diff --git a/blog/2026-05-10-kernel-root-exploits.md b/blog/2026-05-10-kernel-root-exploits.md
index 28716e09ae..19011ed327 100644
--- a/blog/2026-05-10-kernel-root-exploits.md
+++ b/blog/2026-05-10-kernel-root-exploits.md
@@ -124,12 +124,14 @@ The fixes for Dirty Frag are still in development as of May 8. The first fixes
 have been merged upstream and released in 7.0.5, 6.18.28, 6.12.87, 6.6.138,
 6.1.172, 5.15.206 and 5.10.255 but there is
 [more to come for rxrpc](https://lwn.net/ml/all/2026050859-ahead-anchovy-05e2@gregkh/).
+Update 2026-05-11: 7.0.6 and 6.18.29 contain this last patch, older kernels don't need it.
 The responsible disclosure process for Dirty Frag unfortunately failed due to the
 [patches being spotted](https://www.openwall.com/lists/oss-security/2026/05/07/12),
 so the upstream maintainers and the distributors this time did not have time
 to carefully prepare and test fixes ahead of the publication of the issue.
 So we have to expect that it will take a few days until all Linux distributor
-manage to ship tested fixed kernels.
+manage to ship tested fixed kernels. Alma Linux has done so already, others are
+expected to follow soon.
 
 A fully effective workaround is again to prevent loading the affected modules
 by placing another file `dirtyfrag.conf` in `/etc/modprobe.d/`:
@@ -211,7 +213,7 @@ key or to use a tool like kubectl-node-shell with the appropriate
 privileges.
 
 ```bash
-for node in $(kubectl get nodes | grep -v '^NAME' | awk '{print $1;}') do;
+for node in $(kubectl get nodes | grep -v '^NAME' | awk '{print $1;}'); do
   kubectl node_shell "$node" -- bash -c 'echo -e "# Temporarily disable algif_aead (copy.fail)\ninstall algif_aead /bin/false" > /etc/modprobe.d/disable-aead-copyfail.conf'
   kubectl node_shell "$node" -- bash -c 'echo -e "# Temporarily disable esp4, esp6, rxrpc (Dirty Frag)\ninstall esp4 /bin/false\ninstall esp6 /bin/false\ninstall rxrpc /bin/false" > /etc/modprobe.d/disable-esp46-rxrpc-dirtyfrag.conf'
 done
@@ -254,3 +256,4 @@ SCS security contact is [security@scs.community](mailto:security@scs.community),
 - kubectl node-shell instructions, v0.2, 2026-05-09, 12:45 CEST.
 - Mention succssful patching of community infra, v0.3, 2026-05-09, 13:30 CEST.
 - Correct facts on the failure of the responsible disclosure. Release as v1.0, 2026-05-09, 20:00 CEST.
+- Update on final rxrpc fix in stable kernels. v1.1, 2026-05-12, 08:45 CEST.
diff --git a/community/tools/zuul.md b/community/tools/zuul.md
index db7e2adfe5..cb3b494d88 100644
--- a/community/tools/zuul.md
+++ b/community/tools/zuul.md
@@ -19,7 +19,7 @@ Note: This needs to be updated!
     - the merge-mode which should be used to auto-merge
     - the jobs to run in each pipeline (gh_check, gh_gate, gh_post, gh_tag)
     - these [pipelines](https://github.com/SovereignCloudStack/zuul-config/blob/main/zuul.d/) are triggered by events
-    - ihere are [some default jobs](https://opendev.org/zuul/zuul-jobs/src/branch/master/playbooks)
+    - here are [some default jobs](https://opendev.org/zuul/zuul-jobs/src/branch/master/playbooks)
 - If you have _self-defined_ jobs, you need to create a folder _.playbooks_
   - this folder containers ansible playbooks which will be triggered