This Week in TUXEDO OS #23-2026 - TUXEDO Computers

Hello TUXEDO Fans and Open-Source Enthusiasts!

This week, the Linux community continued its somewhat heated debate over the future of Flatpak, the distribution-independent Linux package system that comes pre-configured on TUXEDO OS. The discussion was prompted by a presentation at the Linux App Summit 2026, which addressed the question of whether the next generation of Flatpak should require systemd as a hard dependency, which would exclude distributions without systemd from the Flatpak ecosystem. Flathub, the largest app store for Flatpak, also made headlines this week, as the developers tightened the guidelines for AI-generated code.

Things were a bit quieter at TUXEDO, however. The integration of TUXEDO Tomte 3, released the previous week, went off without a hitch. The App of the Week focuses on the new features in the KDE note-taking app Marknote 1.6, and in the Tips and Tricks section, we take a closer look at KRunner.

Enjoy reading,
The TUXEDO OS Team

Updates TUXEDO

tuxedo-tomte 3.0.5

• Add nvidia additionally as ubuntu fix

Updates TUXEDO OS

Firefox 151.0.3

• Changelog: https://www.firefox.com/en-US/firefox/151.0.3/releasenotes/

Mesa 26.11

• Changelog: https://docs.mesa3d.org/relnotes/26.1.1.html

KDE App of the Week: Marknote 1.6: Note-Taking in KDE

We have already written about Marknote, the open-source WYSIWYG note-taking application from the KDE project, on two occasions in this column. The reason we are covering it again is the recent release of Marknote 1.6.

New Features

The standout new feature is the initial support for subfolders, allowing notes to be organized more effectively. However, the implementation is not yet complete, as developer Carl Schwan explains in his announcement of the update. Currently, subfolders still have to be created outside of Marknote, for example, in Dolphin or another file manager. This is expected to change in future releases. Another new feature is that each notebook now displays the number of notes it contains. Marknote’s search function can now search across all notebooks instead of being limited to a single one.

By default, Marknote stores notes in ~/Documents within your home directory. Each notebook is stored as a separate subfolder inside the Notes directory. The newly introduced subfolders are created within the respective notebook folder. Since Marknote 1.2, it has also been possible to specify a custom directory for storing notes.

Visual Effects

The editor now includes an optional background blur effect similar to those found in other KDE applications such as NeoChat. In addition, Marknote now offers emoji completion directly within the text editor, making it easier to insert emojis quickly. The release is rounded off by various bug fixes, code cleanups, and improved translations.

Availability

Currently, it is recommended to install Marknote as a Flatpak via the Discover software center. The recently released version 1.6 is already available there. The source code can be found on GitLab.

Moving Beyond a Simple Note-Taking Tool

The features introduced in recent Marknote releases suggest a shift away from being a simple WYSIWYG note-taking application toward becoming a Markdown-based knowledge management system with linking and fast navigation capabilities. This positions it as a potential alternative to established proprietary tools such as Obsidian. We are curious to see how Marknote evolves within the already well-populated ecosystem of Linux note-taking applications.

TUXEDO OS Tips & Tricks: A deep dive into KRunner

KRunner is something of KDE Plasma’s best-kept secret. Yet the small bar, summoned with Alt+F2 or alternatively Alt+Space, is extraordinarily powerful. Originally conceived as an application launcher, KRunner has since grown into a fully-fledged command center for the desktop — if you know what it is capable of.

Modular by design

KRunner works with modules that handle different tasks. Many are active by default, but users are often unaware of them. After opening the KRunner command bar, clicking the gear icon on the far left takes you to its settings. Here you can decide, among other things, whether the bar should appear at the top or in the center of the screen. You can also disable the history or enable auto-completion.

Clicking the Configure Enabled Search Plugins button takes you to the KRunner page in System Settings. Here you will find a list of KRunner modules; you can enable or disable them and mark favorites, which places them in the easily accessible upper area.

The Get New Plugins button leads to a list of community modules that have not yet been officially included. The warning about unreviewed executable code should be taken seriously — downloaded modules should be assessed for security and quality or evaluated by a trusted AI. A better overview of the roughly 70 additional modules is available on the KDE Store. In the KDE Store, it is best to filter specifically by the Plasma 6 tag, as some runners are still limited to Plasma 5.

You can see how KRunner works by entering a simple mathematical expression such as 12 x 7. The screenshot below illustrates this. KRunner lists all occurrences of this expression found across the enabled modules.

KRunner assumes you are looking for the result of a calculation and places the calculator module’s answer first. The copy icon on the right sends the result to the clipboard. Less well known is the fact that behind the calculator lies the powerful Qalculate! App, which also handles symbolic mathematics, derivatives, and equations.

Further standard modules

Many everyday tasks can be handled quickly with KRunner without launching dedicated applications. A few example inputs:

• dolphin launches the file manager
• spell neccessary suggests the correct spelling
• tuxedocomputers.com opens the TUXEDO website via the Locations module
• gg:TUXEDO Computers starts a search using a web shortcut
• wp:TUXEDO Computers searches Wikipedia for the given term
• time tokyo shows the current time in Tokyo
• kill disc gracefully shuts down the Discover application
• 15 USD in EUR displays the conversion at the current exchange rate
• #3daee9 shows the color corresponding to the entered color code

In addition, applications and files can be found, shell commands executed, software installed, or windows switched. If you use virtual desktops, you can use KRunner to move running windows to a specific desktop: search for the window name and select the appropriate action. If you want to find out where and in what form a term appears on your system, KRunner shows all matches — regardless of whether it is a bookmark, an open browser tab, a folder, a location in Dolphin’s sidebar, a PDF, a video, or audio clip, or any other type of file. It also lists matches within documents, not just in their titles. The search service Baloo does the heavy lifting in the background.

KRunner also executes console commands. Entering ls -l /home/user/Downloads displays the line Run ls -l /home/user/Downloads. Click the small console icon on the right edge, and a terminal window opens with the command already executed. Pressing Alt+Shift+F2 opens KRunner not empty but with the current clipboard content or the currently selected text automatically inserted into the search bar. This is very handy when, for example, you are reading an article and select a physics equation or a calculation — KRunner immediately delivers the result without any manual pasting.

Lesser-known KRunner tricks

• imdb:Pulp Fiction finds your favorite film in the IMDB movie database
• deb:packagename triggers a Debian package search
• timeline:/today shows all files you have opened or edited today in the Dolphin file manager
• recentlyused gives you a broader overview of your most recently used files

Community extensions

• Clipboard Runner provides access to the clipboard history
• KeePassXC/Bitwarden integration searches the password databases and copies usernames or passwords directly to the clipboard on demand, without needing to open the password manager window
• VSCode Runner searches directly through the list of workspaces recently opened in VSCode. Pressing Enter opens the project in VSCode; pressing Shift+Enter opens the project folder directly in the Dolphin file manager
• Web Runners query stock prices directly from the search bar
• KRunner Steam Launcher is aimed at gamers who want to browse their game library and launch titles without the sluggish Steam client

Controlling KRunner with the keyboard

KRunner can be operated entirely by keyboard: Alt+F2 or Alt+Space open the input bar, Escape closes it, the arrow keys navigate between results, and Page Up and Page Down move through longer result lists. With an empty input bar, the up arrow key displays the history of previous inputs. Enter executes the selected entry.

Ubuntu Security Updates

The Ubuntu security updates listed here are generally incorporated directly into TUXEDO OS. Some updates are only available from Ubuntu for a fee and are therefore not made available to the community until a later date. Unfortunately, we have no control over this:

• USN-8344–3: pip vulnerability: A regression was fixed in pip.
  IDs: CVE-2025–66471
  Affects: Ubuntu 26.04 LTS, Ubuntu 24.04 LTS, Ubuntu 22.04 LTS.

• USN-8348–1: GoBGP vulnerabilities: Several security issues were fixed in GoBGP.
  IDs: CVE-2026–7737, CVE-2026–7736, CVE-2026–7735 + 3 others
  Affects: Ubuntu 26.04 LTS, Ubuntu 24.04 LTS, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 LTS.

• USN-8374–1: Linux kernel vulnerabilities: Several security issues were fixed in the Linux kernel.
  IDs: CVE-2026–47337, CVE-2026–47334, CVE-2026–47333 + 37 others
  Affects: Ubuntu 25.10, Ubuntu 24.04 LTS.

• USN-8373–1: Linux kernel vulnerabilities: Several security issues were fixed in the Linux kernel.
  IDs: CVE-2026–47337, CVE-2026–47336, CVE-2026–47335 + 18 others
  Affects: Ubuntu 24.04 LTS, Ubuntu 22.04 LTS.

• USN-8372–1: age vulnerability: age could be made to crash or run programs as your login if it opened a specially crafted file.
  IDs: CVE-2024–56327
  Affects: Ubuntu 24.04 LTS.

• USN-8371–1: Linux kernel vulnerabilities: Several security issues were fixed in the Linux kernel.
  IDs: CVE-2026–47337, CVE-2026–47334, CVE-2026–47333 + 15 others
  Affects: Ubuntu 25.10, Ubuntu 24.04 LTS.

• USN-8369–1: Apache Tomcat Connectors vulnerability: Apache Tomcat Connectors could allow local users to expose sensitive information or cause a denial of service.
  IDs: CVE-2024–46544
  Affects: Ubuntu 24.04 LTS, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS.

• USN-8367–1: tar-fs vulnerabilities: Several security issues were fixed in tar-fs.
  IDs: CVE-2025–59343, CVE-2025–48387, CVE-2024–12905
  Affects: Ubuntu 25.10, Ubuntu 24.04 LTS, Ubuntu 22.04 LTS.

• USN-8365–1: Dovecot vulnerabilities: Several security issues were fixed in Dovecot.
  IDs: CVE-2026–42006, CVE-2026–40020, CVE-2026–40016 + 2 others
  Affects: Ubuntu 26.04 LTS, Ubuntu 25.10, Ubuntu 24.04 LTS, Ubuntu 22.04 LTS.

• USN-8364–1: Apache Commons Lang vulnerability: Apache Commons Lang could be made to crash if it received specially crafted input.
  IDs: CVE-2025–48924
  Affects: Ubuntu 24.04 LTS, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS, Ubuntu 14.04 LTS.

• USN-8363–1: MySQL vulnerabilities: Several security issues were fixed in MySQL.
  IDs: CVE-2026–35240, CVE-2026–35239, CVE-2026–35238 + 22 others
  Affects: Ubuntu 26.04 LTS, Ubuntu 25.10, Ubuntu 24.04 LTS, Ubuntu 22.04 LTS.

• USN-8362–1: XZ Utils vulnerability: XZ Utils could be made to crash or run programs as your login if it received specially crafted input.
  IDs: CVE-2026–34743
  Affects: Ubuntu 25.10, Ubuntu 24.04 LTS, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS, Ubuntu 14.04 LTS.

• USN-8360–1: sslh vulnerability: sslh could be made to overwrite files.
  IDs: CVE-2025–52936
  Affects: Ubuntu 26.04 LTS, Ubuntu 25.10, Ubuntu 24.04 LTS, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS.

• USN-8359–1: NNCP vulnerability: NNCP could allow unintended access to files.
  IDs: CVE-2025–60020
  Affects: Ubuntu 25.10, Ubuntu 24.04 LTS, Ubuntu 22.04 LTS.

• USN-8358–1: haveged vulnerability: haveged could be made to run programs as an administrator.
  IDs: CVE-2026–41054
  Affects: Ubuntu 26.04 LTS, Ubuntu 25.10, Ubuntu 24.04 LTS, Ubuntu 22.04 LTS.

• USN-8357–1: Qt Declarative vulnerability: Qt Declarative could be made to use excessive resources if it received specially crafted input.
  IDs: CVE-2025–12385
  Affects: Ubuntu 24.04 LTS, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS.

• USN-8356–1: GNU SASL vulnerability: GNU SASL could be made to crash if it received specially crafted input.
  IDs: CVE-2026–48829
  Affects: Ubuntu 26.04 LTS, Ubuntu 25.10, Ubuntu 24.04 LTS.

• USN-8355–1: SSSD vulnerability: SSSD could be made to crash if it received specially crafted input.
  IDs: CVE-2026–6245
  Affects: Ubuntu 26.04 LTS, Ubuntu 25.10, Ubuntu 24.04 LTS.

• USN-8354–1: nginx vulnerabilities: Several security issues were fixed in nginx.
  IDs: CVE-2026–9256, CVE-2026–42946, CVE-2026–42934 + 2 others
  Affects: Ubuntu 26.04 LTS, Ubuntu 25.10, Ubuntu 24.04 LTS, Ubuntu 22.04 LTS.

• USN-8353–1: Exim vulnerability: Exim could be made to expose sensitive information over the network.
  IDs: CVE-2026–48840
  Affects: Ubuntu 26.04 LTS, Ubuntu 25.10, Ubuntu 24.04 LTS, Ubuntu 22.04 LTS.

• USN-8350–1: Linux kernel vulnerabilities (NVIDIA Tegra): Several security issues were fixed in the Linux kernel.
  IDs: CVE-2026–46028, CVE-2026–43078, CVE-2026–43077 + 5 others
  Affects: Ubuntu 24.04 LTS.

• LSN-120–1: Kernel Live Patch Security Notice: Several security issues were fixed in the kernel.
  IDs: CVE-2026–31431, CVE-2025–37849, CVE-2026–23112
  Affects: Ubuntu 24.04 LTS, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 LTS.

Current BIOS/EC Versions

An EC/BIOS update affects key system components. Please ensure that you follow the instructions carefully and take your time. The process is usually completed quickly. If you have any doubts, our support team is happy to assist you. The following devices have BIOS/EC updates available: