Page Inspect

Welcome to LWN.net \[LWN.net\]

LWN
.net News from the source

- **Content**
- Weekly Edition
- Archives
- Search
- Kernel
- Security
- Events calendar
- Unread comments
- * * *
- LWN FAQ
- Write for us

**User:**  **Password:**

|

|

**Log in** / **Subscribe** / **Register**

# Welcome to LWN.net

> LWN.net is a reader-supported news site dedicated to producing the best coverage from within the Linux and free software development communities. See the LWN FAQ for more information, and please consider subscribing to gain full access and support our activities.

## \[$\] Hot-page migration and specific-purpose NUMA nodes

\[Kernel\] Posted Nov 17, 2025 16:46 UTC (Mon) by corbet

For better or for worse, the NUMA node is the abstraction used by the kernel to keep track of different types of memory. How that abstraction is used, though, is still an active area of development. Two patch sets focused on this problem are currently under review; one addresses the perennial problem of promoting heavily used folios from slower to faster memory, while the other aims to improve the kernel's handling of nodes containing special memory installed for a specific purpose.

Full Story (comments: none)

## \[$\] A struct sockaddr sequel

\[Kernel\] Posted Nov 14, 2025 15:10 UTC (Fri) by corbet

One of the many objectives of the Linux Kernel Self-Protection Project (KSPP), which just completed ten years of work, is to ensure that all array references can be bounds-checked, even in the case of flexible array members, the size of which is not known at compile time. One of the most challenging flexible array members in the kernel is not even declared as such. Almost exactly one year ago, LWN looked at the effort to increase safety around the networking subsystem's heavily used sockaddr structure. One year later, Kees Cook is still looking for a way to bring this work to a close.

Full Story (comments: 11)

## \[$\] Another Fedora Flatpak discussion

\[Distributions\] Posted Nov 13, 2025 14:49 UTC (Thu) by jzb

Many distributions provide support out of the proverbial box for Flatpak packages, but Fedora is unusual in that it also provides, and defaults, to its own repository of Fedora-built Flatpaks. This has been a source of confusion for Fedora users, who expect to get the Flatpak built by the original developers and hosted on Flathub. It has also been a source of conflict with upstream projects, because users complain of bugs in Flatpak packages they are not responsible for. The situation has also frustrated some Fedora developers, who would prefer to put Flathub's offerings first. A new complaint that Fedora has apparently used manifests from Flathub to build the packages for Fedora—without giving credit to the original authors—has spurred discussions about Fedora's Flatpaks once again. While no concrete changes are on the table, yet, there may be some movement toward addressing persistent complaints.

Full Story (comments: 29)

## \[$\] LWN.net Weekly Edition for November 13, 2025
Posted Nov 13, 2025 1:04 UTC (Thu)

The LWN.net Weekly Edition for November 13, 2025 is available.

**Inside this week's LWN.net Weekly Edition**

- Front: FUSE performance; Magic kfuncs; Tails Linux; Direct I/O and modifying buffers; Working with bootable containers.
- Briefs: Kernel LLM policy; Firefox 145; FHS; Homebrew 5.0.0; Mastodon 4.5; Public-inbox 2.0.0; Pytest 9.0.0; Quote; ...
- Announcements: Newsletters, conferences, security updates, patches, and more.

Read more

## \[$\] The intersection of unstable pages and direct I/O

\[Kernel\] Posted Nov 12, 2025 15:51 UTC (Wed) by corbet

Longtime LWN readers will have encountered the concept of "stable pages" before; it was first covered here nearly 15 years ago. For the most part, the problem that stable pages were meant to solve — preventing errors when user space modifies a buffer that is under I/O — has been dealt with. But recent discussions show that there is one area where problems remain: direct I/O. There is some disagreement, though, over whether those problems are the result of user-space bugs and how much of a performance price should be paid to address them.

Full Story (comments: 24)

## \[$\] Protecting privacy with Tails

\[Distributions\] Posted Nov 11, 2025 15:04 UTC (Tue) by jzb

Tails is an unusual Linux distribution developed by the Tor Project; it is designed to help users work around internet censorship and avoid surveillance. It is a "portable" operating system that is meant to be run from a USB stick or ISO image and to leave no trace on the computer it was run on. Tails routes connections to the internet over the Tor network and includes a selection of applications and tools suited to working with sensitive documents, communicating securely, and preserving users' anonymity. The tradeoff, of course, is that Tails is less convenient and requires users to learn a new set of tools to avoid compromising their own security and anonymity. Tails 7.1 was released in October, and it seemed like as good a time as any to take it for a spin.

Full Story (comments: 5)

## \[$\] Magic kernel functions for BPF

\[Kernel\] Posted Nov 10, 2025 15:04 UTC (Mon) by daroc

When programs written in BPF (the kernel's hot-loadable virtual-machine bytecode) call kernel functions (kfuncs), it may be useful for those functions to have additional information about the context in which those BPF programs are executing. Rather than requiring it to supply that information, it would be convenient to let the BPF verifier pass that information to the called function automatically. That is already possible, but a recent patch set from Ihor Solodrai would make it more ergonomic. It allows kernel developers to specify that a kfunc should be passed additional parameters inferred by the verifier, invisibly to the BPF program. The discussion included concerns that Solodrai's implementation was unnecessarily complex, however.

Full Story (comments: none)

## \[$\] Bootc for workstation use

\[Development\] Posted Nov 7, 2025 16:32 UTC (Fri) by pbrezina

The bootc project allows users to create a bootable Linux system image using the container tooling that many developers are already familiar with. It is an evolution of OSTree (now called libostree), which is used to create Fedora Silverblue and other image-based distributions. While creating custom images is still a job for experts, the container technology simplifies delivering heavily customized images to non-technical users.

Full Story (comments: 14)

## \[$\] Toward fast, containerized, user-space filesystems

\[Kernel\] Posted Nov 6, 2025 15:22 UTC (Thu) by corbet

Filesystems are complex and performance-sensitive beasts. They can also present security concerns. Microkernel-based systems have long pushed filesystems into separate processes in order to contain any vulnerabilities that may be found there. Linux can do the same with the Filesystem in Userspace (FUSE) subsystem, but using FUSE brings a significant performance penalty. Darrick Wong is working on ways to eliminate that penalty, and he has a massive patch set showing how ext4 filesystems can be safely implemented in user space by unprivileged processes with good performance. This work has the potential to radically change how filesystems are managed on Linux systems.

Full Story (comments: 33)

## LWN.net Weekly Edition for November 6, 2025
Posted Nov 6, 2025 0:14 UTC (Thu)

The LWN.net Weekly Edition for November 6, 2025 is available.

**Inside this week's LWN.net Weekly Edition**

- Front: Python thread safety; Namespace reference counting; Merigraf; Speeding up short reads; Julia 1.12; systemd security.
- Briefs: CHERIoT 1.0; Chromium XSLT; Arm KASLR; Bazzite; Devuan 6.0; Incus 6.18; LXQt 2.3.0; Rust 1.91.0; Quotes; ...
- Announcements: Newsletters, conferences, security updates, patches, and more.

Read more

## Git 2.52.0 released

\[Development\] Posted Nov 17, 2025 19:55 UTC (Mon) by corbet

Version 2.52.0 of the Git source-code management system has been released. Changes include a new last-modified command to find the closest ancestor commit that touched one or more paths, a couple of git refs improvements, a new git repo command for obtaining information about the repository itself, and more. See the announcement and this GitHub blog entry for more information.

Comments (none posted)

## Josefsson: Introducing the Debian Libre Live Images

\[Distributions\] Posted Nov 17, 2025 15:07 UTC (Mon) by jzb

Debian developer Simon Josefsson has announced the Debian Libre Live Images project, to allow installing Debian without any non-free software:

> Since the 2022 decision on non-free firmware, the official images for bookworm and trixie contains non-free software.
>
> The Debian Libre Live Images project provides Live ISO images for Intel/AMD-compatible 64-bit x86 CPUs (amd64) built without any non-free software, suitable for running and installing Debian. The images are similar to the Debian Live Images distributed as Debian live images.

He does warn that this is a first public release, so there may be problems. See the current list of known issues before trying the images out.

Comments (none posted)

## Security updates for Monday

\[Security\] Posted Nov 17, 2025 14:23 UTC (Mon) by jzb

Security updates have been issued by **Debian** (gst-plugins-base1.0, lasso, and thunderbird), **Fedora** (bind9-next, chromium, containerd, fvwm3, luksmeta, opentofu, python-pdfminer, python-uv-build, ruff, rust-get-size-derive2, rust-get-size2, rust-regex, rust-regex-automata, rust-reqsign, rust-reqsign-aws-v4, rust-reqsign-command-execute-tokio, rust-reqsign-core, rust-reqsign-file-read-tokio, rust-reqsign-http-send-reqwest, suricata, uv, and xmedcon), **Mageia** (apache-commons-beanutils, apache-commons-fileupload, apache-commons-lang, botan2, python-django, spdlog, stardict, webkit2, and yelp-xsl), **Slackware** (xpdf), and **SUSE** (bind, chromedriver, firefox, kernel, libxml2, and openssh).

Full Story (comments: none)

## Kernel prepatch 6.18-rc6

\[Kernel\] Posted Nov 17, 2025 0:34 UTC (Mon) by corbet

Linus has released 6.18-rc6 for testing. "So we have a slightly larger rc6 than usual, but I think it's just the random noise and a result of pull request timings rather than due to any issues with the release. But I guess we have a couple of weeks remaining to find out."

Comments (none posted)

## Security updates for Friday

\[Security\] Posted Nov 14, 2025 14:09 UTC (Fri) by jzb

Security updates have been issued by **Debian** (keystone and lxd), **Fedora** (docker-buildkit, firefox, gh, gitleaks, lasso, runc, and seamonkey), **Mageia** (perl-Authen-SASL, perl-Cpanel-JSON-XS, perl-Crypt-OpenSSL-RSA, perl-JSON-XS, python-flask-cors, python-py, python-setuptools, and ruby), **Oracle** (java-1.8.0-openjdk), **SUSE** (binutils, cargo-packaging, rust-bindgen, chromium, go-sendxmpp, helm, lasso, libxml2, openssh, openssh8.4, python-Django, python-Scrapy-doc, python311-Brotli, squid, tomcat10, and weblate), and **Ubuntu** (linux-nvidia-6.8, linux-oracle, linux-oracle-6.8 and linux-xilinx-zynqmp).

Full Story (comments: none)

## Two new stable kernels

\[Kernel\] Posted Nov 13, 2025 22:20 UTC (Thu) by jzb

Greg Kroah-Hartman has announced the release of the 6.17.8 and 6.12.58 stable kernels. Each contains an important set of fixes. Users are advised to upgrade.

Comments (none posted)

## Rust in Android: move fast and fix things (Google Security Blog)

\[Development\] Posted Nov 13, 2025 20:41 UTC (Thu) by corbet

The Google Security Blog has a new post on just how well the use of Rust is working out for the Android project.

> We adopted Rust for its security and are seeing a 1000x reduction in memory safety vulnerability density compared to Android's C and C++ code. But the biggest surprise was Rust's impact on software delivery. With Rust changes having a 4x lower rollback rate and spending 25% less time in code review, the safer path is now also the faster one.

Comments (62 posted)

## Privilege escalation in LightDM Greeter by KDE (SUSE Security Team Blog)

\[Security\] Posted Nov 13, 2025 18:43 UTC (Thu) by jzb

The SUSE Security Team has published an in-depth article on its findings after reviewing a D-Bus service contained in LightDM Greeter by KDE (the lightdm-kde-greeter package) for addition to openSUSE Tumbleweed. The team found a privilege escalation from the lightdm service user to root, as well as other attack vectors in the service:

> In agreement with upstream, we assigned CVE-2025-62876 to track the lightdm service user to root privilege escalation aspect described in this report. The severity of the issue is low, since it only affects defense-in-depth (if the lightdm service user were compromised) and the problematic logic can only be reached and exploited if triggered interactively by a privileged user.

The fixes are contained in the 6.0.4 release of the project.

Comments (none posted)

## Thunderbird 145 released

\[Development\] Posted Nov 13, 2025 18:21 UTC (Thu) by jzb

Version 145 of the Thunderbird email client has been released. Notable changes in this release include enabling DNS over HTTPS, support for Microsoft Exchange via Exchange Web Services, and quite a few bug fixes. As of 145, the project is no longer shipping 32-bit binaries for Linux on x86.

Comments (9 posted)

## Security updates for Thursday

\[Security\] Posted Nov 13, 2025 14:07 UTC (Thu) by jzb

Security updates have been issued by **Debian** (chromium and firefox-esr), **Fedora** (firefox, rubygem-rack, skopeo, and webkitgtk), **Mageia** (perl, perl-CPAN, perl-HTTP-Tiny, perl-Data-Entropy, perl-FCGI, perl-File-Find-Rule, perl-YAML-LibYAML, python-tornado, python-urllib3, python-pip, python3, and unbound), **Oracle** (ipa and kernel), **Red Hat** (container-tools:rhel8, krb5, openssl, pcs, podman, and runc), **Slackware** (mozilla), **SUSE** (binutils, kernel, netty, netty-tcnative, podman, python311-pdfminer, and tomcat11), and **Ubuntu** (bind9 and linux-aws-6.8).

Full Story (comments: none)

\--> More news items



Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds