Уязвимость в Python-библиотеках lzma, bz2 и gzip, потенциально приводящая к выполнению кода
В поставляемых в составе CPython классах распаковки сжатых данных в форматах lzma, bz2 и gzip (lzma.LZMADecompressor, bz2.BZ2Decompressor и gzip.GzipFile) выявлена уязвимость (CVE-2026-6100), приводящая к обращению к памяти после её освобождения. Проблема присвоен критический уровень опасности (9.1 из 10) - в случае успешной эксплуатации уязвимость может привести к утечке информации из памяти процесса или выполнению кода атакующего при распаковке специально оформленных данных.
👉@sysadminoff
https://www.opennet.ru/opennews/art.shtml?num=65202
В поставляемых в составе CPython классах распаковки сжатых данных в форматах lzma, bz2 и gzip (lzma.LZMADecompressor, bz2.BZ2Decompressor и gzip.GzipFile) выявлена уязвимость (CVE-2026-6100), приводящая к обращению к памяти после её освобождения. Проблема присвоен критический уровень опасности (9.1 из 10) - в случае успешной эксплуатации уязвимость может привести к утечке информации из памяти процесса или выполнению кода атакующего при распаковке специально оформленных данных.
👉@sysadminoff
https://www.opennet.ru/opennews/art.shtml?num=65202
openSUSE Tumbleweed Lands GNOME 50, systemd-boot on New UEFI Installs
openSUSE Tumbleweed get the GNOME 50 desktop environment, systemd-boot as the default bootloader for new UEFI installs, and better Full Disk Encryption.
The post openSUSE Tumbleweed Lands GNOME 50, systemd-boot on New UEFI Installs appeared first on 9to5Linux - do not reproduce this article without permission. This RSS feed is intended for readers, not scrapers.
👉@sysadminoff
https://9to5linux.com/opensuse-tumbleweed-lands-gnome-50-systemd-boot-on-new-uefi-installs
openSUSE Tumbleweed get the GNOME 50 desktop environment, systemd-boot as the default bootloader for new UEFI installs, and better Full Disk Encryption.
The post openSUSE Tumbleweed Lands GNOME 50, systemd-boot on New UEFI Installs appeared first on 9to5Linux - do not reproduce this article without permission. This RSS feed is intended for readers, not scrapers.
👉@sysadminoff
https://9to5linux.com/opensuse-tumbleweed-lands-gnome-50-systemd-boot-on-new-uefi-installs
htop 3.5.0
9-го апреля, после года разработки, состоялся выпуск 3.5.0 интерактивной кроссплатформенной консольной утилиты htop, предназначенной для просмотра списка и информации о запущенных процессах и управления ими.
( читать дальше... )
c, htop, ncurses, мониторинг, утилита
👉@sysadminoff
https://www.linux.org.ru/news/opensource/18265142
9-го апреля, после года разработки, состоялся выпуск 3.5.0 интерактивной кроссплатформенной консольной утилиты htop, предназначенной для просмотра списка и информации о запущенных процессах и управления ими.
( читать дальше... )
c, htop, ncurses, мониторинг, утилита
👉@sysadminoff
https://www.linux.org.ru/news/opensource/18265142
📰 KDE Merges Per-Screen Virtual Desktops After 21 Years
A request made a KDE user all the way back in June 2005 on KDE 3.3.2 is finally resolved. After being sought after for 21 years, the latest KWin code now has support for per-screen virtual desktops...
🔗 Source:
#kde
👉@sysadminoff
https://www.phoronix.com/news/KDE-Per-Screen-Virt-Desktops
A request made a KDE user all the way back in June 2005 on KDE 3.3.2 is finally resolved. After being sought after for 21 years, the latest KWin code now has support for per-screen virtual desktops...
🔗 Source:
#kde
👉@sysadminoff
https://www.phoronix.com/news/KDE-Per-Screen-Virt-Desktops
Phoronix
KDE Merges Per-Screen Virtual Desktops After 21 Years
A request made a KDE user all the way back in June 2005 on KDE 3.3.2 is finally resolved
Latest Raspberry Pi OS Release Disables Passwordless sudo by Default
Raspberry Pi OS 2026-04-13 is now available for download with a much-improved Control Center app, passwordless sudo disabled by default, Chromium enhancements, and many other changes.
The post Latest Raspberry Pi OS Release Disables Passwordless sudo by Default appeared first on 9to5Linux - do not reproduce this article without permission. This RSS feed is intended for readers, not scrapers.
👉@sysadminoff
https://9to5linux.com/latest-raspberry-pi-os-release-disables-passwordless-sudo-by-default
Raspberry Pi OS 2026-04-13 is now available for download with a much-improved Control Center app, passwordless sudo disabled by default, Chromium enhancements, and many other changes.
The post Latest Raspberry Pi OS Release Disables Passwordless sudo by Default appeared first on 9to5Linux - do not reproduce this article without permission. This RSS feed is intended for readers, not scrapers.
👉@sysadminoff
https://9to5linux.com/latest-raspberry-pi-os-release-disables-passwordless-sudo-by-default
Microsoft Entra SCIM 2.0: Now with bidirectional provisioning
Microsoft introduced new SCIM 2.0 APIs for Microsoft Entra. The APIs now support bidirectional provisioning, which allows external identity systems to provision users and groups directly into Entra. SCIM (System for Cross-domain Identity Management) is an open internet standard that defines a common HTTP-based protocol for managing user accounts across different systems. Previously, Entra could only push user data to other applications via SCIM. Now, it also accepts incoming SCIM requests. The APIs follow a consumption-based pricing model, require an Azure subscription, and are generally available in the Microsoft public cloud.
Source
👉@sysadminoff
https://4sysops.com/archives/microsoft-entra-scim-20-now-with-bidirectional-provisioning/
Microsoft introduced new SCIM 2.0 APIs for Microsoft Entra. The APIs now support bidirectional provisioning, which allows external identity systems to provision users and groups directly into Entra. SCIM (System for Cross-domain Identity Management) is an open internet standard that defines a common HTTP-based protocol for managing user accounts across different systems. Previously, Entra could only push user data to other applications via SCIM. Now, it also accepts incoming SCIM requests. The APIs follow a consumption-based pricing model, require an Azure subscription, and are generally available in the Microsoft public cloud.
Source
👉@sysadminoff
https://4sysops.com/archives/microsoft-entra-scim-20-now-with-bidirectional-provisioning/
📰 Latest Raspberry Pi OS Release Disables Passwordless sudo by Default
Raspberry Pi OS 2026-04-13 is now available for download with a much-improved Control Center app, passwordless sudo disabled by default, Chromium enhancements, and many other changes.
🔗 Source: https://9to5linux.com/latest-raspberry-pi-os-release-disables-passwordless-sudo-by-default
#chromium #raspberry
👉@sysadminoff
Raspberry Pi OS 2026-04-13 is now available for download with a much-improved Control Center app, passwordless sudo disabled by default, Chromium enhancements, and many other changes.
🔗 Source: https://9to5linux.com/latest-raspberry-pi-os-release-disables-passwordless-sudo-by-default
#chromium #raspberry
👉@sysadminoff
OpenSSL 4.0 Released with Support for Encrypted Client Hello, SNMP KDF, and More
OpenSSL 4.0 is now available for download with support for Encrypted Client Hello, support for SNMP KDF and SRTP KDF, and other changes. Here's what's new!
The post OpenSSL 4.0 Released with Support for Encrypted Client Hello, SNMP KDF, and More appeared first on 9to5Linux - do not reproduce this article without permission. This RSS feed is intended for readers, not scrapers.
👉@sysadminoff
https://9to5linux.com/openssl-4-0-released-with-support-for-encrypted-client-hello-snmp-kdf-and-more
OpenSSL 4.0 is now available for download with support for Encrypted Client Hello, support for SNMP KDF and SRTP KDF, and other changes. Here's what's new!
The post OpenSSL 4.0 Released with Support for Encrypted Client Hello, SNMP KDF, and More appeared first on 9to5Linux - do not reproduce this article without permission. This RSS feed is intended for readers, not scrapers.
👉@sysadminoff
https://9to5linux.com/openssl-4-0-released-with-support-for-encrypted-client-hello-snmp-kdf-and-more
📰 X.Org Server 21.1.22 Released Due To Five New Security Vulnerabilities
X.Org Server 21.1.22 is out today and driven by five new security vulnerabilities being disclosed for the aging codebase. In turn these vulnerabilities also impact XWayland too and thus necessitating the XWayland 24.1.10 release...
🔗 Source:
#security
👉@sysadminoff
https://www.phoronix.com/news/X.Org-Server-21.1.22
X.Org Server 21.1.22 is out today and driven by five new security vulnerabilities being disclosed for the aging codebase. In turn these vulnerabilities also impact XWayland too and thus necessitating the XWayland 24.1.10 release...
🔗 Source:
#security
👉@sysadminoff
https://www.phoronix.com/news/X.Org-Server-21.1.22
Phoronix
X.Org Server 21.1.22 Released Due To Five New Security Vulnerabilities
X.Org Server 21.1.22 is out today and driven by five new security vulnerabilities being disclosed for the aging codebase
📰 Latest Raspberry Pi OS Release Disables Passwordless sudo by Default
Raspberry Pi OS 2026-04-13 is now available for download with a much-improved Control Center app, passwordless sudo disabled by default, Chromium enhancements, and many other changes.
🔗 Source: https://9to5linux.com/latest-raspberry-pi-os-release-disables-passwordless-sudo-by-default
#chromium #raspberry
👉@sysadminoff
Raspberry Pi OS 2026-04-13 is now available for download with a much-improved Control Center app, passwordless sudo disabled by default, Chromium enhancements, and many other changes.
🔗 Source: https://9to5linux.com/latest-raspberry-pi-os-release-disables-passwordless-sudo-by-default
#chromium #raspberry
👉@sysadminoff
Tributary is a GTK4 reimagining of Rhythmbox music player
Ever wondered what a GTK4/libadwaita version of Linux music player Rhythmbox might look like? A new app in development imagines just that. Tributary is billed a “high-performance, Rhythmbox-style media manager written in pure Rust with GTK4 and libadwaita”. It’s more than a way to play local audio files, too. Tributary can access and stream music from Jellyfin, Plex, DAAP/iTunes shares, internet radio stations and Subsonic/Navidrome setups as well – all from a UI that looks uncannily like a real GTK4 Rhythmbox. Explaining his decision to create ‘yet another music player’ (no longer a historical meme either, as a glut of […]
You're reading Tributary is a GTK4 reimagining of Rhythmbox music player, a blog post from OMG! Ubuntu. Do not reproduce elsewhere without permission.
👉@sysadminoff
https://www.omgubuntu.co.uk/2026/04/tributary-music-player-gtk4
Ever wondered what a GTK4/libadwaita version of Linux music player Rhythmbox might look like? A new app in development imagines just that. Tributary is billed a “high-performance, Rhythmbox-style media manager written in pure Rust with GTK4 and libadwaita”. It’s more than a way to play local audio files, too. Tributary can access and stream music from Jellyfin, Plex, DAAP/iTunes shares, internet radio stations and Subsonic/Navidrome setups as well – all from a UI that looks uncannily like a real GTK4 Rhythmbox. Explaining his decision to create ‘yet another music player’ (no longer a historical meme either, as a glut of […]
You're reading Tributary is a GTK4 reimagining of Rhythmbox music player, a blog post from OMG! Ubuntu. Do not reproduce elsewhere without permission.
👉@sysadminoff
https://www.omgubuntu.co.uk/2026/04/tributary-music-player-gtk4
📰 Your home server monitor dies with your server — an old Android phone fixed this for free
Monitoring dashboards are a useful way to keep an eye on your self-hosted services. You think you are covered, but monitoring dashboards are dependent on the same infrastructure. I have hosted many services, such as Immich, Jellyfin, and Nextcloud, on my home server, and Uptime Kuma for the uptime monitoring of these services on the same server. Everything looked alright, a few self-hosted services and a monitoring tool to watch over them. On...
🔗 Source:
#android #immich
👉@sysadminoff
https://www.xda-developers.com/home-server-monitor-dies-with-server-old-android-phone-fixed/
Monitoring dashboards are a useful way to keep an eye on your self-hosted services. You think you are covered, but monitoring dashboards are dependent on the same infrastructure. I have hosted many services, such as Immich, Jellyfin, and Nextcloud, on my home server, and Uptime Kuma for the uptime monitoring of these services on the same server. Everything looked alright, a few self-hosted services and a monitoring tool to watch over them. On...
🔗 Source:
#android #immich
👉@sysadminoff
https://www.xda-developers.com/home-server-monitor-dies-with-server-old-android-phone-fixed/
XDA
Your home server monitor dies with your server — an old Android phone fixed this for free
Sometimes the simplest fix is the best.
📰 Tributary is a GTK4 reimagining of Rhythmbox music player
Ever wondered what a GTK4/libadwaita version of Linux music player Rhythmbox might look like? A new app in development imagines just that. Tributary is billed a “high-performance, Rhythmbox-style media manager written in pure Rust with GTK4 and libadwaita”. It’s more than a way to play local audio files, too. Tributary can access and stream music from Jellyfin, Plex, DAAP/iTunes shares, internet radio stations and Subsonic/Navidrome setups as...
🔗 Source:
#linux
👉@sysadminoff
https://www.omgubuntu.co.uk/2026/04/tributary-music-player-gtk4
Ever wondered what a GTK4/libadwaita version of Linux music player Rhythmbox might look like? A new app in development imagines just that. Tributary is billed a “high-performance, Rhythmbox-style media manager written in pure Rust with GTK4 and libadwaita”. It’s more than a way to play local audio files, too. Tributary can access and stream music from Jellyfin, Plex, DAAP/iTunes shares, internet radio stations and Subsonic/Navidrome setups as...
🔗 Source:
#linux
👉@sysadminoff
https://www.omgubuntu.co.uk/2026/04/tributary-music-player-gtk4
OMG! Ubuntu
Tributary is the GTK4 Rhythmbox port of your dreams
Ever wondered what a GTK4/libadwaita version of Linux music player Rhythmbox might look like? A new app in development imagines just that. Tributary is
📰 Nginx 1.30 Released With Multipath TCP, ECH & More
Nginx 1.30 was just released as the newest stable version of this popular web server. Nginx 1.30 incorporates all of the changes from the Nginx 1.29.x mainline branch to provide a lot of new functionality like Multipath TCP (MPTCP)...
🔗 Source:
#nginx
👉@sysadminoff
https://www.phoronix.com/news/Nginx-1.30-Released
Nginx 1.30 was just released as the newest stable version of this popular web server. Nginx 1.30 incorporates all of the changes from the Nginx 1.29.x mainline branch to provide a lot of new functionality like Multipath TCP (MPTCP)...
🔗 Source:
#nginx
👉@sysadminoff
https://www.phoronix.com/news/Nginx-1.30-Released
Phoronix
Nginx 1.30 Released With Multipath TCP, ECH & More
Nginx 1.30 was just released as the newest stable version of this popular web server
XOrg Server 21.1.22 and Xwayland 24.1.10 Released with Multiple Security Fixes
XOrg Server 21.1.22 and Xwayland 24.1.10 have been released today to address a total of five security vulnerabilities. Users are urged to update their systems as soon as possible.
The post XOrg Server 21.1.22 and Xwayland 24.1.10 Released with Multiple Security Fixes appeared first on 9to5Linux - do not reproduce this article without permission. This RSS feed is intended for readers, not scrapers.
👉@sysadminoff
https://9to5linux.com/xorg-server-21-1-22-and-xwayland-24-1-10-released-with-multiple-security-fixes
XOrg Server 21.1.22 and Xwayland 24.1.10 have been released today to address a total of five security vulnerabilities. Users are urged to update their systems as soon as possible.
The post XOrg Server 21.1.22 and Xwayland 24.1.10 Released with Multiple Security Fixes appeared first on 9to5Linux - do not reproduce this article without permission. This RSS feed is intended for readers, not scrapers.
👉@sysadminoff
https://9to5linux.com/xorg-server-21-1-22-and-xwayland-24-1-10-released-with-multiple-security-fixes
Opera GX for Linux arrives on Flathub & Snap store
Installing Opera GX on Linux is now easier, with official packages available on the Canonical Snap Store and Flathub. Opera GX made its debut Linux release in March 2026, with the gaming-centric web browser porting over many of the novel features that have helped to make it a modest hit on Windows and macOS. That includes CPU, RAM and network controls provided, background sounds, themes and eye-candy like web shaders. A ‘Hot Tabs Killer’ feature automatically nukes tabs which use excessive resources (other browsers have similar features with more tactile names like ‘tab sleep’). You can install Opera GX on […]
You're reading Opera GX for Linux arrives on Flathub & Snap store, a blog post from OMG! Ubuntu. Do not reproduce elsewhere without permission.
👉@sysadminoff
https://www.omgubuntu.co.uk/2026/04/opera-gx-linux-snap-flathub
Installing Opera GX on Linux is now easier, with official packages available on the Canonical Snap Store and Flathub. Opera GX made its debut Linux release in March 2026, with the gaming-centric web browser porting over many of the novel features that have helped to make it a modest hit on Windows and macOS. That includes CPU, RAM and network controls provided, background sounds, themes and eye-candy like web shaders. A ‘Hot Tabs Killer’ feature automatically nukes tabs which use excessive resources (other browsers have similar features with more tactile names like ‘tab sleep’). You can install Opera GX on […]
You're reading Opera GX for Linux arrives on Flathub & Snap store, a blog post from OMG! Ubuntu. Do not reproduce elsewhere without permission.
👉@sysadminoff
https://www.omgubuntu.co.uk/2026/04/opera-gx-linux-snap-flathub
👍1
jemalloc 5.3.1
После почти четырёхлетней паузы (см. «jemalloc всё») состоялся выпуск 5.3.1 аллокатора jemalloc – реализации malloc(3), в которой особое внимание уделяется предотвращению фрагментации и поддержке масштабируемой параллельности.
Новый выпуск включает в себя более 390 коммитов с исправлением ошибок, новыми функциями, оптимизацией производительности и улучшением переносимости.
Проект написан на языке С и распространяется по лицензии BSD.
( читать дальше... )
c, jemalloc, аллокатор, библиотека
👉@sysadminoff
https://www.linux.org.ru/news/development/18266167
После почти четырёхлетней паузы (см. «jemalloc всё») состоялся выпуск 5.3.1 аллокатора jemalloc – реализации malloc(3), в которой особое внимание уделяется предотвращению фрагментации и поддержке масштабируемой параллельности.
Новый выпуск включает в себя более 390 коммитов с исправлением ошибок, новыми функциями, оптимизацией производительности и улучшением переносимости.
Проект написан на языке С и распространяется по лицензии BSD.
( читать дальше... )
c, jemalloc, аллокатор, библиотека
👉@sysadminoff
https://www.linux.org.ru/news/development/18266167
📰 Opera GX for Linux arrives on Flathub & Snap store
Installing Opera GX on Linux is now easier, with official packages available on the Canonical Snap Store and Flathub. Opera GX made its debut Linux release in March 2026, with the gaming-centric web browser porting over many of the novel features that have helped to make it a modest hit on Windows and macOS. That includes CPU, RAM and network controls provided, background sounds, themes and eye-candy like web shaders.
🔗 Source:
#linux
👉@sysadminoff
https://www.omgubuntu.co.uk/2026/04/opera-gx-linux-snap-flathub
Installing Opera GX on Linux is now easier, with official packages available on the Canonical Snap Store and Flathub. Opera GX made its debut Linux release in March 2026, with the gaming-centric web browser porting over many of the novel features that have helped to make it a modest hit on Windows and macOS. That includes CPU, RAM and network controls provided, background sounds, themes and eye-candy like web shaders.
🔗 Source:
#linux
👉@sysadminoff
https://www.omgubuntu.co.uk/2026/04/opera-gx-linux-snap-flathub
OMG! Ubuntu
Opera GX for Linux arrives on Flathub & Snap store
Installing Opera GX on Linux is now easier, with official packages available on the Canonical Snap Store and Flathub. Opera GX made its debut Linux
📰 Ubuntu 26.04 Delivers Great Performance Improvements For AMD Strix Point, Especially For RDNA 3.5 Graphics
As part of my ongoing testing around the upcoming Ubuntu 26.04 release I have been running a lot of benchmarks. After recently showing some nice performance gains for AMD Ryzen AI Max "Strix Halo" with Ubuntu 26.04, several Phoronix readers inquired about any performance uplift from the more modest but still powerful Strix Point laptops like the popular Ryzen AI 9 HX 370 SKU. Here are benchmarks showing the performance of Ubuntu 26.
🔗 Source:
#amd #ubuntu
👉@sysadminoff
https://www.phoronix.com/review/ubuntu-2604-strix-point
As part of my ongoing testing around the upcoming Ubuntu 26.04 release I have been running a lot of benchmarks. After recently showing some nice performance gains for AMD Ryzen AI Max "Strix Halo" with Ubuntu 26.04, several Phoronix readers inquired about any performance uplift from the more modest but still powerful Strix Point laptops like the popular Ryzen AI 9 HX 370 SKU. Here are benchmarks showing the performance of Ubuntu 26.
🔗 Source:
#amd #ubuntu
👉@sysadminoff
https://www.phoronix.com/review/ubuntu-2604-strix-point
Phoronix
Ubuntu 26.04 Delivers Great Performance Improvements For AMD Strix Point, Especially For RDNA 3.5 Graphics
As part of my ongoing testing around the upcoming Ubuntu 26.04 release I have been running a lot of benchmarks.
Выпуск nginx 1.30.0 и форка FreeNginx 1.30.0
После года разработки опубликована новая стабильная ветка высокопроизводительного HTTP-сервера и многопротокольного прокси-сервера nginx 1.30.0, которая вобрала в себя изменения, накопленные в основной ветке 1.29.x. В дальнейшем все изменения в стабильной ветке 1.30 будут связаны с устранением серьёзных ошибок и уязвимостей. В скором времени будет сформирована основная ветка nginx 1.31, в которой будет продолжено развитие новых возможностей. Для обычных пользователей, у которых нет задачи обеспечить совместимость со сторонними модулями, рекомендуется использовать основную ветку, на базе которой раз в три месяца формируются выпуски коммерческого продукта Nginx Plus. Код nginx написан на языке Си и распространяется под лицензией BSD.
👉@sysadminoff
https://www.opennet.ru/opennews/art.shtml?num=65207
После года разработки опубликована новая стабильная ветка высокопроизводительного HTTP-сервера и многопротокольного прокси-сервера nginx 1.30.0, которая вобрала в себя изменения, накопленные в основной ветке 1.29.x. В дальнейшем все изменения в стабильной ветке 1.30 будут связаны с устранением серьёзных ошибок и уязвимостей. В скором времени будет сформирована основная ветка nginx 1.31, в которой будет продолжено развитие новых возможностей. Для обычных пользователей, у которых нет задачи обеспечить совместимость со сторонними модулями, рекомендуется использовать основную ветку, на базе которой раз в три месяца формируются выпуски коммерческого продукта Nginx Plus. Код nginx написан на языке Си и распространяется под лицензией BSD.
👉@sysadminoff
https://www.opennet.ru/opennews/art.shtml?num=65207
Релиз StartWine-Launcher 420, программы для запуска Windows-приложений и игр в Linux
Опубликован выпуск приложения Startwine-Launcher 420, развиваемого для запуска в Linux-системах программ и игр, собранных для платформы Windows. Основной целью разработки StartWine-Launcher было упрощение процесса создания новичками префиксов Wine, - наборов библиотек и зависимостей Windows, необходимых для работы Windows-приложений в Linux. Код StartWine-Launcher написан на языке Python и распространяется под лицензией GPLv3. Интерфейс реализован на основе библиотеки GTK.
👉@sysadminoff
https://www.opennet.ru/opennews/art.shtml?num=65205
Опубликован выпуск приложения Startwine-Launcher 420, развиваемого для запуска в Linux-системах программ и игр, собранных для платформы Windows. Основной целью разработки StartWine-Launcher было упрощение процесса создания новичками префиксов Wine, - наборов библиотек и зависимостей Windows, необходимых для работы Windows-приложений в Linux. Код StartWine-Launcher написан на языке Python и распространяется под лицензией GPLv3. Интерфейс реализован на основе библиотеки GTK.
👉@sysadminoff
https://www.opennet.ru/opennews/art.shtml?num=65205