2026-07-04
Mutt 2.4.1 is the latest stable release for the 30-year-old terminal-based email client, and it's focused on stability fixes rather than new features. Upstream maintainer Kevin J. McCarthy addressed OpenSSL 4 compilation failures, restored Alt keybindings in the foot terminal, patched an empty command line argument crash, and closed a theoretical IMAP buffer overflow. This patch release follows the 2.4.0 feature drop, which introduced explicit thread controls, a configurable draft directory, and RFC-compliant S/MIME type updates.
Fresh evaluations cover the Edifier R2750DB MKII powered speakers and the Snapdragon-equipped HP OmniBook Ultra 14 laptop, both prioritizing wireless connectivity and premium construction. Intel quietly raised recommended pricing on three Arrow Lake Refresh processors by up to 17 percent, a shift caused by datacenter silicon demand and production constraints. Peripheral reviews feature the KTC H49S66 49-inch 5K2K gaming display, the 54-gram Pwnage Ultra Custom Pro Symm 3 mouse, and the Epomaker Glyph keyboard with retro styling and dual screens. Tom's Hardware also examines the Turtle Beach KP7, a versatile desktop controller that still requires manual firmware tweaks every time the system boots.
Audio: Edifier R2750DB MKII Powered Bookshelf Speakers Review
Computers: HP OmniBook Ultra 14 review: Potent Snapdragon performance, great endurance, premium pricing
CPUs: Intel Quietly Hikes Prices on Arrow Lake Refresh CPUs by Up to 17%
Displays: KTC H49S66 5K2K (5120x1440) 49-inch 180Hz Gaming Monitor Review
Input: Pwnage Ultra Custom Pro Symm 3 Review, Epomaker Glyph Review: Typewriter Vibes With Dual Display, Turtle Beach KP7 Review: The accessory that does everything
Canonical's Snap Store will undergo scheduled database maintenance from 22:00 UTC on Saturday, July 5, to 02:00 UTC on Sunday, July 6, 2026. During this four-hour window, users cannot install new snaps or update existing ones as api.snapcraft.io will reject all requests. Applications already installed on your system will continue to function normally, though any pending updates will stall until the service resumes. No user action is required; services will automatically resume after the maintenance closes, so you should complete any critical updates before the 22:00 UTC start.
GNOME 51.alpha, codenamed "A Coruña," has launched as the first unstable build in the development cycle leading to a stable desktop release on September 16, 2026. Building on the fully Wayland-only architecture of GNOME 50 Tokyo, this alpha focuses on refining fractional scaling, improving NVIDIA driver compatibility, and transitioning build dependencies from Autotools to Meson. The update ships 73 refreshed core modules, including performance and accessibility improvements in nautilus, a GListModel overhaul in gnome-calendar, and security hardening across evolution-data-server and glib-networking. While the stable version will roll out to distributions like Fedora and Ubuntu later in the year, developers can currently test the build via the official GNOME OS install image or unstable Flatpak runtimes.
Ubuntu released USN-8467-2 to patch two security flaws in Perl 5.40 for Ubuntu 25.10, addressing an Archive::Tar symlink handling bug and a 32-bit regex compilation memory overflow. USN-8496-2 rolls back a previous cifs-utils security patch across Ubuntu 22.04 LTS, 24.04 LTS, 25.10, and 26.04 LTS after the original fix broke Kerberos-based network mounts. The initial update corrected a privilege escalation flaw that allowed local attackers to run code as root by mishandling user lookups before dropping administrative access.
[USN-8467-2] Perl vulnerabilities
[USN-8496-2] cifs-utils regression
SUSE distributed a batch of security updates targeting multiple packages across openSUSE and SUSE Linux Enterprise, ranging from moderate to important severity ratings. The important updates address vulnerabilities in widely used software including Apache2, Docker-stable, Pacemaker, Google OS Config Agent, the Jackson Java libraries, and the GStreamer plugins-bad component. Moderate security advisories cover dhcpcd, libslirp, FFmpeg 7, GraphicsMagick, jline3, lcms2, Python lxml, editorconfig-core-c, Buildah, and various kernel and tooling patches on GA media.
openSUSE-SU-2026:21220-1: moderate: Security update for dhcpcd
openSUSE-SU-2026:21216-1: moderate: Security update for libslirp
openSUSE-SU-2026:21211-1: moderate: Security update for ffmpeg-7
openSUSE-SU-2026:21207-1: moderate: Security update for GraphicsMagick
openSUSE-SU-2026:21210-1: important: Security update for google-osconfig-agent
openSUSE-SU-2026:21201-1: important: Security update for jackson-annotations, jackson-core, jackson-databind
openSUSE-SU-2026:21221-1: moderate: Security update for jline3
openSUSE-SU-2026:21204-1: important: Security update for gstreamer-plugins-bad
openSUSE-SU-2026:21196-1: important: Security update for pacemaker
openSUSE-SU-2026:21192-1: important: Security update for dnsmasq
openSUSE-SU-2026:21205-1: important: Security update for docker-stable
openSUSE-SU-2026:21218-1: important: Security update for perl-List-SomeUtils-XS
openSUSE-SU-2026:21202-1: moderate: Security update for lcms2
SUSE-SU-2026:2729-1: moderate: Security update for python-lxml
SUSE-SU-2026:2731-1: moderate: Security update for editorconfig-core-c
SUSE-SU-2026:2733-1: important: Security update for buildah
openSUSE-SU-2026:0228-1: moderate: Security update for nilfs-utils
SUSE-SU-2026:2735-1: important: Security update for apache2
openSUSE-SU-2026:11180-1: moderate: python311-mistune-3.3.2-1.1 on GA media
openSUSE-SU-2026:11176-1: moderate: kitty-0.47.4-2.1 on GA media
openSUSE-SU-2026:11179-1: moderate: perl-List-SomeUtils-XS-0.590.0-1.1 on GA media
openSUSE-SU-2026:11175-1: moderate: kernel-devel-7.1.2-1.1 on GA media
openSUSE-SU-2026:11178-1: moderate: openQA-5.1782995932.ffeb09be-1.1 on GA media
openSUSE-SU-2026:11177-1: moderate: krb5-1.22.2-4.1 on GA media
SUSE-SU-2026:2743-1: important: Security update for gstreamer-plugins-bad
SUSE-SU-2026:2744-1: important: Security update for gstreamer-plugins-bad
SUSE-SU-2026:2745-1: moderate: Security update for firewalld-legacy
SUSE-SU-2026:2742-1: important: Security update for pacemaker
SUSE-SU-2026:2751-1: moderate: Security update for tracker-miners
SUSE-SU-2026:2749-1: important: Security update for perl-DBI
Red Hat has made Streams for Apache Kafka 2.9.4 available for download from the Red Hat Customer Portal. This release is tracked under RHSA-2026:34608 and requires attention due to its important classification. Red Hat Product Security classified the security impact of this update as moderate based on current assessments.
RHSA-2026:34608: Important: Streams for Apache Kafka 2.9.4 release and security update
Debian LTS issued advisories on July 3 and 4, 2026, delivering emergency security patches for the Linux kernel, Nginx, and OpenVPN across multiple Debian releases. Version 5.10.259-1 now ships for Debian 11 bullseye, while version 6.1.176-1 replaces the previous build for Debian 12 bookworm, both neutralizing more than 200 kernel flaws that previously allowed privilege escalation, service disruptions, and data exposure. System administrators running Debian 12 should upgrade Nginx to 1.22.1-9+deb12u9 to close two remote code execution and memory disclosure flaws tied to HTTP/2 proxying and character set handling. OpenVPN received parallel fixes for Debian 12 bookworm and the current stable trixie distribution, patching six vulnerabilities that exposed virtual private network services to denial of service attacks.
[DLA 4664-1] linux security update
[DLA 4665-1] linux security update
[DLA 4667-1] nginx security update
[DLA 4666-1] openvpn security update
[DSA 6376-1] openvpn security update
AlmaLinux released three important security advisories for its version 8 operating system on July 3, 2026. The Ruby 2.5 and 3.3 updates patch three distinct vulnerabilities in the Net::IMAP library, specifically blocking IMAP command injection, preventing data leaks during man-in-the-middle attacks, and stopping denial of service exploits. Administrators running container tools will need to install a separate patch that fixes five issues in Go libraries related to certificate validation, TLS handling, and URL parsing, alongside resolving SELinux permission errors and leftover podman files.
ALSA-2026:33514: ruby:2.5 security update (Important)
ALSA-2026:33515: ruby:3.3 security update (Important)
ALSA-2026:33722: container-tools:rhel8 security, bug fix, and enhancement update (Important)
2026-07-03
Ondřej Surý has released fresh PHP packages spanning from 5.6 up to 8.5, with the newest builds landing at 8.4.22 and 8.5.8 for Debian 11, 12, 13 and Ubuntu 24.04 and 26.04 LTS. The debsury.org repository continues to support coinstalling multiple PHP versions simultaneously, allowing administrators to run specific builds alongside legacy branches without library conflicts.
Ungoogled Chromium 150.0.7871.46 is now available, maintaining the fork's aggressive approach to removing Google infrastructure from the browser. The new build employs domain substitution and code patching to sever roughly 50 background connections to Google services, including Safe Browsing and spell-check downloads. Users can update through platform-specific channels like the Arch AUR or Flathub. While the release preserves the privacy-focused experience, it continues to disable features dependent on Google, such as extension auto-updates and microphone speech recognition.
Valve's Steam Machine just earned a grim new nickname after a Reddit user reported their brand-new console bricked itself twenty minutes into a firmware update. According to Valve's official fault-code documentation, the solid red line flashing on the right half of the front LED bar confirms a soldered GPU failure, leaving the unit irreparable for end users.
Bazaar 0.9.0 has officially arrived, bringing a rewritten background caching system and expanded markdown rendering for app descriptions on the Flatpak-first app store. The release features a completely redesigned curated tab that breaks backward compatibility with all previous configuration files, requiring distributors and power users to update their YAML setups. Performance tweaks from the development team reduce UI hiccups during search and background image loading, a change that reinforces its adoption as the default store for projects like Bluefin and Bazzite. The update also bumps Flatpak to 1.18.0, adds a community-designed hedgehog mascot, and includes extensive accessibility and localization patches now available on Flathub.
Apple’s MacBook Neo sets a new standard for budget laptops by combining premium materials with solid daily performance and dependable battery life. Cooling options remain split, as the TRYX TURRIS 620 draws attention for its design while the Montech NX600 struggles to stand out despite its aggressive fans. Industry analysts project DRAM and NAND costs will climb 40 to 50 percent quarterly starting in Q3 2026, with supply constraints from AI data centers and slower Chinese production holding firm until 2028. Enthusiast builders should note that the ASUS ROG Strix X870E-E Gaming Wi-Fi7 Neo delivers flagship features and reliable thermals at a premium price, while the HighPoint Rocket 1604L provides Gen5 speeds near 59 GB/s for approximately $400.
Computers: Apple MacBook Neo Long-Term Review: 27 Days On The Road
Cooling: TRYX TURRIS 620 Review, Montech NX600 Review: A budget dual tower with jet-engine fans
Memory: Memory Prices Surge 50% in Q3 2026: AI Demand Locks Up Supply Until 2028
Motherboards: ASUS ROG Strix X870E-E Gaming Wi-Fi7 Neo Review
Storage: HighPoint Rocket 1604L Gen5 x16 NVMe SoftRAID AIC Review: half the price with full 59 GB/s speed
FEX, the open-source x86-to-ARM64 binary recompiler, has shipped its July release, FEX-2607, delivering significant performance gains and memory efficiency improvements. The update focuses heavily on x87 floating-point optimization, achieving up to a 3.7x speedup for trigonometric operations and slashing memory usage, such as reducing ENDER LILIES from 409MB to 6MB. Hardware support advances with active bring-up for the Qualcomm Snapdragon X2 Elite processor and expanded handling of SVE256 vector extensions for broader ARM compatibility. Originally developed as a Valve prototype for the Steam Deck, the MIT-licensed project remains actively maintained for Arch, Fedora, and Ubuntu users seeking native x86 performance on ARM64 Linux.
OBS Studio 32.2.0 Beta 3 has landed, bringing a focused set of UI tweaks and critical bug fixes to the v32 testing track. The release finally untangles the mute and monitor controls in the new Audio Mixer, resolves long name wrapping issues, and gets NVIDIA audio effects responding correctly after failing in the previous betas. Linux users benefit from the underlying Qt-based UI improvements alongside VAAPI and PipeWire capture support, keeping OBS firmly in the running as a polished, first-class streaming tool across all platforms. While stable v32.1.2 remains the safe choice for daily streaming, testers should run this build in a secondary environment and report findings to the official forums before the full v32.2 rollout lands later this year.
Amethyst Mod Manager just shipped version 1.3.13, marking the final release before its nearly complete UI overhaul. The update improves how runtime-generated configs are routed to profiles, adds quick move logs for the overwrite separator, and finally updates the dtkit patcher wizard. Built from the ground up for Linux with Steam Deck and Proton support baked in, it currently stands as the only tool offering full Nexus Mods API integration natively on the platform.
Zen Browser 1.21.5b has launched, patching high-severity memory safety vulnerabilities inherited from Firefox 152.0.4. The update also resolves lingering UI quirks, including broken context menus on overflowing add-ons and unresponsive copy, paste, and undo shortcuts. Marking its 176th release since debuting in July 2024, the open-source project continues to push rapid iterations of its Arc-inspired, Gecko-based interface. Users looking for a non-Chromium alternative should update immediately to close the security gap.
Liquorix Linux Kernel 7.0-18 has been released, featuring a targeted fix for a use-after-free bug in the Project-C scheduler's active balance task. Built on top of Linux 7.0.14, the update continues to prioritize low-latency performance for gaming and A/V workloads. Debian and Ubuntu users can install the latest build via the official install script or PPA, while Arch Linux users can grab the linux-lqx package from the AUR. Maintainer Steven Barrett continues to deliver regular patches to keep the custom scheduler stable for high-interactivity desktop environments.
Security patches for PHP 8.2.32, 8.3.32, 8.4.23, and 8.5.8 are now live in Remi Collet's RPM repository for Fedora and Enterprise Linux. Each release addresses three shared vulnerabilities, including CVE-2026-12184 and CVE-2026-14355, across both x86_64 and aarch64 architectures. Remi also packaged PHP 8.6.0-alpha1 as a parallel Software Collection for developers wanting to test the next generation before its official rollout. Built on Collet's custom hardware and delivered ahead of upstream scheduling windows, the update continues a twenty-year tradition of prioritizing latest upstream versions over stable backports.
Ubuntu published a batch of security notices, delivering vulnerability fixes for nghttp2, LibVNCServer, cifs-utils, Vim, nginx, and multiple Linux kernel builds. These patches close flaws that could enable HTTP request smuggling, trigger denial of service attacks, escalate local privileges, or bypass file system permissions. The updates cover Ubuntu distributions from 14.04 LTS through 26.04 LTS, including specialized kernels for Raspberry Pi, Xilinx, NVIDIA Tegra, low latency workloads, and major cloud infrastructure platforms.
[USN-8495-1] nghttp2 vulnerability
[USN-8494-1] LibVNCServer vulnerability
[USN-8488-2] Linux kernel (Raspberry Pi) vulnerabilities
[USN-8501-1] Linux kernel vulnerabilities
[USN-8493-2] Linux kernel (Oracle) vulnerabilities
[USN-8499-1] Linux kernel (Xilinx) vulnerabilities
[USN-8498-1] Linux kernel (NVIDIA Tegra) vulnerabilities
[USN-8497-1] Linux kernel (Low Latency) vulnerabilities
[USN-8492-2] Linux kernel vulnerabilities
[USN-8496-1] cifs-utils vulnerability
[USN-8500-1] Vim vulnerabilities
[USN-8398-4] nginx vulnerability
Red Hat released RHSA-2026:29863, a security and bug fix update for OpenShift Container Platform 4.19.36 that addresses multiple vulnerabilities and includes package and image improvements. The erratum for RHEL 10 also fixes bugs and adds changes to the standard kernel configuration via RHSA-2026:34911. RHSA-2026:34927 provides a separate kernel security update targeting NVIDIA drivers within Red Hat Enterprise Linux 10 environments.
RHSA-2026:29863: Important: OpenShift Container Platform 4.19.36 bug fix and security update
RHSA-2026:34911: Important: kernel security, bug fix, and enhancement update
RHSA-2026:34927: Important: kernel security update
Oracle has published a new batch of security and maintenance advisories for Oracle Linux 7, 8, and 9, targeting widely deployed system libraries and server applications. The errata resolve numerous CVEs in packages including the Linux kernel, glibc, PostgreSQL, Thunderbird, and MariaDB, with code changes fixing buffer overflows, use-after-free conditions, and memory corruption bugs. Beyond security hardening, the updates deliver routine infrastructure improvements such as refreshed kernel signing certificates, corrected dracut initramfs boot routines, and expanded CPU feature enumeration in libvirt. Administrators should deploy these packages through the Unbreakable Linux Network to close known attack surfaces and keep their Oracle Linux environments stable.
ELSA-2026-20546 Moderate: Oracle Linux 7 freerdp security update
ELSA-2026-19566 Moderate: Oracle Linux 7 glib2 security update
ELSA-2026-33503 Important: Oracle Linux 8 giflib security update
ELSA-2026-33464 Important: Oracle Linux 8 mariadb:10.11 security, bug fix, and enhancement update
ELSA-2026-33445 Important: Oracle Linux 8 thunderbird security update
ELSA-2026-34156 Moderate: Oracle Linux 9 rrdtool security update
ELSA-2026-33501 Important: Oracle Linux 9 giflib security update
ELSA-2026-33226 Moderate: Oracle Linux 9 glibc security, bug fix, and enhancement update
ELSA-2026-28290 Moderate: Oracle Linux 9 libreoffice security update
ELSA-2026-21556 Important: Oracle Linux 9 kernel security update
ELSA-2026-27741 Important: Oracle Linux 9 postgresql security update
ELSA-2026-19568 Important: Oracle Linux 9 kernel security update
ELSA-2026-18958 Moderate: Oracle Linux 9 python3.12 security update
ELSA-2026-18957 Moderate: Oracle Linux 9 python3.11 security update
ELSA-2026-18587 Moderate: Oracle Linux 9 kernel security update
ELSA-2026-18748 Moderate: Oracle Linux 9 libvirt security update
ELBA-2026-33434 Oracle Linux 9 dracut bug fix and enhancement update
Fedora has released security advisories for versions 43 and 44, pushing updates for cpp-httplib, apptainer, mysql8.4, 7zip, and nmap to address critical vulnerabilities. The mysql8.4 upgrade to version 8.4.10 resolves CVE-2026-46863, a denial-of-service flaw in server connection handling, while nmap version 7.92-11 and apptainer version 1.5.2 fix separate denial-of-service risks involving crafted IPv6 responses and excessive DNS SAN processing. Developers can now install cpp-httplib version 0.48.0 to eliminate TLS certificate verification bypasses and memory leaks tied to CVE-2026-46527 and CVE-2026-45372, whereas the 7zip update to version 26.02 closes additional bugs and security gaps.
Fedora 43 Update: cpp-httplib-0.48.0-1.fc43
Fedora 43 Update: apptainer-1.5.2-1.fc43
Fedora 43 Update: mysql8.4-8.4.10-1.fc43
Fedora 44 Update: 7zip-26.02-1.fc44
Fedora 44 Update: nmap-7.92-11.fc44
Fedora 44 Update: apptainer-1.5.2-1.fc44
Fedora 44 Update: cpp-httplib-0.48.0-1.fc44
Fedora 44 Update: mysql8.4-8.4.10-1.fc44
Debian has issued security patches for ImageMagick and FastNetMon to address twelve vulnerabilities each across multiple CVE identifiers. The ImageMagick update for Buster resolves flaws that allow denial of service, sensitive data exposure, or arbitrary code execution when the system processes corrupted image files. Administrators running FastNetMon on Debian Trixie should upgrade to version 1.2.9-0+deb13u1 to fix insecure TLS validation and prevent network traffic parsing errors from crashing the DDoS analyzer.
ELA-1766-1 imagemagick security update (by )
[DSA 6375-1] fastnetmon security update
AlmaLinux issued a batch of security errata in early July 2026 targeting critical infrastructure software across versions 8, 9, and 10 of the operating system. The updates address dozens of CVEs that could enable remote code execution, privilege escalation, denial of service, and memory corruption within packages including the Linux kernel, Apache mod_http2, PostgreSQL, PHP 7.4, MySQL 8.4, Valkey, and GIMP. Nearly every release carries an Important severity rating, with only mod_http2, MySQL, and FreeRDP marked as Moderate, reflecting the broad scope of the vulnerabilities.
ALSA-2026:34355: mod_http2 security, bug fix, and enhancement update (Moderate)
ALSA-2026:33685: kernel security, bug fix, and enhancement update (Important)
ALSA-2026:24370: frr10 security update (Important)
ALSA-2026:24371: frr security update (Important)
ALSA-2026:24368: bind9.18 security update (Important)
ALSA-2026:25925: valkey security update (Important)
ALSA-2026:26297: hplip security update (Important)
ALSA-2026:26203: postgresql:16 security update (Important)
ALSA-2026:27819: evince security update (Important)
ALSA-2026:26455: 389-ds-base security, bug fix, and enhancement update (Important)
ALSA-2026:26610: xorg-x11-server security, bug fix, and enhancement update (Important)
ALSA-2026:26590: xorg-x11-server-Xwayland security, bug fix, and enhancement update (Important)
ALSA-2026:20612: gnutls security update (Important)
ALSA-2026:33481: mariadb:11.8 security, bug fix, and enhancement update (Important)
ALSA-2026:28037: postgresql:15 security update (Important)
ALSA-2026:34354: php:7.4 security update (Important)
ALSA-2026:20568: jmc security update (Important)
ALSA-2026:25052: mysql:8.4 security update (Moderate)
ALSA-2026:26206: fence-agents security update (Important)
ALSA-2026:19362: gimp security update (Important)
ALSA-2026:22304: postgresql-jdbc security update (Important)
ALSA-2026:19358: freerdp security update (Moderate)
[ Archive ]