Worth waiting for 'buntu 26.04.1?
Hi all. Currently running a Kubuntu 24.04 LTS box as a media/file server. Not much load unless it's transcoding something for Plex. We know that 26.04 LTS is out but I've always tried to follow a rule to never download a *.0 release, especially for anything important. But the current 24.04 kernel is 6.17 which is vulnerable to Copy Fail, 26.04.1 won't be released until August to upgrade the kernel. Is anyone using 26.04 LTS now? Is there any reason to wait till the .1 update? - Evan
On Thu, May 7, 2026 at 10:55 PM Evan Leibovitch via Talk < talk@lists.gtalug.org> wrote:
Hi all.
Currently running a Kubuntu 24.04 LTS box as a media/file server. Not much load unless it's transcoding something for Plex.
We know that 26.04 LTS is out but I've always tried to follow a rule to never download a *.0 release, especially for anything important. But the current 24.04 kernel is 6.17 which is vulnerable to Copy Fail, 26.04.1 won't be released until August to upgrade the kernel.
Do I misunderstand? https://discourse.ubuntu.com/t/fixes-available-for-cve-2026-31431-copy-fail-... -> Did Canonical not update an LTS release? Dhaval
Thanks, Dhaval. That webpage indicates that a current version of the 'kmod' package disables the affected module in vulnerable kernels. This will fix the immediate exposure until the kernel is updated. I appear to be current with 'kmod' so the should not have any issue waiting for 26.04.1 LTS - Evan On Fri, May 8, 2026 at 2:53 AM Dhaval Giani <dhaval.giani@gmail.com> wrote:
On Thu, May 7, 2026 at 10:55 PM Evan Leibovitch via Talk < talk@lists.gtalug.org> wrote:
Hi all.
Currently running a Kubuntu 24.04 LTS box as a media/file server. Not much load unless it's transcoding something for Plex.
We know that 26.04 LTS is out but I've always tried to follow a rule to never download a *.0 release, especially for anything important. But the current 24.04 kernel is 6.17 which is vulnerable to Copy Fail, 26.04.1 won't be released until August to upgrade the kernel.
Do I misunderstand? https://discourse.ubuntu.com/t/fixes-available-for-cve-2026-31431-copy-fail-... -> Did Canonical not update an LTS release?
Dhaval
-- Evan Leibovitch, Toronto Canada @evanleibovitch / @el56
From: Evan Leibovitch via Talk <talk@lists.gtalug.org>
We know that 26.04 LTS is out but I've always tried to follow a rule to never download a *.0 release, especially for anything important. But the current 24.04 kernel is 6.17 which is vulnerable to Copy Fail, 26.04.1 won't be released until August to upgrade the kernel.
My understanding is the a UBUNTU release that will be LTS isn't LTS until .1. Has that changed? ------------------------------------ Description: GTALUG Talk Unsubscribe via Talk-unsubscribe@lists.gtalug.org Start a new thread: talk@lists.gtalug.org This message archived at https://lists.gtalug.org/archives/list/talk@lists.gtalug.org/message/PXG365I...
From KWLUG list: https://www.cve.org/CVERecord?id=CVE-2026-31431 When you scroll down, it says the following kernels are fixed: * 6.12.85+ * 6.18.22+ * 7.0+ -- Kubuntu 26.04 is using kernel 7.0, so you should be okay. On 2026-05-08 01:54, Evan Leibovitch via Talk wrote:
Hi all.
Currently running a Kubuntu 24.04 LTS box as a media/file server. Not much load unless it's transcoding something for Plex.
We know that 26.04 LTS is out but I've always tried to follow a rule to never download a *.0 release, especially for anything important. But the current 24.04 kernel is 6.17 which is vulnerable to Copy Fail, 26.04.1 won't be released until August to upgrade the kernel.
Is anyone using 26.04 LTS now? Is there any reason to wait till the .1 update?
- Evan
------------------------------------ Description: GTALUG Talk Unsubscribe viaTalk-unsubscribe@lists.gtalug.org Start a new thread:talk@lists.gtalug.org This message archived athttps://lists.gtalug.org/archives/list/talk@lists.gtalug.org/message/PXG365I...
On Fri, May 8, 2026 at 2:16 PM William Park via Talk <talk@lists.gtalug.org> wrote:
From KWLUG list:
https://www.cve.org/CVERecord?id=CVE-2026-31431
When you scroll down, it says the following kernels are fixed:
- 6.12.85+ - 6.18.22+ - 7.0+ -- Kubuntu 26.04 is using kernel 7.0, so you should be okay.
That's not how I read the alert. To me it said that: - All versions of 6.12.* after .85 are safe - All versions of 6.18.* after .22 are safe - All versions of 7.* are safe Stock *buntu 24.04.1 LTS uses 6.17, which remains vulnerable. All versions of 26.04 will be safe. My original question was whether I need to upgrade sooner than I want to, in order to get a safe kernel. Dhaval gave the answer I needed, that the 'kmod' package offers a temporary fix which buys time until I want to upgrade. - Evan
participants (4)
-
D. Hugh Redelmeier -
Dhaval Giani -
Evan Leibovitch -
William Park