Latest Linux and open source news from around the web

Practical Vim Sponsored · View on Amazon → Docker Deep Dive Sponsored · View on Amazon →
OMG! Ubuntu

Snap Store will be down for maintenance this weekend

Canonicalโ€™s Snap Store will be shutting down for database maintenance this weekend, meaning users wonโ€™t be able to install or update snap software until itโ€™s back online. The planned downtime starts on Sunday, 5 July 2026 at 22:00 UTC and is expected to last for four hours, coming back online on Monday, 6 July at 02:00 UTC. During the maintenance you will not be able to install or update snaps. If thereโ€™s a snap app youโ€™ve been wanting to try, or your IoT or core device runs automated tasks during the affected window, youโ€™ll need to plan accordingly To make [โ€ฆ]

LWN.net

Four vulnerabilities in Guix

The GNU Guix project has announced three vulnerabilities in the guix substitute utility as well as a fourth that affects the guix pull and guix time-machine commands. The impact of the vulnerabilities ranges from remote-privilege escalation to local disclosure of sensitive files. The remote exploitation of guix substitute only requires that the vulnerable system attempt to download a binary substitute. Any configured substitute server, including ones discovered using guix-daemon's --discover option, can exploit this, and so can a man-in-the-middle (MITM), regardless of whether https is used in the substitute server urls. The local exploitation of guix substitute only requires the ability to connect to guix-daemon's socket, which by default any user can do. Separately, another security issue (CVE ID pending) was identified in guix pull and guix time-machine, which enables anyone who can control the channels file used by these commands to cause a file to be created or overwritten whereve

LWN.net

[$] Limiting negative dentries

A number of problems related to negative directory entries (dentries) were the topic of a filesystem-track session at the 2026 Linux Storage, Filesystem, Memory Management, and BPF Summit. Negative dentries are used to indicate that a file of a given name does not exist in a directory; it is an optimization that short-circuits the lookup of the file name when the answer is already known. Miklos Szeredi led a session that discussed some problems that come from having too many negative dentries for a directory.

LWN.net

Security updates for Friday

Security updates have been issued by AlmaLinux (389-ds-base, bind9.18, evince, fence-agents, freerdp, frr, frr10, gimp, gnutls, hplip, jmc, mariadb:11.8, mysql:8.4, php:7.4, postgresql-jdbc, postgresql:15, postgresql:16, valkey, xorg-x11-server, and xorg-x11-server-Xwayland), Debian (fastnetmon), Fedora (7zip, apptainer, cpp-httplib, mysql8.4, and nmap), Oracle (freerdp, giflib, glib2, glibc, kernel, libreoffice, libvirt, mariadb:10.11, postgresql, python3.11, python3.12, rrdtool, and thunderbird), Red Hat (buildah, podman, and skopeo), SUSE (alloy, apache2, buildah, c3p0, containerd, crun, cups, dhcpcd, dnsmasq, docker-stable, dracut, editorconfig-core-c, ffmpeg-7, fontforge, google-guest-agent, google-osconfig-agent, graphicsmagick, gstreamer-plugins-bad, gstreamer-plugins-good, helm, jackson-annotations, jackson-core, jackson-databind, jline3, kernel, kubectl-cnpg, lcms2, libslirp, libssh2_org, libxreaderdocument3, openbabel, openssl-3, pacemaker, perl-CGI-Session, perl-list-someuti

Phoronix

Coreboot + AMD openSIL On MSI Ryzen Motherboard Now Works With Windows 11

With 3mdeb's Dasharo port of AMD openSIL and Coreboot running on the Gigabyte EPYC motherboard, 3mdeb engineers have been devoting more time to their bring-up of Coreboot+openSIL on the MSI PRO B850-P consumer motherboard for desktop AMD Ryzen. They now even have Microsoft Windows 11 working atop this open-source firmware alternative along with other features implemented...

Phoronix

Rust Coreutils cp Ended Up Breaking Ubuntu Image Builds With Latest Incompatibility

While the Rust Coreutils offers better memory safety than GNU Coreutils due to being written in the Rust programming language, subtle incompatibilities continue to be spotted in the Rust Coreutils implementations of the different commands. The latest coming to light this week was the Rust Coreutils cp command breaking Ubuntu image builds due to differences in argument handling...

Phoronix

NVIDIA VR-NVL BMC Device Tree Being Upstreamed For OpenBMC Support

NVIDIA's latest Linux kernel mailing list patches are for providing the Device Tree for the baseboard management controller (BMC) of their Vera Rubin VR-NVL server platform. With the Linux kernel patches and also for U-Boot, it's part of the upstreaming effort for supporting the open-source OpenBMC software on their latest hardware...