LWN.net

Greg Kroah-Hartman has written an overview of how the kernel's security team works . The members of the security team contain a handful of core kernel developers that have experience dealing with security bugs, and represent different major subsystems of the kernel. They do this work as individuals, and specifically can NOT tell their employer, or anyone else, anything that is discussed on the security alias before it is resolved. This arrangement has allowed the kernel security team to remain …

Greg Kroah-Hartman has announced the release of the 6.18.3 stable kernel. As always, this update contains important fixes; users of this kernel are advised to upgrade.

Version 4.19.0 of the shadow-utils project has been released. Notable changes in this release include disallowing some usernames that were previously accepted with the --badname option, and removing support for escaped newlines in configuration files. Possibly more interesting is the announcement that the project is deprecating a number of programs, hashing algorithms, and the ability to periodically expire passwords: Scientific research shows that periodic password expiration leads to predicta…

Daniel Stenberg has written a blog post about the decision to ban the use strcpy() in curl: The main challenge with strcpy is that when using it we do not specify the length of the target buffer nor of the source string. [...] To make sure that the size checks cannot be separated from the copy itself we introduced a string copy replacement function the other day that takes the target buffer , target size , source buffer and source string length as arguments and only if the copy can be made and …

Security updates have been issued by Debian (openjpeg2, osslsigncode, php-dompdf, and python-django), Fedora (fluidsynth, golang-github-alecthomas-chroma-2, golang-github-evanw-esbuild, golang-github-jwt-5, and opentofu), Mageia (ceph and ruby-rack), and SUSE (anubis, apache2-mod_auth_openidc, dpdk22, kernel, libpng16, and python311-openapi-core).

Nate Graham looks back at how 2025 went for the KDE project. Today Plasma is the default desktop environment in a bunch of the hottest new gaming-focused distros, including Bazzite, CachyOS, Garuda, Nobara, and of course SteamOS on Valve's gaming devices. Fedora's Plasma edition was also promoted to co-equal status with the GNOME edition, and Asahi Linux — the single practical option for Linux on newer Macs — only supports KDE Plasma. Parrot Linux recently switched to Plasma by default, too. An…

Security updates have been issued by Debian (kodi, pgbouncer, and rails), Fedora (duc, fluidsynth, gdu, singularity-ce, and tkimg), Slackware (vim), and SUSE (buildah, duc, gnutls, python39, qemu, and webkit2gtk3).

Linus has released 6.19-rc3 for testing. " Another week, another -rc release. Except the past week has obviously been the holiday week, and this rc release is pretty small as a result. Very much as expected. "

Graphite is an effort to unify illustration, raster editing, desktop publishing, and animation in one browser-based application. The project has been in development since 2020 and announced its first alpha release in 2022. According to creator Keavon Chambers , the project's mission is to become " the 2D counterpart to Blender ", by bringing a node-based, non-destructive workflow to 2D graphics. The project, currently still in alpha, is a long way from complete; but it is worth testing for anyo…

Security updates have been issued by Debian (gst-plugins-good1.0, postgresql-13, and python-urllib3), Fedora (chezmoi, docker-buildkit, ov, and subfinder), Oracle (httpd:2.4), Slackware (net), and SUSE (apache2, buildah, kernel, and mariadb).

The judge in the Vizio GPL-compliance lawsuit has ruled, in a summary judgment , that the GNU General Public License, version 2, does not require the provision of signing keys needed to install modified software on a device. Read as a whole, the Agreements require Vizio to make the source code available in such a manner that the source code can be readily obtained and modified by Plaintiff or other third parties. While source code is defined to include "the scripts used to control compilation a…

Once again there is a brand-new release under the tree from the Ruby programming-language project: Ruby 4.0 has been released with many new features and improvements. Notable changes include the experimental Ruby Box feature for in-process isolation of classes and modules, a new just-in-time compiler called ZJIT, and improvements to Ruby's parallel-execution mechanism (Ractor). There are a number of language changes as well. See the documentation for Ruby 4.0 for more.

Security updates have been issued by Fedora (httpd, retroarch, and roundcubemail), Oracle (container-tools:rhel8, grafana, httpd, kernel, python3.12, python39:3.9, thunderbird, and uek-kernel), and SUSE (cheat, go-sendxmpp, and kernel).

Security updates have been issued by AlmaLinux (container-tools:rhel8, grafana, opentelemetry-collector, and thunderbird), Red Hat (kernel), and SUSE (cheat, libsoup, mariadb, mozjs52, python310, python315, qemu, rsync, and zk).