Vue normale

Reçu — 8 mai 2026 LWN

More stable kernels with partial Dirty Frag fixes

✇LWN
Par : jzb
8 mai 2026 à 19:50

Greg Kroah-Hartman has released the 6.1.171, 5.15.205, and 5.10.255 stable kernels, quickly followed by 6.1.172 and 5.15.206 kernels. This is another round of stable kernels to provide fixes for one of the CVEs (CVE-2026-43284) assigned following the Dirty Frag and Copy Fail 2 security disclosures. There is not, yet, a stable kernel with a fix for CVE-2026-43500, though a patch to fix the second half is in the works.

[$] Forgejo "carrot disclosure" raises security questions

✇LWN
Par : jzb
8 mai 2026 à 16:30

An unusual, some might say hostile, approach to disclosing an alleged remote-code-execution (RCE) flaw in the Forgejo software-collaboration platform has sparked a multifaceted conversation. A so-called "carrot disclosure" in April has raised questions about the researcher's methods of unveiling a security problem, Forgejo's security policies, and the project's overall security posture.

killswitch for short-term emergency vulnerability mitigation

✇LWN
Par : corbet
8 mai 2026 à 13:36
It seems that we are in for an extended period of the disclosure of vulnerabilities before fixes become available. One possible way of coping with this flood might be the killswitch proposal from Sasha Levin. In short, killswitch can immediately disable access to specific functionality in a running kernel, essentially blasting a vulnerable path (and its associated functionality) out of existence until a fix can be installed. "For most users, the cost of 'this socket family stops working for the day' is much smaller than the cost of running a known vulnerable kernel until the fix land."

[$] A 2026 DAMON update

✇LWN
Par : corbet
8 mai 2026 à 13:20
The kernel's DAMON subsystem provides user-space monitoring and management of system memory. DAMON is developing rapidly, so an update on its progress has become a regular feature of the annual Linux Storage, Filesystem, Memory Management, and BPF Summit. This tradition continued at the 2026 gathering with an update from DAMON creator SeongJae Park covering a long list of new capabilities — tiering, data attributes monitoring, transparent huge pages, and more — being added to this subsystem.

Security updates for Friday

✇LWN
Par : jzb
8 mai 2026 à 13:13
Security updates have been issued by AlmaLinux (libsoup and mingw-libtiff), Debian (apache2, chromium, lcms2, libreoffice, and prosody), Fedora (openssl and perl-Starman), Oracle (git-lfs, libsoup, and perl-XML-Parser), Slackware (libgpg, mozilla, and php), SUSE (389-ds, cairo, cf-cli, chromedriver, cri-tools, freeipmi, gnutls, grafana, java-11-openjdk, java-17-openjdk, jetty-minimal, libmariadbd-devel, librsvg, mesa, mozjs52, mutt, nix, opencryptoki, python-Django, python-django, python-pytest, rmt-server, thunderbird, traefik, webkit2gtk3, wireshark, and xen), and Ubuntu (civicrm, dpkg, htmlunit, lcms2, libpng1.6, linux, linux-*, linux-azure, linux-azure-fips, linux-raspi, linux-xilinx, lua5.1, nasm, opam, openexr, openjpeg2, owslib, postfix, postfixadmin, and vim).
❌