Latest Linux and open source news from around the web

The Art of UNIX Programming Sponsored · View on Amazon → WD Black SN7100 1TB NVMe SSD Sponsored · View on Amazon →
Foss Force

ODF: Open by Design, Not by Marketing

ODF was built in the open, under public standards bodies, to be fully implementable by anyone. OOXML’s β€œstandard” status hides a legacy format that only Microsoft can truly unlock. The post ODF: Open by Design, Not by Marketing appeared first on FOSS Force.

LWN.net

[$] The many failures leading to the LiteLLM compromise

LiteLLM is a gateway library providing access to a number of large language models (LLMs); it is popular and widely used. On March 24, the word went out that the version of LiteLLM found in the Python Package Index (PyPI) repository had been compromised with information-stealing malware and downloaded thousands of times, sparking concern across the net. This may look like just another supply-chain attack β€” and it is β€” but the way it came about reveals just how many weak links there are in the software supply chains that we all depend on.

LWN.net

The telnyx packages on PyPI have been compromised

The SafeDep blog reports that compromised versions of the telnyx package have been found in the PyPI repository: Two versions of telnyx (4.87.1 and 4.87.2) published to PyPI on March 27, 2026 contain malicious code injected into telnyx/_client.py. The telnyx package averages over 1 million downloads per month (~30,000/day), making this a high-impact supply chain compromise. The payload downloads a second-stage binary hidden inside WAV audio files from a remote server, then either drops a persistent executable on Windows or harvests credentials on Linux/macOS.

LWN.net

Security updates for Friday

Security updates have been issued by AlmaLinux (389-ds:1.4, gnutls, mysql:8.0, mysql:8.4, nginx, nginx:1.24, opencryptoki, python3, vim, and virt:rhel and virt-devel:rhel), Debian (firefox-esr, ruby-rack, and thunderbird), Fedora (fontforge, headscale, kryoptic, libopenmpt, pyOpenSSL, python-cryptography, rubygem-json, rust-asn1, rust-asn1_derive, rust-cryptoki, rust-cryptoki-sys, rust-wycheproof, vim, and vtk), Oracle (freerdp, golang, mysql:8.0, and ncurses), Red Hat (osbuild-composer), Slackware (libpng and tigervnc), SUSE (chromium, frr, kea, kernel, nghttp2, pgvector, python-deepdiff, python-pyasn1, python-tornado6, python-urllib3, python3, python310, ruby2.5, salt, sqlite3, systemd, tomcat, vim, and xen), and Ubuntu (libcryptx-perl).

Phoronix

KDE Plasma 6.6 Showing Frequent Performance Advantage Over GNOME 50 With NVIDIA R595 Driver

Earlier this week I provided benchmarks looking at KDE Plasma 6.6's performance advantage over GNOME 50 for Linux gaming with AMD Radeon graphics. That raised the question if the same was true when using NVIDIA graphics with their official Linux graphics driver stack. Here are such benchmarks looking at the KDE Plasma 6.6 and GNOME 50 performance on Ubuntu 26.04 beta while using the new NVIDIA 595.58.03 Linux driver.

Phoronix

Intel Xe Driver Improves Memory Pressure / Out-Of-Memory Behavior For vRAM With Linux 7.1

Following the Intel Xe kernel graphics driver pull request landing transparent hugepages for device pages as an SVM win, another round of Intel Xe driver updates were sent out this week ahead of next month's Linux 7.1 merge window. This latest pull request lands a new user-space API for helping the Intel Xe driver better cope with situations of video memory pressure / out-of-memory behavior for vRAM...