Kernel Update to new versions : 6.8.0-117.117 & 6.17.0-29.29

[Condobloke]

6.8.0-111.111 released , May15 2026. The presence of numerous CVE-2026 etc attracted my attention.

6.17.0-23.23 Updated a day later, 16th May 2026 ....numerous CVE updates included


Read and decipher the 1000 + lines at your leisure.

Kernel Update


Linux-6.8.0-117.117
Linux Kernel Headers for development

This update affects the following installed packages:
• linux-libc-dev
• linux-tools-common
Total size: 1.8 MB

linux (6.8.0-117.117) noble; urgency=medium

* noble/linux: 6.8.0-117.117 -proposed tracker (LP: #2151070)

* CVE-2026-31419
- net: bonding: fix use-after-free in bond_xmit_broadcast()

* CVE-2026-31431
- crypto: scatterwalk - Backport memcpy_sglist()
- crypto: algif_aead - use memcpy_sglist() instead of null skcipher
- crypto: algif_aead - Revert to operating out-of-place
- crypto: algif_aead - snapshot IV for async AEAD requests
- crypto: authenc - use memcpy_sglist() instead of null skcipher
- crypto: authencesn - Do not place hiseq at end of dst for out-of-place
decryption
- crypto: authencesn - Fix src offset when decrypting in-place
- crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl
- crypto: algif_aead - Fix minimum RX size check for decryption

* CVE-2026-31533
- net/tls: fix use-after-free in -EBUSY error path of tls_do_encryption

* CVE-2026-31504
- net: fix fanout UAF in packet_release() via NETDEV_UP race

etc

etc etc

 

[bob466]

Just installed it.

 

[Smilax]

Just installed it. View attachment 31857

Running a snapshot, about to install.

 

[Smilax]

Running a snapshot, about to install.

I'm back, seems okay. I got an Origin nightly build update in the package as well.

 

[KGIII]

The presence of numerous CVE-2026 etc attracted my attention.

It's just the system working as intended, which is a good thing.

I took a look, and it's a bunch of CVE fixes. A quick look online says that this isn't the most fixed in one update.

BUT...

The Linux kernel changed what they're doing in the background. I'll let AI sum up this section to save me the time of trying to awkwardly explain it in my own words.

The CNA Shift: In February 2024, the Linux Kernel team became its own CVE Numbering Authority (CNA). Since then, they assign CVE identifiers to almost all functional bug fixes—including minor kernel crashes or memory leaks—that are later backported to older LTS versions.

 

[Condobloke]

This morning there is another Kernel update .... from 6.17.0-23.23 to 6.17.0-29.29 (both 24.04.1)

Again, the presence of CVE's is at the top of the page, so the system is working as intended.

Firefox also got another update, second one within a week. I note that Librewolf browser also updated, as did Thunderbird email....both within a day or two of each other.

The Linux system is at work looking after its flock.

 

[Mike-BTU]

The Linux system is at work looking after its flock.

Yup! Gives you a warm fuzzy feeling, doesn't it?

 

[Mike-BTU]

That begs the question, Which Linux folks do we send a few bucks to for keeping us safe?

 

[Condobloke]

I have zero idea. @KGIII may know.

 

[Mike-BTU]

Last time I was going to contribute to Debian, they only accepted PayPal. Trouble is, the email that was associated with our [former] PayPal account is no good. Bare metal server crash. Thanks, IBM, for the lack of support when we asked for it.

 

[KGIII]

That begs the question, Which Linux folks do we send a few bucks to for keeping us safe?

Your favorite small project.

The Linux Foundation itself has plenty of money. Many of the more popular projects are 'well' funded, complete with corporate sponsors.

 

[Mike-BTU]

"Small project"?

What about kernel.org?

Debian?

 

[KGIII]

What about kernel.org?

They have plenty of corporate backing.

Debian?

They are a part of SPI, and probably aren't lacking for money.

But it's a very personal thing to decide who you'd like to help support.

 

[Mike-BTU]

They are a part of SPI, and probably aren't lacking for money.

But it's a very personal thing to decide who you'd like to help support.

No idea, David. Thanks.