Feed aggregator

The SUSE Security Team has published an article detailing several security issues it has uncovered with GNU Screen. This includes a local root exploit when Screen is shipped setuid-root, as it is in some Linux and BSD distributions. The security team also reports problems in coordinating disclosure with the upstream Screen project.

We are not satisfied with how this coordinated disclosure developed, and we will try to be more attentive to such problematic situations early on in the future. This experience also sheds light on the overall situation of Screen upstream. It looks like it suffers from a lack of manpower and expertise, which is worrying for such a widespread open source utility. We hope this publication can help to draw attention to this and to improve this situation in the future.

The article includes a table of operating systems, screen versions, and which vulnerabilities they may be affected by.

The Guix project has announced that it is migrating all of its Git repositories, as well as bug tracking and patch tracking, from Savannah to the Codeberg Git forge.

As a user, the main change is that your channels.scm configuration files, if they refer to the git.savannah.gnu.org URL, should be changed to refer to https://codeberg.org/guix/guix.git once migration is complete. But don't worry: guix pull will tell you if/when you need to update your config files and the old URL will remain a mirror for at least a year anyway.

The motivation for the move, which is spelled out in a Guix Consensus Document (GCD), is to improve the contribution experience and improve quality assurance efforts. Migration of Git repositories should be completed by June 7, though they will continue to be mirrored on Savannah until "at least" May 2026. LWN covered Guix in February 2024.

The announcement of the openSUSE Leap 16.0 beta contained something of a surprise—along with the usual set of changes and updates, it informed the community of the retirement of "the traditional YaST stack" from Leap. The YaST ("Yet another Setup Tool") installation and configuration utility has been a core part of the openSUSE distribution since its inception in 2005, and part of SUSE Linux since 1996. It will not, immediately, be removed from the openSUSE Tumbleweed rolling-release distribution, but its future is uncertain and its fate is up to the larger community to decide.

Security updates have been issued by Debian (libbson-xs-perl, postgresql-13, redis, and simplesamlphp), Fedora (chromium, deluge, epiphany, golang-github-nats-io-nkeys, libxmp, nodejs22, perl-Compress-Raw-Lzma, php-adodb, python-h11, and xz), Gentoo (firefox, NVIDIA Drivers, Orc, PAM, and thunderbird), Mageia (libreoffice, python-django, and transfig), Red Hat (emacs, firefox, python39:3.9, and thunderbird), SUSE (bird3, freetype2, ldap-proxy, libmosquitto1, and ruby3.4-rubygem-rack), and Ubuntu (linux, linux-aws, linux-kvm, linux-aws, and linux-fips).

Version:next-20250512 (linux-next) Released:2025-05-12

Linus has released 6.15-rc6 for testing.

Everything still looks fairly normal - we've got a bit more commits than we did in rc5, which isn't the trend I want to see as the release progresses, but the difference isn't all that big and it feels more like just the normal noise in timing fluctuation in pull requests of fixes than any real signal.

So I won't worry about it. We've got another two weeks to go in the normal release schedule, and it still feels like everything is on track.

Version:6.15-rc6 (mainline) Released:2025-05-11 Source:linux-6.15-rc6.tar.gz Patch:full (incremental)

Wine 10.7 is out now, featuring user fault fd support, float format conversion updates, PDB backend work, and 14 bug fixes.

The post Wine 10.7 Released with Improved Write Watch Performance appeared first on Linux Today.

FreeBSD evidently found last year’s Community Survey so useful that they’re turning it into an annual event.

The post FreeBSD Wants to Know a Few Things appeared first on Linux Today.

A notorious cybercrime group, Outlaw (also known as “Dota”), has ramped up its global operations, with a primary focus on exploiting Linux systems.

This group has been leveraging weak or default SSH credentials to deploy a Perl-based cryptocurrency mining botnet on compromised Linux servers.

The post Outlaw Cybergang Launches Global Attacks Targeting Linux Servers appeared first on Linux Today.

Based on the next-generation solutions from SUSE called Adaptable Linux Platform (ALP) and powered by Linux kernel 6.12 LTS, openSUSE Leap 16 is designed to offer users a balanced operating system that includes cutting-edge software on top of a traditional Linux-based operating system and uses the new Agama installer.

The post openSUSE Leap 16 Enters Public Beta Testing with Agama Installer, Linux 6.12 LTS appeared first on Linux Today.

Those of us who have spent our lives playing with computers naturally see the appeal of deploying them though the home for both data acquisition and automation. But many of us who have watched the evolution of the technology industry are increasingly unwilling to entrust critical household functions to cloud-based servers run by companies that may not have our best interests at heart. The Apache-licensed Home Assistant project offers a welcome alternative: locally controlled automation with free software. This two-part series covers roughly a year of Home Assistant use, starting with a set of overall observations about the project.

Lance Albertson writes that the Oregon State University Open Source Lab has been funded for the next year, following his announcement in April that the future of OSL was in jeopardy. OSL is now focusing on becoming self-sustainable long term.

The recent support was amazing for our immediate team needs. But for the OSL to thrive long-term, we need a sustainable financial foundation. This is crucial, as the university expects units like ours to become self-sufficient beyond this current year.

So, our big focus this next year is locking in ongoing support – think annualized pledges, different kinds of regular income, and other recurring help. This is vital, especially with potential new data center costs and hardware needs. Getting this right means we can stop worrying about short-term funding and plan for the future: investing in our tech and people, growing our awesome student programs, and serving the FOSS community. We're looking for partners, big and small, who get why foundational open source infrastructure matters and want to help us build this sustainable future together.

Greg Kroah-Hartman has announced the release of the 6.14.6, 6.12.28, 6.6.90, 6.1.138, and 5.15.182 stable kernel versions.

LibreOffice 25.2.3 is here a little over a month after LibreOffice 25.2.2 to address various bugs, crashes, and other annoyances reported by users in an attempt to improve the overall stability and reliability of this popular open-source, free, and cross-platform office suite.

The post LibreOffice 25.2.3 Office Suite Is Now Available for Download with 68 Bug Fixes appeared first on Linux Today.

When working with Unix-like systems, it’s important to understand the role of different configuration files that influence the shell’s behavior.

Two critical files for Bash users are bashrc and bash_profile. Although they might seem similar at first glance, they are loaded under different circumstances and serve distinct purposes.

Knowing when and how these files are used can help you configure your environment more efficiently, customize your prompt, set aliases, and automate certain tasks when you log in or open a new terminal session.

The post Understanding the Difference Between bashrc and bash_profile appeared first on Linux Today.

Arriving a little over four months after 4MLinux 47.0, the 4MLinux 48.0 release features support for new apps and components, including the Kino IEEE 1394 DV non-linear video editor, the VVenC H.266/VVC encoder, FreeTube YouTube client, and the Bristol emulator for synthesizers, electric pianos, and organs.

The post 4MLinux 48.0 Is Now Available for Download, Powered by Linux Kernel 6.12 LTS appeared first on Linux Today.

Security updates have been issued by Debian (fossil, libapache2-mod-auth-openidc, and request-tracker4), Fedora (thunderbird), Mageia (firefox and thunderbird), SUSE (389-ds, apparmor, cargo-c, chromium, go1.24, govulncheck-vulndb, java-1_8_0-openjdk, kanidm, libsoup, mozjs102, openssl-1_1, openssl-3, python-Django, sccache, tealdeer, tomcat, transfig, wasm-bindgen, and wireshark), and Ubuntu (libreoffice and python-h11).

Kali Linux users must manually install a new archive signing key after the previous one was lost, impacting system updates until resolved.

The post Urgent Update: Kali Linux Users Must Manually Install New Repository Key appeared first on Linux Today.

This roundup focuses on Linux software that let you track artificial satellites from your Linux terminal and desktop.

The post 10 Best Free and Open Source Linux Satellite Tools appeared first on Linux Today.