dongsupark
released this
10 Oct 12:25
·
503 commits
to main
since this release
Changes since Alpha 4081.0.0
Security fixes:
- Linux (CVE-2024-46711, CVE-2024-46709, CVE-2024-46680, CVE-2024-46679, CVE-2024-46678, CVE-2024-46677, CVE-2024-46676, CVE-2024-46695, CVE-2024-46694, CVE-2024-46693, CVE-2024-46675, CVE-2024-46692, CVE-2024-46689, CVE-2024-46687, CVE-2024-46686, CVE-2024-46685, CVE-2024-46673, CVE-2024-46674, CVE-2024-46811, CVE-2024-46810, CVE-2024-46809, CVE-2024-46807, CVE-2024-46806, CVE-2024-46805, CVE-2024-46804, CVE-2024-46821, CVE-2024-46819, CVE-2024-46818, CVE-2024-46817, CVE-2024-46815, CVE-2024-46814, CVE-2024-46812, CVE-2024-46802, CVE-2024-46803, CVE-2024-46724, CVE-2024-46732, CVE-2024-46731, CVE-2024-46728, CVE-2024-46726, CVE-2024-46725, CVE-2024-46723, CVE-2024-46722, CVE-2024-46721, CVE-2024-46720, CVE-2024-46719, CVE-2024-46717, CVE-2024-46716, CVE-2024-46714, CVE-2024-46715, CVE-2024-46831, CVE-2024-46840, CVE-2024-46839, CVE-2024-46838, CVE-2024-46836, CVE-2024-46835, CVE-2024-46848, CVE-2024-46847, CVE-2024-46846, CVE-2024-46845, CVE-2024-46844, CVE-2024-46843, CVE-2024-46832, CVE-2024-46830, CVE-2024-46829, CVE-2024-46828, CVE-2024-46827, CVE-2024-46826, CVE-2024-46825, CVE-2024-46822, CVE-2024-46788, CVE-2024-46797, CVE-2024-46796, CVE-2024-46795, CVE-2024-46794, CVE-2024-46791, CVE-2024-46800, CVE-2024-46798, CVE-2024-46760, CVE-2024-46768, CVE-2024-46767, CVE-2024-46765, CVE-2024-46763, CVE-2024-46787, CVE-2024-46786, CVE-2024-46785, CVE-2024-46784, CVE-2024-46783, CVE-2024-46782, CVE-2024-46781, CVE-2024-46780, CVE-2024-46762, CVE-2024-46777, CVE-2024-46776, CVE-2024-46773, CVE-2024-46771, CVE-2024-46770, CVE-2024-46761, CVE-2024-46743, CVE-2024-46742, CVE-2024-46741, CVE-2024-46740, CVE-2024-46739, CVE-2024-46738, CVE-2024-46737, CVE-2024-46759, CVE-2024-46758, CVE-2024-46757, CVE-2024-46756, CVE-2024-46755, CVE-2024-46736, CVE-2024-46752, CVE-2024-46750, CVE-2024-46749, CVE-2024-46747, CVE-2024-46746, CVE-2024-46745, CVE-2024-46744, CVE-2024-46734, CVE-2024-46735, CVE-2024-46713, CVE-2024-46858, CVE-2024-46857, CVE-2024-46855, CVE-2024-46854, CVE-2024-46853, CVE-2024-46852, CVE-2024-46865, CVE-2024-46864, CVE-2024-46861, CVE-2024-46860, CVE-2024-46859, CVE-2024-46849)
- Go (CVE-2024-34155, CVE-2024-34156, CVE-2024-34158)
- docker (CVE-2024-41110)
- etcd (CVE-2023-32082)
- expat (CVE-2024-45490)
- intel-microcode (CVE-2023-42667, CVE-2023-49141, CVE-2024-24853, CVE-2024-24980, CVE-2024-25939)
- libpcap (CVE-2023-7256, CVE-2024-8006)
- runc (CVE-2024-45310)
Bug fixes:
- CloudSigma: Disabled the new DHCP RapidCommit feature which is enabled by default since systemd 255. CloudSigma provides an incompatible implementation which results in cloud-init not being applied as no IP is issued. See: (flatcar/scripts#2016)
- Equinix Metal: fixed race condition on 'mount' Ignition stage (scripts#2308)
Changes:
- Azure, HyperV: Added daemons
kvp
,vss
, andfcopy
for better HyperV hypervisor integration with Flatcar guests (scripts#2309). - Enable mpi3mr kernel module for Broadcom Storage/RAID-Controllers (flatcar/scripts#2355)
- Kernel lockdown in integrity mode is now enabled when secure boot is enabled. This prevents loading unsigned kernel modules and matches the behavior of all major distros. (scripts#2299)
- The
/usr/sbin
directory is now merged into/usr/bin
, so the former became a symlink to the latter. The SDK now has the same base layout as the generic images. (flatcar/scripts#2068)
Updates:
- Go (1.22.8 (includes 1.22.7))
- Linux (6.6.54 (includes 6.6.53, 6.6.52, 6.6.51, 6.6.50, 6.6.49))
- Linux Firmware (20240909)
- afterburn (5.7.0)
- audit (4.0.1 (includes 4.0))
- azure, gce, sysext-python: gdbm (1.24)
- azure, gce, sysext-python: python (3.11.10)
- bind-tools (9.16.50 (includes 9.16.49))
- bpftool (7.5.0 (includes 7.4.0, 7.3.0, 7.2.0, 7.1.0, 7.0.0))
- ca-certificates (3.105)
- containerd (1.7.22)
- dev: gentoolkit (0.6.7)
- docker (27.2.1, includes changes from 26.1.0))
- etcd (3.5.16)
- expat (2.6.3)
- grub (2.12)
- intel-microcode (20240531_p20240526)
- iproute2 (6.9.0)
- libffi (3.4.6 (includes 3.4.5))
- libnftnl (1.2.7)
- libpcap (1.10.5)
- libpcre2 (10.44)
- libsodium (1.0.20)
- nettle (3.10)
- pinentry (1.3.0)
- runc (1.1.14)
- whois (5.5.23 (includes 5.5.22))
- SDK: cmake (3.30.2)
- SDK: perl (5.40.0)
- sysext-python: idna (3.8)
- sysext-python: jaraco-context (6.0.1)
- sysext-python: setuptools (72.2.0)
- sysext-python: setuptools (73.0.1)
- sysext-python: truststore (0.9.2)