Linux.Slashdot.org

Roughly 200,000 Linux-based Framework laptops shipped with a signed UEFI shell command (mm) that can be abused to bypass Secure Boot protections -- allowing attackers to load persistent bootkits like BlackLotus or HybridPetya. Framework has begun patching affected models, though some fixes and DBX updates are still pending. BleepingComputer reports: According to firmware security company Eclypsium, the problem stems from including a 'memory modify' (mm) command in legitimately signed UEFI shells that Framework shipped with its systems. The command provides direct read/write access to system memory and is intended for low-level diagnostics and firmware debugging. However, it can also be leveraged to break the Secure Boot trust chain by targeting the gSecurity2 variable, a critical component in the process of verifying the signatures of UEFI modules. The mm command can be abused to overwrite gSecurity2 with NULL, effectively disabling signature verification. "This command writes zeros to the memory location containing the security handler pointer, effectively disabling signature verification for all subsequent module loads." The researchers also note that the attack can be automated via startup scripts to persist across reboots.

Read more of this story at Slashdot.

BrianFagioli shares a report from NERDS.xyz: NordVPN has open sourced its Linux GUI on GitHub, giving the community full access to the code behind its graphical client. The move follows a 70 percent surge in daily active Linux users since the GUI's debut earlier this year, showing clear demand for a user friendly VPN experience on the platform. Alongside the previously open sourced command line tool, the GUI codebase is now available for anyone to audit, modify, and contribute to. While NordVPN's core backend infrastructure remains proprietary, the company says the open source release reflects its commitment to transparency and collaboration with the Linux community. The GUI can also now be installed with a single command using Snap, simplifying setup and ensuring automatic updates across distributions.

Read more of this story at Slashdot.

Long-time Slashdot reader Qbertino writes: German IT news outlet Heise reports [German-language article] that the northern most state Schleswig-Holstein has, after half a year of frantic data migration work, successfully migrated their MS Outlook mail and groupware setups to a FOSS solution using Open-Xchange and Thunderbird. Stakeholders consider the move a major success and milestone to digital sovereignty and saving costs. This move makes the state a pioneer in Germany. As a next major step Schleswig-Holstein plans to migrate their authorities and administrations desktop PCs to Linux. The state has achieved "digital sovereignty by ditching Microsoft for open source solutions," writes the site It's FOSS, adding that European nations "have generally been more progressive in adopting open source solutions for government operations." The migration affected around 30,000 employees across various government departments. This includes the State Chancellery, ministries, judiciary, state police, and other state authorities. Over 40,000 mailboxes containing more than 100 million emails and calendar entries were moved to the new system. The state has adopted Open-Xchange as its email server solution and Thunderbird as the email client.... [Digitization Minister Dirk Schrödter] emphasized that "We are real pioneers. We can't fall back on the experience of others -, there is hardly a comparable project of this magnitude anywhere in the world."

Read more of this story at Slashdot.

prisoninmate shares a report from 9to5Linux: Dubbed Questing Quokka, Ubuntu 25.10 is powered by the latest and greatest Linux 6.17 kernel series for top-notch hardware support and ships with the latest GNOME 49 desktop environment, defaulting to a Wayland-only session for the Ubuntu Desktop flavor, meaning there's no other session to choose from the login screen. Ubuntu Desktop also ships with two new apps, namely GNOME's Loupe instead of Eye of GNOME as the default image viewer, as well as Ptyxis instead of GNOME Terminal as the default terminal emulator. Also, there's a new update notification that will be shown with options to open Software Updater or install updates directly.' Other highlights of Ubuntu 25.10 include sudo-rs as the default implementation of sudo, Dracut as the default initramfs-tools, Chrony as the default NTP (Network Time Protocol) client, Rust Coreutils as the default implementation of GNU Core Utilities, and TPM-backed FDE (Full Disk Encryption) recovery key management. Moreover, Ubuntu 25.10 adds NVIDIA Dynamic Boost support and enables suspend-resume support in the proprietary NVIDIA graphics driver to prevent corruption and freezes when waking an NVIDIA desktop. For Intel users, Ubuntu 25.10 introduces support for new Intel integrated and discrete GPUs. Ubuntu 25.10 is available for download here.

Read more of this story at Slashdot.