Linus has released 6.18-rc6 for testing. "So we have a slightly larger rc6 than usual, but I think it's just the random noise and a result of pull request timings rather than due to any issues with the release. But I guess we have a couple of weeks remaining to find out."
One of the many objectives of the Linux Kernel Self-Protection Project (KSPP), which just completed ten years of work, is to ensure that all array references can be bounds-checked, even in the case of flexible array members, the size of which is not known at compile time. One of the most challenging flexible array members in the kernel is not even declared as such. Almost exactly one year ago, LWN looked at the effort to increase safety around the networking subsystem's heavily used sockaddr structure. One year later, Kees Cook is still looking for a way to bring this work to a close.
Greg Kroah-Hartman has announced the release of the 6.17.8 and 6.12.58 stable kernels. Each contains an important set of fixes. Users are advised to upgrade.
The Google Security Blog has a new post on just how well the use of Rust is working out for the Android project. We adopted Rust for its security and are seeing a 1000x reduction in memory safety vulnerability density compared to Android's C and C++ code. But the biggest surprise was Rust's impact on software delivery. With Rust changes having a 4x lower rollback rate and spending 25% less time in code review, the safer path is now also the faster one.
The SUSE Security Team has published an in-depth article on its findings after reviewing a D-Bus service contained in LightDM Greeter by KDE (the lightdm-kde-greeter package) for addition to openSUSE Tumbleweed. The team found a privilege escalation from the lightdm service user to root, as well as other attack vectors in the service: In agreement with upstream, we assigned CVE-2025-62876 to track the lightdm service user to root privilege escalation aspect described in this report. The severity of the issue is low, since it only affects defense-in-depth (if the lightdm service user were compromised) and the problematic logic can only be reached and exploited if triggered interactively by a privileged user. The fixes are contained in the 6.0.4 release of the project.
Version 145 of the Thunderbird email client has been released. Notable changes in this release include enabling DNS over HTTPS, support for Microsoft Exchange via Exchange Web Services, and quite a few bug fixes. As of 145, the project is no longer shipping 32-bit binaries for Linux on x86.
Many distributions provide support out of the proverbial box for Flatpak packages, but Fedora is unusual in that it also provides, and defaults, to its own repository of Fedora-built Flatpaks. This has been a source of confusion for Fedora users, who expect to get the Flatpak built by the original developers and hosted on Flathub. It has also been a source of conflict with upstream projects, because users complain of bugs in Flatpak packages they are not responsible for. The situation has also frustrated some Fedora developers, who would prefer to put Flathub's offerings first. A new complaint that Fedora has apparently used manifests from Flathub to build the packages for Fedoraโwithout giving credit to the original authorsโhas spurred discussions about Fedora's Flatpaks once again. While no concrete changes are on the table, yet, there may be some movement toward addressing persistent complaints.
Linux News