Releases: flatcar/scripts
Releases · flatcar/scripts
lts-3033.3.8
beta-3432.1.0
Changes since Beta 3417.1.0
Security fixes:
- Linux (CVE-2022-3169, CVE-2022-3521)
- cpio (CVE-2021-38185)
- curl (CVE-2022-32221, CVE-2022-35260, CVE-2022-42915, CVE-2022-42916)
- expat (CVE-2022-43680)
- libksba (CVE-2022-3515)
- vim (CVE-2022-3705)
Bug fixes:
- Added support for hardware security keys in update-ssh-keys (update-ssh-keys#7)
- Fix "ext4 deadlock under heavy I/O load" kernel issue. The patch for this is included provisionally while we wait for it to be merged pstream (Flatcar#847, coreos-overlay#2315)
Updates:
- Linux (5.15.81 (includes 5.15.80))
- Linux Firmware (20221109)
- OpenSSH (9.1)
- containerd (1.6.10)
- cpio (2.13)
- curl (7.86)
- Expat (2.5.0)
- glib (2.74.1)
- libcap (2.66)
- libksba (1.6.2)
- sqlite (3.39.4)
- vim (9.0.0828)
- whois (5.5.14)
- XZ utils (5.2.7)
- SDK: Rust (1.65.0)
Changes since Alpha 3432.0.0
Security fixes:
- Linux (CVE-2022-3169, CVE-2022-3521)
Bug fixes:
- Fix "ext4 deadlock under heavy I/O load" kernel issue. The patch for this is included provisionally while we wait for it to be merged upstream (Flatcar#847, coreos-overlay#2315)
Updates:
alpha-3446.0.0
Changes since Alpha 3432.0.0
Security fixes:
- Linux (CVE-2022-3169, CVE-2022-3521)
- sudo (CVE-2022-43995)
Bug fixes:
- Fix "ext4 deadlock under heavy I/O load" kernel issue. The patch for this is included provisionally while we wait for it to be merged upstream (Flatcar#847, coreos-overlay#2315)
Updates:
beta-3417.1.0
Changes since Beta 3402.1.0
Security fixes:
- Linux (CVE-2022-3543, CVE-2022-3564, CVE-2022-3619, CVE-2022-3623, CVE-2022-3628, CVE-2022-42895, CVE-2022-42896)
- git (CVE-2022-39253, CVE-2022-39260)
- multipath-tools (CVE-2022-41973, CVE-2022-41974)
Bug fixes:
- Fixed Ignition btrfs forced formatting for OEM partition (coreos-overlay#2277)
Changes:
- Toolbox now uses containerd to download and mount the image (toolbox#7)
Updates:
- Linux (5.15.79 (includes 5.15.78))
- Docker (20.10.21)
- Go (1.19.3)
- ca-certificates (3.85)
- containerd (1.6.9)
- glibc (2.35)
- bpftool (5.19.8)
- git (2.37.4)
- iputils (20211215)
- libcap (2.65)
- multipath-tools (0.9.3)
- wget (1.21.3)
- whois (5.5.13)
- xz-utils (5.2.6)
Changes since Alpha 3417.0.0
Security fixes:
- Linux (CVE-2022-3543, CVE-2022-3564, CVE-2022-3619, CVE-2022-3623, CVE-2022-3628, CVE-2022-42895, CVE-2022-42896)
Bug fixes:
- Fixed Ignition btrfs forced formatting for OEM partition (coreos-overlay#2277)
Updates:
alpha-3432.0.0
Changes since Alpha 3417.0.0
Security fixes:
- Linux (CVE-2022-3543, CVE-2022-3564, CVE-2022-3619, CVE-2022-3623, CVE-2022-3628, CVE-2022-42895, CVE-2022-42896)
- cpio (CVE-2021-38185)
- curl (CVE-2022-32221, CVE-2022-35260, CVE-2022-42915, CVE-2022-42916)
- expat (CVE-2022-43680)
- libksba (CVE-2022-3515)
- vim (CVE-2022-3705)
Bug fixes:
- Added support for hardware security keys in update-ssh-keys (update-ssh-keys#7)
- Fixed Ignition btrfs forced formatting for OEM partition (coreos-overlay#2277)
Updates:
lts-3033.3.7
Changes since LTS 3033.3.6
Security fixes:
- Linux (CVE-2021-4037, CVE-2022-0171, CVE-2022-2602, CVE-2022-2663, CVE-2022-3061, CVE-2022-3303, CVE-2022-3535, CVE-2022-3542, CVE-2022-3565, CVE-2022-3586, CVE-2022-3594, CVE-2022-3621, CVE-2022-3646, CVE-2022-3649, CVE-2022-39842, CVE-2022-40307, CVE-2022-40768, CVE-2022-41674, CVE-2022-42719, CVE-2022-42720, CVE-2022-42721, CVE-2022-42722, CVE-2022-43750)
Updates:
stable-3374.2.0
Changes since Stable 3227.2.4
Security fixes:
- Linux (CVE-2022-2308, CVE-2022-3621, CVE-2022-3646, CVE-2022-3649, CVE-2022-40768, CVE-2022-41674, CVE-2022-42719, CVE-2022-42720, CVE-2022-42721, CVE-2022-42722, CVE-2022-43750)
- binutils (CVE-2021-45078)
- cifs-utils (CVE-2022-27239, CVE-2022-29869)
- curl (CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776, CVE-2022-27778, CVE-2022-27779, CVE-2022-27780, CVE-2022-27781, CVE-2022-27782, CVE-2022-30115, CVE-2022-32205, CVE-2022-32206, CVE-2022-32207, CVE-2022-32208)
- Docker (CVE-2022-29526, CVE-2022-36109)
- git (CVE-2022-24765, CVE-2022-29187)
- GNU Libtasn1 (Gentoo#866237)
- gnupg (CVE-2022-34903)
- gnutls (CVE-2022-2509)
- Go (CVE-2022-1705, CVE-2022-1962, CVE-2022-27664, CVE-2022-28131, CVE-2022-29526, CVE-2022-30630, CVE-2022-30631, CVE-2022-30632, CVE-2022-30633, CVE-2022-30635, CVE-2022-32148, CVE-2022-32190)
- ignition (CVE-2022-1706)
- intel-microcode (CVE-2022-21151, CVE-2022-21233)
- libtirpc (CVE-2021-46828)
- libxml2 (CVE-2016-3709, CVE-2022-2309, CVE-2022-29824)
- ncurses (CVE-2022-29458)
- oniguruma (oniguruma-20220430)
- openssl (CVE-2022-1292, CVE-2022-1343, CVE-2022-1434, CVE-2022-1473)
- polkit (CVE-2021-4115)
- rsync (CVE-2018-25032, CVE-2022-29154)
- runc (CVE-2022-29162)
- shadow (CVE-2013-4235)
- unzip (CVE-2022-0529, CVE-2022-0530, CVE-2021-4217)
- vim (CVE-2022-0629, CVE-2022-0685, CVE-2022-0714, CVE-2022-0729, CVE-2022-0943, CVE-2022-1154, CVE-2022-1160, CVE-2022-1381, CVE-2022-1420, CVE-2022-1616, CVE-2022-1619, CVE-2022-1620, CVE-2022-1621, CVE-2022-1629, CVE-2022-1674, CVE-2022-1733, CVE-2022-1735, CVE-2022-1769, CVE-2022-1771, CVE-2022-1785, CVE-2022-1796, CVE-2022-1897, CVE-2022-1898, CVE-2022-1886, CVE-2022-1851, CVE-2022-1927, CVE-2022-1942, CVE-2022-1968, CVE-2022-2000)
- zlib (CVE-2022-37434)
- VMware: open-vm-tools (CVE-2022-31676)
- SDK: qemu (CVE-2021-20203, CVE-2021-3713, CVE-2021-3930, CVE-2021-3947, CVE-2021-4145, CVE-2022-26353, CVE-2022-26354)
Bug fixes:
- Fixed Ignition btrfs forced formatting for OEM partition (coreos-overlay#2277)
- Removed outdated LTS channel information printed on login (init#75)
Changes:
- Added efibootmgr binary to the image (coreos-overlay#1955)
- Added symlink from
nc
toncat
.-q
option is not yet supported (flatcar#545) - flatcar-install: Added option to create UEFI boot entry (init#74)
- AWS: Added AWS IMDSv2 support to coreos-cloudinit (flatcar-linux/coreos-cloudinit#13)
- VMware: Added VMware networking configuration in the initramfs via guestinfo settings (bootengine#44, flatcar#717)
- VMWare: Added
ignition-delete-config.service
to remove Ignition config from VM metadata, see also here (coreos-overlay#1948)
Updates:
- Linux (5.15.74 (includes (5.15.73, 5.15.72. 5.15.71))
- Linux Firmware (20220913)
- acpid (2.0.33)
- adcli (0.9.1)
- automake (1.16.5)
- binutils (2.38)
- bison (3.8.2)
- boost (1.79)
- cifs-utils (6.15)
- containerd (1.6.8)
- curl (7.84.0)
- Cyrus SASL (2.1.28)
- dbus ([1.12.22](https://gitlab.freedesktop.org/dbus/dbus/-/blob/177ab044bc87cbc4ded75d21b900795...
beta-3402.1.0
Changes since Beta 3374.1.1
Security fixes:
- Linux (CVE-2022-2602, CVE-2022-3535, CVE-2022-3542, CVE-2022-3565, CVE-2022-3594)
- bind tools (CVE-2022-2795, CVE-2022-2881, CVE-2022-2906, CVE-2022-3080, CVE-2022-38177, CVE-2022-38178)
- curl (CVE-2022-35252)
- dbus (CVE-2022-42010, CVE-2022-42011, CVE-2022-42012)
- go (CVE-2022-41715, CVE-2022-2880, CVE-2022-2879)
- libxml2 (CVE-2022-40303, CVE-2022-40304)
- logrotate (CVE-2022-1348)
- vim (CVE-2022-1725, CVE-2022-2042, CVE-2022-2124, CVE-2022-2125, CVE-2022-2126, CVE-2022-2129, CVE-2022-2175, CVE-2022-2182, CVE-2022-2183, CVE-2022-2206, CVE-2022-2207, CVE-2022-2208, CVE-2022-2210, CVE-2022-2231, CVE-2022-2257, CVE-2022-2264, CVE-2022-2284, CVE-2022-2285, CVE-2022-2286, CVE-2022-2287, CVE-2022-2288, CVE-2022-2289, CVE-2022-2304, CVE-2022-2343, CVE-2022-2344, CVE-2022-2345, CVE-2022-2522, CVE-2022-2816, CVE-2022-2817, CVE-2022-2819, CVE-2022-2845, CVE-2022-2849, CVE-2022-2862, CVE-2022-2874, CVE-2022-2889, CVE-2022-2923, CVE-2022-2946, CVE-2022-2980, CVE-2022-2982, CVE-2022-3016, CVE-2022-3099, CVE-2022-3134, CVE-2022-3153, CVE-2022-3234, CVE-2022-3235, CVE-2022-3278, CVE-2022-3256, CVE-2022-3296, CVE-2022-3297, CVE-2022-3324, CVE-2022-3352)
- SDK: rust (CVE-2022-36113, CVE-2022-36114)
Bug fixes:
- Enabled IOMMU on arm64 kernels, the lack of which prevented some systems from booting (coreos-overlay#2235)
Changes:
- Added
CONFIG_NF_CONNTRACK_BRIDGE
(for nf_conntrack_bridge) andCONFIG_NFT_BRIDGE_META
(for nft_meta_bridge) to the kernel config to allow using conntrack rules for bridges in nftables and to match on bridge interface names (coreos-overlay#2207) - Change CONFIG_WIREGUARD kernel option to module to save space on boot partition (coreos-overlay#2239)
- Disable several arch specific arm64 kernel config options for unsupported platforms to save space on boot partition (coreos-overlay#2239)
- Switched from
--strip-unneeded
to--strip-debug
when installing kernel modules, which makes kernel stacktraces more accurate and makes debugging issues easier (coreos-overlay#2196) - The flatcar-update tool got two new flags to customize ports used on the host while updating flatcar (init#81)
- Add qemu-guest-agent to all amd64 images, it will be automatically enabled when qemu-ga virtio-port is detected (coreos-overlay#2240, portage-stable#373)
Updates:
- Linux (5.15.77 (includes 5.15.76, 5.15.75))
- Linux Firmware (20221012)
- Docker (20.10.20)
- Go (1.18.7)
- OpenSSL (3.0.7)
- bind tools (9.16.33)
- bpftool (5.19.2)
- curl (7.85)
- dbus (1.14.4)
- git (2.37.3)
- glibc (2.34)
- libxml2 (2.10.3)
- logrotate (3.20.1)
- nmap (7.93)
- pahole (1.23)
- strace (5.19)
- vim (9.0.0655)
- wireguard-tools (1.0.20210914)
- zlib (1.2.13)
- SDK: catalyst (3.0.21)
- SDK: cmake (3.23.3)
- SDK: libxslt (1.1.37)
- SDK: meson (0.62.2)
- SDK: ninja (1.11.0)
- SDK: Rust (1.64.0)
Changes since Alpha 3402.0.1
Security fixes:
Updates:
alpha-3417.0.0
Changes since Alpha 3402.0.1
Security fixes:
- Linux (CVE-2022-2602, CVE-2022-3535, CVE-2022-3542, CVE-2022-3565, CVE-2022-3594)
- git (CVE-2022-39253, CVE-2022-39260)
- multipath-tools (CVE-2022-41973, CVE-2022-41974)
Changes:
- Toolbox now uses containerd to download and mount the image (toolbox#7)
Updates:
stable-3227.2.4
Changes since Stable 3227.2.3
Security fixes:
- OpenSSL (CVE-2022-3602, CVE-2022-3786)
Changes:
- OpenStack: enabled
[email protected]
to provision SSH keys from metadata. (Flatcar#817, coreos-overlay#2246)
Updates:
- ca-certificates (3.84)