Heya folks! It's sync day, and that means it's time for the weekly Solus roundup!
Our kernel packages have been updated. The LTS package is now at 6.18.28, and the mainline package is at 7.0.5. These versions contain a partial fix for the recently-revealed DirtyFrag (CVE-2026-43284) vulnerability.
Clear Boot Manager (clr-boot-manager) has been updated to 3.7.0. This release buys users with 512 MiB EFI partitions some time by doing the cleanup before installing the new kernel. This is safe because the currently running kernel (i.e., last known working) is never removed.
We've modified the usysconf trigger to update the manpage database. It now calls out to systemd to run the task, meaning we no longer have to wait for the generation to complete. This results in massively reduced update and install times. Note that if the trigger tries to run multiple times in quick succession, the it may fail because it is already running. This is fine, and not really something we can do a whole lot about.
The default update flow now goes from 1) install new kernel, 2) install current kernel, 3) remove oldest kernel (three kernels installed at most) to 1) install current kernel, 2) remove oldest kernel, 3) install new kernel (two kernels installed at most).
We have a couple of new packages this week. LibrePods is a Qt-based desktop application for pairing and managing Apple AirPods on Linux systems, including battery and device controls outside of Apple's ecosystem. VHS is a tool that generates GIFs and videos of terminal GIFs from code. To generate a GIF with VHS, you write a simple .tape file, which instructs VHS how to interact with the terminal, and pass it into the vhs binary.
Security updates
There are a bunch of security updates this week. As always, make sure to install updates so you have the latest vulnerability fixes!
- firefox was updated to 150.0.2-399 (@HarveyDevel). Includes security fixes for CVE-2026-8092, CVE-2026-8090, CVE-2026-8093.
- httpd was updated to 2.4.67-37 (@Jaredy899). Includes security fixes for CVE-2026-28780, CVE-2026-33006, CVE-2026-33007, CVE-2026-33523, CVE-2026-34059, CVE-2026-23918, CVE-2026-33857, CVE-2026-34032, CVE-2026-29168, CVE-2026-29169, CVE-2026-24072.
- libssh was updated to 0.12.0-20 (@Jaredy899). Includes security fixes for CVE-2026-0965, CVE-2026-0966, CVE-2026-0967, CVE-2026-0968, CVE-2025-14821, CVE-2026-0964.
- libtpms was updated to 0.10.2-6 (@Jaredy899). Includes security fixes for CVE-2026-21444, CVE-2025-49133.
- snapd was updated to 2.75.2-95 (@silkeh). Includes security fixes for CVE-2026-3888.
- streamlink was updated to 8.4.0-72 (@joebonrichie). Includes security fixes for CVE-2026-44353.
- thunderbird was updated to 150.0.2-257 (@HarveyDevel). Includes security fixes for CVE-2026-8092, CVE-2026-8090, CVE-2026-8093.
- wireshark was updated to 4.6.5-103 (@silkeh). Includes security fixes for CVE-2026-3201, CVE-2026-5655, CVE-2026-6531, CVE-2026-5405, CVE-2026-5404, CVE-2026-6530, CVE-2026-5657, CVE-2026-5653, CVE-2026-6521, CVE-2026-5407, CVE-2026-5654, CVE-2026-5402, CVE-2026-6536, CVE-2026-6869, CVE-2026-6522, CVE-2026-6529, CVE-2026-5406, CVE-2026-5656, CVE-2026-5401, CVE-2026-6523, CVE-2026-3202, CVE-2026-6870, CVE-2026-6519, CVE-2026-6527, CVE-2026-6538, CVE-2026-6533, CVE-2026-6534, CVE-2026-6520, CVE-2026-6528, CVE-2026-6526, CVE-2026-5408, CVE-2026-3203, CVE-2026-5299, CVE-2026-5409, CVE-2026-6535, CVE-2026-6868, CVE-2026-6525, CVE-2026-6524, CVE-2026-6537, CVE-2026-6532, CVE-2026-5403.
General updates
The full list of updated packages can be found here.
For the list of currently known issues, see the dedicated thread for it. If you begin experiencing a bug, please look for an issue on our issue tracker, and open a new one if one does not exist.
That’s all for this week, folks! We'll be here same time, same place next week for another roundup of the news!
