Das Arch User Repository wird mit Malware überschwemmt und auch die Unruhen rund um NPM wollen nicht verstummen. KDE-Plasma 6.7 erscheint als letzte Version mit X11-Support, doch eine an X11 gerichtete Nachfolge existiert bereits. NixOS 26.05, Proxmox Datacenter Manager 1.1 und Mail Gateway 9.1 werden veröffentlicht. Der Linux-Kernel erscheint in Version 7.1 und FreeBSD 15.1 erblickt das Licht. Mit Bumsrakete gibt es eine gravierende FreeBSD-Sicherheitslücke. Eine von uns allen sehr geschätzte Linux-Distribution erhält nach 17 Jahren ein Update.

Intro

• John Shaft (@shaft@piaille.fr) (Piaille): https://piaille.fr/@shaft/116764044756459847
• DistroWatch turns 25 (LWN.net): https://lwn.net/Articles/1075766/
• 30 Jahre Quake: Technologischer Meilenstein mit unvergesslichem Gameplay – Golem.de (Golem.de): https://www.golem.de/news/30-jahre-quake-technologischer-meilenstein-mit-unvergesslichem-gameplay-2605-209094.html
• Play Quake in Your Browser (cssQuake): https://cssquake.com

Feedback und Ankündigungen

• Mark (@thesaigoneer@social.linux.pizza) (Linux.Pizza): https://social.linux.pizza/@thesaigoneer/116697747037617384
• Christoph Stoettner (@stoeps@infosec.exchange) (Infosec Exchange): https://infosec.exchange/@stoeps/116662769601451253

Follow-Up

• episodix (Codeberg.org): https://codeberg.org/userspace-podcast/episodix
• SteamOS 3.8.10 Stable (Phoronix): https://www.phoronix.com/news/SteamOS-3.8.10-Stable
• Steam Machine Price Hits $1,500 in Leaks (TechTimes): https://www.techtimes.com/articles/318520/20260616/steam-machine-price-hits-1500-leaks-valves-anti-cheat-gap-narrows-market.htm
• Steam Machine 2026 Leak: Geekbench Score, Price, Specs and Release Date (Geeky Gadgets): https://www.geeky-gadgets.com/valve-steam-machine-geekbench-score-leak-2026/
• Euro-Office: Erste Version des quelloffenen Web-Office ist da (heise online): https://www.heise.de/news/Euro-Office-Erste-Version-des-quelloffenen-Web-Office-ist-da-11320254.html?view=print
• LibreOffice: Erste technische Details zum großen Umbau (heise online): https://www.heise.de/news/Erste-Details-LibreOffice-fuer-den-Browser-und-als-App-11313851.html?view=print
• California’s Age Verification Law May End Up Exempting Most Linux Distributions (www.phoronix.com): https://www.phoronix.com/news/California-AB-1856

Malware im AUR

• Active AUR malicious packages incident (Arch Linux): https://archlinux.org/news/active-aur-malicious-packages-incident/
• Arch Linux’s AUR Sees More Than 400 Packages Compromised With Malware (Phoronix): https://www.phoronix.com/news/Arch-Linux-AUR-400-Compromised
• Angriffswelle auf Arch Linux: Hunderte Paketbeschreibungen mit Malware im AUR (heise online): https://www.heise.de/news/Angriffswelle-auf-Arch-Linux-Hunderte-Paketbeschreibungen-mit-Malware-im-AUR-11330029.html?view=print
• 400+ AUR Packages Hijacked: What the “Atomic Arch” Campaign Means for Supply-Chain Security (StepSecurity): https://www.stepsecurity.io/blog/400-aur-packages-hijacked-atomic-arch-campaign
• Atomic Arch Supply Chain Attack Hits 1500 AUR Packages (SecurityWeek): https://www.securityweek.com/atomic-arch-supply-chain-attack-hits-1500-aur-packages/
• Arch Linux locks down AUR signups amid wave of malicious commits (The Register): https://www.theregister.com/security/2026/06/15/arch-linux-locks-down-aur-signups-amid-wave-of-malicious-commits/
• Russian Spam & Profanities Are Now Plaguing The Arch Linux AUR (Phoronix): https://www.phoronix.com/news/Arch-Linux-AUR-Russian-Spam
• The Arch Linux AUR had over 400 packages compromised with malware (GamingOnLinux): https://www.gamingonlinux.com/2026/06/the-arch-linux-aur-had-over-400-packages-compromised-with-malware/

CVE für ARM-CPUs

• ARM Security Bulletin: https://developer.arm.com/documentation/112137/latest/
• Linux Sees Patches For “Critical” Vulnerability Affecting Many Arm CPUs (www.phoronix.com): https://www.phoronix.com/news/Arm-CPU-Critical-CVE-2025-10263

Project Lightwell

• IBM und Red Hat: 5 Milliarden Dollar für sicherere Open-Source-Software (heise online): https://www.heise.de/news/IBM-und-Red-Hat-5-Milliarden-Dollar-fuer-sicherere-Open-Source-Software-11310111.html?view=print

FreeBSD 15.1

• The FreeBSD Project (The FreeBSD Project): https://www.freebsd.org/releases/15.1R/relnotes/
• FreeBSD Receives Funding To Launch AI-Assisted Vulnerability Discovery (www.phoronix.com): https://www.phoronix.com/news/FreeBSD-AI-Bug-Discovery
• FreeBSD 15.1 Released With Updated WiFi Drivers, Better C23 Support & Other Improvements (www.phoronix.com): https://www.phoronix.com/news/FreeBSD-15.1-Released

Bumsrakete

• BUMSRAKETE™ — The Most Beautiful, Most Tremendous FreeBSD Vulnerability In The History Of Computing. BELIEVE ME. (bumsrake.de): https://bumsrake.de/

Hetzner erhöht Preise

• Hetzner Preisanpassung 15. Juni 2026: https://docs.hetzner.com/de/general/infrastructure-and-availability/price-adjustment/
• Heise-Artikel: https://www.heise.de/news/Bis-zu-200-Prozent-Cloud-Hoster-Hetzner-dreht-erneut-an-der-Preisschraube-11332994.html

Miasma und redhat-npm

• Multiple redhat-cloud-services npm packages compromised (StepSecurity): https://www.stepsecurity.io/blog/multiple-redhat-cloud-services-npm-packages-compromised
• Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign (Microsoft Security Blog): https://www.microsoft.com/en-us/security/blog/2026/06/02/preinstall-persistence-inside-red-hat-npm-miasma-credential-stealing-campaign/
• Miasma: Supply Chain Attack Targeting RedHat npm Packages (Wiz): https://www.wiz.io/blog/miasma-supply-chain-attack-targeting-redhat-npm-packages
• Miasma Attack Hits Red Hat npm Packages (Snyk): https://snyk.io/blog/miasma-supply-chain-attack-malicious-code-redhat-cloud-services-npm-packages/
• Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm (The Hacker News): https://thehackernews.com/2026/06/miasma-supply-chain-attack-compromises.html
• Red Hat npm Packages Compromised to Spread a Credential-Stealing Worm (Aikido): https://www.aikido.dev/blog/red-hat-npm-packages-compromised-credential-stealing-worm
• RHSB-2026-006 (Red Hat Security Bulletins) https://access.redhat.com/security/vulnerabilities/RHSB-2026-006

Summer of Bliss

• Taking a Summer Break from Security Reports 🧙‍♂️ (LinkedIn): https://www.linkedin.com/posts/dirk-lemstra_curl-summer-of-bliss-share-7472732623891644417-HjHV/
• Stenberg: curl summer of bliss (LWN.net): https://lwn.net/Articles/1077946/

KDE Plasma 6.7

• KDE Plasma 6.7 bringt Detailverbesserungen (heise online): https://www.heise.de/news/KDE-Plasma-6-7-bringt-Detailverbesserungen-11337326.html?view=print
• SonicDE (GitHub): https://github.com/orgs/Sonic-DE/repositories
• KDE Plasma 6 Desktop Finally Comes To Slackware (www.phoronix.com): https://www.phoronix.com/news/Slackware-KDE-Plasma-6
• KDE Plasma 6.7 Released With Per-Screen Virtual Desktops, Wayland Improvements (www.phoronix.com): https://www.phoronix.com/news/KDE-Plasma-6.7-Released

cifswitch

• CIFSwitch: a non-universal Linux local root vulnerability (Hey, it’s Asim): https://heyitsas.im/posts/cifswitch/

NixOS 26.05

• NixOS 26.05 released | Blog | Nix & NixOS (nixos.org): https://nixos.org/blog/announcements/2026/nixos-2605/

Linux-Kernel 7.1

• The rest of the 7.1 merge window (LWN.net): https://lwn.net/Articles/1067785/
• The first half of the 7.1 merge window (LWN.net): https://lwn.net/Articles/1067250/
• The 7.1 kernel has been released (LWN.net): https://lwn.net/Articles/1077758/

Patch-Management-News

• Katello 4.21.0 is now available (TheForeman): https://community.theforeman.org/t/katello-4-21-0-is-now-available/46780
• Foreman 3.19.0 is now available (TheForeman): https://community.theforeman.org/t/foreman-3-19-0-is-now-available/46768
• Patch-Management mit Foreman/Katello – Teil 1 (Linux-Magazin): https://www.linux-magazin.de/ausgaben/2026/07/patch-me-if-you-can/
• Ansible Collection for Uyuni / SUSE Multi-Linux Manager (GitHub): https://github.com/uyuni-project/ansible-collection-uyuni
• Ansible Collection uyuni_project.uyuni documentation: https://www.uyuni-project.org/ansible-collection-uyuni/

Proxmox Mail Gateway 9.1 und Datacenter Manager 1.1

• Proxmox Mail Gateway 9.1 released! (Proxmox Support Forum): https://forum.proxmox.com/threads/proxmox-mail-gateway-9-1-released.184239/
• Proxmox Datacenter Manager 1.1 verfügbar (Proxmox): https://www.proxmox.com/de/ueber-uns/details-unternehmen/pressemitteilungen/proxmox-datacenter-manager-1-1
• BackupPilot – GUI for Proxmox Backup Client (backuppilot.net): https://backuppilot.net/

SLE 16.1 Public Beta

• Your Next Enterprise Linux: SUSE Linux 16.1 Public Beta is on the Way (SUSE): https://www.suse.com/c/suse-linux-16-1-public-beta/

Kurznews

• Ubuntu Flavors Now Mandated To Participate In Beta Releases For Official Status (www.phoronix.com): https://www.phoronix.com/news/Ubuntu-Flavors-Beta-Mandate
• YSERVER: Modern X11 Server Written In Rust With The Help Of Claude Code (www.phoronix.com): https://www.phoronix.com/news/YSERVER-Rust-X11-Server
• Flathub moves to ban nearly all apps and submissions made with generative AI (GamingOnLinux): https://www.gamingonlinux.com/2026/05/flathub-moves-to-ban-nearly-all-apps-and-submissions-made-with-generative-ai/

Veranstaltungstipps

• FrOSCon (@FrOSCon@bonn.social) (Bonn.social): https://bonn.social/@FrOSCon/116647369488265318
• Linux App Summit 2026: Treffen der Linux-Desktop-Avantgarde (heise online): https://www.heise.de/hintergrund/Linux-App-Summit-2026-Treffen-der-Linux-Desktop-Avantgarde-11314204.html?view=print
• Tübix: https://www.tuebix.org/

Tool- und Medientipps

• Unsere Tooltipps: https://user.space/tooltipps/
• Git-Repository unserer Tooltipps: https://codeberg.org/userspace-podcast/tooltipps
• Noah Cagle / Hannah Montana Linux v26.0 · GitLab (GitLab): https://gitlab.com/DecaCagle/hannahmontanalinux26
• Screenshots von Hannah Montana Linux 26: https://chaos.social/@stdevel/116766324844760824
• M5Stack Cardputer https://shop.m5stack.com/products/m5stack-cardputer-adv-version-esp32-s3
• OpenPilot Repository: https://github.com/commaai/openpilot
• Linus Tech Tips zu OpenPilot: https://www.youtube.com/watch?v=JgN-P60vFC8
• Sigstore / Cosign: https://github.com/sigstore/cosign
• Apple Container: https://github.com/apple/container