lts-3510.3.2
sayanchowdhury
released this
14 Feb 04:35
·
7766 commits
to main
since this release
Changes since LTS 3510.3.1
Security fixes:
- Linux (CVE-2022-47940, CVE-2023-1193, CVE-2023-1194, CVE-2023-25775, CVE-2023-32247, CVE-2023-32250, CVE-2023-32252, CVE-2023-32254, CVE-2023-32257, CVE-2023-32258, CVE-2023-38427, CVE-2023-38430, CVE-2023-38431, CVE-2023-3867, CVE-2023-46343, CVE-2023-46813, CVE-2023-46838, CVE-2023-46862, CVE-2023-51779, CVE-2023-51780, CVE-2023-51781, CVE-2023-51782, CVE-2023-52340, CVE-2023-5717, CVE-2023-6040, CVE-2023-6121, CVE-2023-6606, CVE-2023-6622, CVE-2023-6817, CVE-2023-6915, CVE-2023-6931, CVE-2023-6932, CVE-2024-0584, CVE-2024-0607, CVE-2024-0646, CVE-2024-1085, CVE-2024-22705)
- runc (CVE-2024-21626)
Bug fixes:
- Forwarded the proxy environment variables of
update-engine.service
to the postinstall script to support fetching OEM systemd-sysext payloads through a proxy (Flatcar#1326)
Changes:
- Added a
flatcar-update --oem-payloads <yes|no>
flag to skip providing OEM payloads, e.g., for downgrades (init#114) - Backported the OEM payload support to update-engine to avoid the fallback download path for clients on a restricted network and rather use the URLs passed from
flatcar-update -E
or with self-hosted Nebraska payloads (Flatcar#1332, Flatcar#1326) - Brightbox: The regular OpenStack image should now be used, it includes Afterburn for instance metadata attributes
- OpenStack: An uncompressed image is provided for simpler import (since the images use qcow2 inline compression, there is no benefit in using the
.gz
or.bz2
images)