Not having the module loaded doesn't mean you're not vulnerable, the kernel loads the module on-demand when it's needed. I tried the exploit on such a system, and it worked.
However, not having the module loaded does mean that in normal operation you don't need the module, so the proposed mitigation of disabling the module is safe in the sense that it won't disrupt anything.
I don't know what exactly can load this module but the servers are running for many weeks and I suppose that if something will load this module, it stays loaded until the next reboot.. no ?
I tried to rmmod on all servers and rmmod always returns `ERROR: Module algif_aead is not currently loaded`, that's why I think it's fine. Of course I take a look on https://security-tracker.debian.org/tracker/CVE-2026-31431 for the updates.
the kernel will autoload modules when they are needed. The fact that the module hasn't been loaded is an indication that the bug may not have been exploited, but it does not mean that you are not vulnerable to it. You need to block the module from loading or remove it entirely to mitigate the issue (which is what the first line of the recommended mitigation states).
I use Thunderbird from the beginning when it was still named Firebird (I switched from Outlook Express). I think that it's a good product because it continues to do the job since more than 20 years. Me too I don't understand the negative comments. It's free (MPL license), it's packaged by Debian. All good. I don't care about Mozilla.
I just check something because my memory as faults... Firebird was the name of Firefox and the mail client was called something like Mozilla mail or something else.
They didn't really hijacked anything. Firebird made sense coming from phoenix. It wasn't a good choice considering the database existed before but it wasn't really an hijack in the sense that both are significantly different product that trademarks wouldn't have clashed. It was just annoying when doing web searches (similarly to gemini the google AI product vs the protocol).
Oh, thank you... I'm not alone... I'm so tired of seeing crappy containers with pseudo service management handled by Dockerfiles, used instead of proper and serious packaging like that of many venerable Linux distributions.
I contributed to Bun one time for SQLite. I've a question about the licensing.
Will each contributor continue to retain their copyright, or will a CLA be introduced?
With Bun's existing OSS license and contribution model, all contributors retain their copyright and Bun retains the license to use those contributions. An acquisition of this kind cannot change the terms under which prior contributions were made without explicit agreement from all contributors. If Bun did switch to a CLA in the future, just like with any OSS project, that would only impact future contributions made after that CLA went into effect and it depends entirely on the terms established in that hypothetical CLA.
Hello, thank you, but that doesn't answer my question. I'm not asking for a definition, but for information about licensing decisions for the future of Bun.
trump-lang is a totally stable genius programming language made for developers who don’t like to wait, think twice, or read error messages.
Designed with rapid decision-making, alternative logic, and absolutely no regard for international standards — it’s the only language endorsed by billionaires who don’t code.
It is unfortunate. GCC has enabled the compilation of countless lines of source code for nearly 40 years and has served millions of users. Regardless of whether its design is considered good or bad today, GCC has played an essential role and has enabled the emergence of many projects and new compilers. GCC deserves deep respect.
Seems not fatal to all non-patched systems.
reply