Version:next-20260612 (linux-next)
Released:2026-06-12
Home Assistant OS (HAOS) is an independently-developed, Linux-based operating system optimised to run Home Assistant, an open-source home automation tool. It focuses on local control and privacy. HAOS uses Docker as its container engine and deploys Home Assistant Supervisor as a container. Home Assistant Supervisor in turn uses the Docker container engine to control Home Assistant Core and Apps in separate containers. The product is available for various single-board computers, like Raspberry Pi or ODROID, but it also supports x86-64 systems with UEFI boot mode.
Hundreds of orphaned packages hosted by the Arch User Repository (AUR) have
been compromised by an attacker who has added a malicious npm
package (atomic-lockfile) that can exfiltrate sensitive
data. The project is currently working
on cleaning up the mess. There is a list of affected packages
and post (possibly NSFW domain) by
"sodiboo" with additional information. Arch Linux users (or users of
Arch-based distributions) that use AUR packages may wish to see if they
have installed any of the compromised updates.
Security updates have been issued by AlmaLinux (.NET 10.0, .NET 8.0, .NET 9.0, bind, expat, httpd:2.4, kernel, kernel-rt, mod_http2, openssl, poppler, redis, redis:7, samba, and unbound), Debian (ironic, kernel-wedge, libinput, linux-base, and neutron), Fedora (kernel, openssl, vaultwarden, and vaultwarden-web), Mageia (erlang-hex_core, erlang-rebar3, gnupg2, and sqlite3), Red Hat (buildah, podman, and skopeo), SUSE (flannel, gdk-pixbuf-loader-libheif, gnutls, google-cloud-sap-agent, grafana, graphite2, hplip, libIex-3_4-33, libzypp, nginx, openssh, perl-DBI, perl-Git-Repository, perl-Protocol-HTTP2, python-Pygments, python-simpleeval, python311-Django4, rclone, roundcubemail, strongswan, tomcat10, tomcat11, unbound, and webkit2gtk3), and Ubuntu (apache2, dotnet8, dotnet9, dotnet10, gst-plugins-base1.0, ironic, linux-azure-5.15, linux-azure-fips, lwip, mistral, and ubuntu-kylin-software-center).
Qubes OS is a free and open-source, security-oriented operating system for single-user desktop computing. Qubes OS leverages Xen-based virtualization to allow for the creation and management of isolated compartments called qubes. These qubes are implemented as virtual machines (VMs). This allows each component of the operating system to be isolated from other pieces, preventing compromises from spreading or information from leaking.
Founded in 2014 by Oliver Pinter and Shawn Webb, HardenedBSD is a security-enhanced fork of FreeBSD. The HardenedBSD Project is implementing many exploit mitigation and security technologies on top of FreeBSD. The project started with Address Space Layout Randomization (ASLR) as an initial focal point and is now implementing further exploit mitigation techniques.
Version
6.0.0 of the Homebrew
package-management system has been released. Notable changes in this
release include the introduction of tap trust to improve
supply-chain security, improvements in sandboxing on Linux, a number
of performance tweaks, and many other changes.
See the changelog
for a full list. LWN covered Homebrew in
November 2025.
The Linux kernel has long tried to use huge pages as a way to improve
performance, sometimes with more success than others. The size of huge
pages has traditionally been imposed by the hardware, which typically only
offers a couple of relatively large options. In more recent times, though,
the use of multi-size transparent huge pages (mTHPs), with more flexible
sizing implemented in software, has been growing. If all goes well, the
7.2 development cycle will include the addition of
a new feature,
contributed by Nico Pache, to make the use of mTHPs even more transparent.
Version:next-20260611 (linux-next)
Released:2026-06-11
Security updates have been issued by AlmaLinux (.NET 10.0, .NET 8.0, .NET 9.0, podman, poppler, and postgresql-jdbc), Debian (chromium, jackson-core, libdbi-perl, and libinput), Fedora (httpd, rust, and xmlstarlet), Mageia (openssh, postfix, and roundcubemail), Oracle (frr, kernel, libyang, n, postgresql-jdbc, and unbound), Red Hat (.NET 10.0, .NET 8.0, .NET 9.0, redis, and redis:7), SUSE (agama-web-ui, cockpit, cosign, glibc, google-cloud-sap-agent, google-osconfig-agent, kanidm, kernel, kubernetes, kubernetes1.23, kubernetes1.24, kubernetes1.25, kubernetes1.27, kubernetes1.28, libpodofo-devel, libyang, NetworkManager-libreswan, openCryptoki, python311-pypdf, rclone, steampipe, wicked, and xen), and Ubuntu (exim4, libcrypt-saltedhash-perl, libhttp-daemon-perl, samba, and uriparser).
Proxmox is a commercial company offering specialised products based on Debian GNU/Linux, notably Proxmox Virtual Environment and Proxmox Mail Gateway. Proxmox Virtual Environment is an open-source virtualisation platform for running virtual appliances and virtual machines. Proxmox Mail Gateway is a mail gateway with anti-spam and anti-virus features. The products are offered as free downloads with paid-for support and subscription options.
Inside this week's LWN.net Weekly Edition:
- Front: Suspicious AI activity in Fedora; fork() + exec(); splice() + vmsplice(); BPF loop verification; fanotify; trusted publishing.
- Briefs: CA age bill; Bundler cooldowns; insecure code completion; Asahi and macOS 27 beta; Buildroot 2026.05; Ubuntu MATE; rsync 3.4.4; Quotes; ...
- Announcements: Newsletters, conferences, security updates, patches, and more.
Seth Larson, the Python Software Foundation's security
developer-in-residence, has written
about the difficulty in classifying insecure code completion in
the PyCharm IDE using
its Full
Line code completion plugin. Larson discovered that the plugin,
which uses a local "deep learning module" to offer code completions,
suggests code that would lead to severe vulnerabilities. He was unsure
whether it warranted a CVE or not, however:
I reported this behavior to JetBrains for "Full Line Code Completion" v253.29346.142
and clearly their support staff weren't certain whether this defect
was a security vulnerability or not either. When I asked to
publish a blog post about this behavior after they confirmed
this report wasn't a "direct security vulnerability" (which
I agree with) but then was asked not to publicize my report and referred to
PyCharm's Coordinated Disclosure Policy
so... which is it? Security vulnerability or not?
I ended up waiting the 90 days anyway and I didn't hear back with
any substantive update from the development team. I double-checked
again today using "Full Line Code Completion" v261.24374.152 and the
behavior is identical, suggesting the same insecure code for both
contexts.
This isn't meant to be a specific dig at PyCharm or JetBrains, I
have no-doubt that examples like this exist in every code generation
model available.
MODICIA O.S. is a Linux multimedia distribution designed primarily for musicians, graphic designers and video makers. It is based on Debian's "stable" branch, but uses the Cinnamon desktop and a recent Linux kernel. MODICIA O.S. comes with a set of carefully-selected, open-source multimedia software and tools, such as Audacity (audio editor), Brasero (disc-burning utility), Cheese (webcam application), Curlew (multimedia converter), GIMP (graphics editor), HandBrake (video transcoder), Kdenlive (video editor), MediaInfo (tool that provides technical data about media files), mpv (media player), Peek (animated GIF recorder), RawTherapee (photo processor), XnView (image viewer), and many others. The distribution also integrates the OnlyOffice software suite for general office tasks.
Version:next-20260610 (linux-next)
Released:2026-06-10
Agentic AI systems can be used to do a variety of things
autonomously on behalf of a human user: open or manage bugs, generate
code, submit pull-requests, and (apparently) even complain about
rejection. In May, a Fedora developer discovered that an allegedly
rogue agent had been pestering the project in a number of ways:
reassigning bugs, fabricating unhelpful replies to bugs, and even
persuading maintainers to merge questionable code into the Anaconda
installer. It also submitted a number of pull requests (PRs),
some accepted, to several upstream projects. The Fedora account
associated with the agent has had its group privileges revoked and the
messes have been mopped up, but the motive behind the agent's actions is still
a mystery.
Version
2026.05 of the Buildroot tool
has been released. Buildroot simplifies and automates the process of
building embedded Linux systems using cross-compilation. Notable
changes in this release include support for Arm Neoverse cores,
addition of XFS rootfs generation, as well as many package updates and
bug fixes. See the CHANGES
file for the full list.
Security updates have been issued by AlmaLinux (poppler), Debian (dnsmasq, mistral, okular, openssl, poppler, and strongswan), Fedora (exim, firefox, pcs, putty, and xorg-x11-server), Mageia (freeciv, golang-x-net, jq, libssh, libxmp, libxpm, minetest, ruby-net-ssh, tor, and wireshark), SUSE (389-ds, ack, agama-web-ui, amazon-ssm-agent, avahi, dpkg, elemental-register, elemental-system-agent, elemental-toolkit, ggml-devel-9500, go1.25, go1.26, kernel, kubernetes1.23, kubernetes1.24, kubernetes1.26, libsoup, mariadb, netty, netty-tcnative, NetworkManager, nginx, perl-CryptX, perl-XML-LibXML, podofo, polkit, python-Django, python-requests, samba, strongswan, vim, and xen), and Ubuntu (cyborg, gdk-pixbuf, golang-golang-x-net-dev, nginx, node-lodash, openssl, openssl, openssl1.0, qemu, tomcat9, tomcat10, and vim).
Alpine Linux is a community developed operating system designed for routers, firewalls, VPNs, VoIP boxes, containers, and servers. It was designed with security in mind; it has proactive security features like PaX and SSP that prevent security holes in the software to be exploited. The C library used is musl and the base tools are all in BusyBox. Those are normally found in embedded systems and are smaller than the tools found in GNU/Linux systems.
Chimo Linux is a desktop Linux distribution based on Debian's "Stable" branch and featuring a customised KDE Plasma desktop. It is meant as a general computing platform with a number of productivity software pre-installed. It also includes a custom Chimo AppBoutique with extra applications.
Pages
