A GNOME Shell extension for tracking lunar phases on your Linux desktop, with info, a clean, minimal design - and a giant illuminated moon.

You're reading ‘Phases of Moon’ Brings Lunar Tracking to GNOME Shell, a blog post from OMG! Ubuntu. Do not reproduce elsewhere without permission.

Take one step at a time to get your privacy right.

A social media user claimed an Ubuntu PPA was being used to distribute ransomware. Their proof? Well, they didn't have any - but that didn't stop the panic.

You're reading Linux PPA Ransomware Scare is Light on Evidence, a blog post from OMG! Ubuntu. Do not reproduce elsewhere without permission.

Linux Mint 22.3 is adding a revamped System Information tool with USB, GPU, PCI and BIOS sections to make hardware troubleshooting easier.

You're reading Linux Mint 22.3 is Adding New System Hardware Tool, a blog post from OMG! Ubuntu. Do not reproduce elsewhere without permission.

Firefox has a new mascot called Kit. Mozilla say the vibrant vulpine character embodies its vision for privacy and openness on the modern web.

You're reading Mozilla Unveils Kit, a (Cute) New Mascot for Firefox, a blog post from OMG! Ubuntu. Do not reproduce elsewhere without permission.

CrossOver, the commercial Wine tool, is now available for Linux ARM64 devices in preview, allowing Windows games and software to run on ARM-based systems.

You're reading CrossOver Brings Wine to Linux ARM64 With “Impressive” Results, a blog post from OMG! Ubuntu. Do not reproduce elsewhere without permission.

by George Whittaker

AMD has officially confirmed a high-severity security vulnerability in its new Zen 5–based CPUs, and it’s a nasty one because it hits cryptography right at the source: the hardware random number generator.

Here’s a clear breakdown of what’s going on, how bad it really is, and what you should do if you’re running Zen 5.

What AMD Just Confirmed

AMD’s security bulletin AMD-SB-7055, now tracked as CVE-2025-62626, describes a bug in the RDSEED instruction on Zen 5 processors. Under certain conditions, the CPU can:

• Return the value 0 from RDSEED far more often than true randomness would allow

• Still signal “success” (carry flag CF=1), so software thinks it got a good random value

The issue affects the 16-bit and 32-bit forms of RDSEED on Zen 5; the 64-bit form is not affected.

Because RDSEED is used to feed cryptographically secure random number generators (CSPRNGs), a broken RDSEED can poison keys, tokens, and other security-critical values.

AMD classifies the impact as:

Loss of confidentiality and integrity (High severity).

How the Vulnerability Works (In Plain English) What RDSEED Is Supposed to Do

Modern CPUs expose hardware instructions like RDRAND and RDSEED:

• RDRAND: Gives you pseudo-random values from a DRBG that’s already been seeded.

• RDSEED: Gives you raw entropy samples suitable for seeding cryptographic PRNGs (it should be very close to truly random).

Software like TLS libraries, key generators, HSM emulators, and OS RNGs may rely directly or indirectly on RDSEED to bootstrap secure randomness.

What’s Going Wrong on Zen 5

On affected Zen 5 CPUs:

• The 16-bit and 32-bit RDSEED variants sometimes return 0 much more often than a true random source should.

• Even worse, they simultaneously report success (CF=1), so software assumes the value is fine rather than retrying.

In cryptographic terms, this means:

• Entropy can be dramatically reduced (many key bits become predictable or even fixed).

• Keys or nonces derived from those values can become partially or fully guessable.

Go to Full Article

Prices are rising across Netflix, Spotify, and their peers, and more people are quietly returning to the oldest playbook of the internet: piracy. Is the golden age of streaming over?

Hello community, here we have another set of package updates. Welcome to our new development cycle of Manjaro 25.1.0, code-named ‘Anh-Linh’.We will focus on Plasma 6.5 series and will introduce GNOME 49, maybe Cosmic 1.0 (Beta).

Current Promotions

• Get the latest Gaming Laptop by Slimbook powered by Manjaro: Slimbook Manjaro III
• Protect your personal data, keep yourself safe with Surfshark VPN: See current promotion

Recent News

• Manjaro 25.0 Zetar released
• Manjaro Summit public Alpha now available
• As of Linux 6.16.12, the 6.16 series is now EOL (End Of Life). Please install 6.17 stable and/or 6.12 LTS (Long Term Support).

Valkey to replace Redis in the [extra] Repository (click for more details) Previous News Finding information easier about Manjaro (click for more details) Notable Package Updates

• Kernels got updated
  • linux616 got removed
• Grub 2.14rc1
• Dracut 109
• Nvidia 580.105.08
• Xorg-Server 21.1.20
• Plasma 6.5.1
• Cosmic 1.0.0.beta.4
• LibreOffice 25.2.7
• Mesa 25.2.6
• Firefox 144.0.2 and 145.0b9
• a lot of rebuilds

Additional Info Python 3.13 info (click for more details) Info about AUR packages (click for more details)

Get our latest daily developer images now from Github: Plasma, GNOME, XFCE. You can get the latest stable releases of Manjaro from CDN77.

Our current supported kernels

• linux54 5.4.301
• linux510 5.10.245
• linux515 5.15.196
• linux61 6.1.158
• linux66 6.6.116
• linux612 6.12.57
• linux617 6.17.7
• linux618 6.18.0-rc4
• linux61-rt 6.1.156_rt56
• linux66-rt 6.6.116_rt66
• linux612-rt 6.12.49_rt13
• linux616-rt 6.16.0_rt3
• linux617-rt 6.17.5_rt7

Package Changes (11/5/25, 17:43 CET)

• testing core x86_64: 47 new and 47 removed package(s)
• testing extra x86_64: 3198 new and 3344 removed package(s)
• testing multilib x86_64: 35 new and 51 removed package(s)

A list of all changes can be found here.

Click to view the poll.

Check if your mirror has already synced:

• Mirror-Check Service

16 posts - 10 participants

Read full topic

Tiny problem but not good for the image of Fedora Linux, pun intended.

The post How to Fix “404 Not Found” Errors in Debian During apt-get upgrade first appeared on Tecmint: Linux Howtos, Tutorials & Guides .

The “404 Not Found” error during upgrade occurs when your system attempts to download packages from repository sources that no

The post How to Fix “404 Not Found” Errors in Debian During apt-get upgrade first appeared on Tecmint: Linux Howtos, Tutorials & Guides.

Like it or not Rust is everywhere, just like autumn.

The waydroid package prior to version 1.5.4-2 (including aur/waydroid) creates Python byte-code files (.pyc) at runtime which were untracked by pacman. This issue has been fixed in 1.5.4-3, where byte-compiling these files is now done during the packaging process.

As a result, the upgrade may conflict with the unowned files created in previous versions. If you encounter errors like the following during the update:

error: failed to commit transaction (conflicting files)

waydroid: /usr/lib/waydroid/tools/__pycache__/__init__.cpython-313.pyc exists in filesystem

waydroid: /usr/lib/waydroid/tools/actions/__pycache__/__init__.cpython-313.pyc exists in filesystem

waydroid: /usr/lib/waydroid/tools/actions/__pycache__/app_manager.cpython-313.pyc exists in filesystem

You can safely overwrite these files by running the following command:

pacman -Syu --overwrite /usr/lib/waydroid/tools/\*__pycache__/\*

Want to try Ubuntu's amd64v3 packages? Here's how to check if your CPU supports them, enable them via APT, and revert if things go wrong.

You're reading How to Enable amd64v3 Packages on Ubuntu 25.10, a blog post from OMG! Ubuntu. Do not reproduce elsewhere without permission.

Those who used GNOME 2 in the 2000's would remember the now forgotten GNOME Office. I think it's time to revive that project.

The post How to Use dpkg, apt, aptitude, synaptic, and tasksel in Debian first appeared on Tecmint: Linux Howtos, Tutorials & Guides .

Debian offers several tools for managing software packages, each serving a specific purpose in the package management ecosystem, and understanding

The post How to Use dpkg, apt, aptitude, synaptic, and tasksel in Debian first appeared on Tecmint: Linux Howtos, Tutorials & Guides.

When will these Big Tech platforms learn?

by George Whittaker

The Linux kernel, foundational for servers, desktops, embedded systems, and cloud infrastructure, has been under heightened scrutiny. Several vulnerabilities have been exploited in real-world attacks, targeting critical subsystems and isolation layers. In this article, we’ll walk through major examples, explain their significance, and offer actionable guidance for defenders.

CVE-2025-21756 – Use-After-Free in the vsock Subsystem

One of the most alarming flaws this year involves a use-after-free vulnerability in the Linux kernel’s vsock implementation (Virtual Socket), which enables communication between virtual machines and their hosts.

How the exploit works: A malicious actor inside a VM (or other privileged context) manipulates reference counters when a vsock transport is reassigned. The code ends up freeing a socket object while it’s still in use, enabling memory corruption and potentially root-level access.

Why it matters: Since vsock is used for VM-to-host and inter-VM communication, this flaw breaks a key isolation barrier. In multi-tenant cloud environments or container hosts that expose vsock endpoints, the impact can be severe.

Mitigation: Kernel maintainers have released patches. If your systems run hosts, hypervisors, or other environments where vsock is present, make sure the kernel is updated and virtualization subsystems are patched.

CVE-2025-38236 – Out-of-Bounds / Sandbox Escape via UNIX Domain Sockets

Another high-impact vulnerability involves the UNIX domain socket interface and the MSG_OOB flag. The bug was publicly detailed in August 2025 and is already in active discussion.

Attack scenario: A process running inside a sandbox (for example a browser renderer) can exploit MSG_OOB operations on a UNIX domain socket to trigger a use-after-free or out-of-bounds read/write. That allows leaking kernel pointers or memory and then chaining to full kernel privilege escalation.

Why it matters: This vulnerability is especially dangerous because it bridges from a low-privilege sandboxed process to kernel-level compromise. Many systems assume sandboxed code is safe; this attack undermines that assumption.

Mitigation: Distributions and vendors (like browser teams) have disabled or restricted MSG_OOB usage for sandboxed contexts. Kernel patches are available. Systems that run browser sandboxes or other sandboxed processes need to apply these updates immediately.

CVE-2025-38352 – TOCTOU Race Condition in POSIX CPU Timers

In September 2025, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.

Go to Full Article

The systemd-free distro is now powered by Debian 13.

The Turris Omnia NG promises lifetime updates and a modular design for a real long-term use.