Thursday Ubuntu-maker Canonical "officially launched Canonical Academy, a new certification platform designed to help professionals validate their Linux and Ubuntu skills through practical, hands-on assessments," writes the blog It's FOSS: Focusing on real-world scenarios, Canonical Academy aims to foster practical skills rather than theoretical knowledge. The end goal? Getting professionals ready for the actual challenges they will face on the job. The learning platform is already live with its first course offering, the System Administrator track (with three certification exams), which is tailored for anyone looking to validate their Linux and Ubuntu expertise.

The exams use cloud-based testing environments that simulate real workplace scenarios. Each assessment is modular, meaning you can progress through individual exams and earn badges for each one. Complete all the exams in this track to earn the full Sysadmin qualification... Canonical is also looking for community members to contribute as beta testers and subject-matter experts (SME). If you are interested in helping shape the platform or want to get started with your certification, you can visit the Canonical Academy website.
The sys-admin track offers exams for Linux Terminal, Ubuntu Desktop 2024, Ubuntu Server 2024, and "managing complex systems," according to an official FAQ. "Each exam provides an in-browser remote desktop interface into a functional Ubuntu Desktop environment running GNOME. From this initial node, you will be expected to troubleshoot, configure, install, and maintain systems, processes, and other general activities associated with managing Linux. The exam is a hybrid format featuring multiple choice, scenario-based, and performance-based questions..."

"Test-takers interested in the types of material covered on each exam can review links to tutorials and documentation on our website."

The FAQ advises test takers to use a Chromium-based browser, as Firefox "is NOT supported at this time... There is a known issue with keyboards and Firefox in the CUE.01 Linux 24.04 preview release at this time, which will be resolved in the CUE.01 Linux 24.10 exam release."

An Icelandic programmer successfully ran Doom on the European Space Agency's OPS-SAT satellite, proving that the iconic 1993 shooter can now run not just everywhere on Earth -- but in orbit. ZDNet reports: Olafur Waage, a senior software developer from Iceland who now works in Norway, explained at Ubuntu Summit 25.10 how he, a self-described "professional keyboard typist" and maker of funny videos, ended up making what is perhaps the game's most outlandish port yet: Doom running on a real satellite in orbit, the European Space Agency (ESA) OPS-SAT satellite. OPS-SAT, a "flying laboratory" for testing novel onboard computing techniques, was equipped with an experimental computer approximately 10 times more powerful than the norm for spacecraft. Waag explained, "OPS-SAT was the first of its kind, devoted to demonstrating drastically improved mission control capabilities when satellites can fly more powerful onboard computers. The point was to break the curse of being too risk-averse with multi-million-dollar spacecraft." (The satellite was decommissioned in 2024.) [...]

Running Doom in orbit was partly a challenge of portability and partly a challenge of the limitations of space hardware and mission control. The on-board ARM dual-core Cortex-A9 processor, while hot stuff for space computing hardware (which tends to be low-powered and radiation-hardened), was slow even by Earth-bound standards. Waage chose Chocolate Doom 2.3, a popular open-source version of Doom, for its compatibility with the Ubuntu 18.04 Long Term Support (LTS) distro, which was already running on OPS-SAT. Besides, Waage noted, "We picked Chocolate Doom 2.3 because of the libraries available for 18.04 -- that was the last one that would actually build.

Updating software in orbit is extremely difficult, so relatively little code would have to be uploaded. As Waage said, "Doom is relatively straightforward C with a few external dependencies." In other words, it's easy to port. [...] The only sign that Doom was running in space at first was a lone log entry. So, the team used the satellite's camera to snap real-time images of the Earth, then swapped Doom's Mars skybox for actual satellite photos. "The idea was to take a screenshot from the satellite and use that as the sky, all rendered in software using the game's restricted 256-color palette," explained Waage. Even this posed unexpected difficulties: "Trying to draw all of these beautiful colors with those colors," said Waage, "it's probably not going to work right off. But we tried gradient tests, NASA demo photos. It took quite a bit of tweaking." Eventually, instead of a fantasy Mars as the sky background, they got a good-looking, real Earth in the game's sky. The game itself ran flawlessly. After all, Waage said, "It ran beautifully. It's on Ubuntu."

"It's not just you: Flatpak flat-out doesn't work in the new Ubuntu 25.10 release," writes the blog OMG Ubuntu: While Flatpak itself can be installed using apt, trying to install Flatpaks with Flatpak from the command-line throws a "could not unmount revokefs-fuse filesystem" error, followed by "Child process exited with code 1". For those who've installed the Ubuntu 'Questing Quokka' and wanted to kit it out with their favourite software from Flathub, it's a frustrating road bump.

AppArmor, the tool that enforces Ubuntu's security policies for apps, is causing the issue. According to the bug report on Launchpad, the AppArmor profile for fusermount3 lacks the privileges it needs to work properly in Ubuntu 25.10. Fusermount3 is a tool Flatpak relies on to mount and unmount filesystems... This is a bug and it is being worked on. Although there's no timeframe for a fix, it is marked as critical, so will be prioritised.
The bug was reported in early September, but not fixed in time for this week's Ubuntu 25.10 release, reports Phoronix: Only [Friday] an updated AppArmor was pushed to the "questing-proposed" archive for testing. Since then... a number of users have reported that the updated AppArmor from the proposed archive will fix the Flatpak issues being observed. From all the reports so far it looks like that proposed update is in good shape for restoring Flatpak support on Ubuntu 25.10. The Ubuntu team is considering pushing out this update sooner than the typical seven day testing period given the severity of the issue.
More details from WebProNews: Industry insiders point out that AppArmor, Ubuntu's mandatory access control system, was tightened in this release to enhance security... This isn't the first time AppArmor has caused friction; similar issues plagued Telegram Flatpak apps in Ubuntu 24.04 LTS earlier this year, as noted in coverage from OMG Ubuntu.

prisoninmate shares a report from 9to5Linux: Dubbed Questing Quokka, Ubuntu 25.10 is powered by the latest and greatest Linux 6.17 kernel series for top-notch hardware support and ships with the latest GNOME 49 desktop environment, defaulting to a Wayland-only session for the Ubuntu Desktop flavor, meaning there's no other session to choose from the login screen. Ubuntu Desktop also ships with two new apps, namely GNOME's Loupe instead of Eye of GNOME as the default image viewer, as well as Ptyxis instead of GNOME Terminal as the default terminal emulator. Also, there's a new update notification that will be shown with options to open Software Updater or install updates directly.'

Other highlights of Ubuntu 25.10 include sudo-rs as the default implementation of sudo, Dracut as the default initramfs-tools, Chrony as the default NTP (Network Time Protocol) client, Rust Coreutils as the default implementation of GNU Core Utilities, and TPM-backed FDE (Full Disk Encryption) recovery key management. Moreover, Ubuntu 25.10 adds NVIDIA Dynamic Boost support and enables suspend-resume support in the proprietary NVIDIA graphics driver to prevent corruption and freezes when waking an NVIDIA desktop. For Intel users, Ubuntu 25.10 introduces support for new Intel integrated and discrete GPUs. Ubuntu 25.10 is available for download here.

BrianFagioli writes: Canonical has revealed the codename for Ubuntu 26.04 LTS: Resolute Raccoon. The announcement came today on X through the official @ubuntu account, continuing the tradition of pairing an adjective with an animal for each release. As an LTS version, it will be supported for five years and serve as the foundation for servers, desktops, and cloud deployments when it launches in April 2026.

While the name itself is now public, the features of Ubuntu 26.04 remain under wraps. The community will be watching closely to see which kernel it ships with, how GNOME evolves, and what improvements land for enterprise and container use. For now, fans simply have a raccoon mascot to rally around as the countdown to April begins.

The consumer advocacy nonprofit PIRG (Public Interest Research Group) is now petitioning Microsoft to reconsider pulling support for Windows 10 in 2025, since "as many as 400 million perfectly good computers that can't upgrade to Windows 11 will be thrown out." In a petition addressed to Microsoft CEO Satya Nadella, the group warned the October 14 end of free support could cause "the single biggest jump in junked computers ever, and make it impossible for Microsoft to hit their sustainability goals." About 40% of PCs currently in use can't upgrade to Windows 11, even if users want to... Less than a quarter of electronic waste is recycled, so most of those computers will end up in landfills.
Consumer Reports recently also urged Microsoft to not to "strand millions of customers.". And now more groups are also pushing back, according to a post from the blog Windows: Central The Restart Project co-developed the "End of 10" toolkit, which is designed to support Windows 10 users who can't upgrade to Windows 11 after the operating system hits its end-of-support date.
They also note that a Paris-based company called Back Market plans to sell Windows 10 laptops refurbished with Ubuntu Linux or ChromeOS Flex. ("We refuse to watch hundreds of millions of perfectly good computers end up in the trash as e-waste," explains their web site.) Back Market's ad promises an "up-to-date, secure operating system — so instead of paying for a new computer you don't need, you can help us give this one a brand new life."

Right now Windows 10 holds 71.9% of Microsoft's market share, with Windows 11 at 22.95%, according to figures from StatCounter cited by the blog Windows Central. And HP and Dell "recently indicated that half of the global PCs are still running Windows 10," according to another Windows Central post...

The blog OMG Ubuntu notes that Microsoft Copilot chatbot support has been added in the latest Firefox Nightly builds. "Firefox's sidebar already offers access to popular chatbots, including OpenAI's ChatGPT, Anthropic's Claude, Le Chat's Mistral and Google's Gemini. It previously offered HuggingChat too." As the testing bed for features Mozilla wants to add to stable builds (though not all make it — eh, rounded bottom window corners?), this is something you can expect to find in a future stable update... Copilot in Firefox offers the same features as other chatbots: text prompts, upload files or images, generate images, support for entering voice prompts (for those who fancy their voice patterns being analysed and trained on). And like those other chatbots, there are usage limits, privacy policies, and (for some) account creation needed. In testing, Copilot would only generate half a summary for a webpage, telling me it was too long to produce without me signing in/up for an account.

On a related note, Mozilla has updated stable builds to let third-party chatbots summarise web pages when browsing (in-app callout alerts users to the 'new' feature). Users yet to enable chatbots are subtly nudged to do so each time they right-click on web page. [Between "Take Screenshot" and "View Page Source" there's a menu option for "Ask an AI Chatbot."] Despite making noise about its own (sluggish, but getting faster) on-device AI features that are privacy-orientated, Mozilla is bullish on the need for external chatbots.
The article suggests Firefox wants to keep up with Edge and Chrome (which can "infuse first-party AI features directly.") But it adds that Firefox's nightly build is also testing some non-AI features, like new task and timer widgets on Firefox's New Tab page. And "In Firefox Labs, there are is an option to enable JPEG XL support, a super-optimised version of JPEG that is gaining traction (despite Google's intransigence).

Other Firefox news:

• There's good news "for users still clinging to Windows 7," writes the Register. Support for Firefox Extended Support Release 115 "is being extended until March 2026."

• Google "can keep paying companies like Mozilla to make Google the default search engine, as long as these deals aren't exclusive anymore," reports the blog It's FOSS News. (The judge wrote that "Cutting off payments from Google almost certainly will impose substantial — in some cases, crippling — downstream harms to distribution partners..." according to CNBC — especially since the non-profit Mozilla Foundation gets most of its annual revenue from its Google's search deal.)

• Don't forget you can now search your tabs, bookmarks and browsing history right from the address bar with keywords like @bookmarks, @tabs, and @history. (And @actions pulls up a list of actions like "Open private window" or "Restart Firefox").

Matt Asay answered questions from Slashdot readers in 2010 as the then-COO of Canonical. Today he runs developer marketing at Oracle (after holding similar positions at AWS, Adobe, and MongoDB).

And this week Asay contributed an opinion piece to InfoWorld reminding us of open source contributions from companies where "enlightened self-interest underwrites the boring but vital work — CI hardware, security audits, long-term maintenance — that grassroots volunteers struggle to fund." [I]f you look at the Linux 6.15 kernel contributor list (as just one example), the top contributor, as measured by change sets, is Intel... Another example: Take the last year of contributions to Kubernetes. Google (of course), Red Hat, Microsoft, VMware, and AWS all headline the list. Not because it's sexy, but because they make billions of dollars selling Kubernetes services... Some companies (including mine) sell proprietary software, and so it's easy to mentally bucket these vendors with license fees or closed cloud services. That bias makes it easy to ignore empirical contribution data, which indicates open source contributions on a grand scale.
Asay notes Oracle's many contributions to Linux: In the [Linux kernel] 6.1 release cycle, Oracle emerged as the top contributor by lines of code changed across the entire kernel... [I]t's Oracle that patches memory-management structures and shepherds block-device drivers for the Linux we all use. Oracle's kernel work isn't a one-off either. A few releases earlier, the company topped the "core of the kernel" leaderboard in 5.18, and it hasn't slowed down since, helping land the Maple Tree data structure and other performance boosters. Those patches power Oracle Cloud Infrastructure (OCI), of course, but they also speed up Ubuntu on your old ThinkPad. Self-interested contributions? Absolutely. Public benefit? Equally absolute.

This isn't just an Oracle thing. When we widen the lens beyond Oracle, the pattern holds. In 2023, I wrote about Amazon's "quiet open source revolution," showing how AWS was suddenly everywhere in GitHub commit logs despite the company's earlier reticence. (Disclosure: I used to run AWS' open source strategy and marketing team.) Back in 2017, I argued that cloud vendors were open sourcing code as on-ramps to proprietary services rather than end-products. Both observations remain true, but they miss a larger point: Motives aside, the code flows and the community benefits.

If you care about outcomes, the motives don't really matter. Or maybe they do: It's far more sustainable to have companies contributing because it helps them deliver revenue than to contribute out of charity. The former is durable; the latter is not.
There's another practical consideration: scale. "Large vendors wield resources that community projects can't match."

Asay closes by urging readers to "Follow the commits" and "embrace mixed motives... the point isn't sainthood; it's sustainable, shared innovation. Every company (and really every developer) contributes out of some form of self-interest. That's the rule, not the exception. Embrace it." Going forward, we should expect to see even more counterintuitive contributor lists. Generative AI is turbocharging code generation, but someone still has to integrate those patches, write tests, and shepherd them upstream. The companies with the most to lose from brittle infrastructure — cloud providers, database vendors, silicon makers — will foot the bill. If history is a guide, they'll do so quietly.

"KDE Linux is an all-new desktop Linux distro being developed as a showcase for the KDE desktop project," reports The Register.

"The project is still in a pre-alpha testing stage, but recently went public on the KDE website. Versions are available to download and try out." KDE Linux is an entirely new and experimental OS. There's lots of room for confusion here, because KDE already has a demonstration distro, KDE Neon. KDE Linux is a totally separate and far more ambitious project. In terms of its underlying design, it's intended to be a super-stable end-user distro. This is in contrast with Neon, which is an experimental showcase for the latest and greatest code. Neon isn't meant to be anyone's daily driver...

Several aspects of [KDE Linux's] design are clearly influenced by Valve's SteamOS 3. Like SteamOS 3, KDE Linux is an immutable distro, with dual read-only Btrfs-format root partitions that update each other alternately... KDE Linux isn't based on Ubuntu or Debian. It's built using Arch Linux, but it's different enough that it doesn't really count as an Arch variant. As an immutable distro, there's no package manager, for instance, so the user can't install Arch packages... You can only install sandboxed apps that go in their own corner of the OS, and here the plan is that users will install Flatpak (and possibly Snap, "if it's not too hard and the UX is OK") packages using the KDE Discover app store. Aside from them, you won't be able to update individual packages. OS updates come as a whole new system image, with all components updated at once.
"This is intended to one day be a bulletproof daily driver, not a demo system, which is the intended purpose of KDE Neon..." the article concludes.

And while their test of current work-in-progress/test version kept crashing, "the promise is considerable, and this could turn out to be one of the most radical end-user distros out there."

Thanks to Slashdot reader king*jojo for sharing the news.

An anonymous reader shared this report from WebProNews: The Linux world is abuzz with news of XLibre, a fork of the venerable X11 window display system, which aims to be an alternative to X11's successor, Wayland.

Much of the Linux world is working to adopt Wayland, the successor to X11. Wayland has been touted as being a superior option, providing better security and performance. Despite Fedora and Ubuntu both going Wayland-only, the newer display protocol still lags behind X11, in terms of functionality, especially in the realm of accessibility, screen recording, session restore, and more. In addition, despite the promise of improved performance, many users report performance regressions compared to X11.

While progress is being made, it has been slow going, especially for a project that is more than 17 years old. To make matters worse, Wayland is largely being improved by committee, with the various desktop environment teams trying to work together to further the protocol. Progress is further hampered by the fact that the GNOME developers often object to the implementation of some functionality that doesn't fit with their vision of what a desktop should be — despite those features being present and needed in every other environment.

In response, developer Enrico Weigelt has forked Xll into the XLibre project. Weigelt was already one of the most prolific X11 contributors at a time when little to no improvements or new features are being added to the aging window system... Weigelt has wasted no time releasing the inaugural version of XLibre, XLibre 25.0. The release includes a slew of improvements.
MrBrklyn (Slashdot reader #4,775) adds that Artix Linux, a rolling-release distro based on Arch Linux which does not use systemd, now offers XLibre ISO images and packages for testing and use. They're all non-systemd based, and "Its a decent undertaking by the Artix development team. The iso is considered to be testing but it is quickly moving to the regular repos for broad public use."

Steven J. Vaughan-Nichols writes in an opinion piece for The Register: Microsoft, tactically admitting it has failed at talking all the Windows 10 PC users into moving to Windows 11 after all, is -- sort of, kind of -- extending Windows 10 support for another year. For most users, that means they'll need to subscribe to Microsoft 365. This, in turn, means their data and meta-information will be kept in a US-based datacenter. That isn't sitting so well with many European Union (EU) organizations and companies. It doesn't sit that well with me or a lot of other people either.

A few years back, I wrote in these very pages that Microsoft didn't want you so much to buy Windows as subscribe to its cloud services and keep your data on its servers. If you wanted a real desktop operating system, Linux would be almost your only choice. Nothing has changed since then, except that folks are getting a wee bit more concerned about their privacy now that President Donald Trump is in charge of the US. You may have noticed that he and his regime love getting their hands on other people's data.

Privacy isn't the only issue. Can you trust Microsoft to deliver on its service promises under American political pressure? Ask the EU-based International Criminal Court (ICC) which after it issued arrest warrants for Israeli Prime Minister Benjamin Netanyahu for war crimes, Trump imposed sanctions on the ICC. Soon afterward, ICC's chief prosecutor, Karim Khan, was reportedly locked out of his Microsoft email accounts. Coincidence? Some think not. Microsoft denies they had anything to do with this.

Peter Ganten, chairman of the German-based Open-Source Business Alliance (OSBA), opined that these sanctions ordered by the US which he alleged had been implemented by Microsoft "must be a wake-up call for all those responsible for the secure availability of state and private IT and communication infrastructures." Microsoft chairman and general counsel, Brad Smith, had promised that it would stand behind its EU customers against political pressure. In the aftermath of the ICC reports, Smith declared Microsoft had not been "in any way [involved in] the cessation of services to the ICC." In the meantime, if you want to reach Khan, you'll find him on the privacy-first Swiss email provider, ProtonMail.

In short, besides all the other good reasons for people switching to the Linux desktop - security, Linux is now easy to use, and, thanks to Steam, you can do serious gaming on Linux - privacy has become much more critical. That's why several EU governments have decided that moving to the Linux desktop makes a lot of sense... Besides, all these governments know that switching from Windows 10 to 11 isn't cheap. While finances also play a role, and I always believe in "following the money" when it comes to such software decisions, there's no question that Europe is worried about just how trustworthy America and its companies are these days. Do you blame them? I don't. The shift to the Linux desktop is "nothing new," as Vaughan-Nichols notes. Munich launched its LiMux project back in 2004 and, despite ending it in 2017, reignited its open-source commitment by establishing a dedicated program office in 2024. In France, the gendarmerie now operates over 100,000 computers on a custom Ubuntu-based OS (GendBuntu), while the city of Lyon is transitioning to Linux and PostgreSQL.

More recently, Denmark announced it is dropping Windows and Office in favor of Linux and LibreOffice, citing digital sovereignty. The German state of Schleswig-Holstein is following suit, also moving away from Microsoft software. Meanwhile, a pan-European Linux OS (EU OS) based on Fedora Kinoite is being explored, with Linux Mint and openSUSE among the alternatives under consideration.

Microsoft has released a modern, open-source version of its classic MS-DOS Editor -- built with Rust and compatible with Windows, macOS, and Linux. It's now simple called "Edit." Ars Technica reports: Aside from ease of use, Microsoft's main reason for creating the new version of Edit stems from a peculiar gap in modern Windows. "What motivated us to build Edit was the need for a default CLI text editor in 64-bit versions of Windows," writes [Christopher Nguyen, a product manager on Microsoft's Windows Terminal team] while referring to the command-line interface, or CLI. "32-bit versions of Windows ship with the MS-DOS editor, but 64-bit versions do not have a CLI editor installed inbox." [...]

Linux users can download Edit from the project's GitHub releases page or install it through an unofficial snap package. Oh, and if you're a fan of the vintage editor and crave a 16-bit text-mode for your retro machine that actually runs MS-DOS, you can download a copy on the Internet Archive. [...]

At 250KB, the new Edit maintains the lightweight philosophy of its predecessor while adding features the original couldn't dream of: Unicode support, regular expressions, and the ability to handle gigabyte-sized files. The original editor was limited to files smaller than 300KB depending on available conventional memory -- a constraint that seems quaint in an era of terabyte storage. But the web publication OMG! Ubuntu found that the modern Edit not only "works great on Ubuntu" but noted its speed when handling gigabyte-sized documents.

Disabling Intel graphics security mitigations in GPU compute stacks for OpenCL and Level Zero can yield a performance boost of up to 20%, prompting Ubuntu's Canonical and Intel to disable these mitigations in future Ubuntu packages. Phoronix's Michael Larabel reports: Intel does allow building their GPU compute stack without these mitigations by using the "NEO_DISABLE_MITIGATIONS" build option and that is what Canonical is looking to set now for Ubuntu packages to avoid the significant performance impact. This work will likely all be addressed in time for Ubuntu 25.10. This NEO_DISABLE_MITIGATIONS option is just for compiling the Intel Compute Runtime stack and doesn't impact the Linux kernel security mitigations or else outside of Intel's "NEO" GPU compute stack. Both Intel and Canonical are in agreement with this move and it turns out that even Intel's GitHub binary packages for their Compute Runtime for OpenCL and Level Zero ship with the mitigations disabled due to the performance impact. This Ubuntu Launchpad bug report for the Intel Compute Runtime notes some of the key takeaways. There is also this PPA where Ubuntu developers are currently testing their Compute Runtime builds with NEO_DISABLE_MITIGATIONS enabled for disabling the mitigations.

BrianFagioli writes: Ubuntu 25.10, known as Questing Quokka, is taking a big turn under the hood. Canonical has dropped support for the GNOME desktop running on Xorg. Starting with this release, the default Ubuntu session now uses Wayland only. Yes, folks, there's no longer an option to log into GNOME on Xorg.

Linux user share on Steam rose to 2.69% in May 2025 -- the highest level recorded since at least 2018. GamingOnLinux reports: Overall user share for May 2025:

- Windows 95.45% -0.65%
- Linux 2.69% +0.42%
- macOS 1.85% +0.23%

Even with SteamOS 3 now being a little more widely available, the rise was not from SteamOS directly. Filtering to just the Linux numbers gives us these most popular distributions:

- SteamOS Holo 64 bit 30.95% -2.83%
- Arch Linux 64 bit 10.09% +0.64%
- Linux Mint 22.1 64 bit 7.76% +1.56%
- Freedesktop SDK 24.08 (Flatpak runtime) 64 bit 7.42% +1.01%
- Ubuntu Core 22 64 bit 4.63% +0.01%
- Ubuntu 24.04.2 LTS 64 bit 4.30% -0.14%
- CachyOS 64 bit 2.54% +2.54%
- EndeavourOS Linux 64 bit 2.44% -0.02%
- Manjaro Linux 64 bit 2.43% -0.18%
- Pop!_OS 22.04 LTS 64 bit 2.17% -0.06%
- Debian GNU/Linux 12 (bookworm) 64 bit 1.99% -0.28%
- Other 23.27% -2.27%

An anonymous reader shared this report from The Hacker News: Two information disclosure flaws have been identified in apport and systemd-coredump, the core dump handlers in Ubuntu, Red Hat Enterprise Linux, and Fedora, according to the Qualys Threat Research Unit (TRU).

Tracked as CVE-2025-5054 and CVE-2025-4598, both vulnerabilities are race condition bugs that could enable a local attacker to obtain access to access sensitive information. Tools like Apport and systemd-coredump are designed to handle crash reporting and core dumps in Linux systems. "These race conditions allow a local attacker to exploit a SUID program and gain read access to the resulting core dump," Saeed Abbasi, manager of product at Qualys TRU, said...

Red Hat said CVE-2025-4598 has been rated Moderate in severity owing to the high complexity in pulling an exploit for the vulnerability, noting that the attacker has to first win the race condition and be in possession of an unprivileged local account... Qualys has also developed proof-of-concept code for both vulnerabilities, demonstrating how a local attacker can exploit the coredump of a crashed unix_chkpwd process, which is used to verify the validity of a user's password, to obtain password hashes from the /etc/shadow file.
Advisories were also issued by Gentoo, Amazon Linux, and Debian, the article points out. (Though "It's worth noting that Debian systems aren't susceptible to CVE-2025-4598 by default, since they don't include any core dump handler unless the systemd-coredump package is manually installed.")

Canonical software security engineer Octavio Galland explains the issue on Canonical's blog. "If a local attacker manages to induce a crash in a privileged process and quickly replaces it with another one with the same process ID that resides inside a mount and pid namespace, apport will attempt to forward the core dump (which might contain sensitive information belonging to the original, privileged process) into the namespace... In order to successfully carry out the exploit, an attacker must have permissions to create user, mount and pid namespaces with full capabilities." Canonical's security team has released updates for the apport package for all affected Ubuntu releases... We recommend you upgrade all packages... The unattended-upgrades feature is enabled by default for Ubuntu 16.04 LTS onwards. This service:

- Applies new security updates every 24 hours automatically.
- If you have this enabled, the patches above will be automatically applied within 24 hours of being available.

Last August a Microsoft security update broke dual-booting Windows 11 and Linux systems, remembers the blog Neowin. Distros like Debian, Ubuntu, Linux Mint, Zorin OS, and Puppy Linux were all affected, and "a couple of days later, Microsoft provided a slightly lengthy workaround that involved tweaking around with policies and the Registry in order to fix the problem."

The update "was meant to address a GRUB bootloader vulnerability that allowed malicious actors to bypass Secure Boot's safety mechanisms," notes the It's FOSS blog. "Luckily, there's now a proper fix for this, as Microsoft has quietly released a new patch on May 13, 2025, addressing the issue nine months after it was first reported... Meanwhile, many dual-boot users were left with borked setups, having to use workarounds or disable Secure Boot altogether."

After gaining attention from Neowin and DistroWatch last week, the sole maintainer behind AnduinOS 1.3 -- a Linux distribution styled to resemble Windows 11 -- decided to reveal himself. He turns out to be Anduin Xue, a Microsoft software engineer, who has been working on the project as a personal, non-commercial endeavor built on Ubuntu. Neowin reports: As a Software Engineer 2 at Microsoft (he doesn't work on Windows), Anduin Xue says he's financially stable and sees no need to commercialize AnduinOS. Explaining the financial aspects of the project, he said: "Many have asked why I don't accept donations, how I profit, and if I plan to commercialize AnduinOS. Truthfully, I haven't thoroughly considered these issues. It's not my main job, and I don't plan to rely on it for a living. Each month, I dedicate only a few hours to maintaining it. Perhaps in the future, I might consider providing enterprise solutions based on AnduinOS, but I won't compromise its original simplicity. It has always been about providing myself with a comfortably themed Ubuntu."

In our coverage of the AnduinOS 1.3 release last week, one commenter pointed out that the distro is from China. For some, this will raise issues, but Anduin Xue addressed this in his blog post, too, saying that the source code is available to the public. For this reason, he told lacing the operating system with backdoors for the Chinese government would be "irrational and easily exposed." For those worried that the distribution may be abandoned, Anduin Xue said that he intends to continue supporting it and may even maintain it full-time if sponsorship or corporate cooperation emerges.

Longtime Slashdot reader RoccamOccam shares a blog post from the Trifecta Tech Foundation, a nonprofit organization that creates secure, open source building blocks for infrastructure software. The foundation is also the developer behind Sudo-rs. From the report: Ubuntu 25.10 is set to adopt sudo-rs by default. Sudo-rs is a memory-safe reimplementation of the widely-used sudo utility, written in the Rust programming language. This move is part of a broader effort by Canonical to improve the resilience and maintainability of core system components. [...]

The decision to adopt sudo-rs is in line with Canonical's commitment to Carefully But Purposefully increase the resilience of critical system software, by adopting Rust. Rust is a programming language with strong memory safety guarantees that eliminates many of the vulnerabilities that have historically plagued traditional C-based software. Sudo-rs is part of the Trifecta Tech Foundation's Privilege Boundary initiative, which aims to handle privilege escalation with memory-safe alternatives.

AMD has open-sourced its "GPU-IOV Module" for enabling SR-IOV-based virtualization on Instinct accelerators using the Linux kernel and KVM hypervisor, with features like GPU scheduling and VF/PF management. Notably, AMD plans to extend this virtualization support to client Radeon GPUs. Phoronix reports: The AMD GPU-IOV Module is for the Linux kernel and for providing SR-IOV based hardware virtualization in conjunction with the KVM hypervisor. GIM provides the GPU IOV virtualization, virtual function (VF) configuration and enablement, GPU scheduling for world switch, hang detection and FLR reset, and PF/VF handshake capabilities. Initially the AMD GIM driver is for the Instinct MI300X hardware and tested atop Ubuntu 22.04 LTS with ROCm 6.4. Those interested can find the AMD GIM code currently via GitHub. It's not laid out in the repository or any other public communications I've seen what any upstreaming plans are for this GIM driver to get it into the mainline Linux kernel.