665: Patch Me If You Can

We dig into the Copy Fail vulnerability and test a proof-of-concept against our own box. Plus, Jon Seager, VP of Engineering at Canonical joins us, and we kick off the BSD Challenge!

Sponsored By:

Jupiter Party Annual Membership • : Put your support on automatic with our annual plan, and get one month of membership for free!Managed Nebula • : Meet Managed Nebula from Defined Networking. A decentralized VPN built on the open-source Nebula platform that we love. Support LINUX Unplugged

Links:

💥 Gets Sats Quick and Easy with Strike📻 LINUX Unplugged on Fountain.FMCopy Fail — CVE-2026-31431 • — "An unprivileged local user can write four controlled bytes into the page cache of any readable file on a Linux system, and use that to gain root." — Theori Copy Fail: 732 Bytes to Root - Xint • — "A single 732-byte Python script can edit a setuid binary and obtain root on essentially all Linux distributions shipped since 2017." — Xint Linux Kernel Bug Explained - Jorijn • — "CopyFail is more portable. One script, every distro, no offsets. Dirty Pipe needed kernel ≥ 5.8; Copy Fail covers 2017–2026." — Jorijn"Kubernetes Pod Security Standards (Restricted) and default seccomp do NOT block the syscall used." — Jorijn Ars: Most Severe Linux Threat in Years • — "The most severe Linux threat to surface in years catches the world flat-footed." — Ars Technica Sysdig: CVE-2026-31431 Analysis • — "The flaw was introduced in 2017 via commit 72548b093ee3, which switched AEAD operations to in-place processing." — Sysdig CERT-EU AdvisoryUbuntu Security TrackerThe Register: Crypto FlawKernel Patch (reverts 2017 optimization) • — "This mostly reverts commit 72548b093ee3 except for the copying of the associated data." — Kernel Commit Buggy Commit: 72548b093ee3 (2017)DeepWiki: AF_ALG Internalsoss-security DisclosurePSA + GRUB Mitigation - Jan WildeboerUbuntu 26.04 LTS (Resolute Raccoon) Released • — "Ubuntu 26.04 LTS sets the example for providing best-in-class resilience while simultaneously embracing innovation and the advancement of open source." — Jon Seager, VP Ubuntu Engineering The Future of AI in Ubuntu - Jon Seager • — "Throughout 2026 we'll be working on enabling access to frontier AI for Ubuntu users in a way that is deliberate, secure, and aligned with our open source values." — Jon Seager Ubuntu 26.04 Release NotesUbuntu AI Features Throughout 2026 - Phoronix • — "Canonical's approach to AI is refreshingly thoughtful — Microsoft should take note." — ZDNet Canonical DDoS Attack Update • — "Canonical's web infrastructure is under a sustained, cross-border attack and we are working to address it." — arcticp, Canonical Ubuntu Weekly Newsletter #942Canonical AI Approach - ZDNet9to5Linux: Opt-In LLM Toolsuutils/coreutils: Cross-platform Rust rewrite of the GNU coreutilsLINUX Unplugged 636: Engineering the FutureLiveCD fails to start X session on QEMU · Issue #354 · ghostbsd/issuesMonty's “rescue” drive NixOS configMagnolia Mayhem's BSD Challenge ReportPick: NASty • — NASty is a NAS operating system built on NixOS and bcachefs. It turns commodity hardware into a storage appliance serving NFS, SMB, iSCSI, and NVMe-oF — managed from a single web UI, updated atomically, and rolled back when things go sideways. Pick: Defuse • — Defuse is a GTK4 application for removing image backgrounds locally. Defuse on Flathub