Latest Linux and open source news from around the web
Greg Kroah-Hartman has announced the release of the 7.0.5, 6.18.28, 6.12.87, and 6.6.138 stable kernels. These kernels contain a partial fix for the Dirty Frag and Copy Fail 2 security flaws. Kroah-Hartman has confirmed that a second patch is required, but it is still in development and has not yet been merged.
AMD software engineers continue rapidly advancing their open-source software efforts around local AI/LLM use on consumer-class Radeon and Ryzen hardware. AMD GAIA 0.17.6 was released on Thursday with more improvements for local AI processing on Windows, Linux, and even macOS. For those trusting enough in local LLM pipelines to do the right thing, there is even integration now for AMD GAIA to interface with your Gmail account...
With Intel's recently-launched Bartlett Lake P-core-only processors intended for the embedded market, there is a rather surprising oversight under Linux: the Intel P-State driver reporting a 7.0+ GHz clock speed. While many would yearn for a 7GHz CPU, the Core 9 273PE where this issue was discovered in reality can only boost up to 5.7GHz for its maximum turbo frequency...
Star Labs' StarFighter Linux laptop is now available with Intel and AMD options, coreboot firmware, LVFS updates, and a 16-inch display.
If you haven’t tried Ubuntu’s ‘Permission Prompting’ feature for a while, there’s more reason to do so in the latest release. Canonical’s Oliver Calder has shared an update on recent improvements to the security feature, which sets out to “empower users” by letting them decide what software can access on the rest of the system at runtime rather than retrospectively. Android or iOS show similar prompts, with screen modals asking if you want to “allow Acme App to access the camera” and similar. Ubuntu’s app prompting effort is still an ‘experimental’ feature in 26.04 LTS, but is now said to […]
Hyunwoo Kim has announced the Dirty Frag security flaw, a local-privilege-escalation (LPE) vulnerability similar to the recently disclosed Copy Fail flaw: Because the embargo has now been broken, no patches or CVEs exist for these vulnerabilities. After consultation with the linux-distros@vs.openwall.org maintainers, and at the maintainers' request, I am publicly releasing this Dirty Frag document. As with the previous Copy Fail vulnerability, Dirty Frag likewise allows immediate root privilege escalation on all major distributions. Kim, who discovered the flaw and had attempted a coordinated disclosure set for May 12, has released the code for an exploit, as well as a example script to remove the vulnerable modules. A full write-up, with the disclosure timeline, is also available. It's unknown at this time whether this is an example of parallel discovery or how the third party was able to disclose it prior to the end of the embargo. We will be following up as more information comes to
Built on Debian Trixie, Synex aims to cut post‑install busywork with sensible defaults, app choices up front, and a clean KDE Plasma experience. The post Synex 13 Puts a Minimalist Spin on Debian for Work and Home appeared first on FOSS Force.
One week after the Copy Fail vulnerability, a new Linux local privilege escalation bug has been made public. This time around there are no patches or CVEs yet for this "Dirty Frag" vulnerability as the embargo was broken early and thus the security researcher went ahead and published earlier than anticipated...
Ubuntu Touch OTA 1.3 update is now rolling out with improvements to handling of desktop apps on Lomiri, improved handling of docks with input devices, improved playback of AMR voice message sent via MMS, and other changes.
Not a good week for Ubuntu fans.
Following Linux 7.1 beginning to phase out i486 CPU support and in turn drivers like those for the old AMD Elan SoCs now being removed, for Linux 7.2 the processor support removal is going further to now include some i586 and i686 class processors...
Yazi makes it easier to build your terminal-first workflow by giving you a pwoerful, featuree-rich file manager.
UBports releases Ubuntu Touch 24.04-1.3 while preparing 24.04-2.0, targeting a newer Morph Browser stack with Qt 6 work.
KDE Gear 26.04.1 is now available as the first maintenance update to the latest KDE Gear 26.04 open-source software suite series with fixes for various KDE applications.
Traefik Proxy 3.7 adds production-ready Ingress NGINX migration support, new TLS certificate visibility, and Gateway API 1.5.1 updates.
Linux News