Other Sites

9to5Linux

9to5Linux Weekly Roundup: June 1st, 2025

I want to thank everyone who sent us donations; your generosity is appreciated. I also want to thank all of you for your continued support by commenting, liking, sharing, and boosting the articles, following us on social media, and, last but not least, sending us feedback.

Slackware-Based PorteuX 2.1 Is One of the First Distros to Ship with Linux 6.15

Coming two months after PorteuX 2.0, the PorteuX 2.1 release is powered by the latest and greatest Linux 6.15 kernel series and ships with NTFS3 as the default driver for handling NTFS filesystems instead of NTFS-3G. The devs warn that all symlinks stored on NTFS partitions will need to be regenerated.

LinuxGizmos.com

Touchscreen Smart Box Based on ESP32-P4 with Wi-Fi 6 or Ethernet

The ESP32-P4 Smart 86 Box is a compact development board with a 4-inch capacitive touchscreen, designed for HMI, smart control panels, and edge processing. Its 86 mm form factor allows it to be easily installed in wall-mounted enclosures for use in embedded automation and smart terminal applications.

news

Security and FUD Leftovers

posted by Roy Schestowitz on May 31, 2025

Pen Test Partners ☛ Fire detection system been pwned? You’re not going to sea

TL;DR Hardcoded SSH and VNC credentials found on Consilium Salwico CS5000 panels SSH access allows OS-level interaction, and VNC access gives UI control
LWN ☛ Local vulnerabilities in Kea DHCP

The SUSE Security Team has published a detailed report about security vulnerabilities it discovered in the Kea DHCP server suite from the Internet Systems Consortium (ISC).

Since SUSE is also going to ship Kea DHCP in its products, we performed a routine review of its code base. Even before checking the network security of Kea, we stumbled over a range of local security issues, among them a local root exploit which is possible in many default installations of Kea on GNU/Linux and BSD distributions. [...]
Dark Reading ☛ PumaBot Targets Linux Devices in Latest Botnet Campaign [Ed: "brute-force logins on port 22" means the issue here is not Linux but bad passwords]

When the malware first retrieves a list of IP addresses from the C2 server, it chooses devices most likely to have open SSH ports. It then uses credentials also taken from the C2 to attempt brute-force logins on port 22.
Attacks with new Pumabot botnet hit Linux IoT devices

Internet of Things devices running on Linux have been targeted by the newly emergent PumaBot botnet in SSH brute-force attacks, according to Security Affairs.
Qualys ☛ Qualys TRU Discovers Two Local Information Disclosure Vulnerabilities in Apport and systemd-coredump: CVE-2025-5054 and CVE-2025-4598

The Qualys Threat Research Unit (TRU) has discovered two local information-disclosure vulnerabilities in Apport and systemd-coredump.

Both issues are race-condition vulnerabilities. The first (CVE-2025-5054) affects Ubuntu’s core-dump handler, Apport, and the second (CVE-2025-4598) targets systemd-coredump, which is the default core-dump handler on Red Hat Enterprise Linux 9 and the recently released 10, as well as on Fedora. These race conditions allow a local attacker to exploit a SUID program and gain read access to the resulting core dump.

CISA
- CISA ☛ 2025-05-27 [Older] CISA Releases One Industrial Control Systems Advisory
- CISA ☛ 2025-05-27 [Older] New Guidance for SIEM and SOAR Implementation
- CISA ☛ 2025-05-27 [Older] Johnson Controls iSTAR Configuration Utility (ICU) Tool
- CISA ☛ 2025-05-22 [Older] Advisory Update on Cyber Threat Activity Targeting Commvault’s SaaS Cloud Application (Metallic)

Other Recent Tux Machines' Posts

Turning 21 a Week From Now [original]: We want to extend our thanks to Susan again
GNOME Foundation Report and This Week in GNOME: Some GNOME news
Android Leftovers: EU’s new rules will shake up Android update policies
Linux App Release Roundup: May 2025: May has been and gone — but delivered another sizeable set of Linux app updates for us to enjoy
Audacious 4.5 Beta Brings New Plugins, Better PipeWire Support: The first beta of Audacious 4.5
Free and Open Source Software: This is free and open source software
AxOS is an Arch-based Linux distribution for the desktop: Built upon the foundations of Arch Linux
Revisiting X11 vs Wayland With Multiple Displays: Recently, during the soft freeze before the Plasma 6.4 Beta was released, I used mainly X11 on both my laptops
I finally found a visually-pleasing Linux distro that doesn't skimp on performance: If you're looking for a new distribution that's as functional as it is beautiful
Why I'm done with Firefox for good - and which browser I'm using instead: I've used practically every browser out there and keep coming back to Firefox-based browsers
Free, Libre, and Open Source Software Leftovers: FOSS bits for today
Programming Leftovers: Development stuff for today
GNU/Linux and Various Distributions and Operating Systems: today's leftovers
Games: New Steam Games with Native GNU/Linux Clients and More: gaming picks
BSD: Pledge, OpenBSD, and More: BSD Leftovers
Wine 10.9 Released: Wine 10.9 is out
Open Hardware/Modding: ESP32, Precision Clock, and More: hardware picks
today's howtos: half a dozen, mostly idroot
Games' Popularity, Developing Games, and Politics: gaming stuff
Debian Developers' Reports: Guido Günther, Ben Hutchings, Emmanuel Kasper: technical posts
Android Leftovers: Notification Cooldown is Finally Back in Android—Here’s How It Works
KDE is bringing memory optimizations and more to Plasma 6.5: The KDE team has released the latest issue of This Week in Plasma, and it's packed with goodies
Raspberry PI OS Lite vs Desktop: Comparison Between the Distributions: People new to the Raspberry Pi computer board world often ask themselves which Operating System to use on their new board
The reasons people hate Linux are why I love it: If you spend time talking to most Linux enthusiasts
Free and Open Source Software: This is free and open source software. It is not actively developed
Review: Picking up a Pico: In early April I shared that I'd been experimenting with an add-on device to the Raspberry Pi series of computers
Summer of GNOME OS: So far, GNOME OS has mostly been used for testing in virtual machines
Today in Techrights: Some of the latest articles
9to5Linux Weekly Roundup: June 1st, 2025: The 242nd installment of the 9to5Linux Weekly Roundup is here for the week ending on June 1st, 2025.
Android Leftovers: 5 ways I keep my Android phone and data safe while traveling
Is It Still Open Source? MinIO Steering Users Toward Paid Subscriptions: MinIO removes key web console features, nudging users toward its paid offering
This Alternative Operating System Is Keeping Retro Computing Alive: HelenOS is an oddly specific OS that you may want to check out
How-To Geek: How-Tos: How often do you come across a cool application that isn't available for your distribution
These 5 Linux Distros Still Support 32-Bit PCs: Most desktop and laptop computers from the past two decades use 64-bit x86 processors
Ubuntu 20.04 LTS End Of Life – activate ESM to keep your fleet of devices secure and operational: Focal Fossa will reach the End of Standard Support in May 2025, also known as End Of Life (EOL)
Best Free and Open Source Software: Only free and open source software is eligible for inclusion
Linuxfx 11.25.06 “NOBLE”: Codename “Winux”
AlmaLinux OS 10 Released as a Free Alternative to Red Hat Enterprise Linux 10: Today, the AlmaLinux OS Foundation announced the release and general availability of AlmaLinux OS 10 (codename Purple Lion) as the latest stable version of this free Red Hat Enterprise Linux (RHEL) fork.
Independent Distro KaOS 2025.05 Arrives with Linux 6.14 and KDE Gear 25.04: KaOS Linux 2025.05 has been released today as the latest ISO snapshot for this independent Linux distribution built on top of the latest KDE software and featuring Arch Linux’s pacman package manager.
Publishing a book from the GNOME desktop: My first two books were written online using Pressbooks in a browser
Armbian 25.5 Released with Support for Banana Pi M2+ and BeagleBone AI-64 SBCs: Armbian 25.5 distribution for ARM devices is now available for download with support for new boards, Linux kernel 6.14, as well as various improvements.
I put Linux on this 8-inch mini laptop, and unlocked a new way of computing: The Piccolo N150 is a tiny eight-inch laptop with more power than it suggests and a nice display
New Release of BlueOnyx 9.6 and More (RHEL Clone): 4 news items
We're 21 Next Week [original]: This site has become vastly easier to run and maintain since we dumped Drupal
today's leftovers (GNU/Linux Focus): GNU/Linux-centric news
Free, Libre, and Open Source Software and Security Leftovers: mostly FOSS
today's howtos: 3 howtos only
Open Hardware: ESP32, Raspberry Pi, and More: Hardware picks
Programming Leftovers: Development analysis and more
Web Browsers/Web Servers Leftovers: mostly browsers
Supercharging Ubuntu Releases: Monthly Snapshots & Automation: Ubuntu has shipped on a predictable, six-month cadence for two decades
Security Bugs in Apport and systemd-coredump: now fixed
OpenSUSE Tumbleweed: A Powerhouse, Rock-Solid Linux Desktop Distro: This Linux distribution offers a well-designed KDE Plasma environment with a comprehensive software selection and user-friendly features like simplified installation and GUI-based Samba configuration
This terminal-based file manager for Linux beats every alternative out there: Midnight Commander (or mc)
CachyOS ISO Snapshot for May 2025 Improves Support for Older NVIDIA GPUs: The developers of the Arch Linux-based CachyOS distribution released today the ISO snapshot for May 2025, featuring a new boot splash animation, improved support for NVIDIA GPUs, and other changes.
today's howtos: mostly idroot for now
Slackware-Based PorteuX 2.1 Is One of the First Distros to Ship with Linux 6.15: PorteuX 2.1 has been released today as a new update to this portable Linux distribution based on Slackware Linux and inspired by both Slax and Porteus distros, designed to be small, fast, portable, modular, and immutable.
Ubuntu 25.10 will Have a Brand New Terminal (and Image Viewer): Ubuntu 25.10 replaces its default terminal and image viewer with modern apps
A Visual Journey Through IPFire’s Development: We are excited to share something a little different with you today
Free and Open Source Software: This is free and open source software
April/May in KDE Itinerary: The past two months since the last update have been busy again around KDE Itinerary
today's leftovers: Security, GNU/Linux, and more
Open Hardware: ESP32 and 3-D Printing: hackable gadgets
today's howtos: handful of links
antiX-23.2 – init-diversity – 2025 remaster edition: A special thanks also to eric from Obarun for providing guidance about getting 66 properly working on antiX, which in my humble opinion is the pinnacle of this respin
Today in Techrights: Some of the latest articles

Tux Machines

Other Sites

9to5Linux

9to5Linux Weekly Roundup: June 1st, 2025

Slackware-Based PorteuX 2.1 Is One of the First Distros to Ship with Linux 6.15

LinuxGizmos.com

Touchscreen Smart Box Based on ESP32-P4 with Wi-Fi 6 or Ethernet

news

Security and FUD Leftovers

Pen Test Partners ☛ Fire detection system been pwned? You’re not going to sea

LWN ☛ Local vulnerabilities in Kea DHCP

Dark Reading ☛ PumaBot Targets Linux Devices in Latest Botnet Campaign [Ed: "brute-force logins on port 22" means the issue here is not Linux but bad passwords]

Attacks with new Pumabot botnet hit Linux IoT devices

Qualys ☛ Qualys TRU Discovers Two Local Information Disclosure Vulnerabilities in Apport and systemd-coredump: CVE-2025-5054 and CVE-2025-4598

CISA

CISA ☛ 2025-05-27 [Older] CISA Releases One Industrial Control Systems Advisory

CISA ☛ 2025-05-27 [Older] New Guidance for SIEM and SOAR Implementation

CISA ☛ 2025-05-27 [Older] Johnson Controls iSTAR Configuration Utility (ICU) Tool

CISA ☛ 2025-05-22 [Older] Advisory Update on Cyber Threat Activity Targeting Commvault’s SaaS Cloud Application (Metallic)

Other Recent Tux Machines' Posts