Information on source package lxd

Available versions

Bug	bookworm	trixie	Description
CVE-2025-54291	vulnerable (no DSA)	vulnerable (no DSA)	Information disclosure in images API in Canonical LXD before 6.5 and 5 ...
CVE-2025-54290	vulnerable (no DSA)	vulnerable (no DSA)	Information disclosure in image export API in Canonical LXD before 6.5 ...
CVE-2025-54289	vulnerable (no DSA)	vulnerable (no DSA)	Privilege Escalation in operations API in Canonical LXD <6.5 on multip ...
CVE-2024-6156	vulnerable (no DSA, ignored)	vulnerable (no DSA, ignored)	Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could ...

Bug	Description
CVE-2025-54293	Path Traversal in the log file retrieval function in Canonical LXD 5.0 ...
CVE-2025-54288	Information Spoofing in devLXD Server in Canonical LXD versions 4.0 an ...
CVE-2025-54287	Template Injection in instance snapshot creation component in Canonica ...
CVE-2025-54286	Cross-Site Request Forgery (CSRF) in LXD-UI in Canonical LXD versions ...
CVE-2024-6219	Mark Laing discovered in LXD's PKI mode, until version 5.21.1, that a ...
CVE-2023-49721	An insecure default to allow UEFI Shell in EDK2 was left enabled in LX ...
CVE-2016-1582	LXD before 2.0.2 does not properly set permissions when switching an u ...
CVE-2016-1581	LXD before 2.0.2 uses world-readable permissions for /var/lib/lxd/zfs. ...
CVE-2015-8222	The lxd-unix.socket systemd unit file in the Ubuntu lxd package before ...
CVE-2015-1340	LXD before version 0.19-0ubuntu5 doUidshiftIntoContainer() has an unsa ...

DSA / DLA	Description
DSA-6028-1	lxd - security update