(more Linux news in original post)

VKD3D-Proton 3.0.1 brings many Linux gaming enhancements for Direct3D 12 via Vulkan:
https://www.gamingonlinux.com/2026/05/vkd3d-proton-3-0-1-brings-many-linux-gaming-enhancements-for-direct3d-12-via-vulkan/

D7VK 1.9 brings 2D upgrades for classic Direct3D games on Linux:
https://www.gamingonlinux.com/2026/05/d7vk-1-9-brings-2d-upgrades-for-classic-direct3d-games-on-linux/

Proton Experimental gets fixes for Rocket League, Crimson Desert, Helldivers 2 and more:
https://www.gamingonlinux.com/2026/05/proton-experimental-gets-fixes-for-rocket-league-crimson-desert-helldivers-2-and-more/

Goverlay 1.8.1 Update Fixes Missing Icons and Adds a Clear Configuration Button:
https://www.linuxcompatible.org/story/goverlay-181-released/

TUXEDO BM 15 Is an Upgradable Business Linux Laptop with Smartcard and 4G LTE:
https://9to5linux.com/tuxedo-bm-15-is-an-upgradable-business-linux-laptop-with-smartcard-and-4g-lte

Fish shell 4.7 refines interactivity, shell history, UI consistency, completions, and more:
https://alternativeto.net/news/2026/5/fish-shell-4-7-refines-interactivity-shell-history-ui-consistency-completions-and-more/

Mesa 26.1 Open-Source Graphics Stack Officially Released, Here’s What’s New:
https://9to5linux.com/mesa-26-1-open-source-graphics-stack-officially-released-heres-whats-new

Dirty Frag Linux Kernel Flaw Allows Local Privilege Escalation, Patch Now:
https://9to5linux.com/dirty-frag-linux-kernel-flaw-allows-local-privilege-escalation-patch-now

Linux Liquorix Kernel 7.0-5 Brings Faster Responsiveness to Linux Desktops and Gaming Rigs:
https://www.linuxcompatible.org/story/liquorix-linux-kernel-705-released/

Linux Kernel Update Fixes Networking Bug in Versions 5.15.206 and 6.1.172:
https://www.linuxcompatible.org/story/linux-kernel-515206-and-61172-released/

Flatpak 1.17.7 released:
https://github.com/flatpak/flatpak/releases/tag/1.17.7

(FOSS news in comments)

#WeeklyNews #News #Linux #LinuxNews #VKD3D #D7VK #ProtonExperimental #Goverlay #TUXEDO #LinuxLaptop #FishShell #Mesa #DirtyFrag #LinuxKernel #Security #LiquorixKernel #Flatpak #LinuxGaming #FosseryTech

This week's Linux and FOSS news:

LINUX NEWS

Rocky Linux rejects age attestation/verification:
https://rockylinux.org/news/rocky-linux-and-age-verification
(One month late to include this but better later than never I guess)

Arch-Based Omarchy 3.7 Released with Steam, RetroArch, Lutris, and Heroic Launcher:
https://linuxiac.com/arch-based-omarchy-3-7-released-with-steam-retroarch-lutris-and-heroic-launcher/

Ubuntu’s app permission prompting has got a lot better:
https://www.omgubuntu.co.uk/2026/05/ubuntu-snap-prompting-client-improved

Manjaro 26.1 preview brings new parental controls and GNOME 50 upgrades:
https://alternativeto.net/news/2026/5/manjaro-26-1-preview-brings-new-parental-controls-and-gnome-50-upgrades/

OpenSUSE Tumbleweed brings Linux kernel 7.0, GNOME 50, and critical security fixes:
https://alternativeto.net/news/2026/5/opensuse-tumbleweed-brings-linux-kernel-7-0-gnome-50-and-critical-security-fixes/

AlmaLinux 10.2 Beta "Lavender Lion" Now Available with Python 3.14, New DBs, and Legacy 32-bit Support:
https://www.linuxcompatible.org/story/almalinux-102-beta-released/

Parrot 7.2 Is Now Officially Available for Download with “Copy Fail” Patch:
https://9to5linux.com/parrot-7-2-is-now-officially-available-for-download-with-copy-fail-patch

KDE's New CSS-Based Style Engine Union Is Coming to KDE Plasma 6.7:
https://9to5linux.com/kdes-new-css-based-style-engine-union-is-coming-to-kde-plasma-6-7

KDE Plasma 6.7 Development Update: HDR Profiles, AMD Backlight Fix, and GPU Tweaks:
https://www.linuxcompatible.org/story/kde-plasma-67-development-update-hdr-profiles-amd-backlight-fix-and-gpu-tweaks/

KDE Frameworks 6.26 Improves Support for Kirigami and QtQuick-Based Apps:
https://9to5linux.com/kde-frameworks-6-26-improves-support-for-kirigami-and-qtquick-based-apps

KDE Gear 26.04.1 Is Out with More Improvements for Your Favorite KDE Apps:
https://9to5linux.com/kde-gear-26-04-1-is-out-with-more-improvements-for-your-favorite-kde-apps

Ubuntu’s old Unity desktop remade in Wayfire and Libadwaita:
https://www.omgubuntu.co.uk/2026/05/ubuntu-unity-desktop-wayfire-recreation

COSMIC 1.0.12 Desktop Brings Improvements to Files, Terminal, and More:
https://9to5linux.com/cosmic-1-0-12-desktop-brings-improvements-to-files-terminal-and-more

Hyprland 0.55 is here and you don't want to miss it!:
https://hypr.land/news/update55/

Ubuntu Touch OTA 1.3 Improves Handling of Desktop Apps on Lomiri and Fixes Bugs:
https://9to5linux.com/ubuntu-touch-ota-1-3-improves-handling-of-desktop-apps-on-lomiri-and-fixes-bugs

gThumb is barely recognisable in its GTK4/libadwaita port:
https://www.omgubuntu.co.uk/2026/05/gthumb-gtk4-port-redesign

Shelly 2.2.4 Arch Linux GUI Package Manager Brings Smarter Fuzzy Search:
https://9to5linux.com/shelly-2-2-4-arch-linux-gui-package-manager-brings-smarter-fuzzy-search

Nocturne Is The Latest Music Player For GNOME To Hit v1.0:
https://www.phoronix.com/news/Nocturne-1.0-GNOME-Music

(more Linux and FOSS news in comments)

#WeeklyNews #News #Linux #LinuxNews #RockyLinux #Omarchy #Ubuntu #Manjaro #OpenSUSE #AlmaLinux #ParrotOS #KDE #COSMIC #HyprLand #FosseryTech

Mit diesen #Tools holst du ALLES aus deinem #Linux- #Rechner!

7 Geheimtipps damit du das BESTE aus deinem #Linux- #GAMING-PC raus holst!

#Kaitos #LinuxWelt

@tuxflux

https://m.youtube.com/watch?v=w8yvVDTAagY

I just noticed something in #Linux that is, I'm sure, totally obvious to experts but that I didn't know.

If you sudo apt update/upgrade, then you don't have do updates in the Software centre that require a reboot.

#FOSS #FLOSS #OpenSource #Linux #Debian #Gnome

Anyone else here so worried about #DirtyFrag that they feel they can't use their Linux computers until it's fixed?
Is that rational do you think or am I just being paranoid?

When #CopyFail came out I made sure to update the kernel immediately.

#Linux #cybersecurity

https://www.tiktok.com/t/ZTkcMPekN/

#Microsoft #Windows #Linux

The open source Linux kernel is dominated by major corporations.

Authors of some Linux kernel updates, that make #CopyFail and #DirtyFrag exploits possible, were paid employees of:

Red Hat - bought by IBM for $34 billion

Google - world’s largest search engine and digital advertising business

secunet - Germany’s largest cybersecurity company

atsec - global company that tests whether high‑security computer systems are actually secure

#RedHat #Google #IBM #Linux

RustDesk is a free, open-source remote desktop tool you can self-host.

It supports remote control, file transfer, TCP tunneling, and cross-platform access, without depending entirely on proprietary remote desktop services.

With self-hosted relay servers, you keep more control over your connections and data.

More details: https://digitalescapetools.com/tools/tool.html?id=rustdesk

#OpenSource #Privacy #SelfHosted #RemoteDesktop #Linux #RustDesk

Alt...

A remote session viewing a macOS login screen with a scenic mountain wallpaper. A floating toolbar at the top provides quick access to settings like pinning, display options, and recording.

Alt...

The RustDesk desktop client dashboard. It shows "Your Desktop" ID on the left and a grid of saved remote connections on the right, labeled with OS icons (Linux, Mac, Android) and custom tags like "Build Server" and "Home."

Alt...

The RustDesk Console web interface showing an address book. A table lists managed devices with their IDs, aliases (e.g., "HappyValley," "Canberra"), passwords, and color-coded tags.

Alt...

The configuration screen for creating custom RustDesk clients. It shows options for Windows, macOS, Linux, and Android, with settings for custom server hosts, API keys, and visual branding.

A special guest post by one of the Privacy Kids!

Droidian is an awesome system that runs quite smoothly with occasional crashes and occasional discrepancies.

https://theprivacydad.com/droidian-an-awesome-phone-os-for-patient-people-guest-post/

#linuxonmobile #hightide #flare #droidian #linux #privacy #foss

@linuxphoneapps @droidian @schmiddionmobile @Nokse @82mhz

Just spent close to an hour explaining to grown men and women that using a VPS which is owned by others or a company to host your services is not truly self-hosting.

Hosting your own server is the first and crucial part of 'self-hosting.'

If you do not own your servers, you are a tenant in someone else's server infra.

#selfhosted #vps #linux #technology

Ubuntu Touch 24.04-1.3 a sosit — și UBports privește deja spre viitor
https://penguinreviewslinux.blogspot.com/2026/05/ubuntu-touch-2404-13-sosit-si-ubports.html

#Linux #Ubuntu

Star Labs StarFighter: cel mai ambițios laptop Linux al companiei este acum disponibil
https://penguinreviewslinux.blogspot.com/2026/05/star-labs-starfighter-cel-mai-ambitios.html

#Linux

TUXEDO BM15 Gen1: laptopul de business Linux pe care îl poți repara singur
https://penguinreviewslinux.blogspot.com/2026/05/tuxedo-bm15-gen1-laptopul-de-business.html

#Linux

A kernel bug sat in plain sight for 8 years. AI found it in an hour.

Wrong takeaway: AI is making attackers faster.

Better takeaway: our security model assumes too much about patching.

Assume latent flaws exist.
Design around containment, isolation, and resilience.

AI isn’t changing vulnerability physics.
It’s exposing reality faster.

#CyberSecurity #Linux #AISecurity #SecurityEngineering

Dear hackers,

I am a Free Software instructor and systems programmer who loves internet techology, and dedicated to advancing open-source innovation through my own initiatives and community leadership. My work is not a job application—it is my profession and mission. I have taken on the role of Project Lead Developer and Systems Programmer within my own company, where I design, build, and teach Free Software systems that empower individuals and organizations.

At QB Networks, I lead a developer team focused on replacing proprietary solutions with Free Software, primarily through GNU Emacs and modular programming practices. My leadership extends to projects in artificial intelligence research, malware analysis, and game development. As Project Lead Developer of Procyberian Systems Distribution (PSD GNU/Linux, GNU/Hurd , GNU/BSDs especially FreeBSD, OpenBSD, NetBSD systems), I oversee cross-platform application development, kernel engineering, and community programming education. These responsibilities reflect my commitment to building sustainable, transparent, and collaborative ecosystems.

Beyond technical leadership, I contribute to community-driven initiatives such as the Linux® Türkiye Community, where I serve as Documentation Team Lead and also as Translation Team Lead. In this capacity, I coordinated Turkish localization efforts and took responsibility as reviewer for the DevOps LPI translation project, ensuring accuracy and accessibility for learners and professionals. These roles reinforced my dedication to empowering communities through education, translation, and Free Software advocacy.

My background in economics complements my technical expertise, allowing me to approach projects with both analytical and strategic perspectives. I am passionate about advancing the Free Software Movement and believe that my skills in systems programming, kernel engineering, and AI development are essential to building a freer, more secure digital future.

This is the work I have chosen, and it is the work I continue to lead. I welcome collaboration with those who share the vision of empowering communities through Free Software.

Best regards,
Mert Gör

#freesoftware #opensource #openness #GNU #Linux #BSD #Freebsd #OpenBSD #hurd

So muss der Bildschirm eines Servers aussehen.

Für Windows 11 war die Hardware zu alt. Neue SSD für ein pas Euro rein. Jetzt taugt die Maschine noch etliche Jahre als Homeserver. Spart Daten und Geld.

#Linux #ubuntu #unplugbigtech #EndOf10

Alt...

Login Bildschirm eines Ubuntu Server 26.04 ohne grafischen Schnischnack

Ui, der 7er #Linux #Kernel trudelt gerade bei #Fedora ein.

Ich finde das so grotesk, wie die Leute hier ihre #Linux Installpartys veranstalten und als große Aktion zur Digitalen Unabhängigkeit feilbieten, ganz so als seien die letzten 20 Jahre einfach gar nicht passiert. Als hätte es Smartphones nie gegeben. Als hätte es Facebook und WhatsApp nie gegeben.

Leute........ Ist das eigentlich Verzweiflung oder echte Inkompetenz? Oder was ist es?

Erklärt's mir bitte!!!

#dut #didit

Moving to Linux is all about control. Once you get your workflow right on #ArchLinux, everything else feels like a toy.

We’re bringing that same mindset to #Keepita. Your phone backups shouldn't be a "black box" controlled by big tech. Keep it open, keep it local. 🐧

Who else here is obsessed with digital sovereignty?

#Linux #ArchLinux #Keepita #Privacy #OpenSource #DigitalSovereignty

"Linux mascot Tux the penguin hits 30 years old — Linus Torvalds outlined the design of the 'slightly overweight penguin' on May 9, 1996"

"Linux mascot Tux the penguin was first conceptualized by Linus Torvalds on this day in 1996."

https://www.tomshardware.com/software/linux/linux-mascot-tux-the-penguin-hits-30-years-old-linus-torvalds-outlined-the-design-of-the-slightly-overweight-penguin-on-may-9-1996

#Linux

Yesterday at the @nluug I learned about podcasts provided by @hpr that covers topics for "hackers".

So check out to see if there is anything useful in there for you.

#infosec #opensource #linux

Last week I spent about 80% of my big-screen time in #LinuxMint. This week it’s been less than 50%. Bluetooth audio problems, audio problems in general, and scaling inconsistencies are unfortunately pushing me back towards a platform I don’t like, but which just works, which fundamentally is what I need.

I was expecting this to be honest.
#linux

There’s something special about a clean terminal and a fresh coffee on a system that just works the way you want it to.

Spent way too much time hopping distros, but Arch + KDE is where I finally settled. It’s nice not having to fight your own OS for once.

Anyone else rocking a custom setup? Drop a neofetch or a screenshot below, I’m looking for some fresh inspiration.

#ArchLinux #KDE #Linux #ShowYourDesktop #Ricing

🐧💿 #RedHat is the top #Linux #distro for #genocide.
https://web.archive.org/web/20260402155236/https://www.redhat.com/rhdc/managed-files/ve-compress-the-kill-cycle-detail-693397pr-202402-en_3.pdf

#CompressTheKillCycle #IBM #RedHatDeviceEdge #LockheedMartin #AI #USAirForce #warfighter #lethality #LinuxDistribution

Alt...

first page of the linked whitepaper, titled: "Compress the kill cycle with Red Hat Device Edge"

Davide Ornaghi and Giuseppe Caruso found a very interesting bug in #Linux's in-kernel Samba3 server from 6.12 to 6.19.x. Essentially, from the commit message and #CVE description:

> Currently, ksmbd does not verify if the user attempting to reconnect to a durable handle is the same user who originally opened the file. This allows any authenticated user to hijack an orphaned durable handle by predicting or brute-forcing the persistent ID.

Very interesting stuff! The kernel let's users resume their connection to an open file even after WiFi drops (durable handle), and a bug in this code let another authenticated user become this WiFi-dropped user, letting the hijacker access all files.

https://github.com/TurtleARM/CVE-2026-31717-KSMBD-Exploit

CVE-2026-31717

@mrmasterkeyboard @f4grx @projectanchorage yeah, I got build times of ~ 15min on an i7-6700k for #linux-6.6.6 @ i486 and a stripped-down version of #toybox.

Right now I try to replace #SYSLINUX with #mlb on @OS1337 so I don't waste >200 kB just on a #bootloader when all I have is 1440 kB…

It's jist that I don't get the quietness and time to do this properly…

#linux #beer #fixedgear #foldie #rnode #loRa #dodgers #baseball

Learn Linux with David

#Linux #Ubuntu #KaliLinux

@mrmasterkeyboard @f4grx @projectanchorage *pressing thumbs*

In terms of userland, you may want to take a look at #toybox when it comes to smol, tho that requires at least #i486 so propably not an option for you.

- Not shure if i486 is a hard requirement or if @landley didn't bother with #i386 as it was #EoL'd by #Linux.

@landley @mrmasterkeyboard @f4grx @projectanchorage good to know. I guess #i386 prebuilds are not done due to lack of demand, which is understandable given mainline #linux axed that before #toybox got released.

https://youtu.be/kRqyllM_QAM

#Linux #Alpine #gentoo #slackware #artix #Void

@thomasfuchs made me flashback to the NAS I made running reiserFS... #linux

*wants to see the help page for "reboot"
*types "reboot -h" 💁
*pc immediately reboots 😑
*tries again with "man reboot" 🤪

#Linux #Shell #manpage #fail

If you were thinking about switching from Debian/a Debian derivative, because you wanted to get away from LLMs/systemd, what would you switch to, particularly if you wanted the least amount of hassle? Other answers/reasons in comments if you like!

#Linux #NoAI

🚨 PH4NTXM News!

PH4NTXM has officially entered its most stable state so far.

After extensive restructuring, cleanup, testing, and internal improvements, the project has moved beyond its experimental phase and is now operating in a far more mature and reliable form.

For long-time followers of the project:
thank you for sticking around during the early development and experimental stages. The repository has evolved significantly since then.

For newcomers discovering PH4NTXM for the first time:
welcome. Now is a great time to explore the project, test it, review the architecture, and follow its development.

The repository now includes:
• improved structure
• cleaner documentation
• refined operational flow
• better modularity
• more consistent behavior across components
• extensive technical documentation

PH4NTXM now ships with more than 60 dedicated documentation files covering the environment in depth, explaining components, architecture, operational flow, usage, deployment, and system behavior step-by-step.

The goal is not only to provide tooling, but also to make the project understandable, transparent, and accessible to the open-source community.

PH4NTXM remains fully open-source and community-driven.

Feedback, testing, discussions, issue reports, and contributions are always welcome from anyone interested in privacy, operational security, hardened Linux environments, and defensive tooling.

The experimental era is over.

PH4NTXM is now entering its stable phase.

#ph4ntxm #linux #debian #os #live #privacy #security #opsec #infosec #research #tech #technology

Let's Encrypt just stopped the issuance of certificates after an "incident":

https://letsencrypt.status.io/pages/incident/55957a99e800baa4470002da/69fe2d6698ca07050eb4b1b3

If anyone encounters issues today with failed certificate renewals: It's probably not your setup.

#letsencrypt #itsec #devops #linux #security #tls

"Another major Linux security flaw revealed — 'Dirty Frag' allows root on all major distros, with no patch or fix available yet"

"A researcher shared their findings with Linux distro maintainers, but leaked before a patch was built."

https://www.techradar.com/pro/security/another-major-linux-security-flaw-revealed-dirty-frag-allows-root-on-all-major-distros-with-no-patch-or-fix-available-yet

#Linux

----------------

🎥 Video
===================

Opening: The announcement describes a free webinar titled “Digital Forensics: Basic Linux Analysis After Data Exfiltration — Hackers Arise” scheduled for February 13, 2026. The core narrative emphasizes that intrusions often present as an adversary already resident in an environment rather than beginning with an obvious malware drop.

Technical Details: The event framing indicates a focus on post-exfiltration Linux analysis. Topics implied by the title and tagline include identification of forensic artifacts left after data exfiltration, methods to examine Linux hosts for traces of adversary activity, and investigator-centric techniques for reconstructing actions when initial compromise is not observable. The announcement explicitly centers on the concept that adversaries can be present before any exploit or payload execution.

Analysis: Framing investigations around the “adversary-inside” perspective shifts attention to persistence mechanisms, lateral movement artifacts, evidence of data staging and egress, and gaps in audit/visibility that enable prolonged dwell time. While the announcement does not list IoCs or specific tools, it signals an emphasis on host-level evidence collection and reasoning about timelines and artifact correlation on Linux systems.

Detection: Although the source does not provide detection signatures, the webinar’s scope suggests discussion of detection opportunities such as anomalous outbound connections, unusual file access patterns, unexpected scheduled jobs or services, and forensic indicators in system logs and memory snapshots.

Implications for IR practitioners: The stated narrative reinforces the need to treat post-exfiltration analysis as a distinct investigative discipline with its own priorities—establishing a timeline, locating exfiltration vectors, and validating whether data staging or covert channels were used.

Limitations: The announcement is a webinar summary and does not publish technical IoCs, ATT&CK IDs, or tooling details. Attendees should expect conceptual framing and case-oriented walkthroughs rather than a repository of signatures.

References: Event title and date as published by the organizers: “Digital Forensics: Basic Linux Analysis After Data Exfiltration — Hackers Arise”, Feb 13, 2026.

🔹 digitalforensics #linux #incidentresponse #dataexfiltration #forensics

🔗 Source: https://hackers-arise.com/digital-forensics-basic-linux-analysis-after-data-exfiltration/

[$] Forgejo "carrot disclosure" raises security questions https://lwn.net/Articles/1071499/ #tech #linux

The main complaint about the Linux on the desktop was how ugly and inconsistent the GUI applications looked.

Looks like Mac and Windows devs are doing their best to have their platforms to be on par with Linux.

#linux

Holy Shit, this is awesome! #Linux on the #WHY2025 badge.

https://github.com/mrbreaker/why2025-linux

Screenshot from the GitHub

Alt...

Screenshot of the WHY2025 badge running linux, showing some directory listings

Something I've complained about when people deploy Linux kernel based OS's is so few people ever tune or customizes their kernels or their base distro's.

This used to be something old school sysadmins would do, as part of the basic security hygiene practice - "If you don't need it, don't include it", which applies to daemons , services and packages.

Kernel compilation is something that rarely seems to happen too..

Do you have hardware encryption capabilities you want things like wolfssl to use? Then sure use #AF_ALG . Anything else? Highly unlikely.

Are you running OpenSwan, or some other VPN or tunneling software that uses encapsulating tunnel options? No? Probably don't need ESP4/ESP6 modules.

Easy for me to call out sure, and i'm taking myself to task as well, since really at work, they don't want people deep diving and compiling kernels in many places. "Trust the vendor" where many mgmt types don't get it or care. "Apt/DNF update and carry on".

Funny because this the antithesis of their "resist patches, and updates" attitude towards software.

The number of mongodb 3.x db's out there because the dev hasn't updated the driver, or the number of npm warnings "this is vulnerable, don't use this" that are ignored are high.

#infosec #linux #copyfail #dirtyFrag #opinion

#Dirty #Frag: A new #Linux privilege escalation vulnerability is already in the wild
https://securityaffairs.com/191847/hacking/dirty-frag-a-new-linux-privilege-escalation-vulnerability-is-already-in-the-wild.html
#securityaffairs #hacking

#Linux kernel exploit mitigation:

rm -rf /boot /lib/modules && reboot

Will mitigate all exploits, not just #DirtyFrag 🧐☝️

Nouveaux kernels stables : 7.0.5 / 6.18.28 / 6.12.87 / 6.6.138

Ils embarquent un fix partiel pour #DirtyFrag (CVE-2026-43284) et Copy Fail 2.

Partiel, car Greg Kroah-Hartman a confirmé qu'un second patch est encore en développement et n'a pas encore été mergé.

La mitigation par blacklist des modules reste donc recommandée en attendant.
👇
https://lwn.net/Articles/1071775/

#Linux #Kernel #CyberVeille

variante peu sympa 👀
"Unprivileged Linux LPE via xfrm ESP-in-UDP MSG_SPLICE_PAGES no-COW fast path. Page-cache write into any readable file. Overwrites a nologin line in /etc/passwd with sick::0:0:...:/:/bin/bash and sus into it. Same class as Copy Fail (CVE-2026-31431), different subsystem."
⬇️
https://github.com/0xdeadbeefnetwork/Copy_Fail2-Electric_Boogaloo

#CyberVeille #Linux

Hm, neuerdings reagiert mein PC während der Boot-Phase, einschließlich GRUB, nicht mehr auf die Funkmaus oder Funktastatur.

Erst, wenn der Anmeldebildschirm von Kubuntu auftaucht, funktionieren Maus und Tastatur.

Bin mir nicht bewusst, im BIOS irgendetwas geändert zu haben.

Kennt jemensch das Phänomen?

Kubuntu 25.10

#Ubuntu #Linux #GRUB

[VULN] ⚠️ "Dirty Frag : cette faille zero-day donne les droits root sur Linux"

"Dirty Frag, c’est le nom de la nouvelle faille de sécurité critique qui affecte les machines Linux. Cette faille zero-day est similaire à Copy Fail puisqu’elle permet une élévation de privilèges en tant que root. Voici l’essentiel à savoir sur cette menace potentielle.

La vulnérabilité Dirty Frag a été découverte par le chercheur Hyunwoo Kim, qui avait initialement planifié une divulgation coordonnée pour le 12 mai 2026. Cependant, quelqu’un est parvenu à détecter des informations relatives à cette vulnérabilité, et donc tout a été publié en avance ce jeudi 7 mai 2026."

Hyunwoo Kim a pris la décision de publier tous les détails, notamment pour alerter la communauté : “Parce que l’embargo a été rompu, aucun correctif ni CVE n’existe pour ces vulnérabilités. Après consultation avec les mainteneurs de linux-distros@vs.openwall.org, et à la demande des mainteneurs, je publie publiquement ce document Dirty Frag.”."
👇
https://www.it-connect.fr/dirty-frag-cette-faille-zero-day-donne-les-droits-root-sur-linux/
⬇️
https://www.openwall.com/lists/oss-security/2026/05/07/8
👇
https://github.com/V4bel/dirtyfrag/blob/master/assets/write-up.md

💬
⬇️
https://infosec.pub/post/46121720

#CyberVeille #dirtyfrag #linux