Qualys has sent out a somewhat breathless advisory describing a number of vulnerabilities in the AppArmor security module, which is used in a number of Debian-based distributions (among others).

This "CrackArmor" advisory exposes a confused-deputy flaw allowing unprivileged users to manipulate security profiles via pseudo-files, bypass user-namespace restrictions, and execute arbitrary code within the kernel. These flaws facilitate local privilege escalation to root through complex interactions with tools like Sudo and Postfix, alongside denial-of-service attacks via stack exhaustion and Kernel Address Space Layout Randomization (KASLR) bypasses via out-of-bounds reads.

Earlier this month were various Linux 7.0 file-system benchmarks showing how XFS is leading the race in the overall upstream Linux file-system performance on this forthcoming kernel. Stemming from that testing some premium supporters requested a fresh look at the historical performance of XFS as well as EXT4. So today's article is a look at how XFS and EXT4 have performed on every kernel release going back to Linux 6.12 LTS.

In 2019, researchers published a way to identify which file-backed pages were being accessed on a system using timing information from the page cache, leading to a handful of unpleasant consequences and a change to the design of the mincore() system call. Discussion at the time led to a number of ad-hoc patches to address the problem. The lack of new page-cache attacks suggested that attempts to fix things in a piecemeal fashion had succeeded. Now, however, Sudheendra Raghav Neela, Jonas Juffinger, Lukas Maar, and Daniel Gruss have found a new set of holes in the Linux kernel's page-cache-timing protections that allow the same general class of attack.

I want to be clear about what this is and isn't

Security updates have been issued by Debian (chromium, kernel, and multipart), Fedora (dnf5, dr_libs, easyrpg-player, libmaxminddb, python3.12, strongswan, task, and udisks2), Oracle (.NET 10.0, .NET 8.0, .NET 9.0, gnutls, ImageMagick, kernel, libvpx, mingw-libpng, nginx:1.26, python3.11, and uek-kernel), Red Hat (delve, git-lfs, mingw-libpng, osbuild-composer, and rhc-worker-playbook), SUSE (cjson, curl, dnsdist, libsoup2, postgresql16, postgresql17, postgresql18, python-lxml_html_clean, python-pypdf2, python36, and thunderbird), and Ubuntu (dotnet8, dotnet9, dotnet10, freetype, golang-github-go-git-go-git, golang-golang-x-net, openssh, python-cryptography, sudo, and util-linux).

Sent out this week were more Intel Xe driver feature patches to DRM-Next for queuing ahead of next month's Linux 7.1 merge window...

nothing but buzzwords

4 stories from GamingOnLinux

Vulkan 1.4.346 was published today with one big new extension in tow: VK_KHR_device_address_commands...

FreeRDP as this open-source and cross-platform Remote Desktop Protocol (RDP) implementation is out with FreeRDP 3.24 to ship new security fixes as well as other improvements...

Projects and gadgets

via Invidious

Development picks for today

A fix is on the way to the Linux 7.0 kernel today for addressing an idle power issue with AMD RDNA4 GPUs reporting high power consumption and full utilization even after being "idle" following compute workloads like Llama.cpp...

For going along with the Intel IVPU kernel accelerator driver in the mainline Linux kernel is the Intel NPU driver support in user-space. Released yesterday was the Intel NPU Driver 1.30 milestone for advancing the Intel NPU user-space support on Linux with this open-source support for Core Ultra SoCs...

GNOME's GitLab infrastructure has already been using Anubis for a while to help fend off bots and AI scraper traffic from wreacking havoc on their server resources and also their hosting budget. GNOME recently began redirecting some GitLab traffic to their GitHub repositories as another step in dealing with bots/scrapers. Now they have taken an added step of using the commercial, closed-source Fastly in their battle with bots...

Intel's LLM-Scaler project that makes it easy to deploy various large language models on modern Arc Graphics hardware is out with a new test release to expand its LLM coverage...

10 Android Trends That Will Define Smartphones in 2026

This is free and open source software

Švicarji ne morejo prešteti elektronskih glasov z referenduma

• Matej Huš :: 13. mar 2026 ob 07:51
• Ostale najave

Slo-Tech - Na referendum, ki so v Švici potekali 8. marca, so v manjšem obsegu preizkušali elektronsko glasovanje, ki je bilo v štirih kantonih namenjeno prebivalcem, ki so v tujini ali imajo gibalno oviranost. V Baslu je imelo to možnost glasovanja 10.330 ljudi, izkoristilo pa jo je 2048. In nikoli ne bomo vedeli, kako so glasovali, ker volilna komisija ne more prešteti njihovih glasov. Več na Slo-Techu.