665: Patch Me If You Can

We dig into the Copy Fail vulnerability and test a proof-of-concept against our own box. Plus, Jon Seager, VP of Engineering at Canonical joins us, and we kick off the BSD Challenge! Sponsored By: Jupiter Party Annual Membership : Put your support on automatic with our annual plan, and get one month of membership for free! Managed Nebula : Meet Managed Nebula from Defined Networking. A decentralized VPN built on the open-source Nebula platform that we love. Support LINUX Unplugged Links: 💥 Gets Sats Quick and Easy with Strike 📻 LINUX Unplugged on Fountain.FM Copy Fail — CVE-2026-31431 — "An unprivileged local user can write four controlled bytes into the page cache of any readable file on a Linux system, and use that to gain root." — Theori Copy Fail: 732 Bytes to Root - Xint — "A single 732-byte Python script can edit a setuid binary and obtain root on essentially all Linux distributions shipped since 2017." — Xint Linux Kernel Bug Explained - Jorijn — "CopyFail is more portable. One script, every distro, no offsets. Dirty Pipe needed kernel ≥ 5.8; Copy Fail covers 2017–2026." — Jorijn"Kubernetes Pod Security Standards (Restricted) and default seccomp do NOT block the syscall used." — Jorijn Ars: Most Severe Linux Threat in Years — "The most severe Linux threat to surface in years catches the world flat-footed." — Ars Technica Sysdig: CVE-2026-31431 Analysis — "The flaw was introduced in 2017 via commit 72548b093ee3, which switched AEAD operations to in-place processing." — Sysdig CERT-EU Advisory Ubuntu Security Tracker The Register: Crypto Flaw Kernel Patch (reverts 2017 optimization) — "This mostly reverts commit 72548b093ee3 except for the copying of the associated data." — Kernel Commit Buggy Commit: 72548b093ee3 (2017) DeepWiki: AF_ALG Internals oss-security Disclosure PSA + GRUB Mitigation - Jan Wildeboer Ubuntu 26.04 LTS (Resolute Raccoon) Released — "Ubuntu 26.04 LTS sets the example for providing best-in-class resilience while simultaneously embracing innovation and the advancement of open source." — Jon Seager, VP Ubuntu Engineering The Future of AI in Ubuntu - Jon Seager — "Throughout 2026 we'll be working on enabling access to frontier AI for Ubuntu users in a way that is deliberate, secure, and aligned with our open source values." — Jon Seager Ubuntu 26.04 Release Notes Ubuntu AI Features Throughout 2026 - Phoronix — "Canonical's approach to AI is refreshingly thoughtful — Microsoft should take note." — ZDNet Canonical DDoS Attack Update — "Canonical's web infrastructure is under a sustained, cross-border attack and we are working to address it." — arcticp, Canonical Ubuntu Weekly Newsletter Canonical AI Approach - ZDNet 9to5Linux: Opt-In LLM Tools uutils/coreutils: Cross-platform Rust rewrite of the GNU coreutils LINUX Unplugged 636: Engineering the Future LiveCD fails to start X session on QEMU · Issue · ghostbsd/issues Monty's “rescue” drive NixOS config Magnolia Mayhem's BSD Challenge Report Pick: NASty — NASty is a NAS operating system built on NixOS and bcachefs. It turns commodity hardware into a storage appliance serving NFS, SMB, iSCSI, and NVMe-oF — managed from a single web UI, updated atomically, and rolled back when things go sideways. Pick: Defuse — Defuse is a GTK4 application for removing image backgrounds locally. Defuse on Flathub

You can listen to 665: Patch Me If You Can online on Radio and Podcast. Open the player on this page to stream the available audio.

665: Patch Me If You Can is an episode from LINUX Unplugged by Jupiter Broadcasting.

This episode is 01:20:41 long.

This episode was published on May 4, 2026.

Yes. Use the heart button on the episode page to add it to your favorite episodes list.

Yes. This page shows related episodes from LINUX Unplugged when more episodes are available from the podcast feed.