beta-4054.1.0
Changes since Beta 4012.1.0
Security fixes:
- Linux (CVE-2024-44944, CVE-2024-43877, CVE-2024-43876, CVE-2024-43875, CVE-2024-43873, CVE-2024-43871, CVE-2024-43881, CVE-2024-43880, CVE-2024-43879, CVE-2024-43869, CVE-2024-43870, CVE-2024-43856, CVE-2024-43860, CVE-2024-43859, CVE-2024-43858, CVE-2024-43833, CVE-2024-43832, CVE-2024-43831, CVE-2024-43830, CVE-2024-43829, CVE-2024-43828, CVE-2024-43855, CVE-2024-43854, CVE-2024-43853, CVE-2024-43851, CVE-2024-43850, CVE-2024-43849, CVE-2024-43847, CVE-2024-43846, CVE-2024-43845, CVE-2024-43842, CVE-2024-43841, CVE-2024-43839, CVE-2024-43837, CVE-2024-43834, CVE-2024-43825, CVE-2024-43823, CVE-2024-43821, CVE-2024-43818, CVE-2024-43817, CVE-2024-42321, CVE-2024-42322, CVE-2024-42288, CVE-2024-42297, CVE-2024-42296, CVE-2024-42295, CVE-2024-42294, CVE-2024-42292, CVE-2024-42320, CVE-2024-42318, CVE-2024-42291, CVE-2024-42316, CVE-2024-42315, CVE-2024-42314, CVE-2024-42313, CVE-2024-42311, CVE-2024-42310, CVE-2024-42309, CVE-2024-42308, CVE-2024-42290, CVE-2024-42307, CVE-2024-42306, CVE-2024-42305, CVE-2024-42304, CVE-2024-42303, CVE-2024-42302, CVE-2024-42301, CVE-2024-42299, CVE-2024-42298, CVE-2024-42289, CVE-2024-42284, CVE-2024-42283, CVE-2024-42281, CVE-2024-42280, CVE-2024-42279, CVE-2024-42278, CVE-2024-42277, CVE-2024-42287, CVE-2024-42286, CVE-2024-42285, CVE-2023-52889, CVE-2024-42276, CVE-2024-43867, CVE-2024-43866, CVE-2024-43864, CVE-2024-43863, CVE-2024-42312, CVE-2024-42274, CVE-2024-42273, CVE-2024-42272, CVE-2024-42271, CVE-2024-42270, CVE-2024-42269, CVE-2024-42268, CVE-2024-42267, CVE-2024-42265, CVE-2024-43908, CVE-2024-44931, CVE-2024-43914, CVE-2024-43912, CVE-2024-44935, CVE-2024-44934, CVE-2024-43909, CVE-2024-43905, CVE-2024-43903, CVE-2024-43902, CVE-2024-43900, CVE-2024-43907, CVE-2024-43906, CVE-2024-43897, CVE-2024-43894, CVE-2024-43893, CVE-2024-43892, CVE-2024-43890, CVE-2024-43889, CVE-2024-43895, CVE-2024-43883, CVE-2024-43861, CVE-2024-42259, CVE-2024-44943, CVE-2024-44942, CVE-2024-44941, CVE-2024-44940, CVE-2024-44938, CVE-2024-44939, CVE-2024-43898, CVE-2024-43882, CVE-2024-44947, CVE-2024-44946)
- curl (CVE-2024-6197, CVE-2024-6874)
- docker (CVE-2024-29018)
- git (CVE-2024-32002, CVE-2024-32004, CVE-2024-32020, CVE-2024-32021, CVE-2024-32465)
- glib (CVE-2024-34397)
- go (CVE-2023-45288, CVE-2023-45289, CVE-2023-45290, CVE-2024-24783, CVE-2024-24784, CVE-2024-24785, CVE-2024-24788, CVE-2024-24789, CVE-2024-24790, CVE-2024-24791)
- intel-microcode (CVE-2023-45733, CVE-2023-45745, CVE-2023-46103, CVE-2023-47855)
- libarchive (CVE-2024-26256, CVE-2024-37407)
- libxml2 (CVE-2024-34459)
- mit-krb5 (CVE-2024-26461, CVE-2024-26462, CVE-2024-37370, CVE-2024-37371)
- sysext-podman: podman (CVE-2024-3727)
- tpm2-tools (CVE-2024-29038, CVE-2024-29039, CVE-2024-29040)
- wget (CVE-2024-38428)
- SDK: nasm (CVE-2019-6290, CVE-2019-6291, CVE-2019-8343, CVE-2020-21528, CVE-2021-33450, CVE-2021-33452, CVE-2022-44368, CVE-2022-44369, CVE-2022-44370)
Bug fixes:
- Fix ownership of systemd units shipped with built-in docker/containerd sysexts. The files shipped on production images were accidentally owned by 1000:1000 instead of 0:0. This uid/gid is not present on Flatcar images but would be assigned to the first created user. Due to contents of sysexts and /usr being readonly on Flatcar, the invalid permissions can't be used to escalate privileges. (scripts#2266)
- Fixed bad usage of gpg that prevented flatcar-install from being used with custom signing keys (Flatcar#1471)
- Equinix Metal: Fixed oem-cloudinit.service. The availability check now uses the https://metadata.platformequinix.com/metadata endpoint. (scripts#2222)
Changes:
- As part of the update to Catalyst 4 (used to build the SDK), the coreos package repository has been renamed to coreos-overlay to match its directory name. This will be reflected in package listings and package manager output. (flatcar/scripts#2115)
- The kernel security module Landlock is now enabled for programs to sandbox themselves (flatcar/scripts#2158)
Updates:
- Linux (6.6.48 (includes 6.6.47, 6.6.46, 6.6.45, 6.6.44))
- Linux Firmware (20240709)
- audit (3.1.2)
- binutils (2.42)
- bpftool (6.9.2 (includes 6.8.2))
- btrfs-progs (6.9.2)
- c-ares (1.29.0 (includes 1.28.1, 1.28.0))
- cJSON (1.7.18)
- ca-certificates (3.104)
- containerd (1.7.20 (includes 1.7.19))
- cryptsetup (2.7.2 (includes 2.7.1 and 2.7.0))
- curl (8.9.0 (includes 8.8.0))
- docker (26.1.0, includes changes from 25.0)
- e2fsprogs (1.47.1)
- ethtool (6.9)
- findutils (4.10.0)
- gcc (13.3.1_p20240614)
- git (2.44.2 (includes 2.44.1, 2.44.0))
- glib (2.78.6 (includes 2.78.5, 2.78.4))
- gnupg (2.4.5)
- hwdata (0.383 (includes 0.382))
- intel-microcode (20240514_p20240514)
- iproute2 (6.8.0 (includes 6.7.0))
- ipset (7.22)
- kexec-tools (2.0.28)
- kmod (32)
- libarchive (3.7.4 (includes 3.7.3))
- libassuan (2.5.7)
- libcap (2.70)
- libcap-ng (0.8.5)
- libdnet (1.18.0)
- libgpg-error (1.49)
- libksba (1.6.7)
- libnl (3.9.0)
- libnvme (1.9)
- libpcre2 (10.43)
- libunwind (1.8.1 (includes 1.8.0))
- libusb (1.0.27)
- libxml2 (2.12.7 (includes 2.12.6))
- linux-pam (1.5.3)
- lshw (02.20.2b)
- mit-krb5 (1.21.3)
- multipath-tools (0.9.8)
- nmap (7.95)
- nvme-cli (2.9.1 (includes 2.9))
- pciutils (3.13.0 (includes 3.12.0))
- qemu-guest-agent (8.2.0)
- rsync (3.3.0)
- runc (1.1.13)
- sqlite (3.46.0 (includes 3.45.3))
- strace (6.9)
- sysext-podman: aardvark-dns (1.11.0)
- sysext-podman: containers-common (0.59.1)
- sysext-podman: podman (5.0.3)
- sysext-python: jaraco-text (3.12.1)
- sysext-python: setuptools (70.3.0 (includes 70.1.1, 70.1.0, 70.0.0, 69.5.1, 69.5.0, 69.4.2, 69.4.1, 69.4.0, 69.3.1, 69.3.0, 69.2.0))
- sysext-python: trove-classifiers (2024.7.2)
- systemd (255.8)
- talloc (2.4.1)
- tdb (1.4.9)
- tevent (0.15.0)
- tpm2-tools (5.7 (includes 5.6.1, 5.6))
- tpm2-tss (4.1.3 (includes changes from 4.0.2)
- util-linux (2.39.4)
- vim (9.1.0366 (includes changes from 9.1))
- wget (1.24.5)
- whois (5.5.21)
- xfsprogs (6.8.0 (includes changes from 6.6.0))
- xz-utils (5.6.2)
- zfs (2.2.3)
- zlib (1.3.1)
- zstd (1.5.6)
- VMware: open-vm-tools (12.4.5)
- SDK: Rust (1.80.0)
- SDK: go (1.21.12 includes changes from 1.21)
- SDK: nasm (2.16.01)
- SDK: portage (3.0.65 (includes changes from 3.0.63))
- SDK: qemu (8.2.3)
Changes since Alpha 4054.0.0
Security fixes:
- Linux (CVE-2024-44944, CVE-2024-43877, CVE-2024-43876, CVE-2024-43875, CVE-2024-43873, CVE-2024-43871, CVE-2024-43881, CVE-2024-43880, CVE-2024-43879, CVE-2024-43869, CVE-2024-43870, CVE-2024-43856, CVE-2024-43860, CVE-2024-43859, CVE-2024-43858, CVE-2024-43833, CVE-2024-43832, CVE-2024-43831, CVE-2024-43830, CVE-2024-43829, CVE-2024-43828, CVE-2024-43855, CVE-2024-43854, CVE-2024-43853, CVE-2024-43851, CVE-2024-43850, CVE-2024-43849, CVE-2024-43847, CVE-2024-43846, CVE-2024-43845, CVE-2024-43842, CVE-2024-43841, CVE-2024-43839, CVE-2024-43837, CVE-2024-43834, CVE-2024-43825, CVE-2024-43823, CVE-2024-43821, CVE-2024-43818, CVE-2024-43817, CVE-2024-42321, CVE-2024-42322, CVE-2024-42288, CVE-2024-42297, CVE-2024-42296, CVE-2024-42295, CVE-2024-42294, CVE-2024-42292, CVE-2024-42320, CVE-2024-42318, CVE-2024-42291, CVE-2024-42316, CVE-2024-42315, CVE-2024-42314, CVE-2024-42313, CVE-2024-42311, CVE-2024-42310, CVE-2024-42309, CVE-2024-42308, CVE-2024-42290, CVE-2024-42307, CVE-2024-42306, CVE-2024-42305, CVE-2024-42304, CVE-2024-42303, CVE-2024-42302, CVE-2024-42301, CVE-2024-42299, CVE-2024-42298, CVE-2024-42289, CVE-2024-42284, CVE-2024-42283, CVE-2024-42281, CVE-2024-42280, CVE-2024-42279, CVE-2024-42278, CVE-2024-42277, CVE-2024-42287, CVE-2024-42286, CVE-2024-42285, CVE-2023-52889, CVE-2024-42276, CVE-2024-43867, CVE-2024-43866, CVE-2024-43864, CVE-2024-43863, CVE-2024-42312, CVE-2024-42274, CVE-2024-42273, CVE-2024-42272, CVE-2024-42271, CVE-2024-42270, CVE-2024-42269, CVE-2024-42268, CVE-2024-42267, CVE-2024-42265, CVE-2024-43908, CVE-2024-44931, CVE-2024-43914, CVE-2024-43912, CVE-2024-44935, CVE-2024-44934, CVE-2024-43909, CVE-2024-43905, CVE-2024-43903, CVE-2024-43902, CVE-2024-43900, CVE-2024-43907, CVE-2024-43906, CVE-2024-43897, CVE-2024-43894, CVE-2024-43893, CVE-2024-43892, CVE-2024-43890, CVE-2024-43889, CVE-2024-43895, CVE-2024-43883, CVE-2024-43861, CVE-2024-42259, CVE-2024-44943, CVE-2024-44942, CVE-2024-44941, CVE-2024-44940, CVE-2024-44938, CVE-2024-44939, CVE-2024-43898, CVE-2024-43882, CVE-2024-44947, CVE-2024-44946)
Bug fixes:
- Fix ownership of systemd units shipped with built-in docker/containerd sysexts. The files shipped on production images were accidentally owned by 1000:1000 instead of 0:0. This uid/gid is not present on Flatcar images but would be assigned to the first created user. Due to contents of sysexts and /usr being readonly on Flatcar, the invalid permissions can't be used to escalate privileges. (scripts#2266)
- Equinix Metal: Fixed oem-cloudinit.service. The availability check now uses the https://metadata.platformequinix.com/metadata endpoint. (scripts#2222)