Feed aggregator

Inside this week's LWN.net Weekly Edition:

• Front: Fedora AI; Forgejo "carrot" disclosure; memory-management maintainership; huge THPs; mshare; 64KB base pages; DAMON; direct map.
• Briefs: Dirty Frag; Fragnesia; Mythos and curl; killswitch; Debian reproducible builds; KDE investment; Quotes ...
• Announcements: Newsletters, conferences, security updates, patches, and more.

CentOS as a group is a community of open source contributors and users which started in 2003 and has been sponsored by Red Hat since 2014. CentOS Linux versions up to CentOS Linux 8 are 100% compatible rebuilds of Red Hat Enterprise Linux, in full compliance with Red Hat's redistribution requirements. In 2020 it was announced CentOS Linux is being discontinued and replaced with CentOS Stream, a developer-focused distribution which acts as a middle-stream between Fedora and Red Hat Enterprise Linux.

Luberri Linux is a desktop-oriented distribution based on Linux Mint, with Cinnamon as the preferred desktop. It is localised into the Basque language and is primarily intended for the Basque-speaking users, although it supports the Spanish language as well. Luberri Linux is especially appropriate for use in educational institutions as it includes five years of support, regular updates, integration with Active Directory on Windows, and a vast range of applications suitable for learning varied subjects, such as typing, chemistry, geography, mathematics, programming, or mind and concept maps.

Aurora is a Fedora Silverblue-based Linux distribution with the goal of being a general-purpose workstation. It uses the KDE Plasma desktop. Like Fedora Silverblue, Aurora's root filesystem is immutable (read-only), which makes the system more stable, less prone to bugs, and easier to test and develop. Updates, upgrades and rollbacks to a previous image are available via the rpm-ostree utility. The distribution also features Flatpak applications and Toolbox containers.

A push by Red Hat employees to create a Fedora "AI Developer Desktop" with support for out-of-tree kernel drivers and AI toolkits has been met with objections from some long-time members of the Fedora community. After more than a month of sometimes heated discussion, the Fedora Council had voted to approve the initiative; however, a last-minute change to vote against the proposal by council member Justin Wheeler has (at least temporarily) sent it back to the drawing board.

Sam James has sent an announcement to the OSS Security mailing list about another local-privilege-escalation (LPE) exploit in the same class as Dirty Frag, called "Fragnesia". From the disclosure:

This is a separate bug in the ESP/XFRM from dirtyfrag which has received its own patch. However, it is in the same surface and the mitigation is the same as for dirtyfrag.

It abuses a logic bug in the Linux XFRM ESP-in-TCP subsystem to achieve arbitrary byte writes into the kernel page cache of read-only files, without requiring any race condition.

James noted that there is a patch in the works, but it has not yet been pulled into Linus Torvalds's tree nor into any of the stable kernels. A proof of concept exploit is also available.

When Brendan Jackman proposed a session for the 2026 Linux Storage, Filesystem, Memory Management, and BPF Summit, his topic was "a pagetable library for the kernel". During the actual memory-management-track session, though, he stated that the idea had "fizzled" and he was going to cover related topics instead. What resulted was a session on ways to efficiently manage pages that are not present in the kernel's direct map.

Linux can share memory between processes, but each process (almost always) has its own set of page tables. In situations where vast numbers of processes are sharing a memory region, the combined size of the page tables can exceed that of the shared memory itself. There has, thus, long been an interest in enabling unrelated processes to share page tables referring to shared memory. Anthony Yznaga is the latest developer to try to push this idea (known as "mshare") forward; he described the status of that work in a memory-management-track discussion at the 2026 Linux Storage, Filesystem, Memory Management, and BPF Summit (LSFMM+BPF).

Security updates have been issued by AlmaLinux (corosync, freerdp, git-lfs, glib2, jq, kernel-rt, krb5, libpng, libtiff, openexr, and thunderbird), Debian (exim4), Mageia (apache, perl-Gazelle, php, and sed), Slackware (expat), SUSE (assimp-devel, go1.26, libQt6Svg6, python-jupyterlab, raylib, thunderbird, tor, and trivy), and Ubuntu (exim4).

The KDE project has announced that it has been awarded over €1 million from the Sovereign Tech Fund to improve its desktop-environment software. "The investment will be used to strengthen the structural reliability and security of KDE's core infrastructure, including Plasma, KDE Linux, and the frameworks underlying its communication services."

KLV-Airedale is an independently-developed, general-purpose and minimalist Linux distribution featuring a customised Xfce desktop. It is compatible with Void, as it uses Void's package management tools and repositories. The distribution is built using a custom build script called FirstRib, which deploys the OverlayFS filesystem to provide a frugal install, Squashfs capabilities, and an option to copy the system to RAM (copy2ram). Like Void, KLV-Airedale uses the runit init system.

StartOS is a Debian-based Linux distribution optimised for personal servers. It facilitates the discovery, installation, network configuration, service configuration, data backup, dependency management and health monitoring of self-hosted software services. After installation, the distribution boots into a Firefox browser with several services pre-installed and others, including various Bitcoin, communication, data and artificial intelligence services available from the project's online marketplace. The server can be accessed locally or from anywhere in the world via Tor network's Onion service. The distribution is developed by Start9 Labs, Inc.

Unraid OS is a Linux-based commercial operating system designed to provide an easy-to-use and flexible platform for building and managing a Network-Attached Storage (NAS). Some of Unraid's main features include the ability to mix and match drives of different sizes, an easy-to-use web interface for managing storage, virtual machines and Docker containers, protection to safeguard against drive failures, ability to expand the storage by adding more drives.

NetBSD is a free, secure, and highly portable UNIX-like Open Source operating system available for many platforms, from 64-bit AlphaServers and desktop systems to handheld and embedded devices. Its clean design and advanced features make it excellent in both production and research environments, and it is user-supported with complete source. Many applications are easily available through The NetBSD Packages Collection.

The kernel's dma-buf subsystem provides a way for drivers to share memory buffers, usually in order to support efficient device-to-device I/O. At the 2026 Linux Storage, Filesystem, Memory Management, and BPF Summit, Pavel Begunkov, assisted by Kanchan Joshi, led a joint session of the storage and memory-management tracks to explore ways to make the use of dma-bufs more efficient yet, and to make them available for read and write operations initiated by user space.

As a general rule, when developers talk about huge pages, they are referring to PMD-level pages that are 1MB or 2MB in size, depending on the CPU architecture. Most CPUs can support other huge-page sizes, though. On x86 systems, PUD-level huge pages hold 1GB of data. Providing such large pages transparently to processes has generally not been considered as either feasible or desirable, but Usama Arif is trying to change that assessment. At the 2026 Linux Storage, Filesystem, Memory Management, and BPF Summit, he led a session in the memory-management track on how to make transparent huge pages (THPs) truly huge.

Security updates have been issued by AlmaLinux (freerdp, glib2, libsoup3, and openexr), Debian (dnsmasq, p7zip, p7zip-rar, python-authlib, and rails), Fedora (chromium, firefox, httpd, and nss), SUSE (java-25-openj9, krb5, libmodsecurity3, and mcphost), and Ubuntu (imagemagick, linux, linux-aws, linux-aws-fips, linux-aws-hwe, linux-azure-4.15, linux-fips, linux-gcp, linux-gcp-4.15, linux-gcp-fips, linux-hwe, linux-kvm, linux-oracle, linux-azure, linux-azure-fips, linux-oracle, linux-azure-5.15, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, and linux-raspi).

Archcraft is a minimal Linux distribution based on Arch Linux. The project provides a graphical user interface using minimal window managers rather than full featured desktop environments. Archcraft is installed using the Calamares system installer and includes the yay package manager to facilitate fetching software from the Arch User Repository.

Flatcar Container Linux is a container-optimized operating system based on Gentoo Linux. It is a minimal operating system image which includes only the tools needed to run containers and it supports all of the popular methods for running containers. The distribution ships an immutable filesystem and includes automatic atomic updates. Flatcar Container Linux runs on most cloud providers, virtualization platforms and bare metal servers.

Bluefin is an Linux distribution, based on Fedora Silverblue or CentOS, that aims to provide a stable and secure system with pre-installed software and hardware support, GNOME desktop, Flatpak integration, and Distrobox inclusion. It features an immutable, read-only root file system, enhancing system stability and security. Bluefin provides various editions of the product, including "gts" (based on the previous stable version of Fedora), "stable" (based on the current stable version of Fedora), and "lts" (based on the current version of CentOS Stream). It also offers a developer mode with various tools and container-based technologies for developers.