April 13, 2024: Linux Keeps Growing

In the world of Linux, there are recent developments that have caught the attention of the community. Here's a roundup of the latest news in the Linux ecosystem:

MX Linux 23.2 'Libretto' Release

MX Linux 23.2, a Debian-based distribution, has been released. This update includes essential improvements and additions, such as fixes for users of the "toram" live feature, an update that addresses "fstab" generation, and a better graphical user interface. The installer now features these improvements, and various applications and tools have been upgraded for audio/video handling, with PipeWire 1.0 being used. A new tool called "MX Locale" has been introduced for managing system locale information, the default language, and more. On the UI/UX part, the "mx-comfort-themes" has been fixed due to some apps not playing nice with it, and a new wallpaper called "MX Linux Desert Landscape" has been introduced. Additionally, a new tool called "papirus-folder-colors" is here that allows you to experiment with different folder colors. The new camera apps include Webcamoid for KDE Plasma, replacing Kamoso, and Guvcview for Xfce and Fluxbox[1].

Lightweight Linux Distros

The best lightweight Linux distros have been featured, making it simple and easy to run Linux on older PCs with limited computing power. The 32-bit edition is only offered as an install-only medium, and the distro has a Windows installer for installing Q4OS alongside an existing Windows installation without rebooting. The distro is suitable for different use cases, such as desktop use, app-focused, Debian-based, Windows users, older machines, Ubuntu LTS, and KDE users[2].

Linux Kernel Flaw

A Linux privilege-escalation proof-of-concept exploit has been published, affecting kernel versions between at least 5.14 and 6.6.14. This vulnerability, tracked as CVE-2024-1086, allows a normal user to gain root access to the box, potentially causing further damage and problems. The flaw is a double-free bug in the Linux kernel's netfilter component involving nf_tables. A patch has been released to address this issue[3].

Linux Kernel Updates

Due to the Native BHI vulnerability affecting all Intel processors, Linux kernel updates have been released. The Linux 6.8.5, 6.6.26, 6.1.85, and 5.15.154 stable kernels have been updated to back-port the mitigation. The updated Linux kernel code allows controlling the Native BHI behavior with the new "spectre_bhi=*boot option[4].

RISC-V Linux 6.10 Kernel-Mode FPU

With the upcoming Linux 6.10 kernel cycle, the RISC-V architecture code is seeing kernel-mode FPU. This kernel floating point support is needed for the AMDGPU kernel graphics driver and its DCN display code, allowing recent AMD Radeon graphics cards to work on RISC-V systems with display support using the company's open-source driver stack[5].

Malicious Code in XZ Utils for Linux Systems

A backdoor has been discovered in the popular Linux compression tool XZ Utils, affecting versions 5.6.0 and 5.6.1. This malicious code allows a remote attacker with a predetermined private key to hijack the SSH daemon, enabling them to execute arbitrary code on the victim machine[6].

These updates and developments highlight the vibrant and dynamic nature of the Linux community, with a focus on security, performance, and accessibility for users worldwide.

Citations:
[1] https://news.itsfoss.com/mx-linux-23-2-release/
[2] https://www.techradar.com/news/best-lightweight-linux-distro
[3] https://www.theregister.com/2024/03/29/linux_kernel_flaw/
[4] https://www.phoronix.com/news/Linux-685-Mitigates-Native-BHI
[5] https://www.phoronix.com/news/RISC-V-Linux-6.10-Kernel-FPU
[6] https://thehackernews.com/2024/04/malicious-code-in-xz-utils-for-linux.html
[7] https://blog.mozilla.org/en/products/4-reasons-to-try-mozillas-new-firefox-linux-package-for-ubuntu-and-debian-derivatives/
[8] https://www.bleepingcomputer.com/news/security/new-xz-backdoor-scanner-detects-implant-in-any-linux-binary/