Feed aggregator

Greg Kroah-Hartman has released the 7.0.3, 6.18.26, 6.12.85, 6.6.137, 6.1.170, 5.15.204, and 5.10.254 stable kernels. The 7.0.3 and 6.18.26 kernels only contain fixes needed for Xen users; the others, though, have backported fixes for the recently disclosed AEAD socket vulnerability. Kroah-Hartman advises that all users of the other kernel series must upgrade.

Security updates have been issued by AlmaLinux (buildah, firefox, gdk-pixbuf2, giflib, grafana, java-1.8.0-openjdk, java-21-openjdk, LibRaw, OpenEXR, PackageKit, pcs, python3.11, python3.12, python3.9, sudo, tigervnc, vim, xorg-x11-server, xorg-x11-server-Xwayland, yggdrasil, and yggdrasil-worker-package-manager), Debian (calibre, firefox-esr, and openjdk-17), Fedora (asterisk, binaryen, buildah, dokuwiki, lemonldap-ng, libexif, libgcrypt, miniupnpd, openvpn, podman, python3.9, rust-rpm-sequoia, skopeo, and xdg-dbus-proxy), Red Hat (buildah, gdk-pixbuf2, and nodejs:20), SUSE (dnsdist, libheif, openCryptoki, polkit, sed, and xen), and Ubuntu (linux-bluefield, python-marshmallow, and roundcube).

Commodore OS Vision is a 64-bit Linux distribution which was originally based on Linux Mint and is now an unofficial spin of MX Linux. This distribution was created for Commodore enthusiasts and people who appreciate a retro style interface. Commodore OS Vision uses the MATE desktop interface and features a retro look and effects. It has a classic Commodore slant with a selection of applications reminiscent of their classic Amiga counterparts.

The Amnesic Incognito Live System (Tails) is a Debian-based live DVD/USB with the goal of providing complete Internet anonymity for the user. The product ships with several Internet applications, including web browser, IRC client, mail client and instant messenger, all pre-configured with security in mind and with all traffic anonymised. To achieve this, Incognito uses the Tor network to make Internet traffic very hard to trace.

Bicom Systems' SERVERware is a commercial, Gentoo-based, purpose-built virtualization platform designed specifically for telephony and cloud-based Unified Communications (UC) environments. Its goal is to deliver high performance, reliability and scalability in a modern, intuitive user interface. The distribution's main features include built-in data integrity and resilience, geo-redundancy for disaster preparedness, user-friendly management, and support for modern virtualization technologies. Bicom SERVERware can be used as a standalone server, as a mirror for enhanced redundancy via real-time mirrored storage, or as a cluster.

Version:next-20260430 (linux-next) Released:2026-04-30

Obarun is an Arch-based Linux distribution featuring the S6 init software in place of systemd. It provides a live disc featuring the JWM graphical interface. Utilities, such as pacopts, are included for working with Arch's repositories, including the Arch User Repository (AUR).

Version:5.10.254 (longterm) Released:2026-04-30 Source:linux-5.10.254.tar.xz PGP Signature:linux-5.10.254.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-5.10.254

Version:5.15.204 (longterm) Released:2026-04-30 Source:linux-5.15.204.tar.xz PGP Signature:linux-5.15.204.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-5.15.204

Version:6.1.170 (longterm) Released:2026-04-30 Source:linux-6.1.170.tar.xz PGP Signature:linux-6.1.170.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.1.170

Version:6.6.137 (longterm) Released:2026-04-30 Source:linux-6.6.137.tar.xz PGP Signature:linux-6.6.137.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.6.137

Version:6.12.85 (longterm) Released:2026-04-30 Source:linux-6.12.85.tar.xz PGP Signature:linux-6.12.85.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.12.85

Version:6.18.26 (longterm) Released:2026-04-30 Source:linux-6.18.26.tar.xz PGP Signature:linux-6.18.26.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.18.26

Version:7.0.3 (stable) Released:2026-04-30 Source:linux-7.0.3.tar.xz PGP Signature:linux-7.0.3.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-7.0.3

Bluestar Linux is a GNU/Linux distribution that is based on Arch Linux. The Bluestar distribution features up to date packages, a full range of desktop and multimedia software in the default installation and a live desktop DVD.

Inside this week's LWN.net Weekly Edition:

• Front: Famfs; Python packaging council; Zig concurrency; pages and folios; Strawberry music manager; 7.1 merge window.
• Briefs: GnuPG 2.5.19; Copy Fail; Plasma security; Fedora 44; Ubuntu 26.04; Niri 26.04; pip 26.1; RIP Seth Nickell; RIP Tomáš Kalibera; Quotes; ...
• Announcements: Newsletters, conferences, security updates, patches, and more.

Security analysis firm Xint has disclosed a security bug in the Linux kernel that allows for arbitrary 4-byte writes to the page cache, and which has been present since 2017. The vulnerability has been fixed in mainline kernels. A proof-of-concept script demonstrates how to use the flaw to corrupt a setuid binary, which works on multiple distributions, by requesting an AEAD-encrypted socket from user space and splicing a particular payload into it. A supplemental blog post gives more details about the discovery and remediation.

A core primitive underlying this bug is splice(): it transfers data between file descriptors and pipes without copying, passing page cache pages by reference. When a user splices a file into a pipe and then into an AF_ALG socket, the socket's input scatterlist holds direct references to the kernel's cached pages of that file. The pages are not duplicated; the scatterlist entries point at the same physical pages that back every read(), mmap(), and execve() of that file.

4MLinux is a miniature Linux distribution focusing on four capabilities: maintenance (as a system rescue live CD), multimedia (for playing video DVDs and other multimedia files), miniserver (using the inetd daemon), and mystery (providing several small Linux games). The distribution includes support for booting on UEFI-enabled machines.

Helwan Linux is an Arch-based Linux distribution designed for home, education and development use. Its "Home" flavour comes with the GNOME desktop, the "Edu" variant ships with Xfce and the "Dev" edition features the Cinnamon desktop together with a range of compilers and interpreters, including PHP and Rust. The project also produces a comprehensive "Distro Building" manual with a guide to the Archiso tool (for building custom Arch-based ISO images) and the Calamares system installer.

Vitalinux is a Linux distribution developed by the government of the Spanish autonomous community of Aragon and designed for educational centres. It is based on Xubuntu and uses the Xfce desktop environment. The distribution includes a custom-built client called Migasfree, an open-source software management utility used for installing and updating local software from a remote Migasfree server. Vitalinux is designed to be relatively lightweight and is optimised for ease of installation and use.