
F&P: 0
patch: 0

links

homepage
buildd: logs, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debci

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing