Linux Weekly News

Version 2.3.0 of the Lightweight Qt Desktop Environment (LXQt) has been released. The highlight of this release is continued improvement in Wayland support across LXQt components. Rather than offering its own compositor, the LXQt project takes a modular approach and works with several Wayland compositors, such as KWin, labwc, and niri.

Linux has many security features and tools that have evolved over the years to address threats as they emerge and security gaps as they are discovered. Linux security is all, as Lennart Poettering observed at the All Systems Go! conference held in Berlin, somewhat random and not a "clean" design. To many observers, that may also appear to be the case for systemd; however, Poettering said that he does have a vision for how all of the security-related pieces of systemd are meant to fit together. He wanted to use his talk to explain "how the individual security-related parts of systemd actually fit together and why they exist in the first place".

Version 1.3 of the Open Container Initiative (OCI) Runtime Specification has been released. The specification covers the configuration, execution environment, and lifecycle of containers. The most notable change in 1.3 is the addition of FreeBSD to the specification, which the FreeBSD Foundation calls "a watershed moment for FreeBSD":

The addition of cloud-native container support complements FreeBSD's already robust virtualization capabilities, particularly the powerful FreeBSD jails technology that has been a cornerstone of the operating system for over two decades. In fact, OCI containers on FreeBSD are implemented using jails as the underlying isolation mechanism, bringing together the security and resource management benefits of jails with the portability and ecosystem advantages of OCI-compliant containers.

Security updates have been issued by Debian (bind9 and gimp), Fedora (chromium, fastapi-cli, fastapi-cloud-cli, gherkin, libnbd, maturin, openapi-python-client, python-annotated-doc, python-cron-converter, python-fastapi, python-inline-snapshot, python-jiter, python-openapi-core, python-platformio, python-pydantic, python-pydantic-core, python-pydantic-extra-types, python-rignore, python-starlette, python-typer, python-typing-inspection, python-uv-build, ruff, rust-astral-tokio-tar, rust-attribute-derive, rust-attribute-derive-macro, rust-collection_literals, rust-get-size-derive2, rust-get-size2, rust-interpolator, rust-jiter, rust-manyhow, rust-manyhow-macros, rust-proc-macro-utils, rust-quote-use, rust-quote-use-macros, rust-regex, rust-regex-automata, rust-reqsign, rust-reqsign-aws-v4, rust-reqsign-command-execute-tokio, rust-reqsign-core, rust-reqsign-file-read-tokio, rust-reqsign-http-send-reqwest, rust-serde_json, rust-speedate, rust-tikv-jemalloc-sys, rust-tikv-jemallocator, and uv), Mageia (golang and libavif), Red Hat (bind9.16, pcs, and qt6-qtsvg), SUSE (colord, ffmpeg, govulncheck-vulndb, jasper, openjpeg, poppler, qatengine, qatlib, runc, sccache, and tiff), and Ubuntu (keystone, libssh, linux-hwe-6.14, linux-nvidia-tegra, linux-nvidia-tegra-5.15, linux-nvidia-tegra-igx, linux-raspi, runc-app, runc-stable, squid, squid3, and unbound).