8legs: Ubuntu

Your Followed Topics

#1 out of 2

Canonical plans to add AI features to Ubuntu with an opt‑in preview in 26.10 and a future setup wizard to enable or disable them.
Users will be able to remove AI features by removing the Snaps that deliver them, addressing concerns about persistent AI components.
Canonical’s VP of engineering said there is no plan for a global AI kill switch, but users can disable unwanted features.
AI features in Ubuntu will include accessibility tools like speech-to-text and text-to-speech.
Zorin OS CEO Artyom Zorin described Ubuntu’s AI as AI agnostic and emphasized privacy and security in adoption decisions.
Ubuntu AI features will be delivered on top of the existing stack as Snaps, allowing easy removal.
Canonical says engineers will be encouraged to use AI more, with broader rollout planned over the next year.
Some users may switch to other Ubuntu-based distributions if AI features do not meet standards.
The Verge reports that Ubuntu’s AI features will be delivered in Snaps and must be removable to satisfy privacy concerns.

Vote 0

#2 out of 2

A high-severity Linux local privilege escalation flaw, tracked as CVE-2026-31431 and nicknamed Copy Fail, enables unprivileged users to gain root access by abusing the kernel’s cryptographic subsystem.
The attack leverages four controlled bytes written into a file's page cache to escalate privileges, a key detail echoed by researchers.
The vulnerability stems from a logic flaw in the Linux kernel’s cryptographic subsystem, specifically within the algif_aead module, introduced in 2017.
Exploitation can be portable across distributions, with a minimal Python script demonstrating how to write the exploit to the target's /usr/bin/su and gain root.
Chaining the local flaw with other vectors (web RCE, malicious CI runner, or SSH compromise) could expand risk to external attackers.
The bug can affect multi-tenant systems, shared-kernel containers, and CI runners that execute untrusted code due to shared page cache behavior.
AI-powered flaw-finders aided the surge in bug reports, highlighting how automated scanning tools contributed to disclosure.
Red Hat and other major distributions issued patches promptly after the vulnerability disclosure, aligning patching guidance across major distros.
The vulnerability raises concerns for Kubernetes environments where page cache sharing could enable container escapes on nodes.
The CVE carries a high severity rating of 7.8/10, underscoring the critical risk to Linux desktops, servers, and cloud deployments.

Vote 1

Unlimited Access

Personalized Feed

Full Experience

By continuing, you agree to the Privacy Policy.. You also agree to receive our newsletters, you can opt-out any time.

Create an account and enjoy content that interests you with your personalized feed

Unlimited Access

Personalized Feed

Full Experience

By continuing, you agree to the Privacy Policy.. You also agree to receive our newsletters, you can opt-out any time.