From a84f4008bbc3502c41d0c99c2473be6308af454f Mon Sep 17 00:00:00 2001 From: Mathieu Tortuyaux Date: Wed, 22 Nov 2023 10:11:08 +0100 Subject: [PATCH 1/2] data: add new releases Alpha 3794.0.0 Beta 3760.1.0 Stable 3602.2.2 Signed-off-by: Mathieu Tortuyaux --- data/releases/alpha/3794.0.0.yml | 143 ++++ data/releases/alpha/current.yml | 157 ++-- data/releases/beta/3760.1.0.yml | 101 +++ data/releases/beta/current.yml | 147 ++-- data/releases/stable/3602.2.2.yml | 60 ++ data/releases/stable/current.yml | 54 +- static/releases-feed/releases-alpha.xml | 268 +++---- static/releases-feed/releases-beta.xml | 244 +++--- static/releases-feed/releases-lts-2022.xml | 40 +- static/releases-feed/releases-lts-2023.xml | 6 +- static/releases-feed/releases-lts.xml | 88 +-- static/releases-feed/releases-stable.xml | 216 +++--- static/releases-feed/releases.xml | 864 +++++++++++---------- static/releases-json/releases-alpha.json | 30 +- static/releases-json/releases-beta.json | 34 +- static/releases-json/releases-stable.json | 32 +- static/releases-json/releases.json | 78 +- 17 files changed, 1548 insertions(+), 1014 deletions(-) create mode 100644 data/releases/alpha/3794.0.0.yml create mode 100644 data/releases/beta/3760.1.0.yml create mode 100644 data/releases/stable/3602.2.2.yml diff --git a/data/releases/alpha/3794.0.0.yml b/data/releases/alpha/3794.0.0.yml new file mode 100644 index 00000000..a5b5798a --- /dev/null +++ b/data/releases/alpha/3794.0.0.yml @@ -0,0 +1,143 @@ +architectures: +- amd64 +- arm64 +channel: alpha +github_release: + assets: [] + assets_url: https://api.github.com/repos/flatcar/scripts/releases/130946868/assets + author: + avatar_url: https://avatars.githubusercontent.com/u/28657343?v=4 + events_url: https://api.github.com/users/tormath1/events{/privacy} + followers_url: https://api.github.com/users/tormath1/followers + following_url: https://api.github.com/users/tormath1/following{/other_user} + gists_url: https://api.github.com/users/tormath1/gists{/gist_id} + gravatar_id: '' + html_url: https://github.com/tormath1 + id: 28657343 + login: tormath1 + node_id: MDQ6VXNlcjI4NjU3MzQz + organizations_url: https://api.github.com/users/tormath1/orgs + received_events_url: https://api.github.com/users/tormath1/received_events + repos_url: https://api.github.com/users/tormath1/repos + site_admin: false + starred_url: https://api.github.com/users/tormath1/starred{/owner}{/repo} + subscriptions_url: https://api.github.com/users/tormath1/subscriptions + type: User + url: https://api.github.com/users/tormath1 + body: "**This release removes the legacy \"torcx\" image customisation and replaces\ + \ this feature with systemd-sysext. Torcx enabled users to deploy custom docker\ + \ versions; however, it required special packaging using the Flatcar SDK.** Please\ + \ refer to the \"Changes\" section below for details.\r\n\r\n**This release ships\ + \ a major Docker update: Docker was upgraded to version 24 (from version 20 in\ + \ the previous release). Please see the \"Changes\" section below for details.**\r\ + \n\r\n _Changes since **Alpha 3760.0.0**_\r\n \r\n #### Security fixes:\r\n \r\ + \n - Linux ([CVE-2023-35827](https://nvd.nist.gov/vuln/detail/CVE-2023-35827),\ + \ [CVE-2023-46813](https://nvd.nist.gov/vuln/detail/CVE-2023-46813), [CVE-2023-46862](https://nvd.nist.gov/vuln/detail/CVE-2023-46862),\ + \ [CVE-2023-5178](https://nvd.nist.gov/vuln/detail/CVE-2023-5178), [CVE-2023-5717](https://nvd.nist.gov/vuln/detail/CVE-2023-5717))\r\ + \n - VMWare: open-vm-tools ([CVE-2023-34058](https://nvd.nist.gov/vuln/detail/CVE-2023-34058),\ + \ [CVE-2023-34059](https://nvd.nist.gov/vuln/detail/CVE-2023-34059))\r\n - nghttp2\ + \ ([CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487))\r\n - samba\ + \ ([CVE-2023-4091](https://nvd.nist.gov/vuln/detail/CVE-2023-4091))\r\n - zlib\ + \ ([CVE-2023-45853](https://nvd.nist.gov/vuln/detail/CVE-2023-45853))\r\n \r\n\ + \ #### Bug fixes:\r\n \r\n - Fixed iterating over the OEM update payload signatures\ + \ which prevented the AWS OEM update to 3745.x.y ([update-engine#31](https://github.com/flatcar/update_engine/pull/31))\r\ + \n - Made `sshkeys.service` more robust to only run `coreos-metadata-sshkeys@core.service`\ + \ when not masked and also retry on failure ([init#112](https://github.com/flatcar/init/pull/112))\r\ + \n - Set TTY used for fetching server_context to RAW mode before running cloudinit\ + \ on cloudsigma ([scripts#1280](https://github.com/flatcar/scripts/pull/1280))\r\ + \n\r\n\r\n #### Known issues:\r\n\r\n- docker and containerd packages information\ + \ are missing from `flatcar_production_image_packages.txt` ([flatcar#1260](https://github.com/flatcar/Flatcar/issues/1260))\r\ + \n \r\n #### Changes:\r\n \r\n - **Torcx, the mechanism to provide a custom\ + \ Docker version, was replaced by systemd-sysext in the OS image**. Learn more\ + \ about sysext and how to customise OS images [here](https://www.flatcar.org/docs/latest/provisioning/sysext/).\r\ + \n - Torcx entered deprecation 2 years ago in favour of [deploying plain Docker\ + \ binaries](https://www.flatcar.org/docs/latest/container-runtimes/use-a-custom-docker-or-containerd-version/)\r\ + \n (which is now also a legacy option because systemd-sysext offers a more\ + \ robust and better structured way of customisation, including OS independent\ + \ updates).\r\n - Torcx has been removed entirely; if you use Torcx to extend\ + \ the Flatcar base OS image, please refer to our [conversion script](https://www.flatcar.org/docs/latest/provisioning/sysext/#torcx-deprecation)\ + \ and to the sysext documentation mentioned above for migrating.\r\n - Consequently,\ + \ `update_engine` will not perform torcx sanity checks post-update anymore.\r\n\ + \ - Relevant changes: [scripts#1216](https://github.com/flatcar/scripts/pull/1216),\ + \ [update_engine#30](https://github.com/flatcar/update_engine/pull/30), [Mantle#466](https://github.com/flatcar/mantle/pull/466),\ + \ [Mantle#465](https://github.com/flatcar/mantle/pull/465).\r\n- cri-tools, runc,\ + \ containerd, docker, and docker-cli are now built from Gentoo upstream ebuilds.\ + \ Docker received a major version upgrade - it was updated to Docker 24 (from\ + \ Docker 20; see \"updates\").\r\n - **NOTE:** The docker btrfs storage driver\ + \ has been de-prioritised; BTRFS backed storage will now default to the `overlay2`\ + \ driver\r\n ([changelog](https://docs.docker.com/engine/release-notes/23.0/#bug-fixes-and-enhancements-6),\ + \ [upstream pr](https://github.com/moby/moby/pull/42661)).\r\n Using the btrfs\ + \ driver can still be enforced by creating a respective [docker config](https://docs.docker.com/storage/storagedriver/btrfs-driver/#configure-docker-to-use-the-btrfs-storage-driver)\ + \ at `/etc/docker/daemon.json`.\r\n - **NOTE:** If you are already using btrfs-backed\ + \ Docker storage and are upgrading to this new version, Docker will automatically\ + \ use the `btrfs` storage driver for backwards-compatibility with your deployment.\r\ + \n - **Docker will remove the `btrfs` driver entirely in a future version.\ + \ Please consider migrating your deployments to the `overlay2` driver.**\r\n -\ + \ Brightbox: The regular OpenStack image should now be used, it includes Afterburn\ + \ for instance metadata attributes\r\n - OpenStack: An uncompressed image is provided\ + \ for simpler import (since the images use qcow2 inline compression, there is\ + \ no benefit in using the `.gz` or `.bz2` images)\r\n\r\n #### Updates:\r\n \r\ + \n - Azure: WALinuxAgent ([v2.9.1.1](https://github.com/Azure/WALinuxAgent/releases/tag/v2.9.1.1))\r\ + \n - DEV, AZURE: python ([3.11.6](https://docs.python.org/release/3.11.6/whatsnew/changelog.html#python-3-11-6))\r\ + \n - DEV: iperf ([3.15](https://github.com/esnet/iperf/releases/tag/3.15))\r\n\ + \ - DEV: smartmontools ([7.4](https://www.smartmontools.org/browser/tags/RELEASE_7_4/smartmontools/NEWS))\r\ + \n - Go ([1.20.11](https://go.dev/doc/devel/release#go1.20.11))\r\n - Linux ([6.1.62](https://lwn.net/Articles/950700)\ + \ (includes [6.1.61](https://lwn.net/Articles/949826), [6.1.60](https://lwn.net/Articles/948817)\ + \ and [6.1.59](https://lwn.net/Articles/948297)))\r\n - Linux Firmware ([20231111](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20231111)\ + \ (includes [20231030](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20231030)))\r\ + \n - SDK: Rust ([1.73.0](https://github.com/rust-lang/rust/releases/tag/1.73.0))\r\ + \n - SDK: python packaging ([23.2](https://github.com/pypa/packaging/releases/tag/23.2)),\ + \ platformdirs ([3.11.0](https://github.com/platformdirs/platformdirs/releases/tag/3.11.0))\ + \ \r\n - VMWare: open-vm-tools ([12.3.5](https://github.com/vmware/open-vm-tools/releases/tag/stable-12.3.5))\r\ + \n - containerd ([1.7.9](https://github.com/containerd/containerd/releases/tag/v1.7.9)\ + \ (includes [1.7.8](https://github.com/containerd/containerd/releases/tag/v1.7.8)))\r\ + \n - cri-tools ([1.27.0](https://github.com/kubernetes-sigs/cri-tools/releases/tag/v1.27.0))\r\ + \n - ding-libs ([0.6.2](https://github.com/SSSD/ding-libs/releases/tag/0.6.2))\r\ + \n - docker ([24.0.6](https://docs.docker.com/engine/release-notes/24.0/), includes\ + \ changes from [23.0](https://docs.docker.com/engine/release-notes/23.0/))\r\n\ + \ - ethtool ([6.5](https://git.kernel.org/pub/scm/network/ethtool/ethtool.git/tree/NEWS?h=v6.5))\r\ + \n - hwdata ([v0.375](https://github.com/vcrhonek/hwdata/releases/tag/v0.375)\ + \ (includes [0.374](https://github.com/vcrhonek/hwdata/commits/v0.374)))\r\n -\ + \ iproute2 ([6.5.0](https://marc.info/?l=linux-netdev&m=169401822317373&w=2))\r\ + \n - json-c ([0.17](https://github.com/json-c/json-c/blob/json-c-0.17-20230812/ChangeLog))\r\ + \n - libffi ([3.4.4](https://github.com/libffi/libffi/releases/tag/v3.4.4) (includes\ + \ [3.4.2](https://github.com/libffi/libffi/releases/tag/v3.4.2) and [3.4.3](https://github.com/libffi/libffi/releases/tag/v3.4.3)))\r\ + \n - liblinear (246)\r\n - libsodium ([1.0.19](https://github.com/jedisct1/libsodium/releases/tag/1.0.19-RELEASE))\r\ + \n - libunistring ([1.1](https://git.savannah.gnu.org/gitweb/?p=libunistring.git;a=blob;f=NEWS;h=5a43ddd7011d62a952733f6c0b7ad52aa4f385c7;hb=8006860b710aae2e8442088c3ddc7d819dfa8ac7))\r\ + \n - mpc ([1.3.1](https://sympa.inria.fr/sympa/arc/mpc-discuss/2022-12/msg00049.html)\ + \ (includes [1.3.0](https://sympa.inria.fr/sympa/arc/mpc-discuss/2022-12/msg00028.html))\r\ + \n - mpfr ([4.2.1](https://gitlab.inria.fr/mpfr/mpfr/-/blob/4.2.1/NEWS))\r\n -\ + \ nghttp2 ([1.57.0](https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0) (includes\ + \ [1.52.0](https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0), [1.53.0](https://github.com/nghttp2/nghttp2/releases/tag/v1.53.0),\ + \ [1.54.0](https://github.com/nghttp2/nghttp2/releases/tag/v1.54.0), [1.55.0](https://github.com/nghttp2/nghttp2/releases/tag/v1.55.0),\ + \ [1.55.1](https://github.com/nghttp2/nghttp2/releases/tag/v1.55.1) and [1.56.0](https://github.com/nghttp2/nghttp2/releases/tag/v1.56.0)))\r\ + \n - nspr ([4.35](https://hg.mozilla.org/projects/nspr/log/b563bfc16c887c48b038b7b441fcc4e40a126d3b))\r\ + \n - ntp ([4.2.8p17](https://www.ntp.org/support/securitynotice/4_2_8p17-release-announcement/))\r\ + \n - nvme-cli ([v2.6](https://github.com/linux-nvme/nvme-cli/releases/tag/v2.6),\ + \ libnvme [v1.6](https://github.com/linux-nvme/libnvme/releases/tag/v1.6))\r\n\ + \ - protobuf ([21.12](https://github.com/protocolbuffers/protobuf/releases/tag/v21.12)\ + \ (includes [21.10](https://github.com/protocolbuffers/protobuf/releases/tag/v21.10)\ + \ and [21.11](https://github.com/protocolbuffers/protobuf/releases/tag/v21.11)))\r\ + \n - samba ([4.18.8](https://www.samba.org/samba/history/samba-4.18.8.html))\r\ + \n - sqlite ([3.43.2](https://www.sqlite.org/releaselog/3_43_2.html))\r\n - thin-provisioning-tools\ + \ ([1.0.6](https://github.com/jthornber/thin-provisioning-tools/blob/v1.0.6/CHANGES))" + created_at: '2023-11-20T16:11:03Z' + draft: false + html_url: https://github.com/flatcar/scripts/releases/tag/alpha-3794.0.0 + id: 130946868 + name: '' + node_id: RE_kwDOB2MTHs4Hzhc0 + prerelease: false + published_at: '2023-11-22T07:53:31Z' + tag_name: alpha-3794.0.0 + tarball_url: https://api.github.com/repos/flatcar/scripts/tarball/alpha-3794.0.0 + target_commitish: main + upload_url: https://uploads.github.com/repos/flatcar/scripts/releases/130946868/assets{?name,label} + url: https://api.github.com/repos/flatcar/scripts/releases/130946868 + zipball_url: https://api.github.com/repos/flatcar/scripts/zipball/alpha-3794.0.0 +image_packages: + ignition: 2.15.0 + kernel: 6.1.62 + systemd: '252' +release: 3794.0.0 +version: 3794.0.0 diff --git a/data/releases/alpha/current.yml b/data/releases/alpha/current.yml index f8fa3968..0bd685da 100644 --- a/data/releases/alpha/current.yml +++ b/data/releases/alpha/current.yml @@ -4,7 +4,7 @@ architectures: channel: alpha github_release: assets: [] - assets_url: https://api.github.com/repos/flatcar/scripts/releases/126560210/assets + assets_url: https://api.github.com/repos/flatcar/scripts/releases/130946868/assets author: avatar_url: https://avatars.githubusercontent.com/u/28657343?v=4 events_url: https://api.github.com/users/tormath1/events{/privacy} @@ -24,57 +24,120 @@ github_release: subscriptions_url: https://api.github.com/users/tormath1/subscriptions type: User url: https://api.github.com/users/tormath1 - body: "_Changes since **Alpha 3745.0.0**_\r\n \r\n #### Security fixes:\r\n \r\n\ - \ - Go ([CVE-2023-39323](https://nvd.nist.gov/vuln/detail/CVE-2023-39323), [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325))\r\ - \n - curl ([CVE-2023-38545](https://nvd.nist.gov/vuln/detail/CVE-2023-38545),\ - \ [CVE-2023-38546](https://nvd.nist.gov/vuln/detail/CVE-2023-38546))\r\n - glibc\ - \ ([CVE-2023-4911](https://nvd.nist.gov/vuln/detail/CVE-2023-4911))\r\n - grub\ - \ ([CVE-2023-4692](https://nvd.nist.gov/vuln/detail/CVE-2023-4692), [CVE-2023-4693](https://nvd.nist.gov/vuln/detail/CVE-2023-4693))\r\ - \n - libtirpc ([libtirpc-rhbg-2138317](http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=4a2d85c64110ee9e21a8c4f9dafd6b0ae621506d),\ - \ [libtirpc-rhbg-2150611](http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=f7f0abdf267698de3f74a0285405b1b01f40893b),\ - \ [libtirpc-rhbg-2224666](http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=1d2e10afb2ffc35cb3623f57a15f712359f18e75))\r\ - \n \r\n #### Bug fixes:\r\n \r\n - Added AWS EKS support for versions 1.24-1.28.\ - \ Fixed `/usr/share/amazon/eks/download-kubelet.sh` to include download paths\ - \ for these versions. ([scripts#1210](https://github.com/flatcar/scripts/pull/1210))\r\ - \n - Disabled systemd-networkd's RoutesToDNS setting by default to fix provisioning\ - \ failures observed in VMs with multiple network interfaces on Azure ([scripts#1206](https://github.com/flatcar/scripts/pull/1206))\r\ - \n - Fixed quotes handling for update-engine ([Flatcar#1209](https://github.com/flatcar/Flatcar/issues/1209))\r\ - \n - Fixed the postinstall hook failure when updating from Azure instances without\ - \ OEM systemd-sysext images to Flatcar Alpha 3745.x.y ([update_engine#29](https://github.com/flatcar/update_engine/pull/29))\r\ - \n \r\n #### Changes:\r\n \r\n - To make Kubernetes work by default, `/usr/libexec/kubernetes/kubelet-plugins/volume/exec`\ - \ is now a symlink to the writable folder `/var/kubernetes/kubelet-plugins/volume/exec`\ - \ ([Flatcar#1193](https://github.com/flatcar/Flatcar/issues/1193))\r\n \r\n ####\ - \ Updates:\r\n \r\n - Go ([1.20.10](https://go.dev/doc/devel/release#go1.20.10)\ - \ (includes [1.20.9](https://go.dev/doc/devel/release#go1.20.9)))\r\n - Linux\ - \ ([6.1.58](https://lwn.net/Articles/947820) (includes [6.1.57](https://lwn.net/Articles/947298),\ - \ [6.1.56](https://lwn.net/Articles/946854)))\r\n - ca-certificates ([3.94](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_94.html))\r\ - \n - containerd ([1.7.7](https://github.com/containerd/containerd/releases/tag/v1.7.7))\r\ - \n - curl ([8.4.0](https://curl.se/changes.html#8_4_0))\r\n - libnl ([3.8.0](https://github.com/thom311/libnl/compare/libnl3_7_0...libnl3_8_0))\r\ - \n - libtirpc ([1.3.4](https://marc.info/?l=linux-nfs&m=169667640909830&w=2))\r\ - \n - libxml2 ([2.11.5](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.5))\r\ - \n - openssh ([9.5p1](https://www.openssh.com/releasenotes.html#9.5p1))\r\n -\ - \ pigz ([2.8](https://zlib.net/pipermail/pigz-announce_zlib.net/2023-August/000018.html))\r\ - \n - strace ([6.4](https://github.com/strace/strace/releases/tag/v6.4))\r\n -\ - \ whois ([5.5.18](https://github.com/rfc1036/whois/blob/v5.5.18/debian/changelog))" - created_at: '2023-10-17T13:40:58Z' + body: "**This release removes the legacy \"torcx\" image customisation and replaces\ + \ this feature with systemd-sysext. Torcx enabled users to deploy custom docker\ + \ versions; however, it required special packaging using the Flatcar SDK.** Please\ + \ refer to the \"Changes\" section below for details.\r\n\r\n**This release ships\ + \ a major Docker update: Docker was upgraded to version 24 (from version 20 in\ + \ the previous release). Please see the \"Changes\" section below for details.**\r\ + \n\r\n _Changes since **Alpha 3760.0.0**_\r\n \r\n #### Security fixes:\r\n \r\ + \n - Linux ([CVE-2023-35827](https://nvd.nist.gov/vuln/detail/CVE-2023-35827),\ + \ [CVE-2023-46813](https://nvd.nist.gov/vuln/detail/CVE-2023-46813), [CVE-2023-46862](https://nvd.nist.gov/vuln/detail/CVE-2023-46862),\ + \ [CVE-2023-5178](https://nvd.nist.gov/vuln/detail/CVE-2023-5178), [CVE-2023-5717](https://nvd.nist.gov/vuln/detail/CVE-2023-5717))\r\ + \n - VMWare: open-vm-tools ([CVE-2023-34058](https://nvd.nist.gov/vuln/detail/CVE-2023-34058),\ + \ [CVE-2023-34059](https://nvd.nist.gov/vuln/detail/CVE-2023-34059))\r\n - nghttp2\ + \ ([CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487))\r\n - samba\ + \ ([CVE-2023-4091](https://nvd.nist.gov/vuln/detail/CVE-2023-4091))\r\n - zlib\ + \ ([CVE-2023-45853](https://nvd.nist.gov/vuln/detail/CVE-2023-45853))\r\n \r\n\ + \ #### Bug fixes:\r\n \r\n - Fixed iterating over the OEM update payload signatures\ + \ which prevented the AWS OEM update to 3745.x.y ([update-engine#31](https://github.com/flatcar/update_engine/pull/31))\r\ + \n - Made `sshkeys.service` more robust to only run `coreos-metadata-sshkeys@core.service`\ + \ when not masked and also retry on failure ([init#112](https://github.com/flatcar/init/pull/112))\r\ + \n - Set TTY used for fetching server_context to RAW mode before running cloudinit\ + \ on cloudsigma ([scripts#1280](https://github.com/flatcar/scripts/pull/1280))\r\ + \n\r\n\r\n #### Known issues:\r\n\r\n- docker and containerd packages information\ + \ are missing from `flatcar_production_image_packages.txt` ([flatcar#1260](https://github.com/flatcar/Flatcar/issues/1260))\r\ + \n \r\n #### Changes:\r\n \r\n - **Torcx, the mechanism to provide a custom\ + \ Docker version, was replaced by systemd-sysext in the OS image**. Learn more\ + \ about sysext and how to customise OS images [here](https://www.flatcar.org/docs/latest/provisioning/sysext/).\r\ + \n - Torcx entered deprecation 2 years ago in favour of [deploying plain Docker\ + \ binaries](https://www.flatcar.org/docs/latest/container-runtimes/use-a-custom-docker-or-containerd-version/)\r\ + \n (which is now also a legacy option because systemd-sysext offers a more\ + \ robust and better structured way of customisation, including OS independent\ + \ updates).\r\n - Torcx has been removed entirely; if you use Torcx to extend\ + \ the Flatcar base OS image, please refer to our [conversion script](https://www.flatcar.org/docs/latest/provisioning/sysext/#torcx-deprecation)\ + \ and to the sysext documentation mentioned above for migrating.\r\n - Consequently,\ + \ `update_engine` will not perform torcx sanity checks post-update anymore.\r\n\ + \ - Relevant changes: [scripts#1216](https://github.com/flatcar/scripts/pull/1216),\ + \ [update_engine#30](https://github.com/flatcar/update_engine/pull/30), [Mantle#466](https://github.com/flatcar/mantle/pull/466),\ + \ [Mantle#465](https://github.com/flatcar/mantle/pull/465).\r\n- cri-tools, runc,\ + \ containerd, docker, and docker-cli are now built from Gentoo upstream ebuilds.\ + \ Docker received a major version upgrade - it was updated to Docker 24 (from\ + \ Docker 20; see \"updates\").\r\n - **NOTE:** The docker btrfs storage driver\ + \ has been de-prioritised; BTRFS backed storage will now default to the `overlay2`\ + \ driver\r\n ([changelog](https://docs.docker.com/engine/release-notes/23.0/#bug-fixes-and-enhancements-6),\ + \ [upstream pr](https://github.com/moby/moby/pull/42661)).\r\n Using the btrfs\ + \ driver can still be enforced by creating a respective [docker config](https://docs.docker.com/storage/storagedriver/btrfs-driver/#configure-docker-to-use-the-btrfs-storage-driver)\ + \ at `/etc/docker/daemon.json`.\r\n - **NOTE:** If you are already using btrfs-backed\ + \ Docker storage and are upgrading to this new version, Docker will automatically\ + \ use the `btrfs` storage driver for backwards-compatibility with your deployment.\r\ + \n - **Docker will remove the `btrfs` driver entirely in a future version.\ + \ Please consider migrating your deployments to the `overlay2` driver.**\r\n -\ + \ Brightbox: The regular OpenStack image should now be used, it includes Afterburn\ + \ for instance metadata attributes\r\n - OpenStack: An uncompressed image is provided\ + \ for simpler import (since the images use qcow2 inline compression, there is\ + \ no benefit in using the `.gz` or `.bz2` images)\r\n\r\n #### Updates:\r\n \r\ + \n - Azure: WALinuxAgent ([v2.9.1.1](https://github.com/Azure/WALinuxAgent/releases/tag/v2.9.1.1))\r\ + \n - DEV, AZURE: python ([3.11.6](https://docs.python.org/release/3.11.6/whatsnew/changelog.html#python-3-11-6))\r\ + \n - DEV: iperf ([3.15](https://github.com/esnet/iperf/releases/tag/3.15))\r\n\ + \ - DEV: smartmontools ([7.4](https://www.smartmontools.org/browser/tags/RELEASE_7_4/smartmontools/NEWS))\r\ + \n - Go ([1.20.11](https://go.dev/doc/devel/release#go1.20.11))\r\n - Linux ([6.1.62](https://lwn.net/Articles/950700)\ + \ (includes [6.1.61](https://lwn.net/Articles/949826), [6.1.60](https://lwn.net/Articles/948817)\ + \ and [6.1.59](https://lwn.net/Articles/948297)))\r\n - Linux Firmware ([20231111](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20231111)\ + \ (includes [20231030](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20231030)))\r\ + \n - SDK: Rust ([1.73.0](https://github.com/rust-lang/rust/releases/tag/1.73.0))\r\ + \n - SDK: python packaging ([23.2](https://github.com/pypa/packaging/releases/tag/23.2)),\ + \ platformdirs ([3.11.0](https://github.com/platformdirs/platformdirs/releases/tag/3.11.0))\ + \ \r\n - VMWare: open-vm-tools ([12.3.5](https://github.com/vmware/open-vm-tools/releases/tag/stable-12.3.5))\r\ + \n - containerd ([1.7.9](https://github.com/containerd/containerd/releases/tag/v1.7.9)\ + \ (includes [1.7.8](https://github.com/containerd/containerd/releases/tag/v1.7.8)))\r\ + \n - cri-tools ([1.27.0](https://github.com/kubernetes-sigs/cri-tools/releases/tag/v1.27.0))\r\ + \n - ding-libs ([0.6.2](https://github.com/SSSD/ding-libs/releases/tag/0.6.2))\r\ + \n - docker ([24.0.6](https://docs.docker.com/engine/release-notes/24.0/), includes\ + \ changes from [23.0](https://docs.docker.com/engine/release-notes/23.0/))\r\n\ + \ - ethtool ([6.5](https://git.kernel.org/pub/scm/network/ethtool/ethtool.git/tree/NEWS?h=v6.5))\r\ + \n - hwdata ([v0.375](https://github.com/vcrhonek/hwdata/releases/tag/v0.375)\ + \ (includes [0.374](https://github.com/vcrhonek/hwdata/commits/v0.374)))\r\n -\ + \ iproute2 ([6.5.0](https://marc.info/?l=linux-netdev&m=169401822317373&w=2))\r\ + \n - json-c ([0.17](https://github.com/json-c/json-c/blob/json-c-0.17-20230812/ChangeLog))\r\ + \n - libffi ([3.4.4](https://github.com/libffi/libffi/releases/tag/v3.4.4) (includes\ + \ [3.4.2](https://github.com/libffi/libffi/releases/tag/v3.4.2) and [3.4.3](https://github.com/libffi/libffi/releases/tag/v3.4.3)))\r\ + \n - liblinear (246)\r\n - libsodium ([1.0.19](https://github.com/jedisct1/libsodium/releases/tag/1.0.19-RELEASE))\r\ + \n - libunistring ([1.1](https://git.savannah.gnu.org/gitweb/?p=libunistring.git;a=blob;f=NEWS;h=5a43ddd7011d62a952733f6c0b7ad52aa4f385c7;hb=8006860b710aae2e8442088c3ddc7d819dfa8ac7))\r\ + \n - mpc ([1.3.1](https://sympa.inria.fr/sympa/arc/mpc-discuss/2022-12/msg00049.html)\ + \ (includes [1.3.0](https://sympa.inria.fr/sympa/arc/mpc-discuss/2022-12/msg00028.html))\r\ + \n - mpfr ([4.2.1](https://gitlab.inria.fr/mpfr/mpfr/-/blob/4.2.1/NEWS))\r\n -\ + \ nghttp2 ([1.57.0](https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0) (includes\ + \ [1.52.0](https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0), [1.53.0](https://github.com/nghttp2/nghttp2/releases/tag/v1.53.0),\ + \ [1.54.0](https://github.com/nghttp2/nghttp2/releases/tag/v1.54.0), [1.55.0](https://github.com/nghttp2/nghttp2/releases/tag/v1.55.0),\ + \ [1.55.1](https://github.com/nghttp2/nghttp2/releases/tag/v1.55.1) and [1.56.0](https://github.com/nghttp2/nghttp2/releases/tag/v1.56.0)))\r\ + \n - nspr ([4.35](https://hg.mozilla.org/projects/nspr/log/b563bfc16c887c48b038b7b441fcc4e40a126d3b))\r\ + \n - ntp ([4.2.8p17](https://www.ntp.org/support/securitynotice/4_2_8p17-release-announcement/))\r\ + \n - nvme-cli ([v2.6](https://github.com/linux-nvme/nvme-cli/releases/tag/v2.6),\ + \ libnvme [v1.6](https://github.com/linux-nvme/libnvme/releases/tag/v1.6))\r\n\ + \ - protobuf ([21.12](https://github.com/protocolbuffers/protobuf/releases/tag/v21.12)\ + \ (includes [21.10](https://github.com/protocolbuffers/protobuf/releases/tag/v21.10)\ + \ and [21.11](https://github.com/protocolbuffers/protobuf/releases/tag/v21.11)))\r\ + \n - samba ([4.18.8](https://www.samba.org/samba/history/samba-4.18.8.html))\r\ + \n - sqlite ([3.43.2](https://www.sqlite.org/releaselog/3_43_2.html))\r\n - thin-provisioning-tools\ + \ ([1.0.6](https://github.com/jthornber/thin-provisioning-tools/blob/v1.0.6/CHANGES))" + created_at: '2023-11-20T16:11:03Z' draft: false - html_url: https://github.com/flatcar/scripts/releases/tag/alpha-3760.0.0 - id: 126560210 + html_url: https://github.com/flatcar/scripts/releases/tag/alpha-3794.0.0 + id: 130946868 name: '' - node_id: RE_kwDOB2MTHs4HiyfS + node_id: RE_kwDOB2MTHs4Hzhc0 prerelease: false - published_at: '2023-10-25T08:37:38Z' - tag_name: alpha-3760.0.0 - tarball_url: https://api.github.com/repos/flatcar/scripts/tarball/alpha-3760.0.0 + published_at: '2023-11-22T07:53:31Z' + tag_name: alpha-3794.0.0 + tarball_url: https://api.github.com/repos/flatcar/scripts/tarball/alpha-3794.0.0 target_commitish: main - upload_url: https://uploads.github.com/repos/flatcar/scripts/releases/126560210/assets{?name,label} - url: https://api.github.com/repos/flatcar/scripts/releases/126560210 - zipball_url: https://api.github.com/repos/flatcar/scripts/zipball/alpha-3760.0.0 + upload_url: https://uploads.github.com/repos/flatcar/scripts/releases/130946868/assets{?name,label} + url: https://api.github.com/repos/flatcar/scripts/releases/130946868 + zipball_url: https://api.github.com/repos/flatcar/scripts/zipball/alpha-3794.0.0 image_packages: - containerd: 1.7.7 - docker: 20.10.24 ignition: 2.15.0 - kernel: 6.1.58 + kernel: 6.1.62 systemd: '252' release: current -version: 3760.0.0 +version: 3794.0.0 diff --git a/data/releases/beta/3760.1.0.yml b/data/releases/beta/3760.1.0.yml new file mode 100644 index 00000000..2e7a1645 --- /dev/null +++ b/data/releases/beta/3760.1.0.yml @@ -0,0 +1,101 @@ +architectures: +- amd64 +- arm64 +channel: beta +github_release: + assets: [] + assets_url: https://api.github.com/repos/flatcar/scripts/releases/130946966/assets + author: + avatar_url: https://avatars.githubusercontent.com/u/28657343?v=4 + events_url: https://api.github.com/users/tormath1/events{/privacy} + followers_url: https://api.github.com/users/tormath1/followers + following_url: https://api.github.com/users/tormath1/following{/other_user} + gists_url: https://api.github.com/users/tormath1/gists{/gist_id} + gravatar_id: '' + html_url: https://github.com/tormath1 + id: 28657343 + login: tormath1 + node_id: MDQ6VXNlcjI4NjU3MzQz + organizations_url: https://api.github.com/users/tormath1/orgs + received_events_url: https://api.github.com/users/tormath1/received_events + repos_url: https://api.github.com/users/tormath1/repos + site_admin: false + starred_url: https://api.github.com/users/tormath1/starred{/owner}{/repo} + subscriptions_url: https://api.github.com/users/tormath1/subscriptions + type: User + url: https://api.github.com/users/tormath1 + body: ":warning: From Alpha 3794.0.0 Torcx has been removed - please assert that\ + \ you don't rely on specific Torcx mechanism but now use systemd-sysext. See [here](https://www.flatcar.org/docs/latest/provisioning/sysext/)\ + \ for more information.\r\n\r\n _Changes since **Beta 3745.1.0**_\r\n \r\n ####\ + \ Security fixes:\r\n \r\n - Linux ([CVE-2023-35827](https://nvd.nist.gov/vuln/detail/CVE-2023-35827),\ + \ [CVE-2023-46813](https://nvd.nist.gov/vuln/detail/CVE-2023-46813), [CVE-2023-46862](https://nvd.nist.gov/vuln/detail/CVE-2023-46862),\ + \ [CVE-2023-5178](https://nvd.nist.gov/vuln/detail/CVE-2023-5178), [CVE-2023-5717](https://nvd.nist.gov/vuln/detail/CVE-2023-5717))\r\ + \n - curl ([CVE-2023-38545](https://nvd.nist.gov/vuln/detail/CVE-2023-38545),\ + \ [CVE-2023-38546](https://nvd.nist.gov/vuln/detail/CVE-2023-38546))\r\n - glibc\ + \ ([CVE-2023-4911](https://nvd.nist.gov/vuln/detail/CVE-2023-4911))\r\n - go ([CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325),\ + \ [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325))\r\n - grub\ + \ ([CVE-2023-4692](https://nvd.nist.gov/vuln/detail/CVE-2023-4692), [CVE-2023-4693](https://nvd.nist.gov/vuln/detail/CVE-2023-4693))\r\ + \n - libtirpc ([libtirpc-rhbg-2138317](http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=4a2d85c64110ee9e21a8c4f9dafd6b0ae621506d),\ + \ [libtirpc-rhbg-2150611](http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=f7f0abdf267698de3f74a0285405b1b01f40893b),\ + \ [libtirpc-rhbg-2224666](http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=1d2e10afb2ffc35cb3623f57a15f712359f18e75))\r\ + \n \r\n #### Bug fixes:\r\n \r\n - Added AWS EKS support for versions 1.24-1.28.\ + \ Fixed `/usr/share/amazon/eks/download-kubelet.sh` to include download paths\ + \ for these versions. ([scripts#1210](https://github.com/flatcar/scripts/pull/1210))\r\ + \n - Fixed iterating over the OEM update payload signatures which prevented the\ + \ AWS OEM update to 3745.x.y ([update-engine#31](https://github.com/flatcar/update_engine/pull/31))\r\ + \n - Fixed quotes handling for update-engine ([Flatcar#1209](https://github.com/flatcar/Flatcar/issues/1209))\r\ + \n - Made `sshkeys.service` more robust to only run `coreos-metadata-sshkeys@core.service`\ + \ when not masked and also retry on failure ([init#112](https://github.com/flatcar/init/pull/112))\r\ + \n \r\n #### Changes:\r\n \r\n - Brightbox: The regular OpenStack image should\ + \ now be used, it includes Afterburn for instance metadata attributes\r\n - OpenStack:\ + \ An uncompressed image is provided for simpler import (since the images use qcow2\ + \ inline compression, there is no benefit in using the `.gz` or `.bz2` images)\r\ + \n \r\n #### Updates:\r\n \r\n - Go ([1.20.10](https://go.dev/doc/devel/release#go1.20.10)\ + \ (includes [1.20.9](https://go.dev/doc/devel/release#go1.20.9)))\r\n - Linux\ + \ ([6.1.62](https://lwn.net/Articles/950700) (includes [6.1.61](https://lwn.net/Articles/949826),\ + \ [6.1.60](https://lwn.net/Articles/948817) and includes [6.1.59](https://lwn.net/Articles/948299)))\r\ + \n - containerd ([1.7.7](https://github.com/containerd/containerd/releases/tag/v1.7.7))\r\ + \n - curl ([8.4.0](https://curl.se/changes.html#8_4_0))\r\n - libnl ([3.8.0](https://github.com/thom311/libnl/compare/libnl3_7_0...libnl3_8_0))\r\ + \n - libtirpc ([1.3.4](https://marc.info/?l=linux-nfs&m=169667640909830&w=2))\r\ + \n - libxml2 ([2.11.5](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.5))\r\ + \n - openssh ([9.5p1](https://www.openssh.com/releasenotes.html#9.5p1))\r\n -\ + \ pigz ([2.8](https://zlib.net/pipermail/pigz-announce_zlib.net/2023-August/000018.html))\r\ + \n - strace([6.4](https://github.com/strace/strace/releases/tag/v6.4))\r\n - whois\ + \ ([5.5.18](https://github.com/rfc1036/whois/blob/v5.5.18/debian/changelog))\r\ + \n \r\n _Changes since **Alpha 3760.0.0**_\r\n \r\n #### Security fixes:\r\n \r\ + \n - Linux ([CVE-2023-35827](https://nvd.nist.gov/vuln/detail/CVE-2023-35827),\ + \ [CVE-2023-46813](https://nvd.nist.gov/vuln/detail/CVE-2023-46813), [CVE-2023-46862](https://nvd.nist.gov/vuln/detail/CVE-2023-46862),\ + \ [CVE-2023-5178](https://nvd.nist.gov/vuln/detail/CVE-2023-5178), [CVE-2023-5717](https://nvd.nist.gov/vuln/detail/CVE-2023-5717))\r\ + \n \r\n #### Bug fixes:\r\n \r\n - Fixed iterating over the OEM update payload\ + \ signatures which prevented the AWS OEM update to 3745.x.y ([update-engine#31](https://github.com/flatcar/update_engine/pull/31))\r\ + \n - Made `sshkeys.service` more robust to only run `coreos-metadata-sshkeys@core.service`\ + \ when not masked and also retry on failure ([init#112](https://github.com/flatcar/init/pull/112))\r\ + \n \r\n #### Changes:\r\n \r\n - Brightbox: The regular OpenStack image should\ + \ now be used, it includes Afterburn for instance metadata attributes\r\n - OpenStack:\ + \ An uncompressed image is provided for simpler import (since the images use qcow2\ + \ inline compression, there is no benefit in using the `.gz` or `.bz2` images)\r\ + \n \r\n #### Updates:\r\n \r\n - Linux ([6.1.62](https://lwn.net/Articles/950700)\ + \ (includes [6.1.61](https://lwn.net/Articles/949826), [6.1.60](https://lwn.net/Articles/948817)\ + \ and includes [6.1.59](https://lwn.net/Articles/948299)))" + created_at: '2023-11-20T16:14:21Z' + draft: false + html_url: https://github.com/flatcar/scripts/releases/tag/beta-3760.1.0 + id: 130946966 + name: '' + node_id: RE_kwDOB2MTHs4HzheW + prerelease: false + published_at: '2023-11-22T07:54:40Z' + tag_name: beta-3760.1.0 + tarball_url: https://api.github.com/repos/flatcar/scripts/tarball/beta-3760.1.0 + target_commitish: main + upload_url: https://uploads.github.com/repos/flatcar/scripts/releases/130946966/assets{?name,label} + url: https://api.github.com/repos/flatcar/scripts/releases/130946966 + zipball_url: https://api.github.com/repos/flatcar/scripts/zipball/beta-3760.1.0 +image_packages: + containerd: 1.7.7 + docker: 20.10.24 + ignition: 2.15.0 + kernel: 6.1.62 + systemd: '252' +release: 3760.1.0 +version: 3760.1.0 diff --git a/data/releases/beta/current.yml b/data/releases/beta/current.yml index fc2abc3b..9e5ba063 100644 --- a/data/releases/beta/current.yml +++ b/data/releases/beta/current.yml @@ -4,7 +4,7 @@ architectures: channel: beta github_release: assets: [] - assets_url: https://api.github.com/repos/flatcar/scripts/releases/126560368/assets + assets_url: https://api.github.com/repos/flatcar/scripts/releases/130946966/assets author: avatar_url: https://avatars.githubusercontent.com/u/28657343?v=4 events_url: https://api.github.com/users/tormath1/events{/privacy} @@ -24,93 +24,78 @@ github_release: subscriptions_url: https://api.github.com/users/tormath1/subscriptions type: User url: https://api.github.com/users/tormath1 - body: "_Changes since **Beta 3732.1.0**_\r\n \r\n #### Security fixes:\r\n \r\n\ - \ - curl ([CVE-2023-38039](https://nvd.nist.gov/vuln/detail/CVE-2023-38039), [CVE-2023-38545](https://nvd.nist.gov/vuln/detail/CVE-2023-38545),\ - \ [CVE-2023-38546](https://nvd.nist.gov/vuln/detail/CVE-2023-38546))\r\n - glibc\ - \ ([CVE-2023-4527](https://nvd.nist.gov/vuln/detail/CVE-2023-4527), [CVE-2023-4806](https://nvd.nist.gov/vuln/detail/CVE-2023-4806))\r\ - \n - lua ([CVE-2022-33099](https://nvd.nist.gov/vuln/detail/CVE-2022-33099))\r\ - \n - mit-krb5 ([CVE-2023-36054](https://nvd.nist.gov/vuln/detail/CVE-2023-36054))\r\ - \n - procps ([CVE-2023-4016](https://nvd.nist.gov/vuln/detail/CVE-2023-4016))\r\ - \n - samba ([CVE-2021-44142](https://nvd.nist.gov/vuln/detail/CVE-2021-44142),\ - \ [CVE-2022-1615](https://nvd.nist.gov/vuln/detail/CVE-2022-1615))\r\n \r\n ####\ - \ Bug fixes:\r\n \r\n - Disabled systemd-networkd's RoutesToDNS setting by default\ - \ to fix provisioning failures observed in VMs with multiple network interfaces\ - \ on Azure ([scripts#1206](https://github.com/flatcar/scripts/pull/1206))\r\n\ - \ - Fixed the postinstall hook failure when updating from Azure instances without\ - \ OEM systemd-sysext images to Flatcar Alpha 3745.x.y ([update_engine#29](https://github.com/flatcar/update_engine/pull/29))\r\ - \n \r\n #### Changes:\r\n \r\n - AWS OEM images now use a systemd-sysext image\ - \ for layering additional platform-specific software on top of `/usr`\r\n - Reworked\ - \ the VMware OEM software to be shipped as A/B updated systemd-sysext image\r\n\ - \ - SDK: Experimental support for [prefix builds](https://github.com/flatcar/scripts/blob/main/PREFIX.md)\ - \ to create distro independent, portable, self-contained applications w/ all dependencies\ - \ included. With contributions from [chewi](https://github.com/chewi) and [HappyTobi](https://github.com/HappyTobi).\r\ - \n - Started shipping default ssh client and ssh daemon configs in `/etc/ssh/ssh_config`\ - \ and `/etc/ssh/sshd_config` which include config snippets in `/etc/ssh/ssh_config.d`\ - \ and `/etc/ssh/sshd_config.d`, respectively.\r\n - The open-vm-tools package\ - \ in VMware OEM now comes with vmhgfs-fuse, udev rules, pam and vgauth\r\n - To\ - \ make Kubernetes work by default, `/usr/libexec/kubernetes/kubelet-plugins/volume/exec`\ - \ is now a symlink to the writable folder `/var/kubernetes/kubelet-plugins/volume/exec`\ - \ ([Flatcar#1193](https://github.com/flatcar/Flatcar/issues/1193))\r\n \r\n ####\ - \ Updates:\r\n \r\n - Linux ([6.1.58](https://lwn.net/Articles/947820) (includes\ - \ [6.1.57](https://lwn.net/Articles/947298), [6.1.56](https://lwn.net/Articles/946854)))\r\ - \n - Linux Firmware ([20230919](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20230919))\r\ - \n - bind-tools ([9.16.42](https://bind9.readthedocs.io/en/v9.16.42/notes.html#notes-for-bind-9-16-42))\r\ - \n - ca-certificates ([3.94](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_94.html))\r\ - \n - checkpolicy ([3.5](https://github.com/SELinuxProject/selinux/releases/tag/3.5))\r\ - \n - curl ([8.3.0](https://curl.se/changes.html#8_3_0))\r\n - gcc ([13.2](https://gcc.gnu.org/gcc-13/changes.html))\r\ - \n - gzip ([1.13](https://savannah.gnu.org/news/?id=10501))\r\n - libgcrypt ([1.10.2](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=blob;f=NEWS;h=c9a239615f8070427a96688b1be40a81e59e9b8a;hb=1c5cbacf3d88dded5063e959ee68678ff7d0fa56))\r\ - \n - libselinux ([3.5](https://github.com/SELinuxProject/selinux/releases/tag/3.5))\r\ - \n - libsemanage ([3.5](https://github.com/SELinuxProject/selinux/releases/tag/3.5))\r\ - \n - libsepol ([3.5](https://github.com/SELinuxProject/selinux/releases/tag/3.5))\r\ - \n - lua ([5.4.6](https://www.lua.org/manual/5.4/readme.html#changes))\r\n - mit-krb5\ - \ ([1.21.2](http://web.mit.edu/kerberos/krb5-1.21/))\r\n - openssh ([9.4p1](https://www.openssh.com/releasenotes.html#9.4p1))\r\ - \n - policycoreutils ([3.5](https://github.com/SELinuxProject/selinux/releases/tag/3.5))\r\ - \n - procps ([4.0.4](https://gitlab.com/procps-ng/procps/-/releases/v4.0.4) (includes\ - \ [4.0.3](https://gitlab.com/procps-ng/procps/-/releases/v4.0.3) and [4.0.0](https://gitlab.com/procps-ng/procps/-/releases/v4.0.0)))\r\ - \n - rpcsvc-proto ([1.4.4](https://github.com/thkukuk/rpcsvc-proto/releases/tag/v1.4.4))\r\ - \n - samba ([4.18.4](https://wiki.samba.org/index.php/Samba_4.18_Features_added/changed#Samba_4.18.4))\r\ - \n - selinux-base ([2.20221101](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20221101))\r\ - \n - selinux-base-policy ([2.20221101](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20221101))\r\ - \n - selinux-container ([2.20221101](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20221101))\r\ - \n - selinux-sssd ([2.20221101](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20221101))\r\ - \n - selinux-unconfined ([2.20221101](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20221101))\r\ - \n - semodule-utils ([3.5](https://github.com/SELinuxProject/selinux/releases/tag/3.5))\r\ - \n - SDK: Rust ([1.72.1](https://github.com/rust-lang/rust/releases/tag/1.72.1))\r\ - \n - VMWARE: libdnet ([1.16.2](https://github.com/ofalk/libdnet/releases/tag/libdnet-1.16.2)\ - \ (includes [1.16](https://github.com/ofalk/libdnet/releases/tag/libdnet-1.16)))\r\ - \n\r\n _Changes since **Alpha 3745.0.0**_\r\n \r\n #### Security fixes:\r\n \r\ + body: ":warning: From Alpha 3794.0.0 Torcx has been removed - please assert that\ + \ you don't rely on specific Torcx mechanism but now use systemd-sysext. See [here](https://www.flatcar.org/docs/latest/provisioning/sysext/)\ + \ for more information.\r\n\r\n _Changes since **Beta 3745.1.0**_\r\n \r\n ####\ + \ Security fixes:\r\n \r\n - Linux ([CVE-2023-35827](https://nvd.nist.gov/vuln/detail/CVE-2023-35827),\ + \ [CVE-2023-46813](https://nvd.nist.gov/vuln/detail/CVE-2023-46813), [CVE-2023-46862](https://nvd.nist.gov/vuln/detail/CVE-2023-46862),\ + \ [CVE-2023-5178](https://nvd.nist.gov/vuln/detail/CVE-2023-5178), [CVE-2023-5717](https://nvd.nist.gov/vuln/detail/CVE-2023-5717))\r\ \n - curl ([CVE-2023-38545](https://nvd.nist.gov/vuln/detail/CVE-2023-38545),\ - \ [CVE-2023-38546](https://nvd.nist.gov/vuln/detail/CVE-2023-38546))\r\n \r\n\ - \ #### Bug fixes:\r\n \r\n - Disabled systemd-networkd's RoutesToDNS setting by\ - \ default to fix provisioning failures observed in VMs with multiple network interfaces\ - \ on Azure ([scripts#1206](https://github.com/flatcar/scripts/pull/1206))\r\n\ - \ - Fixed the postinstall hook failure when updating from Azure instances without\ - \ OEM systemd-sysext images to Flatcar Alpha 3745.x.y ([update_engine#29](https://github.com/flatcar/update_engine/pull/29))\r\ - \n \r\n #### Changes:\r\n \r\n - To make Kubernetes work by default, `/usr/libexec/kubernetes/kubelet-plugins/volume/exec`\ - \ is now a symlink to the writable folder `/var/kubernetes/kubelet-plugins/volume/exec`\ - \ ([Flatcar#1193](https://github.com/flatcar/Flatcar/issues/1193))\r\n \r\n ####\ - \ Updates:\r\n \r\n - Linux ([6.1.58](https://lwn.net/Articles/947820) (includes\ - \ [6.1.57](https://lwn.net/Articles/947298), [6.1.56](https://lwn.net/Articles/946854)))\r\ - \n - ca-certificates ([3.94](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_94.html))" - created_at: '2023-10-17T13:42:05Z' + \ [CVE-2023-38546](https://nvd.nist.gov/vuln/detail/CVE-2023-38546))\r\n - glibc\ + \ ([CVE-2023-4911](https://nvd.nist.gov/vuln/detail/CVE-2023-4911))\r\n - go ([CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325),\ + \ [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325))\r\n - grub\ + \ ([CVE-2023-4692](https://nvd.nist.gov/vuln/detail/CVE-2023-4692), [CVE-2023-4693](https://nvd.nist.gov/vuln/detail/CVE-2023-4693))\r\ + \n - libtirpc ([libtirpc-rhbg-2138317](http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=4a2d85c64110ee9e21a8c4f9dafd6b0ae621506d),\ + \ [libtirpc-rhbg-2150611](http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=f7f0abdf267698de3f74a0285405b1b01f40893b),\ + \ [libtirpc-rhbg-2224666](http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=1d2e10afb2ffc35cb3623f57a15f712359f18e75))\r\ + \n \r\n #### Bug fixes:\r\n \r\n - Added AWS EKS support for versions 1.24-1.28.\ + \ Fixed `/usr/share/amazon/eks/download-kubelet.sh` to include download paths\ + \ for these versions. ([scripts#1210](https://github.com/flatcar/scripts/pull/1210))\r\ + \n - Fixed iterating over the OEM update payload signatures which prevented the\ + \ AWS OEM update to 3745.x.y ([update-engine#31](https://github.com/flatcar/update_engine/pull/31))\r\ + \n - Fixed quotes handling for update-engine ([Flatcar#1209](https://github.com/flatcar/Flatcar/issues/1209))\r\ + \n - Made `sshkeys.service` more robust to only run `coreos-metadata-sshkeys@core.service`\ + \ when not masked and also retry on failure ([init#112](https://github.com/flatcar/init/pull/112))\r\ + \n \r\n #### Changes:\r\n \r\n - Brightbox: The regular OpenStack image should\ + \ now be used, it includes Afterburn for instance metadata attributes\r\n - OpenStack:\ + \ An uncompressed image is provided for simpler import (since the images use qcow2\ + \ inline compression, there is no benefit in using the `.gz` or `.bz2` images)\r\ + \n \r\n #### Updates:\r\n \r\n - Go ([1.20.10](https://go.dev/doc/devel/release#go1.20.10)\ + \ (includes [1.20.9](https://go.dev/doc/devel/release#go1.20.9)))\r\n - Linux\ + \ ([6.1.62](https://lwn.net/Articles/950700) (includes [6.1.61](https://lwn.net/Articles/949826),\ + \ [6.1.60](https://lwn.net/Articles/948817) and includes [6.1.59](https://lwn.net/Articles/948299)))\r\ + \n - containerd ([1.7.7](https://github.com/containerd/containerd/releases/tag/v1.7.7))\r\ + \n - curl ([8.4.0](https://curl.se/changes.html#8_4_0))\r\n - libnl ([3.8.0](https://github.com/thom311/libnl/compare/libnl3_7_0...libnl3_8_0))\r\ + \n - libtirpc ([1.3.4](https://marc.info/?l=linux-nfs&m=169667640909830&w=2))\r\ + \n - libxml2 ([2.11.5](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.5))\r\ + \n - openssh ([9.5p1](https://www.openssh.com/releasenotes.html#9.5p1))\r\n -\ + \ pigz ([2.8](https://zlib.net/pipermail/pigz-announce_zlib.net/2023-August/000018.html))\r\ + \n - strace([6.4](https://github.com/strace/strace/releases/tag/v6.4))\r\n - whois\ + \ ([5.5.18](https://github.com/rfc1036/whois/blob/v5.5.18/debian/changelog))\r\ + \n \r\n _Changes since **Alpha 3760.0.0**_\r\n \r\n #### Security fixes:\r\n \r\ + \n - Linux ([CVE-2023-35827](https://nvd.nist.gov/vuln/detail/CVE-2023-35827),\ + \ [CVE-2023-46813](https://nvd.nist.gov/vuln/detail/CVE-2023-46813), [CVE-2023-46862](https://nvd.nist.gov/vuln/detail/CVE-2023-46862),\ + \ [CVE-2023-5178](https://nvd.nist.gov/vuln/detail/CVE-2023-5178), [CVE-2023-5717](https://nvd.nist.gov/vuln/detail/CVE-2023-5717))\r\ + \n \r\n #### Bug fixes:\r\n \r\n - Fixed iterating over the OEM update payload\ + \ signatures which prevented the AWS OEM update to 3745.x.y ([update-engine#31](https://github.com/flatcar/update_engine/pull/31))\r\ + \n - Made `sshkeys.service` more robust to only run `coreos-metadata-sshkeys@core.service`\ + \ when not masked and also retry on failure ([init#112](https://github.com/flatcar/init/pull/112))\r\ + \n \r\n #### Changes:\r\n \r\n - Brightbox: The regular OpenStack image should\ + \ now be used, it includes Afterburn for instance metadata attributes\r\n - OpenStack:\ + \ An uncompressed image is provided for simpler import (since the images use qcow2\ + \ inline compression, there is no benefit in using the `.gz` or `.bz2` images)\r\ + \n \r\n #### Updates:\r\n \r\n - Linux ([6.1.62](https://lwn.net/Articles/950700)\ + \ (includes [6.1.61](https://lwn.net/Articles/949826), [6.1.60](https://lwn.net/Articles/948817)\ + \ and includes [6.1.59](https://lwn.net/Articles/948299)))" + created_at: '2023-11-20T16:14:21Z' draft: false - html_url: https://github.com/flatcar/scripts/releases/tag/beta-3745.1.0 - id: 126560368 + html_url: https://github.com/flatcar/scripts/releases/tag/beta-3760.1.0 + id: 130946966 name: '' - node_id: RE_kwDOB2MTHs4Hiyhw + node_id: RE_kwDOB2MTHs4HzheW prerelease: false - published_at: '2023-10-25T08:38:48Z' - tag_name: beta-3745.1.0 - tarball_url: https://api.github.com/repos/flatcar/scripts/tarball/beta-3745.1.0 + published_at: '2023-11-22T07:54:40Z' + tag_name: beta-3760.1.0 + tarball_url: https://api.github.com/repos/flatcar/scripts/tarball/beta-3760.1.0 target_commitish: main - upload_url: https://uploads.github.com/repos/flatcar/scripts/releases/126560368/assets{?name,label} - url: https://api.github.com/repos/flatcar/scripts/releases/126560368 - zipball_url: https://api.github.com/repos/flatcar/scripts/zipball/beta-3745.1.0 + upload_url: https://uploads.github.com/repos/flatcar/scripts/releases/130946966/assets{?name,label} + url: https://api.github.com/repos/flatcar/scripts/releases/130946966 + zipball_url: https://api.github.com/repos/flatcar/scripts/zipball/beta-3760.1.0 image_packages: - containerd: 1.7.6 + containerd: 1.7.7 docker: 20.10.24 ignition: 2.15.0 - kernel: 6.1.58 + kernel: 6.1.62 systemd: '252' release: current -version: 3745.1.0 +version: 3760.1.0 diff --git a/data/releases/stable/3602.2.2.yml b/data/releases/stable/3602.2.2.yml new file mode 100644 index 00000000..2934092a --- /dev/null +++ b/data/releases/stable/3602.2.2.yml @@ -0,0 +1,60 @@ +architectures: +- amd64 +- arm64 +channel: stable +github_release: + assets: [] + assets_url: https://api.github.com/repos/flatcar/scripts/releases/130947026/assets + author: + avatar_url: https://avatars.githubusercontent.com/u/28657343?v=4 + events_url: https://api.github.com/users/tormath1/events{/privacy} + followers_url: https://api.github.com/users/tormath1/followers + following_url: https://api.github.com/users/tormath1/following{/other_user} + gists_url: https://api.github.com/users/tormath1/gists{/gist_id} + gravatar_id: '' + html_url: https://github.com/tormath1 + id: 28657343 + login: tormath1 + node_id: MDQ6VXNlcjI4NjU3MzQz + organizations_url: https://api.github.com/users/tormath1/orgs + received_events_url: https://api.github.com/users/tormath1/received_events + repos_url: https://api.github.com/users/tormath1/repos + site_admin: false + starred_url: https://api.github.com/users/tormath1/starred{/owner}{/repo} + subscriptions_url: https://api.github.com/users/tormath1/subscriptions + type: User + url: https://api.github.com/users/tormath1 + body: ":warning: From Alpha 3794.0.0 Torcx has been removed - please assert that\ + \ you don't rely on specific Torcx mechanism but now use systemd-sysext. See [here](https://www.flatcar.org/docs/latest/provisioning/sysext/)\ + \ for more information.\r\n\r\n\r\n _Changes since **Stable 3602.2.1**_\r\n \r\ + \n #### Security fixes:\r\n \r\n - Linux ([CVE-2023-46813](https://nvd.nist.gov/vuln/detail/CVE-2023-46813),\ + \ [CVE-2023-5178](https://nvd.nist.gov/vuln/detail/CVE-2023-5178), [CVE-2023-5717](https://nvd.nist.gov/vuln/detail/CVE-2023-5717))\r\ + \n \r\n\r\n #### Changes:\r\n \r\n - Brightbox: The regular OpenStack image should\ + \ now be used, it includes Afterburn for instance metadata attributes\r\n - OpenStack:\ + \ An uncompressed image is provided for simpler import (since the images use qcow2\ + \ inline compression, there is no benefit in using the `.gz` or `.bz2` images)\r\ + \n - linux kernel: added zstd support for squashfs kernel module ([scripts#1297](https://github.com/flatcar/scripts/pull/1297))\r\ + \n \r\n #### Updates:\r\n \r\n - Linux ([5.15.138](https://lwn.net/Articles/950714)\ + \ (includes [5.15.137](https://lwn.net/Articles/948818)))" + created_at: '2023-11-20T16:15:34Z' + draft: false + html_url: https://github.com/flatcar/scripts/releases/tag/stable-3602.2.2 + id: 130947026 + name: '' + node_id: RE_kwDOB2MTHs4HzhfS + prerelease: false + published_at: '2023-11-22T07:55:14Z' + tag_name: stable-3602.2.2 + tarball_url: https://api.github.com/repos/flatcar/scripts/tarball/stable-3602.2.2 + target_commitish: main + upload_url: https://uploads.github.com/repos/flatcar/scripts/releases/130947026/assets{?name,label} + url: https://api.github.com/repos/flatcar/scripts/releases/130947026 + zipball_url: https://api.github.com/repos/flatcar/scripts/zipball/stable-3602.2.2 +image_packages: + containerd: 1.6.21 + docker: 20.10.24 + ignition: 2.15.0 + kernel: 5.15.138 + systemd: '252' +release: 3602.2.2 +version: 3602.2.2 diff --git a/data/releases/stable/current.yml b/data/releases/stable/current.yml index feeee488..32cf6334 100644 --- a/data/releases/stable/current.yml +++ b/data/releases/stable/current.yml @@ -4,7 +4,7 @@ architectures: channel: stable github_release: assets: [] - assets_url: https://api.github.com/repos/flatcar/scripts/releases/126560433/assets + assets_url: https://api.github.com/repos/flatcar/scripts/releases/130947026/assets author: avatar_url: https://avatars.githubusercontent.com/u/28657343?v=4 events_url: https://api.github.com/users/tormath1/events{/privacy} @@ -24,41 +24,37 @@ github_release: subscriptions_url: https://api.github.com/users/tormath1/subscriptions type: User url: https://api.github.com/users/tormath1 - body: "_Changes since **Stable 3602.2.0**_\r\n \r\n #### Security fixes:\r\n \r\n\ - - Linux ([CVE-2023-31085](https://nvd.nist.gov/vuln/detail/CVE-2023-31085), [CVE-2023-34324](https://nvd.nist.gov/vuln/detail/CVE-2023-34324),\ - \ [CVE-2023-4244](https://nvd.nist.gov/vuln/detail/CVE-2023-4244), [CVE-2023-42754](https://nvd.nist.gov/vuln/detail/CVE-2023-42754),\ - \ [CVE-2023-5197](https://nvd.nist.gov/vuln/detail/CVE-2023-5197))\r\n - curl\ - \ ([CVE-2023-38545](https://nvd.nist.gov/vuln/detail/CVE-2023-38545), [CVE-2023-38546](https://nvd.nist.gov/vuln/detail/CVE-2023-38546))\r\ - \n \r\n #### Bug fixes:\r\n \r\n - Disabled systemd-networkd's RoutesToDNS setting\ - \ by default to fix provisioning failures observed in VMs with multiple network\ - \ interfaces on Azure ([scripts#1206](https://github.com/flatcar/scripts/pull/1206))\r\ - \n - Fixed a regression in Docker resulting in file permissions being dropped\ - \ from exported container images. ([scripts#1231](https://github.com/flatcar/scripts/pull/1231))\r\ - \n \r\n #### Changes:\r\n \r\n - To make Kubernetes work by default, `/usr/libexec/kubernetes/kubelet-plugins/volume/exec`\ - \ is now a symlink to the writable folder `/var/kubernetes/kubelet-plugins/volume/exec`\ - \ ([Flatcar#1193](https://github.com/flatcar/Flatcar/issues/1193))\r\n \r\n ####\ - \ Updates:\r\n \r\n - Linux ([5.15.136](https://lwn.net/Articles/948297) (includes\ - \ [5.15.135](https://lwn.net/Articles/947299), [5.15.134](https://lwn.net/Articles/946855)))\r\ - \n - ca-certificates ([3.94](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_94.html))" - created_at: '2023-10-23T15:07:37Z' + body: ":warning: From Alpha 3794.0.0 Torcx has been removed - please assert that\ + \ you don't rely on specific Torcx mechanism but now use systemd-sysext. See [here](https://www.flatcar.org/docs/latest/provisioning/sysext/)\ + \ for more information.\r\n\r\n\r\n _Changes since **Stable 3602.2.1**_\r\n \r\ + \n #### Security fixes:\r\n \r\n - Linux ([CVE-2023-46813](https://nvd.nist.gov/vuln/detail/CVE-2023-46813),\ + \ [CVE-2023-5178](https://nvd.nist.gov/vuln/detail/CVE-2023-5178), [CVE-2023-5717](https://nvd.nist.gov/vuln/detail/CVE-2023-5717))\r\ + \n \r\n\r\n #### Changes:\r\n \r\n - Brightbox: The regular OpenStack image should\ + \ now be used, it includes Afterburn for instance metadata attributes\r\n - OpenStack:\ + \ An uncompressed image is provided for simpler import (since the images use qcow2\ + \ inline compression, there is no benefit in using the `.gz` or `.bz2` images)\r\ + \n - linux kernel: added zstd support for squashfs kernel module ([scripts#1297](https://github.com/flatcar/scripts/pull/1297))\r\ + \n \r\n #### Updates:\r\n \r\n - Linux ([5.15.138](https://lwn.net/Articles/950714)\ + \ (includes [5.15.137](https://lwn.net/Articles/948818)))" + created_at: '2023-11-20T16:15:34Z' draft: false - html_url: https://github.com/flatcar/scripts/releases/tag/stable-3602.2.1 - id: 126560433 + html_url: https://github.com/flatcar/scripts/releases/tag/stable-3602.2.2 + id: 130947026 name: '' - node_id: RE_kwDOB2MTHs4Hiyix + node_id: RE_kwDOB2MTHs4HzhfS prerelease: false - published_at: '2023-10-25T08:39:23Z' - tag_name: stable-3602.2.1 - tarball_url: https://api.github.com/repos/flatcar/scripts/tarball/stable-3602.2.1 + published_at: '2023-11-22T07:55:14Z' + tag_name: stable-3602.2.2 + tarball_url: https://api.github.com/repos/flatcar/scripts/tarball/stable-3602.2.2 target_commitish: main - upload_url: https://uploads.github.com/repos/flatcar/scripts/releases/126560433/assets{?name,label} - url: https://api.github.com/repos/flatcar/scripts/releases/126560433 - zipball_url: https://api.github.com/repos/flatcar/scripts/zipball/stable-3602.2.1 + upload_url: https://uploads.github.com/repos/flatcar/scripts/releases/130947026/assets{?name,label} + url: https://api.github.com/repos/flatcar/scripts/releases/130947026 + zipball_url: https://api.github.com/repos/flatcar/scripts/zipball/stable-3602.2.2 image_packages: containerd: 1.6.21 docker: 20.10.24 ignition: 2.15.0 - kernel: 5.15.136 + kernel: 5.15.138 systemd: '252' release: current -version: 3602.2.1 +version: 3602.2.2 diff --git a/static/releases-feed/releases-alpha.xml b/static/releases-feed/releases-alpha.xml index 9725a78f..d948f00c 100644 --- a/static/releases-feed/releases-alpha.xml +++ b/static/releases-feed/releases-alpha.xml @@ -2,7 +2,7 @@ https://www.flatcar.org/ Flatcar :: alpha - 2023-10-25T10:20:33.809685+00:00 + 2023-11-22T09:59:23.530866+00:00 Flatcar Container Linux hello@kinvolk.io @@ -11,10 +11,18 @@ python-feedgen https://kinvolk.io/images/flatcar-logo.svg Flatcar Container Linux release feed + + https://github.com/flatcar/scripts/releases/tag/alpha-3794.0.0 + 3794.0.0 + 2023-11-22T09:59:24.337547+00:00 + **This release removes the legacy "torcx" image customisation and replaces this feature with systemd-sysext. Torcx enabled users to deploy custom docker versions; however, it required special packaging using the Flatcar SDK.** Please refer to the "Changes" section below for details.<br><br>**This release ships a major Docker update: Docker was upgraded to version 24 (from version 20 in the previous release). Please see the "Changes" section below for details.**<br><br> _Changes since **Alpha 3760.0.0**_<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2023-35827](https://nvd.nist.gov/vuln/detail/CVE-2023-35827), [CVE-2023-46813](https://nvd.nist.gov/vuln/detail/CVE-2023-46813), [CVE-2023-46862](https://nvd.nist.gov/vuln/detail/CVE-2023-46862), [CVE-2023-5178](https://nvd.nist.gov/vuln/detail/CVE-2023-5178), [CVE-2023-5717](https://nvd.nist.gov/vuln/detail/CVE-2023-5717))<br> - VMWare: open-vm-tools ([CVE-2023-34058](https://nvd.nist.gov/vuln/detail/CVE-2023-34058), [CVE-2023-34059](https://nvd.nist.gov/vuln/detail/CVE-2023-34059))<br> - nghttp2 ([CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487))<br> - samba ([CVE-2023-4091](https://nvd.nist.gov/vuln/detail/CVE-2023-4091))<br> - zlib ([CVE-2023-45853](https://nvd.nist.gov/vuln/detail/CVE-2023-45853))<br> <br> #### Bug fixes:<br> <br> - Fixed iterating over the OEM update payload signatures which prevented the AWS OEM update to 3745.x.y ([update-engine#31](https://github.com/flatcar/update_engine/pull/31))<br> - Made `sshkeys.service` more robust to only run `coreos-metadata-sshkeys@core.service` when not masked and also retry on failure ([init#112](https://github.com/flatcar/init/pull/112))<br> - Set TTY used for fetching server_context to RAW mode before running cloudinit on cloudsigma ([scripts#1280](https://github.com/flatcar/scripts/pull/1280))<br><br><br> #### Known issues:<br><br>- docker and containerd packages information are missing from `flatcar_production_image_packages.txt` ([flatcar#1260](https://github.com/flatcar/Flatcar/issues/1260))<br> <br> #### Changes:<br> <br> - **Torcx, the mechanism to provide a custom Docker version, was replaced by systemd-sysext in the OS image**. Learn more about sysext and how to customise OS images [here](https://www.flatcar.org/docs/latest/provisioning/sysext/).<br> - Torcx entered deprecation 2 years ago in favour of [deploying plain Docker binaries](https://www.flatcar.org/docs/latest/container-runtimes/use-a-custom-docker-or-containerd-version/)<br> (which is now also a legacy option because systemd-sysext offers a more robust and better structured way of customisation, including OS independent updates).<br> - Torcx has been removed entirely; if you use Torcx to extend the Flatcar base OS image, please refer to our [conversion script](https://www.flatcar.org/docs/latest/provisioning/sysext/#torcx-deprecation) and to the sysext documentation mentioned above for migrating.<br> - Consequently, `update_engine` will not perform torcx sanity checks post-update anymore.<br> - Relevant changes: [scripts#1216](https://github.com/flatcar/scripts/pull/1216), [update_engine#30](https://github.com/flatcar/update_engine/pull/30), [Mantle#466](https://github.com/flatcar/mantle/pull/466), [Mantle#465](https://github.com/flatcar/mantle/pull/465).<br>- cri-tools, runc, containerd, docker, and docker-cli are now built from Gentoo upstream ebuilds. Docker received a major version upgrade - it was updated to Docker 24 (from Docker 20; see "updates").<br> - **NOTE:** The docker btrfs storage driver has been de-prioritised; BTRFS backed storage will now default to the `overlay2` driver<br> ([changelog](https://docs.docker.com/engine/release-notes/23.0/#bug-fixes-and-enhancements-6), [upstream pr](https://github.com/moby/moby/pull/42661)).<br> Using the btrfs driver can still be enforced by creating a respective [docker config](https://docs.docker.com/storage/storagedriver/btrfs-driver/#configure-docker-to-use-the-btrfs-storage-driver) at `/etc/docker/daemon.json`.<br> - **NOTE:** If you are already using btrfs-backed Docker storage and are upgrading to this new version, Docker will automatically use the `btrfs` storage driver for backwards-compatibility with your deployment.<br> - **Docker will remove the `btrfs` driver entirely in a future version. Please consider migrating your deployments to the `overlay2` driver.**<br> - Brightbox: The regular OpenStack image should now be used, it includes Afterburn for instance metadata attributes<br> - OpenStack: An uncompressed image is provided for simpler import (since the images use qcow2 inline compression, there is no benefit in using the `.gz` or `.bz2` images)<br><br> #### Updates:<br> <br> - Azure: WALinuxAgent ([v2.9.1.1](https://github.com/Azure/WALinuxAgent/releases/tag/v2.9.1.1))<br> - DEV, AZURE: python ([3.11.6](https://docs.python.org/release/3.11.6/whatsnew/changelog.html#python-3-11-6))<br> - DEV: iperf ([3.15](https://github.com/esnet/iperf/releases/tag/3.15))<br> - DEV: smartmontools ([7.4](https://www.smartmontools.org/browser/tags/RELEASE_7_4/smartmontools/NEWS))<br> - Go ([1.20.11](https://go.dev/doc/devel/release#go1.20.11))<br> - Linux ([6.1.62](https://lwn.net/Articles/950700) (includes [6.1.61](https://lwn.net/Articles/949826), [6.1.60](https://lwn.net/Articles/948817) and [6.1.59](https://lwn.net/Articles/948297)))<br> - Linux Firmware ([20231111](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20231111) (includes [20231030](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20231030)))<br> - SDK: Rust ([1.73.0](https://github.com/rust-lang/rust/releases/tag/1.73.0))<br> - SDK: python packaging ([23.2](https://github.com/pypa/packaging/releases/tag/23.2)), platformdirs ([3.11.0](https://github.com/platformdirs/platformdirs/releases/tag/3.11.0)) <br> - VMWare: open-vm-tools ([12.3.5](https://github.com/vmware/open-vm-tools/releases/tag/stable-12.3.5))<br> - containerd ([1.7.9](https://github.com/containerd/containerd/releases/tag/v1.7.9) (includes [1.7.8](https://github.com/containerd/containerd/releases/tag/v1.7.8)))<br> - cri-tools ([1.27.0](https://github.com/kubernetes-sigs/cri-tools/releases/tag/v1.27.0))<br> - ding-libs ([0.6.2](https://github.com/SSSD/ding-libs/releases/tag/0.6.2))<br> - docker ([24.0.6](https://docs.docker.com/engine/release-notes/24.0/), includes changes from [23.0](https://docs.docker.com/engine/release-notes/23.0/))<br> - ethtool ([6.5](https://git.kernel.org/pub/scm/network/ethtool/ethtool.git/tree/NEWS?h=v6.5))<br> - hwdata ([v0.375](https://github.com/vcrhonek/hwdata/releases/tag/v0.375) (includes [0.374](https://github.com/vcrhonek/hwdata/commits/v0.374)))<br> - iproute2 ([6.5.0](https://marc.info/?l=linux-netdev&m=169401822317373&w=2))<br> - json-c ([0.17](https://github.com/json-c/json-c/blob/json-c-0.17-20230812/ChangeLog))<br> - libffi ([3.4.4](https://github.com/libffi/libffi/releases/tag/v3.4.4) (includes [3.4.2](https://github.com/libffi/libffi/releases/tag/v3.4.2) and [3.4.3](https://github.com/libffi/libffi/releases/tag/v3.4.3)))<br> - liblinear (246)<br> - libsodium ([1.0.19](https://github.com/jedisct1/libsodium/releases/tag/1.0.19-RELEASE))<br> - libunistring ([1.1](https://git.savannah.gnu.org/gitweb/?p=libunistring.git;a=blob;f=NEWS;h=5a43ddd7011d62a952733f6c0b7ad52aa4f385c7;hb=8006860b710aae2e8442088c3ddc7d819dfa8ac7))<br> - mpc ([1.3.1](https://sympa.inria.fr/sympa/arc/mpc-discuss/2022-12/msg00049.html) (includes [1.3.0](https://sympa.inria.fr/sympa/arc/mpc-discuss/2022-12/msg00028.html))<br> - mpfr ([4.2.1](https://gitlab.inria.fr/mpfr/mpfr/-/blob/4.2.1/NEWS))<br> - nghttp2 ([1.57.0](https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0) (includes [1.52.0](https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0), [1.53.0](https://github.com/nghttp2/nghttp2/releases/tag/v1.53.0), [1.54.0](https://github.com/nghttp2/nghttp2/releases/tag/v1.54.0), [1.55.0](https://github.com/nghttp2/nghttp2/releases/tag/v1.55.0), [1.55.1](https://github.com/nghttp2/nghttp2/releases/tag/v1.55.1) and [1.56.0](https://github.com/nghttp2/nghttp2/releases/tag/v1.56.0)))<br> - nspr ([4.35](https://hg.mozilla.org/projects/nspr/log/b563bfc16c887c48b038b7b441fcc4e40a126d3b))<br> - ntp ([4.2.8p17](https://www.ntp.org/support/securitynotice/4_2_8p17-release-announcement/))<br> - nvme-cli ([v2.6](https://github.com/linux-nvme/nvme-cli/releases/tag/v2.6), libnvme [v1.6](https://github.com/linux-nvme/libnvme/releases/tag/v1.6))<br> - protobuf ([21.12](https://github.com/protocolbuffers/protobuf/releases/tag/v21.12) (includes [21.10](https://github.com/protocolbuffers/protobuf/releases/tag/v21.10) and [21.11](https://github.com/protocolbuffers/protobuf/releases/tag/v21.11)))<br> - samba ([4.18.8](https://www.samba.org/samba/history/samba-4.18.8.html))<br> - sqlite ([3.43.2](https://www.sqlite.org/releaselog/3_43_2.html))<br> - thin-provisioning-tools ([1.0.6](https://github.com/jthornber/thin-provisioning-tools/blob/v1.0.6/CHANGES))<br>Packages:<br>- ignition 2.15.0<br>- kernel 6.1.62<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> + + 2023-11-22T07:53:31+00:00 + https://github.com/flatcar/scripts/releases/tag/alpha-3760.0.0 3760.0.0 - 2023-10-25T10:20:34.569105+00:00 + 2023-11-22T09:59:24.326891+00:00 _Changes since **Alpha 3745.0.0**_<br> <br> #### Security fixes:<br> <br> - Go ([CVE-2023-39323](https://nvd.nist.gov/vuln/detail/CVE-2023-39323), [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325))<br> - curl ([CVE-2023-38545](https://nvd.nist.gov/vuln/detail/CVE-2023-38545), [CVE-2023-38546](https://nvd.nist.gov/vuln/detail/CVE-2023-38546))<br> - glibc ([CVE-2023-4911](https://nvd.nist.gov/vuln/detail/CVE-2023-4911))<br> - grub ([CVE-2023-4692](https://nvd.nist.gov/vuln/detail/CVE-2023-4692), [CVE-2023-4693](https://nvd.nist.gov/vuln/detail/CVE-2023-4693))<br> - libtirpc ([libtirpc-rhbg-2138317](http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=4a2d85c64110ee9e21a8c4f9dafd6b0ae621506d), [libtirpc-rhbg-2150611](http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=f7f0abdf267698de3f74a0285405b1b01f40893b), [libtirpc-rhbg-2224666](http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=1d2e10afb2ffc35cb3623f57a15f712359f18e75))<br> <br> #### Bug fixes:<br> <br> - Added AWS EKS support for versions 1.24-1.28. Fixed `/usr/share/amazon/eks/download-kubelet.sh` to include download paths for these versions. ([scripts#1210](https://github.com/flatcar/scripts/pull/1210))<br> - Disabled systemd-networkd's RoutesToDNS setting by default to fix provisioning failures observed in VMs with multiple network interfaces on Azure ([scripts#1206](https://github.com/flatcar/scripts/pull/1206))<br> - Fixed quotes handling for update-engine ([Flatcar#1209](https://github.com/flatcar/Flatcar/issues/1209))<br> - Fixed the postinstall hook failure when updating from Azure instances without OEM systemd-sysext images to Flatcar Alpha 3745.x.y ([update_engine#29](https://github.com/flatcar/update_engine/pull/29))<br> <br> #### Changes:<br> <br> - To make Kubernetes work by default, `/usr/libexec/kubernetes/kubelet-plugins/volume/exec` is now a symlink to the writable folder `/var/kubernetes/kubelet-plugins/volume/exec` ([Flatcar#1193](https://github.com/flatcar/Flatcar/issues/1193))<br> <br> #### Updates:<br> <br> - Go ([1.20.10](https://go.dev/doc/devel/release#go1.20.10) (includes [1.20.9](https://go.dev/doc/devel/release#go1.20.9)))<br> - Linux ([6.1.58](https://lwn.net/Articles/947820) (includes [6.1.57](https://lwn.net/Articles/947298), [6.1.56](https://lwn.net/Articles/946854)))<br> - ca-certificates ([3.94](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_94.html))<br> - containerd ([1.7.7](https://github.com/containerd/containerd/releases/tag/v1.7.7))<br> - curl ([8.4.0](https://curl.se/changes.html#8_4_0))<br> - libnl ([3.8.0](https://github.com/thom311/libnl/compare/libnl3_7_0...libnl3_8_0))<br> - libtirpc ([1.3.4](https://marc.info/?l=linux-nfs&m=169667640909830&w=2))<br> - libxml2 ([2.11.5](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.5))<br> - openssh ([9.5p1](https://www.openssh.com/releasenotes.html#9.5p1))<br> - pigz ([2.8](https://zlib.net/pipermail/pigz-announce_zlib.net/2023-August/000018.html))<br> - strace ([6.4](https://github.com/strace/strace/releases/tag/v6.4))<br> - whois ([5.5.18](https://github.com/rfc1036/whois/blob/v5.5.18/debian/changelog))<br>Packages:<br>- containerd 1.7.7<br>- docker 20.10.24<br>- ignition 2.15.0<br>- kernel 6.1.58<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-10-25T08:37:38+00:00 @@ -22,7 +30,7 @@ https://github.com/flatcar/scripts/releases/tag/alpha-3745.0.0 3745.0.0 - 2023-10-25T10:20:34.562678+00:00 + 2023-11-22T09:59:24.320479+00:00 _Changes since **Alpha 3732.0.0**_<br><br> #### Security fixes:<br> <br> - Linux ([CVE-2023-42755](https://nvd.nist.gov/vuln/detail/CVE-2023-42755))<br> - curl ([CVE-2023-38039](https://nvd.nist.gov/vuln/detail/CVE-2023-38039))<br> - glibc ([CVE-2023-4527](https://nvd.nist.gov/vuln/detail/CVE-2023-4527), [CVE-2023-4806](https://nvd.nist.gov/vuln/detail/CVE-2023-4806))<br> - lua ([CVE-2022-33099](https://nvd.nist.gov/vuln/detail/CVE-2022-33099))<br> - mit-krb5 ([CVE-2023-36054](https://nvd.nist.gov/vuln/detail/CVE-2023-36054))<br> - procps ([CVE-2023-4016](https://nvd.nist.gov/vuln/detail/CVE-2023-4016))<br> - samba ([CVE-2021-44142](https://nvd.nist.gov/vuln/detail/CVE-2021-44142), [CVE-2022-1615](https://nvd.nist.gov/vuln/detail/CVE-2022-1615))<br> <br> #### Bug fixes:<br> <br> - Triggered re-reading of partition table to fix adding partitions to the boot disk ([scripts#1202](https://github.com/flatcar/scripts/pull/1202))<br> <br> #### Changes:<br> <br> - Reworked the VMware OEM software to be shipped as A/B updated systemd-sysext image<br> - Started shipping default ssh client and ssh daemon configs in `/etc/ssh/ssh_config` and `/etc/ssh/sshd_config` which include config snippets in `/etc/ssh/ssh_config.d` and `/etc/ssh/sshd_config.d`, respectively.<br> - Use qcow2 compressed format instead of additional compression layer in Qemu images ([Flatcar#1135](https://github.com/flatcar/Flatcar/issues/1135), [scripts#1132](https://github.com/flatcar/scripts/pull/1132))<br> - AWS: AWS OEM images now use a systemd-sysext image for layering additional platform-specific software on top of `/usr`<br> - SDK: Experimental support for [prefix builds](https://github.com/flatcar/scripts/blob/main/PREFIX.md) to create distro independent, portable, self-contained applications w/ all dependencies included. With contributions from [chewi](https://github.com/chewi) and [HappyTobi](https://github.com/HappyTobi).<br> - VMware: The open-vm-tools package in VMware OEM now comes with vmhgfs-fuse, udev rules, pam and vgauth<br> <br> #### Updates:<br> <br> - Linux ([6.1.55](https://lwn.net/Articles/945379))<br> - Linux Firmware ([20230919](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20230919))<br> - bind-tools ([9.16.42](https://bind9.readthedocs.io/en/v9.16.42/notes.html#notes-for-bind-9-16-42))<br> - checkpolicy ([3.5](https://github.com/SELinuxProject/selinux/releases/tag/3.5))<br> - curl ([8.3.0](https://curl.se/changes.html#8_3_0))<br> - gcc ([13.2](https://gcc.gnu.org/gcc-13/changes.html))<br> - gzip ([1.13](https://savannah.gnu.org/news/?id=10501))<br> - libgcrypt ([1.10.2](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=blob;f=NEWS;h=c9a239615f8070427a96688b1be40a81e59e9b8a;hb=1c5cbacf3d88dded5063e959ee68678ff7d0fa56))<br> - libselinux ([3.5](https://github.com/SELinuxProject/selinux/releases/tag/3.5))<br> - libsemanage ([3.5](https://github.com/SELinuxProject/selinux/releases/tag/3.5))<br> - libsepol ([3.5](https://github.com/SELinuxProject/selinux/releases/tag/3.5))<br> - lua ([5.4.6](https://www.lua.org/manual/5.4/readme.html#changes))<br> - mit-krb5 ([1.21.2](http://web.mit.edu/kerberos/krb5-1.21/))<br> - openssh ([9.4p1](https://www.openssh.com/releasenotes.html#9.4p1))<br> - policycoreutils ([3.5](https://github.com/SELinuxProject/selinux/releases/tag/3.5))<br> - procps ([4.0.4](https://gitlab.com/procps-ng/procps/-/releases/v4.0.4) (includes [4.0.3](https://gitlab.com/procps-ng/procps/-/releases/v4.0.3) and [4.0.0](https://gitlab.com/procps-ng/procps/-/releases/v4.0.0)))<br> - rpcsvc-proto ([1.4.4](https://github.com/thkukuk/rpcsvc-proto/releases/tag/v1.4.4))<br> - samba ([4.18.4](https://wiki.samba.org/index.php/Samba_4.18_Features_added/changed#Samba_4.18.4))<br> - selinux-base ([2.20221101](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20221101))<br> - selinux-base-policy ([2.20221101](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20221101))<br> - selinux-container ([2.20221101](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20221101))<br> - selinux-sssd ([2.20221101](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20221101))<br> - selinux-unconfined ([2.20221101](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20221101))<br> - semodule-utils ([3.5](https://github.com/SELinuxProject/selinux/releases/tag/3.5))<br> - SDK: Rust ([1.72.1](https://github.com/rust-lang/rust/releases/tag/1.72.1))<br> - VMWARE: libdnet ([1.16.2](https://github.com/ofalk/libdnet/releases/tag/libdnet-1.16.2) (includes [1.16](https://github.com/ofalk/libdnet/releases/tag/libdnet-1.16)))<br>Packages:<br>- containerd 1.7.6<br>- docker 20.10.24<br>- ignition 2.15.0<br>- kernel 6.1.55<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-10-05T09:58:43+00:00 @@ -30,7 +38,7 @@ https://github.com/flatcar/scripts/releases/tag/alpha-3732.0.0 3732.0.0 - 2023-10-25T10:20:34.555242+00:00 + 2023-11-22T09:59:24.312978+00:00 _Changes since **Alpha 3717.0.0**_<br> <br> #### Known issues:<br> - Regression in Kernel 6.1.54, so that a specific cgroupv1 sysfs entry for reading Kernel memory limit disappeared. Container runtimes like runc are mainly affected. The issue was already reported to the upstream Kernel community.<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2023-25775](https://nvd.nist.gov/vuln/detail/CVE-2023-25775), [CVE-2023-4623](https://nvd.nist.gov/vuln/detail/CVE-2023-4623))<br> - Go ([CVE-2023-39318](https://nvd.nist.gov/vuln/detail/CVE-2023-39318), [CVE-2023-39319](https://nvd.nist.gov/vuln/detail/CVE-2023-39319), [CVE-2023-39320](https://nvd.nist.gov/vuln/detail/CVE-2023-39320), [CVE-2023-39321](https://nvd.nist.gov/vuln/detail/CVE-2023-39321), [CVE-2023-39322](https://nvd.nist.gov/vuln/detail/CVE-2023-39322))<br> - nvidia-drivers ([CVE-2023-25515](https://nvd.nist.gov/vuln/detail/CVE-2023-25515), [CVE-2023-25516](https://nvd.nist.gov/vuln/detail/CVE-2023-25516))<br> - torcx ([CVE-2022-28948](https://nvd.nist.gov/vuln/detail/CVE-2022-28948))<br> - SDK: Python ([CVE-2023-40217](https://nvd.nist.gov/vuln/detail/CVE-2023-40217), [CVE-2023-41105](https://nvd.nist.gov/vuln/detail/CVE-2023-41105))<br> <br> #### Bug fixes:<br> <br> - Fix the RemainAfterExit clause in nvidia.service ([Flatcar#1169](https://github.com/flatcar/Flatcar/issues/1169))<br> - Fixed bug in handling renamed network interfaces when generating login issue ([init#102](https://github.com/flatcar/init/pull/102))<br> <br> #### Changes:<br> <br> - OEM vendor tools are now A/B updated if they are shipped as systemd-sysext images, the migration happens when both partitions require a systemd-sysext OEM image - note that this will delete the `nvidia.service` from `/etc` on Azure because it's now part of `/usr` ([Flatcar#60](https://github.com/flatcar/Flatcar/issues/60))<br> - Azure: Add support for Microsoft Azure Network Adapter (MANA) NICs on Azure ([scripts#1131](https://github.com/flatcar/scripts/pull/1131))<br> <br> #### Updates:<br><br> - Linux ([6.1.54](https://lwn.net/Articles/944876) (includes [6.1.53](https://lwn.net/Articles/944358), [6.1.52](https://lwn.net/Articles/943754), [6.1.51](https://lwn.net/Articles/943403)))<br> - Go ([1.19.13](https://go.dev/doc/devel/release#go1.19.13))<br> - Go ([1.20.8](https://go.dev/doc/devel/release#go1.20.8))<br> - cJSON ([1.7.16](https://github.com/DaveGamble/cJSON/releases/tag/v1.7.16))<br> - ca-certificates ([3.93](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_93.html))<br> - containerd ([1.7.6](https://github.com/containerd/containerd/releases/tag/v1.7.6))<br> - ethtool ([6.4](https://git.kernel.org/pub/scm/network/ethtool/ethtool.git/tree/NEWS?h=v6.4))<br> - glib ([2.76.4](https://gitlab.gnome.org/GNOME/glib/-/releases/2.76.4))<br> - glibc ([2.37](https://sourceware.org/git/?p=glibc.git;a=tag;h=refs/tags/glibc-2.37))<br> - gmp ([6.3.0](https://gmplib.org/gmp6.3))<br> - hwdata ([0.373](https://github.com/vcrhonek/hwdata/commits/v0.373) (includes [0.372](https://github.com/vcrhonek/hwdata/commits/v0.372)))<br> - inih ([57](https://github.com/benhoyt/inih/releases/tag/r57))<br> - iproute2 ([6.4.0](https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/log/?h=v6.4.0))<br> - libmicrohttpd ([0.9.77](https://gitlab.com/libmicrohttpd/libmicrohttpd/-/releases/v0.9.77))<br> - libnftnl ([1.2.6](https://git.netfilter.org/libnftnl/log/?h=libnftnl-1.2.6))<br> - libnvme ([1.5](https://github.com/linux-nvme/libnvme/releases/tag/v1.5))<br> - nvidia-drivers ([535.104.05](https://docs.nvidia.com/datacenter/tesla/tesla-release-notes-535-104-05/index.html))<br> - nvme-cli ([2.5](https://github.com/linux-nvme/nvme-cli/releases/tag/v2.5))<br> - openldap ([2.6.4](https://git.openldap.org/openldap/openldap/-/blob/OPENLDAP_REL_ENG_2_6_4/CHANGES))<br> - tar ([1.35](https://lists.gnu.org/archive/html/info-gnu/2023-07/msg00005.html))<br> - xfsprogs ([6.4.0](https://git.kernel.org/pub/scm/fs/xfs/xfsprogs-dev.git/tree/doc/CHANGES?h=v6.4.0))<br> - SDK: file ([5.45](https://github.com/file/file/blob/FILE5_45/ChangeLog))<br> - SDK: gnuconfig ([20230731](https://git.savannah.gnu.org/cgit/config.git/log/?id=d4e37b5868ef910e3e52744c34408084bb13051c))<br> - SDK: kbd ([2.6.1](https://github.com/legionus/kbd/releases/tag/v2.6.1) (includes [2.6.0](https://github.com/legionus/kbd/releases/tag/v2.6.0)))<br> - SDK: python ([3.11.5](https://www.python.org/downloads/release/python-3115/))<br> - SDK: qemu ([8.0.4](https://wiki.qemu.org/ChangeLog/8.0))<br>Packages:<br>- containerd 1.7.6<br>- docker 20.10.24<br>- ignition 2.15.0<br>- kernel 6.1.54<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-09-21T11:35:29+00:00 @@ -38,7 +46,7 @@ https://github.com/flatcar/scripts/releases/tag/alpha-3717.0.0 3717.0.0 - 2023-10-25T10:20:34.547782+00:00 + 2023-11-22T09:59:24.305536+00:00 _Changes since **Alpha 3689.0.0**_<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2022-40982](https://nvd.nist.gov/vuln/detail/CVE-2022-40982), [CVE-2022-41804](https://nvd.nist.gov/vuln/detail/CVE-2022-41804), [CVE-2023-20569](https://nvd.nist.gov/vuln/detail/CVE-2023-20569), [CVE-2023-20588](https://nvd.nist.gov/vuln/detail/CVE-2023-20588), [CVE-2023-34319](https://nvd.nist.gov/vuln/detail/CVE-2023-34319), [CVE-2023-3772](https://nvd.nist.gov/vuln/detail/CVE-2023-3772), [CVE-2023-3773](https://nvd.nist.gov/vuln/detail/CVE-2023-3773), [CVE-2023-40283](https://nvd.nist.gov/vuln/detail/CVE-2023-40283), [CVE-2023-4128](https://nvd.nist.gov/vuln/detail/CVE-2023-4128), [CVE-2023-4155](https://nvd.nist.gov/vuln/detail/CVE-2023-4155), [CVE-2023-4273](https://nvd.nist.gov/vuln/detail/CVE-2023-4273), [CVE-2023-23908](https://nvd.nist.gov/vuln/detail/CVE-2023-23908))<br> - grub ([CVE-2020-10713](https://nvd.nist.gov/vuln/detail/CVE-2020-10713), [CVE-2020-14372](https://nvd.nist.gov/vuln/detail/CVE-2020-14372), [CVE-2020-25632](https://nvd.nist.gov/vuln/detail/CVE-2020-25632), [CVE-2020-25647](https://nvd.nist.gov/vuln/detail/CVE-2020-25647), [CVE-2020-27749](https://nvd.nist.gov/vuln/detail/CVE-2020-27749), [CVE-2020-27779](https://nvd.nist.gov/vuln/detail/CVE-2020-27779), [CVE-2021-20225](https://nvd.nist.gov/vuln/detail/CVE-2021-20225), [CVE-2021-20233](https://nvd.nist.gov/vuln/detail/CVE-2021-20233), [CVE-2021-3981](https://nvd.nist.gov/vuln/detail/CVE-2021-3981), [CVE-2021-3695](https://nvd.nist.gov/vuln/detail/CVE-2021-3695), [CVE-2021-3696](https://nvd.nist.gov/vuln/detail/CVE-2021-3696), [CVE-2021-3697](https://nvd.nist.gov/vuln/detail/CVE-2021-3697), [CVE-2022-28733](https://nvd.nist.gov/vuln/detail/CVE-2022-28733), [CVE-2022-28734](https://nvd.nist.gov/vuln/detail/CVE-2022-28734), [CVE-2022-28735](https://nvd.nist.gov/vuln/detail/CVE-2022-28735), [CVE-2022-28736](https://nvd.nist.gov/vuln/detail/CVE-2022-28736), [CVE-2022-28737](https://nvd.nist.gov/vuln/detail/CVE-2022-28737), [CVE-2022-2601](https://nvd.nist.gov/vuln/detail/CVE-2022-2601), [CVE-2022-3775](https://nvd.nist.gov/vuln/detail/CVE-2022-3775))<br> - intel-microcode ([CVE-2022-40982](https://nvd.nist.gov/vuln/detail/CVE-2022-40982), [CVE-2022-41804](https://nvd.nist.gov/vuln/detail/CVE-2022-41804), [CVE-2023-23908](https://nvd.nist.gov/vuln/detail/CVE-2023-23908))<br> - libarchive ([libarchive-20230729](https://github.com/libarchive/libarchive/releases/tag/v3.7.1))<br> - vim ([CVE-2023-2609](https://nvd.nist.gov/vuln/detail/CVE-2023-2609), [CVE-2023-2610](https://nvd.nist.gov/vuln/detail/CVE-2023-2610))<br> - VMware: open-vm-tools ([CVE-2023-20900](https://nvd.nist.gov/vuln/detail/CVE-2023-20900))<br> - SDK: qemu ([CVE-2023-0330](https://nvd.nist.gov/vuln/detail/CVE-2023-0330), [CVE-2023-2861](https://nvd.nist.gov/vuln/detail/CVE-2023-2861))<br> - SDK: Rust ([CVE-2023-38497](https://nvd.nist.gov/vuln/detail/CVE-2023-38497))<br><br> #### Bug fixes:<br> <br> - Fixed the restart of Systemd services when the main process is being killed by a SIGHUP signal ([Flatcar#1157](https://github.com/flatcar/Flatcar/issues/1157))<br> <br> #### Changes:<br> <br> - Change nvidia.service to type oneshot (from the default "simple") so the subsequent services (configured with "Requires/After") are executed after the driver installation is successfully finished ([Flatcar#1136](https://github.com/flatcar/Flatcar/issues/1136))<br> <br> #### Updates:<br> <br> - Linux ([6.1.50](https://lwn.net/Articles/943112) (includes [6.1.49](https://lwn.net/Articles/942880), [6.1.48](https://lwn.net/Articles/942865), [6.1.47](https://lwn.net/Articles/942531), [6.1.46](https://lwn.net/Articles/941774), [6.1.45](https://lwn.net/Articles/941275), [6.1.44](https://lwn.net/Articles/940800)))<br> - Linux Firmware ([20230804](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20230804))<br> - cifs-utils ([7.0](https://lists.samba.org/archive/samba-technical/2022-August/137528.html))<br> - containerd ([1.7.5](https://github.com/containerd/containerd/releases/tag/v1.7.5) (includes [1.7.4](https://github.com/containerd/containerd/releases/tag/v1.7.4)))<br> - cryptsetup ([2.6.1](https://gitlab.com/cryptsetup/cryptsetup/-/blob/v2.6.1/docs/v2.6.1-ReleaseNotes) (includes [2.6.0](https://gitlab.com/cryptsetup/cryptsetup/-/blob/v2.6.0/docs/v2.6.0-ReleaseNotes) and [2.5.0](https://gitlab.com/cryptsetup/cryptsetup/-/blob/v2.5.0/docs/v2.5.0-ReleaseNotes)))<br> - curl ([8.2.1](https://curl.se/changes.html#8_2_1) (includes [8.2.0](https://curl.se/changes.html#8_2_0)))<br> - gdbm ([1.23](https://lists.gnu.org/archive/html/info-gnu/2022-02/msg00004.html))<br> - grub ([2.06](https://lists.gnu.org/archive/html/grub-devel/2021-06/msg00022.html))<br> - intel-microcode ([20230808](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230808) (includes [20230613](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230613)))<br> - libarchive ([3.7.1](https://github.com/libarchive/libarchive/releases/tag/v3.7.1) (includes [3.7.0](https://github.com/libarchive/libarchive/releases/tag/v3.7.0)))<br> - libassuan ([2.5.6](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libassuan.git;a=blob;f=NEWS;h=e52bb5dd36ac93ea227e53e89f82af9ccf38f339;hb=6b50ee6bcdd6aa81bd7cc3fb2379864c3ed479b8))<br> - libksba ([1.6.4](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=blob;f=NEWS;h=f640523209c1c9ce9855040e53914a79d24d6a67;hb=557999424ebd13e70d6fc17e648a5dd2a06f440b))<br> - libmd ([1.1.0](https://git.hadrons.org/cgit/libmd.git/log/?h=1.1.0))<br> - libuv ([1.46.0](https://github.com/libuv/libuv/releases/tag/v1.46.0) (includes [1.45.0](https://github.com/libuv/libuv/releases/tag/v1.45.0)))<br> - lsof ([4.98.0](https://github.com/lsof-org/lsof/blob/4.98.0/00DIST#L5471))<br> - open-isns ([0.102](https://github.com/open-iscsi/open-isns/blob/v0.102/ChangeLog))<br> - openldap ([2.6.3](https://lists.openldap.org/hyperkitty/list/openldap-announce@openldap.org/thread/FQJM2JSSSOMLQH7XC7Q5IZJYOGCTV2LK/) (includes [2.6](https://lists.openldap.org/hyperkitty/list/openldap-announce@openldap.org/thread/IHS5V46H6NFNFUERMC6AWMPHTWRVNLFA/)))<br> - parted ([3.6](https://git.savannah.gnu.org/gitweb/?p=parted.git;a=blob;f=NEWS;h=52bb11697039f70e55120c571750f9ee761a75aa;hb=3b5f327b213d21e9adb9ba933c78dd898fee5b1d))<br> - psmisc ([23.6](https://gitlab.com/psmisc/psmisc/-/blob/v23.6/ChangeLog))<br> - qemu guest agent ([8.0.3](https://wiki.qemu.org/ChangeLog/8.0#Guest_agent))<br> - quota ([4.09](https://sourceforge.net/p/linuxquota/code/ci/87d2fd7635e4bca54fa2a00b8d5b073ba9ca521b/tree/Changelog))<br> - runc ([1.1.9](https://github.com/opencontainers/runc/releases/tag/v1.1.9))<br> - vim ([9.0.1678](https://github.com/vim/vim/commits/v9.0.1678) (includes [9.0.1677](https://github.com/vim/vim/commits/v9.0.1677)))<br> - xfsprogs ([6.3.0](https://git.kernel.org/pub/scm/fs/xfs/xfsprogs-dev.git/tree/doc/CHANGES?h=v6.3.0))<br> - VMware: open-vm-tools ([12.3.0](https://github.com/vmware/open-vm-tools/releases/tag/stable-12.3.0))<br> - SDK: portage ([3.0.49](https://gitweb.gentoo.org/proj/portage.git/tree/NEWS?h=portage-3.0.49))<br> - SDK: Rust ([1.72.0](https://github.com/rust-lang/rust/releases/tag/1.72.0) (includes [1.71.1](https://github.com/rust-lang/rust/releases/tag/1.71.1)))<br> - SDK: qemu ([8.0.3](https://wiki.qemu.org/ChangeLog/8.0))<br><br>Packages:<br>- containerd 1.7.5<br>- docker 20.10.24<br>- ignition 2.15.0<br>- kernel 6.1.50<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-09-06T13:17:39+00:00 @@ -46,7 +54,7 @@ https://github.com/flatcar/scripts/releases/tag/alpha-3689.0.0 3689.0.0 - 2023-10-25T10:20:34.538937+00:00 + 2023-11-22T09:59:24.296715+00:00 _Changes since **Alpha 3665.0.0**_<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2022-48502](https://nvd.nist.gov/vuln/detail/CVE-2022-48502), [CVE-2023-20593](https://nvd.nist.gov/vuln/detail/CVE-2023-20593), [CVE-2023-2898](https://nvd.nist.gov/vuln/detail/CVE-2023-2898), [CVE-2023-31248](https://nvd.nist.gov/vuln/detail/CVE-2023-31248), [CVE-2023-35001](https://nvd.nist.gov/vuln/detail/CVE-2023-35001), [CVE-2023-3611](https://nvd.nist.gov/vuln/detail/CVE-2023-3611), [CVE-2023-3776](https://nvd.nist.gov/vuln/detail/CVE-2023-3776), [CVE-2023-3863](https://nvd.nist.gov/vuln/detail/CVE-2023-3863))<br> - Go ([CVE-2023-29406](https://nvd.nist.gov/vuln/detail/CVE-2023-29406), [CVE-2023-29409](https://nvd.nist.gov/vuln/detail/CVE-2023-29409))<br> - OpenSSH ([CVE-2023-38408](https://nvd.nist.gov/vuln/detail/CVE-2023-38408))<br> - OpenSSL ([CVE-2023-2975](https://nvd.nist.gov/vuln/detail/CVE-2023-2975), [CVE-2023-3446](https://nvd.nist.gov/vuln/detail/CVE-2023-3446))<br> - libxml2 ([libxml2-20230428](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.4))<br> - linux-firmware ([CVE-2023-20593](https://nvd.nist.gov/vuln/detail/CVE-2023-20593))<br> - openldap ([CVE-2023-2953](https://nvd.nist.gov/vuln/detail/CVE-2023-2953))<br> - shadow ([CVE-2023-29383](https://nvd.nist.gov/vuln/detail/CVE-2023-29383))<br> <br> #### Updates:<br> <br> - Linux ([6.1.43](https://lwn.net/Articles/940338) (includes [6.1.42](https://lwn.net/Articles/939423), [6.1.41](https://lwn.net/Articles/939103), [6.1.40](https://lwn.net/Articles/939015), [6.1.39](https://lwn.net/Articles/938619)))<br> - Go ([1.20.7](https://go.dev/doc/devel/release#go1.20.7))<br> - ca-certificates ([3.92](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_92.html))<br> - containerd ([1.7.3](https://github.com/containerd/containerd/releases/tag/v1.7.3))<br> - git ([2.41.0](https://lore.kernel.org/git/xmqqleh3a3wm.fsf@gitster.g/))<br> - iperf ([3.14](https://github.com/esnet/iperf/blob/master/RELNOTES.md#iperf-314-2023-07-07))<br> - libxml2 ([2.11.4](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.4))<br> - libxslt ([1.1.38](https://gitlab.gnome.org/GNOME/libxslt/-/releases/v1.1.38))<br> - openldap ([2.5.14](https://lists.openldap.org/hyperkitty/list/openldap-announce@openldap.org/thread/TZQHR4SIWUA5BZTKDAKSFDOOGDVU4TU7/) (includes [2.5](https://lists.openldap.org/hyperkitty/list/openldap-announce@openldap.org/thread/BH3VDPG6IYYF5L5U6LZGHHKMJY5HFA3L/)))<br> - runc ([1.1.8](https://github.com/opencontainers/runc/releases/tag/v1.1.8))<br> - SDK: pahole ([1.25](https://github.com/acmel/dwarves/blob/master/changes-v1.25))<br> - SDK: Rust ([1.71.0](https://github.com/rust-lang/rust/releases/tag/1.71.0))<br><br>Packages:<br>- containerd 1.7.3<br>- docker 20.10.24<br>- ignition 2.15.0<br>- kernel 6.1.43<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-08-09T11:44:42+00:00 @@ -54,7 +62,7 @@ https://github.com/flatcar/scripts/releases/tag/alpha-3665.0.0 3665.0.0 - 2023-10-25T10:20:34.533024+00:00 + 2023-11-22T09:59:24.290712+00:00 _Changes since **Alpha 3654.0.0**_<br> <br> #### Security fixes:<br> <br> - binutils ([CVE-2022-38533](https://nvd.nist.gov/vuln/detail/CVE-2022-38533), [CVE-2022-4285](https://nvd.nist.gov/vuln/detail/CVE-2022-4285), [CVE-2023-1579](https://nvd.nist.gov/vuln/detail/CVE-2023-1579), [CVE-2023-2222](https://nvd.nist.gov/vuln/detail/CVE-2023-2222))<br> - ncurses ([CVE-2023-29491](https://nvd.nist.gov/vuln/detail/CVE-2023-29491))<br> - protobuf ([CVE-2022-1941](https://nvd.nist.gov/vuln/detail/CVE-2022-1941))<br> <br> #### Changes:<br> <br> - :warning: Dropped support for niftycloud and interoute. For interoute we haven't been generating the images for some time already.<br> <br> #### Updates:<br> <br> - Linux ([6.1.38](https://lwn.net/Articles/937403))<br> - Linux Firmware ([20230625](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20230625))<br> - binutils ([2.40](https://lists.gnu.org/archive/html/info-gnu/2023-01/msg00003.html))<br> - containerd ([1.7.2](https://github.com/containerd/containerd/releases/tag/v1.7.2))<br> - elfutils ([0.189](https://sourceware.org/pipermail/elfutils-devel/2023q1/006023.html))<br> - glib ([2.76.3](https://gitlab.gnome.org/GNOME/glib/-/releases/2.76.3))<br> - ldb ([2.4.4](https://gitlab.com/samba-team/samba/-/commit/b686ef00da46d4a0c0aba0c61b1866cbc9b462b6) (includes [2.4.3](https://gitlab.com/samba-team/samba/-/commit/604f94704f30e90ef960aa2be62a14d2e614a002), [2.4.2](https://gitlab.com/samba-team/samba/-/commit/d93892d2e8ed69758c15ab18bc03bba09e715bc6)))<br> - lua ([5.4.4](https://www.lua.org/manual/5.4/readme.html#changes))<br> - ncurses ([6.4](https://invisible-island.net/ncurses/announce.html#h2-release-notes))<br> - nettle ([3.9.1](https://git.lysator.liu.se/nettle/nettle/-/blob/nettle_3.9.1_release_20230601/ChangeLog))<br> - nmap ([7.94](https://nmap.org/changelog.html#7.94))<br> - pax-utils ([1.3.7](https://gitweb.gentoo.org/proj/pax-utils.git/log/?h=v1.3.7))<br> - protobuf ([21.9](https://github.com/protocolbuffers/protobuf/releases/tag/v21.9))<br> - python ([3.11.3](https://www.python.org/downloads/release/python-3113/))<br> - talloc ([2.4.0](https://gitlab.com/samba-team/samba/-/commit/5224ed98eeba43f22b5f5f87de5947fbb1c1c7c1) (includes [2.3.4](https://gitlab.com/samba-team/samba/-/commit/0189ccf9fc3d2a77cc83cffe180e307bcdccebb4)))<br> - tdb ([1.4.8](https://gitlab.com/samba-team/samba/-/commit/eab796a4f9172e602dc262f3c99ead35b35929e7) (includes [1.4.7](https://gitlab.com/samba-team/samba/-/commit/27ceb1c3ad786386e746a5e2968780d791393b9e), [1.4.6](https://gitlab.com/samba-team/samba/-/commit/1c776e54cf33b46b2ed73263f093d596a0cdbb2f)))<br> - tevent ([0.14.1](https://gitlab.com/samba-team/samba/-/commits/tevent-0.14.1?ref_type=tags) (includes [0.14.0](https://gitlab.com/samba-team/samba/-/commits/tevent-0.14.0?ref_type=tags), [0.13.0](https://gitlab.com/samba-team/samba/-/commits/tevent-0.13.0?ref_type=tags), [0.12.1](https://gitlab.com/samba-team/samba/-/commits/tevent-0.12.1?ref_type=tags), [0.12.0](https://gitlab.com/samba-team/samba/-/commits/tevent-0.12.0?ref_type=tags)))<br> - SDK: perf ([6.3](https://kernelnewbies.org/LinuxChanges#Linux_6.3.Tracing.2C_perf_and_BPF))<br> - SDK: perl ([5.36.1](https://perldoc.perl.org/perl5361delta))<br> - SDK: qemu ([7.2.3](https://wiki.qemu.org/ChangeLog/7.2))<br>Packages:<br>- containerd 1.7.2<br>- docker 20.10.24<br>- ignition 2.15.0<br>- kernel 6.1.38<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-07-18T08:59:19+00:00 @@ -62,7 +70,7 @@ https://github.com/flatcar/scripts/releases/tag/alpha-3654.0.0 3654.0.0 - 2023-10-25T10:20:34.526618+00:00 + 2023-11-22T09:59:24.284302+00:00 _Changes since **Alpha 3637.0.0**_<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2023-3269](https://nvd.nist.gov/vuln/detail/CVE-2023-3269), [CVE-2023-3390](https://nvd.nist.gov/vuln/detail/CVE-2023-3390))<br> - OpenSSL ([CVE-2023-2650](https://nvd.nist.gov/vuln/detail/CVE-2023-2650))<br> - libmicrohttpd ([CVE-2023-27371](https://nvd.nist.gov/vuln/detail/CVE-2023-27371))<br> - vim ([CVE-2023-2426](https://nvd.nist.gov/vuln/detail/CVE-2023-2426))<br> <br> #### Bug fixes:<br> <br> - Ensured that the folder `/var/log/sssd` is created if it doesn't exist, required for `sssd.service` ([Flatcar#1096](https://github.com/flatcar/Flatcar/issues/1096))<br> - Worked around a bash regression in `flatcar-install` and added error reporting for disk write failures ([Flatcar#1059](https://github.com/flatcar/Flatcar/issues/1059))<br> <br> #### Changes:<br> <br> - Changed ext4 inode size of root partition to 256 bytes. This improves compatibility with applications and is necessary for 2038 readiness ([Flatcar#1082](https://github.com/flatcar/Flatcar/issues/1082))<br> - Updated locksmith to use non-deprecated resource control options in the systemd unit ([Locksmith#20](https://github.com/flatcar/locksmith/pull/20))<br> - SDK: Added the `build_sysext` script to ease building systemd-sysext images for Flatcar ([Flatcar#1052](https://github.com/flatcar/Flatcar/issues/1052), [scripts#920](https://github.com/flatcar/scripts/pull/920))<br> <br> #### Updates:<br> <br> - Linux ([6.1.37](https://lwn.net/Articles/937082) (includes [6.1.36](https://lwn.net/Articles/936674), [6.1.35](https://lwn.net/Articles/935588)))<br> - OpenSSL ([3.0.9](https://github.com/openssl/openssl/blob/openssl-3.0.9/NEWS.md#major-changes-between-openssl-308-and-openssl-309-30-may-2023))<br> - XZ utils ([5.4.3](https://git.tukaani.org/?p=xz.git;a=blob;f=NEWS;h=2f4d35adca6198671434d2988803cc9316ad1ec8;hb=dbb3a536ed9873ffa0870321f6873e564c6a9da8))<br> - bind tools ([9.16.41](https://bind9.readthedocs.io/en/v9.16.41/notes.html#notes-for-bind-9-16-41))<br> - bpftool ([6.3](https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/log/tools/bpf/bpftool?h=v6.3))<br> - ca-certificates ([3.91](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_91.html))<br> - coreutils ([9.3](https://lists.gnu.org/archive/html/info-gnu/2023-04/msg00006.html))<br> - curl ([8.1.2](https://curl.se/changes.html#8_1_2))<br> - diffutils ([3.10](https://lists.gnu.org/archive/html/info-gnu/2023-05/msg00009.html))<br> - ethtool ([6.3](https://git.kernel.org/pub/scm/network/ethtool/ethtool.git/commit/?id=7bdf78f0d2a9ae1571fe9444e552490130e573fd))<br> - gawk ([5.2.2](https://lists.gnu.org/archive/html/info-gnu/2023-05/msg00008.html))<br> - gdb ([13.2](https://lists.gnu.org/archive/html/info-gnu/2023-05/msg00011.html))<br> - grep ([3.11](https://lists.gnu.org/archive/html/info-gnu/2023-05/msg00004.html))<br> - hwdata ([0.371](https://github.com/vcrhonek/hwdata/commits/v0.371))<br> - intel-microcode ([20230512](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230512))<br> - iproute ([6.3.0](https://lwn.net/Articles/930473/))<br> - less ([633](http://www.greenwoodsoftware.com/less/news.633.html))<br> - libgpg-error ([1.47](https://dev.gnupg.org/T6231))<br> - libmicrohttpd ([0.9.76](https://lists.gnu.org/archive/html/libmicrohttpd/2023-02/msg00000.html))<br> - libpcap ([1.10.4](https://github.com/the-tcpdump-group/libpcap/blob/24832dd2728bd95ed9b9464ef27b47a943c38003/CHANGES#L51))<br> - multipath-tools ([0.9.5](https://github.com/opensvc/multipath-tools/commits/0.9.5))<br> - pciutils ([3.10.0](https://github.com/pciutils/pciutils/blob/v3.10.0/ChangeLog))<br> - sqlite ([3.42.0](https://sqlite.org/releaselog/3_42_0.html))<br> - strace ([6.3](https://github.com/strace/strace/releases/tag/v6.3))<br> - vim ([9.0.1503](https://github.com/vim/vim/commits/v9.0.1503))<br> - wget ([1.21.4](https://lists.gnu.org/archive/html/info-gnu/2023-05/msg00003.html))<br> - whois ([5.5.17](https://github.com/rfc1036/whois/commit/bac7108b01cfd54c517444efa1239e10e6edd5a4))<br> - SDK: portage ([3.0.46](https://gitweb.gentoo.org/proj/portage.git/tree/NEWS?h=portage-3.0.46))<br> - SDK: python ([3.10.12](https://www.python.org/downloads/release/python-31012/))<br><br>Packages:<br>- containerd 1.6.21<br>- docker 20.10.24<br>- ignition 2.15.0<br>- kernel 6.1.37<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-07-06T12:15:07+00:00 @@ -70,7 +78,7 @@ https://github.com/flatcar/scripts/releases/tag/alpha-3637.0.0 3637.0.0 - 2023-10-25T10:20:34.519489+00:00 + 2023-11-22T09:59:24.277116+00:00 _Changes since **Alpha 3619.0.0**_<br> <br>#### Security fixes:<br> <br>- Go ([CVE-2023-29402](https://nvd.nist.gov/vuln/detail/CVE-2023-29402), [CVE-2023-29403](https://nvd.nist.gov/vuln/detail/CVE-2023-29403), [CVE-2023-29404](https://nvd.nist.gov/vuln/detail/CVE-2023-29404), [CVE-2023-29405](https://nvd.nist.gov/vuln/detail/CVE-2023-29405))<br>- c-ares ([CVE-2023-31124](https://nvd.nist.gov/vuln/detail/CVE-2023-31124), [CVE-2023-31130](https://nvd.nist.gov/vuln/detail/CVE-2023-31130), [CVE-2023-31147](https://nvd.nist.gov/vuln/detail/CVE-2023-31147), [CVE-2023-32067](https://nvd.nist.gov/vuln/detail/CVE-2023-32067))<br>- sudo ([CVE-2023-27320](https://nvd.nist.gov/vuln/detail/CVE-2023-27320), [CVE-2023-28486](https://nvd.nist.gov/vuln/detail/CVE-2023-28486), [CVE-2023-28487](https://nvd.nist.gov/vuln/detail/CVE-2023-28487))<br>- VMware: open-vm-tools ([CVE-2023-20867](https://nvd.nist.gov/vuln/detail/CVE-2023-20867))<br> <br>#### Bug fixes:<br> <br>- Resolved the conflicting FD usage of libselinux and systemd which caused, e.g., a systemd crash on certain watchdog interaction during shutdown (patch in systemd 252.11)<br> <br>#### Changes:<br> <br>- Added TLS Kernel module ([scripts#865](https://github.com/flatcar/scripts/pull/865))<br>- Added support for multipart MIME userdata in coreos-cloudinit. Ignition now detects multipart userdata and delegates execution to coreos-cloudinit. ([scripts#873](https://github.com/flatcar/scripts/pull/873))<br>- Enabled the virtio GPU driver ([scripts#830](https://github.com/flatcar/scripts/pull/830))<br>- Migrate to Type=notify in containerd.service. Changed the unit to Type=notify, utilizing the existing containerd support for sd_notify call after socket setup. ([scripts#866](https://github.com/flatcar/scripts/pull/866))<br>- Migrated the NVIDIA installer from the Azure/AWS OEM partition to `/usr` to make it available on all platforms ([scripts#932](https://github.com/flatcar/scripts/pull/932/), [Flatcar#1077](https://github.com/flatcar/Flatcar/issues/1077))<br>- Azure and QEMU OEM images now use systemd-sysext images for layering additional platform-specific software on top of `/usr`. For Azure images this also means that the image has a normal Python installation available through the sysext image. The OEM software is still not updated but this will be added soon.<br>- Moved a mountpoint of the OEM partition from `/usr/share/oem` to `/oem`. `/usr/share/oem` became a symlink to `/oem` for backward compatibility. Despite the move, the initrd images providing files through `/usr/share/oem` should keep using `/usr/share/oem`. The move was done to enable activating the OEM sysext images that are placed in the OEM partition.<br> <br>#### Updates:<br> <br>- Linux ([6.1.34](https://lwn.net/Articles/934623) (includes [6.1.33](https://lwn.net/Articles/934319), [6.1.32](https://lwn.net/Articles/933908), [6.1.31](https://lwn.net/Articles/933281)))<br>- Go ([1.20.5](https://go.dev/doc/devel/release#go1.20.5))<br>- c-ares ([1.19.1](https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1))<br>- ca-certificates ([3.90](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_90.html))<br>- coreutils ([9.1](https://git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?h=v9.1))<br>- debianutils ([5.7](https://metadata.ftp-master.debian.org/changelogs//main/d/debianutils/debianutils_5.7-0.4_changelog))<br>- ethtool ([6.2](https://git.kernel.org/pub/scm/network/ethtool/ethtool.git/tree/NEWS?h=v6.2))<br>- grep ([3.8](http://savannah.gnu.org/forum/forum.php?forum_id=10227))<br>- hwdata ([0.367](https://github.com/vcrhonek/hwdata/releases/tag/v0.367))<br>- iproute ([6.2](https://lwn.net/Articles/923952/))<br>- kbd ([2.5.1](https://github.com/legionus/kbd/releases/tag/v2.5.1))<br>- kexec-tools ([2.0.24](https://github.com/horms/kexec-tools/releases/tag/v2.0.24))<br>- kmod ([30](https://lwn.net/Articles/899526/))<br>- less ([632](http://www.greenwoodsoftware.com/less/news.632.html))<br>- nvme-cli ([2.3](https://github.com/linux-nvme/nvme-cli/releases/tag/v2.3))<br>- pciutils ([3.9.0](https://github.com/pciutils/pciutils/releases/tag/v3.9.0))<br>- sed ([4.9](https://lists.gnu.org/archive/html/info-gnu/2022-11/msg00001.html))<br>- smartmontools ([7.3](https://github.com/smartmontools/smartmontools/releases/tag/RELEASE_7_3))<br>- strace ([6.2](https://github.com/strace/strace/releases/tag/v6.2))<br>- sudo ([1.9.13p3](https://www.sudo.ws/releases/stable/#1.9.13p3))<br>- systemd ([252.11](https://github.com/systemd/systemd-stable/releases/tag/v252.11) (from 252.5))<br>- usbutils ([015](https://github.com/gregkh/usbutils/blob/79b796f945ea7d5c2b0e2a74f9b8819cb7948680/NEWS))<br>- util-linux ([2.38.1](https://github.com/util-linux/util-linux/releases/tag/v2.38.1))<br>- SDK: Rust ([1.70.0](https://github.com/rust-lang/rust/releases/tag/1.70.0))<br>- SDK: man-db ([2.11.2](https://gitlab.com/man-db/man-db/-/tags/2.11.2))<br>- SDK: man-pages ([6.03](https://lore.kernel.org/lkml/d56662b2-538c-7252-9052-8afbf325f843@gmail.com/T/))<br>- VMware: open-vm-tools ([12.2.5](https://github.com/vmware/open-vm-tools/releases/tag/stable-12.2.5))<br><br>Packages:<br>- containerd 1.6.21<br>- docker 20.10.24<br>- ignition 2.15.0<br>- kernel 6.1.34<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-06-21T12:17:26+00:00 @@ -78,7 +86,7 @@ https://github.com/flatcar/scripts/releases/tag/alpha-3619.0.0 3619.0.0 - 2023-10-25T10:20:34.511512+00:00 + 2023-11-22T09:59:24.269118+00:00 *NOTE*: this release has an issue with Equinix Metal arm64. Specific instances like c3.large.arm64 (Ampere Altra systems) do not boot with Kernel 6.1, due to soft lockup. In case of the systems, please stay with the previous version 3602.0.0 with Kernel 5.15. No other cloud provider is affected by the issue. The amd64 systems are also not affected.<br><br>_Changes since **Alpha 3602.0.0**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2020-36516](https://nvd.nist.gov/vuln/detail/CVE-2020-36516), [CVE-2021-26401](https://nvd.nist.gov/vuln/detail/CVE-2021-26401), [CVE-2021-33135](https://nvd.nist.gov/vuln/detail/CVE-2021-33135), [CVE-2021-33655](https://nvd.nist.gov/vuln/detail/CVE-2021-33655), [CVE-2021-3923](https://nvd.nist.gov/vuln/detail/CVE-2021-3923), [CVE-2021-4155](https://nvd.nist.gov/vuln/detail/CVE-2021-4155), [CVE-2021-4197](https://nvd.nist.gov/vuln/detail/CVE-2021-4197), [CVE-2021-43976](https://nvd.nist.gov/vuln/detail/CVE-2021-43976), [CVE-2021-44879](https://nvd.nist.gov/vuln/detail/CVE-2021-44879), [CVE-2021-45469](https://nvd.nist.gov/vuln/detail/CVE-2021-45469), [CVE-2022-0001](https://nvd.nist.gov/vuln/detail/CVE-2022-0001), [CVE-2022-0002](https://nvd.nist.gov/vuln/detail/CVE-2022-0002), [CVE-2022-0168](https://nvd.nist.gov/vuln/detail/CVE-2022-0168), [CVE-2022-0185](https://nvd.nist.gov/vuln/detail/CVE-2022-0185), [CVE-2022-0330](https://nvd.nist.gov/vuln/detail/CVE-2022-0330), [CVE-2022-0382](https://nvd.nist.gov/vuln/detail/CVE-2022-0382), [CVE-2022-0433](https://nvd.nist.gov/vuln/detail/CVE-2022-0433), [CVE-2022-0435](https://nvd.nist.gov/vuln/detail/CVE-2022-0435), [CVE-2022-0487](https://nvd.nist.gov/vuln/detail/CVE-2022-0487), [CVE-2022-0492](https://nvd.nist.gov/vuln/detail/CVE-2022-0492), [CVE-2022-0494](https://nvd.nist.gov/vuln/detail/CVE-2022-0494), [CVE-2022-0500](https://nvd.nist.gov/vuln/detail/CVE-2022-0500), [CVE-2022-0516](https://nvd.nist.gov/vuln/detail/CVE-2022-0516), [CVE-2022-0617](https://nvd.nist.gov/vuln/detail/CVE-2022-0617), [CVE-2022-0742](https://nvd.nist.gov/vuln/detail/CVE-2022-0742), [CVE-2022-0847](https://nvd.nist.gov/vuln/detail/CVE-2022-0847), [CVE-2022-0995](https://nvd.nist.gov/vuln/detail/CVE-2022-0995), [CVE-2022-1011](https://nvd.nist.gov/vuln/detail/CVE-2022-1011), [CVE-2022-1012](https://nvd.nist.gov/vuln/detail/CVE-2022-1012), [CVE-2022-1015](https://nvd.nist.gov/vuln/detail/CVE-2022-1015), [CVE-2022-1016](https://nvd.nist.gov/vuln/detail/CVE-2022-1016), [CVE-2022-1048](https://nvd.nist.gov/vuln/detail/CVE-2022-1048), [CVE-2022-1055](https://nvd.nist.gov/vuln/detail/CVE-2022-1055), [CVE-2022-1158](https://nvd.nist.gov/vuln/detail/CVE-2022-1158), [CVE-2022-1184](https://nvd.nist.gov/vuln/detail/CVE-2022-1184), [CVE-2022-1198](https://nvd.nist.gov/vuln/detail/CVE-2022-1198), [CVE-2022-1199](https://nvd.nist.gov/vuln/detail/CVE-2022-1199), [CVE-2022-1204](https://nvd.nist.gov/vuln/detail/CVE-2022-1204), [CVE-2022-1205](https://nvd.nist.gov/vuln/detail/CVE-2022-1205), [CVE-2022-1263](https://nvd.nist.gov/vuln/detail/CVE-2022-1263), [CVE-2022-1353](https://nvd.nist.gov/vuln/detail/CVE-2022-1353), [CVE-2022-1462](https://nvd.nist.gov/vuln/detail/CVE-2022-1462), [CVE-2022-1516](https://nvd.nist.gov/vuln/detail/CVE-2022-1516), [CVE-2022-1651](https://nvd.nist.gov/vuln/detail/CVE-2022-1651), [CVE-2022-1652](https://nvd.nist.gov/vuln/detail/CVE-2022-1652), [CVE-2022-1671](https://nvd.nist.gov/vuln/detail/CVE-2022-1671), [CVE-2022-1679](https://nvd.nist.gov/vuln/detail/CVE-2022-1679), [CVE-2022-1729](https://nvd.nist.gov/vuln/detail/CVE-2022-1729), [CVE-2022-1734](https://nvd.nist.gov/vuln/detail/CVE-2022-1734), [CVE-2022-1789](https://nvd.nist.gov/vuln/detail/CVE-2022-1789), [CVE-2022-1852](https://nvd.nist.gov/vuln/detail/CVE-2022-1852), [CVE-2022-1882](https://nvd.nist.gov/vuln/detail/CVE-2022-1882), [CVE-2022-1943](https://nvd.nist.gov/vuln/detail/CVE-2022-1943), [CVE-2022-1973](https://nvd.nist.gov/vuln/detail/CVE-2022-1973), [CVE-2022-1974](https://nvd.nist.gov/vuln/detail/CVE-2022-1974), [CVE-2022-1975](https://nvd.nist.gov/vuln/detail/CVE-2022-1975), [CVE-2022-1976](https://nvd.nist.gov/vuln/detail/CVE-2022-1976), [CVE-2022-1998](https://nvd.nist.gov/vuln/detail/CVE-2022-1998), [CVE-2022-20008](https://nvd.nist.gov/vuln/detail/CVE-2022-20008), [CVE-2022-20158](https://nvd.nist.gov/vuln/detail/CVE-2022-20158), [CVE-2022-20368](https://nvd.nist.gov/vuln/detail/CVE-2022-20368), [CVE-2022-20369](https://nvd.nist.gov/vuln/detail/CVE-2022-20369), [CVE-2022-20421](https://nvd.nist.gov/vuln/detail/CVE-2022-20421), [CVE-2022-20422](https://nvd.nist.gov/vuln/detail/CVE-2022-20422), [CVE-2022-20423](https://nvd.nist.gov/vuln/detail/CVE-2022-20423), [CVE-2022-20566](https://nvd.nist.gov/vuln/detail/CVE-2022-20566), [CVE-2022-20572](https://nvd.nist.gov/vuln/detail/CVE-2022-20572), [CVE-2022-2078](https://nvd.nist.gov/vuln/detail/CVE-2022-2078), [CVE-2022-21123](https://nvd.nist.gov/vuln/detail/CVE-2022-21123), [CVE-2022-21125](https://nvd.nist.gov/vuln/detail/CVE-2022-21125), [CVE-2022-21166](https://nvd.nist.gov/vuln/detail/CVE-2022-21166), [CVE-2022-21499](https://nvd.nist.gov/vuln/detail/CVE-2022-21499), [CVE-2022-21505](https://nvd.nist.gov/vuln/detail/CVE-2022-21505), [CVE-2022-2153](https://nvd.nist.gov/vuln/detail/CVE-2022-2153), [CVE-2022-2196](https://nvd.nist.gov/vuln/detail/CVE-2022-2196), [CVE-2022-22942](https://nvd.nist.gov/vuln/detail/CVE-2022-22942), [CVE-2022-23036](https://nvd.nist.gov/vuln/detail/CVE-2022-23036), [CVE-2022-23037](https://nvd.nist.gov/vuln/detail/CVE-2022-23037), [CVE-2022-23038](https://nvd.nist.gov/vuln/detail/CVE-2022-23038), [CVE-2022-23039](https://nvd.nist.gov/vuln/detail/CVE-2022-23039), [CVE-2022-23040](https://nvd.nist.gov/vuln/detail/CVE-2022-23040), [CVE-2022-23041](https://nvd.nist.gov/vuln/detail/CVE-2022-23041), [CVE-2022-23042](https://nvd.nist.gov/vuln/detail/CVE-2022-23042), [CVE-2022-2308](https://nvd.nist.gov/vuln/detail/CVE-2022-2308), [CVE-2022-2318](https://nvd.nist.gov/vuln/detail/CVE-2022-2318), [CVE-2022-23222](https://nvd.nist.gov/vuln/detail/CVE-2022-23222), [CVE-2022-2380](https://nvd.nist.gov/vuln/detail/CVE-2022-2380), [CVE-2022-23960](https://nvd.nist.gov/vuln/detail/CVE-2022-23960), [CVE-2022-24448](https://nvd.nist.gov/vuln/detail/CVE-2022-24448), [CVE-2022-24958](https://nvd.nist.gov/vuln/detail/CVE-2022-24958), [CVE-2022-24959](https://nvd.nist.gov/vuln/detail/CVE-2022-24959), [CVE-2022-2503](https://nvd.nist.gov/vuln/detail/CVE-2022-2503), [CVE-2022-25258](https://nvd.nist.gov/vuln/detail/CVE-2022-25258), [CVE-2022-25375](https://nvd.nist.gov/vuln/detail/CVE-2022-25375), [CVE-2022-25636](https://nvd.nist.gov/vuln/detail/CVE-2022-25636), [CVE-2022-2585](https://nvd.nist.gov/vuln/detail/CVE-2022-2585), [CVE-2022-2586](https://nvd.nist.gov/vuln/detail/CVE-2022-2586), [CVE-2022-2588](https://nvd.nist.gov/vuln/detail/CVE-2022-2588), [CVE-2022-2590](https://nvd.nist.gov/vuln/detail/CVE-2022-2590), [CVE-2022-2602](https://nvd.nist.gov/vuln/detail/CVE-2022-2602), [CVE-2022-26365](https://nvd.nist.gov/vuln/detail/CVE-2022-26365), [CVE-2022-26373](https://nvd.nist.gov/vuln/detail/CVE-2022-26373), [CVE-2022-2639](https://nvd.nist.gov/vuln/detail/CVE-2022-2639), [CVE-2022-26490](https://nvd.nist.gov/vuln/detail/CVE-2022-26490), [CVE-2022-2663](https://nvd.nist.gov/vuln/detail/CVE-2022-2663), [CVE-2022-26966](https://nvd.nist.gov/vuln/detail/CVE-2022-26966), [CVE-2022-27223](https://nvd.nist.gov/vuln/detail/CVE-2022-27223), [CVE-2022-27666](https://nvd.nist.gov/vuln/detail/CVE-2022-27666), [CVE-2022-27672](https://nvd.nist.gov/vuln/detail/CVE-2022-27672), [CVE-2022-2785](https://nvd.nist.gov/vuln/detail/CVE-2022-2785), [CVE-2022-27950](https://nvd.nist.gov/vuln/detail/CVE-2022-27950), [CVE-2022-28356](https://nvd.nist.gov/vuln/detail/CVE-2022-28356), [CVE-2022-28388](https://nvd.nist.gov/vuln/detail/CVE-2022-28388), [CVE-2022-28389](https://nvd.nist.gov/vuln/detail/CVE-2022-28389), [CVE-2022-28390](https://nvd.nist.gov/vuln/detail/CVE-2022-28390), [CVE-2022-2873](https://nvd.nist.gov/vuln/detail/CVE-2022-2873), [CVE-2022-28796](https://nvd.nist.gov/vuln/detail/CVE-2022-28796), [CVE-2022-28893](https://nvd.nist.gov/vuln/detail/CVE-2022-28893), [CVE-2022-2905](https://nvd.nist.gov/vuln/detail/CVE-2022-2905), [CVE-2022-29156](https://nvd.nist.gov/vuln/detail/CVE-2022-29156), [CVE-2022-2938](https://nvd.nist.gov/vuln/detail/CVE-2022-2938), [CVE-2022-29581](https://nvd.nist.gov/vuln/detail/CVE-2022-29581), [CVE-2022-29582](https://nvd.nist.gov/vuln/detail/CVE-2022-29582), [CVE-2022-2959](https://nvd.nist.gov/vuln/detail/CVE-2022-2959), [CVE-2022-2964](https://nvd.nist.gov/vuln/detail/CVE-2022-2964), [CVE-2022-2977](https://nvd.nist.gov/vuln/detail/CVE-2022-2977), [CVE-2022-2978](https://nvd.nist.gov/vuln/detail/CVE-2022-2978), [CVE-2022-29900](https://nvd.nist.gov/vuln/detail/CVE-2022-29900), [CVE-2022-29901](https://nvd.nist.gov/vuln/detail/CVE-2022-29901), [CVE-2022-29968](https://nvd.nist.gov/vuln/detail/CVE-2022-29968), [CVE-2022-3028](https://nvd.nist.gov/vuln/detail/CVE-2022-3028), [CVE-2022-30594](https://nvd.nist.gov/vuln/detail/CVE-2022-30594), [CVE-2022-3077](https://nvd.nist.gov/vuln/detail/CVE-2022-3077), [CVE-2022-3078](https://nvd.nist.gov/vuln/detail/CVE-2022-3078), [CVE-2022-3104](https://nvd.nist.gov/vuln/detail/CVE-2022-3104), [CVE-2022-3105](https://nvd.nist.gov/vuln/detail/CVE-2022-3105), [CVE-2022-3107](https://nvd.nist.gov/vuln/detail/CVE-2022-3107), [CVE-2022-3108](https://nvd.nist.gov/vuln/detail/CVE-2022-3108), [CVE-2022-3110](https://nvd.nist.gov/vuln/detail/CVE-2022-3110), [CVE-2022-3111](https://nvd.nist.gov/vuln/detail/CVE-2022-3111), [CVE-2022-3112](https://nvd.nist.gov/vuln/detail/CVE-2022-3112), [CVE-2022-3113](https://nvd.nist.gov/vuln/detail/CVE-2022-3113), [CVE-2022-3115](https://nvd.nist.gov/vuln/detail/CVE-2022-3115), [CVE-2022-3169](https://nvd.nist.gov/vuln/detail/CVE-2022-3169), [CVE-2022-3202](https://nvd.nist.gov/vuln/detail/CVE-2022-3202), [CVE-2022-32250](https://nvd.nist.gov/vuln/detail/CVE-2022-32250), [CVE-2022-32296](https://nvd.nist.gov/vuln/detail/CVE-2022-32296), [CVE-2022-3239](https://nvd.nist.gov/vuln/detail/CVE-2022-3239), [CVE-2022-32981](https://nvd.nist.gov/vuln/detail/CVE-2022-32981), [CVE-2022-3303](https://nvd.nist.gov/vuln/detail/CVE-2022-3303), [CVE-2022-3344](https://nvd.nist.gov/vuln/detail/CVE-2022-3344), [CVE-2022-33740](https://nvd.nist.gov/vuln/detail/CVE-2022-33740), [CVE-2022-33741](https://nvd.nist.gov/vuln/detail/CVE-2022-33741), [CVE-2022-33742](https://nvd.nist.gov/vuln/detail/CVE-2022-33742), [CVE-2022-33743](https://nvd.nist.gov/vuln/detail/CVE-2022-33743), [CVE-2022-33744](https://nvd.nist.gov/vuln/detail/CVE-2022-33744), [CVE-2022-33981](https://nvd.nist.gov/vuln/detail/CVE-2022-33981), [CVE-2022-3424](https://nvd.nist.gov/vuln/detail/CVE-2022-3424), [CVE-2022-3435](https://nvd.nist.gov/vuln/detail/CVE-2022-3435), [CVE-2022-34494](https://nvd.nist.gov/vuln/detail/CVE-2022-34494), [CVE-2022-34495](https://nvd.nist.gov/vuln/detail/CVE-2022-34495), [CVE-2022-34918](https://nvd.nist.gov/vuln/detail/CVE-2022-34918), [CVE-2022-3521](https://nvd.nist.gov/vuln/detail/CVE-2022-3521), [CVE-2022-3524](https://nvd.nist.gov/vuln/detail/CVE-2022-3524), [CVE-2022-3526](https://nvd.nist.gov/vuln/detail/CVE-2022-3526), [CVE-2022-3534](https://nvd.nist.gov/vuln/detail/CVE-2022-3534), [CVE-2022-3541](https://nvd.nist.gov/vuln/detail/CVE-2022-3541), [CVE-2022-3543](https://nvd.nist.gov/vuln/detail/CVE-2022-3543), [CVE-2022-3564](https://nvd.nist.gov/vuln/detail/CVE-2022-3564), [CVE-2022-3565](https://nvd.nist.gov/vuln/detail/CVE-2022-3565), [CVE-2022-3577](https://nvd.nist.gov/vuln/detail/CVE-2022-3577), [CVE-2022-3586](https://nvd.nist.gov/vuln/detail/CVE-2022-3586), [CVE-2022-3594](https://nvd.nist.gov/vuln/detail/CVE-2022-3594), [CVE-2022-3595](https://nvd.nist.gov/vuln/detail/CVE-2022-3595), [CVE-2022-36123](https://nvd.nist.gov/vuln/detail/CVE-2022-36123), [CVE-2022-3619](https://nvd.nist.gov/vuln/detail/CVE-2022-3619), [CVE-2022-3621](https://nvd.nist.gov/vuln/detail/CVE-2022-3621), [CVE-2022-3623](https://nvd.nist.gov/vuln/detail/CVE-2022-3623), [CVE-2022-3625](https://nvd.nist.gov/vuln/detail/CVE-2022-3625), [CVE-2022-3628](https://nvd.nist.gov/vuln/detail/CVE-2022-3628), [CVE-2022-36280](https://nvd.nist.gov/vuln/detail/CVE-2022-36280), [CVE-2022-3635](https://nvd.nist.gov/vuln/detail/CVE-2022-3635), [CVE-2022-3640](https://nvd.nist.gov/vuln/detail/CVE-2022-3640), [CVE-2022-3643](https://nvd.nist.gov/vuln/detail/CVE-2022-3643), [CVE-2022-3646](https://nvd.nist.gov/vuln/detail/CVE-2022-3646), [CVE-2022-3649](https://nvd.nist.gov/vuln/detail/CVE-2022-3649), [CVE-2022-36879](https://nvd.nist.gov/vuln/detail/CVE-2022-36879), [CVE-2022-36946](https://nvd.nist.gov/vuln/detail/CVE-2022-36946), [CVE-2022-3707](https://nvd.nist.gov/vuln/detail/CVE-2022-3707), [CVE-2022-38457](https://nvd.nist.gov/vuln/detail/CVE-2022-38457), [CVE-2022-3910](https://nvd.nist.gov/vuln/detail/CVE-2022-3910), [CVE-2022-39189](https://nvd.nist.gov/vuln/detail/CVE-2022-39189), [CVE-2022-39190](https://nvd.nist.gov/vuln/detail/CVE-2022-39190), [CVE-2022-3977](https://nvd.nist.gov/vuln/detail/CVE-2022-3977), [CVE-2022-40133](https://nvd.nist.gov/vuln/detail/CVE-2022-40133), [CVE-2022-40307](https://nvd.nist.gov/vuln/detail/CVE-2022-40307), [CVE-2022-40768](https://nvd.nist.gov/vuln/detail/CVE-2022-40768), [CVE-2022-41218](https://nvd.nist.gov/vuln/detail/CVE-2022-41218), [CVE-2022-4128](https://nvd.nist.gov/vuln/detail/CVE-2022-4128), [CVE-2022-4139](https://nvd.nist.gov/vuln/detail/CVE-2022-4139), [CVE-2022-41674](https://nvd.nist.gov/vuln/detail/CVE-2022-41674), [CVE-2022-41849](https://nvd.nist.gov/vuln/detail/CVE-2022-41849), [CVE-2022-41850](https://nvd.nist.gov/vuln/detail/CVE-2022-41850), [CVE-2022-41858](https://nvd.nist.gov/vuln/detail/CVE-2022-41858), [CVE-2022-42328](https://nvd.nist.gov/vuln/detail/CVE-2022-42328), [CVE-2022-42329](https://nvd.nist.gov/vuln/detail/CVE-2022-42329), [CVE-2022-42432](https://nvd.nist.gov/vuln/detail/CVE-2022-42432), [CVE-2022-4269](https://nvd.nist.gov/vuln/detail/CVE-2022-4269), [CVE-2022-42703](https://nvd.nist.gov/vuln/detail/CVE-2022-42703), [CVE-2022-42719](https://nvd.nist.gov/vuln/detail/CVE-2022-42719), [CVE-2022-42720](https://nvd.nist.gov/vuln/detail/CVE-2022-42720), [CVE-2022-42721](https://nvd.nist.gov/vuln/detail/CVE-2022-42721), [CVE-2022-42722](https://nvd.nist.gov/vuln/detail/CVE-2022-42722), [CVE-2022-42895](https://nvd.nist.gov/vuln/detail/CVE-2022-42895), [CVE-2022-42896](https://nvd.nist.gov/vuln/detail/CVE-2022-42896), [CVE-2022-43750](https://nvd.nist.gov/vuln/detail/CVE-2022-43750), [CVE-2022-4378](https://nvd.nist.gov/vuln/detail/CVE-2022-4378), [CVE-2022-4379](https://nvd.nist.gov/vuln/detail/CVE-2022-4379), [CVE-2022-4382](https://nvd.nist.gov/vuln/detail/CVE-2022-4382), [CVE-2022-43945](https://nvd.nist.gov/vuln/detail/CVE-2022-43945), [CVE-2022-45869](https://nvd.nist.gov/vuln/detail/CVE-2022-45869), [CVE-2022-45934](https://nvd.nist.gov/vuln/detail/CVE-2022-45934), [CVE-2022-47518](https://nvd.nist.gov/vuln/detail/CVE-2022-47518), [CVE-2022-47519](https://nvd.nist.gov/vuln/detail/CVE-2022-47519), [CVE-2022-47520](https://nvd.nist.gov/vuln/detail/CVE-2022-47520), [CVE-2022-47521](https://nvd.nist.gov/vuln/detail/CVE-2022-47521), [CVE-2022-47929](https://nvd.nist.gov/vuln/detail/CVE-2022-47929), [CVE-2022-47938](https://nvd.nist.gov/vuln/detail/CVE-2022-47938), [CVE-2022-47939](https://nvd.nist.gov/vuln/detail/CVE-2022-47939), [CVE-2022-47940](https://nvd.nist.gov/vuln/detail/CVE-2022-47940), [CVE-2022-47941](https://nvd.nist.gov/vuln/detail/CVE-2022-47941), [CVE-2022-47942](https://nvd.nist.gov/vuln/detail/CVE-2022-47942), [CVE-2022-47943](https://nvd.nist.gov/vuln/detail/CVE-2022-47943), [CVE-2022-4842](https://nvd.nist.gov/vuln/detail/CVE-2022-4842), [CVE-2022-48423](https://nvd.nist.gov/vuln/detail/CVE-2022-48423), [CVE-2022-48424](https://nvd.nist.gov/vuln/detail/CVE-2022-48424), [CVE-2022-48425](https://nvd.nist.gov/vuln/detail/CVE-2022-48425), [CVE-2023-0045](https://nvd.nist.gov/vuln/detail/CVE-2023-0045), [CVE-2023-0179](https://nvd.nist.gov/vuln/detail/CVE-2023-0179), [CVE-2023-0210](https://nvd.nist.gov/vuln/detail/CVE-2023-0210), [CVE-2023-0266](https://nvd.nist.gov/vuln/detail/CVE-2023-0266), [CVE-2023-0386](https://nvd.nist.gov/vuln/detail/CVE-2023-0386), [CVE-2023-0394](https://nvd.nist.gov/vuln/detail/CVE-2023-0394), [CVE-2023-0458](https://nvd.nist.gov/vuln/detail/CVE-2023-0458), [CVE-2023-0459](https://nvd.nist.gov/vuln/detail/CVE-2023-0459), [CVE-2023-0461](https://nvd.nist.gov/vuln/detail/CVE-2023-0461), [CVE-2023-0468](https://nvd.nist.gov/vuln/detail/CVE-2023-0468), [CVE-2023-0469](https://nvd.nist.gov/vuln/detail/CVE-2023-0469), [CVE-2023-0590](https://nvd.nist.gov/vuln/detail/CVE-2023-0590), [CVE-2023-1032](https://nvd.nist.gov/vuln/detail/CVE-2023-1032), [CVE-2023-1073](https://nvd.nist.gov/vuln/detail/CVE-2023-1073), [CVE-2023-1074](https://nvd.nist.gov/vuln/detail/CVE-2023-1074), [CVE-2023-1075](https://nvd.nist.gov/vuln/detail/CVE-2023-1075), [CVE-2023-1076](https://nvd.nist.gov/vuln/detail/CVE-2023-1076), [CVE-2023-1077](https://nvd.nist.gov/vuln/detail/CVE-2023-1077), [CVE-2023-1078](https://nvd.nist.gov/vuln/detail/CVE-2023-1078), [CVE-2023-1079](https://nvd.nist.gov/vuln/detail/CVE-2023-1079), [CVE-2023-1095](https://nvd.nist.gov/vuln/detail/CVE-2023-1095), [CVE-2023-1118](https://nvd.nist.gov/vuln/detail/CVE-2023-1118), [CVE-2023-1249](https://nvd.nist.gov/vuln/detail/CVE-2023-1249), [CVE-2023-1281](https://nvd.nist.gov/vuln/detail/CVE-2023-1281), [CVE-2023-1380](https://nvd.nist.gov/vuln/detail/CVE-2023-1380), [CVE-2023-1382](https://nvd.nist.gov/vuln/detail/CVE-2023-1382), [CVE-2023-1513](https://nvd.nist.gov/vuln/detail/CVE-2023-1513), [CVE-2023-1582](https://nvd.nist.gov/vuln/detail/CVE-2023-1582), [CVE-2023-1583](https://nvd.nist.gov/vuln/detail/CVE-2023-1583), [CVE-2023-1611](https://nvd.nist.gov/vuln/detail/CVE-2023-1611), [CVE-2023-1637](https://nvd.nist.gov/vuln/detail/CVE-2023-1637), [CVE-2023-1652](https://nvd.nist.gov/vuln/detail/CVE-2023-1652), [CVE-2023-1670](https://nvd.nist.gov/vuln/detail/CVE-2023-1670), [CVE-2023-1829](https://nvd.nist.gov/vuln/detail/CVE-2023-1829), [CVE-2023-1838](https://nvd.nist.gov/vuln/detail/CVE-2023-1838), [CVE-2023-1855](https://nvd.nist.gov/vuln/detail/CVE-2023-1855), [CVE-2023-1859](https://nvd.nist.gov/vuln/detail/CVE-2023-1859), [CVE-2023-1872](https://nvd.nist.gov/vuln/detail/CVE-2023-1872), [CVE-2023-1989](https://nvd.nist.gov/vuln/detail/CVE-2023-1989), [CVE-2023-1990](https://nvd.nist.gov/vuln/detail/CVE-2023-1990), [CVE-2023-1998](https://nvd.nist.gov/vuln/detail/CVE-2023-1998), [CVE-2023-2002](https://nvd.nist.gov/vuln/detail/CVE-2023-2002), [CVE-2023-2006](https://nvd.nist.gov/vuln/detail/CVE-2023-2006), [CVE-2023-2008](https://nvd.nist.gov/vuln/detail/CVE-2023-2008), [CVE-2023-2019](https://nvd.nist.gov/vuln/detail/CVE-2023-2019), [CVE-2023-20928](https://nvd.nist.gov/vuln/detail/CVE-2023-20928), [CVE-2023-20938](https://nvd.nist.gov/vuln/detail/CVE-2023-20938), [CVE-2023-21102](https://nvd.nist.gov/vuln/detail/CVE-2023-21102), [CVE-2023-21106](https://nvd.nist.gov/vuln/detail/CVE-2023-21106), [CVE-2023-2162](https://nvd.nist.gov/vuln/detail/CVE-2023-2162), [CVE-2023-2166](https://nvd.nist.gov/vuln/detail/CVE-2023-2166), [CVE-2023-2177](https://nvd.nist.gov/vuln/detail/CVE-2023-2177), [CVE-2023-2194](https://nvd.nist.gov/vuln/detail/CVE-2023-2194), [CVE-2023-2235](https://nvd.nist.gov/vuln/detail/CVE-2023-2235), [CVE-2023-2236](https://nvd.nist.gov/vuln/detail/CVE-2023-2236), [CVE-2023-2269](https://nvd.nist.gov/vuln/detail/CVE-2023-2269), [CVE-2023-22996](https://nvd.nist.gov/vuln/detail/CVE-2023-22996), [CVE-2023-22997](https://nvd.nist.gov/vuln/detail/CVE-2023-22997), [CVE-2023-22998](https://nvd.nist.gov/vuln/detail/CVE-2023-22998), [CVE-2023-22999](https://nvd.nist.gov/vuln/detail/CVE-2023-22999), [CVE-2023-23001](https://nvd.nist.gov/vuln/detail/CVE-2023-23001), [CVE-2023-23002](https://nvd.nist.gov/vuln/detail/CVE-2023-23002), [CVE-2023-23454](https://nvd.nist.gov/vuln/detail/CVE-2023-23454), [CVE-2023-23455](https://nvd.nist.gov/vuln/detail/CVE-2023-23455), [CVE-2023-23559](https://nvd.nist.gov/vuln/detail/CVE-2023-23559), [CVE-2023-25012](https://nvd.nist.gov/vuln/detail/CVE-2023-25012), [CVE-2023-2513](https://nvd.nist.gov/vuln/detail/CVE-2023-2513), [CVE-2023-26544](https://nvd.nist.gov/vuln/detail/CVE-2023-26544), [CVE-2023-26545](https://nvd.nist.gov/vuln/detail/CVE-2023-26545), [CVE-2023-26606](https://nvd.nist.gov/vuln/detail/CVE-2023-26606), [CVE-2023-26607](https://nvd.nist.gov/vuln/detail/CVE-2023-26607), [CVE-2023-28327](https://nvd.nist.gov/vuln/detail/CVE-2023-28327), [CVE-2023-28328](https://nvd.nist.gov/vuln/detail/CVE-2023-28328), [CVE-2023-28410](https://nvd.nist.gov/vuln/detail/CVE-2023-28410), [CVE-2023-28466](https://nvd.nist.gov/vuln/detail/CVE-2023-28466), [CVE-2023-28866](https://nvd.nist.gov/vuln/detail/CVE-2023-28866), [CVE-2023-30456](https://nvd.nist.gov/vuln/detail/CVE-2023-30456), [CVE-2023-30772](https://nvd.nist.gov/vuln/detail/CVE-2023-30772), [CVE-2023-31436](https://nvd.nist.gov/vuln/detail/CVE-2023-31436), [CVE-2023-32233](https://nvd.nist.gov/vuln/detail/CVE-2023-32233), [CVE-2023-32250](https://nvd.nist.gov/vuln/detail/CVE-2023-32250), [CVE-2023-32254](https://nvd.nist.gov/vuln/detail/CVE-2023-32254), [CVE-2023-32269](https://nvd.nist.gov/vuln/detail/CVE-2023-32269), [CVE-2023-33203](https://nvd.nist.gov/vuln/detail/CVE-2023-33203), [CVE-2023-33288](https://nvd.nist.gov/vuln/detail/CVE-2023-33288))<br>- curl ([CVE-2023-28319](https://nvd.nist.gov/vuln/detail/CVE-2023-28319), [CVE-2023-28320](https://nvd.nist.gov/vuln/detail/CVE-2023-28320), [CVE-2023-28321](https://nvd.nist.gov/vuln/detail/CVE-2023-28321), [CVE-2023-28322](https://nvd.nist.gov/vuln/detail/CVE-2023-28322))<br>- git ([CVE-2023-25652](https://nvd.nist.gov/vuln/detail/CVE-2023-25652), [CVE-2023-25815](https://nvd.nist.gov/vuln/detail/CVE-2023-25815), [CVE-2023-29007](https://nvd.nist.gov/vuln/detail/CVE-2023-29007))<br>- libcap ([CVE-2023-2602](https://nvd.nist.gov/vuln/detail/CVE-2023-2602), [CVE-2023-2603](https://nvd.nist.gov/vuln/detail/CVE-2023-2603))<br><br>#### Bug fixes:<br><br><br>#### Changes:<br><br><br>#### Updates:<br><br>- Linux ([6.1.30](https://lwn.net/Articles/932882) (includes [6.1.29](https://lwn.net/Articles/932133), [6.1.28](https://lwn.net/Articles/931651), [6.1.27](https://lwn.net/Articles/930597/), [6.1](https://kernelnewbies.org/Linux_6.1)))<br>- Linux Firmware ([20230515](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20230515))<br>- Go ([1.20.4](https://go.dev/doc/devel/release#go1.20.4))<br>- curl ([8.1.0](https://curl.se/changes.html#8_1_0))<br>- git ([2.39.3](https://github.com/git/git/blob/v2.39.3/Documentation/RelNotes/2.39.3.txt))<br>- glib ([2.76.2](https://gitlab.gnome.org/GNOME/glib/-/releases/2.76.2))<br>- gptfdisk ([1.0.9](https://sourceforge.net/p/gptfdisk/code/ci/1d46f3723bc25f5598266f7d9a3548af3cee0c77/tree/NEWS))<br>- inih ([56](https://github.com/benhoyt/inih/releases/tag/r56))<br>- ipset ([7.17](https://git.netfilter.org/ipset/tree/ChangeLog?id=186f9b57c60bb53aae5f6633eff1e9d5e9095c3e))<br>- libbsd ([0.11.7](https://lists.freedesktop.org/archives/libbsd/2022-October/000337.html))<br>- libcap ([2.69](https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.iuvg7sbjg8pe))<br>- libgcrypt ([1.10.1](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=blob;f=NEWS;h=03132c2a115e35783a782c64777cf5f5b1a2825f;hb=ae0e567820c37f9640440b3cff77d7c185aa6742))<br>- libgpg-error ([1.46](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgpg-error.git;a=blob;f=NEWS;h=14b0ba97d6ba2b10b3178f2e4a3e24bfc2355bb3;hb=ea031873aa9642831017937fd33e9009d514ee07))<br>- libnftnl ([1.2.5](https://git.netfilter.org/libnftnl/log/?h=libnftnl-1.2.5))<br>- libpcre (8.45)<br>- libpipeline ([1.5.7](https://gitlab.com/libpipeline/libpipeline/-/tags/1.5.7))<br>- libusb ([1.0.26](https://github.com/libusb/libusb/blob/v1.0.26/ChangeLog))<br>- popt ([1.19](https://github.com/rpm-software-management/popt/releases/tag/popt-1.19-release))<br>- qemu guest agent ([8.0.0](https://wiki.qemu.org/ChangeLog/8.0#Guest_agent))<br>- sed ([4.9](https://lists.gnu.org/archive/html/info-gnu/2022-11/msg00001.html))<br>- userspace-rcu ([0.14.0](https://github.com/urcu/userspace-rcu/blob/v0.13.2/ChangeLog))<br>- zstandard ([1.5.5](https://github.com/facebook/zstd/releases/tag/v1.5.5))<br>- AWS: amazon-ssm-agent ([3.2.985.0](https://github.com/aws/amazon-ssm-agent/releases/tag/3.2.985.0))<br>- SDK: python ([3.10.11](https://www.python.org/downloads/release/python-31011/))<br><br>Packages:<br>- containerd 1.6.21<br>- docker 20.10.24<br>- ignition 2.15.0<br>- kernel 6.1.30<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-06-01T11:53:20+00:00 @@ -86,7 +94,7 @@ https://github.com/flatcar/scripts/releases/tag/alpha-3602.0.0 3602.0.0 - 2023-10-25T10:20:34.493752+00:00 + 2023-11-22T09:59:24.251004+00:00 _Changes since **Alpha 3572.0.1**_<br> <br> #### Security fixes:<br> <br>- Linux ([CVE-2023-1380](https://nvd.nist.gov/vuln/detail/CVE-2023-1380), [CVE-2023-2002](https://nvd.nist.gov/vuln/detail/CVE-2023-2002), [CVE-2023-31436](https://nvd.nist.gov/vuln/detail/CVE-2023-31436))<br>- Go ([CVE-2023-24539](https://nvd.nist.gov/vuln/detail/CVE-2023-24539), [CVE-2023-24540](https://nvd.nist.gov/vuln/detail/CVE-2023-24540), [CVE-2023-29400](https://nvd.nist.gov/vuln/detail/CVE-2023-29400))<br>- OpenSSH ([CVE-2023-28531](https://nvd.nist.gov/vuln/detail/CVE-2023-28531))<br>- OpenSSL ([CVE-2023-0464](https://nvd.nist.gov/vuln/detail/CVE-2023-0464), [CVE-2023-0465](https://nvd.nist.gov/vuln/detail/CVE-2023-0465), [CVE-2023-0466](https://nvd.nist.gov/vuln/detail/CVE-2023-0466), [CVE-2023-1255](https://nvd.nist.gov/vuln/detail/CVE-2023-1255))<br>- bash ([CVE-2022-3715](https://nvd.nist.gov/vuln/detail/CVE-2022-3715))<br>- c-ares ([CVE-2022-4904](https://nvd.nist.gov/vuln/detail/CVE-2022-4904))<br>- curl ([CVE-2023-27533](https://nvd.nist.gov/vuln/detail/CVE-2023-27533), [CVE-2023-27534](https://nvd.nist.gov/vuln/detail/CVE-2023-27534), [CVE-2023-27535](https://nvd.nist.gov/vuln/detail/CVE-2023-27535), [CVE-2023-27536](https://nvd.nist.gov/vuln/detail/CVE-2023-27536), [CVE-2023-27537](https://nvd.nist.gov/vuln/detail/CVE-2023-27537), [CVE-2023-27538](https://nvd.nist.gov/vuln/detail/CVE-2023-27538))<br>- libxml2 ([CVE-2023-28484](https://nvd.nist.gov/vuln/detail/CVE-2023-28484), [CVE-2023-29469](https://nvd.nist.gov/vuln/detail/CVE-2023-29469))<br> <br>#### Bug fixes:<br> <br>- Fixed a miscompilation of getfacl causing it to dump core when executed ([scripts#809](https://github.com/flatcar/scripts/pull/809))<br>- Restored the reboot warning and delay for non-SSH console sessions ([locksmith#21](https://github.com/flatcar/locksmith/pull/21))<br> <br>#### Changes:<br> <br>- Changed coreos-cloudinit to now set the short hostname instead of the FQDN when fetched from the metadata service ([coreos-cloudinit#19](https://github.com/flatcar/coreos-cloudinit/pull/19))<br> <br>#### Updates:<br><br>- Linux ([5.15.111](https://lwn.net/Articles/931680) (includes [5.15.110](https://lwn.net/Articles/930600), [5.15.109](https://lwn.net/Articles/930263)))<br>- bash ([5.2](https://lists.gnu.org/archive/html/bash-announce/2022-09/msg00000.html))<br>- bpftool ([6.2.1](https://kernelnewbies.org/LinuxChanges#Linux_6.2.Tracing.2C_perf_and_BPF))<br>- c-ares ([1.19.0](https://c-ares.org/changelog.html#1_19_0))<br>- ca-certificates ([3.89.1](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_89_1.html))<br>- containerd ([1.6.21](https://github.com/containerd/containerd/releases/tag/v1.6.21))<br>- curl ([8.0.1](https://curl.se/changes.html#8_0_1))<br>- e2fsprogs ([1.47.0](https://e2fsprogs.sourceforge.net/e2fsprogs-release.html##1.47.0))<br>- gdb ([13.1.90](https://lwn.net/Articles/923819/))<br>- glib ([2.74.6](https://gitlab.gnome.org/GNOME/glib/-/tags/2.74.6))<br>- go ([1.19.9](https://go.dev/doc/devel/release#go1.19.9))<br>- libarchive ([3.6.2](https://github.com/libarchive/libarchive/releases/tag/v3.6.2))<br>- libxml2 ([2.10.4](https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.4))<br>- multipath-tools ([0.9.4](https://github.com/opensvc/multipath-tools/commits/0.9.4))<br>- openSSH ([9.3](http://www.openssh.com/releasenotes.html#9.3))<br>- pinentry ([1.2.1](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=pinentry.git;a=blob;f=NEWS;h=c080b34e57d01a6ccca9d2996d7096c42b1a3f84;hb=8ab1682e80a2b4185ee9ef66cbb44340245966fc))<br>- readline ([8.2](https://lists.gnu.org/archive/html/info-gnu/2022-09/msg00013.html))<br>- runc ([1.1.7](https://github.com/opencontainers/runc/releases/tag/v1.1.7))<br>- sqlite ([3.41.2](https://sqlite.org/releaselog/3_41_2.html))<br>- xz-utils ([5.4.2](https://github.com/tukaani-project/xz/releases/tag/v5.4.2))<br>- SDK: nano ([7.2](https://git.savannah.gnu.org/cgit/nano.git/tree/NEWS?h=v7.2))<br><br>Packages:<br>- containerd 1.6.21<br>- docker 20.10.24<br>- ignition 2.15.0<br>- kernel 5.15.111<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-05-16T10:18:44+00:00 @@ -94,7 +102,7 @@ https://github.com/flatcar/scripts/releases/tag/alpha-3572.0.1 3572.0.1 - 2023-10-25T10:20:34.487004+00:00 + 2023-11-22T09:59:24.244197+00:00 _Changes since **Alpha 3572.0.0**_<br><br>#### Security fixes:<br><br>- nvidia-drivers ([CVE-2022-31607](https://nvd.nist.gov/vuln/detail/CVE-2022-31607), [CVE-2022-31608](https://nvd.nist.gov/vuln/detail/CVE-2022-31608), [CVE-2022-31615](https://nvd.nist.gov/vuln/detail/CVE-2022-31615), [CVE-2022-34665](https://nvd.nist.gov/vuln/detail/CVE-2022-34665), [CVE-2022-34666](https://nvd.nist.gov/vuln/detail/CVE-2022-34666), [CVE-2022-34670](https://nvd.nist.gov/vuln/detail/CVE-2022-34670), [CVE-2022-34673](https://nvd.nist.gov/vuln/detail/CVE-2022-34673), [CVE-2022-34674](https://nvd.nist.gov/vuln/detail/CVE-2022-34674), [CVE-2022-34676](https://nvd.nist.gov/vuln/detail/CVE-2022-34676), [CVE-2022-34677](https://nvd.nist.gov/vuln/detail/CVE-2022-34677), [CVE-2022-34678](https://nvd.nist.gov/vuln/detail/CVE-2022-34678), [CVE-2022-34679](https://nvd.nist.gov/vuln/detail/CVE-2022-34679), [CVE-2022-34680](https://nvd.nist.gov/vuln/detail/CVE-2022-34680), [CVE-2022-34682](https://nvd.nist.gov/vuln/detail/CVE-2022-34682), [CVE-2022-34684](https://nvd.nist.gov/vuln/detail/CVE-2022-34684), [CVE-2022-42254](https://nvd.nist.gov/vuln/detail/CVE-2022-42254), [CVE-2022-42255](https://nvd.nist.gov/vuln/detail/CVE-2022-42255), [CVE-2022-42256](https://nvd.nist.gov/vuln/detail/CVE-2022-42256), [CVE-2022-42257](https://nvd.nist.gov/vuln/detail/CVE-2022-42257), [CVE-2022-42258](https://nvd.nist.gov/vuln/detail/CVE-2022-42258), [CVE-2022-42259](https://nvd.nist.gov/vuln/detail/CVE-2022-42259), [CVE-2022-42260](https://nvd.nist.gov/vuln/detail/CVE-2022-42260), [CVE-2022-42261](https://nvd.nist.gov/vuln/detail/CVE-2022-42261), [CVE-2022-42263](https://nvd.nist.gov/vuln/detail/CVE-2022-42263), [CVE-2022-42264](https://nvd.nist.gov/vuln/detail/CVE-2022-42264), [CVE-2022-42265](https://nvd.nist.gov/vuln/detail/CVE-2022-42265))<br><br>#### Bug fixes:<br>- Fixed the broken emerge-gitclone in the dev-container owing to the missing migration action around the unification of the Flatcar core repositories<br><br>#### Changes:<br>- The package upgrade for nvidia-drivers might result in not supporting a few of the older NVIDIA Tesla GPUs. If you are facing issues, set `NVIDIA_DRIVER_VERSION=460.106.00` in `/etc/flatcar/nvidia-metadata`<br><br>#### Updates:<br><br>- Linux ([5.15.108](https://lwn.net/Articles/929679/) (includes [5.15.107](https://lwn.net/Articles/929015/)))<br>- nvidia-drivers ([525.105.17](https://docs.nvidia.com/datacenter/tesla/tesla-release-notes-525-105-17/index.html))<br><br>Packages:<br>- containerd 1.6.20<br>- docker 20.10.24<br>- ignition 2.15.0<br>- kernel 5.15.108<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-04-25T13:37:07+00:00 @@ -102,7 +110,7 @@ https://github.com/flatcar/scripts/releases/tag/alpha-3572.0.0 3572.0.0 - 2023-10-25T10:20:34.481164+00:00 + 2023-11-22T09:59:24.238319+00:00 _Changes since **Alpha 3549.0.0**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-4269](https://nvd.nist.gov/vuln/detail/CVE-2022-4269), [CVE-2022-4379](https://nvd.nist.gov/vuln/detail/CVE-2022-4379), [CVE-2023-1611](https://nvd.nist.gov/vuln/detail/CVE-2023-1611), [CVE-2023-1670](https://nvd.nist.gov/vuln/detail/CVE-2023-1670), [CVE-2023-1855](https://nvd.nist.gov/vuln/detail/CVE-2023-1855), [CVE-2023-1989](https://nvd.nist.gov/vuln/detail/CVE-2023-1989), [CVE-2023-1990](https://nvd.nist.gov/vuln/detail/CVE-2023-1990), [CVE-2023-28466](https://nvd.nist.gov/vuln/detail/CVE-2023-28466), [CVE-2023-30456](https://nvd.nist.gov/vuln/detail/CVE-2023-30456), [CVE-2023-30772](https://nvd.nist.gov/vuln/detail/CVE-2023-30772))<br>- Docker ([CVE-2023-28840](https://nvd.nist.gov/vuln/detail/CVE-2023-28840), [CVE-2023-28841](https://nvd.nist.gov/vuln/detail/CVE-2023-28841), [CVE-2023-28842](https://nvd.nist.gov/vuln/detail/CVE-2023-28842))<br>- Go ([CVE-2023-24534](https://nvd.nist.gov/vuln/detail/CVE-2023-24534), [CVE-2023-24536](https://nvd.nist.gov/vuln/detail/CVE-2023-24536), [CVE-2023-24537](https://nvd.nist.gov/vuln/detail/CVE-2023-24537), [CVE-2023-24538](https://nvd.nist.gov/vuln/detail/CVE-2023-24538))<br>- runc ([CVE-2023-25809](https://nvd.nist.gov/vuln/detail/CVE-2023-25809), [CVE-2023-27561](https://nvd.nist.gov/vuln/detail/CVE-2023-27561), [CVE-2023-28642](https://nvd.nist.gov/vuln/detail/CVE-2023-28642))<br>- tar ([CVE-2022-48303](https://nvd.nist.gov/vuln/detail/CVE-2022-48303))<br>- vim ([CVE-2023-1127](https://nvd.nist.gov/vuln/detail/CVE-2023-1127), [CVE-2023-1175](https://nvd.nist.gov/vuln/detail/CVE-2023-1175), [CVE-2023-1170](https://nvd.nist.gov/vuln/detail/CVE-2023-1170))<br><br>#### Bug fixes:<br><br>- Ensured that `/var/log/journal/` is created early enough for systemd-journald to persist the logs on first boot ([bootengine#60](https://github.com/flatcar/bootengine/pull/60), [baselayout#29](https://github.com/flatcar/baselayout/pull/29))<br>- Fixed `journalctl --user` permission issue ([Flatcar#989](https://github.com/flatcar/Flatcar/issues/989))<br><br>#### Changes:<br><br>- Improved the OS reset tool to offer preview, backup and restore ([init#94](https://github.com/flatcar/init/pull/94))<br><br>#### Updates:<br><br>- Linux ([5.15.106](https://lwn.net/Articles/928343) (includes [5.15.105](https://lwn.net/Articles/927860), [5.15.104](https://lwn.net/Articles/926873)))<br>- Linux Firmware ([20230404](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20230404))<br>- containerd ([1.6.20](https://github.com/containerd/containerd/releases/tag/v1.6.20))<br>- Docker ([20.10.24](https://docs.docker.com/engine/release-notes/20.10/#201024))<br>- Go ([1.19.8](https://go.dev/doc/devel/release#go1.19.8))<br>- iperf ([3.13](https://github.com/esnet/iperf/blob/3.13/RELNOTES.md))<br>- runc ([1.1.5](https://github.com/opencontainers/runc/releases/tag/v1.1.5))<br>- vim ([9.0.1403](https://github.com/vim/vim/releases/tag/v9.0.1403))<br>- Zstandard ([1.5.4](https://github.com/facebook/zstd/releases/tag/v1.5.4)) (includes [1.5.3](https://github.com/facebook/zstd/releases/tag/v1.5.3), [1.5.2](https://github.com/facebook/zstd/releases/tag/v1.5.2), [1.5.1](https://github.com/facebook/zstd/releases/tag/v1.5.1) and [1.5.0](https://github.com/facebook/zstd/releases/tag/v1.5.0)))<br>- SDK: pahole ([1.24](https://github.com/acmel/dwarves/releases/tag/v1.24))<br>- SDK: Rust ([1.68.2](https://github.com/rust-lang/rust/releases/tag/1.68.2))<br>Packages:<br>- containerd 1.6.20<br>- docker 20.10.24<br>- ignition 2.15.0<br>- kernel 5.15.106<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-04-17T13:17:26+00:00 @@ -110,7 +118,7 @@ https://github.com/flatcar/scripts/releases/tag/alpha-3549.0.0 3549.0.0 - 2023-10-25T10:20:34.474658+00:00 + 2023-11-22T09:59:24.231789+00:00 _Changes since **Alpha 3535.0.0**_<br><br>#### Security fixes:<br><br>- Go ([CVE-2023-24532](https://nvd.nist.gov/vuln/detail/CVE-2023-24532))<br>- GnuTLS ([CVE-2023-0361](https://nvd.nist.gov/vuln/detail/CVE-2023-0361))<br>- curl ([CVE-2023-23914](https://nvd.nist.gov/vuln/detail/CVE-2023-23914), [CVE-2023-23915](https://nvd.nist.gov/vuln/detail/CVE-2023-23915), [CVE-2023-23916](https://nvd.nist.gov/vuln/detail/CVE-2023-23916))<br>- git ([CVE-2023-22490](https://nvd.nist.gov/vuln/detail/CVE-2023-22490), [CVE-2023-23946](https://nvd.nist.gov/vuln/detail/CVE-2023-23946))<br>- pkgconf ([CVE-2023-24056](https://nvd.nist.gov/vuln/detail/CVE-2023-24056))<br>- python ([CVE-2023-24329](https://nvd.nist.gov/vuln/detail/CVE-2023-24329))<br>- vim ([CVE-2023-0288](https://nvd.nist.gov/vuln/detail/CVE-2023-0288), [CVE-2023-0433](https://nvd.nist.gov/vuln/detail/CVE-2023-0433))<br><br>#### Bug fixes:<br><br>- Restored the support to specify OEM partition files in Ignition when `/usr/share/oem` is given as initrd mount point ([bootengine#58](https://github.com/flatcar/bootengine/pull/58))<br><br>#### Changes:<br><br>- Added `pigz` to the image, a parallel gzip implementation, which is useful to speed up the (de)compression for large container image imports/exports ([coreos-overlay#2504](https://github.com/flatcar/coreos-overlay/pull/2504))<br>- Added new image signing pub key to `flatcar-install`, needed for download verification of releases built from July 2023 onwards, if you have copies of `flatcar-install` or the image signing pub key, you need to update them as well ([init#92](https://github.com/flatcar/init/pull/92))<br>- Enabled elfutils support in systemd-coredump. A backtrace will now appear in the journal for any program that dumps core ([coreos-overlay#2489](https://github.com/flatcar/coreos-overlay/pull/2489))<br>- Specifying the OEM filesystem in Ignition to write files to `/usr/share/oem` is not needed anymore ([bootengine#58](https://github.com/flatcar/bootengine/pull/58))<br> <br>#### Updates:<br> <br>- Go ([1.19.7](https://go.dev/doc/devel/release#go1.19.7))<br>- Linux ([5.15.103](https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tag/?h=v5.15.103) (includes [5.15.102](https://lwn.net/Articles/925991), [5.15.101](https://lwn.net/Articles/925939), [5.15.100](https://lwn.net/Articles/925913), [5.15.99](https://lwn.net/Articles/925844)))<br>- Linux Firmware ([20230310](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20230310))<br>- Rust ([1.68.0](https://github.com/rust-lang/rust/releases/tag/1.68.0))<br>- ca-certificates ([3.89](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_89.html))<br>- open-vm-tools ([12.2.0](https://github.com/vmware/open-vm-tools/releases/tag/stable-12.2.0))<br>- GLib ([2.74.5](https://gitlab.gnome.org/GNOME/glib/-/tags/2.74.5))<br>- GnuTLS ([3.8.0](https://gitlab.com/gnutls/gnutls/-/blob/3.8.0/NEWS))<br>- SDK: portage ([3.0.44](https://gitweb.gentoo.org/proj/portage.git/tree/NEWS?h=portage-3.0.44))<br>- SDK: python ([3.10.10](https://docs.python.org/3.10/whatsnew/changelog.html#python-3-10-10-final))<br>- bind tools ([9.16.37](https://bind9.readthedocs.io/en/v9_16_37/notes.html#notes-for-bind-9-16-37))<br>- curl ([7.88.1](https://curl.se/changes.html#7_88_1) (includes [7.88.0](https://curl.se/changes.html#7_88_0)))<br>- diffutils ([3.9](https://savannah.gnu.org/forum/forum.php?forum_id=10282))<br>- gcc ([12.2.1](https://gcc.gnu.org/gcc-12/changes.html))<br>- git ([2.39.2](https://github.com/git/git/blob/v2.39.2/Documentation/RelNotes/2.39.2.txt))<br>- libpcap ([1.10.3](https://git.tcpdump.org/libpcap/blob/refs/tags/libpcap-1.10.3:/CHANGES) (includes [1.10.2](https://git.tcpdump.org/libpcap/blob/refs/tags/libpcap-1.10.2:/CHANGES)))<br>- qemu guest agent ([7.1.0](https://wiki.qemu.org/ChangeLog/7.1#Guest_agent))<br>- socat ([1.7.4.4](https://repo.or.cz/socat.git/blob/refs/tags/tag-1.7.4.4:/CHANGES))<br>- traceroute (2.1.1)<br>- vim ([9.0.1363](https://github.com/vim/vim/releases/tag/v9.0.1363))<br>Packages:<br>- containerd 1.6.19<br>- docker 20.10.23<br>- ignition 2.15.0<br>- kernel 5.15.103<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-03-21T11:30:17+00:00 @@ -118,7 +126,7 @@ https://github.com/flatcar/scripts/releases/tag/alpha-3535.0.0 3535.0.0 - 2023-10-25T10:20:34.467664+00:00 + 2023-11-22T09:59:24.224720+00:00 _Changes since **Alpha 3510.0.0**_<br> <br>#### Security fixes:<br> <br> - Linux ([CVE-2022-2196](https://nvd.nist.gov/vuln/detail/CVE-2022-2196), [CVE-2022-27672](https://nvd.nist.gov/vuln/detail/CVE-2022-27672), [CVE-2022-3707](https://nvd.nist.gov/vuln/detail/CVE-2022-3707), [CVE-2023-1078](https://nvd.nist.gov/vuln/detail/CVE-2023-1078), [CVE-2023-26545](https://nvd.nist.gov/vuln/detail/CVE-2023-26545))<br> - Go ([CVE-2022-41723](https://nvd.nist.gov/vuln/detail/CVE-2022-41723), [CVE-2022-41724](https://nvd.nist.gov/vuln/detail/CVE-2022-41724), [CVE-2022-41725](https://nvd.nist.gov/vuln/detail/CVE-2022-41725))<br> - OpenSSH ([CVE-2023-25136](https://nvd.nist.gov/vuln/detail/CVE-2023-25136))<br> - OpenSSL ([CVE-2022-4203](https://nvd.nist.gov/vuln/detail/CVE-2022-4203), [CVE-2022-4304](https://nvd.nist.gov/vuln/detail/CVE-2022-4304), [CVE-2022-4450](https://nvd.nist.gov/vuln/detail/CVE-2022-4450), [CVE-2023-0215](https://nvd.nist.gov/vuln/detail/CVE-2023-0215), [CVE-2023-0216](https://nvd.nist.gov/vuln/detail/CVE-2023-0216), [CVE-2023-0217](https://nvd.nist.gov/vuln/detail/CVE-2023-0217), [CVE-2023-0286](https://nvd.nist.gov/vuln/detail/CVE-2023-0286), [CVE-2023-0401](https://nvd.nist.gov/vuln/detail/CVE-2023-0401))<br> - containerd ([CVE-2023-25153](https://nvd.nist.gov/vuln/detail/CVE-2023-25153), [CVE-2023-25173](https://nvd.nist.gov/vuln/detail/CVE-2023-25173))<br> - e2fsprogs ([CVE-2022-1304](https://nvd.nist.gov/vuln/detail/CVE-2022-1304))<br> - intel-microcode ([CVE-2022-21216](https://nvd.nist.gov/vuln/detail/CVE-2022-21216), [CVE-2022-33196](https://nvd.nist.gov/vuln/detail/CVE-2022-33196), [CVE-2022-38090](https://nvd.nist.gov/vuln/detail/CVE-2022-38090))<br> - less ([CVE-2022-46663](https://nvd.nist.gov/vuln/detail/CVE-2022-46663))<br> - torcx ([CVE-2022-32149](https://nvd.nist.gov/vuln/detail/CVE-2022-32149))<br> - SDK: dnsmasq ([CVE-2022-0934](https://nvd.nist.gov/vuln/detail/CVE-2022-0934))<br> <br> #### Bug fixes:<br> <br> - Excluded the special Kubernetes network interfaces `nodelocaldns` and `kube-ipvs0` from being managed with systemd-networkd which interfered with the setup ([init#89](https://github.com/flatcar/init/pull/89)).<br> <br> #### Changes:<br> <br> - Added a new `flatcar-reset` tool and boot logic for selective OS resets to reconfigure the system with Ignition while avoiding config drift ([bootengine#55](https://github.com/flatcar/bootengine/pull/55), [init#91](https://github.com/flatcar/init/pull/91))<br> - On boot any files in `/etc` that are the same as provided by the booted `/usr/share/flatcar/etc` default for the overlay mount on `/etc` are deleted to ensure that future updates of `/usr/share/flatcar/etc` are propagated - to opt out create `/etc/.no-dup-update` in case you want to keep an unmodified config file as is or because you fear that a future Flatcar version may use the same file as you at which point your copy is cleaned up and any other future Flatcar changes would be applied ([bootengine#54](https://github.com/flatcar/bootengine/pull/54))<br> - Switched systemd log reporting to the combined format of both unit description, as before, and now the unit name to easily find the unit ([coreos-overlay#2436](https://github.com/flatcar/coreos-overlay/pull/2436))<br> - `/etc` is now set up as overlayfs with the original `/etc` folder being the store for changed files/directories and `/usr/share/flatcar/etc` providing the lower default directory tree ([bootengine#53](https://github.com/flatcar/bootengine/pull/53), [scripts#666](https://github.com/flatcar/scripts/pull/666))<br> <br> #### Updates:<br> <br> - Linux ([5.15.98](https://lwn.net/Articles/925080) (includes [5.15.97](https://lwn.net/Articles/925064), [5.15.96](https://lwn.net/Articles/924441), [5.15.95](https://lwn.net/Articles/924073), [5.15.94](https://lwn.net/Articles/923308), [5.15.93](https://lwn.net/Articles/922814)))<br> - Go ([1.19.6](https://go.dev/doc/devel/release#go1.19.6))<br> - Linux Firmware ([20230210](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20230210))<br> - OpenSSH ([9.2](http://www.openssh.com/releasenotes.html#9.2))<br> - OpenSSL ([3.0.8](https://github.com/openssl/openssl/blob/openssl-3.0.8/NEWS.md#major-changes-between-openssl-307-and-openssl-308-7-feb-2023))<br> - btrfs-progs ([6.0.2](https://btrfs.readthedocs.io/en/latest/CHANGES.html#btrfs-progs-6-0-2-2022-11-24), includes [6.0](https://btrfs.readthedocs.io/en/latest/CHANGES.html#btrfs-progs-6-0-2022-10-11))<br> - containerd ([1.6.19](https://github.com/containerd/containerd/releases/tag/v1.6.19) (includes [1.6.18](https://github.com/containerd/containerd/releases/tag/v1.6.18)))<br> - e2fsprogs ([1.46.6](https://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.46.6))<br> - findutils ([4.9.0](https://lists.gnu.org/archive/html/info-gnu/2022-02/msg00003.html))<br> - ignition ([2.15.0](https://coreos.github.io/ignition/release-notes/#ignition-2150-2023-02-21))<br> - intel-microcode ([20230214](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230214))<br> - iputils ([20221126](https://github.com/iputils/iputils/releases/tag/20221126))<br> - less ([608](http://www.greenwoodsoftware.com/less/news.608.html))<br> - libpcre2 ([10.42](https://github.com/PCRE2Project/pcre2/blob/pcre2-10.42/NEWS))<br> - strace ([6.1](https://github.com/strace/strace/releases/tag/v6.1))<br> - SDK: cmake ([3.25.2](https://cmake.org/cmake/help/v3.25/release/3.25.html))<br> - SDK: dnsmasq ([2.89](https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2023q1/016859.html))<br> - SDK: python ([3.10.9](https://docs.python.org/3.10/whatsnew/changelog.html#python-3-10-9-final) (includes [3.10](https://www.python.org/downloads/release/python-3100/)))<br> - SDK: Rust ([1.67.1](https://github.com/rust-lang/rust/releases/tag/1.67.1))<br>Packages:<br>- containerd 1.6.19<br>- docker 20.10.23<br>- ignition 2.15.0<br>- kernel 5.15.98<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-03-07T15:22:31+00:00 @@ -126,7 +134,7 @@ https://github.com/flatcar/scripts/releases/tag/alpha-3510.0.0 3510.0.0 - 2023-10-25T10:20:34.459328+00:00 + 2023-11-22T09:59:24.216401+00:00 _Changes since **Alpha 3493.0.0**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-4842](https://nvd.nist.gov/vuln/detail/CVE-2022-4842))<br>- curl ([CVE-2022-43551](https://nvd.nist.gov/vuln/detail/CVE-2022-43551), [CVE-2022-43552](https://nvd.nist.gov/vuln/detail/CVE-2022-43552))<br>- sudo ([CVE-2023-22809](https://nvd.nist.gov/vuln/detail/CVE-2023-22809))<br>- vim ([CVE-2023-0049](https://nvd.nist.gov/vuln/detail/CVE-2023-0049), [CVE-2023-0051](https://nvd.nist.gov/vuln/detail/CVE-2023-0051), [CVE-2023-0054](https://nvd.nist.gov/vuln/detail/CVE-2023-0054))<br>- SDK: qemu ([CVE-2022-4172](https://nvd.nist.gov/vuln/detail/CVE-2022-4172))<br><br>#### Bug fixes:<br><br><br>#### Changes:<br><br><br>#### Updates:<br><br>- Linux ([5.15.92](https://lwn.net/Articles/922340) (includes [5.15.91](https://lwn.net/Articles/921851), [5.15.90](https://lwn.net/Articles/921029)))<br>- bind tools ([9.16.36](https://bind9.readthedocs.io/en/v9_16_36/notes.html#notes-for-bind-9-16-36) (includes [9.16.34](https://bind9.readthedocs.io/en/v9_16_35/notes.html#notes-for-bind-9-16-34) and [9.16.35](https://bind9.readthedocs.io/en/v9_16_34/notes.html#notes-for-bind-9-16-35)))<br>- bpftool ([5.19.12](https://lwn.net/Articles/909678/))<br>- containerd ([1.6.16](https://github.com/containerd/containerd/releases/tag/v1.6.16))<br>- cri-tools ([1.24.2](https://github.com/kubernetes-sigs/cri-tools/releases/tag/v1.24.2))<br>- curl ([7.87.0](https://curl.se/changes.html#7_87_0))<br>- Docker ([20.10.23](https://docs.docker.com/engine/release-notes/20.10/#201023))<br>- git ([2.39.1](https://github.com/git/git/blob/v2.39.1/Documentation/RelNotes/2.39.1.txt) (includes [2.39.0](https://github.com/git/git/blob/v2.39.0/Documentation/RelNotes/2.39.0.txt)))<br>- iptables ([1.8.8](https://www.netfilter.org/projects/iptables/files/changes-iptables-1.8.8.txt))<br>- sudo ([1.9.12_p2](https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_12p2))<br>- systemd ([252.5](https://github.com/systemd/systemd-stable/releases/tag/v252.5) (includes [252](https://github.com/systemd/systemd/releases/tag/v252)))<br>- XZ utils ([5.4.1](https://github.com/tukaani-project/xz/releases/tag/v5.4.1) (includes [5.4.0](https://github.com/tukaani-project/xz/releases/tag/v5.4.0)))<br>- vim ([9.0.1157](https://github.com/vim/vim/releases/tag/v9.0.1157))<br>- SDK: boost ([1.81.0](https://www.boost.org/users/history/version_1_81_0.html))<br>- SDK: file ([5.44](https://github.com/file/file/blob/FILE5_44/ChangeLog))<br>- SDK: portage ([3.0.43](https://github.com/gentoo/portage/blob/portage-3.0.43/NEWS) (includes [3.0.42](https://github.com/gentoo/portage/blob/portage-3.0.42/NEWS)))<br>- SDK: qemu ([7.2.0](https://wiki.qemu.org/ChangeLog/7.2))<br>- SDK: Rust ([1.67.0](https://github.com/rust-lang/rust/releases/tag/1.67.0))<br><br>Packages:<br>- containerd 1.6.16<br>- docker 20.10.23<br>- ignition 2.14.0<br>- kernel 5.15.92<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-02-16T13:25:23+00:00 @@ -134,7 +142,7 @@ https://github.com/flatcar/scripts/releases/tag/alpha-3493.0.0 3493.0.0 - 2023-10-25T10:20:34.453343+00:00 + 2023-11-22T09:59:24.210357+00:00 _Changes since **Alpha 3480.0.0**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-36280](https://nvd.nist.gov/vuln/detail/CVE-2022-36280), [CVE-2022-41218](https://nvd.nist.gov/vuln/detail/CVE-2022-41218), [CVE-2022-47929](https://nvd.nist.gov/vuln/detail/CVE-2022-47929), [CVE-2023-0210](https://nvd.nist.gov/vuln/detail/CVE-2023-0210), [CVE-2023-0266](https://nvd.nist.gov/vuln/detail/CVE-2023-0266), [CVE-2023-0394](https://nvd.nist.gov/vuln/detail/CVE-2023-0394), [CVE-2023-23454](https://nvd.nist.gov/vuln/detail/CVE-2023-23454), [CVE-2023-23455](https://nvd.nist.gov/vuln/detail/CVE-2023-23455))<br>- git ([CVE-2022-23521](https://nvd.nist.gov/vuln/detail/CVE-2022-23521), [CVE-2022-41903](https://nvd.nist.gov/vuln/detail/CVE-2022-41903))<br>- glib ([fixes to normal form handling in GVariant](https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835))<br>- vim ([CVE-2022-3491](https://nvd.nist.gov/vuln/detail/CVE-2022-3491), [CVE-2022-3520](https://nvd.nist.gov/vuln/detail/CVE-2022-3520), [CVE-2022-3591](https://nvd.nist.gov/vuln/detail/CVE-2022-3591), [CVE-2022-4141](https://nvd.nist.gov/vuln/detail/CVE-2022-4141), [CVE-2022-4292](https://nvd.nist.gov/vuln/detail/CVE-2022-4292), [CVE-2022-4293](https://nvd.nist.gov/vuln/detail/CVE-2022-4293))<br>- SDK: qemu ([CVE-2020-14394](https://nvd.nist.gov/vuln/detail/CVE-2020-14394), [CVE-2022-0216](https://nvd.nist.gov/vuln/detail/CVE-2022-0216), [CVE-2022-3872](https://nvd.nist.gov/vuln/detail/CVE-2022-3872))<br>- SDK: Rust ([CVE-2022-46176](https://nvd.nist.gov/vuln/detail/CVE-2022-46176))<br><br>#### Bug fixes:<br><br>- Fixed a regression (in Alpha/Beta) where machines failed to boot if they didn't have the `core` user or group in `/etc/passwd` or `/etc/group` ([baselayout#26](https://github.com/flatcar/baselayout/pull/26))<br><br>#### Changes:<br><br><br>#### Updates:<br><br>- Linux ([5.15.89](https://lwn.net/Articles/920321) (includes [5.15.88](https://lwn.net/Articles/920012), [5.15.87](https://lwn.net/Articles/919793)))<br>- Linux Firmware ([20230117](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20230117))<br>- Go ([1.19.5](https://go.dev/doc/devel/release#go1.19.5), [1.18.10](https://go.dev/doc/devel/release#go1.18.10))<br>- adcli ([0.9.2](https://gitlab.freedesktop.org/realmd/adcli/-/commits/8e88e3590a19006362ea8b8dfdc18bb88b3cb3b5/))<br>- binutils ([2.39](https://sourceware.org/pipermail/binutils/2022-August/122246.html))<br>- elfutils ([0.188](https://sourceware.org/pipermail/elfutils-devel/2022q4/005561.html) (includes [0.187](https://sourceware.org/pipermail/elfutils-devel/2022q2/004978.html)))<br>- file ([5.43](https://mailman.astron.com/pipermail/file/2022-September/000857.html))<br>- gawk ([5.2.1](https://lists.gnu.org/archive/html/help-gawk/2022-11/msg00008.html) (contains [5.2.0](https://lists.gnu.org/archive/html/help-gawk/2022-09/msg00000.html)))<br>- git ([2.38.3](https://github.com/git/git/blob/v2.38.3/Documentation/RelNotes/2.38.3.txt))<br>- glib ([2.74.4](https://gitlab.gnome.org/GNOME/glib/-/tags/2.74.4))<br>- I2C tools ([4.3](https://git.kernel.org/pub/scm/utils/i2c-tools/i2c-tools.git/tree/CHANGES?id=d8bc1f1ff4b00a6bd988aa114100ae9b787f50d8))<br>- Intel Microcode Package ([20221108](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20221108))<br>- libcap-ng ([0.8.3](https://people.redhat.com/sgrubb/libcap-ng/ChangeLog))<br>- libseccomp ([2.5.4](https://github.com/seccomp/libseccomp/releases/tag/v2.5.4) (contains [2.5.2](https://github.com/seccomp/libseccomp/releases/tag/v2.5.2), [2.5.3](https://github.com/seccomp/libseccomp/releases/tag/v2.5.3)))<br>- nettle ([3.8.1](https://git.lysator.liu.se/nettle/nettle/-/blob/990abad16ceacd070747dcc76ed16a39c129321e/ChangeLog))<br>- rsync ([3.2.7](https://download.samba.org/pub/rsync/NEWS#3.2.7))<br>- shadow ([4.13](https://github.com/shadow-maint/shadow/releases/tag/4.13))<br>- sqlite ([3.40.1](https://www.sqlite.org/releaselog/3_40_1.html) (contains [3.40.0](https://www.sqlite.org/releaselog/3_40_0.html)))<br>- vim ([9.0.1000](https://github.com/vim/vim/releases/tag/v9.0.1000))<br>- XZ utils ([5.2.10](https://git.tukaani.org/?p=xz.git;a=blob;f=NEWS;h=d92fa88a835180af5d6ff22ad0e240d6468f81af;hb=f7c2cc55618b9af3318f0c908cf8db0df1e28e7c))<br>- Azure: python-oem ([3.9.16](https://www.python.org/downloads/release/python-3916/))<br>- SDK: libpng ([1.6.39](http://www.libpng.org/pub/png/src/libpng-1.6.39-README.txt) (includes [1.6.38](http://www.libpng.org/pub/png/src/libpng-1.6.38-README.txt)))<br>- SDK: perl ([5.36.0](https://perldoc.perl.org/5.36.0/perldelta))<br>- SDK: portage ([3.0.41](https://gitweb.gentoo.org/proj/portage.git/tree/NEWS?h=portage-3.0.41))<br>- SDK: qemu ([7.1.0](https://wiki.qemu.org/ChangeLog/7.1))<br>- SDK: Rust ([1.66.1](https://github.com/rust-lang/rust/releases/tag/1.66.1))<br><br>Packages:<br>- containerd 1.6.15<br>- docker 20.10.22<br>- ignition 2.14.0<br>- kernel 5.15.89<br>- systemd 251<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-01-24T13:17:19+00:00 @@ -142,7 +150,7 @@ https://github.com/flatcar/scripts/releases/tag/alpha-3480.0.0 3480.0.0 - 2023-10-25T10:20:34.446079+00:00 + 2023-11-22T09:59:24.203046+00:00 _Changes since **Alpha 3446.0.0**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-3424](https://nvd.nist.gov/vuln/detail/CVE-2022-3424), [CVE-2022-3534](https://nvd.nist.gov/vuln/detail/CVE-2022-3534), [CVE-2022-3545](https://nvd.nist.gov/vuln/detail/CVE-2022-3545), [CVE-2022-3643](https://nvd.nist.gov/vuln/detail/CVE-2022-3643), [CVE-2022-4378](https://nvd.nist.gov/vuln/detail/CVE-2022-4378), [CVE-2022-45869](https://nvd.nist.gov/vuln/detail/CVE-2022-45869), [CVE-2022-45934](https://nvd.nist.gov/vuln/detail/CVE-2022-45934))<br>- Go ([CVE-2022-41717](https://nvd.nist.gov/vuln/detail/CVE-2022-41717))<br>- containerd ([CVE-2022-23471](https://nvd.nist.gov/vuln/detail/CVE-2022-23471))<br>- systemd ([CVE-2022-3821](https://nvd.nist.gov/vuln/detail/CVE-2022-3821), [CVE-2022-4415](https://nvd.nist.gov/vuln/detail/CVE-2022-4415))<br>- Python ([CVE-2015-20107](https://nvd.nist.gov/vuln/detail/CVE-2015-20107), [CVE-2020-10735](https://nvd.nist.gov/vuln/detail/CVE-2020-10735), [CVE-2021-3654](https://nvd.nist.gov/vuln/detail/CVE-2021-3654), [CVE-2022-37454](https://nvd.nist.gov/vuln/detail/CVE-2022-37454), [CVE-2022-42919](https://nvd.nist.gov/vuln/detail/CVE-2022-42919), [CVE-2022-45061](https://nvd.nist.gov/vuln/detail/CVE-2022-45061))<br>- libarchive ([CVE-2022-36227](https://nvd.nist.gov/vuln/detail/CVE-2022-36227))<br>- libksba ([CVE-2022-47629](https://nvd.nist.gov/vuln/detail/CVE-2022-47629))<br><br>#### Bug fixes:<br><br>- Added back Ignition support for Vagrant ([coreos-overlay#2351](https://github.com/flatcar/coreos-overlay/pull/2351))<br>- The rootfs setup in the initrd now runs systemd-tmpfiles on every boot, not only when Ignition runs, to fix a dbus failure due to missing files ([Flatcar#944](https://github.com/flatcar/Flatcar/issues/944))<br><br><br>#### Updates:<br><br>- Linux ([5.15.86](https://lwn.net/Articles/918808) (includes [5.15.85](https://lwn.net/Articles/918329), [5.15.84](https://lwn.net/Articles/918206), [5.15.83](https://lwn.net/Articles/917896), [5.15.82](https://lwn.net/Articles/917400)))<br>- Linux Firmware ([20221214](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20221214))<br>- Docker ([20.10.22](https://docs.docker.com/engine/release-notes/#201022))<br>- GNU C Library ([2.36](https://sourceware.org/pipermail/libc-alpha/2022-August/141193.html))<br>- Go ([1.19.4](https://go.dev/doc/devel/release#go1.19.4))<br>- Rust ([1.66.0](https://github.com/rust-lang/rust/releases/tag/1.66.0))<br>- ca-certificates ([3.87](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_87.html))<br>- containerd ([1.6.15](https://github.com/containerd/containerd/releases/tag/v1.6.15))<br>- systemd ([251.10](https://github.com/systemd/systemd-stable/commits/v251.10) (includes [251](https://github.com/systemd/systemd/releases/tag/v251)))<br>- MIT Kerberos V ([1.20.1](https://web.mit.edu/kerberos/krb5-1.20/krb5-1.20.1.html))<br>- XZ utils ([5.2.9](https://git.tukaani.org/?p=xz.git;a=blob;f=NEWS;h=ebb303084403445088ec97dfedf0461a6e5b5077;hb=d8a898eb9974683bc725c49ec76722f9a8758f48))<br>- libksba ([1.6.3](https://dev.gnupg.org/T6304))<br><br>Packages:<br>- containerd 1.6.15<br>- docker 20.10.22<br>- ignition 2.14.0<br>- kernel 5.15.86<br>- systemd 251<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-01-11T13:33:59+00:00 @@ -150,7 +158,7 @@ https://github.com/flatcar/scripts/releases/tag/alpha-3446.0.0 3446.0.0 - 2023-10-25T10:20:34.439884+00:00 + 2023-11-22T09:59:24.196784+00:00 _Changes since **Alpha 3432.0.0**_<br> <br>#### Security fixes:<br> <br>- Linux ([CVE-2022-3169](https://nvd.nist.gov/vuln/detail/CVE-2022-3169), [CVE-2022-3521](https://nvd.nist.gov/vuln/detail/CVE-2022-3521))<br>- sudo ([CVE-2022-43995](https://nvd.nist.gov/vuln/detail/CVE-2022-43995))<br> <br>#### Bug fixes:<br> <br>- Fix "ext4 deadlock under heavy I/O load" kernel issue. The patch for this is included provisionally while we wait for it to be merged upstream ([Flatcar#847](https://github.com/flatcar/Flatcar/issues/847), [coreos-overlay#2315](https://github.com/flatcar/coreos-overlay/pull/2315))<br> <br>#### Updates:<br> <br>- Linux ([5.15.81](https://lwn.net/Articles/916763) (includes [5.15.80](https://lwn.net/Articles/916003)))<br>- gettext ([0.21.1](https://git.savannah.gnu.org/gitweb/?p=gettext.git;a=blob;f=NEWS;h=cdbb16746c23555e70bb1e16917f5c349ce92d9e;hb=8b38ee827251cadbb90cb6cb576ae98702566288))<br>- GnuTLS ([3.7.8](https://lists.gnupg.org/pipermail/gnutls-help/2022-September/004765.html))<br>- sudo ([1.9.12_p1](https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_12p1))<br>- XZ utils ([5.2.8](https://git.tukaani.org/?p=xz.git;a=blob;f=NEWS;h=c244b42a6771a6e8af206318dfc500d78929fd6f;hb=5476089d9c42b9b04e92b80e1800b384a98265cb))<br>- VMware: open-vm-tools ([12.1.5](https://github.com/vmware/open-vm-tools/releases/tag/stable-12.1.5))<br>Packages:<br>- containerd 1.6.10<br>- docker 20.10.21<br>- ignition 2.14.0<br>- kernel 5.15.81<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-12-09T09:48:16+00:00 @@ -158,7 +166,7 @@ https://github.com/flatcar/scripts/releases/tag/alpha-3432.0.0 3432.0.0 - 2023-10-25T10:20:34.434741+00:00 + 2023-11-22T09:59:24.191532+00:00 _Changes since **Alpha 3417.0.0**_<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2022-3543](https://nvd.nist.gov/vuln/detail/CVE-2022-3543), [CVE-2022-3564](https://nvd.nist.gov/vuln/detail/CVE-2022-3564), [CVE-2022-3619](https://nvd.nist.gov/vuln/detail/CVE-2022-3619), [CVE-2022-3623](https://nvd.nist.gov/vuln/detail/CVE-2022-3623), [CVE-2022-3628](https://nvd.nist.gov/vuln/detail/CVE-2022-3628), [CVE-2022-42895](https://nvd.nist.gov/vuln/detail/CVE-2022-42895), [CVE-2022-42896](https://nvd.nist.gov/vuln/detail/CVE-2022-42896))<br> - cpio ([CVE-2021-38185](https://nvd.nist.gov/vuln/detail/CVE-2021-38185))<br> - curl ([CVE-2022-32221](https://nvd.nist.gov/vuln/detail/CVE-2022-32221), [CVE-2022-35260](https://nvd.nist.gov/vuln/detail/CVE-2022-32221), [CVE-2022-42915](https://nvd.nist.gov/vuln/detail/CVE-2022-32221), [CVE-2022-42916](https://nvd.nist.gov/vuln/detail/CVE-2022-32221))<br> - expat ([CVE-2022-43680](https://nvd.nist.gov/vuln/detail/CVE-2022-43680))<br> - libksba ([CVE-2022-3515](https://nvd.nist.gov/vuln/detail/CVE-2022-3515))<br> - vim ([CVE-2022-3705](https://nvd.nist.gov/vuln/detail/CVE-2022-3705))<br> <br> #### Bug fixes:<br> <br> - Added support for hardware security keys in update-ssh-keys ([update-ssh-keys#7](https://github.com/flatcar/update-ssh-keys/pull/7))<br> - Fixed Ignition btrfs forced formatting for OEM partition ([coreos-overlay#2277](https://github.com/flatcar/coreos-overlay/pull/2277))<br> <br> #### Updates:<br> <br> - Linux ([5.15.79](https://lwn.net/Articles/915100) (includes [5.15.78](https://lwn.net/Articles/914423)))<br> - Linux Firmware ([20221109](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20221109))<br> - ca-certificates ([3.85](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_85.html))<br> - containerd ([1.6.10](https://github.com/containerd/containerd/releases/tag/v1.6.10))<br> - Expat ([2.5.0](https://github.com/libexpat/libexpat/blob/R_2_5_0/expat/Changes))<br> - cpio ([2.13](https://lists.gnu.org/archive/html/bug-cpio/2019-11/msg00000.html))<br> - curl ([7.86](https://curl.se/changes.html#7_86_0))<br> - glib ([2.74.1](https://gitlab.gnome.org/GNOME/glib/-/tags/2.74.1))<br> - libcap ([2.66](https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.d9ygdose5kw))<br> - libksba ([1.6.2](https://dev.gnupg.org/T6230))<br> - openssh ([9.1](http://www.openssh.com/releasenotes.html#9.1))<br> - sqlite ([3.39.4](https://sqlite.org/releaselog/3_39_4.html))<br> - vim ([9.0.0828](https://github.com/vim/vim/releases/tag/v9.0.0828))<br> - whois ([5.5.14](https://github.com/rfc1036/whois/commit/ab10466cf2e1ec4887f6a44375c3e29c1720157f))<br> - XZ utils ([5.2.7](https://git.tukaani.org/?p=xz.git;a=blob;f=NEWS;h=0205423e79ce8297102096b0fc8b030ddf5b2023;hb=d24a57b7fc7e5e9267b84367cb0788d3acf7f569))<br> - SDK: Rust ([1.65.0](https://github.com/rust-lang/rust/releases/tag/1.65.0))<br>Packages:<br>- containerd 1.6.10<br>- docker 20.10.21<br>- ignition 2.14.0<br>- kernel 5.15.79<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-11-24T15:10:03+00:00 @@ -166,7 +174,7 @@ https://github.com/flatcar/scripts/releases/tag/alpha-3417.0.0 3417.0.0 - 2023-10-25T10:20:34.428547+00:00 + 2023-11-22T09:59:24.185319+00:00 _Changes since **Alpha 3402.0.1**_<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2022-2602](https://nvd.nist.gov/vuln/detail/CVE-2022-2602), [CVE-2022-3535](https://nvd.nist.gov/vuln/detail/CVE-2022-3535), [CVE-2022-3542](https://nvd.nist.gov/vuln/detail/CVE-2022-3542), [CVE-2022-3565](https://nvd.nist.gov/vuln/detail/CVE-2022-3565), [CVE-2022-3594](https://nvd.nist.gov/vuln/detail/CVE-2022-3594))<br> - git ([CVE-2022-39253](https://nvd.nist.gov/vuln/detail/CVE-2022-39253), [CVE-2022-39260](https://nvd.nist.gov/vuln/detail/CVE-2022-39260))<br> - multipath-tools ([CVE-2022-41973](https://nvd.nist.gov/vuln/detail/CVE-2022-41973), [CVE-2022-41974](https://nvd.nist.gov/vuln/detail/CVE-2022-41974))<br> <br> <br> #### Changes:<br> <br> - Toolbox now uses containerd to download and mount the image ([toolbox#7](https://github.com/flatcar/toolbox/pull/7))<br> <br> #### Updates:<br> <br> - Linux ([5.15.77](https://lwn.net/Articles/913681) (includes [5.15.76](https://lwn.net/Articles/912997), [5.15.75](https://lwn.net/Articles/912500)))<br> - Docker ([20.10.21](https://docs.docker.com/engine/release-notes/#201021))<br> - Go ([1.19.3](https://go.dev/doc/devel/release#go1.19.3))<br> - OpenSSL ([3.0.7](https://www.openssl.org/news/openssl-3.0-notes.html))<br> - containerd ([1.6.9](https://github.com/containerd/containerd/releases/tag/v1.6.9))<br> - glibc ([2.35](https://savannah.gnu.org/forum/forum.php?forum_id=10111))<br> - bpftool ([5.19.8](https://lwn.net/Articles/907523/))<br> - git ([2.37.4](https://github.com/git/git/blob/master/Documentation/RelNotes/2.37.4.txt))<br> - iputils ([20211215](https://github.com/iputils/iputils/releases/tag/20211215))<br> - libcap ([2.65](https://sites.google.com/site/fullycapable/release-notes-for-libcap?authuser=0#h.wfblevfzkj0))<br> - multipath-tools ([0.9.3](https://github.com/opensvc/multipath-tools/releases/tag/0.9.3)<br> - wget ([1.21.3](https://lists.gnu.org/archive/html/info-gnu/2022-02/msg00017.html))<br> - whois ([5.5.13](https://github.com/rfc1036/whois/blob/v5.5.13/debian/changelog))<br> - xz-utils ([5.2.6](https://git.tukaani.org/?p=xz.git;a=blob;f=NEWS;h=4c79b18ff26a1c479a920b21f07d050599c04c9e;hb=8dfed05bdaa4873833ba24279f02ad2db25effea))<br><br>Packages:<br>- containerd 1.6.9<br>- docker 20.10.21<br>- ignition 2.14.0<br>- kernel 5.15.77<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-11-09T12:52:02+00:00 @@ -174,7 +182,7 @@ https://github.com/flatcar/scripts/releases/tag/alpha-3402.0.1 3402.0.1 - 2023-10-25T10:20:34.422875+00:00 + 2023-11-22T09:59:24.179603+00:00 _Changes since **Alpha 3402.0.0**_<br><br>#### Security fixes:<br>- OpenSSL ([CVE-2022-3602](https://nvd.nist.gov/vuln/detail/CVE-2022-3602), [CVE-2022-3786](https://nvd.nist.gov/vuln/detail/CVE-2022-3786))<br><br>Packages:<br>- containerd 1.6.8<br>- docker 20.10.20<br>- ignition 2.14.0<br>- kernel 5.15.74<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-11-01T13:16:15+00:00 @@ -182,7 +190,7 @@ https://github.com/flatcar/scripts/releases/tag/alpha-3402.0.0 3402.0.0 - 2023-10-25T10:20:34.418466+00:00 + 2023-11-22T09:59:24.175130+00:00 New **Alpha** Release **3402.0.0**<br><br>_Changes since **Alpha 3374.0.0**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-2308](https://nvd.nist.gov/vuln/detail/CVE-2022-2308), [CVE-2022-3621](https://nvd.nist.gov/vuln/detail/CVE-2022-3621), [CVE-2022-3646](https://nvd.nist.gov/vuln/detail/CVE-2022-3646), [CVE-2022-3649](https://nvd.nist.gov/vuln/detail/CVE-2022-3649), [CVE-2022-40768](https://nvd.nist.gov/vuln/detail/CVE-2022-40768), [CVE-2022-41674](https://nvd.nist.gov/vuln/detail/CVE-2022-41674), [CVE-2022-42719](https://nvd.nist.gov/vuln/detail/CVE-2022-42719), [CVE-2022-42720](https://nvd.nist.gov/vuln/detail/CVE-2022-42720), [CVE-2022-42721](https://nvd.nist.gov/vuln/detail/CVE-2022-42721), [CVE-2022-42722](https://nvd.nist.gov/vuln/detail/CVE-2022-42722))<br>- bind-tools ([CVE-2022-2795](https://nvd.nist.gov/vuln/detail/CVE-2022-2795), [CVE-2022-2881](https://nvd.nist.gov/vuln/detail/CVE-2022-2881), [CVE-2022-2906](https://nvd.nist.gov/vuln/detail/CVE-2022-2906), [CVE-2022-3080](https://nvd.nist.gov/vuln/detail/CVE-2022-3080), [CVE-2022-38177](https://nvd.nist.gov/vuln/detail/CVE-2022-38177), [CVE-2022-38178](https://nvd.nist.gov/vuln/detail/CVE-2022-38178))<br>- curl ([CVE-2022-35252](https://nvd.nist.gov/vuln/detail/CVE-2022-35252))<br>- dbus ([CVE-2022-42010](https://nvd.nist.gov/vuln/detail/CVE-2022-42010), [CVE-2022-42011](https://nvd.nist.gov/vuln/detail/CVE-2022-42011), [CVE-2022-42012](https://nvd.nist.gov/vuln/detail/CVE-2022-42012))<br>- go ([CVE-2022-41715](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41715), [CVE-2022-2880](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880), [CVE-2022-2879](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879))<br>- libxml2 ([CVE-2022-40303](https://nvd.nist.gov/vuln/detail/CVE-2022-40303), [CVE-2022-40304](https://nvd.nist.gov/vuln/detail/CVE-2022-40304))<br>- logrotate ([CVE-2022-1348](https://nvd.nist.gov/vuln/detail/CVE-2022-1348))<br>- vim ([CVE-2022-2042](https://nvd.nist.gov/vuln/detail/CVE-2022-2042), [CVE-2022-2124](https://nvd.nist.gov/vuln/detail/CVE-2022-2124), [CVE-2022-2125](https://nvd.nist.gov/vuln/detail/CVE-2022-2125), [CVE-2022-2126](https://nvd.nist.gov/vuln/detail/CVE-2022-2126), [CVE-2022-2129](https://nvd.nist.gov/vuln/detail/CVE-2022-2129), [CVE-2022-2175](https://nvd.nist.gov/vuln/detail/CVE-2022-2175), [CVE-2022-2182](https://nvd.nist.gov/vuln/detail/CVE-2022-2182), [CVE-2022-2183](https://nvd.nist.gov/vuln/detail/CVE-2022-2183), [CVE-2022-2206](https://nvd.nist.gov/vuln/detail/CVE-2022-2206), [CVE-2022-2207](https://nvd.nist.gov/vuln/detail/CVE-2022-2207), [CVE-2022-2208](https://nvd.nist.gov/vuln/detail/CVE-2022-2208), [CVE-2022-2210](https://nvd.nist.gov/vuln/detail/CVE-2022-2210), [CVE-2022-2231](https://nvd.nist.gov/vuln/detail/CVE-2022-2231), [CVE-2022-2257](https://nvd.nist.gov/vuln/detail/CVE-2022-2257), [CVE-2022-2264](https://nvd.nist.gov/vuln/detail/CVE-2022-2264), [CVE-2022-2284](https://nvd.nist.gov/vuln/detail/CVE-2022-2284), [CVE-2022-2285](https://nvd.nist.gov/vuln/detail/CVE-2022-2285), [CVE-2022-2286](https://nvd.nist.gov/vuln/detail/CVE-2022-2286), [CVE-2022-2287](https://nvd.nist.gov/vuln/detail/CVE-2022-2287), [CVE-2022-2288](https://nvd.nist.gov/vuln/detail/CVE-2022-2288), [CVE-2022-2289](https://nvd.nist.gov/vuln/detail/CVE-2022-2289), [CVE-2022-2304](https://nvd.nist.gov/vuln/detail/CVE-2022-2304), [CVE-2022-2343](https://nvd.nist.gov/vuln/detail/CVE-2022-2343), [CVE-2022-2344](https://nvd.nist.gov/vuln/detail/CVE-2022-2344), [CVE-2022-2345](https://nvd.nist.gov/vuln/detail/CVE-2022-2345), [CVE-2022-2522](https://nvd.nist.gov/vuln/detail/CVE-2022-2522), [CVE-2022-2816](https://nvd.nist.gov/vuln/detail/CVE-2022-2816), [CVE-2022-2817](https://nvd.nist.gov/vuln/detail/CVE-2022-2817), [CVE-2022-2819](https://nvd.nist.gov/vuln/detail/CVE-2022-2819), [CVE-2022-2845](https://nvd.nist.gov/vuln/detail/CVE-2022-2845), [CVE-2022-2849](https://nvd.nist.gov/vuln/detail/CVE-2022-2849), [CVE-2022-2862](https://nvd.nist.gov/vuln/detail/CVE-2022-2862), [CVE-2022-2874](https://nvd.nist.gov/vuln/detail/CVE-2022-2874), [CVE-2022-2889](https://nvd.nist.gov/vuln/detail/CVE-2022-2889), [CVE-2022-2923](https://nvd.nist.gov/vuln/detail/CVE-2022-2923), [CVE-2022-2946](https://nvd.nist.gov/vuln/detail/CVE-2022-2946), [CVE-2022-2980](https://nvd.nist.gov/vuln/detail/CVE-2022-2980), [CVE-2022-2982](https://nvd.nist.gov/vuln/detail/CVE-2022-2982), [CVE-2022-3016](https://nvd.nist.gov/vuln/detail/CVE-2022-3016), [CVE-2022-3099](https://nvd.nist.gov/vuln/detail/CVE-2022-3099), [CVE-2022-3134](https://nvd.nist.gov/vuln/detail/CVE-2022-3134), [CVE-2022-3153](https://nvd.nist.gov/vuln/detail/CVE-2022-3153), [CVE-2022-1725](https://nvd.nist.gov/vuln/detail/CVE-2022-1725), [CVE-2022-3234](https://nvd.nist.gov/vuln/detail/CVE-2022-3234), [CVE-2022-3235](https://nvd.nist.gov/vuln/detail/CVE-2022-3235), [CVE-2022-3278](https://nvd.nist.gov/vuln/detail/CVE-2022-3278), [CVE-2022-3256](https://nvd.nist.gov/vuln/detail/CVE-2022-3256), [CVE-2022-3296](https://nvd.nist.gov/vuln/detail/CVE-2022-3296), [CVE-2022-3297](https://nvd.nist.gov/vuln/detail/CVE-2022-3297), [CVE-2022-3324](https://nvd.nist.gov/vuln/detail/CVE-2022-3324), [CVE-2022-3352](https://nvd.nist.gov/vuln/detail/CVE-2022-3352))<br>- SDK: rust ([CVE-2022-36113](https://nvd.nist.gov/vuln/detail/CVE-2022-36113), [CVE-2022-36114](https://nvd.nist.gov/vuln/detail/CVE-2022-36114))<br><br>#### Bug fixes:<br><br>- Enabled IOMMU on arm64 kernels, the lack of which prevented some systems from booting ([coreos-overlay#2235](https://github.com/flatcar/coreos-overlay/pull/2235))<br><br>#### Changes:<br><br>- Added `CONFIG_NF_CONNTRACK_BRIDGE` (for nf_conntrack_bridge) and `CONFIG_NFT_BRIDGE_META` (for nft_meta_bridge) to the kernel config to allow using conntrack rules for bridges in nftables and to match on bridge interface names ([coreos-overlay#2207](https://github.com/flatcar/coreos-overlay/pull/2207))<br>- Change CONFIG_WIREGUARD kernel option to module to save space on boot partition ([coreos-overlay#2239](https://github.com/flatcar/coreos-overlay/pull/2239))<br>- Disable several arch specific arm64 kernel config options for unsupported platforms to save space on boot partition ([coreos-overlay#2239](https://github.com/flatcar/coreos-overlay/pull/2239))<br>- OpenStack: enabled `coreos-metadata-sshkeys@.service` to provision SSH keys from metadata. ([Flatcar#817](https://github.com/flatcar/Flatcar/issues/817), [coreos-overlay#2246](https://github.com/flatcar/coreos-overlay/pull/2246))<br>- Switched from `--strip-unneeded` to `--strip-debug` when installing kernel modules, which makes kernel stacktraces more accurate and makes debugging issues easier ([coreos-overlay#2196](https://github.com/flatcar/coreos-overlay/pull/2196))<br>- The flatcar-update tool got two new flags to customize ports used on the host while updating flatcar ([init#81](https://github.com/flatcar/init/pull/81))<br>- Add qemu-guest-agent to all amd64 images, it will be automatically enabled when qemu-ga virtio-port is detected ([coreos-overlay#2240](https://github.com/flatcar/coreos-overlay/pull/2240), [portage-stable#373](https://github.com/flatcar/portage-stable/pull/373))<br><br>#### Updates:<br><br>- Linux ([5.15.74](https://lwn.net/Articles/911275/) (includes [5.15.71](https://lwn.net/Articles/909679), [5.15.72](https://lwn.net/Articles/910398), [5.15.73](https://lwn.net/Articles/910957)))<br>- Linux Firmware ([20221012](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20221012))<br>- bind-tools ([9.16.33](https://gitlab.isc.org/isc-projects/bind9/-/raw/v9_16_33/CHANGES))<br>- bpftool ([5.19.2](https://lwn.net/Articles/904957/))<br>- ca-certificates ([3.84](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_84.html))<br>- curl ([7.85](https://curl.se/mail/archive-2022-08/0012.html))<br>- dbus ([1.14.4](https://gitlab.freedesktop.org/dbus/dbus/-/raw/dbus-1.14.4/NEWS))<br>- Docker ([20.10.20](https://docs.docker.com/engine/release-notes/#201020))<br>- git ([2.37.3](https://github.com/git/git/blob/v2.37.3/Documentation/RelNotes/2.37.3.txt))<br>- glibc ([2.34](https://sourceware.org/pipermail/libc-alpha/2021-August/129718.html))<br>- Go ([1.18.7](https://go.dev/doc/devel/release#1.18.7))<br>- libxml2 ([2.10.3](https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3))<br>- logrotate ([3.20.1](https://github.com/logrotate/logrotate/releases/tag/3.20.1))<br>- nmap ([7.93](https://nmap.org/changelog.html#7.93))<br>- pahole ([1.23](https://git.kernel.org/pub/scm/devel/pahole/pahole.git/tag/?h=v1.23))<br>- strace ([5.19](https://github.com/strace/strace/releases/tag/v5.19))<br>- vim ([9.0.0655](https://github.com/vim/vim/releases/tag/v9.0.0655))<br>- wireguard-tools ([1.0.20210914](https://github.com/WireGuard/wireguard-tools/releases/tag/v1.0.20210914))<br>- zlib ([1.2.13](https://github.com/madler/zlib/releases/tag/v1.2.13))<br>- SDK: catalyst ([3.0.21](https://gitweb.gentoo.org/proj/catalyst.git/log/?h=3.0.21))<br>- SDK: cmake ([3.23.3](https://cmake.org/cmake/help/v3.23/release/3.23.html))<br>- SDK: libxslt ([1.1.37](https://gitlab.gnome.org/GNOME/libxslt/-/tags/v1.1.37))<br>- SDK: meson ([0.62.2](https://mesonbuild.com/Release-notes-for-0-62-0.html))<br>- SDK: ninja ([1.11.0](https://groups.google.com/g/ninja-build/c/R2oCyDctDf8/m/-U94Y5I8AgAJ?pli=1))<br>- SDK: Rust ([1.64.0](https://github.com/rust-lang/rust/releases/tag/1.64.0))<br>Packages:<br>- containerd 1.6.8<br>- docker 20.10.20<br>- ignition 2.14.0<br>- kernel 5.15.74<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-10-26T09:25:00+00:00 @@ -190,7 +198,7 @@ https://github.com/flatcar/scripts/releases/tag/alpha-3374.0.0 3374.0.0 - 2023-10-25T10:20:34.408398+00:00 + 2023-11-22T09:59:24.165015+00:00 _Changes since **Alpha 3346.0.0**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-0171](https://nvd.nist.gov/vuln/detail/CVE-2022-0171), [CVE-2022-2663](https://nvd.nist.gov/vuln/detail/CVE-2022-2663), [CVE-2022-2905](https://nvd.nist.gov/vuln/detail/CVE-2022-2905), [CVE-2022-3028](https://nvd.nist.gov/vuln/detail/CVE-2022-3028), [CVE-2022-3061](https://nvd.nist.gov/vuln/detail/CVE-2022-3061), [CVE-2022-3176](https://nvd.nist.gov/vuln/detail/CVE-2022-3176), [CVE-2022-3303](https://nvd.nist.gov/vuln/detail/CVE-2022-3303), [CVE-2022-39190](https://nvd.nist.gov/vuln/detail/CVE-2022-39190), [CVE-2022-39842](https://nvd.nist.gov/vuln/detail/CVE-2022-39842), [CVE-2022-40307](https://nvd.nist.gov/vuln/detail/CVE-2022-40307))<br>- Go ([CVE-2022-27664](https://nvd.nist.gov/vuln/detail/CVE-2022-27664), [CVE-2022-32190](https://nvd.nist.gov/vuln/detail/CVE-2022-32190))<br>- Docker ([CVE-2022-36109](https://nvd.nist.gov/vuln/detail/CVE-2022-36109))<br>- expat ([CVE-2022-40674](https://nvd.nist.gov/vuln/detail/CVE-2022-40674))<br>- intel-microcode ([CVE-2022-21233](https://nvd.nist.gov/vuln/detail/CVE-2022-21233))<br>- GNU Libtasn1 ([Gentoo#866237](https://bugs.gentoo.org/866237))<br>- libxml2 ([CVE-2016-3709](https://nvd.nist.gov/vuln/detail/CVE-2016-3709), [CVE-2022-2309](https://nvd.nist.gov/vuln/detail/CVE-2022-2309))<br>- polkit ([CVE-2021-4115](https://nvd.nist.gov/vuln/detail/CVE-2021-4115))<br>- rsync ([CVE-2022-29154](https://nvd.nist.gov/vuln/detail/CVE-2022-29154))<br>- unzip ([CVE-2022-0529](https://nvd.nist.gov/vuln/detail/CVE-2022-0529), [CVE-2022-0530](https://nvd.nist.gov/vuln/detail/CVE-2022-0530), [CVE-2021-4217](https://nvd.nist.gov/vuln/detail/CVE-2021-4217))<br>- zlib ([CVE-2022-37434](https://nvd.nist.gov/vuln/detail/CVE-2022-37434))<br><br>#### Bug fixes:<br><br>- Added back `gettext` to the OS ([Flatcar#849](https://github.com/flatcar-linux/Flatcar/issues/849))<br>- Added merging of Ignition systemd duplicated units when auto-translating from Ignition 2 to Ignition 3. ([coreos-overlay#2187](https://github.com/flatcar/coreos-overlay/pull/2187))<br>- Equinix Metal: Fixed serial console settings for the `m3.small.x86` instance by expanding the GRUB check for `i386` to `x86_64` ([coreos-overlay#2122](https://github.com/flatcar-linux/coreos-overlay/pull/2122))<br><br>#### Changes:<br><br>- emerge-gitclone: Migrate emerge-gitclone to use scripts repo tags and submodule refs<br><br>#### Updates:<br><br>- Linux ([5.15.70](https://lwn.net/Articles/909212) (includes [5.15.69](https://lwn.net/Articles/908782), [5.15.68](https://lwn.net/Articles/908140), [5.15.67](https://lwn.net/Articles/907526), [5.15.66](https://lwn.net/Articles/907524), [5.15.65](https://lwn.net/Articles/907204), [5.15.64](https://lwn.net/Articles/906630)))<br>- Linux Firmware ([20220913](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20220913))<br>- Go ([1.18.6](https://go.dev/doc/devel/release#go1.18.6))<br>- ca-certificates ([3.83](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_83.html))<br>- Docker ([20.10.18](https://docs.docker.com/engine/release-notes/#201018))<br>- expat ([2.4.9](https://github.com/libexpat/libexpat/blob/R_2_4_9/expat/Changes))<br>- gettext ([0.21](https://www.gnu.org/software/gettext/))<br>- intel-microcode ([20220809](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20220809))<br>- GNU Libtasn1 ([4.19.0](https://lists.gnu.org/archive/html/help-libtasn1/2022-08/msg00001.html))<br>- libxml2 ([2.10.2](https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.2))<br>- locksmith([0.7.0](https://github.com/flatcar/locksmith/blob/v0.7.0/CHANGELOG.md#v070--30112021))<br>- polkit ([121](https://gitlab.freedesktop.org/polkit/polkit/-/commit/827b0ddac5b1ef00a47fca4526fcf057bee5f1db))<br>- rsync ([3.2.6](https://github.com/WayneD/rsync/releases/tag/v3.2.6))<br>- runc ([1.1.4](https://github.com/opencontainers/runc/releases/tag/v1.1.4))<br>- unzip ([6.0_p27](https://metadata.ftp-master.debian.org/changelogs//main/u/unzip/unzip_6.0-27_changelog))<br>- SDK: libxslt ([1.1.35](https://gitlab.gnome.org/GNOME/libxslt/-/tags/v1.1.35))<br><br>Packages:<br>- containerd 1.6.8<br>- docker 20.10.18<br>- ignition 2.14.0<br>- kernel 5.15.70<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-10-04T12:18:51+00:00 @@ -198,7 +206,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3346.0.0 3346.0.0 - 2023-10-25T10:20:34.401486+00:00 + 2023-11-22T09:59:24.158036+00:00 _Changes since **Alpha 3305.0.1**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-1679](https://nvd.nist.gov/vuln/detail/CVE-2022-1679), [CVE-2022-2585](https://nvd.nist.gov/vuln/detail/CVE-2022-2585), [CVE-2022-2586](https://nvd.nist.gov/vuln/detail/CVE-2022-2586), [CVE-2022-2588](https://nvd.nist.gov/vuln/detail/CVE-2022-2588), [CVE-2022-26373](https://nvd.nist.gov/vuln/detail/CVE-2022-26373), [CVE-2022-36946](https://nvd.nist.gov/vuln/detail/CVE-2022-36946))<br>- Go ([CVE-2022-32189](https://nvd.nist.gov/vuln/detail/CVE-2022-32189))<br>- binutils ([CVE-2021-45078](https://nvd.nist.gov/vuln/detail/CVE-2021-45078))<br>- git ([CVE-2022-29187](https://nvd.nist.gov/vuln/detail/CVE-2022-29187))<br>- gnutls ([CVE-2022-2509](https://nvd.nist.gov/vuln/detail/CVE-2022-2509))<br>- libtirpc ([CVE-2021-46828](https://nvd.nist.gov/vuln/detail/CVE-2021-46828))<br>- oniguruma ([oss-fuzz issues fixed 2022-04-30](https://bugs.gentoo.org/841893))<br>- shadow ([CVE-2013-4235](https://nvd.nist.gov/vuln/detail/CVE-2013-4235))<br>- vim ([CVE-2022-0629](https://nvd.nist.gov/vuln/detail/CVE-2022-0629), [CVE-2022-0685](https://nvd.nist.gov/vuln/detail/CVE-2022-0685), [CVE-2022-0714](https://nvd.nist.gov/vuln/detail/CVE-2022-0714), [CVE-2022-0729](https://nvd.nist.gov/vuln/detail/CVE-2022-0729), [CVE-2022-0943](https://nvd.nist.gov/vuln/detail/CVE-2022-0943), [CVE-2022-1154](https://nvd.nist.gov/vuln/detail/CVE-2022-1154), [CVE-2022-1160](https://nvd.nist.gov/vuln/detail/CVE-2022-1160), [CVE-2022-1381](https://nvd.nist.gov/vuln/detail/CVE-2022-1381), [CVE-2022-1420](https://nvd.nist.gov/vuln/detail/CVE-2022-1420), [CVE-2022-1616](https://nvd.nist.gov/vuln/detail/CVE-2022-1616), [CVE-2022-1619](https://nvd.nist.gov/vuln/detail/CVE-2022-1619), [CVE-2022-1620](https://nvd.nist.gov/vuln/detail/CVE-2022-1620), [CVE-2022-1621](https://nvd.nist.gov/vuln/detail/CVE-2022-1621), [CVE-2022-1629](https://nvd.nist.gov/vuln/detail/CVE-2022-1629), [CVE-2022-1674](https://nvd.nist.gov/vuln/detail/CVE-2022-1674), [CVE-2022-1733](https://nvd.nist.gov/vuln/detail/CVE-2022-1733), [CVE-2022-1735](https://nvd.nist.gov/vuln/detail/CVE-2022-1735), [CVE-2022-1769](https://nvd.nist.gov/vuln/detail/CVE-2022-1769), [CVE-2022-1771](https://nvd.nist.gov/vuln/detail/CVE-2022-1771), [CVE-2022-1785](https://nvd.nist.gov/vuln/detail/CVE-2022-1785), [CVE-2022-1796](https://nvd.nist.gov/vuln/detail/CVE-2022-1796), [CVE-2022-1897](https://nvd.nist.gov/vuln/detail/CVE-2022-1897), [CVE-2022-1898](https://nvd.nist.gov/vuln/detail/CVE-2022-1898), [CVE-2022-1886](https://nvd.nist.gov/vuln/detail/CVE-2022-1886), [CVE-2022-1851](https://nvd.nist.gov/vuln/detail/CVE-2022-1851), [CVE-2022-1927](https://nvd.nist.gov/vuln/detail/CVE-2022-1927), [CVE-2022-1942](https://nvd.nist.gov/vuln/detail/CVE-2022-1942), [CVE-2022-1968](https://nvd.nist.gov/vuln/detail/CVE-2022-1968), [CVE-2022-2000](https://nvd.nist.gov/vuln/detail/CVE-2022-2000))<br>- VMware: open-vm-tools ([CVE-2022-31676](https://nvd.nist.gov/vuln/detail/CVE-2022-31676))<br><br>#### Bug fixes:<br><br>- AWS: added EKS support for version 1.22 and 1.23. ([coreos-overlay#2110](https://github.com/flatcar/coreos-overlay/pull/2110), [Flatcar#829](https://github.com/flatcar/Flatcar/issues/829))<br>- VMWare: excluded `wireguard` (and others) from `systemd-networkd` management. ([init#80](https://github.com/flatcar/init/pull/80))<br><br>#### Changes:<br><br>- Added symlink from `nc` to `ncat`. `-q` option is [not yet supported](https://github.com/nmap/nmap/issues/2422) ([flatcar#545](https://github.com/flatcar/Flatcar/issues/545))<br>- The new image signing subkey was added to the public key embedded into `flatcar-install` (the old expired on 10th August 2022), only an updated `flatcar-install` script can verify releases signed with the new key ([init#79](https://github.com/flatcar/init/pull/79))<br>- AWS: Added AWS IMDSv2 support to coreos-cloudinit ([flatcar-linux/coreos-cloudinit#13](https://github.com/flatcar/coreos-cloudinit/pull/13))<br><br>#### Updates:<br><br>- Linux ([5.15.63](https://lwn.net/Articles/906061) (includes [5.15.62](https://lwn.net/Articles/905533), [5.15.61](https://lwn.net/Articles/904959), [5.15.60](https://lwn.net/Articles/904461), [5.15.59](https://lwn.net/Articles/903688))<br>- Linux Firmware ([20220815](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20220815))<br>- binutils ([2.38](https://lwn.net/Articles/884264/))<br>- boost ([1.79](https://www.boost.org/users/history/version_1_79_0.html))<br>- ca-certificates ([3.82](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_82.html))<br>- containerd ([1.6.8](https://github.com/containerd/containerd/releases/tag/v1.6.8))<br>- Cyrus SASL ([2.1.28](https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28))<br>- gcc ([11.3.0](https://gcc.gnu.org/gcc-11/changes.html))<br>- git ([2.37.1](https://github.com/git/git/blob/v2.37.1/Documentation/RelNotes/2.37.1.txt))<br>- glib ([2.72.3](https://gitlab.gnome.org/GNOME/glib/-/tags/2.73.3))<br>- gnutls ([3.7.7](https://gitlab.com/gnutls/gnutls/-/tags/3.7.7))<br>- oniguruma ([6.9.8](https://github.com/kkos/oniguruma/releases/tag/v6.9.8))<br>- shadow ([4.12.3](https://github.com/shadow-maint/shadow/releases/tag/4.12.3))<br>- vim ([8.2.5066](https://github.com/vim/vim/releases/tag/v8.2.5066))<br>- SDK: automake ([1.16.5](https://savannah.gnu.org/forum/forum.php?forum_id=10055))<br>- SDK: bison ([3.8.2](https://lists.gnu.org/archive/html/bug-bison/2021-09/msg00056.html))<br>- SDK: libtool ([2.4.7](https://savannah.gnu.org/forum/forum.php?forum_id=10139))<br>- SDK: perl ([5.34.1](https://perldoc.perl.org/5.34.1/perldelta))<br>- SDK: pkgconf ([1.8.0](https://gitea.treehouse.systems/ariadne/pkgconf/src/tag/pkgconf-1.8.0/NEWS))<br>- SDK: Rust ([1.63.0](https://github.com/rust-lang/rust/releases/tag/1.63.0))<br>- VMware: open-vm-tools ([12.1.0](https://github.com/vmware/open-vm-tools/releases/tag/stable-12.1.0))<br><br>Packages:<br>- containerd 1.6.8<br>- docker 20.10.17<br>- ignition 2.14.0<br>- kernel 5.15.63<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-09-01T13:03:03+00:00 @@ -206,7 +214,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3305.0.1 3305.0.1 - 2023-10-25T10:20:34.393541+00:00 + 2023-11-22T09:59:24.149997+00:00 New Alpha Release 3305.0.1<br><br>Changes since Alpha 3305.0.0<br><br>## Security fixes:<br><br>- Linux ([CVE-2022-23816](https://nvd.nist.gov/vuln/detail/CVE-2022-23816), [CVE-2022-23825](https://nvd.nist.gov/vuln/detail/CVE-2022-23825), [CVE-2022-29900](https://nvd.nist.gov/vuln/detail/CVE-2022-29900), [CVE-2022-29901](https://nvd.nist.gov/vuln/detail/CVE-2022-29901))<br><br>## Bug fixes:<br><br>- Added support for Openstack for cloud-init activation ([flatcar-linux/init#76](https://github.com/flatcar/init/pull/76))<br>- Excluded Wireguard interface from `systemd-networkd` default management ([Flatcar#808](https://github.com/flatcar/Flatcar/issues/808))<br>- Fixed `/etc/resolv.conf` symlink by pointing it at `resolv.conf` instead of `stub-resolv.conf`. This bug was present since the update to systemd v250 ([coreos-overlay#2057](https://github.com/flatcar/coreos-overlay/pull/2057))<br>- Fixed excluded interface type from default systemd-networkd configuration ([flatcar-linux/init#78](https://github.com/flatcar/init/pull/78))<br>- Fixed space escaping in the `networkd` Ignition translation ([Flatcar#812](https://github.com/flatcar/Flatcar/issues/812))<br><br>## Changes:<br><br><br>## Updates:<br><br>- Linux ([5.15.58](https://lwn.net/Articles/902917) (includes [5.15.57](https://lwn.net/Articles/902317), [5.15.56](https://lwn.net/Articles/902101)))<br>- ca-certificates ([3.81](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_81.html))<br><br>Packages:<br>- containerd 1.6.6<br>- docker 20.10.17<br>- ignition 2.14.0<br>- kernel 5.15.58<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-08-04T12:09:27+00:00 @@ -214,7 +222,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3305.0.0 3305.0.0 - 2023-10-25T10:20:34.388289+00:00 + 2023-11-22T09:59:24.144590+00:00 New **Alpha** Release **3305.0.0**<br><br>_Changes since **Alpha 3277.0.0**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2021-33655](https://nvd.nist.gov/vuln/detail/CVE-2021-33655), [CVE-2022-2318](https://nvd.nist.gov/vuln/detail/CVE-2022-2318), [CVE-2022-26365](https://nvd.nist.gov/vuln/detail/CVE-2022-26365), [CVE-2022-33740](https://nvd.nist.gov/vuln/detail/CVE-2022-33740), [CVE-2022-33741](https://nvd.nist.gov/vuln/detail/CVE-2022-33741), [CVE-2022-33742](https://nvd.nist.gov/vuln/detail/CVE-2022-33742), [CVE-2022-33743](https://nvd.nist.gov/vuln/detail/CVE-2022-33743), [CVE-2022-33744](https://nvd.nist.gov/vuln/detail/CVE-2022-33744), [CVE-2022-34918](https://nvd.nist.gov/vuln/detail/CVE-2022-34918))<br>- cifs-utils ([CVE-2022-27239](https://nvd.nist.gov/vuln/detail/CVE-2022-27239), [CVE-2022-29869](https://nvd.nist.gov/vuln/detail/CVE-2022-29869))<br>- curl ([CVE-2022-32205](https://nvd.nist.gov/vuln/detail/CVE-2022-32205), [CVE-2022-32206](https://nvd.nist.gov/vuln/detail/CVE-2022-32206), [CVE-2022-32207](https://nvd.nist.gov/vuln/detail/CVE-2022-32207), [CVE-2022-32208](https://nvd.nist.gov/vuln/detail/CVE-2022-32208))<br>- gnupg ([CVE-2022-34903](https://nvd.nist.gov/vuln/detail/CVE-2022-34903))<br>- Go ([CVE-2022-1705](https://nvd.nist.gov/vuln/detail/CVE-2022-1705), [CVE-2022-1962](https://nvd.nist.gov/vuln/detail/CVE-2022-1962), [CVE-2022-28131](https://nvd.nist.gov/vuln/detail/CVE-2022-28131), [CVE-2022-30630](https://nvd.nist.gov/vuln/detail/CVE-2022-30630), [CVE-2022-30631](https://nvd.nist.gov/vuln/detail/CVE-2022-30631), [CVE-2022-30632](https://nvd.nist.gov/vuln/detail/CVE-2022-30632), [CVE-2022-30633](https://nvd.nist.gov/vuln/detail/CVE-2022-30633), [CVE-2022-30635](https://nvd.nist.gov/vuln/detail/CVE-2022-30635), [CVE-2022-32148](https://nvd.nist.gov/vuln/detail/CVE-2022-32148))<br><br>#### Bug fixes:<br><br>- Removed outdated LTS channel information printed on login ([init#75](https://github.com/flatcar/init/pull/75))<br>- The Ignition v3 kargs directive failed before when used with the generic image where no `grub.cfg` exists, this was fixed by creating it first ([bootengine#47](https://github.com/flatcar/bootengine/pull/47))<br><br>#### Updates:<br><br>- Linux ([5.15.54](https://lwn.net/Articles/900911) (includes [5.15.53](https://lwn.net/Articles/900321), [5.15.52](https://lwn.net/Articles/899788), [5.15.51](https://lwn.net/Articles/899370), [5.15.50](https://lwn.net/Articles/899091), [5.15.49](https://lwn.net/Articles/898622)))<br>- Linux Firmware ([20220708](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20220708))<br>- adcli ([0.9.1](https://gitlab.freedesktop.org/realmd/adcli/-/releases#0.9.1))<br>- ca-certificates ([3.80](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_80.html))<br>- cifs-utils ([6.15](https://lists.samba.org/archive/samba-technical/2022-April/137335.html))<br>- curl ([7.84.0](https://github.com/curl/curl/releases/tag/curl-7_84_0))<br>- gdb ([11.2](https://lists.gnu.org/archive/html/info-gnu/2022-01/msg00009.html))<br>- gnupg ([2.2.35](https://dev.gnupg.org/T5928))<br>- Go ([1.18.4](https://go.dev/doc/devel/release#go1.18.4))<br>- sudo ([1.9.10](https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_10))<br>- SDK: Rust ([1.62.0](https://github.com/rust-lang/rust/releases/tag/1.62.0))<br>Packages:<br>- containerd 1.6.6<br>- docker 20.10.17<br>- ignition 2.14.0<br>- kernel 5.15.54<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-07-21T15:28:28+00:00 @@ -222,7 +230,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3277.0.0 3277.0.0 - 2023-10-25T10:20:34.381927+00:00 + 2023-11-22T09:59:24.137546+00:00 New **Alpha** Release **3277.0.0**<br><br>Changes since **Alpha 3255.0.0**<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-1789](https://nvd.nist.gov/vuln/detail/CVE-2022-1789), [CVE-2022-1852](https://nvd.nist.gov/vuln/detail/CVE-2022-1852), [CVE-2022-1972](https://nvd.nist.gov/vuln/detail/CVE-2022-1972), [CVE-2022-1973](https://nvd.nist.gov/vuln/detail/CVE-2022-1973), [CVE-2022-2078](https://nvd.nist.gov/vuln/detail/CVE-2022-2078), [CVE-2022-32250](https://nvd.nist.gov/vuln/detail/CVE-2022-32250), [CVE-2022-32981](https://nvd.nist.gov/vuln/detail/CVE-2022-32981))<br>- containerd ([CVE-2022-31030](https://nvd.nist.gov/vuln/detail/CVE-2022-31030))<br>- ignition ([CVE-2022-1706](https://nvd.nist.gov/vuln/detail/CVE-2022-1706))<br>- intel-microcode ([CVE-2022-21151](https://nvd.nist.gov/vuln/detail/CVE-2022-21151)) <br>- libpcre2 ([CVE-2022-1586](https://nvd.nist.gov/vuln/detail/CVE-2022-1586), [CVE-2022-1587](https://nvd.nist.gov/vuln/detail/CVE-2022-1587))<br>- libxml2 ([CVE-2022-29824](https://nvd.nist.gov/vuln/detail/CVE-2022-29824))<br><br>#### Changes:<br><br>- Added efibootmgr binary to the image ([coreos-overlay#1955](https://github.com/flatcar/coreos-overlay/pull/1955))<br>- Enabled `containerd.service` unit, `br_netfilter` and `overlay` modules by default to follow Kubernetes requirements ([coreos-overlay#1944](https://github.com/flatcar/coreos-overlay/pull/1944), [init#72](https://github.com/flatcar/init/pull/72))<br>- flatcar-install: Added option to create UEFI boot entry ([init#74](https://github.com/flatcar/init/pull/74))<br>- ARM64: Added [cifs-utils](https://wiki.samba.org/index.php/LinuxCIFS_utils) for ARM64<br>- ARM64: Added [sssd](https://sssd.io/), [adcli](https://www.freedesktop.org/software/realmd/adcli/adcli.html) and realmd for ARM64<br>- SDK / ARM64: Added [go-tspi](https://pkg.go.dev/github.com/coreos/go-tspi) bindings for ARM64<br>- VMWare: Added `ignition-delete-config.service` to remove Ignition config from VM metadata, see also [here](https://coreos.github.io/ignition/operator-notes/#automatic-config-deletion) ([coreos-overlay#1948](https://github.com/flatcar/coreos-overlay/pull/1948))<br><br>#### Updates:<br><br>- Linux ([5.15.48](https://lwn.net/Articles/898124) (includes [5.15.47](https://lwn.net/Articles/897904), [5.15.46](https://lwn.net/Articles/897377), [5.15.45](https://lwn.net/Articles/897167), [5.15.44](https://lwn.net/Articles/896647)))<br>- Linux Firmware ([20220610](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20220610))<br>- Docker ([20.10.17](https://docs.docker.com/engine/release-notes/#201017))<br>- ca-certificates ([3.79](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_79.html))<br>- containerd ([1.6.6](https://github.com/containerd/containerd/releases/tag/v1.6.6))<br>- ignition ([2.14.0](https://github.com/coreos/ignition/releases/tag/v2.14.0))<br>- intel-microcode ([20220510](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20220510)) <br>- runc ([1.1.3](https://github.com/opencontainers/runc/releases/tag/v1.1.3))<br>- libpcre2 ([10.40](https://github.com/PCRE2Project/pcre2/blob/pcre2-10.40/NEWS))<br>- libxml2 ([2.9.14](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.9.14))<br>Packages:<br>- containerd 1.6.6<br>- docker 20.10.17<br>- ignition 2.14.0<br>- kernel 5.15.48<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-06-23T11:43:06+00:00 @@ -230,7 +238,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3255.0.0 3255.0.0 - 2023-10-25T10:20:34.375541+00:00 + 2023-11-22T09:59:24.128967+00:00 New **Alpha** Release **3255.0.0**<br><br>_Changes since **Alpha 3227.0.0**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-1734](https://nvd.nist.gov/vuln/detail/CVE-2022-1734), [CVE-2022-28893](https://nvd.nist.gov/vuln/detail/CVE-2022-28893), [CVE-2022-1012](https://nvd.nist.gov/vuln/detail/CVE-2022-1012), [CVE-2022-1729](https://nvd.nist.gov/vuln/detail/CVE-2022-1729))<br>- Go ([CVE-2022-29526](https://nvd.nist.gov/vuln/detail/CVE-2022-29526))<br>- curl ([CVE-2022-22576](https://nvd.nist.gov/vuln/detail/CVE-2022-22576), [CVE-2022-27774](https://nvd.nist.gov/vuln/detail/CVE-2022-27774), [CVE-2022-27775](https://nvd.nist.gov/vuln/detail/CVE-2022-27775), [CVE-2022-27776](https://nvd.nist.gov/vuln/detail/CVE-2022-27776), [CVE-2022-27778](https://nvd.nist.gov/vuln/detail/CVE-2022-27778), [CVE-2022-27779](https://nvd.nist.gov/vuln/detail/CVE-2022-27779), [CVE-2022-27780](https://nvd.nist.gov/vuln/detail/CVE-2022-27780), [CVE-2022-27781](https://nvd.nist.gov/vuln/detail/CVE-2022-27781), [CVE-2022-27782](https://nvd.nist.gov/vuln/detail/CVE-2022-27782), [CVE-2022-30115](https://nvd.nist.gov/vuln/detail/CVE-2022-30115))<br>- Docker ([CVE-2022-29526](https://nvd.nist.gov/vuln/detail/CVE-2022-29526))<br>- git ([CVE-2022-24765](https://nvd.nist.gov/vuln/detail/CVE-2022-24765))<br>- ncurses ([CVE-2022-29458](https://nvd.nist.gov/vuln/detail/CVE-2022-29458))<br>- openssl ([CVE-2022-1292](https://nvd.nist.gov/vuln/detail/CVE-2022-1292), [CVE-2022-1343](https://nvd.nist.gov/vuln/detail/CVE-2022-1343), [CVE-2022-1434](https://nvd.nist.gov/vuln/detail/CVE-2022-1434), [CVE-2022-1473](https://nvd.nist.gov/vuln/detail/CVE-2022-1473))<br>- nvidia-drivers ([CVE-2022-28181](https://nvd.nist.gov/vuln/detail/CVE-2022-28181), [CVE-2022-28183](https://nvd.nist.gov/vuln/detail/CVE-2022-28183), [CVE-2022-28184](https://nvd.nist.gov/vuln/detail/CVE-2022-28184), [CVE-2022-28185](https://nvd.nist.gov/vuln/detail/CVE-2022-28185))<br>- rsync ([CVE-2018-25032](https://nvd.nist.gov/vuln/detail/CVE-2018-25032))<br>- runc ([CVE-2022-29162](https://nvd.nist.gov/vuln/detail/CVE-2022-29162))<br>- Torcx ([CVE-2022-27191](https://nvd.nist.gov/vuln/detail/CVE-2022-27191))<br>- SDK: qemu ([CVE-2021-20203](https://nvd.nist.gov/vuln/detail/CVE-2021-20203), [CVE-2021-3713](https://nvd.nist.gov/vuln/detail/CVE-2021-3713), [CVE-2021-3930](https://nvd.nist.gov/vuln/detail/CVE-2021-3930), [CVE-2021-3947](https://nvd.nist.gov/vuln/detail/CVE-2021-3947), [CVE-2021-4145](https://nvd.nist.gov/vuln/detail/CVE-2021-4145), [CVE-2022-26353](https://nvd.nist.gov/vuln/detail/CVE-2022-26353), [CVE-2022-26354](https://nvd.nist.gov/vuln/detail/CVE-2022-26354))<br><br>#### Bug fixes:<br><br>- Ensured `/etc/flatcar/update.conf` exists because it happens to be used as flag file for Ansible ([init#71](https://github.com/flatcar/init/pull/71))<br>- Fixed Ignition's OEM ID to be `metal` to follow the Ignition upstream change which otherwise resulted in a broken boot when the Flatcar OEM ID `pxe` was used ([bootengine#45](https://github.com/flatcar/bootengine/pull/45))<br>- Added `networkd` translation to `files` section when converting from Ignition 2.x to Ignition 3.x ([coreos-overlay#1910](https://github.com/flatcar/coreos-overlay/pull/1910), [flatcar#741](https://github.com/flatcar/Flatcar/issues/741))<br>- GCP: Fixed shutdown script execution ([coreos-overlay#1912](https://github.com/flatcar/coreos-overlay/pull/1912), [flatcar#743](https://github.com/flatcar/Flatcar/issues/743))<br><br>#### Changes:<br><br>- VMware: Added VMware networking configuration in the initramfs via guestinfo settings ([bootengine#44](https://github.com/flatcar/bootengine/pull/44), [flatcar#717](https://github.com/flatcar/Flatcar/issues/717))<br><br>#### Updates:<br><br>- Linux ([5.15.43](https://lwn.net/Articles/896231/) (includes [5.15.42](https://lwn.net/Articles/896226), [5.15.41](https://lwn.net/Articles/895645), [5.15.40](https://lwn.net/Articles/895318), [5.15.39](https://lwn.net/Articles/895070), [5.15.38](https://lwn.net/Articles/894357)))<br>- Linux Firmware ([20220509](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20220509))<br>- Go ([1.18.2](https://go.googlesource.com/go/+/refs/tags/go1.18.2))<br>- Docker ([20.10.16](https://docs.docker.com/engine/release-notes/#201016) (includes [20.10.15](https://docs.docker.com/engine/release-notes/#201015)))<br>- containerd ([1.6.4](https://github.com/containerd/containerd/releases/tag/v1.6.4))<br>- curl ([7.83.1](https://curl.se/mail/lib-2022-05/0010.html))<br>- dbus ([1.12.22](https://gitlab.freedesktop.org/dbus/dbus/-/blob/177ab044bc87cbc4ded75d21b900795a6fefef76/NEWS))<br>- e2fsprogs ([1.46.5](http://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.46.5))<br>- git ([2.35.3](https://github.com/git/git/blob/v2.35.3/Documentation/RelNotes/2.35.3.txt))<br>- ldb ([2.4.1](https://gitlab.com/samba-team/samba/-/commit/a795e0c84597aa045d011e663dbad3cdabf0f1e6))<br>- ncurses ([6.3_p20220423](https://lists.gnu.org/archive/html/info-gnu/2021-11/msg00001.html))<br>- nvidia-drivers ([510.73.05](https://docs.nvidia.com/datacenter/tesla/tesla-release-notes-510-73-05/index.html))<br>- openssl ([3.0.3](https://www.openssl.org/news/changelog.html#openssl-30))<br>- rsync ([3.2.4](https://download.samba.org/pub/rsync/NEWS.html#3.2.4))<br>- runc ([1.1.2](https://github.com/opencontainers/runc/releases/tag/v1.1.2))<br>- samba ([4.15.4](https://www.samba.org/samba/history/samba-4.15.4.html))<br>- sqlite ([3.38.1](https://www.sqlite.org/releaselog/3_38_1.html))<br>- talloc ([2.3.3](https://gitlab.com/samba-team/samba/-/commit/bc1ee7ca0640f0136e5af7dcc4ca8ed0a5893053))<br>- tevent ([0.11.0](https://gitlab.com/samba-team/samba/-/commit/de4e8a1af9564f6056f9af90867c2f013449051c))<br>- gdbm ([1.22](https://lists.gnu.org/archive/html/info-gnu/2021-10/msg00006.html))<br>- new: acpid ([2.0.33](https://sourceforge.net/p/acpid2/code/ci/2.0.33/tree/Changelog))<br>- OEM: python ([3.9.12](https://www.python.org/downloads/release/python-3912/))<br>- OEM: python-distro ([1.7.0](https://github.com/python-distro/distro/releases/tag/v1.7.0))<br>- SDK: python ([3.9.12](https://www.python.org/downloads/release/python-3912/))<br>- SDK: qemu ([7.0.0](https://wiki.qemu.org/ChangeLog/7.0))<br>- SDK: Rust ([1.61.0](https://github.com/rust-lang/rust/releases/tag/1.61.0))<br>- VMware: open-vm-tools ([12.0.5](https://github.com/vmware/open-vm-tools/releases/tag/stable-12.0.5))<br><br>Packages:<br>- docker 20.10.16<br>- ignition 2.13.0<br>- kernel 5.15.43<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-06-02T15:01:44+00:00 @@ -238,7 +246,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3227.0.0 3227.0.0 - 2023-10-25T10:20:34.367253+00:00 + 2023-11-22T09:59:24.120632+00:00 New **Alpha** Release **3227.0.0**<br><br>_Changes since **Alpha 3200.0.0**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-28390](https://nvd.nist.gov/vuln/detail/CVE-2022-28390), [CVE-2022-0168](https://nvd.nist.gov/vuln/detail/CVE-2022-0168), [CVE-2022-1158](https://nvd.nist.gov/vuln/detail/CVE-2022-1158), [CVE-2022-1353](https://nvd.nist.gov/vuln/detail/CVE-2022-1353), [CVE-2022-1198](https://nvd.nist.gov/vuln/detail/CVE-2022-1198), [CVE-2022-28389](https://nvd.nist.gov/vuln/detail/CVE-2022-28389), [CVE-2022-28388](https://nvd.nist.gov/vuln/detail/CVE-2022-28388), [CVE-2022-1516](https://nvd.nist.gov/vuln/detail/CVE-2022-1516), [CVE-2022-1263](https://nvd.nist.gov/vuln/detail/CVE-2022-1263), [CVE-2022-29582](https://nvd.nist.gov/vuln/detail/CVE-2022-29582), [CVE-2022-1204](https://nvd.nist.gov/vuln/detail/CVE-2022-1204), [CVE-2022-1205](https://nvd.nist.gov/vuln/detail/CVE-2022-1205), [CVE-2022-0500](https://nvd.nist.gov/vuln/detail/CVE-2022-0500), [CVE-2022-23222](https://nvd.nist.gov/vuln/detail/CVE-2022-23222))<br>- Go ([CVE-2022-24675](https://nvd.nist.gov/vuln/detail/CVE-2022-24675))<br>- libarchive ([CVE-2022-26280](https://nvd.nist.gov/vuln/detail/CVE-2022-26280))<br>- gzip,xz-utils ([CVE-2022-1271](https://nvd.nist.gov/vuln/detail/CVE-2022-1271))<br><br>#### Bug fixes:<br><br>- GCE: Restored oem-gce.service functionality on GCP ([coreos-overlay#1813](https://github.com/flatcar/coreos-overlay/pull/1813))<br>- Skipped starting `ensure-sysext.service` if `systemd-sysext.service` won't be started, to prevent reporting a dependency failure ([Flatcar#710](https://github.com/flatcar/Flatcar/issues/710))<br>- Added a remount action as `systemd-sysext.service` drop-in unit to restore the OEM partition mount after the overlay mounts in `/usr` are done ([init#69](https://github.com/flatcar/init/pull/69))<br>- Added pahole to developer container, without it kernel modules built against /usr/src/linux may fail to probe with an 'invalid relocation target' error ([coreos-overlay#1839](https://github.com/flatcar/coreos-overlay/pull/1839))<br><br>#### Changes:<br><br>- GCE: Enabled GVE kernel driver, which adds support for Google Virtual NIC on GCP ([coreos-overlay#1802](https://github.com/flatcar/coreos-overlay/pull/1802))<br>- Enabled `CONFIG_INTEL_RAPL` on AMD64 Kernel config to compile `intel_rapl_common` module in order to allow power monitoring on modern Intel processors ([coreos-overlay#1801](https://github.com/flatcar/coreos-overlay/pull/1801))<br>- Azure: Set up `/etc/hostname` from instance metadata with Afterburn<br>- AWS EC2: Removed the setup of `/etc/hostname` from the instance metadata because it used a long FQDN but we can just use use the hostname set via DHCP ([Flatcar#707](https://github.com/flatcar/Flatcar/issues/707))<br>- SDK: Dropped the mantle binaries (kola, ore, etc.) from the SDK, they are now provided by the `ghcr.io/flatcar/mantle` image ([coreos-overlay#1827](https://github.com/flatcar/coreos-overlay/pull/1827), [scripts#275](https://github.com/flatcar/scripts/pull/275))<br><br>#### Updates:<br><br>- Linux ([5.15.37](https://lwn.net/Articles/893264) (includes [5.15.36](https://lwn.net/Articles/892812), [5.15.35](https://lwn.net/Articles/892002), [5.15.34](https://lwn.net/Articles/891251), [5.15.33](https://lwn.net/Articles/890722)))<br>- Linux Firmware ([20220411](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20220411))<br>- Go ([1.17.9](https://go.googlesource.com/go/+/refs/tags/go1.17.9))<br>- afterburn ([5.2.0](https://github.com/coreos/afterburn/releases/tag/v5.2.0))<br>- ca-certificates ([3.78](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_78.html))<br>- containerd ([1.6.3](https://github.com/containerd/containerd/releases/tag/v1.6.3))<br>- gzip ([1.12](https://savannah.gnu.org/forum/forum.php?forum_id=10157))<br>- libarchive ([3.6.1](https://github.com/libarchive/libarchive/releases/tag/v3.6.1))<br>- GCE: google compute-image-packages ([20190124](https://github.com/GoogleCloudPlatform/compute-image-packages/releases/tag/20190124))<br>- SDK: Rust ([1.60.0](https://github.com/rust-lang/rust/releases/tag/1.60.0))<br>Packages:<br>- docker 20.10.14<br>- ignition 2.13.0<br>- kernel 5.15.37<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-05-09T14:40:33+00:00 @@ -246,7 +254,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3200.0.0 3200.0.0 - 2023-10-25T10:20:34.360257+00:00 + 2023-11-22T09:59:24.113543+00:00 New **Alpha** Release **3200.0.0**<br><br>_Changes since **Alpha 3185.0.0**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-1015](https://nvd.nist.gov/vuln/detail/CVE-2022-1015), [CVE-2022-1016](https://nvd.nist.gov/vuln/detail/CVE-2022-1016))<br>- containerd ([CVE-2022-24769](https://nvd.nist.gov/vuln/detail/CVE-2022-24769))<br>- util-linux ([CVE-2021-3995](https://nvd.nist.gov/vuln/detail/CVE-2021-3995), [CVE-2021-3996](https://nvd.nist.gov/vuln/detail/CVE-2021-3996), [CVE-2022-0563](https://nvd.nist.gov/vuln/detail/CVE-2022-0563))<br>- gnutls ([CVE-2021-4209](https://nvd.nist.gov/vuln/detail/CVE-2021-4209), [GNUTLS-SA-2022-01-17](https://gitlab.com/gnutls/gnutls/-/issues/1277))<br>- zlib ([CVE-2018-25032](https://nvd.nist.gov/vuln/detail/CVE-2018-25032))<br><br>#### Bug fixes:<br><br>- Made Ignition write the SSH keys into a file under `authorized_keys.d/ignition` again and added a call to `update-ssh-keys` after Ignition ran to create the merged `authorized_keys` file, which fixes the problem that keys added by Ignition get lost when `update-ssh-keys` runs ([init#66](https://github.com/flatcar/init/pull/66))<br><br>#### Changes:<br><br>- Enabled FIPS mode for cryptsetup ([flatcar-linux/coreos-overlay#1747](https://github.com/flatcar/coreos-overlay/pull/1747))<br>- Added `cryptsetup` to the initramfs for the Ignition `luks` directive ([flatcar-linux/coreos-overlay#1760](https://github.com/flatcar/coreos-overlay/pull/1760))<br><br>#### Updates:<br><br>- Linux ([5.15.32](https://lwn.net/Articles/889438)) (from 5.15.30)<br>- Docker ([20.10.14](https://docs.docker.com/engine/release-notes/#201014))<br>- bind-tools ([9.16.27](https://gitlab.isc.org/isc-projects/bind9/-/blob/v9_16_27/CHANGES))<br>- ca-certificates ([3.77](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_77.html))<br>- conntrack-tools ([1.4.6](https://lists.netfilter.org/pipermail/netfilter-announce/2020/000240.html))<br>- containerd ([1.6.2](https://github.com/containerd/containerd/releases/tag/v1.6.2))<br>- e2fsprogs ([1.46.4](http://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.46.4))<br>- elfutils ([0.186](https://sourceware.org/git/?p=elfutils.git;a=blob;f=NEWS;h=490932ae4ef9b5a3af01d2c8c616f14d57586046;hb=983e86fd89e8bf02f2d27ba5dce5bf078af4ceda))<br>- gnutls ([3.7.3](https://gitlab.com/gnutls/gnutls/-/merge_requests/1517))<br>- gzip ([1.11](https://lists.gnu.org/archive/html/info-gnu/2021-09/msg00002.html))<br>- jansson ([2.14](https://github.com/akheron/jansson/blob/v2.14/CHANGES))<br>- libbsd ([0.11.3](https://gitlab.freedesktop.org/libbsd/libbsd/-/commits/0.11.3/))<br>- libnetfilter_queue ([1.0.5](https://git.netfilter.org/libnetfilter_queue/log/?h=libnetfilter_queue-1.0.5))<br>- libpcap ([1.10.1](https://git.tcpdump.org/libpcap/blob/c7642e2cc0c5bd65754685b160d25dc23c76c6bd:/CHANGES))<br>- libtasn1 ([4.17.0](https://gitlab.com/gnutls/libtasn1/-/blob/v4.17.0/NEWS))<br>- liburing ([2.1](https://github.com/axboe/liburing/commits/liburing-2.1))<br>- mdadm ([4.2](https://lore.kernel.org/all/28fdbc45-96ca-7cdb-3ced-a5f65d978048@trained-monkey.org/T/))<br>- multipath-tools ([0.8.7](https://github.com/opensvc/multipath-tools/commits/0.8.7))<br>- nghttp2 ([1.45.1](https://github.com/nghttp2/nghttp2/releases/tag/v1.45.1))<br>- oniguruma ([6.9.7.1](https://github.com/kkos/oniguruma/releases/tag/v6.9.7.1))<br>- open-isns ([0.101](https://github.com/open-iscsi/open-isns/blob/v0.101/ChangeLog))<br>- pcre2 ([10.39](https://github.com/PhilipHazel/pcre2/blob/pcre2-10.39/NEWS))<br>- runc ([1.1.1](https://github.com/opencontainers/runc/releases/tag/v1.1.1))<br>- tcpdump ([4.99.1](https://git.tcpdump.org/tcpdump/blob/5f552b5e6e9fe05f7ad9681d51d0303233daba6a:/CHANGES))<br>- unzip ([6.0_p26](https://metadata.ftp-master.debian.org/changelogs//main/u/unzip/unzip_6.0-26_changelog))<br>- util-linux ([2.37.4](https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.4-ChangeLog))<br>- zlib ([1.2.12](https://github.com/madler/zlib/blob/21767c654d31d2dccdde4330529775c6c5fd5389/ChangeLog#L4))<br><br>Packages:<br>- docker 20.10.14<br>- ignition 2.13.0<br>- kernel 5.15.32<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-04-07T12:03:58+00:00 @@ -254,7 +262,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3185.0.0 3185.0.0 - 2023-10-25T10:20:34.353444+00:00 + 2023-11-22T09:59:24.106569+00:00 New **Alpha** Release **3185.0.0**<br><br>**Changes since Alpha-3165.0.0**<br><br>#### Security fixes<br>- Linux ([CVE-2022-25636](https://nvd.nist.gov/vuln/detail/CVE-2022-25636))<br>- Go ([CVE-2022-24921](https://nvd.nist.gov/vuln/detail/CVE-2022-24921))<br>- containerd ([CVE-2022-23648](https://nvd.nist.gov/vuln/detail/CVE-2022-23648))<br>- cryptsetup ([CVE-2021-4122](https://nvd.nist.gov/vuln/detail/CVE-2021-4122))<br>- intel-microcode ([CVE-2021-0127](https://nvd.nist.gov/vuln/detail/CVE-2021-0127), [CVE-2021-0146](https://nvd.nist.gov/vuln/detail/CVE-2021-0146))<br>- nvidia-drivers ([CVE-2022-21814](https://nvd.nist.gov/vuln/detail/CVE-2022-21814), [CVE-2022-21813](https://nvd.nist.gov/vuln/detail/CVE-2022-21813))<br>- openssl ([CVE-2022-0778](https://nvd.nist.gov/vuln/detail/CVE-2022-0778))<br><br>#### Bug fixes<br>- Reverted the Linux kernel commit which broke networking on AWS instances which use Intel 82559 NIC (c4/m4) ([Flatcar#665](https://github.com/flatcar/Flatcar/issues/665), [coreos-overlay#1723](https://github.com/flatcar/coreos-overlay/pull/1723))<br>- Re-added the `brd drbd nbd rbd xen-blkfront zram libarc4 lru_cache zsmalloc` kernel modules to the initramfs since they were missing compared to the Flatcar 3033.2.x releases where the 5.10 kernel is used ([bootengine#40](https://github.com/flatcar/bootengine/pull/40))<br><br>#### Changes<br>- Merge the Flatcar Pro features into the regular Flatcar images ([coreos-overlay#1679](https://github.com/flatcar/coreos-overlay/pull/1679)) <br>- Besides Ignition v1 and v2 configurations, Ignition configurations with specification v3 (up to 3.3.0) are now supported, see the [docs section for details](https://www.flatcar.org/docs/latest/provisioning/ignition/specification/#ignition-v3)<br>- Made SELinux enabled by default in default containerd configuration file. ([coreos-overlay#1699](https://github.com/flatcar/coreos-overlay/pull/1699))<br>- Removed `rngd.service` because it is not essential anymore for the kernel to boot fast in VM environments ([coreos-overlay#1700](https://github.com/flatcar/coreos-overlay/pull/1700))<br>- Enabled `systemd-sysext.service` to activate systemd-sysext images on boot, to disable you will need to mask it. Also added a helper service `ensure-sysext.service` which reloads the systemd units to reevaluate the `sockets`, `timers`, and `multi-user` targets when `systemd-sysext.service` is (re)started, making it possible to enable units that are part of a sysext image ([init#65](https://github.com/flatcar/init/pull/65))<br>- For amd64 `/usr/lib` used to be a symlink to `/usr/lib64` but now they became two separate folders as common in other distributions (and was the case for arm64 already). Compatibility symlinks exist in case `/usr/lib64` was used to access, e.g., the `modules` folder or the `systemd` folder ([coreos-overlay#1713](https://github.com/flatcar/coreos-overlay/pull/1713), [flatcar-scripts#255](https://github.com/flatcar/scripts/pull/255))<br>- Defined a systemd-sysext level that sysext images can match for instead of the OS version when they don't have a strong coupling, meaning the only metadata required is `SYSEXT_LEVEL=1.0` and `ID=flatcar` ([#643](https://github.com/flatcar/Flatcar/issues/643))<br>- OpenStack: In addition to the `bz2` image, a `gz` compressed image is published. This allows Glance to directly consume the images by simply passing in the URL of the image.<br>- DigitalOcean: In addition to the `bz2` image, a `gz` compressed image is published. This helps against hitting the compression timeout that sometimes lets the image import fail.<br>- SDK: The image compression format is now configurable. Supported formats are: `bz2`, `gz`, `zip`, `none`, `zst`. Selecting the image format can now be done by passing the `--image_compression_formats` option. This flag gets a comma separated list of formats.<br><br>#### Updates<br>- Linux ([5.15.30](https://lwn.net/Articles/888521) (from 5.15.25, includes [5.15.26](https://lwn.net/Articles/886569), [5.15.27](https://lwn.net/Articles/887219), [5.15.28](https://lwn.net/Articles/887638), [5.15.29](https://lwn.net/Articles/888116)))<br>- Linux Firmware ([20220310](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20220310))<br>- Go ([1.17.8](https://go.googlesource.com/go/+/refs/tags/go1.17.8))<br>- ca-certificates ([3.76](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_76.html))<br>- containerd ([1.6.1](https://github.com/containerd/containerd/releases/tag/v1.6.1))<br>- cryptsetup ([2.4.3](https://lore.kernel.org/all/572c18a7bf60cb1b0f67c3a03c531d7e7ed31832.camel@scientia.net/T/))<br>- Docker ([20.10.13](https://docs.docker.com/engine/release-notes/#201013))<br>- dosfstools ([4.2](https://github.com/dosfstools/dosfstools/releases/tag/v4.2))<br>- grep ([3.7](https://savannah.gnu.org/forum/forum.php?forum_id=10037))<br>- ignition ([2.13.0](https://github.com/coreos/ignition/releases/tag/v2.13.0))<br>- intel-microcode ([20220207_p20220207](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20220207))<br>- iperf ([3.10.1](https://github.com/esnet/iperf/blob/master/RELNOTES.md#iperf-3101-2021-06-03))<br>- less ([590](https://www.greenwoodsoftware.com/less/news.590.html))<br>- lsscsi ([0.32](https://sg.danny.cz/scsi/lsscsi.ChangeLog))<br>- nvidia-drivers ([510.47.03](https://docs.nvidia.com/datacenter/tesla/tesla-release-notes-510-47-03/index.html)) <br>- nvme-cli ([1.16](https://github.com/linux-nvme/nvme-cli/commits/deee9cae1ac94760deebd71f8e5449061338666c))<br>- openssl ([3.0.2](https://www.openssl.org/news/changelog.html#openssl-30))<br>- pam ([1.5.1_p20210622](https://github.com/linux-pam/linux-pam/commit/fe1307512fb8892b5ceb3d884c793af8dbd4c16a))<br>- pambase (20220214)<br>- pinentry ([1.2.0](https://dev.gnupg.org/T5566))<br>- quota ([4.06](https://sourceforge.net/p/linuxquota/code/ci/0acd4cc6275122fd9864cb7b5d349e65a2622920/))<br>- rpcbind ([1.2.6](https://git.linux-nfs.org/?p=steved/rpcbind.git;a=shortlog;h=refs/tags/rpcbind-1_2_6))<br>- socat ([1.7.4.3](https://repo.or.cz/socat.git/blob/refs/tags/tag-1.7.4.3:/CHANGES))<br>- thin-provisioning-tools ([0.9.0](https://github.com/jthornber/thin-provisioning-tools/blob/d6d93c3157631b242a13a81d30f75453e576c55a/CHANGES#L1-L9))<br>- timezone-data ([2021a](https://mm.icann.org/pipermail/tz-announce/2021-January/000065.html))<br>- whois ([5.5.11](https://github.com/rfc1036/whois/commit/5f5ba8312c04a759dad05723c035549273d07461))<br>- xfsprogs ([5.14.2](https://marc.info/?l=linux-xfs&m=163883318025390&w=2))<br>- VMWare: open-vm-tools ([12.0.0](https://github.com/vmware/open-vm-tools/releases/tag/stable-12.0.0))<br>- SDK: man-db ([2.9.4](https://gitlab.com/cjwatson/man-db/-/tags/2.9.4))<br>- SDK: Rust ([1.59.0](https://github.com/rust-lang/rust/releases/tag/1.59.0))<br><br>Packages:<br>- docker 20.10.13<br>- ignition 2.13.0<br>- kernel 5.15.30<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-03-23T13:36:37+00:00 @@ -262,7 +270,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3165.0.0 3165.0.0 - 2023-10-25T10:20:34.344389+00:00 + 2023-11-22T09:59:24.094330+00:00 New **Alpha** Release **3165.0.0**<br><br>_Changes since **Alpha 3139.0.0**_<br><br>#### Security fixes<br>- Linux ([CVE-2022-0492](https://nvd.nist.gov/vuln/detail/CVE-2022-0492), [CVE-2022-0516](https://nvd.nist.gov/vuln/detail/CVE-2022-0516), [CVE-2022-0435](https://nvd.nist.gov/vuln/detail/CVE-2022-0435), [CVE-2022-0487](https://nvd.nist.gov/vuln/detail/CVE-2022-0487), [CVE-2022-25375](https://nvd.nist.gov/vuln/detail/CVE-2022-25375), [CVE-2022-25258](https://nvd.nist.gov/vuln/detail/CVE-2022-25258), [CVE-2022-0847](https://nvd.nist.gov/vuln/detail/CVE-2022-0847))<br>- Go ([CVE-2022-23806](https://nvd.nist.gov/vuln/detail/CVE-2022-23806), [CVE-2022-23772](https://nvd.nist.gov/vuln/detail/CVE-2022-23772), [CVE-2022-23773](https://nvd.nist.gov/vuln/detail/CVE-2022-23773))<br>- systemd ([CVE-2021-3997](https://nvd.nist.gov/vuln/detail/CVE-2021-3997))<br>- cifs-utils ([CVE-2021-20208](https://nvd.nist.gov/vuln/detail/CVE-2021-20208))<br>- expat ([CVE-2022-25235](https://nvd.nist.gov/vuln/detail/CVE-2022-25235), [CVE-2022-25236](https://nvd.nist.gov/vuln/detail/CVE-2022-25236), [CVE-2022-25313](https://nvd.nist.gov/vuln/detail/CVE-2022-25313), [CVE-2022-25314](https://nvd.nist.gov/vuln/detail/CVE-2022-25314), [CVE-2022-25315](https://nvd.nist.gov/vuln/detail/CVE-2022-25315))<br>- duktape ([CVE-2021-46322](https://nvd.nist.gov/vuln/detail/CVE-2021-46322))<br>- libarchive ([CVE-2021-31566](https://nvd.nist.gov/vuln/detail/CVE-2021-31566), [CVE-2021-36976](https://nvd.nist.gov/vuln/detail/CVE-2021-36976))<br>- libxml2 ([CVE-2022-23308](https://nvd.nist.gov/vuln/detail/CVE-2022-23308))<br>- shadow ([CVE-2013-4235](https://nvd.nist.gov/vuln/detail/CVE-2013-4235))<br>- vim ([CVE-2021-3984](https://nvd.nist.gov/vuln/detail/CVE-2021-3984), [CVE-2021-4019](https://nvd.nist.gov/vuln/detail/CVE-2021-4019), [CVE-2021-4069](https://nvd.nist.gov/vuln/detail/CVE-2021-4069), [CVE-2021-4136](https://nvd.nist.gov/vuln/detail/CVE-2021-4136), [CVE-2021-4173](https://nvd.nist.gov/vuln/detail/CVE-2021-4173),[ CVE-2021-4166](https://nvd.nist.gov/vuln/detail/CVE-2021-4166), [CVE-2021-4187](https://nvd.nist.gov/vuln/detail/CVE-2021-4187), [CVE-2021-4192](https://nvd.nist.gov/vuln/detail/CVE-2021-4192), [CVE-2021-4193](https://nvd.nist.gov/vuln/detail/CVE-2021-4193), [CVE-2022-0128](https://nvd.nist.gov/vuln/detail/CVE-2022-0128), [CVE-2022-0156](https://nvd.nist.gov/vuln/detail/CVE-2022-0156), [CVE-2022-0158](https://nvd.nist.gov/vuln/detail/CVE-2022-0158), [CVE-2022-0213](https://nvd.nist.gov/vuln/detail/CVE-2022-0213), [CVE-2022-0261](https://nvd.nist.gov/vuln/detail/CVE-2022-0261), [CVE-2022-0318](https://nvd.nist.gov/vuln/detail/CVE-2022-0318), [CVE-2022-0319](https://nvd.nist.gov/vuln/detail/CVE-2022-0319), [CVE-2022-0351](https://nvd.nist.gov/vuln/detail/CVE-2022-0351), [CVE-2022-0359](https://nvd.nist.gov/vuln/detail/CVE-2022-0359), [CVE-2022-0361](https://nvd.nist.gov/vuln/detail/CVE-2022-0361), [CVE-2022-0368](https://nvd.nist.gov/vuln/detail/CVE-2022-0368), [CVE-2022-0392](https://nvd.nist.gov/vuln/detail/CVE-2022-0392), [CVE-2022-0393](https://nvd.nist.gov/vuln/detail/CVE-2022-0393), [CVE-2022-0407](https://nvd.nist.gov/vuln/detail/CVE-2022-0407), [CVE-2022-0408](https://nvd.nist.gov/vuln/detail/CVE-2022-0408), [CVE-2022-0413](https://nvd.nist.gov/vuln/detail/CVE-2022-0413), [CVE-2022-0417](https://nvd.nist.gov/vuln/detail/CVE-2022-0417), [CVE-2022-0443](https://nvd.nist.gov/vuln/detail/CVE-2022-0443))<br>- SDK: squashfs-tools ([CVE-2021-40153](https://nvd.nist.gov/vuln/detail/CVE-2021-40153), [CVE-2021-41072](https://nvd.nist.gov/vuln/detail/CVE-2021-41072))<br><br>#### Bug fixes<br>- Disabled the systemd-networkd settings `ManageForeignRoutes` and `ManageForeignRoutingPolicyRules` by default to ensure that CNIs like Cilium don't get their routes or routing policy rules discarded on network reconfiguration events ([Flatcar#620](https://github.com/flatcar/Flatcar/issues/620)).<br>- AWS: specify correct console (ttyS0) on kernel command line for ARM64 instances ([coreos-overlay#1628](https://github.com/flatcar/coreos-overlay/pull/1628))<br>- Prevented hitting races when creating filesystems in Ignition, these races caused boot failures like `fsck[1343]: Failed to stat /dev/disk/by-label/ROOT: No such file or directory` when creating a btrfs root filesystem ([ignition#35](https://github.com/flatcar/ignition/pull/35))<br>- Reverted the Linux kernel change to forbid xfrm id 0 for IPSec state because it broke Cilium ([Flatcar#626](https://github.com/flatcar/Flatcar/issues/626), [coreos-overlay#1682](https://github.com/flatcar/coreos-overlay/pull/1682))<br>- Added `auditd.service` but left it disabled by default, a custom configuration can be created by removing `/etc/audit/auditd.conf` and replacing it with an own file ([coreos-overlay#1636](https://github.com/flatcar/coreos-overlay/pull/1636))<br><br>#### Changes<br>- The systemd-networkd `ManageForeignRoutes` and `ManageForeignRoutingPolicyRules` settings are now disabled through a drop-in file and thus can only be enabled again by a drop-in file under `/etc/systemd/networkd.conf.d/` because drop-in files take precedence over `/etc/systemd/networkd.conf` ([init#61](https://github.com/flatcar/init/pull/61))<br>- Bring in dependencies for NFS4 with Kerberos both in kernel and userspace. Tested against NFS4.1 server. ([coreos-overlay#1664](https://github.com/flatcar/coreos-overlay/pull/1664))<br>- Added support for switching back to CGroupsV1 without requiring a reboot. Create `/etc/flatcar-cgroupv1` through ignition. ([coreos-overlay#1666](https://github.com/flatcar/coreos-overlay/pull/1666))<br>- Azure VHD disks are now created using subformat=fixed, which makes them suitable for immediate upload to Azure using any tool.<br><br>#### Updates<br><br>- Linux ([5.15.25](https://lwn.net/Articles/885895)) (from 5.15.19)<br>- Linux Firmware ([20220209](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20220209))<br>- Go ([1.17.7](https://go.googlesource.com/go/+/refs/tags/go1.17.7))<br>- systemd ([250.3](https://github.com/systemd/systemd-stable/releases/tag/v250.3))<br>- bpftool ([5.15.8](https://lwn.net/Articles/878631/))<br>- bridge-utils ([1.7.1](https://git.kernel.org/pub/scm/network/bridge/bridge-utils.git/log/?h=v1.7.1))<br>- cifs-utils ([6.13](https://lkml.kernel.org/linux-cifs/CAKywueSqRGSFmeDHQacyu831BNUeGFxGg3vgBmozzhkGBCjyXQ@mail.gmail.com/T/))<br>- containerd ([1.6.0](https://github.com/containerd/containerd/releases/tag/v1.6.0))<br>- duktape ([2.7.0](https://github.com/svaarala/duktape/releases/tag/v2.7.0))<br>- expat ([2.4.6](https://github.com/libexpat/libexpat/blob/R_2_4_6/expat/Changes))<br>- kexec-tools ([2.0.22](https://www.spinics.net/lists/kexec/msg26864.html))<br>- libarchive ([3.5.3](https://github.com/libarchive/libarchive/releases/tag/v3.5.3))<br>- libmspack ([0.10.1_alpha](https://github.com/kyz/libmspack/blob/v0.10.1alpha/libmspack/ChangeLog))<br>- libxml2 ([2.9.13](http://www.xmlsoft.org/news.html))<br>- nfs-utils ([2.5.4](https://lore.kernel.org/linux-fsdevel/c8795653-7728-18a4-93dc-58943ad0fe09@redhat.com/))<br>- shadow ([4.11.1](https://github.com/shadow-maint/shadow/releases/tag/v4.11.1))<br>- vim ([8.2.4328](https://github.com/vim/vim/releases/tag/v8.2.4328))<br>- Azure: WALinuxAgent ([2.6.0.2](https://github.com/Azure/WALinuxAgent/releases/tag/v2.6.0.2))<br>- SDK: gcc-config ([2.5](https://gitweb.gentoo.org/proj/gcc-config.git/tag/?h=v2.5))<br>- SDK: iasl ([20200717](https://www.acpica.org/node/183))<br>- SDK: man-pages ([5.12-r2](https://man7.org/linux/man-pages/changelog.html#release_5.12))<br>- SDK: netperf ([2.7.0](https://github.com/HewlettPackard/netperf/blob/netperf-2.7.0/Release_Notes))<br>- SDK: squashfs-tools ([4.5_p20210914](https://lore.kernel.org/lkml/CAB3woddJss+ziGp-RjJ-yiax6pc_HLMdxk3Qk5nJdRgjpEYWBg@mail.gmail.com/))<br><br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.15.25<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-03-07T13:14:29+00:00 @@ -270,7 +278,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3139.0.0 3139.0.0 - 2023-10-25T10:20:34.335140+00:00 + 2023-11-22T09:59:24.078229+00:00 New **Alpha** Release **3139.0.0**<br><br>_Changes since **Alpha 3127.0.0**_<br><br>#### Security fixes<br><br>- Linux ([CVE-2021-43976](https://nvd.nist.gov/vuln/detail/CVE-2021-43976), [CVE-2022-0330](https://nvd.nist.gov/vuln/detail/CVE-2022-0330), [CVE-2022-22942](https://nvd.nist.gov/vuln/detail/CVE-2022-22942))<br>- expat ([CVE-2022-23852](https://nvd.nist.gov/vuln/detail/CVE-2022-23852), [CVE-2022-23990](https://nvd.nist.gov/vuln/detail/CVE-2022-23990))<br>- glibc ([CVE-2021-3998](https://nvd.nist.gov/vuln/detail/CVE-2021-3998), [CVE-2021-3999](https://nvd.nist.gov/vuln/detail/CVE-2021-3999), [CVE-2022-23218](https://nvd.nist.gov/vuln/detail/CVE-2022-23218), [CVE-2022-23219](https://nvd.nist.gov/vuln/detail/CVE-2022-23219))<br>- polkit ([CVE-2021-4034](https://nvd.nist.gov/vuln/detail/CVE-2021-4034))<br>- SDK: Rust ([CVE-2022-21658](https://nvd.nist.gov/vuln/detail/CVE-2022-21658))<br><br><br>#### Bug fixes<br>- network: Accept ICMPv6 Router Advertisements to fix IPv6 address assignment in the default DHCP setting ([flatcar-linux/init#51](https://github.com/flatcar/init/pull/51), [flatcar-linux/cloudinit#12](https://github.com/flatcar/coreos-cloudinit/pull/12), [flatcar-linux/bootengine#30](https://github.com/flatcar/bootengine/pull/30))<br>- flatcar-update: Stopped checking for the `USER` environment variable which may not be set in all environments, causing the script to fail unless a workaround was used like prepending an additional `sudo` invocation ([flatcar-linux/init#58](https://github.com/flatcar/init/pull/58))<br><br>#### Changes<br>- Enabled the FIPS support for the Linux kernel, which users can now choose through a kernel parameter in `grub.cfg` (check it taking effect with `cat /proc/sys/crypto/fips_enabled`) ([flatcar-linux/coreos-overlay#1602](https://github.com/flatcar/coreos-overlay/pull/1602))<br><br>#### Updates<br>- Linux ([5.15.19](https://lwn.net/Articles/883441)) (from 5.15.16)<br>- expat ([2.4.4](https://github.com/libexpat/libexpat/blob/R_2_4_4/expat/Changes))<br>- polkit ([0.120](https://gitlab.freedesktop.org/polkit/polkit/-/blob/0.120/NEWS))<br>- sbsigntools ([0.9.4](https://git.kernel.org/pub/scm/linux/kernel/git/jejb/sbsigntools.git/tag/?h=v0.9.4))<br>- SDK: Rust ([1.58.1](https://github.com/rust-lang/rust/releases/tag/1.58.1))<br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.15.19<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-02-09T10:02:16+00:00 @@ -278,7 +286,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3127.0.0 3127.0.0 - 2023-10-25T10:20:34.329363+00:00 + 2023-11-22T09:59:24.070879+00:00 New **Alpha** release **3127.0.0**<br><br>__Changes since **Alpha 3115.0.0**__<br><br>#### Security fixes:<br><br>- Linux ([CVE-2021-4155](https://nvd.nist.gov/vuln/detail/CVE-2021-4155), [CVE-2021-4197](https://nvd.nist.gov/vuln/detail/CVE-2021-4197), [CVE-2021-45095](https://nvd.nist.gov/vuln/detail/CVE-2021-45095), [CVE-2022-0185](https://nvd.nist.gov/vuln/detail/CVE-2022-0185))<br>- expat ([CVE-2021-45960](https://nvd.nist.gov/vuln/detail/CVE-2021-45960), [CVE-2021-46143](https://nvd.nist.gov/vuln/detail/CVE-2021-46143), [CVE-2022-22822](https://nvd.nist.gov/vuln/detail/CVE-2022-22822), [CVE-2022-22823](https://nvd.nist.gov/vuln/detail/CVE-2022-22823), [CVE-2022-22824](https://nvd.nist.gov/vuln/detail/CVE-2022-22824), [CVE-2022-22825](https://nvd.nist.gov/vuln/detail/CVE-2022-22825), [CVE-2022-22826](https://nvd.nist.gov/vuln/detail/CVE-2022-22826), [CVE-2022-22827](https://nvd.nist.gov/vuln/detail/CVE-2022-22827))<br>- mit-krb5 ([CVE-2021-37750](https://nvd.nist.gov/vuln/detail/CVE-2021-37750))<br>- openssl ([CVE-2021-4044](https://nvd.nist.gov/vuln/detail/CVE-2021-4044))<br><br>#### Bug fixes:<br><br>- Fixed the dracut emergency Ignition log printing that had a scripting error causing the print command to fail ([flatcar-linux/bootengine#33](https://github.com/flatcar/bootengine/pull/33))<br>- Fixed leak of SELinux policy store to the root filesystem top directory due to wrong store path in `policycoreutils` instead of `/var/lib/selinux` ([flatcar-linux/Flatcar#596](https://github.com/flatcar/Flatcar/issues/596))<br><br>#### Changes:<br><br>- Removed the pre-shipped `/etc/flatcar/update.conf` file, leaving it totally to the user to define the contents as it was unnecessarily overwriting the `/use/share/flatcar/update.conf` ([flatcar-linux/scripts#212](https://github.com/flatcar/scripts/pull/212))<br>- Moved `tracepath` and `traceroute6` from `/usr/sbin` to `/usr/bin`<br><br>#### Updates:<br><br>- Linux ([5.15.16](https://lwn.net/Articles/881963)) (includes [5.15.14](https://lwn.net/Articles/881018), [5.15.15](https://lwn.net/Articles/881548))<br>- expat ([2.4.3](https://github.com/libexpat/libexpat/blob/R_2_4_3/expat/Changes))<br>- iputils ([20210722](https://github.com/iputils/iputils/releases/tag/20210722))<br>- openssl ([3.0.1](https://www.openssl.org/news/changelog.html#openssl-30))<br>- parted ([3.4](https://savannah.gnu.org/forum/forum.php?forum_id=9924)) (includes [3.3](https://savannah.gnu.org/forum/forum.php?forum_id=9569))<br>- pciutils ([3.7.0](https://github.com/pciutils/pciutils/releases/tag/v3.7.0))<br>- runc ([1.1.0](https://github.com/opencontainers/runc/releases/tag/v1.1.0))<br>- sed ([4.8](https://savannah.gnu.org/forum/forum.php?forum_id=9647))<br>- SDK: mantle ([0.18.0](https://github.com/flatcar/mantle/releases/tag/v0.18.0))<br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.15.16<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-01-26T08:12:08+00:00 @@ -286,7 +294,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3115.0.0 3115.0.0 - 2023-10-25T10:20:34.323253+00:00 + 2023-11-22T09:59:24.064122+00:00 New **Alpha** release **3115.0.0**<br><br>_Changes since **Alpha 3066.0.0**_<br><br>#### Known issues<br><br>- With Kubernetes 1.23 and Linux 5.15 outgoing connects from `calico` pods fail - it's recommended to switch over `iptables` instead of `ipvs` for `kube-proxy` mode. ([projectcalico/calico#5011](https://github.com/projectcalico/calico/issues/5011))<br>- The SELinux policy store update fix resulted in some files leaked to the root filesystem top directory ([Flatcar#596](https://github.com/flatcar/Flatcar/issues/596))<br><br>#### Security fixes<br>- Linux ([CVE-2020-27820](https://nvd.nist.gov/vuln/detail/CVE-2020-27820), [CVE-2021-4001](https://nvd.nist.gov/vuln/detail/CVE-2021-4001), [CVE-2021-4002](https://nvd.nist.gov/vuln/detail/CVE-2021-4002), [CVE-2021-4083](https://nvd.nist.gov/vuln/detail/CVE-2021-4083), [CVE-2021-4135](https://nvd.nist.gov/vuln/detail/CVE-2021-4135), [CVE-2021-4155](https://nvd.nist.gov/vuln/detail/CVE-2021-4155), [CVE-2021-28711](https://nvd.nist.gov/vuln/detail/CVE-2021-28711), [CVE-2021-28712](https://nvd.nist.gov/vuln/detail/CVE-2021-28712), [CVE-2021-28713](https://nvd.nist.gov/vuln/detail/CVE-2021-28713), [CVE-2021-28714](https://nvd.nist.gov/vuln/detail/CVE-2021-28714), [CVE-2021-28715](https://nvd.nist.gov/vuln/detail/CVE-2021-28715))<br>- GCC ([CVE-2020-13844](https://nvd.nist.gov/vuln/detail/CVE-2020-13844))<br>- Go ([CVE-2021-44716](https://nvd.nist.gov/vuln/detail/CVE-2021-44716), [CVE-2021-44717](https://nvd.nist.gov/vuln/detail/CVE-2021-44717))<br>- ca-certificates ([CVE-2021-43527](https://nvd.nist.gov/vuln/detail/CVE-2021-43527))<br>- containerd ([CVE-2021-43816](https://nvd.nist.gov/vuln/detail/CVE-2021-43816))<br>- ignition ([CVE-2020-14040](https://nvd.nist.gov/vuln/detail/CVE-2020-14040))<br>- libarchive ([libarchive-1565](https://github.com/libarchive/libarchive/issues/1565), [libarchive-1566](https://github.com/libarchive/libarchive/issues/1566))<br>- openssh ([CVE-2021-41617](https://nvd.nist.gov/vuln/detail/CVE-2021-41617))<br>- runc ([CVE-2021-43784](https://nvd.nist.gov/vuln/detail/CVE-2021-43784))<br>- torcx ([CVE-2021-38561](https://nvd.nist.gov/vuln/detail/CVE-2021-38561), [CVE-2021-43565](https://nvd.nist.gov/vuln/detail/CVE-2021-43565))<br>- vim ([CVE-2021-3872](https://nvd.nist.gov/vuln/detail/CVE-2021-3872), [CVE-2021-3875](https://nvd.nist.gov/vuln/detail/CVE-2021-3875), [CVE-2021-3903](https://nvd.nist.gov/vuln/detail/CVE-2021-3903), [CVE-2021-3927](https://nvd.nist.gov/vuln/detail/CVE-2021-3927), [CVE-2021-3928](https://nvd.nist.gov/vuln/detail/CVE-2021-3928), [CVE-2021-3968](https://nvd.nist.gov/vuln/detail/CVE-2021-3968), [CVE-2021-3973](https://nvd.nist.gov/vuln/detail/CVE-2021-3973), [CVE-2021-3974](https://nvd.nist.gov/vuln/detail/CVE-2021-3974))<br>- SDK: edk2-ovmf ([CVE-2019-14584](https://nvd.nist.gov/vuln/detail/CVE-2019-14584), [CVE-2021-28210](https://nvd.nist.gov/vuln/detail/CVE-2021-28210), [CVE-2021-28211](https://nvd.nist.gov/vuln/detail/CVE-2021-28211), [CVE-2021-28213](https://nvd.nist.gov/vuln/detail/CVE-2021-28213))<br>- SDK: libxslt ([CVE-2021-30560](https://nvd.nist.gov/vuln/detail/CVE-2021-30560))<br>- SDK: mantle ([CVE-2021-3121](https://nvd.nist.gov/vuln/detail/CVE-2021-3121), [CVE-2021-38561](https://nvd.nist.gov/vuln/detail/CVE-2021-38561), [CVE-2021-43565](https://nvd.nist.gov/vuln/detail/CVE-2021-43565))<br>- SDK: Python ([CVE-2018-20852](https://nvd.nist.gov/vuln/detail/CVE-2018-20852), [CVE-2019-5010](https://nvd.nist.gov/vuln/detail/CVE-2019-5010), [CVE-2019-9636](https://nvd.nist.gov/vuln/detail/CVE-2019-9636), [CVE-2019-9740](https://nvd.nist.gov/vuln/detail/CVE-2019-9740), [CVE-2019-9947](https://nvd.nist.gov/vuln/detail/CVE-2019-9947), [CVE-2019-9948](https://nvd.nist.gov/vuln/detail/CVE-2019-9948), [CVE-2019-20907](https://nvd.nist.gov/vuln/detail/CVE-2019-20907), [CVE-2020-8492](https://nvd.nist.gov/vuln/detail/CVE-2020-8492), [CVE-2020-14422](https://nvd.nist.gov/vuln/detail/CVE-2020-14422), [CVE-2020-26116](https://nvd.nist.gov/vuln/detail/CVE-2020-26116), [CVE-2021-3177](https://nvd.nist.gov/vuln/detail/CVE-2021-3177), [CVE-2021-3426](https://nvd.nist.gov/vuln/detail/CVE-2021-3426), [CVE-2021-23336](https://nvd.nist.gov/vuln/detail/CVE-2021-23336), [CVE-2021-29921](https://nvd.nist.gov/vuln/detail/CVE-2021-29921))<br>- SDK: QEMU ([CVE-2020-35504](https://nvd.nist.gov/vuln/detail/CVE-2020-35504), [CVE-2020-35505](https://nvd.nist.gov/vuln/detail/CVE-2020-35505), [CVE-2020-35506](https://nvd.nist.gov/vuln/detail/CVE-2020-35506), [CVE-2020-35517](https://nvd.nist.gov/vuln/detail/CVE-2020-35517), [CVE-2021-20255](https://nvd.nist.gov/vuln/detail/CVE-2021-20255), [CVE-2021-20257](https://nvd.nist.gov/vuln/detail/CVE-2021-20257), [CVE-2021-20263](https://nvd.nist.gov/vuln/detail/CVE-2021-20263), [CVE-2021-3409](https://nvd.nist.gov/vuln/detail/CVE-2021-3409), [CVE-2021-3416](https://nvd.nist.gov/vuln/detail/CVE-2021-3416), [CVE-2021-3527](https://nvd.nist.gov/vuln/detail/CVE-2021-3527), [CVE-2021-3544](https://nvd.nist.gov/vuln/detail/CVE-2021-3544), [CVE-2021-3545](https://nvd.nist.gov/vuln/detail/CVE-2021-3545), [CVE-2021-3546](https://nvd.nist.gov/vuln/detail/CVE-2021-3546), [CVE-2021-3582](https://nvd.nist.gov/vuln/detail/CVE-2021-3582), [CVE-2021-3607](https://nvd.nist.gov/vuln/detail/CVE-2021-3607), [CVE-2021-3608](https://nvd.nist.gov/vuln/detail/CVE-2021-3608), [CVE-2021-3682](https://nvd.nist.gov/vuln/detail/CVE-2021-3682))<br><br>#### Bug fixes<br>- Added configuration files for logrotate ([flatcar-linux/coreos-overlay#1442](https://github.com/flatcar/coreos-overlay/pull/1442))<br>- Fixed `ETCD_NAME` conflicting with `--name` for `etcd-member` to start ([flatcar-linux/coreos-overlay#1444](https://github.com/flatcar/coreos-overlay/pull/1444))<br>- The Torcx profile `docker-1.12-no` got fixed to reference the current Docker version instead of 19.03 which wasn't found on the image, causing Torcx to fail to provide Docker ([flatcar-linux/coreos-overlay#1456](https://github.com/flatcar/coreos-overlay/pull/1456))<br>- Fix vim warnings on missing file, when built with USE=”minimal” ([portage-stable#260](https://github.com/flatcar/portage-stable/pull/260))<br>- Excluded the Kubenet cbr0 interface from networkd's DHCP config and set it to Unmanaged to prevent interference and ensure that it is not part of the network online check ([flatcar-linux/init#55](https://github.com/flatcar/init/pull/55))<br>- Ensured that the `/run/xtables.lock` coordination file exists for modifications of the xtables backend from containers (must be bind-mounted) or the `iptables-legacy` binaries on the host ([flatcar-linux/init#57](https://github.com/flatcar/init/pull/57))<br>- AWS: Published missing arm64 AMIs for stable & beta ([flatcar-linux/scripts#188](https://github.com/flatcar/scripts/pull/188), [flatcar-linux/scripts#189](https://github.com/flatcar/scripts/pull/189))<br>- dev container: Fixed github URL for coreos-overlay and portage-stable to use repos from flatcar-linux org directly instead of relying on redirects from the kinvolk org. This fixes checkouts with emerge-gitclone inside dev-container. ([flatcar-linux/scripts#194](https://github.com/flatcar/scripts/pull/194))<br>- SDK: Fixed build error popping up in the new SDK Container because `policycoreutils` used the wrong ROOT to update the SELinux store ([flatcar-linux/coreos-overlay#1502](https://github.com/flatcar/coreos-overlay/pull/1502))<br><br>#### Changes<br>- Flatcar is in the NIST CPE dictionary. Programmatically build the `CPE_NAME` in the build process in order to be scanned ([flatcar-linux/Flatcar#536](https://github.com/flatcar/Flatcar/issues/536))<br>- Added a new flatcar-update tool to the image to ease manual updates, rollbacks, channel/release jumping, and airgapped updates ([flatcar-linux/init#53](https://github.com/flatcar/init/pull/53))<br>- Update-engine now creates the `/run/reboot-required` flag file for [kured](https://github.com/weaveworks/kured) ([flatcar-linux/update_engine#15](https://github.com/flatcar/update_engine/pull/15))<br>- Excluded special network interface devices like bridge, tunnel, vxlan, and veth devices from the default DHCP configuration to prevent networkd interference ([flatcar-linux/init#56](https://github.com/flatcar/init/pull/56))<br>- Backported `elf` support for `iproute2` ([flatcar-linux/coreos-overlay#1256](https://github.com/flatcar/coreos-overlay/pull/1526))<br>- Added CONFIG_NF_CT_NETLINK_HELPER (for libnetfilter_cthelper), CONFIG_NET_VRF (for virtual routing and forwarding) and CONFIG_KEY_DH_OPERATIONS (for keyutils) to the kernel config ([flatcar-linux/coreos-overlay#1524](https://github.com/flatcar/coreos-overlay/pull/1524))<br><br><br>#### Updates<br>- Linux ([5.15.13](https://lwn.net/Articles/880469))<br>- Linux Firmware ([20211216](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20211216))<br>- Linux Kernel headers ([5.15](https://lwn.net/Articles/874495/))<br>- Docker ([20.10.12](https://docs.docker.com/engine/release-notes/#201012))<br>- GCC ([9.4.0](https://lists.gnu.org/archive/html/info-gnu/2021-06/msg00000.html))<br>- Go ([1.17.6](https://go.googlesource.com/go/+/refs/tags/go1.17.6))<br>- acl ([2.3.1](https://git.savannah.nongnu.org/cgit/acl.git/log/?h=v2.3.1))<br>- attr ([2.5.1](https://git.savannah.nongnu.org/cgit/attr.git/log/?h=v2.5.1))<br>- audit ([3.0.6](https://listman.redhat.com/archives/linux-audit/2021-October/msg00000.html))<br>- boost ([1.76.0](https://www.boost.org/users/history/version_1_76_0.html))<br>- btrfs-progs ([5.15.1](https://btrfs.wiki.kernel.org/index.php/Changelog#btrfs-progs_v5.15_.28Nov_2021.29))<br>- ca-certificates ([3.74](https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/5cpT9SNXYSM))<br>- containerd ([1.5.9](https://github.com/containerd/containerd/releases/tag/v1.5.9))<br>- coreutils ([8.32](https://lists.gnu.org/archive/html/coreutils-announce/2020-03/msg00000.html))<br>- diffutils ([3.8](https://lists.gnu.org/archive/html/info-gnu/2021-08/msg00000.html))<br>- ethtool ([5.10](https://git.kernel.org/pub/scm/network/ethtool/ethtool.git/tree/NEWS?h=v5.10))<br>- findutils ([4.8.0](https://savannah.gnu.org/forum/forum.php?forum_id=9914))<br>- glib ([2.68.4](https://gitlab.gnome.org/GNOME/glib/-/releases/2.68.4))<br>- glog ([0.4.0](https://github.com/google/glog/releases/tag/v0.4.0))<br>- i2c-tools ([4.2](https://git.kernel.org/pub/scm/utils/i2c-tools/i2c-tools.git/log/?h=v4.2))<br>- iproute2 ([5.15](https://lwn.net/ml/linux-kernel/20211101164705.6f4f2e41%40hermes.local/))<br>- ipset ([7.11](https://ipset.netfilter.org/changelog.html))<br>- ipvsadm ([1.27](http://archive.linuxvirtualserver.org/html/lvs-devel/2013-09/msg00011.html))<br>- kmod ([29](https://git.kernel.org/pub/scm/utils/kernel/kmod/kmod.git/tree/NEWS?h=v29))<br>- libarchive ([3.5.2](https://github.com/libarchive/libarchive/releases/tag/v3.5.2))<br>- libcap ([2.49](https://git.kernel.org/pub/scm/libs/libcap/libcap.git/tag/?h=libcap-2.49))<br>- libcap-ng ([0.8.2](https://github.com/stevegrubb/libcap-ng/releases/tag/v0.8.2))<br>- libmicrohttpd ([0.9.73](https://lists.gnu.org/r/info-gnu/2021-04/msg00007.html))<br>- libnl ([3.5.0](https://github.com/thom311/libnl/releases/tag/libnl3_5_0))<br>- libseccomp ([2.5.1](https://github.com/seccomp/libseccomp/releases/tag/v2.5.1))<br>- lshw ([02.19.2b_p20210121](https://www.ezix.org/project/wiki/HardwareLiSter#Changes))<br>- lsof ([4.94.0](https://github.com/lsof-org/lsof/releases/tag/4.94.0))<br>- openssh ([8.8](http://www.openssh.com/txt/release-8.8))<br>- pax-utils ([1.3.3](https://gitweb.gentoo.org/proj/pax-utils.git/tree/?h=v1.3.3))<br>- psmisc ([23.4](https://gitlab.com/psmisc/psmisc/-/blob/v23.4/ChangeLog))<br>- runc ([1.0.3](https://github.com/opencontainers/runc/releases/tag/v1.0.3))<br>- systemd ([249.7](https://github.com/systemd/systemd-stable/blob/v249.7/NEWS))<br>- tdb (1.4.5)<br>- usbutils ([014](https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usbutils.git/commit/?id=57fb18e59cce31a50a1ca62d1e192512c905ba00))<br>- vim ([8.2.3582](https://github.com/vim/vim/releases/tag/v8.2.3582))<br>- which ([2.21](https://carlowood.github.io/which/cvslog-2.21.html))<br>- Azure: Python for OEM images ([3.9.8](https://www.python.org/downloads/release/python-398/))<br>- SDK: Python ([3.9.8](https://www.python.org/downloads/release/python-398/))<br>- SDK: Rust ([1.57.0](https://github.com/rust-lang/rust/releases/tag/1.57.0))<br>- SDK: edk2-ovmf ([202105](https://github.com/tianocore/edk2/releases/tag/edk2-stable202105))<br>- SDK: file ([5.40](https://mailman.astron.com/pipermail/file/2021-March/000478.html))<br>- SDK: ipxe ([1.21.1](https://github.com/ipxe/ipxe/releases/tag/v1.21.1))<br>- SDK: mantle ([0.17.0](https://github.com/flatcar/mantle/releases/tag/v0.17.0))<br>- SDK: ninja ([1.10.2](https://groups.google.com/g/ninja-build/c/oobwq_F0PpA/m/FeJC5LoRBgAJ))<br>- SDK: pahole ([1.20](https://git.kernel.org/pub/scm/devel/pahole/pahole.git/tag/?h=v1.20))<br>- SDK: perf ([5.15](https://kernelnewbies.org/LinuxChanges#Linux_5.15.Tracing.2C_perf_and_BPF))<br>- SDK: portage ([3.0.28](https://gitweb.gentoo.org/proj/portage.git/tag/?h=portage-3.0.28))<br>- SDK: qemu ([6.1.0](https://wiki.qemu.org/ChangeLog/6.1))<br>- SDK: seabios ([1.14.0](https://seabios.org/Releases#SeaBIOS_1.14.0))<br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.15.13<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-01-13T14:06:50+00:00 @@ -294,7 +302,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3066.0.0 3066.0.0 - 2023-10-25T10:20:34.310444+00:00 + 2023-11-22T09:59:24.048999+00:00 New **Alpha** Release **3066.0.0**<br><br>_Changes since **Alpha 3033.0.0**_<br><br>**Security fixes**<br><br>* Linux ([CVE-2021-42739](https://nvd.nist.gov/vuln/detail/CVE-2021-42739))<br>* Docker, containerd ([CVE-2021-41190](https://nvd.nist.gov/vuln/detail/CVE-2021-41190))<br>* rsync ([CVE-2020-14387](https://nvd.nist.gov/vuln/detail/CVE-2020-14387))<br>* SDK: u-boot-tools ([CVE-2021-27097](https://nvd.nist.gov/vuln/detail/CVE-2021-27097),[CVE-2021-27138](https://nvd.nist.gov/vuln/detail/CVE-2021-27138))<br><br>**Bug fixes**<br><br>* SDK: Add missing arm64 SDK keywords to profiles ([coreos-overlay#1407](https://github.com/flatcar/coreos-overlay/pull/1407))<br><br>**Changes**<br><br>* Added sgx group to /etc/group in baselayout ([baselayout#20](https://github.com/flatcar/baselayout/pull/20))<br>* Added missing SELinux rule as initial step to resolve Torcx unpacking issue ([coreos-overlay#1426](https://github.com/flatcar/coreos-overlay/pull/1426))<br><br>**Updates**<br><br>* Linux ([5.10.80](https://lwn.net/Articles/876426/))<br>* Docker ([20.10.11](https://docs.docker.com/engine/release-notes/#20111))<br>* containerd ([1.5.8](https://github.com/containerd/containerd/releases/tag/v1.5.8))<br>* ca-certificates ([3.72](https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/7O6a4NlaI2A))<br>* btrfs-progs ([5.10.1](https://btrfs.wiki.kernel.org/index.php/Changelog#btrfs-progs_v5.10_.28Jan_2021.29))<br>* dbus-glib ([0.112](https://gitlab.freedesktop.org/dbus/dbus-glib/-/tags/dbus-glib-0.112))<br>* gmp ([6.2.1](https://gmplib.org/gmp6.2))<br>* ignition ([0.36.1](https://github.com/flatcar/ignition/releases/tag/v0.36.1))<br>* json-c ([0.15](https://github.com/json-c/json-c/wiki/Notes-for-v0.15-release))<br>* libgpg-error ([1.42](https://dev.gnupg.org/T5194))<br>* logrotate ([3.18.1](https://github.com/logrotate/logrotate/releases/tag/3.18.1))<br>* p11-kit ([0.23.22](https://github.com/p11-glue/p11-kit/releases/tag/0.23.22))<br>* popt ([1.18](https://github.com/rpm-software-management/popt/releases/tag/popt-1.18-release))<br>* rpcsvc-proto ([1.4.2](https://github.com/thkukuk/rpcsvc-proto/releases/tag/v1.4.2))<br>* SDK: crossdev ([20210621](https://gitweb.gentoo.org/proj/crossdev.git/commit/?id=b40ebcdb89f19d2fd0c563590f30d7574cfe0755))<br>* SDK: gdbm ([1.20](https://lists.gnu.org/archive/html/info-gnu/2021-06/msg00008.html))<br>* SDK: man-pages-posix ([2017a](https://www.mail-archive.com/cygwin-announce@cygwin.com/msg09598.html))<br>* SDK: miscfiles ([1.5](https://lists.gnu.org/archive/html/info-gnu/2010-11/msg00009.html))<br>* SDK: pkgconf ([1.7.4](https://git.sr.ht/~kaniini/pkgconf/tree/458101e787a47378d2fc74c64f649fd3a5f75e55/item/NEWS))<br>* SDK: swig ([4.0.2](https://sourceforge.net/p/swig/news/2020/06/swig-402-released/))<br>* SDK: u-boot-tools ([2021.04_rc2](https://source.denx.de/u-boot/u-boot/-/tags/v2021.04-rc2))<br><br>**Known Issues**<br><br>* The logrotate.service is failing, a fix ([coreos-overlay#1442](https://github.com/flatcar/coreos-overlay/pull/1442)) is merged and will be included in a follow-up release<br>Packages:<br>- docker 20.10.11<br>- ignition 0.36.1<br>- kernel 5.10.80<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2021-11-25T11:13:07+00:00 @@ -302,7 +310,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3046.0.0 3046.0.0 - 2023-10-25T10:20:34.304260+00:00 + 2023-11-22T09:59:24.042039+00:00 New **Alpha** release **3046.0.0**<br><br>_Changes since **Alpha 3033.0.0**_<br><br>**Security fixes**<br><br><br><br>* Linux ([CVE-2021-3760](https://nvd.nist.gov/vuln/detail/CVE-2021-3760), [CVE-2021-3772](https://nvd.nist.gov/vuln/detail/CVE-2021-3772), [CVE-2021-42327](https://nvd.nist.gov/vuln/detail/CVE-2021-42327), [CVE-2021-43056](https://nvd.nist.gov/vuln/detail/CVE-2021-43056), [CVE-2021-43267](https://nvd.nist.gov/vuln/detail/CVE-2021-43267), [CVE-2021-43389](https://nvd.nist.gov/vuln/detail/CVE-2021-43389))<br>* Go ([CVE-2021-41771](https://nvd.nist.gov/vuln/detail/CVE-2021-41771),[ CVE-2021-41772](https://nvd.nist.gov/vuln/detail/CVE-2021-41772))<br>* ncurses ([CVE-2021-39537](https://nvd.nist.gov/vuln/detail/CVE-2021-39537))<br>* SDK: rust ([CVE-2021-42574](https://nvd.nist.gov/vuln/detail/CVE-2021-42574),[ CVE-2021-42694](https://nvd.nist.gov/vuln/detail/CVE-2021-42694))<br><br>**Bug fixes**<br><br><br><br>* Use https protocol instead of git for Github URLs ([flatcar-linux/coreos-overlay#1394](https://github.com/flatcar/coreos-overlay/pull/1394))<br>* Skip tcsd.service for TPM2 devices to fix failures on c3.small.x86 instances of Equinix Metal ([Flatcar#208](https://github.com/flatcar/Flatcar/issues/208))<br><br>**Changes**<br><br><br><br>* scripts: introduce `--setuponly` flag in update_chroot ([flatcar-linux/scripts#178](https://github.com/flatcar/scripts/pull/178))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.77](https://lwn.net/Articles/874852/))<br>* Linux Firmware ([20211027](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20211027))<br>* Docker ([20.10.10](https://docs.docker.com/engine/release-notes/#20110))<br>* Go ([1.17.3](https://go.googlesource.com/go/+/refs/tags/go1.17.3))<br>* ca-certificates ([3.70.0](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_70.html#nss-3-70-release-notes))<br>* cryptsetup ([2.4.1](https://www.spinics.net/lists/dm-crypt/msg08656.html))<br>* libidn2 ([2.3.2](https://gitlab.com/libidn/libidn2/-/tags/v2.3.2))<br>* mpc ([1.2.1](https://fossies.org/linux/misc/mpc-1.2.1.tar.gz/mpc-1.2.1/NEWS))<br>* mpfr ([4.1.0](https://www.mpfr.org/mpfr-current/#changes))<br>* ncurses ([6.2_p20210619](https://lists.gnu.org/archive/html/bug-ncurses/2021-06/msg00010.html))<br>* nmap ([7.92](https://nmap.org/changelog.html#7.92))<br>* openssl ([3.0.0](https://www.openssl.org/news/cl30.txt))<br>* procps ([3.3.17](https://gitlab.com/procps-ng/procps/-/tags/v3.3.17))<br>* wget ([1.21.2](https://lists.gnu.org/archive/html/info-gnu/2021-09/msg00003.html))<br>* SDK: rust ([1.56.1](https://github.com/rust-lang/rust/blob/master/RELEASES.md#version-1561-2021-11-01))<br>* SDK: yasm ([1.3.0](https://yasm.tortall.net/releases/Release1.3.0.html))<br>Packages:<br>- docker 20.10.10<br>- ignition 0.34.0<br>- kernel 5.10.77<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2021-11-09T06:38:38+00:00 @@ -310,7 +318,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3033.0.0 3033.0.0 - 2023-10-25T10:20:34.298247+00:00 + 2023-11-22T09:59:24.035342+00:00 **Update to CGroupsV2**<br><br>As of Alpha version 2969.0.0, Flatcar Container Linux migrates to the unified cgroup hierarchy (aka CGroupsV2)! New nodes will utilize CGroupsV2 by default. Existing nodes remain on CGroupsV1 and need to be manually migrated to CGroupsV2. To learn more about CGroupsV2 on Flatcar Container Linux and the migration guide, please refer to[ https://flatcar-linux.org/docs/latest/container-runtimes/switching-to-unified-cgroups/](https://flatcar-linux.org/docs/latest/container-runtimes/switching-to-unified-cgroups/)<br><br><br>New **Alpha** release **3033.0.0**<br><br>_Changes since **Alpha 3005.0.0**_<br><br>**Security fixes**<br><br><br><br>* Linux ([CVE-2021-3764](https://nvd.nist.gov/vuln/detail/CVE-2021-3764), [CVE-2021-3744](https://nvd.nist.gov/vuln/detail/CVE-2021-3744), [CVE-2021-38300](https://nvd.nist.gov/vuln/detail/CVE-2021-38300), [CVE-2021-20321](https://nvd.nist.gov/vuln/detail/CVE-2021-20321), [CVE-2021-41864](https://nvd.nist.gov/vuln/detail/CVE-2021-41864))<br>* Go ([CVE-2021-29923](https://nvd.nist.gov/vuln/detail/CVE-2021-29923), [CVE-2021-39293](https://nvd.nist.gov/vuln/detail/CVE-2021-39293), [CVE-2021-38297](https://nvd.nist.gov/vuln/detail/CVE-2021-38297))<br>* bash ([CVE-2019-9924](https://nvd.nist.gov/vuln/detail/CVE-2019-9924),[ CVE-2019-18276](https://nvd.nist.gov/vuln/detail/CVE-2019-18276))<br>* containerd ([CVE-2021-41103](https://nvd.nist.gov/vuln/detail/CVE-2021-41103))<br>* curl ([CVE-2021-22945](https://nvd.nist.gov/vuln/detail/CVE-2021-22945),[ CVE-2021-22946](https://nvd.nist.gov/vuln/detail/CVE-2021-22946),[ CVE-2021-22947](https://nvd.nist.gov/vuln/detail/CVE-2021-22947))<br>* Docker ([CVE-2021-41092](https://nvd.nist.gov/vuln/detail/CVE-2021-41092), [CVE-2021-41089](https://nvd.nist.gov/vuln/detail/CVE-2021-41089),[ CVE-2021-41091](https://nvd.nist.gov/vuln/detail/CVE-2021-41091))<br>* git ([CVE-2021-40330](https://nvd.nist.gov/vuln/detail/CVE-2021-40330))<br>* gnupg ([CVE-2020-25125](https://nvd.nist.gov/vuln/detail/CVE-2020-25125))<br>* libgcrypt ([CVE-2021-40528](https://nvd.nist.gov/vuln/detail/CVE-2021-40528))<br>* polkit ([CVE-2021-3560](https://nvd.nist.gov/vuln/detail/CVE-2021-3560))<br>* util-linux ([CVE-2021-37600](https://nvd.nist.gov/vuln/detail/CVE-2021-37600))<br>* vim ([CVE-2021-3770](https://nvd.nist.gov/vuln/detail/CVE-2021-3770),[ CVE-2021-3778](https://nvd.nist.gov/vuln/detail/CVE-2021-3778),[ CVE-2021-3796](https://nvd.nist.gov/vuln/detail/CVE-2021-3796))<br>* SDK: bison ([CVE-2020-14150](https://nvd.nist.gov/vuln/detail/CVE-2020-14150),[ CVE-2020-24240](https://nvd.nist.gov/vuln/detail/CVE-2020-24240))<br>* SDK: perl ([CVE-2020-10878](https://nvd.nist.gov/vuln/detail/CVE-2020-10878))<br><br>**Bux fixes**<br><br><br><br>* The tcsd service for TPM 1 is not started on machines with TPM 2 anymore where it fails and isn’t necessary. ([flatcar-linux/coreos-overlay#1365](https://github.com/flatcar/coreos-overlay/pull/1365))<br>* arm64: the Polkit service does not crash anymore. ([flatcar-linux/Flatcar#156](https://github.com/flatcar/Flatcar/issues/156))<br>* toolbox: fixed support for multi-layered docker images ([toolbox#5](https://github.com/flatcar/toolbox/pull/5))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.75](https://lwn.net/Articles/873465/))<br>* Linux Firmware ([20210919](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20210919))<br>* Docker ([20.10.9](https://docs.docker.com/engine/release-notes/#20109))<br>* Go ([1.17.2](https://go.googlesource.com/go/+/refs/tags/go1.17.2))<br>* systemd ([249.4](https://github.com/systemd/systemd-stable/blob/v249.4/NEWS))<br>* bash ([5.1_p8](https://lists.gnu.org/archive/html/info-gnu/2020-12/msg00003.html))<br>* ca-certificates ([3.69.1](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_69_1.html#nss-3-69-1-release-notes))<br>* containerd ([1.5.7](https://github.com/containerd/containerd/releases/tag/v1.5.7))<br>* curl ([7.79.1](https://curl.se/changes.html#7_79_1))<br>* duktape ([2.6.0](https://github.com/svaarala/duktape/blob/master/doc/release-notes-v2-6.rst))<br>* git ([2.32.0](https://github.com/git/git/blob/master/Documentation/RelNotes/2.32.0.txt))<br>* gnupg ([2.2.29](https://lists.gnupg.org/pipermail/gnupg-announce/2021q3/000461.html))<br>* keyutils ([1.6.1](https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/keyutils.git/tag/?h=v1.6.1))<br>* libgcrypt ([1.9.4](https://dev.gnupg.org/T5402))<br>* libtirpc ([1.3.2](https://www.spinics.net/lists/linux-nfs/msg84129.html))<br>* lvm2 ([2.02.188](https://github.com/lvmteam/lvm2/releases/tag/v2_02_188))<br>* net-tools ([2.10](https://sourceforge.net/p/net-tools/code/ci/v2.10/tree/))<br>* open-vm-tools ([11.3.5](https://github.com/vmware/open-vm-tools/releases/tag/stable-11.3.5))<br>* polkit ([0.119](https://gitlab.freedesktop.org/polkit/polkit/-/blob/0.119/NEWS))<br>* realmd ([0.17.0](https://gitlab.freedesktop.org/realmd/realmd/-/tags/0.17.0))<br>* util-linux ([2.37.2](https://github.com/karelzak/util-linux/blob/v2.37.2/NEWS))<br>* vim ([8.2.3428](https://github.com/vim/vim/releases/tag/v8.2.3428))<br>* SDK: bison (3.7.6)<br>* SDK: bc (1.07.1)<br>* SDK: gawk (5.1.0)<br>* SDK: gnuconfig (20210107)<br>* SDK: google-cloud-sdk ([355.0.0](https://groups.google.com/g/google-cloud-sdk-announce/c/HoJuttxnzNQ))<br>* SDK: meson (0.57.2)<br>* SDK: mtools (4.0.35)<br>* SDK: perl ([5.34.0](https://perldoc.perl.org/perl5340delta))<br>* SDK: texinfo ([6.8](https://github.com/debian-tex/texinfo/releases/tag/upstream%2F6.8))<br><br>Note: Please note that ARM images remain experimental for now.<br><br>Packages:<br>- docker 20.10.9<br>- ignition 0.34.0<br>- kernel 5.10.75<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2021-10-25T15:54:45+00:00 @@ -318,7 +326,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3005.0.1 3005.0.1 - 2023-10-25T10:20:34.290387+00:00 + 2023-11-22T09:59:24.026447+00:00 **Update to CGroupsV2**<br><br>As of Alpha version 2969.0.0, Flatcar Container Linux migrates to the unified cgroup hierarchy (aka CGroupsV2)! New nodes will utilize CGroupsV2 by default. Existing nodes remain on CGroupsV1 and need to be manually migrated to CGroupsV2. To learn more about CGroupsV2 on Flatcar Container Linux and the migration guide, please refer to [https://flatcar-linux.org/docs/latest/container-runtimes/switching-to-unified-cgroups/](https://flatcar-linux.org/docs/latest/container-runtimes/switching-to-unified-cgroups/) <br><br>New **Alpha** release **3005.0.1**<br><br>_Changes since **Alpha 3005.0.0**_<br><br>**Security fixes**<br><br>* Linux ([CVE-2021-41073](https://nvd.nist.gov/vuln/detail/CVE-2021-41073), [CVE-2020-16119](https://nvd.nist.gov/vuln/detail/CVE-2020-16119))<br><br>**Bug fixes**<br><br>* The Mellanox NIC Linux driver issue introduced in the previous release was fixed ([Flatcar#520](https://github.com/flatcar/Flatcar/issues/520))<br><br>**Updates**<br><br>* Linux ([5.10.69](https://lwn.net/Articles/870544/))<br><br>Note: Please note that ARM images remain experimental for now.<br><br>Packages:<br>- docker 20.10.8<br>- ignition 0.34.0<br>- kernel 5.10.69<br>- systemd 247<br><br>Architectures:<br>- amd64<br>- arm64<br> 2021-09-30T16:22:29+00:00 @@ -326,7 +334,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3005.0.0 3005.0.0 - 2023-10-25T10:20:34.285327+00:00 + 2023-11-22T09:59:24.020622+00:00 **Update to CGroupsV2**<br><br>As of Alpha version 2969.0.0, Flatcar Container Linux migrates to the unified cgroup hierarchy (aka CGroupsV2)! New nodes will utilize CGroupsV2 by default. Existing nodes remain on CGroupsV1 and need to be manually migrated to CGroupsV2. To learn more about CGroupsV2 on Flatcar Container Linux and the migration guide, please refer to [https://flatcar-linux.org/docs/latest/container-runtimes/switching-to-unified-cgroups/](https://flatcar-linux.org/docs/latest/container-runtimes/switching-to-unified-cgroups/) <br><br><br>New **Alpha** release **3005.0.0**<br><br>_Changes since **Alpha 2983.0.0**_<br><br>**Security fixes**<br><br><br><br>* Linux ([CVE-2021-3753](https://nvd.nist.gov/vuln/detail/CVE-2021-3753),[ CVE-2021-3739](https://nvd.nist.gov/vuln/detail/CVE-2021-3739), [CVE-2021-40490](https://nvd.nist.gov/vuln/detail/CVE-2021-40490))<br>* Go ([CVE-2021-39293](https://nvd.nist.gov/vuln/detail/CVE-2021-39293))<br>* binutils ([CVE-2021-3530](https://nvd.nist.gov/vuln/detail/CVE-2021-3530),[ CVE-2021-3549](https://nvd.nist.gov/vuln/detail/CVE-2021-3549))<br>* glibc ([CVE-2021-38604](https://nvd.nist.gov/vuln/detail/CVE-2021-38604))<br>* nettle ([CVE-2021-20305](https://nvd.nist.gov/vuln/detail/CVE-2021-20305),[ CVE-2021-3580](https://nvd.nist.gov/vuln/detail/CVE-2021-3580))<br>* sssd ([CVE-2021-3621](https://nvd.nist.gov/vuln/detail/CVE-2021-3621))<br><br>**Bug Fixes**<br><br><br><br>* Randomize OEM filesystem UUID if mounting fails ([init#47](https://github.com/flatcar/init/pull/47))<br>* Run emergency.target on ignition/torcx service unit failure in dracut ([bootengine#28](https://github.com/flatcar/bootengine/pull/28))<br><br>**Changes**<br><br><br><br>* Added GPIO support ([coreos-overlay#1236](https://github.com/flatcar/coreos-overlay/pull/1236))<br>* Enabled SELinux in permissive mode on ARM64 ([coreos-overlay#1245](https://github.com/flatcar/coreos-overlay/pull/1245))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.67](https://lwn.net/Articles/869749/))<br>* binutils ([2.37](https://sourceware.org/pipermail/binutils/2021-July/117384.html))<br>* ebtables ([2.0.11](https://lwn.net/Articles/806179/))<br>* iptables ([1.8.7](https://lwn.net/Articles/843069/))<br>* ldb ([2.3.0](https://gitlab.com/samba-team/samba/-/tags/ldb-2.3.0))<br>* libmnl ([1.0.4](https://marc.info/?l=netfilter-devel&m=146745072727070&w=2))<br>* libnftnl ([1.2.0](https://marc.info/?l=netfilter&m=162194376520385&w=2))<br>* nettle ([3.7.3](https://lists.gnu.org/archive/html/info-gnu/2021-06/msg00002.html))<br>* nftables ([0.9.9](https://lwn.net/Articles/857369/))<br>* openssh ([8.7_p1-r1](https://www.openssh.com/txt/release-8.7))<br>* talloc ([2.3.2](https://gitlab.com/samba-team/samba/-/tags/talloc-2.3.2))<br>* xenstore ([4.14.2](https://xenproject.org/downloads/xen-project-archives/xen-project-4-14-series/xen-project-4-14-2/))<br>* Go ([1.16.8](https://go.googlesource.com/go/+/refs/tags/go1.16.8))<br>* SDK: Rust ([1.55.0](https://blog.rust-lang.org/2021/09/09/Rust-1.55.0.html))<br><br>Note: Please note that ARM images remain experimental for now.<br>Packages:<br>- docker 20.10.8<br>- ignition 0.34.0<br>- kernel 5.10.67<br>- systemd 247<br><br>Architectures:<br>- amd64<br>- arm64<br> 2021-09-27T08:30:30+00:00 @@ -334,7 +342,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2983.0.0 2983.0.0 - 2023-10-25T10:20:34.279026+00:00 + 2023-11-22T09:59:24.013488+00:00 New **Alpha** release **2983.0.0**<br><br>**Update to CGroupsV2**<br><br>As of Alpha version 2969.0.0, Flatcar Container Linux migrates to the unified cgroup hierarchy (aka CGroupsV2)! New nodes will utilize CGroupsV2 by default. Existing nodes remain on CGroupsV1 and need to be manually migrated to CGroupsV2. To learn more about CGroupsV2 on Flatcar Container Linux and the migration guide, please refer to [https://flatcar-linux.org/docs/latest/container-runtimes/switching-to-unified-cgroups/](https://flatcar-linux.org/docs/latest/container-runtimes/switching-to-unified-cgroups/) <br><br>_Changes since **Alpha 2969.0.0**_<br><br>**Security fixes**<br><br><br><br>* Linux ([CVE-2021-3653](https://nvd.nist.gov/vuln/detail/CVE-2021-3653), [CVE-2021-3656](https://nvd.nist.gov/vuln/detail/CVE-2021-3656), [CVE-2021-38166](https://nvd.nist.gov/vuln/detail/CVE-2021-38166)) <br>* openssl ([CVE-2021-3711](https://nvd.nist.gov/vuln/detail/CVE-2021-3711), [CVE-2021-3712](https://nvd.nist.gov/vuln/detail/CVE-2021-3712))<br>* c-ares ([CVE-2021-3672](https://nvd.nist.gov/vuln/detail/CVE-2021-3672))<br><br>**Bug Fixes**<br><br><br><br>* Re-enabled kernel config FS_ENCRYPTION ([coreos-overlay#1212](https://github.com/kinvolk/coreos-overlay/pull/1212/))<br>* Fixed Perl in dev-container ([coreos-overlay#1238](https://github.com/kinvolk/coreos-overlay/pull/1238))<br>* Fixed containerd config after introduction of CGroupsV2 ([coreos-overlay#1214](https://github.com/kinvolk/coreos-overlay/pull/1214))<br>* Fixed path for amazon-ssm-agent in base-ec2.ign ([coreos-overlay#1228](https://github.com/kinvolk/coreos-overlay/pull/1228))<br>* flatcar-install: randomized OEM filesystem UUID if mounting fails ([init#47](https://github.com/kinvolk/init/pull/47))<br>* Fixed null-pointer deref crash in Ignition when specifying the OEM filesystem without a label ([ignition#25](https://github.com/kinvolk/ignition/pull/25))<br>* Fixed locksmith adhering to reboot window when getting the etcd lock ([locksmith#10](https://github.com/kinvolk/locksmith/pull/10))<br><br>**Changes**<br><br><br><br>* Added Azure Generation 2 VM support ([coreos-overlay#1198](https://github.com/kinvolk/coreos-overlay/pull/1198))<br>* Switched Docker ecosystem packages to go1.16 ([coreos-overlay#1217](https://github.com/kinvolk/coreos-overlay/pull/1217))<br>* Added lbzip2 binary to the image ([coreos-overlay#1221](https://github.com/kinvolk/coreos-overlay/pull/1221))<br>* flatcar-install uses lbzip2 if present, falls back on bzip2 if not ([init#46](https://github.com/kinvolk/init/pull/46))<br>* Added Intel E800 series network adapter driver ([coreos-overlay#1237](https://github.com/kinvolk/coreos-overlay/pull/1237))<br>* Enabled 'audit' use flag for sys-libs/pam ([coreos-overlay#1233](https://github.com/kinvolk/coreos-overlay/pull/1233))<br>* Bumped etcd and flannel to respectively `3.5.0`, `0.14.0` to get multiarch images for arm64 support. _Note for users of the old etcd v2 support_: `ETCDCTL_API=2` must be set to use v2 store as well as `ETCD_ENABLE_V2=true` in the `etcd-member.service` - this support will be removed in `3.6.0` ([coreos-overlay#1179](https://github.com/kinvolk/coreos-overlay/pull/1179))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.61](https://lwn.net/Articles/867497/))<br>* Linux firmware ([20210818](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20210818))<br>* openssl ([1.1.1l](https://mta.openssl.org/pipermail/openssl-announce/2021-August/000206.html))<br>* c-ares ([1.17.2](https://c-ares.haxx.se/changelog.html#1_17_2))<br>* docker ([20.10.8](https://docs.docker.com/engine/release-notes/#20108))<br>* etcd ([3.5.0](https://github.com/etcd-io/etcd/releases/tag/v3.5.0))<br>* flannel ([0.14.0](https://github.com/flannel-io/flannel/releases/tag/v0.14.0))<br>* runc ([1.0.2](https://github.com/opencontainers/runc/releases/tag/v1.0.2))<br>* strace ([5.12](https://github.com/strace/strace/releases/tag/v5.12))<br>* wa-linux-agent ([2.3.1.1](https://github.com/Azure/WALinuxAgent/releases/tag/v2.3.1.1))<br><br>Note: Please note that ARM images remain experimental for now.<br><br>Packages:<br>- docker 20.10.8<br>- ignition 0.34.0<br>- kernel 5.10.61<br>- systemd 247<br><br>Architectures:<br>- amd64<br>- arm64<br> 2021-09-01T14:14:01+00:00 @@ -342,7 +350,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2969.0.0 2969.0.0 - 2023-10-25T10:20:34.271811+00:00 + 2023-11-22T09:59:24.004401+00:00 **Update to CGroupsV2**<br><br>Flatcar Container Linux migrates to the unified cgroup hierarchy (aka cgroups v2)! New nodes will utilize cgroups v2 by default. Existing nodes remain on cgroups v1 and need to be manually migrated to cgroups v2. To learn more about the cgroups v2 on Flatcar Container Linux and the migration guide, please refer to [https://flatcar-linux.org/docs/latest/container-runtimes/switching-to-unified-cgroups/](https://flatcar-linux.org/docs/latest/container-runtimes/switching-to-unified-cgroups/)<br><br>**Security fixes**<br><br><br><br>* Linux ([CVE-2021-34556](https://nvd.nist.gov/vuln/detail/CVE-2021-34556), [CVE-2021-35477](https://nvd.nist.gov/vuln/detail/CVE-2021-35477), [CVE-2021-38205](https://nvd.nist.gov/vuln/detail/CVE-2021-38205))<br>* dnsmasq ([CVE-2021-3448](https://nvd.nist.gov/vuln/detail/CVE-2021-3448))<br>* glibc ([CVE-2021-35942](https://nvd.nist.gov/vuln/detail/CVE-2021-35942))<br>* Go ([CVE-2021-36221](https://nvd.nist.gov/vuln/detail/CVE-2021-36221))<br>* libuv ([CVE-2021-22918](https://nvd.nist.gov/vuln/detail/CVE-2021-22918))<br>* mit-krb5 ([CVE-2021-36222](https://nvd.nist.gov/vuln/detail/CVE-2021-36222))<br>* NVIDIA Drivers ([CVE-2021-1090](https://nvd.nist.gov/vuln/detail/CVE-2021-1090), [CVE-2021-1093](https://nvd.nist.gov/vuln/detail/CVE-2021-1093), [CVE-2021-1094](https://nvd.nist.gov/vuln/detail/CVE-2021-1094), [CVE-2021-1095](https://nvd.nist.gov/vuln/detail/CVE-2021-1095))<br>* systemd ([CVE-2020-13529](https://nvd.nist.gov/vuln/detail/CVE-2020-13529), [CVE-2021-33910](https://nvd.nist.gov/vuln/detail/CVE-2021-33910))<br>* tar ([CVE-2021-20193](https://nvd.nist.gov/vuln/detail/CVE-2021-20193))<br><br>**Bug fixes**<br><br><br><br>* Fixed `pam.d` sssd LDAP auth with sudo ([coreos-overlay#1170](https://github.com/kinvolk/coreos-overlay/pull/1170))<br>* Let network-cleanup.service finish before entering rootfs ([coreos-overlay#1182](https://github.com/kinvolk/coreos-overlay/pull/1182))<br>* Fixed SELinux policy for Flannel CNI ([coreos-overlay#1181](https://github.com/kinvolk/coreos-overlay/pull/1181))<br><br>**Changes**<br><br><br><br>* cgroups v2 by default for new nodes ([coreos-overlay#931](https://github.com/kinvolk/coreos-overlay/pull/931)). <br>* Upgrade Docker to 20.10 ([coreos-overlay#931](https://github.com/kinvolk/coreos-overlay/pull/931))<br>* update_engine: add postinstall hook to stay on cgroupv1 ([update_engine#13](https://github.com/kinvolk/update_engine/pull/13))<br>* Switched to zstd compression for the initramfs ([coreos-overlay#1136](https://github.com/kinvolk/coreos-overlay/pull/1136))<br>* Embedded new subkey in flatcar-install ([coreos-overlay#1180](https://github.com/kinvolk/coreos-overlay/pull/1180))<br>* Azure: Compile OEM contents for all architectures ([coreos-overlay#1196](https://github.com/kinvolk/coreos-overlay/pull/1196))<br>* AWS: Added amazon-ssm-agent ([coreos-overlay#1162](https://github.com/kinvolk/coreos-overlay/pull/1162))<br>* SDK: enabled experimental ARM64 SDK usage ([flatcar-scripts#134](https://github.com/kinvolk/flatcar-scripts/pull/134)) ([flatcar-scripts#141](https://github.com/kinvolk/flatcar-scripts/pull/141))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.59](https://lwn.net/Articles/866302/))<br>* containerd ([1.5.5](https://github.com/containerd/containerd/releases/tag/v1.5.5))<br>* docker ([20.10.7](https://github.com/moby/moby/releases/tag/v20.10.7))<br>* docker CLI ([20.10.7](https://github.com/docker/cli/releases/tag/v20.10.7))<br>* docker proxy ([0.8.0_p20210525](https://github.com/moby/libnetwork/commit/64b7a4574d1426139437d20e81c0b6d391130ec8))<br>* glibc ([2.33-r5](https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7dfddd056de5f23bc29591d212f4051ed9d0634e))<br>* Go ([1.16.7](https://golang.org/doc/devel/release#go1.16.minor))<br>* libuv ([1.41.1](https://github.com/libuv/libuv/releases/tag/v1.41.1))<br>* mit-krb5 ([1.19.2](https://github.com/krb5/krb5/tree/krb5-1.19.2-final))<br>* NVIDIA Drivers ([470.57.02](https://docs.nvidia.com/datacenter/tesla/tesla-release-notes-470-57-02/index.html))<br>* portage-utils ([0.90](https://github.com/gentoo/portage-utils/releases/tag/v0.90))<br>* runc ([1.0.1](https://github.com/opencontainers/runc/releases/tag/v1.0.1))<br>* systemd ([247.9](https://github.com/systemd/systemd-stable/releases/tag/v247.9))<br>* tar ([1.34](https://savannah.gnu.org/forum/forum.php?forum_id=9935))<br>* tini ([0.19](https://github.com/krallin/tini/releases/tag/v0.19.0))<br>* SDK: dnsmasq ([2.85](https://thekelleys.org.uk/dnsmasq/CHANGELOG))<br>* SDK: rust ([1.54](https://github.com/rust-lang/rust/releases/tag/1.54.0))<br><br>Note: Please note that ARM images remain experimental for now.<br><br>Packages:<br>- docker 20.10.7<br>- ignition 0.34.0<br>- kernel 5.10.59<br>- systemd 247<br><br>Architectures:<br>- amd64<br>- arm64<br> 2021-08-19T13:34:56+00:00 @@ -350,7 +358,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2955.0.0 2955.0.0 - 2023-10-25T10:20:34.264511+00:00 + 2023-11-22T09:59:23.996354+00:00 <br>**Security fixes**<br><br>* Linux ([CVE-2021-37576](https://nvd.nist.gov/vuln/detail/CVE-2021-37576))<br>* expat ([CVE-2013-0340](https://nvd.nist.gov/vuln/detail/CVE-2013-0340))<br><br>**Bug fixes**<br><br>* Set the cilium_vxlan interface to be not managed by networkd's default setup with DHCP as it's managed by Cilium. ([init#43](https://github.com/kinvolk/init/pull/43))<br>* Disabled SELinux by default on `dockerd` wrapper script ([coreos-overlay#1149](https://github.com/kinvolk/coreos-overlay/pull/1149))<br>* Fixed the network-cleanup service race in the initramfs which resulted in a failure being reported<br>* GCE: Granted CAP_NET_ADMIN to set routes for the TCP LB when starting oem-gce.service ([coreos-overlay#1146](https://github.com/kinvolk/coreos-overlay/pull/1146))<br><br>**Changes**<br><br>* Switched the arm64 kernel to use a 4k page size instead of 64k<br>* Switched dm-verity corruption detection to issue a kernel panic (a panic results in a reboot after 1 minute, this was the case before already) instead of merely failing certain syscalls that try to use the corrupted data<br>* Support BTRFS in OEM and /usr partitions, but only used it for the OEM partition for now. Ignition configurations that refer to the OEM partition will work with any filesystem format specified, a mismatch is not resulting in a boot error. ([coreos-overlay#1106](https://github.com/kinvolk/coreos-overlay/pull/1106))<br>* Enabled zstd compression for the initramfs and for amd64 also for the kernel because we hit the vmlinuz size limit on the /boot partition<br>* Deleted the unused kernel+initramfs vmlinuz file from the /usr partition<br>* devcontainer: added support to run on arm64 by switching to an architecture-agnostic partition UUID<br>* Enabled ARM64 SDK bootstrap ([scripts#134](https://github.com/kinvolk/flatcar-scripts/pull/134))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.55](https://lwn.net/Articles/864901/))<br>* Linux Firmware ([20210716](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20210716))<br>* expat ([2.4.1](https://www.xml.com/news/2021-05-expat-240-and-241/))<br>* libarchive ([3.5.1](https://github.com/libarchive/libarchive/releases/tag/3.5.1))<br>* xz-utils ([5.2.5](https://git.tukaani.org/?p=xz.git;a=blob;f=NEWS;h=aade49443ad7ddba13bbfd9da188c99664736d80;hb=3247e95115acb95bc27f41e8cf4501db5b0b4309#l16))<br>* cryptsetup ([2.3.6](https://gitlab.com/cryptsetup/cryptsetup/-/tags/v2.3.6))<br><br>Note: Please note that ARM images remain experimental for now.<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.10.55<br>- systemd 247<br><br>Architectures:<br>- amd64<br>- arm64<br> 2021-08-04T13:21:34+00:00 @@ -358,7 +366,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2942.0.0 2942.0.0 - 2023-10-25T10:20:34.258280+00:00 + 2023-11-22T09:59:23.988075+00:00 **Security Fixes**<br><br><br><br>* containerd ([CVE-2021-32760](https://nvd.nist.gov/vuln/detail/CVE-2021-32760))<br>* curl (CVE-2021-22922, CVE-2021-22923, CVE-2021-22924, CVE-2021-22925, CVE-2021-22926)<br>* glibc ([CVE-2020-29562](https://nvd.nist.gov/vuln/detail/CVE-2020-29562), [CVE-2019-25013](https://nvd.nist.gov/vuln/detail/CVE-2019-25013), [CVE-2020-27618](https://nvd.nist.gov/vuln/detail/https://cve.circl.lu/cve/CVE-2020-27618), [CVE-2021-27645](https://nvd.nist.gov/vuln/detail/CVE-2021-27645), [CVE-2021-33574](https://nvd.nist.gov/vuln/detail/CVE-2021-33574))<br>* Go ([CVE-2021-34558](https://nvd.nist.gov/vuln/detail/CVE-2021-34558))<br>* libgcrypt ([CVE-2021-33560](https://nvd.nist.gov/vuln/detail/CVE-2021-33560))<br>* libpcre ([CVE-2019-20838](https://nvd.nist.gov/vuln/detail/CVE-2019-20838), [CVE-2020-14155](https://nvd.nist.gov/vuln/detail/CVE-2020-14155))<br>* Linux ([CVE-2020-26541](https://nvd.nist.gov/vuln/detail/CVE-2020-26541), [CVE-2021-35039](https://nvd.nist.gov/vuln/detail/CVE-2021-35039), [CVE-2021-22543](https://nvd.nist.gov/vuln/detail/CVE-2021-22543), CVE-2021-3609, CVE-2021-3655, [CVE-2021-33909](https://nvd.nist.gov/vuln/detail/CVE-2021-33909))<br><br>**Bug Fixes**<br><br><br><br>* Add the systemd tag in udev for Azure storage devices, to fix /boot automount ([init#41](https://github.com/kinvolk/init/pull/41))<br><br>**Changes**<br><br><br><br>* Enable telnet support for curl ([coreos-overlay#1099](https://github.com/kinvolk/coreos-overlay/pull/1099))<br>* Enable ssl USE flag for wget ([coreos-overlay#932](https://github.com/kinvolk/coreos-overlay/pull/932))<br>* Enable MDIO_BCM_UNIMAC for arm64 ([coreos-overlay#929](https://github.com/kinvolk/coreos-overlay/pull/929))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.52](https://lwn.net/Articles/863648/))<br>* containerd ([1.5.4](https://github.com/containerd/containerd/releases/tag/v1.5.4))<br>* curl ([7.78](https://curl.se/changes.html#7_78_0))<br>* dbus ([1.12.20](https://github.com/freedesktop/dbus/blob/ab88811768f750777d1a8b9d9ab12f13390bfd3a/NEWS#L1))<br>* dracut ([053](https://github.com/dracutdevs/dracut/releases/tag/053))<br>* glibc ([2.33](https://sourceware.org/pipermail/libc-alpha/2021-February/122207.html))<br>* go ([1.16.6](https://golang.org/doc/devel/release#go1.16.minor)) <br>* libev (4.33)<br>* libgcrypt ([1.9.3](https://github.com/gpg/libgcrypt/blob/cb78627203705365d24b48ec4fc4cf2fc804b277/NEWS#L1))<br>* libpcre (8.44)<br>* libverto ([0.3.1](https://github.com/latchset/libverto/releases/tag/0.3.1))<br>* pax-utils (1.3.1)<br>* readline ([8.1_p1](https://tiswww.case.edu/php/chet/readline/CHANGES))<br>* rust ([1.53.0](https://blog.rust-lang.org/2021/06/17/Rust-1.53.0.html))<br>* selinux ([3.1](https://github.com/SELinuxProject/selinux/releases/tag/20200710))<br>* selinux-refpolicy ([2.20200818](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20200818))<br>* systemd ([247.7](https://github.com/systemd/systemd-stable/releases/tag/v247.7))<br>* VMWare: open-vm-tools ([11.3.0](https://github.com/vmware/open-vm-tools/releases/tag/stable-11.3.0))<br><br>Note: Please note that ARM images remain experimental for now.<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.10.52<br>- systemd 247<br><br>Architectures:<br>- amd64<br>- arm64<br> 2021-07-28T08:20:14+00:00 @@ -366,7 +374,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2920.0.0 2920.0.0 - 2023-10-25T10:20:34.251974+00:00 + 2023-11-22T09:59:23.980048+00:00 **Security fixes**<br><br><br><br>* Linux ([CVE-2021-34693](https://nvd.nist.gov/vuln/detail/CVE-2021-34693), [CVE-2021-33624](https://nvd.nist.gov/vuln/detail/CVE-2021-33624))<br>* lz4 ([CVE-2021-3520](https://nvd.nist.gov/vuln/detail/CVE-2021-3520))<br>* curl ([CVE-2021-22898](https://nvd.nist.gov/vuln/detail/CVE-2021-22898),[ CVE-2021-22901](https://nvd.nist.gov/vuln/detail/CVE-2021-22901))<br>* gptfdisk ([CVE-2021-0308](https://nvd.nist.gov/vuln/detail/CVE-2021-0308))<br>* gettext ([CVE-2020-12825](https://nvd.nist.gov/vuln/detail/CVE-2020-12825))<br>* intel-microcode ([CVE-2020-24489](https://nvd.nist.gov/vuln/detail/CVE-2020-24489),[ CVE-2020-24511](https://nvd.nist.gov/vuln/detail/CVE-2020-24511),[ CVE-2020-24513](https://nvd.nist.gov/vuln/detail/CVE-2020-24513))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.46](https://lwn.net/Articles/860655/))<br>* lz4 ([1.9.3-r1](https://github.com/lz4/lz4/releases/tag/v1.9.3)) <br>* curl ([7.77.0-r1](https://curl.se/changes.html#7_77_0)) <br>* gptfdisk (1.0.7)<br>* gettext ([0.21-r1](https://lists.gnu.org/archive/html/info-gnu/2020-07/msg00009.html))<br>* intel-microcode ([20210608_p20210608](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20210608))<br>* runc ([1.0.0](https://github.com/opencontainers/runc/releases/tag/v1.0.0))<br><br>Note: Please note that ARM images remain experimental for now.<br><br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.10.46<br>- systemd 247<br><br>Architectures:<br>- amd64<br>- arm64<br> 2021-07-02T07:38:53+00:00 @@ -374,7 +382,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2905.0.0 2905.0.0 - 2023-10-25T10:20:34.246873+00:00 + 2023-11-22T09:59:23.974519+00:00 **Security fixes**<br><br><br><br>* Linux ([CVE-2020-26558](https://nvd.nist.gov/vuln/detail/CVE-2020-26558), [CVE-2021-0129](https://nvd.nist.gov/vuln/detail/CVE-2021-0129), [CVE-2020-24587](https://nvd.nist.gov/vuln/detail/CVE-2020-24587), [CVE-2020-24586](https://nvd.nist.gov/vuln/detail/CVE-2020-24586), [CVE-2020-24588](https://nvd.nist.gov/vuln/detail/CVE-2020-24588), [CVE-2020-26139](https://nvd.nist.gov/vuln/detail/CVE-2020-26139), [CVE-2020-26145](https://nvd.nist.gov/vuln/detail/CVE-2020-26145), [CVE-2020-26147](https://nvd.nist.gov/vuln/detail/CVE-2020-26147), [CVE-2020-26141](https://nvd.nist.gov/vuln/detail/CVE-2020-26141), [CVE-2021-3564](https://nvd.nist.gov/vuln/detail/CVE-2021-3564), [CVE-2021-28691](https://nvd.nist.gov/vuln/detail/CVE-2021-28691), [CVE-2021-3587](https://nvd.nist.gov/vuln/detail/CVE-2021-3587), [CVE-2021-3573](https://nvd.nist.gov/vuln/detail/CVE-2021-3573))<br>* binutils ([CVE-2021-20197](https://nvd.nist.gov/vuln/detail/CVE-2021-20197),[CVE-2021-3487](https://nvd.nist.gov/vuln/detail/CVE-2021-3487))<br>* Go (CVE-2021-33195,CVE-2021-33196,CVE-2021-33197,CVE-2021-33198)<br>* libxml2 ([CVE-2021-3516](https://nvd.nist.gov/vuln/detail/CVE-2021-3516),[CVE-2021-3517](https://nvd.nist.gov/vuln/detail/CVE-2021-3517),[CVE-2021-3518](https://nvd.nist.gov/vuln/detail/CVE-2021-3518),CVE-2021-3541)<br><br>**Bug fixes**<br><br><br><br>* Update-engine sent empty requests when restarted before a pending reboot ([Flatcar#388](https://github.com/kinvolk/Flatcar/issues/388))<br><br>**Changes**<br><br><br><br>* Disabled SELinux for Docker ([coreos-overlay#1055](https://github.com/kinvolk/coreos-overlay/pull/1055))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.43](https://lwn.net/Articles/859022/))<br>* Linux Firmware ([20210511](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20210511))<br>* containerd ([1.5.2](https://github.com/containerd/containerd/releases/tag/v1.5.2))<br>* libxml2 ([2.9.12](https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.9.12))<br>* runc ([1.0.0_rc95](https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc95))<br>* openssh ([8.6_p1](https://www.openssh.com/txt/release-8.6))<br>* SDK: binutils ([2.36.1](https://sourceware.org/pipermail/binutils/2021-February/115240.html))<br><br>Note: Please note that ARM images remain experimental for now.<br><br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.10.43<br>- systemd 247<br><br>Architectures:<br>- amd64<br>- arm64<br> 2021-06-17T10:29:49+00:00 @@ -382,7 +390,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2879.0.1 2879.0.1 - 2023-10-25T10:20:34.241162+00:00 + 2023-11-22T09:59:23.968764+00:00 **Bug fixes**<br><br>* The Linux kernel IOMMU-related crash introduced in the 5.10.37 update got fixed through the 5.10.38 update ([Flatcar#400](https://github.com/kinvolk/Flatcar/issues/400))<br><br>**Updates**<br><br>* Linux ([5.10.38](https://lwn.net/Articles/856654/))<br><br>Note: Please note that ARM images remain experimental for now.<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.10.38<br>- systemd 247<br><br>Architectures:<br>- amd64<br>- arm64<br> 2021-05-21T12:08:01+00:00 @@ -390,7 +398,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2879.0.0 2879.0.0 - 2023-10-25T10:20:34.236719+00:00 + 2023-11-22T09:59:23.964246+00:00 **Security fixes**<br><br>* Linux ([CVE-2021-3491](https://nvd.nist.gov/vuln/detail/CVE-2021-3491), [CVE-2021-31440](https://nvd.nist.gov/vuln/detail/CVE-2021-31440), [CVE-2021-31829](https://nvd.nist.gov/vuln/detail/CVE-2021-31829))<br>* dbus ([CVE-2020-35512](https://nvd.nist.gov/vuln/detail/CVE-2020-35512))<br>* Go ([CVE-2021-31525](https://nvd.nist.gov/vuln/detail/CVE-2021-31525))<br>* nvidia-drivers ([CVE-2021-1052](https://nvd.nist.gov/vuln/detail/CVE-2021-1052), [CVE-2021-1053](https://nvd.nist.gov/vuln/detail/CVE-2021-1053), [CVE-2021-1056](https://nvd.nist.gov/vuln/detail/CVE-2021-1056), [CVE-2021-1076](https://nvd.nist.gov/vuln/detail/CVE-2021-1076), [CVE-2021-1077](https://nvd.nist.gov/vuln/detail/CVE-2021-1077))<br>* runc ([CVE-2021-30465](https://nvd.nist.gov/vuln/detail/CVE-2021-30465))<br>* Rust ([CVE-2020-36323](https://nvd.nist.gov/vuln/detail/CVE-2020-36323), [CVE-2021-28876](https://nvd.nist.gov/vuln/detail/CVE-2021-28876), [CVE-2021-28877](https://nvd.nist.gov/vuln/detail/CVE-2021-28877), [CVE-2021-28878](https://nvd.nist.gov/vuln/detail/CVE-2021-28878), [CVE-2021-28879](https://nvd.nist.gov/vuln/detail/CVE-2021-28879), [CVE-2021-31162](https://nvd.nist.gov/vuln/detail/CVE-2021-31162))<br><br>**Bug fixes**<br><br>* systemd-networkd: Do not manage loopback network interface ([bootengine#24](https://github.com/kinvolk/bootengine/pull/24) [init#40](https://github.com/kinvolk/init/pull/40))<br>* flatcar-install: Detect device mapper (e.g., LVM/LUKS) usage when searching for free drives with the -s flag ([Flatcar#332](https://github.com/kinvolk/Flatcar/issues/332))<br><br>**Changes**<br><br>* flatcar-install: Add -D flag to only download the image file ([Flatcar#248](https://github.com/kinvolk/Flatcar/issues/248))<br>* SDK: Drop jobs parameter in flatcar-scripts ([flatcar-scripts#121](https://github.com/kinvolk/flatcar-scripts/pull/121))<br><br>**Updates**<br><br>* Linux ([5.10.37](https://lwn.net/Articles/856269/))<br>* dbus ([1.10.32](https://lists.freedesktop.org/archives/ftp-release/2020-July/000759.html))<br>* nvidia-drivers ([460.73.01](https://www.nvidia.com/Download/driverResults.aspx/172376/en-us))<br>* SDK: cmake ([3.18.5](https://github.com/Kitware/CMake/releases/tag/v3.18.5))<br>* SDK: Go ([1.16.4](https://go.googlesource.com/go/+/refs/tags/go1.16.4))<br>* SDK: Rust ([1.52.1](https://blog.rust-lang.org/2021/05/10/Rust-1.52.1.html))<br><br>Note: Please note that ARM images remain experimental for now.<br><br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.10.37<br>- systemd 247<br><br>Architectures:<br>- amd64<br>- arm64<br> 2021-05-19T11:40:56+00:00 @@ -398,7 +406,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2857.0.0 2857.0.0 - 2023-10-25T10:20:34.230962+00:00 + 2023-11-22T09:59:23.958355+00:00 **Security fixes**<br><br><br><br>* Linux ([CVE-2021-28964](https://nvd.nist.gov/vuln/detail/CVE-2021-28964), [CVE-2021-28972](https://nvd.nist.gov/vuln/detail/CVE-2021-28972), [CVE-2021-28971](https://nvd.nist.gov/vuln/detail/CVE-2021-28971), [CVE-2021-28951](https://nvd.nist.gov/vuln/detail/CVE-2021-28951), [CVE-2021-28952](https://nvd.nist.gov/vuln/detail/CVE-2021-28952), [CVE-2021-29266](https://nvd.nist.gov/vuln/detail/CVE-2021-29266), [CVE-2021-28688](https://nvd.nist.gov/vuln/detail/CVE-2021-28688), [CVE-2021-29264](https://nvd.nist.gov/vuln/detail/CVE-2021-29264), [CVE-2021-29649](https://nvd.nist.gov/vuln/detail/CVE-2021-29649), [CVE-2021-29650](https://nvd.nist.gov/vuln/detail/CVE-2021-29650), [CVE-2021-29646](https://nvd.nist.gov/vuln/detail/CVE-2021-29646), [CVE-2021-29647](https://nvd.nist.gov/vuln/detail/CVE-2021-29647), [CVE-2021-29154](https://nvd.nist.gov/vuln/detail/CVE-2021-29154), [CVE-2021-29155](https://nvd.nist.gov/vuln/detail/CVE-2021-29155), [CVE-2021-23133](https://nvd.nist.gov/vuln/detail/CVE-2021-23133))<br>* dnsmasq ([CVE-2020-25681](https://nvd.nist.gov/vuln/detail/CVE-2020-25681), [CVE-2020-25682](https://nvd.nist.gov/vuln/detail/CVE-2020-25682), [CVE-2020-25683](https://nvd.nist.gov/vuln/detail/CVE-2020-25683), [CVE-2020-25684](https://nvd.nist.gov/vuln/detail/CVE-2020-25683), [CVE-2020-25685](https://nvd.nist.gov/vuln/detail/CVE-2020-25685), [CVE-2020-25686](https://nvd.nist.gov/vuln/detail/CVE-2020-25686), [CVE-2020-25687](https://nvd.nist.gov/vuln/detail/CVE-2020-25687))<br>* git ([CVE-2021-21300](https://nvd.nist.gov/vuln/detail/CVE-2021-21300))<br>* gnutls ([CVE-2021-20231](https://nvd.nist.gov/vuln/detail/CVE-2021-20231),[ CVE-2021-20232](https://nvd.nist.gov/vuln/detail/CVE-2021-20232))<br>* sqlite ([CVE-2021-20227](https://nvd.nist.gov/vuln/detail/CVE-2021-20227))<br>* qemu ([CVE-2020-10717](https://nvd.nist.gov/vuln/detail/CVE-2020-10717),[ CVE-2020-13754](https://nvd.nist.gov/vuln/detail/CVE-2020-13754),[ CVE-2020-15859](https://nvd.nist.gov/vuln/detail/CVE-2020-15859),[ CVE-2020-15863](https://nvd.nist.gov/vuln/detail/CVE-2020-15863),[ CVE-2020-16092](https://nvd.nist.gov/vuln/detail/CVE-2020-16092),[ CVE-2020-25741](https://nvd.nist.gov/vuln/detail/CVE-2020-25741),[ CVE-2020-25742](https://nvd.nist.gov/vuln/detail/CVE-2020-25742),[ CVE-2020-25743](https://nvd.nist.gov/vuln/detail/CVE-2020-25743))<br>* curl ([CVE-2021-22876](https://nvd.nist.gov/vuln/detail/CVE-2021-22876),[ CVE-2021-22890](https://nvd.nist.gov/vuln/detail/CVE-2021-22890))<br>* libxml2 ([CVE-2020-24977](https://nvd.nist.gov/vuln/detail/CVE-2020-24977))<br>* openldap ([CVE-2021-27212](https://nvd.nist.gov/vuln/detail/CVE-2021-27212))<br><br>**Bug fixes**<br><br><br><br>* Fix the patch to update DefaultTasksMax in systemd ([coreos-overlay#971](https://github.com/kinvolk/coreos-overlay/pull/971))<br><br>**Changes**<br><br><br><br>* Make the hostname setting units optional. Having the hostname units as required by the initrd.target meant that if the unit failed the machine wouldn't start, disrupting the whole boot. ([bootengine#23](https://github.com/kinvolk/bootengine/pull/23))<br>* Enable using iSCSI netroot devices on Flatcar ([bootengine#22](https://github.com/kinvolk/bootengine/pull/22))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.32](https://lwn.net/Articles/853762/))<br>* systemd ([247.6](https://github.com/systemd/systemd-stable/releases/tag/v247.6))<br>* openldap ([2.4.58](https://www.openldap.org/software/release/announce.html))<br>* curl ([7.76.1](https://curl.se/changes.html#7_76_1))<br>* gnutls ([3.7.1](https://gitlab.com/gnutls/gnutls/-/tags/3.7.1))<br>* git ([2.26.3](https://raw.githubusercontent.com/git/git/v2.26.3/Documentation/RelNotes/2.26.3.txt))<br>* libxml2 ([2.9.10](https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.9.10))<br>* sqlite ([3.34.1](https://www.sqlite.org/releaselog/3_34_1.html))<br>* dnsmasq ([2.83](https://thekelleys.org.uk/dnsmasq/CHANGELOG))<br>* go ([1.16.2](https://go.googlesource.com/go/+/refs/tags/go1.6.2))<br>* SDK: QEMU ([5.2.0](https://wiki.qemu.org/ChangeLog/5.2))<br>* SDK: Rust ([1.51.0](https://blog.rust-lang.org/2021/03/25/Rust-1.51.0.html))<br><br>**Deprecation**<br><br><br><br>* rkt and kubelet-wrapper are deprecated and removed from Alpha, also from subsequent channels in the future. Please read the [removal announcement](https://groups.google.com/g/flatcar-linux-user/c/MeinndLqJO4) to know more.<br><br>[Alpha only] Note: Please note that ARM images remain experimental for now.<br><br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.10.32<br>- systemd 247<br><br>Architectures:<br>- amd64<br>- arm64<br> 2021-04-28T13:32:01+00:00 @@ -406,7 +414,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2823.0.0 2823.0.0 - 2023-10-25T10:20:34.223789+00:00 + 2023-11-22T09:59:23.951196+00:00 **Security fixes**<br><br><br><br>* Linux ([CVE-2021-27365](https://nvd.nist.gov/vuln/detail/CVE-2021-27365), [CVE-2021-27364](https://nvd.nist.gov/vuln/detail/CVE-2021-27364), [CVE-2021-27363](https://nvd.nist.gov/vuln/detail/CVE-2021-27363), [CVE-2021-28038](https://nvd.nist.gov/vuln/detail/CVE-2021-28038), [CVE-2021-28039](https://nvd.nist.gov/vuln/detail/CVE-2021-28039), [CVE-2021-28375](https://nvd.nist.gov/vuln/detail/CVE-2021-28375), [CVE-2021-28660](https://nvd.nist.gov/vuln/detail/CVE-2021-28660), [CVE-2021-27218](https://nvd.nist.gov/vuln/detail/CVE-2021-27218), [CVE-2021-27219](https://nvd.nist.gov/vuln/detail/CVE-2021-27219))<br>* Go ([CVE-2021-27918](https://nvd.nist.gov/vuln/detail/CVE-2021-27918),[ CVE-2021-27919](https://nvd.nist.gov/vuln/detail/CVE-2021-27919)) <br>* boost ([CVE-2012-2677](https://nvd.nist.gov/vuln/detail/CVE-2012-2677))<br>* glib ([CVE-2021-28153](https://nvd.nist.gov/vuln/detail/CVE-2021-28153),[ CVE-2021-27218](https://nvd.nist.gov/vuln/detail/CVE-2021-27218),[ CVE-2021-27219](https://nvd.nist.gov/vuln/detail/CVE-2021-27219)) <br>* ncurses ([CVE-2019-17594](https://nvd.nist.gov/vuln/detail/CVE-2019-17594),[ CVE-2019-17595](https://nvd.nist.gov/vuln/detail/CVE-2019-17595))<br>* openssl ([CVE-2021-3449](https://nvd.nist.gov/vuln/detail/CVE-2021-3449),[ CVE-2021-3450](https://nvd.nist.gov/vuln/detail/CVE-2021-3450))<br>* zstd ([CVE-2021-24032](https://nvd.nist.gov/vuln/detail/CVE-2021-24032))<br><br>**Bug Fixes**<br><br><br><br>* GCE: The old interface name ens4v1 which was replaced by eth0 due to a broken udev rule was restored, but now as alternative interface name, and eth0 will stay the primary name for consistency across cloud environments. ([init#38](https://github.com/kinvolk/init/pull/38))<br><br>**Changes**<br><br><br><br>* The virtio network interfaces got predictable interface names as alternative interface names, and thus these names can also be used to match for a specific interface in case there is more than one and the eth0 and eth1 name assignment is not stable. ([init#38](https://github.com/kinvolk/init/pull/38))<br>* The pam_faillock PAM module was enabled as replacement for the removed pam_tally2 module and will temporarily lock an account if there were login attempts with a wrong password. The faillock command can be used to show the current state. With pam_tally2 there was no limit for wrong password login attempts but with faillock the default is already restricting the attempts. The default behavior was relaxed to allow 5 wrong passwords per two minutes, and a one minute account lock time. This does not apply to logins with an SSH key. ([baselayout#17](https://github.com/kinvolk/baselayout/pull/17))<br>* The etcd and flannel services are now run with Docker and any rkt-based customizations of the etcd-member and flanneld services not supported anymore. Also, because the flanneld service relies on Docker and will restart Docker after applying the new configuration, it is not possible anymore to set Requires=flanneld.service for docker.service and instead it’s enough to have flanneld.service enabled. ([coreos-overlay#857](https://github.com/kinvolk/coreos-overlay/pull/857))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.25](https://lwn.net/Articles/849951/))<br>* Linux firmware ([20210315](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20210315))<br>* Go ([1.15.10](https://go.googlesource.com/go/+/refs/tags/go1.15.10))<br>* boost ([1.75.0](https://www.boost.org/users/history/version_1_75_0.html))<br>* glib ([2.66.8](https://gitlab.gnome.org/GNOME/glib/-/releases/2.66.8))<br>* ncurses ([6.2](https://invisible-island.net/ncurses/announce-6.2.html))<br>* openssl ([1.1.1k](https://mta.openssl.org/pipermail/openssl-announce/2021-March/000197.html))<br>* open-iscsi ([2.1.4](https://github.com/open-iscsi/open-iscsi/releases/tag/2.1.4))<br>* zstd ([1.4.9](https://github.com/facebook/zstd/releases/tag/v1.4.9))<br><br>Note: Please note that ARM images remain experimental for now.<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.10.25<br>- systemd 247<br><br>Architectures:<br>- amd64<br>- arm64<br> 2021-03-25T15:36:49+00:00 @@ -414,7 +422,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2801.0.1 2801.0.1 - 2023-10-25T10:20:34.216487+00:00 + 2023-11-22T09:59:23.943834+00:00 **Security fixes**<br><br>* Linux - ([CVE-2020-25639](https://nvd.nist.gov/vuln/detail/CVE-2020-25639), [CVE-2021-27365](https://nvd.nist.gov/vuln/detail/CVE-2021-27365), [CVE-2021-27364](https://nvd.nist.gov/vuln/detail/CVE-2021-27364), [CVE-2021-27363](https://nvd.nist.gov/vuln/detail/CVE-2021-27363), [CVE-2021-28038](https://nvd.nist.gov/vuln/detail/CVE-2021-28038), [CVE-2021-28039](https://nvd.nist.gov/vuln/detail/CVE-2021-28039))<br>* containerd ([GHSA-6g2q-w5j3-fwh4](https://github.com/containerd/containerd/security/advisories/GHSA-6g2q-w5j3-fwh4))<br><br>**Bug fixes**<br><br>* Include firmware files for all modules shipped in our image ([Issue #359](https://github.com/kinvolk/Flatcar/issues/359), [PR #887](https://github.com/kinvolk/coreos-overlay/pull/887))<br>* Add explicit path to the binary call in the coreos-metadata unit file ([Issue #360](https://github.com/kinvolk/Flatcar/issues/360))<br><br>**Updates**<br><br>* Linux ([5.10.21](https://lwn.net/Articles/848617/))<br>* Containerd ([1.4.4](https://github.com/containerd/containerd/releases/tag/v1.4.4))<br><br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.10.21<br>- systemd 247<br><br>Architectures:<br>- amd64<br>- arm64<br> 2021-03-11T09:20:29+00:00 @@ -422,7 +430,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2801.0.0 2801.0.0 - 2023-10-25T10:20:34.211632+00:00 + 2023-11-22T09:59:23.938860+00:00 **Security fixes**<br><br><br><br>* Linux ([CVE-2021-26931](https://nvd.nist.gov/vuln/detail/CVE-2021-26931), [CVE-2021-26930](https://nvd.nist.gov/vuln/detail/CVE-2021-26930), [CVE-2021-26932](https://nvd.nist.gov/vuln/detail/CVE-2021-26932))<br>* openssl ([CVE-2021-23840](https://nvd.nist.gov/vuln/detail/CVE-2021-23840),[ CVE-2021-23841](https://nvd.nist.gov/vuln/detail/CVE-2021-23841), [CVE-2020-1971](https://nvd.nist.gov/vuln/detail/CVE-2020-1971),[ CVE-2021-23840](https://nvd.nist.gov/vuln/detail/CVE-2021-23840),[ CVE-2021-23841](https://nvd.nist.gov/vuln/detail/CVE-2021-23841))<br>* intel-microcode ([CVE-2020-8696](https://nvd.nist.gov/vuln/detail/CVE-2020-8696),[ CVE-2020-8698](https://nvd.nist.gov/vuln/detail/CVE-2020-8698))<br><br>**Changes**<br><br><br><br>* sshd: use secure crypto algos only ([kinvolk/coreos-overlay#852](https://github.com/kinvolk/coreos-overlay/pull/852))<br>* samba: Update to EAPI=7, add new USE flags and remove deps on icu ([kinvolk/coreos-overlay#864](https://github.com/kinvolk/coreos-overlay/pull/864))<br>* kernel: enable kernel config CONFIG_BPF_LSM ([kinvolk/coreos-overlay#846](https://github.com/kinvolk/coreos-overlay/pull/846))<br>* bootengine: set hostname for EC2 and OpenStack from metadata ([kinvolk/coreos-overlay#848](https://github.com/kinvolk/coreos-overlay/pull/848))<br><br><br>**Updates**<br><br><br><br>* Linux ([5.10.19](https://lwn.net/Articles/847589/))<br>* systemd ([247.3](https://raw.githubusercontent.com/systemd/systemd-stable/v247.3/NEWS))<br>* intel-microcode ([20210216](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20210216))<br>* multipath-tools ([0.8.5](https://github.com/opensvc/multipath-tools/releases/tag/0.8.5))<br>* openssl ([1.1.1j](https://www.openssl.org/news/openssl-1.1.1-notes.html))<br>* runc ([1.0.0_rc93](https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc93))<br>* SDK: Rust ([1.50.0](https://blog.rust-lang.org/2021/02/11/Rust-1.50.0.html))<br><br>**Deprecation**<br><br><br><br>* dhcpcd and containerd-stress will be deprecated from Alpha, also from other channels in the future ([kinvolk/coreos-overlay#858](https://github.com/kinvolk/coreos-overlay/pull/858))<br><br>Note: Please note that ARM images remain experimental for now.<br><br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.10.19<br>- systemd 247<br><br>Architectures:<br>- amd64<br>- arm64<br> 2021-03-03T14:57:57+00:00 @@ -430,7 +438,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2783.0.0 2783.0.0 - 2023-10-25T10:20:34.205891+00:00 + 2023-11-22T09:59:23.933076+00:00 **Security fixes**<br><br><br><br>* Linux ([CVE-2021-3347](https://nvd.nist.gov/vuln/detail/CVE-2021-3347), [CVE-2021-3348](https://nvd.nist.gov/vuln/detail/CVE-2021-3348), [CVE-2021-26708](https://nvd.nist.gov/vuln/detail/CVE-2021-26708), [CVE-2021-20194](https://nvd.nist.gov/vuln/detail/CVE-2021-20194))<br>* Docker ([CVE-2021-21285](https://nvd.nist.gov/vuln/detail/CVE-2021-21285), [CVE-2021-21284](https://nvd.nist.gov/vuln/detail/CVE-2021-21284))<br>* samba ([CVE-2020-14318](https://nvd.nist.gov/vuln/detail/CVE-2020-14318), [CVE-2020-14323](https://nvd.nist.gov/vuln/detail/CVE-2020-14323), [CVE-2020-14383](https://nvd.nist.gov/vuln/detail/CVE-2020-14383))<br>* openldap ([CVE-2020-36221](https://nvd.nist.gov/vuln/detail/CVE-2020-36221),[ CVE-2020-36222](https://nvd.nist.gov/vuln/detail/CVE-2020-36222),[ CVE-2020-36223](https://nvd.nist.gov/vuln/detail/CVE-2020-36223),[ CVE-2020-36224](https://nvd.nist.gov/vuln/detail/-2020-36224),[ CVE-2020-36225](https://nvd.nist.gov/vuln/detail/CVE-2020-36225),[ CVE-2020-36226](https://nvd.nist.gov/vuln/detail/CVE-2020-36226),[ CVE-2020-36227](https://nvd.nist.gov/vuln/detail/CVE-2020-36227),[ CVE-2020-36228](https://nvd.nist.gov/vuln/detail/CVE-2020-36228),[ CVE-2020-36229](https://nvd.nist.gov/vuln/detail/CVE-2020-36229),[ CVE-2020-36230](https://nvd.nist.gov/vuln/detail/CVE-2020-36230))<br>* c-ares ([CVE-2020-8277](https://nvd.nist.gov/vuln/detail/CVE-2020-8277))<br>* coreutils ([CVE-2017-7476](https://nvd.nist.gov/vuln/detail/CVE-2017-7476))<br>* intel-microcode ([CVE-2020-8698](https://nvd.nist.gov/vuln/detail/CVE-2020-8698), [CVE-2020-8694](https://nvd.nist.gov/vuln/detail/CVE-2020-8694), [CVE-2020-8695](https://nvd.nist.gov/vuln/detail/CVE-2020-8695), [CVE-2020-8696](https://nvd.nist.gov/vuln/detail/CVE-2020-8696))<br><br>**Bug fixes**<br><br><br><br>* profile: filter out bullet point when parsing failed units ([baselayout#16](https://github.com/kinvolk/baselayout/pull/16))<br>* app-crypt/trousers: use correct file permissions ([coreos-overlay#809](https://github.com/kinvolk/coreos-overlay/pull/809))<br>* sys-apps/systemd: Fix unit installation ([coreos-overlay#810](https://github.com/kinvolk/coreos-overlay/pull/810))<br>* passwd: use correct GID for tss([baselayout#15](https://github.com/kinvolk/baselayout/pull/15))<br>* flatcar-eks: add missing mkdir and update to latest versions([coreos-overlay#817](https://github.com/kinvolk/coreos-overlay/pull/817))<br>* coreos-base/gmerge: Stop installing gmerge script ([coreos-overlay#828](https://github.com/kinvolk/coreos-overlay/pull/828))<br>* Update sys-apps/coreutils and make sure they have split-usr disabled for generic images ([coreos-overlay#829](https://github.com/kinvolk/coreos-overlay/pull/829))<br><br>**Changes**<br><br><br><br>* dev-lang/go: delete go 1.6 ([coreos-overlay#827](https://github.com/kinvolk/coreos-overlay/pull/827))<br>* sys-block/open-iscsi: Command substitution in iscsi-init system service ([coreos-overlay#801](https://github.com/kinvolk/coreos-overlay/pull/801))<br>* scripts/motdgen: Add OEM information to motd output ([init#34](https://github.com/kinvolk/init/pull/34))<br>* torcx: delete Docker 1.12 ([coreos-overlay#826](https://github.com/kinvolk/coreos-overlay/pull/826))<br>* portage update: update portage and related packages to newer versions ([coreos-overlay#840](https://github.com/kinvolk/coreos-overlay/pull/840))<br>* bin/flatcar-install: add parameters to make wget more resilient ([init#35](https://github.com/kinvolk/init/pull/35))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.16](https://lwn.net/Articles/846116/))<br>* Docker ([19.03.15](https://docs.docker.com/engine/release-notes/19.03/#190315))<br>* go ([1.15.8](https://go.googlesource.com/go/+/refs/tags/go1.15.8))<br>* c-ares ([1.17.1](https://c-ares.haxx.se/changelog.html#1_17_1))<br>* cri-tools ([1.19.0](https://github.com/kubernetes-sigs/cri-tools/releases/tag/v1.19.0))<br>* samba ([4.12.9](https://www.samba.org/samba/history/samba-4.12.9.html))<br>* openldap ([2.4.57](https://www.openldap.org/software/release/announce.html))<br>* coreutils ([8.32](https://git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?h=v8.32))<br>* intel-microcode ([20201112](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20201112))<br><br>**Deprecation**<br><br><br><br>* Docker 1.12 will be deprecated from Alpha, also from other channels in the future.<br><br>Note: Please note that ARM images remain experimental for now.<br><br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.10.16<br>- systemd 247<br><br>Architectures:<br>- amd64<br>- arm64<br> 2021-02-18T12:43:43+00:00 @@ -438,7 +446,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2765.0.0 2765.0.0 - 2023-10-25T10:20:34.198776+00:00 + 2023-11-22T09:59:23.925779+00:00 **Security fixes**<br><br>* Linux - [CVE-2020-28374](https://nvd.nist.gov/vuln/detail/CVE-2020-28374), [CVE-2020-36158](https://nvd.nist.gov/vuln/detail/CVE-2020-36158)<br>* go - [CVE-2021-3114](https://github.com/golang/go/issues/43786)<br>* bsdiff - [CVE-2020-14315](https://nvd.nist.gov/vuln/detail/CVE-2020-14315)<br>* curl - [CVE-2020-8169](https://nvd.nist.gov/vuln/detail/CVE-2020-8169), [CVE-2020-8231](https://nvd.nist.gov/vuln/detail/CVE-2020-8231),[ CVE-2020-8284](https://curl.se/docs/CVE-2020-8285.html), [CVE-2020-8285](https://nvd.nist.gov/vuln/detail/CVE-2020-8285),[ CVE-2020-8286](https://nvd.nist.gov/vuln/detail/CVE-2020-8286)<br>* dhcpcd - [CVE-2019-11577](https://nvd.nist.gov/vuln/detail/CVE-2019-11577), [CVE-2019-11766](https://nvd.nist.gov/vuln/detail/CVE-2019-11766)<br>* mit-krb5 - [CVE-2020-28196](https://nvd.nist.gov/vuln/detail/CVE-2020-28196)<br>* sudo - [CVE-2021-3156](https://nvd.nist.gov/vuln/detail/CVE-2021-3156), [CVE-2021-23239](https://nvd.nist.gov/vuln/detail/CVE-2021-23239)<br><br>**Bug fixes**<br><br>* `/etc/iscsi/initiatorname.iscsi` is generated by the iscsi-init service ([#321](https://github.com/kinvolk/Flatcar/issues/321))<br>* Prevent iscsiadm buffer overflow ([#318](https://github.com/kinvolk/Flatcar/issues/318))<br><br>**Changes**<br><br>* Revert to building docker and containerd with go1.13 instead of go1.15. This reduces the SIGURG log spam ([Issue #315](https://github.com/kinvolk/Flatcar/issues/315) [PR #774](https://github.com/kinvolk/coreos-overlay/pull/774))<br>* The containerd socket is now available in the default location (`/run/containerd/containerd.sock`) and also as a symlink in the previous location (`/run/docker/libcontainerd/docker-containerd.sock`) ([#771](https://github.com/kinvolk/coreos-overlay/pull/771))<br>* AWS Pro: include scripts to facilitate setup of EKS workers ([#794](https://github.com/kinvolk/coreos-overlay/pull/794)).<br>* Missed from earlier notes: with the previous open-iscsi update to 2.1.2, the service unit name changed from iscsid to iscsi ([#682](https://github.com/kinvolk/coreos-overlay/pull/682))<br><br>**Updates**<br><br>* linux ([5.10.10](https://lwn.net/Articles/843686/))<br>* systemd ([247.2](https://raw.githubusercontent.com/systemd/systemd-stable/v247.2/NEWS))<br>* curl ([7.74.0](https://curl.se/changes.html#7_74_0))<br>* dhcpcd ([8.1.9](https://roy.marples.name/cgit/dhcpcd.git/tag/?h=dhcpcd-8.1.9))<br>* open-iscsi ([2.1.3](https://github.com/open-iscsi/open-iscsi/releases/tag/2.1.3))<br>* go ([1.15.7](https://go.googlesource.com/go/+/refs/tags/go1.15.7))<br>* mit-krb5 ([1.18.2-r2](https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7c6a41be59b79c996b2e0493399c035e35f8fed9))<br>* open-vm-tools ([11.2.5](https://github.com/vmware/open-vm-tools/releases/tag/stable-11.2.5))<br>* rust ([1.49.0](https://blog.rust-lang.org/2020/12/31/Rust-1.49.0.html))<br>* sudo ([1.9.5p2](https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_5p2))<br><br>**Note**: This alpha release includes only AMD64 images.<br><br>Packages:<br>- docker 19.03.14<br>- ignition 0.34.0<br>- kernel 5.10.10<br>- systemd 247<br><br>Architectures:<br>- amd64<br> 2021-01-28T11:00:29+00:00 @@ -446,7 +454,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2748.0.0 2748.0.0 - 2023-10-25T10:20:34.192481+00:00 + 2023-11-22T09:59:23.919293+00:00 **Security fixes**<br><br> * Linux<br> - [CVE-2020-27815](https://www.openwall.com/lists/oss-security/2020/11/30/5)<br> - [CVE-2020-27830](https://www.openwall.com/lists/oss-security/2020/12/07/1)<br> - [CVE-2020-27835](https://nvd.nist.gov/vuln/detail/CVE-2020-27835)<br> - [CVE-2020-28588](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4f134b89a24b965991e7c345b9a4591821f7c2a6)<br> - [CVE-2020-29568](https://nvd.nist.gov/vuln/detail/CVE-2020-29568)<br> - [CVE-2020-29569](https://nvd.nist.gov/vuln/detail/CVE-2020-29569)<br> - [CVE-2020-29660](https://nvd.nist.gov/vuln/detail/CVE-2020-29660)<br> - [CVE-2020-29661](https://nvd.nist.gov/vuln/detail/CVE-2020-29661)<br><br>**Bug fixes**<br><br>* afterburn (coreos-metadata): Restart on failure and keep coreos-metadata unit active ([kinvolk/coreos-overlay#768](https://github.com/kinvolk/coreos-overlay/pull/768))<br>* networkd: avoid managing MAC addresses for veth devices ([kinvolk/init#33](https://github.com/kinvolk/init/pull/33))<br><br>**Changes**<br><br>* Updated nsswitch.conf to use systemd-resolved ([kinvolk/baselayout#10](https://github.com/kinvolk/baselayout/pull/10))<br>* Enabled systemd-resolved stub listeners ([kinvolk/baselayout#11](https://github.com/kinvolk/baselayout/pull/11))<br>* systemd-resolved: Disabled DNSSEC for the mean time ([kinvolk/baselayout#14](https://github.com/kinvolk/baselayout/pull/14))<br>* kernel: enabled CONFIG_DEBUG_INFO_BTF ([kinvolk/coreos-overlay#753](https://github.com/kinvolk/coreos-overlay/pull/753))<br>* containerd: Switched to default upstream socket location while keeping a symlink for the previous location in Flatcar ([kinvolk/coreos-overlay#771](https://github.com/kinvolk/coreos-overlay/pull/771))<br>* containerd: Disabled shim debug logs ([kinvolk/coreos-overlay#766](https://github.com/kinvolk/coreos-overlay/pull/766))<br><br>**Updates**<br><br>* Linux ([5.10.4](https://lwn.net/Articles/841473/))<br>* Linux firmware ([20201218](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20201218))<br>* SDK: Rust ([1.48.0](https://github.com/rust-lang/rust/blob/master/RELEASES.md#version-1480-2020-11-19))<br><br>Note: Please note that ARM images remain experimental for now.<br>Packages:<br>- docker 19.03.14<br>- ignition 0.34.0<br>- kernel 5.10.4<br>- systemd 246<br><br>Architectures:<br>- amd64<br>- arm64<br> 2021-01-12T17:02:16+00:00 @@ -454,7 +462,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2723.0.0 2723.0.0 - 2023-10-25T10:20:34.186761+00:00 + 2023-11-22T09:59:23.913410+00:00 Security fixes<br><br>* bsdiff<br> * [CVE-2014-9862](https://nvd.nist.gov/vuln/detail/CVE-2014-9862)<br>* containerd<br> * [CVE-2020-15257](https://nvd.nist.gov/vuln/detail/CVE-2020-15257)<br>* pam<br> * [CVE-2020-27780](https://nvd.nist.gov/vuln/detail/CVE-2020-27780)<br>* Linux<br> * [CVE-2020-29661](https://nvd.nist.gov/vuln/detail/CVE-2020-29661)<br> * [CVE-2020-29660](https://nvd.nist.gov/vuln/detail/CVE-2020-29660)<br> * [CVE-2020-27830](https://nvd.nist.gov/vuln/detail/CVE-2020-27830)<br> * [CVE-2020-28588](https://nvd.nist.gov/vuln/detail/CVE-2020-28588) (only affects 32-bit systems, Flatcar Container Linux is not affected)<br> * [CVE-2020-27835](https://nvd.nist.gov/vuln/detail/CVE-2020-27835) (only affects systems with Infiniband HF1 driver, Flatcar Container Linux is not affected)<br><br>Bug fixes<br><br>* The sysctl net.ipv4.conf.*.rp_filter is set to 0 for the Cilium CNI plugin to work ([Flatcar#181](https://github.com/kinvolk/Flatcar/issues/181))<br>* Package downloads in the developer container now use the correct URL again ([Flatcar#298](https://github.com/kinvolk/Flatcar/issues/298))<br><br>Changes<br><br>* A symlink `vimdiff` should not be created, if the USE flag `minimal` is enabled. ([Flatcar/#221](https://github.com/kinvolk/Flatcar/issues/221))<br>* The sysctl default config file is now applied under the prefix 60 which allows for custom sysctl config files to take effect when they start with a prefix of 70, 80, or 90 ([baselayout#13](https://github.com/kinvolk/baselayout/pull/13))<br>* Containerd CRI plugin got enabled by default, only the containerd socket path needs to be specified as kubelet parameter for Kubernetes 1.20 to use containerd instead of Docker ([Flatcar#283](https://github.com/kinvolk/Flatcar/issues/283))<br>* For users with a custom update server a machine alias setting in update-engine allows to give human-friendly names to client instances ([update-engine#8](https://github.com/kinvolk/update_engine/pull/8))<br>* Enable BCMGENET as a module on arm64_defconfig-5.9 (c[oreos-overlay#717](https://github.com/kinvolk/coreos-overlay/pull/717))<br>* Enable BCM7XXX_PHY as a module on arm64_defconfig-5.9 for Raspberry Pi 4 ([coreos-overlay#716](https://github.com/kinvolk/coreos-overlay/pull/716))<br>* Disable jpeg USE flag from QEMU ([coreos-overlay#729](https://github.com/kinvolk/coreos-overlay/pull/729))<br>* flatcar_production_qemu.sh: Use more CPUs for ARM if available ([scripts#91](https://github.com/kinvolk/flatcar-scripts/pull/91))<br><br>Updates<br><br>* Linux ([5.9.14](https://lwn.net/Articles/839874/))<br>* Linux firmware ([20201118](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20201118))<br>* Docker ([19.03.14](https://github.com/docker/docker-ce/releases/tag/v19.03.14))<br>* containerd ([1.4.3](https://github.com/containerd/containerd/releases/tag/v1.4.3))<br>* pam ([1.5.1](https://github.com/linux-pam/linux-pam/releases/tag/v1.5.1))<br>* sqlite ([3.33](https://www.sqlite.org/releaselog/3_33_0.html))<br>* SDK: Rust ([1.47.0](https://github.com/rust-lang/rust/blob/master/RELEASES.md#version-1470-2020-10-08))<br>* SDK: Go ([1.15.6](https://go.googlesource.com/go/+/refs/tags/go1.15.6))<br>* SDK: repo (2.8)<br>* SDK: dwarves (1.19)<br><br>Note: Please note that ARM images remain experimental for now.<br><br>Packages:<br>- docker 19.03.14<br>- ignition 0.34.0<br>- kernel 5.9.14<br>- systemd 246<br><br>Architectures:<br>- amd64<br>- arm64<br> 2020-12-18T14:10:15+00:00 @@ -462,7 +470,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2705.0.0 2705.0.0 - 2023-10-25T10:20:34.180016+00:00 + 2023-11-22T09:59:23.906420+00:00 Security fixes<br><br>* glibc ([CVE-2019-9169](https://nvd.nist.gov/vuln/detail/CVE-2019-9169), [CVE-2019-6488](https://nvd.nist.gov/vuln/detail/CVE-2019-6488), [CVE-2019-7309](https://nvd.nist.gov/vuln/detail/CVE-2019-7309), [CVE-2020-10029](https://nvd.nist.gov/vuln/detail/CVE-2020-10029), [CVE-2020-1751](https://nvd.nist.gov/vuln/detail/CVE-2020-1751), [CVE-2020-6096](https://nvd.nist.gov/vuln/detail/CVE-2020-6096), [CVE-2018-20796](https://nvd.nist.gov/vuln/detail/CVE-2018-20796))<br><br>Bug fixes<br><br>* Added systemd-tmpfiles directives for /opt and /opt/bin to ensure that the folders have correct permissions even when /opt/ was once created by containerd ([Flatcar#279](https://github.com/kinvolk/Flatcar/issues/279))<br><br>Changes<br><br>* Enabled the kernel config HOTPLUG_PCI_ACPI for arm64 to support attaching EC2 volumes ([PR#705](https://github.com/kinvolk/coreos-overlay/pull/705))<br><br>Updates<br><br>* Linux ([5.9.11](https://lwn.net/Articles/838257/))<br>* glibc ([2.32](https://lwn.net/Articles/828210/))<br><br>Note: Please note that ARM images remain experimental for now.<br><br>Packages:<br>- docker 19.03.13<br>- ignition 0.34.0<br>- kernel 5.9.11<br>- systemd 246<br><br>Architectures:<br>- amd64<br>- arm64<br> 2020-11-27T10:48:14+00:00 @@ -470,7 +478,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2697.0.0 2697.0.0 - 2023-10-25T10:20:34.175020+00:00 + 2023-11-22T09:59:23.900793+00:00 Security fixes:<br><br>* Linux - ([CVE-2020-27673](https://nvd.nist.gov/vuln/detail/CVE-2020-27673), [CVE-2020-27675](https://nvd.nist.gov/vuln/detail/CVE-2020-27675))<br>* Go - ([CVE-2020-28362](https://nvd.nist.gov/vuln/detail/CVE-2020-28362), [CVE-2020-28367](https://nvd.nist.gov/vuln/detail/CVE-2020-28367), [CVE-2020-28366](https://nvd.nist.gov/vuln/detail/CVE-2020-28366))<br>* glib ([CVE-2019-12450](https://nvd.nist.gov/vuln/detail/CVE-2019-12450))<br>* open-iscsi ([CVE-2017-17840](https://nvd.nist.gov/vuln/detail/CVE-2017-17840))<br>* samba ([CVE-2019-10197](https://nvd.nist.gov/vuln/detail/CVE-2019-10197), [CVE-2020-10704](https://nvd.nist.gov/vuln/detail/CVE-2020-10704), [CVE-2020-10745](https://nvd.nist.gov/vuln/detail/CVE-2020-10745), [CVE-2019-3880](https://nvd.nist.gov/vuln/detail/CVE-2019-3880), [CVE-2019-10218](https://nvd.nist.gov/vuln/detail/CVE-2019-10218))<br>* shadow ([CVE-2019-19882](https://nvd.nist.gov/vuln/detail/CVE-2019-19882))<br>* sssd ([CVE-2018-16883](https://nvd.nist.gov/vuln/detail/CVE-2018-16883), [CVE-2019-3811](https://nvd.nist.gov/vuln/detail/CVE-2019-3811), [CVE-2018-16838](https://nvd.nist.gov/vuln/detail/CVE-2018-16838))<br>* trousers ([CVE-2020-24330](https://nvd.nist.gov/vuln/detail/CVE-2020-24330), [CVE-2020-24331](https://nvd.nist.gov/vuln/detail/CVE-2020-24331))<br>* cifs-utils ([CVE-2020-14342](https://nvd.nist.gov/vuln/detail/CVE-2020-14342))<br>* ntp ([CVE-2020-11868](https://nvd.nist.gov/vuln/detail/CVE-2020-11868), [CVE-2020-13817](https://nvd.nist.gov/vuln/detail/CVE-2020-13817), [CVE-2018-8956](https://nvd.nist.gov/vuln/detail/CVE-2018-8956), [CVE-2020-15025](https://nvd.nist.gov/vuln/detail/CVE-2020-15025))<br>* bzip2 ([CVE-2019-12900](https://nvd.nist.gov/vuln/detail/CVE-2019-12900))<br><br>Bug fixes:<br><br>* network: Restore KeepConfiguration=dhcp-on-stop ([kinvolk/init#30](https://github.com/kinvolk/init/pull/30))<br>* Make the automatic filesystem resizing more robust against a race and add more logging ([kinvolk/init#31](https://github.com/kinvolk/init/pull/31))<br>* Default again to waiting only for one network interface to be ready with systemd-networkd-wait-online which was missing in the initial systemd 246 update<br>* Default again to disabling IP Forwarding in systemd which was missing in the initial systemd 246 update<br>* Make systemd detect updates again when the /usr partition changes which was missing in the initial systemd 246 update<br>* Default again to set DefaultTasksMax=100% in systemd which was missing in the initial systemd 246 update<br>* Default again to disable SELinux permissions checks in systemd which was missing in the initial systemd 246 update<br><br>Changes:<br><br>* The zstd tools were added (version 1.4.4)<br>* The kernel config CONFIG_PSI was set to support [Pressure Stall Information](https://www.kernel.org/doc/html/latest/accounting/psi.html), more information also under [https://facebookmicrosites.github.io/psi/docs/overview](https://facebookmicrosites.github.io/psi/docs/overview) ([Flatcar#162](https://github.com/flatcar/Flatcar/issues/162))<br>* The kernel config CONFIG_BPF_JIT_ALWAYS_ON was set to use the BPF just-in-time compiler by default for faster execution<br>* The kernel config CONFIG_DEBUG_INFO_BTF was set to support BTF metadata (BPF Type Format), one important piece for portability of BPF programs (CO-RE: Compile Once - Run Everywhere) through relocation<br>* The kernel config CONFIG_POWER_SUPPLY was set<br>* The kernel configs CONFIG_OVERLAY_FS_METACOPY and CONFIG_OVERLAY_FS_REDIRECT_DIR were set. With the first overlayfs will only copy up metadata when a metadata-specific operation like chown/chmod is performed. The full file will be copied up later when the file is opened for write operations. With the second, which is equivalent to setting "redirect_dir=on" in the kernel command-line, overlayfs will copy up the directory first before the actual content ([Flatcar#170](https://github.com/kinvolk/Flatcar/issues/170)).<br><br>Updates:<br><br>* Linux ([5.9.8](https://lwn.net/Articles/836794/))<br>* Linux firmware ([20200918](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20200918))<br>* systemd ([246.6](https://github.com/systemd/systemd-stable/releases/tag/v246.6))<br>* bzip2 ([1.0.8](https://sourceware.org/git/?p=bzip2.git;a=blob;f=CHANGES;h=30afead2586b6d64f50988a41d394a0131b38949;hb=HEAD#l342))<br>* cifs-utils (6.11)<br>* dbus-glib (0.110)<br>* elfutils (0.178)<br>* glib (2.64.5)<br>* ntp (4.2.8_p15)<br>* open-iscsi (2.1.2)<br>* samba (4.11.13)<br>* shadow (4.8)<br>* sssd (2.3.1)<br>* strace (5.9)<br>* talloc (2.3.1)<br>* tdb (1.4.3)<br>* tevent (0.10.2)<br>* SDK/developer container: GCC (9.3.0), binutils (2.35), gdb (9.2)<br>* SDK: Go (1.15.5)<br>* VMware: open-vm-tools (11.2.0)<br><br>Packages:<br>- docker 19.03.13<br>- ignition 0.34.0<br>- kernel 5.9.8<br>- systemd 246<br><br>Architectures:<br>- amd64<br>- arm64<br> 2020-11-20T10:25:21+00:00 @@ -478,7 +486,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2671.0.0 2671.0.0 - 2023-10-25T10:20:34.167219+00:00 + 2023-11-22T09:59:23.889781+00:00 Security fixes:<br><br>- Linux - [CVE-2020-27194](https://nvd.nist.gov/vuln/detail/CVE-2020-27194)<br>- c-ares - [CVE-2017-1000381](https://nvd.nist.gov/vuln/detail/CVE-2017-1000381)<br>- file - [CVE-2019-18218](https://nvd.nist.gov/vuln/detail/CVE-2019-18218)<br>- json-c - [CVE-2020-12762](https://nvd.nist.gov/vuln/detail/CVE-2020-12762)<br>- libuv - [CVE-2020-8252](https://nvd.nist.gov/vuln/detail/CVE-2020-8252)<br>- libxml2 - [CVE-2019-20388](https://nvd.nist.gov/vuln/detail/CVE-2019-20388) [CVE-2020-7595](https://nvd.nist.gov/vuln/detail/CVE-2020-7595)<br>- re2c - [CVE-2020-11958](https://nvd.nist.gov/vuln/detail/CVE-2020-11958)<br>- tar - [CVE-2019-9923](https://nvd.nist.gov/vuln/detail/CVE-2019-9923)<br><br>Bug fixes:<br><br>- Ensured that the `/etc/coreos` to `/etc/flatcar` symlink always exists, relevant for the Container Linux Config transpiler (ct) when specifying directives for `update:` or `locksmith:` while also reformatting the rootfs ([baselayout PR#7](https://github.com/flatcar/baselayout/pull/7))<br>- Allow inactive network interfaces to be bound to a bonding interface, by encoding additional configuration for systemd-networkd-wait-online ([afterburn PR #10](https://github.com/flatcar/afterburn/pull/10))<br>- Azure: Exclude bonded SR-IOV driver mlx5-core from network interfaces managed by systemd-networkd ([bootengine PR #19](https://github.com/flatcar/bootengine/pull/19)) ([init PR #29](https://github.com/flatcar/init/pull/29))<br>- Do not configure ccache in Jenkins ([scripts PR #100](https://github.com/flatcar/scripts/pull/100))<br><br>Changes:<br><br>- Remove unnecessary kernel module nf-conntrack-ipv4 ([overlay PR#649](https://github.com/flatcar/coreos-overlay/pull/649))<br><br>Updates:<br><br>- Linux [5.8.16](https://lwn.net/Articles/834536/)<br>- c-ares [1.61.1](https://github.com/c-ares/c-ares/releases/tag/cares-1_16_1)<br>- cryptsetup [2.3.2](https://gitlab.com/cryptsetup/cryptsetup/-/tags/v2.3.2)<br>- json-c [0.15](https://github.com/json-c/json-c/releases/tag/json-c-0.15-20200726)<br>- libuv [1.39.0](https://github.com/libuv/libuv/releases/tag/v1.39.0)<br>- libxml2 [2.9.10](https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.9.10)<br>- tar [1.32](https://git.savannah.gnu.org/cgit/tar.git/tag/?h=release_1_32)<br>- Go [1.15.3](https://go.googlesource.com/go/+/refs/tags/go1.15.3), [1.12.17](https://go.googlesource.com/go/+/refs/tags/go1.12.17) (only in SDK)<br>- file [5.39](https://github.com/file/file/tree/FILE5_39) (only in SDK)<br>- gdbus-codegen [2.64.5](https://gitlab.gnome.org/GNOME/glib/-/tags/2.64.5) (only in SDK)<br>- meson [0.55.3](https://github.com/mesonbuild/meson/releases/tag/0.55.3) (only in SDK)<br>- re2c [2.0.3](https://re2c.org/releases/release_notes.html#release-2-0-3) (only in SDK)<br><br>Note: Please note that ARM images remain experimental for now.<br><br>Packages:<br>- docker 19.03.13<br>- ignition 0.34.0<br>- kernel 5.8.16<br>- systemd 246<br><br>Architectures:<br>- amd64<br>- arm64<br> 2020-10-28T14:37:26+00:00 @@ -486,7 +494,7 @@ https://github.com/flatcar/manifest/releases/tag/v2661.0.0 2661.0.0 - 2023-10-25T10:20:34.161022+00:00 + 2023-11-22T09:59:23.883034+00:00 Security fixes:<br>- Linux - [CVE-2020-25645](https://nvd.nist.gov/vuln/detail/CVE-2020-25645), [CVE-2020-25643](https://nvd.nist.gov/vuln/detail/CVE-2020-25643), [CVE-2020-25211](https://nvd.nist.gov/vuln/detail/CVE-2020-25211)<br><br>Bug fixes:<br>- Ensured that the `/etc/coreos` to `/etc/flatcar` symlink always exists, relevant for the Container Linux Config transpiler (ct) when specifying directives for `update:` or `locksmith:` while also reformatting the rootfs ([baselayout PR#7](https://github.com/flatcar/baselayout/pull/7))<br>- Azure: Exclude bonded SR-IOV network interfaces with newer drivers from networkd (in addition to the old drivers) to prevent them being configured instead of just the bond interface ([init PR#29](https://github.com/flatcar/init/pull/29), [bootengine PR#19](https://github.com/flatcar/bootengine/pull/19))<br><br>Changes:<br>- Compress kernel modules with xz ([overlay PR#628](https://github.com/flatcar/coreos-overlay/pull/628))<br>- Add containerd-runc-shim-v* binaries required by kubelet custom CRI endpoints ([overlay PR#623](https://github.com/flatcar/coreos-overlay/pull/623))<br>- AWS arm64: Enable elastic network adapter module ([overlay PR#631](https://github.com/flatcar/coreos-overlay/pull/631))<br>- Equinix Metal (Packet): Exclude unused network interfaces from networkd, disregard the state of the bonded interfaces for the `network-online.target` and only require the bond interface itself to have at least one active link instead of `routable` which requires both links to be active ([afterburn PR#10](https://github.com/flatcar/afterburn/pull/10))<br>- QEMU: Use flatcar.autologin kernel command line parameter for auto login on the console ([Flatcar #71](https://github.com/flatcar/Flatcar/issues/71))<br><br>Updates:<br>- Linux [5.8.14](https://lwn.net/Articles/833689/)<br>- systemd [246](https://lwn.net/Articles/827675/)<br>- tini [0.18](https://github.com/krallin/tini/releases/tag/v0.18.0)<br>- libseccomp [2.5.0](https://github.com/seccomp/libseccomp/releases/tag/v2.5.0)<br>- audit [2.8.5](https://github.com/linux-audit/audit-userspace/releases/tag/v2.8.5)<br>- dracut [050](https://github.com/dracutdevs/dracut/releases/tag/050)<br>Packages:<br>- docker 19.03.13<br>- ignition 0.34.0<br>- kernel 5.8.14<br>- systemd 246<br><br>Architectures:<br>- amd64<br>- arm64<br> 2020-10-16T08:08:13+00:00 @@ -494,7 +502,7 @@ https://github.com/flatcar/manifest/releases/tag/v2643.0.0 2643.0.0 - 2023-10-25T10:20:34.155182+00:00 + 2023-11-22T09:59:23.877061+00:00 Security fixes:<br>- Linux: [CVE-2020-25284](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25284), [CVE-2020-14390](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14390)<br>- jq: [CVE-2015-8863](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8863), [CVE-2016-4074](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4074)<br>- sqlite: [CVE-2020-11656](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11656), [CVE-2020-9327](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9327), [CVE-2020-11655](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11655), [CVE-2020-13630](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13630), [CVE-2020-13435](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13435), [CVE-2020-13434](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13434), [CVE-2020-13631](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13631), [CVE-2020-13632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13632), [CVE-2020-15358](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15358)<br>- tcpdump and libpcap: [CVE-2018-10103](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10103), [CVE-2018-10105](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10105), [CVE-2018-16301](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16301), [CVE-2019-15163](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15163), [CVE-2018-14461](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14461), [CVE-2018-14462](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14462), [CVE-2018-14463](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14463), [CVE-2018-14464](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14464), [CVE-2018-14465](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14465), [CVE-2018-14466](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14466), [CVE-2018-14467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14467), [CVE-2018-14468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14468), [CVE-2018-14469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14469), [CVE-2018-14470](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14470), [CVE-2018-14880](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14880), [CVE-2018-14881](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14881), [CVE-2018-14882](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14882), [CVE-2018-16227](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16227), [CVE-2018-16228](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16228), [CVE-2018-16229](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16229), [CVE-2018-16230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16230), [CVE-2018-16300](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16300), [CVE-2018-16451](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16451), [CVE-2018-16452](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16452), [CVE-2019-15166](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15166), [CVE-2018-19325](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19325), [CVE-2018-14879](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14879), [CVE-2017-16808](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16808), [CVE-2018-19519](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19519), [CVE-2019-15161](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15161), [CVE-2019-15165](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15165), [CVE-2019-15164](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15164), [CVE-2019-1010220](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010220)<br>- libbsd: [CVE-2019-20367](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20367)<br>- rsync: [CVE-2016-9840](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9840), [CVE-2016-9841](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9841), [CVE-2016-9842](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9842), [CVE-2016-9843](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9843)<br><br><br>Bug fixes:<br><br>- Enabled missing systemd services ([#191](https://github.com/flatcar/Flatcar/issues/191), [PR #612](https://github.com/flatcar/coreos-overlay/pull/612))<br>- Fixed Docker torcx image unpacking error on machines with less than ~600 MB total RAM ([#32](https://github.com/flatcar/Flatcar/issues/32))<br>- Solved adcli Kerberos Active Directory incompatibility ([#194](https://github.com/flatcar/Flatcar/issues/194))<br>- Fixed the makefile path when building kernel modules with the developer container ([#195](https://github.com/flatcar/Flatcar/issues/195))<br>- Removed the `/etc/portage/savedconfig/` folder that contained a dump of the firmware config [flatcar-linux/coreos-overlay#613](https://github.com/flatcar/coreos-overlay/pull/613)<br><br><br>Changes:<br><br>- GCE: Improved oslogin support and added shell aliases to run a Python Docker image ([PR #592](https://github.com/flatcar/coreos-overlay/pull/592))<br><br>Updates:<br><br>- Linux [5.8.11](https://lwn.net/Articles/832305/)<br>- Docker [19.03.13](https://docs.docker.com/engine/release-notes/#190313)<br>- docker-runc [1.0.-rc92](https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc92)<br>- containerd [1.4.1](https://github.com/containerd/containerd/releases/tag/v1.4.1)<br>- adcli [0.9.0](https://cgit.freedesktop.org/realmd/adcli/tree/NEWS?h=0.9.0)<br>- GCE: oslogin [20200910.00](https://github.com/GoogleCloudPlatform/guest-oslogin/releases/tag/20200910.00)<br>- jq [1.6](https://github.com/stedolan/jq/releases/tag/jq-1.6)<br>- rsync [3.2.3](https://download.samba.org/pub/rsync/NEWS#3.2.3)<br>- tcpdump [4.9.3](https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9.3/CHANGES)<br><br>Note: Please note that ARM images remain experimental for now.<br>Packages:<br>- docker 19.03.13<br>- ignition 0.34.0<br>- kernel 5.8.11<br>- systemd 245<br><br>Architectures:<br>- amd64<br> 2020-09-30T12:23:46+00:00 @@ -502,7 +510,7 @@ https://github.com/flatcar/manifest/releases/tag/v2632.0.0 2632.0.0 - 2023-10-25T10:20:34.147262+00:00 + 2023-11-22T09:59:23.868840+00:00 Bug fixes:<br><br>- Fix resetting of DNS nameservers in systemd-networkd units ([PR#12](https://github.com/flatcar/systemd/pull/12))<br><br>Changes:<br><br>- Disable TX checksum offloading for the IP-in-IP tunl0 interface used by Calico ([PR#26](https://github.com/flatcar/init/pull/26)). This is a workaround for a Mellanox driver issue, currently tracked in [Flatcar#183](https://github.com/flatcar/Flatcar/issues/183)<br>- Set `sysctl net.ipv4.conf.(all|*).rp_filter` to 0 (instead of the systemd upstream value 2) to be less restrictive which some network solutions rely on ([PR#11](https://github.com/flatcar/systemd/pull/11))<br>- Update-engine now detects rollbacks and reports them as errors to the update server ([PR#6](https://github.com/flatcar/update_engine/pull/6))<br>- `flatcar-install` allows installation to a multipath drive ([PR#24](https://github.com/flatcar/init/pull/24))<br>- Support the `lockdown` kernel command line parameter ([PR#533](https://github.com/flatcar/coreos-overlay/pull/553))<br>- Update public key to include a [new subkey](https://www.flatcar-linux.org/security/image-signing-key/)<br><br>Updates:<br><br>- Linux [5.8.9](https://lwn.net/Articles/831365/)<br>- linux-firmware [20200817](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20200817)<br>- Go [1.15.2](https://golang.org/doc/go1.15)<br>- Rust [1.46.0](https://blog.rust-lang.org/2020/08/27/Rust-1.46.0.html)<br><br>Note: Please note that ARM images remain experimental for now.<br><br>Packages:<br>- docker 19.03.12<br>- ignition 0.34.0<br>- kernel 5.8.9<br>- rkt 1.30.0<br>- systemd 245<br><br>Architectures:<br>- amd64<br>- arm64<br> 2020-09-16T06:15:52+00:00 @@ -510,7 +518,7 @@ https://github.com/flatcar/manifest/releases/tag/v2605.1.0 2605.1.0 - 2023-10-25T10:20:34.141826+00:00 + 2023-11-22T09:59:23.863368+00:00 <br>Bug fixes:<br><br>- Resolve ipset API incompatibility [Flatcar#174](https://github.com/flatcar/Flatcar/issues/174)<br>- Fix udev rule warning about ignored value [Flatcar#164](https://github.com/flatcar/Flatcar/issues/164)<br>- Add missing `render` group [Flatcar#169](https://github.com/flatcar/Flatcar/issues/169)<br><br>Changes:<br><br>- Mount `/sys/fs/bpf` into the toolbox container and allow BPF syscalls ([PR#544](https://github.com/flatcar/coreos-overlay/pull/544))<br>- Support loading BPF programs with `tc` [Flatcar#172](https://github.com/flatcar/Flatcar/issues/172)<br><br>Updates:<br><br>- Linux [5.4.61](https://lwn.net/Articles/829613/)<br>- etcd-wrapper/etcdctl [3.3.25](https://github.com/etcd-io/etcd/releases/tag/v3.3.25)<br>- ipset [7.6](https://lwn.net/Articles/813097/)<br>- iproute [5.8](https://lwn.net/Articles/828370/)<br>- mdadm [4.1](https://mirrors.edge.kernel.org/pub/linux/utils/raid/mdadm/ANNOUNCE)<br>- VMware: openvm-tools [11.1.5](https://github.com/vmware/open-vm-tools/blob/stable-11.1.5/ReleaseNotes.md)<br><br>Note: Please note that ARM images remain experimental for now.<br><br>Packages:<br>- docker 19.03.12<br>- ignition 0.34.0<br>- kernel 5.4.61<br>- rkt 1.30.0<br>- systemd 245<br><br>Architectures:<br>- amd64<br>- arm64<br> 2020-09-01T12:24:31+00:00 @@ -518,7 +526,7 @@ https://github.com/flatcar/manifest/releases/tag/v2605.0.0 2605.0.0 - 2023-10-25T10:20:34.136823+00:00 + 2023-11-22T09:59:23.858304+00:00 Security fixes:<br><br><br><br>* Bind: fixes for [CVE-2020-8616](https://nvd.nist.gov/vuln/detail/CVE-2020-8616), [CVE-2020-8617](https://nvd.nist.gov/vuln/detail/CVE-2020-8617), [CVE-2020-8620](https://nvd.nist.gov/vuln/detail/CVE-2020-8620), [CVE-2020-8621](https://nvd.nist.gov/vuln/detail/CVE-2020-8621), [CVE-2020-8622](https://nvd.nist.gov/vuln/detail/CVE-2020-8622), [CVE-2020-8623](https://nvd.nist.gov/vuln/detail/CVE-2020-8623), [CVE-2020-8624](https://nvd.nist.gov/vuln/detail/CVE-2020-8624)<br><br>Bug fixes:<br><br><br><br>* etcd-wrapper: Adjust data dir permissions [https://github.com/flatcar/coreos-overlay/pull/536](https://github.com/flatcar/coreos-overlay/pull/536) <br><br>Changes:<br><br><br><br>* Add drivers for qedf, qedi, qla4xxx as kernel modules [https://github.com/flatcar/coreos-overlay/pull/528](https://github.com/flatcar/coreos-overlay/pull/528) <br><br>Updates:<br><br><br><br>* Linux [5.4.59](https://lwn.net/Articles/829106/)<br>* Bind-tools [9.16.6](https://ftp.isc.org/isc/bind9/cur/9.16/RELEASE-NOTES-bind-9.16.6.html)<br>* Openssl [1.1.1g](https://www.openssl.org/news/openssl-1.1.1-notes.html) <br>* etcd-wrapper [3.3.24](https://github.com/etcd-io/etcd/releases/tag/v3.3.24)<br>* sssd [1.16.3](https://sssd.io/docs/users/relnotes/notes_1_16_3.html)<br>* kerberos [1.18.2](https://web.mit.edu/kerberos/krb5-1.18/)<br>* Containerd [1.3.7](https://github.com/containerd/containerd/releases/tag/v1.3.7)<br>* Go [1.13.15](https://go.googlesource.com/go/+/refs/tags/go1.13.15) used for compilation<br>Packages:<br>- docker 19.03.12<br>- ignition 0.34.0<br>- kernel 5.4.59<br>- rkt 1.30.0<br>- systemd 245<br><br>Architectures:<br>- amd64<br>- arm64<br> 2020-08-20T21:47:52+00:00 @@ -526,7 +534,7 @@ https://github.com/flatcar/manifest/releases/tag/v2592.0.0 2592.0.0 - 2023-10-25T10:20:34.131621+00:00 + 2023-11-22T09:59:23.853055+00:00 Bug Fixes:<br>- Improved logic for GPT disk UUID randomization to fix booting on Packet c3.medium.x86 machines ([flatcar-linux/bootengine#17](https://github.com/flatcar/bootengine/pull/17))<br>- gpg: add patches for accepting keys without UIDs ([flatcar-linux/coreos-overlay#381](https://github.com/flatcar/coreos-overlay/pull/381))<br>- The static IP address configuration in the initramfs works again in the format `ip=<ip>::<gateway>:<netmask>:<hostname>:<iface>:none[:<dns1>[:<dns2>]]` ([flatcar-linux/bootengine#15](https://github.com/flatcar/bootengine/pull/15))<br><br><br>Changes:<br>- Since [version 245](https://github.com/systemd/systemd-stable/blob/v245-stable/NEWS#L267) systemd-networkd ignores network unit files with an empty `[Match]` section. Add a `Name=*` entry to match all interfaces.<br>- Weave network interfaces are excluded from systemd-networkd ([flatcar-linux/init#22](https://github.com/flatcar/init/pull/22))<br>- Enabled the mmio and vsock virtio kernel modules for Firecracker ([flatcar-linux/coreos-overlay#485](https://github.com/flatcar/coreos-overlay/pull/485))<br>- Enabled CONFIG_IKHEADERS to expose kernel headers under `/sys/kernel/kheaders.tar.xz`<br>- Vultr support in Ignition ([flatcar-linux/ignition#13](https://github.com/flatcar/ignition/pull/13))<br>- VMware OVF settings default to ESXi 6.5 and Linux 3.x<br><br><br>Updates:<br>- Linux [5.4.55](https://lwn.net/Articles/827718/)<br>- systemd [v245](https://github.com/systemd/systemd-stable/blob/v245-stable/NEWS)<br>- Docker [19.03.12](https://docs.docker.com/engine/release-notes/#190312)<br>- gnupg [2.2.20](https://lists.gnupg.org/pipermail/gnupg-announce/2020q1/000444.html)<br>- cryptsetup [2.0.3](https://www.saout.de/pipermail/dm-crypt/2018-May/005876.html)<br>- etcd [3.3.22](https://github.com/etcd-io/etcd/releases/tag/v3.3.22)<br>- etcdctl [3.3.22](https://github.com/etcd-io/etcd/releases/tag/v3.3.22)<br>- Go [1.13.14](https://go.googlesource.com/go/+/refs/tags/go1.13.14)<br>- Rust [1.44.1](https://blog.rust-lang.org/2020/06/18/Rust.1.44.1.html)<br><br>Note: Please note that ARM images remain experimental for now.<br>Packages:<br>- docker 19.03.12<br>- ignition 0.34.0<br>- kernel 5.4.55<br>- rkt 1.30.0<br>- systemd 245<br><br>Architectures:<br>- amd64<br>- arm64<br> 2020-08-06T14:58:47+00:00 @@ -534,7 +542,7 @@ https://github.com/flatcar/manifest/releases/tag/v2513.1.0 2513.1.0 - 2023-10-25T10:20:34.125755+00:00 + 2023-11-22T09:59:23.847171+00:00 Security Fixes:<br><br>- Malicious URLs can cause Git to expose private credentials [CVE-2020-5260](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5260)<br>- Similar to [CVE-2020-5260](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5260), Malicious URLs can cause Git to expose private credentials [CVE-2020-11008](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11008)<br><br>Bugfixes:<br>- Include dig binary in ARM [flatcar-linux/Flatcar#123](https://github.com/flatcar/Flatcar/issues/123)<br>- Fix the login prompt issue in the ISO [flatcar-linux/Flatcar#131](https://github.com/flatcar/Flatcar/issues/131)<br>- app-admin/{kubelet, etcd, flannel}-wrapper: don't overwrite the user supplied --insecure-options argument https://github.com/flatcar/coreos-overlay/pull/426<br><br>Updates:<br><br>- Linux - [5.4.47](https://lwn.net/Articles/823315/)<br>- Docker - [19.03.11](https://docs.docker.com/engine/release-notes/#190311)<br>- Go - [1.13.12](https://go.googlesource.com/go/+/refs/tags/go1.13.12)<br>- strace - [5.6](https://github.com/strace/strace/releases/tag/v5.6)<br>- git - [2.26.2](https://github.com/git/git/blob/master/Documentation/RelNotes/2.26.2.txt)<br><br>Note: Please note that ARM images remain experimental for now.<br><br>Packages:<br>- docker 19.03.11<br>- ignition 0.34.0<br>- kernel 5.4.47<br>- rkt 1.30.0<br>- systemd 243<br><br>Architectures:<br>- amd64<br>- arm64<br> 2020-06-30T15:56:06+00:00 @@ -542,7 +550,7 @@ https://github.com/flatcar/manifest/releases/tag/v2513.0.1 2513.0.1 - 2023-10-25T10:20:34.120558+00:00 + 2023-11-22T09:59:23.841953+00:00 ## Flatcar updates<br><br>Security fixes:<br>- Fix the Intel Microcode vulnerabilities ([CVE-2020-0543](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0543))<br><br>Changes:<br>- A source code and licensing overview is available under `/usr/share/licenses/INFO`<br><br>Updates:<br>- Linux [5.4.46](https://lwn.net/Articles/822840/)<br>- intel-microcode [20200609](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20200609)<br>Packages:<br>- docker 19.03.8<br>- ignition 0.34.0<br>- kernel 5.4.46<br>- rkt 1.30.0<br>- systemd 243<br><br>Architectures:<br>- amd64<br>- arm64<br> 2020-06-17T15:44:00+00:00 @@ -550,7 +558,7 @@ https://github.com/flatcar/manifest/releases/tag/v2513.0.0 2513.0.0 - 2023-10-25T10:20:34.115943+00:00 + 2023-11-22T09:59:23.837317+00:00 ## Flatcar updates<br><br>Security fixes:<br>- Fix e2fsprogs arbitrary code execution via crafted filesystem ([CVE-2019-5094](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094))<br>- Fix libarchive crash or use-after-free via crafted RAR file ([CVE-2019-18408](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18408), [CVE-2020-9308](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9308))<br>- Fix libgcrypt ECDSA timing attack ([CVE-2019-13627](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13627))<br>- Fix libidn2 domain impersonation ([CVE-2019-12290](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12290))<br>- Fix NSS crashes and heap corruption ([CVE-2017-11695](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11695), [CVE-2017-11696](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11696), [CVE-2017-11697](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11697), [CVE-2017-11698](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11698), [CVE-2018-18508](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18508), [CVE-2019-11745](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745))<br>- Fix OpenSSL overflow in Montgomery squaring procedure ([CVE-2019-1551](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551))<br>- Fix SQLite crash and heap corruption ([CVE-2019-16168](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16168), [CVE-2019-5827](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5827))<br>- Fix unzip heap overflow or excessive resource consumption via crafted archive ([CVE-2018-1000035](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000035), [CVE-2019-13232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13232))<br>- Fix vim arbitrary command execution via crafted file ([CVE-2019-12735](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12735))<br><br>Bug fixes:<br>- Revert adding the SELinux use flag for docker-runc until a regression is solved<br>- When writing the update kernel, prefer `/boot/coreos` only if `/boot/coreos/vmlinux-*` exists (https://github.com/flatcar/update_engine/pull/5)<br>- Fixed sysroot-boot initramfs service race which resulted in a warning that this service failed<br><br>Changes:<br>- Support the CoreOS GRUB `/boot/coreos/first_boot` flag file (https://github.com/flatcar/bootengine/pull/13)<br>- Fetch container images in docker format rather than ACI by default in `etcd-member.service`, `flanneld.service`, and `kubelet-wrapper`<br>- Add wireguard kernel module from [wireguard-linux-compat](https://git.zx2c4.com/wireguard-linux-compat)<br>- Include `wg` (wireguard-tools)<br>- Enable regex support for `jq`<br>- Use `flatcar.autologin` kernel command line parameter on Azure for auto login on the serial console<br><br>Updates:<br>- e2fsprogs [1.45.5](http://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.45.5)<br>- etcd [3.3.20](https://github.com/etcd-io/etcd/releases/tag/v3.3.20)<br>- etcdctl [3.3.20](https://github.com/etcd-io/etcd/releases/tag/v3.3.20)<br>- Linux [5.4.41](https://lwn.net/Articles/820524/)<br>- OpenSSL [1.0.2u](https://www.openssl.org/news/openssl-1.0.2-notes.html)<br>- vim [8.2.0360](http://ftp.vim.org/pub/vim/patches/8.2/README)<br>- systemd [243](https://github.com/systemd/systemd-stable/blob/v243-stable/NEWS)<br><br>Packages:<br>- docker 19.03.8<br>- ignition 0.34.0<br>- kernel 5.4.41<br>- rkt 1.30.0<br>- systemd 243<br><br>Architectures:<br>- amd64<br>- arm64<br> 2020-05-26T16:33:35+00:00 @@ -558,7 +566,7 @@ https://github.com/flatcar/manifest/releases/tag/v2492.0.0 2492.0.0 - 2023-10-25T10:20:34.109314+00:00 + 2023-11-22T09:59:23.830656+00:00 ## Flatcar updates<br><br>Bug fixes:<br><br>- Support both guestinfo.ignition.config and guestinfo.coreos.config in coreos-cloudinit (https://github.com/flatcar/coreos-cloudinit/pull/4)<br>- Fix VMware guestinfo variable retrieval and add missing variables in ignition (https://github.com/flatcar/ignition/pull/11)<br>- Use flatcar.autologin for the console in oem-vmware (https://github.com/flatcar/coreos-overlay/pull/308)<br>- Log list of coredumps with coredumpctl in mayday (https://github.com/flatcar/mayday/pull/8)<br><br>Updates:<br><br>- Linux [5.4.35](https://lwn.net/Articles/818569/)<br>- Go [1.13.10](https://go.googlesource.com/go/+/refs/tags/go1.13.10)<br>- containerd [1.3.4](https://github.com/containerd/containerd/releases/tag/v1.3.4)<br>- conntrack-tools [1.4.5](https://git.netfilter.org/conntrack-tools/tag/?h=conntrack-tools-1.4.5)<br>- linux-firmware [20191022](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20191022)<br>Packages:<br>- docker 19.03.8<br>- ignition 0.34.0<br>- kernel 5.4.35<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br>- arm64<br> 2020-04-30T14:30:52+00:00 @@ -566,7 +574,7 @@ https://github.com/flatcar/manifest/releases/tag/v2466.0.0 2466.0.0 - 2023-10-25T10:20:34.104383+00:00 + 2023-11-22T09:59:23.825654+00:00 ## Flatcar updates<br><br>Bug fixes:<br><br>- Use newest network interface naming scheme (https://github.com/flatcar/Flatcar/issues/36)<br> - It is a possible breaking change for some persistent network interface names<br>- Fix coreos-cloudinit variable names (https://github.com/flatcar/coreos-overlay/pull/206)<br>- Prefer /boot/coreos to write updates (https://github.com/flatcar/update_engine/pull/2)<br>- Build a download URL in a safer way (https://github.com/flatcar/update_engine/issues/3)<br>- Remove /boot/coreos/first_boot after a Ignition rerun on migration (https://github.com/flatcar/bootengine/pull/10)<br>- Support coreos.config.url as kernel command line parameter for Ignition (https://github.com/flatcar/ignition/pull/10)<br>- Make flannel cross-node traffic work with systemd > 242 (https://github.com/coreos/flannel/issues/1155, https://github.com/flatcar/coreos-overlay/pull/279)<br><br>Changes:<br><br>- Add `tracepath` alongside `traceroute6` (https://github.com/flatcar/Flatcar/issues/50)<br>- Extend logging capabilities of mayday (https://github.com/flatcar/Flatcar/issues/61)<br><br>Updates:<br><br>- Linux [4.19.113](https://lwn.net/Articles/815960/)<br>- Docker [19.03.8](https://github.com/docker/docker-ce/releases/tag/v19.03.8)<br>- open-vm-tools [11.0.5](https://github.com/vmware/open-vm-tools/releases/tag/stable-11.0.5)<br>- openssh [8.1](https://www.openssh.com/txt/release-8.1)<br>- WAAgent [2.2.46](https://github.com/Azure/WALinuxAgent/releases/tag/v2.2.46)<br>Packages:<br>- docker 19.03.8<br>- ignition 0.34.0<br>- kernel 4.19.113<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br>- arm64<br> 2020-04-15T15:24:01+00:00 @@ -574,7 +582,7 @@ https://github.com/flatcar/manifest/releases/tag/v2430.0.0 2430.0.0 - 2023-10-25T10:20:34.099043+00:00 + 2023-11-22T09:59:23.820286+00:00 ## Flatcar updates<br><br>Bug fixes:<br><br>- Enable persistent network interface names already in the initramfs to fix https://github.com/coreos/bugs/issues/1767<br>- Do not error out in runc if SELinux is disabled on the system (https://github.com/flatcar/coreos-overlay/pull/189)<br>- Bring back runc 1.0-rc2 for Docker 17.03 (https://github.com/flatcar/coreos-overlay/pull/191)<br>- Use correct branch name format in developer container tools (https://github.com/flatcar/dev-util/pull/2)<br><br>Updates:<br><br>- Linux [4.19.106](https://lwn.net/Articles/813157/)<br>Packages:<br>- docker 19.03.5<br>- ignition 0.34.0<br>- kernel 4.19.106<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br>- arm64<br> 2020-03-05T10:26:46+00:00 @@ -582,7 +590,7 @@ https://github.com/flatcar/manifest/releases/tag/v2411.0.0 2411.0.0 - 2023-10-25T10:20:34.094285+00:00 + 2023-11-22T09:59:23.815516+00:00 ## Flatcar updates<br><br>Security fixes:<br><br>- Fix stack-based buffer overflow in sudo ([CVE-2019-18634](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18634))<br>- Fix incorrect access control leading to privileges escalation in runc ([CVE-2019-19921](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19921))<br>- Fix systemd use-after-free upon receiving crafted D-Bus message from local unprivileged attacker ([CVE-2020-1712](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1712))<br><br>Bug fixes:<br><br>- Fix DNS resolution for the GCE metadata server (https://github.com/flatcar/coreos-overlay/pull/160)<br>- Use correct URLs for flatcar-linux in emerge-gitclone and scripts (https://github.com/flatcar/dev-util/pull/1) (https://github.com/flatcar/scripts/pull/50)<br>- Fix a wrong profile reference in torcx (https://github.com/flatcar/coreos-overlay/pull/162)<br>- Create symlink for /run/metadata/coreos (https://github.com/flatcar/coreos-overlay/pull/166)<br>- Create symlink for flatcar-install (https://github.com/flatcar/init/pull/14)<br>- Fix backwards compatibility issues for users to migrate from CoreOS Container Linux (https://github.com/flatcar/Flatcar/issues/16 https://github.com/flatcar/afterburn/pull/7 https://github.com/flatcar/bootengine/pull/7 https://github.com/flatcar/bootengine/pull/8 https://github.com/flatcar/init/pull/16 https://github.com/flatcar/init/pull/17 https://github.com/flatcar/ignition/pull/8)<br><br>Changes:<br><br>- Build Flatcar tarballs to be used by containers (https://github.com/flatcar/scripts/pull/51)<br>- Enable qede kernel module<br><br>Updates:<br><br>- Linux [4.19.102](https://lwn.net/Articles/811638/)<br>- runc [1.0.0-rc10](https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc10)<br>- sudo [1.8.31](https://www.sudo.ws/stable.html#1.8.31)<br><br>Packages:<br>- docker 19.03.5<br>- ignition 0.34.0<br>- kernel 4.19.102<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br>- arm64<br> 2020-02-17T16:40:26+00:00 @@ -590,7 +598,7 @@ https://github.com/flatcar/manifest/releases/tag/v2387.0.0 2387.0.0 - 2023-10-25T10:20:34.088668+00:00 + 2023-11-22T09:59:23.809903+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2387.0.0):<br><br>Security fixes:<br><br>- Fix multiple Git [vulnerabilities](https://marc.info/?l=git&m=157600115215285&w=2) ([CVE-2019-1348](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1348), [CVE-2019-1349](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1349), [CVE-2019-1350](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1350), [CVE-2019-1351](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1351), [CVE-2019-1352](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1352), [CVE-2019-1353](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1353), [CVE-2019-1354](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1354), [CVE-2019-1387](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1387), [CVE-2019-19604](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19604))<br><br>Updates:<br><br>- Git [2.24.1](https://github.com/git/git/blob/master/Documentation/RelNotes/2.24.1.txt)<br>- Ignition [0.34.0](https://github.com/coreos/ignition/releases/tag/v0.34.0)<br><br>## Flatcar updates<br>- Linux [4.19.97](https://lwn.net/Articles/809961/)<br><br>Packages:<br>- docker 19.03.5<br>- ignition 0.34.0<br>- kernel 4.19.97<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br>- arm64<br> 2020-01-21T12:54:35+00:00 @@ -598,7 +606,7 @@ https://github.com/flatcar/manifest/releases/tag/v2345.0.2 2345.0.2 - 2023-10-25T10:20:34.083668+00:00 + 2023-11-22T09:59:23.804936+00:00 ## Flatcar updates<br><br>Security fixes:<br><br>- Fix a denial-of-service issue via malicious access to `/dev/kvm` ([CVE-2019-19332](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19332))<br><br>Bug fixes:<br><br>- Fix a bug when creating RAID0 arrays by setting the default layout (https://github.com/flatcar/baselayout/pull/2)<br><br>Updates:<br><br>- Linux [4.19.89](https://lwn.net/Articles/807416/)<br>Packages:<br>- docker 19.03.5<br>- ignition 0.33.0<br>- kernel 4.19.89<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br>- arm64<br> 2019-12-20T09:27:31+00:00 @@ -606,7 +614,7 @@ https://github.com/flatcar/manifest/releases/tag/v2345.0.1 2345.0.1 - 2023-10-25T10:20:34.079071+00:00 + 2023-11-22T09:59:23.800308+00:00 ## Flatcar updates<br><br>It is the first release done for both amd64 and arm64.<br><br>Bug fixes:<br><br>- Fix cross-build issues around WAF by creating wrappers (https://github.com/flatcar/coreos-overlay/pull/137 https://github.com/flatcar/coreos-overlay/pull/139)<br><br>Updates:<br><br>- ldb [1.3.6](https://gitlab.com/samba-team/samba/-/tags/ldb-1.3.6)<br>- samba [4.8.6](https://gitlab.com/samba-team/samba/-/tags/samba-4.8.6)<br>- talloc [2.1.11](https://gitlab.com/samba-team/samba/-/tags/talloc-2.1.11)<br>- tdb [1.3.15](https://gitlab.com/samba-team/samba/-/tags/tdb-1.3.15)<br>- tevent [0.9.37](https://gitlab.com/samba-team/samba/-/tags/tevent-0.9.37)<br><br>Packages:<br>- docker 19.03.5<br>- ignition 0.33.0<br>- kernel 4.19.87<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br>- arm64<br> 2019-12-09T10:28:08+00:00 @@ -614,7 +622,7 @@ https://github.com/flatcar/manifest/releases/tag/v2345.0.0 2345.0.0 - 2023-10-25T10:20:34.074350+00:00 + 2023-11-22T09:59:23.795544+00:00 ## Flatcar updates<br><br>Security fixes:<br><br>- Fix heap-based buffer over-read in libexpat ([CVE-2019-15903](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903))<br>- Fix code injection around dynamic libraries in docker ([CVE-2019-14271](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14271))<br><br>Bug fixes:<br><br>- Fix cross-build issues in rust by storing shell scripts under the source directory (https://github.com/flatcar/coreos-overlay/pull/125)<br>- Fix bug in dealing with xattrs when unpacking torcx tarballs (https://github.com/flatcar/torcx/pull/2)<br><br>Updates:<br><br>- Linux [4.19.87](https://lwn.net/Articles/805923/)<br>- docker [19.03.5](https://docs.docker.com/engine/release-notes/#19035)<br>- etcd [3.3.18](https://github.com/etcd-io/etcd/releases/tag/v3.3.18)<br>- expat [2.2.8](https://github.com/libexpat/libexpat/releases/tag/R_2_2_8)<br><br>Packages:<br>- docker 19.03.5<br>- ignition 0.33.0<br>- kernel 4.19.87<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-12-05T06:35:19+00:00 @@ -622,7 +630,7 @@ https://github.com/flatcar/manifest/releases/tag/v2331.0.0 2331.0.0 - 2023-10-25T10:20:34.069401+00:00 + 2023-11-22T09:59:23.790599+00:00 ## Flatcar updates<br><br>Security fixes:<br><br>- Fix Intel CPU disclosure of memory to user process. Complete mitigation requires [manually disabling TSX or SMT](https://docs.flatcar-linux.org/os/disabling-smt/) on affected processors. ([CVE-2019-11135](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11135), [TAA](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00270.html))<br>- Fix Intel CPU denial of service by a malicious guest VM ([CVE-2018-12207](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12207))<br>- Fix curl Kerberos FTP double free ([CVE-2019-5481](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5481))<br> - Fix curl TFTP buffer overflow with non-default block size ([CVE-2019-5482](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5482))<br> - Fix OpenSSL key extraction attacks under non-default conditions ([CVE-2019-1563](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563), [CVE-2019-1547](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1547))<br>- Fix panic caused by invalid DSA public keys in Go 1.12 and 1.13 ([CVE-2019-17596](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17596))<br><br>Bug fixes:<br><br>- Fix CFS scheduler throttling highly-threaded I/O-bound applications ([#2623](https://github.com/coreos/bugs/issues/2623))<br>- Fix time zone for Brazil ([#2627](https://github.com/coreos/bugs/issues/2627))<br><br>Updates:<br><br>- Go [1.12.12](https://go.googlesource.com/go/+/refs/tags/go1.12.12) and [1.13.3](https://go.googlesource.com/go/+/refs/tags/go1.13.3)<br>- curl [7.66.0](https://curl.haxx.se/mail/archive-2019-09/0002.html)<br>- intel-microcode [20191115](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/blob/microcode-20191115/releasenote)<br>- Linux [4.19.84](https://lwn.net/Articles/804465/)<br>- OpenSSL [1.0.2t](https://www.openssl.org/news/cl102.txt)<br>- timezone-data [2019c](http://mm.icann.org/pipermail/tz-announce/2019-September/000057.html)<br><br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.84<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-11-25T12:07:57+00:00 @@ -630,7 +638,7 @@ https://github.com/flatcar/manifest/releases/tag/v2317.0.1 2317.0.1 - 2023-10-25T10:20:34.063743+00:00 + 2023-11-22T09:59:23.784962+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2317.0.1):<br><br>Bug fixes:<br><br>- Fix CFS scheduler throttling highly-threaded I/O-bound applications ([#2623](https://github.com/coreos/bugs/issues/2623))<br>- Fix time zone for Brazil ([#2627](https://github.com/coreos/bugs/issues/2627))<br><br>Updates:<br><br>- Linux [4.19.81](https://lwn.net/Articles/803384/)<br>- timezone-data [2019c](http://mm.icann.org/pipermail/tz-announce/2019-September/000057.html)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.81<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-11-11T14:14:00+00:00 @@ -638,7 +646,7 @@ https://github.com/flatcar/manifest/releases/tag/v2303.0.0 2303.0.0 - 2023-10-25T10:20:34.059126+00:00 + 2023-11-22T09:59:23.780308+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2303.0.0):<br><br>Changes:<br>- Pin rkt to Go 1.12<br><br>Updates:<br>- Go [1.12.10](https://golang.org/doc/devel/release.html#go1.12.minor)<br>- Go [1.13.2](https://golang.org/doc/devel/release.html#go1.13.minor)<br>- Linux [4.19.80](https://lwn.net/Articles/802628/)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.80<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-10-23T12:33:00+00:00 @@ -646,7 +654,7 @@ https://github.com/flatcar/manifest/releases/tag/v2296.0.0 2296.0.0 - 2023-10-25T10:20:34.054673+00:00 + 2023-11-22T09:59:23.775825+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2296.0.0):<br><br>Security fixes:<br>- Fix sudo allowing a user to run commands as root if configured to permit the user to run commands as everyone other than root ([CVE-2019-14287](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14287))<br><br>Bug fixes:<br>- Fix kernel crash with CephFS mounts, introduced in 2275.0.0 ([#2616](https://github.com/coreos/bugs/issues/2616))<br><br>Updates:<br>- etcd [3.3.17](https://github.com/etcd-io/etcd/releases/tag/v3.3.17)<br>- etcdctl [3.3.17](https://github.com/etcd-io/etcd/releases/tag/v3.3.17)<br>- Go [1.12.9](https://golang.org/doc/devel/release.html#go1.12.minor)<br>- Linux [4.19.79](https://lwn.net/Articles/802169/)<br>- sudo [1.8.28](https://www.sudo.ws/stable.html#1.8.28)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.79<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-10-17T18:54:10+00:00 @@ -654,7 +662,7 @@ https://github.com/flatcar/manifest/releases/tag/v2275.1.0 2275.1.0 - 2023-10-25T10:20:34.049860+00:00 + 2023-11-22T09:59:23.770968+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2275.1.0):<br><br>Bug fixes:<br>- Fix kernel crash with CephFS mounts, introduced in 2275.0.0 ([#2616](https://github.com/coreos/bugs/issues/2616))<br><br>Updates:<br>- Linux [4.19.78](https://lwn.net/Articles/801700/)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.78<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-10-16T15:09:02+00:00 @@ -662,7 +670,7 @@ https://github.com/flatcar/manifest/releases/tag/v2275.0.0 2275.0.0 - 2023-10-25T10:20:34.045414+00:00 + 2023-11-22T09:59:23.766524+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2275.0.0):<br><br>Security fixes:<br><br>- Fix dbus authentication bypass in non-default configurations ([CVE-2019-12749](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12749))<br>- Fix kernel KVM guest escape ([CVE-2019-14835](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14835))<br>- Fix race condition in Intel microprocessors ([CVE-2019-11184](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11184))<br><br>Updates:<br><br>- intel-microcode [20190918](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/blob/microcode-20190918/releasenote)<br>- Linux [4.19.75](https://lwn.net/Articles/800247/)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.75<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-09-25T09:33:48+00:00 @@ -670,7 +678,7 @@ https://github.com/flatcar/manifest/releases/tag/v2261.0.0 2261.0.0 - 2023-10-25T10:20:34.040528+00:00 + 2023-11-22T09:59:23.761755+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2261.0.0):<br><br>Security fixes:<br><br>- Fix systemd-resolved bug allowing unprivileged users to change DNS settings ([CVE-2019-15718](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15718))<br><br>Bug fixes:<br><br>- Fix GCE agent crash loop in new installs ([#2608](https://github.com/coreos/bugs/issues/2608))<br><br>Updates:<br><br>- Linux [4.19.71](https://lwn.net/Articles/798627/)<br><br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.71<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-09-13T10:54:40+00:00 @@ -678,7 +686,7 @@ https://github.com/flatcar/manifest/releases/tag/v2247.1.0 2247.1.0 - 2023-10-25T10:20:34.035646+00:00 + 2023-11-22T09:59:23.757164+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2247.1.0):<br><br>Security fixes:<br><br>- Fix systemd-resolved bug allowing unprivileged users to change DNS settings ([CVE-2019-15718](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15718))<br><br>Bug fixes:<br><br>- Fix GCE agent crash loop in new installs ([#2608](https://github.com/coreos/bugs/issues/2608))<br><br>Updates:<br><br>- Linux [4.19.69](https://lwn.net/Articles/797815/)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.69<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-09-05T08:53:55+00:00 @@ -686,7 +694,7 @@ https://github.com/flatcar/manifest/releases/tag/v2247.0.0 2247.0.0 - 2023-10-25T10:20:34.030468+00:00 + 2023-11-22T09:59:23.752482+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2247.0.0):<br><br>Security fixes:<br>- Fix libarchive out of bounds reads ([CVE-2017-14166](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14166), [CVE-2017-14501](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14501), [CVE-2017-14502](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14502), [CVE-2017-14503](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14503))<br>- Fix pam_systemd bug allowing authenticated remote users to perform polkit actions as if locally logged in ([CVE-2019-3842](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3842))<br>- Fix polkit information disclosure and denial of service ([CVE-2018-1116](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1116))<br>- Fix SQLite multiple vulnerabilities, the worst of which allows code execution ([CVE-2019-5018](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5018), [CVE-2019-9936](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9936), [CVE-2019-9937](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9937))<br>- Fix wget buffer overflow allowing arbitrary code execution ([CVE-2019-5953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5953))<br><br>Updates:<br>- etcd [3.3.15](https://github.com/etcd-io/etcd/releases/tag/v3.3.15)<br>- etcdctl [3.3.15](https://github.com/etcd-io/etcd/releases/tag/v3.3.15)<br>- Go [1.12.7](https://golang.org/doc/devel/release.html#go1.12.minor)<br>- Linux [4.19.68](https://lwn.net/Articles/797250/)<br>- wget [1.20.3](http://git.savannah.gnu.org/cgit/wget.git/tree/NEWS?h=v1.20.3&id=a220ead43505bc3e0ea8efb1572919111dbbf6dc#n8)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.68<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-08-30T07:38:30+00:00 @@ -694,7 +702,7 @@ https://github.com/flatcar/manifest/releases/tag/v2234.0.0 2234.0.0 - 2023-10-25T10:20:34.025172+00:00 + 2023-11-22T09:59:23.747146+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2234.0.0):<br><br>Security fixes:<br>- Use secure_getenv to fix a vulnerability around XDG_SEAT in pam_systemd (https://github.com/coreos/systemd/pull/118) ([CVE-2019-3842](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3842))<br><br>Updates:<br>- Linux [4.19.65](https://lwn.net/Articles/795525/)<br><br>## Flatcar updates<br><br>Bug fixes:<br>- Fix wrong key name for fw_cfg in ignition with QEMU (https://github.com/flatcar/ignition/issues/2)<br>- Get SELinux context included in torcx tarballs (https://github.com/flatcar/scripts/pull/16)<br>- Enable XattrPrivileged for untar to fix SELinux issue (https://github.com/flatcar/torcx/pull/1)<br><br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.65<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-08-16T09:46:07+00:00 @@ -702,7 +710,7 @@ https://github.com/flatcar/manifest/releases/tag/v2219.1.0 2219.1.0 - 2023-10-25T10:20:34.020386+00:00 + 2023-11-22T09:59:23.742292+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2219.1.0):<br><br>Security fixes:<br>- Fix Linux information leak attack vector via speculative side channel ([CVE-2019-1125](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1125))<br><br>Updates:<br>- Linux [4.19.65](https://lwn.net/Articles/795525/)<br><br>## Flatcar updates<br><br>Changes:<br>- Add "-s" flag in flatcar-install to install to smallest disk (https://github.com/flatcar/init/pull/7)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.65<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-08-08T08:19:15+00:00 @@ -710,7 +718,7 @@ https://github.com/flatcar/manifest/releases/tag/v2219.0.0 2219.0.0 - 2023-10-25T10:20:34.015762+00:00 + 2023-11-22T09:59:23.737685+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2219.0.0):<br>Bug fixes:<br>- Fix Ignition fetching from S3 URLs when network is slow to start ([ignition#826](https://github.com/coreos/ignition/issues/826))<br><br>Updates:<br>- Linux [4.19.62](https://lwn.net/Articles/794807/)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.62<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-08-01T09:17:22+00:00 @@ -718,7 +726,7 @@ https://github.com/flatcar/manifest/releases/tag/v2205.0.0 2205.0.0 - 2023-10-25T10:20:34.011337+00:00 + 2023-11-22T09:59:23.733224+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2205.0.0):<br><br>Bug fixes:<br><br> - Fix Docker `device or resource busy` error when creating overlay mounts, introduced in 2191.0.0<br><br>Updates: <br><br> - Linux [4.19.58](https://lwn.net/Articles/793363/)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.58<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-07-17T13:53:28+00:00 @@ -726,7 +734,7 @@ https://github.com/flatcar/manifest/releases/tag/v2191.0.0 2191.0.0 - 2023-10-25T10:20:34.006865+00:00 + 2023-11-22T09:59:23.728712+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2191.0.0):<br><br>Security fixes:<br><br> * Fix libexpat denial of service ([CVE-2018-20843](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20843))<br><br>Bug fixes:<br><br> * Fix Ignition panic when no `guestinfo.(coreos|ignition).config` parameters are specified on VMware (coreos/ignition#821)<br><br>Updates:<br><br> * expat [2.2.7](https://github.com/libexpat/libexpat/releases/tag/R_2_2_7)<br> * Ignition [0.33.0](https://github.com/coreos/ignition/releases/tag/v0.33.0)<br> * Linux [4.19.56](https://lwn.net/Articles/792009/)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.56<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-07-03T08:03:08+00:00 @@ -734,7 +742,7 @@ https://github.com/flatcar/manifest/releases/tag/v2184.0.0 2184.0.0 - 2023-10-25T10:20:34.002208+00:00 + 2023-11-22T09:59:23.724020+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2184.0.0):<br>Bug fixes:<br><br>- Temporarily revert bunzip2 change in 2163.0.0 causing decompression failures for invalid archives created by older versions of lbzip2, including Container Linux release images ([#2589](https://github.com/coreos/bugs/issues/2589))<br><br>Updates:<br><br>- intel-microcode [20190618](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/blob/microcode-20190618/releasenote)<br>- Linux [4.19.55](https://lwn.net/Articles/791755/)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.32.0<br>- kernel 4.19.55<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-07-01T10:43:29+00:00 @@ -742,7 +750,7 @@ https://github.com/flatcar/manifest/releases/tag/v2163.2.1 2163.2.1 - 2023-10-25T10:20:33.997603+00:00 + 2023-11-22T09:59:23.719362+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2163.2.1):<br><br>Security fixes:<br><br>- Fix Linux TCP remotely-triggerable kernel panic and excessive resource consumption ([CVE-2019-11477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11477), [CVE-2019-11478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11478), [CVE-2019-11479](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11479))<br><br>Updates:<br><br>- Linux [4.19.50](https://lwn.net/Articles/790878/)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.32.0<br>- kernel 4.19.50<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-06-19T08:17:08+00:00 @@ -750,7 +758,7 @@ https://github.com/flatcar/manifest/releases/tag/v2163.1.0 2163.1.0 - 2023-10-25T10:20:33.993020+00:00 + 2023-11-22T09:59:23.714796+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2163.1.0):<br>Bug fixes:<br>- Temporarily revert bunzip2 change in 2163.0.0 causing decompression failures for invalid archives created by older versions of lbzip2, including Container Linux release images ([#2589](https://github.com/coreos/bugs/issues/2589))<br>Packages:<br>- docker 18.06.3<br>- ignition 0.32.0<br>- kernel 4.19.47<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-06-12T13:24:21+00:00 @@ -758,7 +766,7 @@ https://github.com/flatcar/manifest/releases/tag/v2163.0.0 2163.0.0 - 2023-10-25T10:20:33.988520+00:00 + 2023-11-22T09:59:23.710288+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2163.0.0):<br><br>Security fixes:<br><br>- Fix curl TFTP buffer overflow with non-default block size ([CVE-2019-5436](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5436))<br><br>Updates:<br><br>- coreutils [8.30](https://git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?h=v8.30)<br>- curl [7.65.0](https://curl.haxx.se/changes.html#7_65_0)<br>- GCC [8.3.0](https://gcc.gnu.org/gcc-8/changes.html#GCC8.3)<br>- glibc [2.29](https://sourceware.org/ml/libc-announce/2019/msg00000.html)<br>- Linux [4.19.47](https://lwn.net/Articles/790017/)<br>- Rust [1.35.0](https://blog.rust-lang.org/2019/05/23/Rust-1.35.0.html)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.32.0<br>- kernel 4.19.47<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-06-06T08:50:58+00:00 @@ -766,7 +774,7 @@ https://github.com/flatcar/manifest/releases/tag/v2149.0.0 2149.0.0 - 2023-10-25T10:20:33.983790+00:00 + 2023-11-22T09:59:23.705585+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2149.0.0):<br><br>Updates:<br>- etcd [3.3.13](https://github.com/etcd-io/etcd/releases/tag/v3.3.13)<br>- etcdctl [3.3.13](https://github.com/etcd-io/etcd/releases/tag/v3.3.13)<br>- Go [1.12.5](https://golang.org/doc/devel/release.html#go1.12.minor)<br>- intel-microcode [20190514](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/blob/microcode-20190514/releasenote)<br>- Linux [4.19.44](https://lwn.net/Articles/788778/)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.32.0<br>- kernel 4.19.44<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-05-21T20:29:23+00:00 @@ -774,7 +782,7 @@ https://github.com/flatcar/manifest/releases/tag/v2135.1.0 2135.1.0 - 2023-10-25T10:20:33.979251+00:00 + 2023-11-22T09:59:23.700973+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2135.1.0):<br><br>Security fixes:<br>- Fix Intel CPU disclosure of memory to user process. Complete mitigation requires [manually disabling SMT](https://docs.flatcar-linux.org/os/disabling-smt/) on affected processors. ([CVE-2019-11091](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11091), [CVE-2018-12126](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12126), [CVE-2018-12127](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12127), [CVE-2018-12130](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12130), [MDS](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html))<br><br>Updates:<br>- intel-microcode [20190514](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/blob/microcode-20190514/releasenote)<br>- Linux [4.19.43](https://lwn.net/Articles/788388/)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.32.0<br>- kernel 4.19.43<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-05-16T10:57:13+00:00 @@ -782,7 +790,7 @@ https://github.com/flatcar/manifest/releases/tag/v2135.0.0 2135.0.0 - 2023-10-25T10:20:33.974497+00:00 + 2023-11-22T09:59:23.696180+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2135.0.0):<br><br>Security fixes:<br><br>- Fix SQLite remote code execution ([CVE-2018-20346](https://nvd.nist.gov/vuln/detail/CVE-2018-20346))<br>- Fix GLib [multiple vulnerabilities](https://www.openwall.com/lists/oss-security/2018/10/23/5)<br><br>Bug fixes:<br><br>- Fix systemd `MountFlags=shared` option ([#2579](https://github.com/coreos/bugs/issues/2579))<br><br>Changes:<br><br>- Use Amazon's recommended NVMe timeout for new EC2 installs ([#2484](https://github.com/coreos/bugs/issues/2484))<br>- Pin network interface naming to systemd v238 scheme ([#2578](https://github.com/coreos/bugs/issues/2578))<br>- Enable XDP sockets ([#2580](https://github.com/coreos/bugs/issues/2580))<br><br>Updates:<br><br>- Linux [4.19.37](https://lwn.net/Articles/786953/)<br>- Rust [1.34.1](https://blog.rust-lang.org/2019/04/25/Rust-1.34.1.html)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.32.0<br>- kernel 4.19.37<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-05-08T07:08:56+00:00 @@ -790,7 +798,7 @@ https://github.com/flatcar/manifest/releases/tag/v2121.0.0 2121.0.0 - 2023-10-25T10:20:33.969608+00:00 + 2023-11-22T09:59:23.691244+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2121.0.0):<br><br>Security fixes:<br> - Fix libseccomp privilege escalation ([CVE-2019-9893](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9893))<br><br>Bug fixes:<br> - Disable new sticky directory protections for backward compatibility ([#2577](https://github.com/coreos/bugs/issues/2577))<br><br>Changes:<br> - Enable `atlantic` kernel module ([#2576](https://github.com/coreos/bugs/issues/2576))<br><br>Updates:<br> - Go [1.12.4](https://golang.org/doc/devel/release.html#go1.12.minor)<br> - Ignition [0.32.0](https://github.com/coreos/ignition/releases/tag/v0.32.0)<br> - libseccomp [2.4.0](https://github.com/seccomp/libseccomp/releases/tag/v2.4.0)<br> - Linux [4.19.36](https://lwn.net/Articles/786361/)<br> - Rust [1.34.0](https://blog.rust-lang.org/2019/04/11/Rust-1.34.0.html)<br> - tini [0.18.0](https://github.com/krallin/tini/releases/tag/v0.18.0)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.32.0<br>- kernel 4.19.36<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-05-03T10:42:07+00:00 @@ -798,7 +806,7 @@ https://github.com/flatcar/manifest/releases/tag/v2107.0.0 2107.0.0 - 2023-10-25T10:20:33.964723+00:00 + 2023-11-22T09:59:23.686332+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2107.0.0):<br><br>Security fixes:<br>- Fix libmspack vulnerabilities in the VMware agent for new installs ([CVE-2018-14679](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14679), [CVE-2018-14680](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14680), [CVE-2018-14681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14681), [CVE-2018-14682](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14682), [CVE-2018-18584](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18584), [CVE-2018-18585](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18585), [CVE-2018-18586](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18586))<br><br>Updates:<br>- Afterburn (formerly coreos-metadata) [4.0.0](https://github.com/coreos/afterburn/releases/tag/v4.0.0)<br>- Git [2.21.0](https://raw.githubusercontent.com/git/git/v2.21.0/Documentation/RelNotes/2.21.0.txt)<br>- Go [1.12.2](https://golang.org/doc/devel/release.html#go1.12.minor)<br>- Linux [4.19.34](https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.34)<br><br>Packages:<br>- docker 18.06.3<br>- ignition 0.31.0<br>- kernel 4.19.34<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-04-09T13:24:31+00:00 @@ -806,7 +814,7 @@ https://github.com/flatcar/manifest/releases/tag/v2093.0.0 2093.0.0 - 2023-10-25T10:20:33.959816+00:00 + 2023-11-22T09:59:23.681395+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2093.0.0):<br><br>Security fixes:<br>- Fix OpenSSH `scp` allowing remote servers to change target directory permissions ([CVE-2018-20685](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20685))<br>- Fix OpenSSH outputting ANSI control codes from remote servers ([CVE-2019-6109](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6109), [CVE-2019-6110](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6110))<br>- Fix OpenSSH `scp` allowing remote servers to overwrite arbitrary files ([CVE-2019-6111](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111))<br>- Fix OpenSSL side-channel timing attack ([CVE-2018-5407](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407))<br>- Fix OpenSSL padding oracle attack in misbehaving applications ([CVE-2019-1559](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1559))<br>- Fix ntp `ntpd` denial of service by authenticated user ([CVE-2019-8936](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8936))<br>- Fix ntp buffer overflow in `ntpq` and `ntpdc` ([CVE-2018-12327](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12327))<br><br>Bug fixes:<br>- Fix systemd presets incorrectly handling escaped unit names ([#2569](https://github.com/coreos/bugs/issues/2569))<br><br>Updates:<br>- GCC [8.2.0](https://gcc.gnu.org/gcc-8/changes.html#GCC8.2)<br>- Go [1.12.1](https://golang.org/doc/devel/release.html#go1.12.minor)<br>- IANA timezone database [2018i](https://mm.icann.org/pipermail/tz-announce/2018-December/000054.html)<br>- Linux [4.19.31](https://lwn.net/Articles/783858/)<br>- ntp [4.2.8p13](https://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ChangeLog-stable)<br>- OpenSSH [7.9p1](https://www.openssh.com/txt/release-7.9)<br>- OpenSSL [1.0.2r](https://www.openssl.org/news/openssl-1.0.2-notes.html)<br>- Update Engine [0.4.10](https://github.com/coreos/update_engine/releases/tag/v0.4.10)<br><br>Packages:<br>- docker 18.06.3<br>- ignition 0.31.0<br>- kernel 4.19.31<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-03-26T13:08:56+00:00 @@ -814,7 +822,7 @@ https://github.com/flatcar/manifest/releases/tag/v2079.0.0 2079.0.0 - 2023-10-25T10:20:33.954311+00:00 + 2023-11-22T09:59:23.675840+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2079.0.0):<br><br>Security fixes:<br>- Fix tar local denial of service with `--sparse` option ([CVE-2018-20482](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20482))<br>- Fix wget local information leak ([CVE-2018-20483](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20483))<br><br>Bug fixes:<br>- Fix systemd-journald memory leak ([#2564](https://github.com/coreos/bugs/issues/2564))<br><br>Changes:<br>- Enable `vhost_vsock` kernel module ([#2563](https://github.com/coreos/bugs/issues/2563))<br><br>Updates:<br>- Go [1.12](https://golang.org/doc/go1.12)<br>- Linux [4.19.28](https://lwn.net/Articles/782719/)<br>- Rust [1.33.0](https://blog.rust-lang.org/2019/02/28/Rust-1.33.0.html)<br>- systemd [241](https://github.com/systemd/systemd/blob/v241/NEWS)<br>- tar [1.31](https://lists.gnu.org/archive/html/info-gnu/2019-01/msg00001.html)<br>- wget [1.20.1](https://git.savannah.gnu.org/cgit/wget.git/tree/NEWS?h=v1.20.1)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.31.0<br>- kernel 4.19.28<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-03-12T14:38:05+00:00 @@ -822,7 +830,7 @@ https://github.com/flatcar/manifest/releases/tag/v2065.0.0 2065.0.0 - 2023-10-25T10:20:33.949350+00:00 + 2023-11-22T09:59:23.670861+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2065.0.0):<br><br>Security fixes:<br>- Fix curl vulnerabilities ([CVE-2018-16839](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16839), [CVE-2018-16840](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16840), [CVE-2018-16842](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16842), [CVE-2018-16890](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16890), [CVE-2019-3822](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3822), [CVE-2019-3823](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3823))<br>- Fix Linux use-after-free in `sockfs_setattr` ([CVE-2019-8912](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8912))<br>- Fix systemd crash from a specially-crafted D-Bus message ([CVE-2019-6454](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6454))<br><br>Updates:<br>- curl [7.64.0](https://curl.haxx.se/changes.html#7_64_0)<br>- Docker [18.06.3-ce](https://github.com/docker/docker-ce/releases/tag/v18.06.3-ce)<br>- Ignition [0.31.0](https://github.com/coreos/ignition/releases/tag/v0.31.0)<br>- Linux [4.19.25](https://lwn.net/Articles/780611/)<br><br>Packages:<br>- docker 18.06.3<br>- ignition 0.31.0<br>- kernel 4.19.25<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2019-02-27T08:55:30+00:00 @@ -830,7 +838,7 @@ https://github.com/flatcar/manifest/releases/tag/v2051.0.0 2051.0.0 - 2023-10-25T10:20:33.944393+00:00 + 2023-11-22T09:59:23.665864+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2051.0.0):<br><br>Security fixes:<br> - Fix runc container breakout ([CVE-2019-5736](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5736))<br><br>Changes:<br> - Revert `/sys/bus/rbd/add` to Linux 4.14 behavior ([#2544](https://github.com/coreos/bugs/issues/2544))<br> - Add a new subkey for signing release images<br><br>Updates:<br> - etcd [3.3.12](https://github.com/etcd-io/etcd/releases/tag/v3.3.12)<br> - etcdctl [3.3.12](https://github.com/etcd-io/etcd/releases/tag/v3.3.12)<br> - flannel [0.11.0](https://github.com/coreos/flannel/releases/tag/v0.11.0)<br> - Linux [4.19.20](https://lwn.net/Articles/779132/)<br><br>Packages:<br>- docker 18.06.1<br>- ignition 0.30.0<br>- kernel 4.19.20<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2019-02-14T10:32:06+00:00 @@ -838,7 +846,7 @@ https://github.com/flatcar/manifest/releases/tag/v2037.0.0 2037.0.0 - 2023-10-25T10:20:33.939703+00:00 + 2023-11-22T09:59:23.661157+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2037.0.0):<br><br>Security fixes:<br>- Fix Go CPU denial of service in ECC ([CVE-2019-6486](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6486))<br><br>Updates:<br>- btrfs-progs [4.19](https://git.kernel.org/pub/scm/linux/kernel/git/kdave/btrfs-progs.git/plain/CHANGES?h=v4.19)<br>- e2fsprogs [1.44.5](http://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.44.5)<br>- glibc [2.27](https://www.sourceware.org/ml/libc-alpha/2018-02/msg00054.html)<br>- Go [1.10.8](https://golang.org/doc/devel/release.html#go1.10.minor)<br>- Go [1.11.5](https://golang.org/doc/devel/release.html#go1.11.minor)<br>- Linux [4.19.18](https://lwn.net/Articles/777580/)<br>- Rust [1.32.0](https://blog.rust-lang.org/2019/01/17/Rust-1.32.0.html)<br>- util-linux [2.33](https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.33/v2.33-ReleaseNotes)<br>- xfsprogs [4.17.0](https://git.kernel.org/pub/scm/fs/xfs/xfsprogs-dev.git/plain/doc/CHANGES?id=v4.17.0)<br>Packages:<br>- docker 18.06.1<br>- ignition 0.30.0<br>- kernel 4.19.18<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2019-01-30T13:45:27+00:00 @@ -846,7 +854,7 @@ https://github.com/flatcar/manifest/releases/tag/v2023.0.0 2023.0.0 - 2023-10-25T10:20:33.934857+00:00 + 2023-11-22T09:59:23.656254+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2023.0.0):<br><br>Security fixes:<br> - Fix systemd-journald privilege escalation ([CVE-2018-16864](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16864), [CVE-2018-16865](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16865))<br> - Fix systemd-journald out of bounds read ([CVE-2018-16866](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16866))<br> - Fix ntpq, ntpdc buffer overflow ([CVE-2018-12327](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12327))<br> - Fix etcd improper authentication with RBAC and client certs ([CVE-2018-16886](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16886))<br><br>Changes:<br> - Add `ip_vs_mh` kernel module ([#2542](https://github.com/coreos/bugs/issues/2542))<br><br>Updates:<br> - etcd [3.3.11](https://github.com/etcd-io/etcd/releases/tag/v3.3.11)<br> - etcdctl [3.3.11](https://github.com/etcd-io/etcd/releases/tag/v3.3.11)<br> - Linux [4.19.15](https://lwn.net/Articles/776607/)<br> - ntp [4.2.8p12](https://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ChangeLog-stable)<br> - sudo [1.8.25p1](https://www.sudo.ws/stable.html#1.8.25p1)<br><br>Packages:<br>- docker 18.06.1<br>- ignition 0.30.0<br>- kernel 4.19.15<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2019-01-18T14:03:21+00:00 @@ -854,7 +862,7 @@ https://github.com/flatcar/manifest/releases/tag/v2016.0.0 2016.0.0 - 2023-10-25T10:20:33.929832+00:00 + 2023-11-22T09:59:23.651203+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2016.0.0):<br><br>Bug fixes:<br><br>- Fix monitoring process events over netlink ([#2537](https://github.com/coreos/bugs/issues/2537))<br><br>Updates:<br>- Ignition [0.30.0](https://github.com/coreos/ignition/releases/tag/v0.30.0)<br>- Go [1.10.7](https://golang.org/doc/devel/release.html#go1.10.minor)<br>- Go [1.11.4](https://golang.org/doc/devel/release.html#go1.11.minor)<br>- Linux [4.19.13](https://lwn.net/Articles/775720/)<br>Packages:<br>- docker 18.06.1<br>- ignition 0.30.0<br>- kernel 4.19.13<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2019-01-18T09:11:32+00:00 @@ -862,7 +870,7 @@ https://github.com/flatcar/manifest/releases/tag/v1995.0.0 1995.0.0 - 2023-10-25T10:20:33.925282+00:00 + 2023-11-22T09:59:23.646622+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1995.0.0):<br><br>Security fixes:<br>- Fix Go CPU denial of service in X.509 verification ([CVE-2018-16875](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16875))<br>- Fix PolicyKit always authorizing UIDs greater than `INT_MAX` ([CVE-2018-19788](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19788))<br><br>Bug fixes:<br>- Fix AWS, Azure, and GCE disk aliases in the initramfs for Ignition ([#2531](https://github.com/coreos/bugs/issues/2531))<br><br>Updates:<br>- Go [1.10.6](https://golang.org/doc/devel/release.html#go1.10.minor)<br>- Go [1.11.3](https://golang.org/doc/devel/release.html#go1.11.minor)<br>- Ignition [0.29.1](https://github.com/coreos/ignition/releases/tag/v0.29.1)<br>- Linux [4.19.9](https://lwn.net/Articles/774847/)<br>- Rust [1.31.0](https://blog.rust-lang.org/2018/12/06/Rust-1.31-and-rust-2018.html)<br>- wa-linux-agent [2.2.32](https://github.com/Azure/WALinuxAgent/releases/tag/v2.2.32)<br>Packages:<br>- docker 18.06.1<br>- ignition 0.29.1<br>- kernel 4.19.9<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-12-21T09:09:39+00:00 @@ -870,7 +878,7 @@ https://github.com/flatcar/manifest/releases/tag/v1981.0.0 1981.0.0 - 2023-10-25T10:20:33.920357+00:00 + 2023-11-22T09:59:23.641656+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1981.0.0):<br><br>Updates:<br> - Linux [4.19.6](https://lwn.net/Articles/773528/)<br> - iptables [1.6.2](https://www.netfilter.org/projects/iptables/files/changes-iptables-1.6.2.txt)<br>Packages:<br>- docker 18.06.1<br>- ignition 0.28.0<br>- kernel 4.19.6<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-12-06T09:45:28+00:00 @@ -878,7 +886,7 @@ https://github.com/flatcar/manifest/releases/tag/v1967.0.0 1967.0.0 - 2023-10-25T10:20:33.915941+00:00 + 2023-11-22T09:59:23.637221+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1967.0.0):<br><br>Security fixes:<br>- Disable containerd CRI plugin to stop it from listening on a TCP port ([#2524](https://github.com/coreos/bugs/issues/2524))<br>- Fix curl buffer overrun in NTLM authentication code ([CVE-2018-14618](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14618))<br>- Fix OpenSSL TLS client denial of service ([CVE-2018-0732](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0732))<br>- Fix OpenSSL timing side channel in DSA signature generation ([CVE-2018-0734](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734))<br>- Fix OpenSSL timing side channel via SMT port contention ([CVE-2018-5407](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407))<br><br>Updates:<br>- coreos-metadata [3.0.2](https://github.com/coreos/coreos-metadata/releases/tag/v3.0.2)<br>- curl [7.61.1](https://curl.haxx.se/changes.html#7_61_1)<br>- Go [1.10.5](https://golang.org/doc/devel/release.html#go1.10.minor)<br>- Go [1.11.2](https://golang.org/doc/devel/release.html#go1.11.minor)<br>- Linux [4.19.2](https://lwn.net/Articles/771883/)<br>- OpenSSL [1.0.2p](https://www.openssl.org/news/openssl-1.0.2-notes.html)<br>- Rust [1.30.1](https://blog.rust-lang.org/2018/11/08/Rust-1.30.1.html)<br>Packages:<br>- docker 18.06.1<br>- ignition 0.28.0<br>- kernel 4.19.2<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-11-21T10:58:39+00:00 @@ -886,7 +894,7 @@ https://github.com/flatcar/manifest/releases/tag/v1953.0.0 1953.0.0 - 2023-10-25T10:20:33.910853+00:00 + 2023-11-22T09:59:23.632069+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1953.0.0):<br><br>Security fixes:<br>- Fix systemd re-executing with arbitrary supplied state ([CVE-2018-15686](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15686))<br>- Fix systemd race allowing changing file permissions ([CVE-2018-15687](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15687))<br>- Fix systemd-networkd buffer overflow in the dhcp6 client ([CVE-2018-15688](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15688))<br><br>Bug fixes:<br>- Add AWS and GCE disk aliases in the initramfs for Ignition ([#2481](https://github.com/coreos/bugs/issues/2481))<br>- Add compatibility `nf_conntrack_ipv4` kernel module to fix kube-proxy IPVS on Linux 4.19 ([#2518](https://github.com/coreos/bugs/issues/2518))<br><br>Updates:<br>- IANA timezone database [2018e](https://mm.icann.org/pipermail/tz-announce/2018-May/000050.html)<br>- kexec-tools [2.0.17](https://git.kernel.org/pub/scm/utils/kernel/kexec/kexec-tools.git/log/?h=v2.0.17)<br>- Linux [4.19.1](https://lwn.net/Articles/770746/)<br>Packages:<br>- docker 18.06.1<br>- ignition 0.28.0<br>- kernel 4.19.1<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-11-08T16:14:40+00:00 @@ -894,7 +902,7 @@ https://github.com/flatcar/manifest/releases/tag/v1939.0.0 1939.0.0 - 2023-10-25T10:20:33.905839+00:00 + 2023-11-22T09:59:23.627093+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1939.0.0):<br><br>Security fixes:<br>- Fix Git remote code execution during recursive clone ([CVE-2018-17456](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17456))<br>- Fix OpenSSH user enumeration ([CVE-2018-15473](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15473))<br>- Fix Rust standard library integer overflow ([CVE-2018-1000810](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000810))<br><br>Bug fixes:<br>- Fix missing kernel headers ([#2505](https://github.com/coreos/bugs/issues/2505))<br><br>Updates:<br>- coreos-metadata [3.0.1](https://github.com/coreos/coreos-metadata/releases/tag/v3.0.1)<br>- etcd-wrapper [3.3.10](https://github.com/etcd-io/etcd/releases/tag/v3.3.10)<br>- etcdctl [3.3.10](https://github.com/etcd-io/etcd/releases/tag/v3.3.10)<br>- Git [2.18.1](https://raw.githubusercontent.com/git/git/v2.18.1/Documentation/RelNotes/2.18.1.txt)<br>- Linux [4.19](https://lwn.net/Articles/769110/)<br>- linux-firmware [20181001](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/log/?id=7c81f23ad903f72e87e2102d8f52408305c0f7a2)<br>- OpenSSH [7.7p1](https://www.openssh.com/txt/release-7.7)<br>- Rust [1.29.1](https://blog.rust-lang.org/2018/09/25/Rust-1.29.1.html)<br>Packages:<br>- docker 18.06.1<br>- ignition 0.28.0<br>- kernel 4.19.0<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-10-26T10:15:37+00:00 @@ -902,7 +910,7 @@ https://github.com/flatcar/manifest/releases/tag/v1925.0.0 1925.0.0 - 2023-10-25T10:20:33.900727+00:00 + 2023-11-22T09:59:23.621925+00:00 ## Flatcar updates<br><br>Changes:<br><br>* Add new image signing subkey to `flatcar-install` ([flatcar-linux/init#4](https://github.com/flatcar/init/pull/4))<br><br>Bug fixes:<br><br>* Fix `/usr/lib/coreos` symlink for Container Linux compatibility ([flatcar-linux/coreos-overlay#8](https://github.com/flatcar/coreos-overlay/pull/8))<br><br>## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1925.0.0):<br><br>Updates:<br>- glibc [2.26](https://sourceware.org/ml/libc-alpha/2017-08/msg00010.html)<br>- Go [1.11.1](https://golang.org/doc/devel/release.html#go1.11.minor)<br>- Linux [4.18.12](https://lwn.net/Articles/767627/)<br>- nfs-utils [2.3.1](https://lwn.net/Articles/741961/)<br>- open-vm-tools [10.3.0](https://github.com/vmware/open-vm-tools/blob/stable-10.3.0/ReleaseNotes.md)<br>Packages:<br>- docker 18.06.1<br>- ignition 0.28.0<br>- kernel 4.18.12<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-10-11T13:18:48+00:00 @@ -910,7 +918,7 @@ https://github.com/flatcar/manifest/releases/tag/v1911.0.2 1911.0.2 - 2023-10-25T10:20:33.895987+00:00 + 2023-11-22T09:59:23.617148+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1911.0.2):<br><br>Bug fixes:<br>- Fix Google Compute Engine OS Login activation ([#2503](https://github.com/coreos/bugs/issues/2503))<br><br>Updates:<br>- Linux [4.18.9](https://lwn.net/Articles/765657/)<br>Packages:<br>- docker 18.06.1<br>- ignition 0.28.0<br>- kernel 4.18.9<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-10-01T17:46:23+00:00 @@ -918,7 +926,7 @@ https://github.com/flatcar/manifest/releases/tag/v1897.0.0 1897.0.0 - 2023-10-25T10:20:33.891597+00:00 + 2023-11-22T09:59:23.612713+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1897.0.0):<br><br>Bug fixes:<br>- Fix Docker mounting named volumes ([#2497](https://github.com/coreos/bugs/issues/2497))<br>- Fix Azure disk detection in Ignition ([#2481](https://github.com/coreos/bugs/issues/2481))<br><br>Changes:<br>- Add support for Google Compute Engine OS Login<br>- Enable support for Mellanox Ethernet switches<br><br>Updates:<br>- coreos-metadata [3.0.0](https://github.com/coreos/coreos-metadata/releases/tag/v3.0.0)<br>- Go [1.10.4](https://golang.org/doc/devel/release.html#go1.10.minor)<br>- Go [1.11](https://golang.org/doc/go1.11)<br>- intel-microcode [20180807a](https://downloadcenter.intel.com/download/28087)<br>- Linux [4.18.7](https://lwn.net/Articles/764459/)<br>- update-ssh-keys [0.3.0](https://github.com/coreos/update-ssh-keys/releases/tag/v0.3.0)<br>Packages:<br>- docker 18.06.1<br>- ignition 0.28.0<br>- kernel 4.18.7<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-09-14T13:25:22+00:00 @@ -926,7 +934,7 @@ https://github.com/flatcar/manifest/releases/tag/v1883.0.0 1883.0.0 - 2023-10-25T10:20:33.886721+00:00 + 2023-11-22T09:59:23.607859+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1883.0.0):<br><br>Changes:<br>- Add CIFS userspace utilities ([#571](https://github.com/coreos/bugs/issues/571))<br>- Drop AWS PV images from regions which do not support PV<br><br>Updates:<br>- containerd [1.1.2](https://github.com/containerd/containerd/releases/tag/v1.1.2)<br>- Docker [18.06.1-ce](https://github.com/docker/docker-ce/releases/tag/v18.06.1-ce)<br>- Ignition [0.28.0](https://github.com/coreos/ignition/releases/tag/v0.28.0)<br>- Linux [4.18.5](https://lwn.net/Articles/763431/)<br>- Rust [1.28.0](https://blog.rust-lang.org/2018/08/02/Rust-1.28.html)<br>Packages:<br>- docker 18.06.1<br>- ignition 0.28.0<br>- kernel 4.18.5<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-08-29T17:07:21+00:00 @@ -934,7 +942,7 @@ https://github.com/flatcar/manifest/releases/tag/v1871.0.0 1871.0.0 - 2023-10-25T10:20:33.882054+00:00 + 2023-11-22T09:59:23.603177+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1871.0.0):<br><br>Security fixes:<br>- Fix Linux remote denial of service ([FragmentSmack](https://access.redhat.com/security/cve/cve-2018-5391), [CVE-2018-5391](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5391))<br>- Fix Linux privileged memory access via speculative execution ([L1TF/Foreshadow](https://foreshadowattack.eu/), [CVE-2018-3620](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3620), [CVE-2018-3646](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3646))<br>- Fix curl SMTP buffer overflow ([CVE-2018-0500](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0500))<br><br>Bug fixes:<br>- Fix PXE systems attempting to mount an ESP ([#2491](https://github.com/coreos/bugs/issues/2491))<br><br>Updates:<br>- coreos-metadata [2.0.0](https://github.com/coreos/coreos-metadata/releases/tag/v2.0.0)<br>- curl [7.61.0](https://curl.haxx.se/changes.html#7_61_0)<br>- Ignition [0.27.0](https://github.com/coreos/ignition/releases/tag/v0.27.0)<br>- Linux [4.17.15](https://lwn.net/Articles/762807/)<br>- update-ssh-keys [0.2.1](https://github.com/coreos/update-ssh-keys/releases/tag/v0.2.1)<br>Packages:<br>- docker 18.06.0<br>- ignition 0.27.0<br>- kernel 4.17.15<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-08-17T12:11:12+00:00 @@ -942,7 +950,7 @@ https://github.com/flatcar/manifest/releases/tag/v1855.1.0 1855.1.0 - 2023-10-25T10:20:33.877023+00:00 + 2023-11-22T09:59:23.598129+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1855.1.0):<br><br>Security fixes:<br>- Fix Linux local denial of service as Xen PV guest ([CVE-2018-14678](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14678))<br><br>Bug fixes:<br>- Fix failure to mount large ext4 filesystems ([#2485](https://github.com/coreos/bugs/issues/2485))<br><br>Updates:<br>- Linux [4.17.12](https://lwn.net/Articles/761766/)<br>Packages:<br>- docker 18.06.0<br>- ignition 0.26.0<br>- kernel 4.17.12<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-08-08T10:49:49+00:00 @@ -950,7 +958,7 @@ https://github.com/flatcar/manifest/releases/tag/v1855.0.0 1855.0.0 - 2023-10-25T10:20:33.872514+00:00 + 2023-11-22T09:59:23.593596+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1855.0.0):<br><br>Changes:<br>- [Remove ARM64 architecture](https://groups.google.com/d/topic/coreos-user/3Z2S6bKNF5E/discussion)<br>- [Remove developer image from SDK](https://groups.google.com/d/topic/coreos-dev/JNU-UDYprMo/discussion)<br><br>Updates:<br>- etcd [3.3.9](https://github.com/coreos/etcd/releases/tag/v3.3.9)<br>- etcdctl [3.3.9](https://github.com/coreos/etcd/releases/tag/v3.3.9)<br>- Linux [4.17.11](https://lwn.net/Articles/761179/)<br>Packages:<br>- docker 18.06.0<br>- ignition 0.26.0<br>- kernel 4.17.11<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-07-31T09:15:59+00:00 @@ -958,7 +966,7 @@ https://github.com/flatcar/manifest/releases/tag/v1849.0.0 1849.0.0 - 2023-10-25T10:20:33.867904+00:00 + 2023-11-22T09:59:23.588984+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1849.0.0):<br><br>Changes:<br>- Add torcx remotes support<br><br>Updates:<br>- containerd [1.1.1](https://github.com/containerd/containerd/releases/tag/v1.1.1)<br>- Docker [18.06.0-ce](https://github.com/docker/docker-ce/releases/tag/v18.06.0-ce)<br>- intel-microcode [20180703](https://downloadcenter.intel.com/download/27945/Linux-Processor-Microcode-Data-File)<br>- Linux [4.17.9](https://lwn.net/Articles/760499/)<br>- Update Engine [0.4.9](https://github.com/coreos/update_engine/releases/tag/v0.4.9)<br><br>Packages:<br>- docker 18.06.0<br>- ignition 0.26.0<br>- kernel 4.17.9<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-07-26T09:41:44+00:00 @@ -966,7 +974,7 @@ https://github.com/flatcar/manifest/releases/tag/v1828.0.0 1828.0.0 - 2023-10-25T10:20:33.863245+00:00 + 2023-11-22T09:59:23.584365+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1828.0.0):<br><br>Security fixes:<br>- Fix curl buffer overflows ([CVE-2018-1000300](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000300), [CVE-2018-1000301](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000301))<br>- Fix Linux random seed during early boot ([CVE-2018-1108](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1108))<br><br>Changes:<br>- Reads of `/dev/urandom` early in boot will block until entropy pool is fully initialized<br>- Support friendly AWS EBS NVMe device names ([#2399](https://github.com/coreos/bugs/issues/2399))<br><br>Updates:<br>- cryptsetup [1.7.5](https://mirrors.edge.kernel.org/pub/linux/utils/cryptsetup/v1.7/v1.7.5-ReleaseNotes)<br>- curl [7.60.0](https://curl.haxx.se/changes.html#7_60_0)<br>- etcd-wrapper [3.3.8](https://github.com/coreos/etcd/releases/tag/v3.3.8)<br>- etcdctl [3.3.8](https://github.com/coreos/etcd/releases/tag/v3.3.8)<br>- intel-microcode [20180616](https://downloadcenter.intel.com/download/27776/Linux-Processor-Microcode-Data-File)<br>- kmod [25](https://git.kernel.org/pub/scm/utils/kernel/kmod/kmod.git/tree/NEWS?h=v25)<br>- Linux [4.17.3](https://lwn.net/Articles/758268/)<br>- linux-firmware [20180606](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/log/?id=d1147327232ec4616a66ab898df84f9700c816c1)<br>- Locksmith [0.6.2](https://github.com/coreos/locksmith/releases/tag/v0.6.2)<br>- OpenSSL [1.0.2o](https://www.openssl.org/news/openssl-1.0.2-notes.html)<br>Packages:<br>- docker 18.05.0<br>- ignition 0.26.0<br>- kernel 4.17.3<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-07-05T13:56:54+00:00 @@ -974,7 +982,7 @@ https://github.com/flatcar/manifest/releases/tag/v1814.0.0 1814.0.0 - 2023-10-25T10:20:33.858049+00:00 + 2023-11-22T09:59:23.579119+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1814.0.0):<br><br>Bug fixes:<br>- Fix Hyper-V network driver regression ([#2454](https://github.com/coreos/bugs/issues/2454))<br><br>Changes:<br>- [Drop obsolete `cros_sdk` method of entering SDK](https://groups.google.com/d/topic/coreos-dev/JV3s-j51Tcw/discussion)<br><br>Updates:<br>- etcd [3.3.7](https://github.com/coreos/etcd/releases/tag/v3.3.7)<br>- etcdctl [3.3.7](https://github.com/coreos/etcd/releases/tag/v3.3.7)<br>- Go [1.9.7](https://golang.org/doc/devel/release.html#go1.9.minor)<br>- Go [1.10.3](https://golang.org/doc/devel/release.html#go1.10.minor)<br>- Ignition [0.26.0](https://github.com/coreos/ignition/releases/tag/v0.26.0)<br>- Linux [4.16.16](https://lwn.net/Articles/757679/)<br>- torcx [0.2.0](https://github.com/coreos/torcx/releases/tag/v0.2.0)<br>Packages:<br>- docker 18.05.0<br>- ignition 0.26.0<br>- kernel 4.16.16<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-06-22T10:18:59+00:00 @@ -982,7 +990,7 @@ https://github.com/flatcar/manifest/releases/tag/v1800.1.0 1800.1.0 - 2023-10-25T10:20:33.853158+00:00 + 2023-11-22T09:59:23.574279+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1800.1.0):<br><br>Bug fixes:<br>- Fix Hyper-V network driver regression ([#2454](https://github.com/coreos/bugs/issues/2454))<br>Packages:<br>- docker 18.05.0<br>- ignition 0.25.1<br>- kernel 4.16.14<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-06-13T13:23:42+00:00 @@ -990,7 +998,7 @@ https://github.com/flatcar/manifest/releases/tag/v1800.0.0 1800.0.0 - 2023-10-25T10:20:33.848742+00:00 + 2023-11-22T09:59:23.569843+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1800.0.0):<br><br>Security fixes:<br> - Fix multiple procps vulnerabilities ([CVE-2018-1120](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1120), [CVE-2018-1121](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1121), [CVE-2018-1122](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1122), [CVE-2018-1123](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1123), [CVE-2018-1124](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1124), [CVE-2018-1125](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1125), [CVE-2018-1126](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1126), [CVE-2018-1120](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1120), [CVE-2018-1121](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1121), [CVE-2018-1122](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1122), [CVE-2018-1123](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1123), [CVE-2018-1124](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1124), [CVE-2018-1126](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1126))<br> - Fix shadow privilege escalation ([CVE-2018-7169](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7169))<br> - Fix samba man-in-the-middle attack ([CVE-2016-2119](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2119))<br> - Fix Git arbitrary code execution when cloning untrusted repositories ([CVE-2018-11235](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11235))<br><br>Bug fixes:<br>- Fix failure to set network interface MTU ([#2443](https://github.com/coreos/bugs/issues/2443))<br>- Fix inadvertent change of network interface names ([#2437](https://github.com/coreos/bugs/issues/2437))<br>- Fix Docker bind mounts from root filesystem ([#2440](https://github.com/coreos/bugs/issues/2440))<br><br>Changes:<br> - Update VMware virtual hardware version to 11 (ESXi > 6.0)<br><br>Updates:<br> - etcd [3.3.6](https://github.com/coreos/etcd/releases/tag/v3.3.6)<br> - etcdctl [3.3.6](https://github.com/coreos/etcd/releases/tag/v3.3.6)<br> - Git [2.16.4](https://raw.githubusercontent.com/git/git/v2.16.4/Documentation/RelNotes/2.16.4.txt)<br> - Linux [4.16.14](https://lwn.net/Articles/756651/)<br> - open-vm-tools [10.2.5](https://docs.vmware.com/en/VMware-Tools/10.2/rn/vmware-tools-1025-release-notes.html)<br> - procps [3.3.15](https://gitlab.com/procps-ng/procps/tags/v3.3.15)<br> - samba [4.5.16](https://www.samba.org/samba/history/samba-4.5.16.html)<br> - shadow [4.6](https://github.com/shadow-maint/shadow/releases/tag/4.6)<br>Packages:<br>- docker 18.05.0<br>- ignition 0.25.1<br>- kernel 4.16.14<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-06-12T10:15:01+00:00 @@ -998,7 +1006,7 @@ https://github.com/flatcar/manifest/releases/tag/v1786.2.0 1786.2.0 - 2023-10-25T10:20:33.842737+00:00 + 2023-11-22T09:59:23.563860+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1786.2.0):<br><br>Security fixes:<br>- Fix Git arbitrary code execution when cloning untrusted repositories ([CVE-2018-11235](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11235))<br><br>Bug fixes:<br>- Fix failure to set network interface MTU ([#2443](https://github.com/coreos/bugs/issues/2443))<br><br>Updates:<br>- Git [2.16.4](https://raw.githubusercontent.com/git/git/v2.16.4/Documentation/RelNotes/2.16.4.txt)<br>- Linux [4.16.13](https://lwn.net/Articles/755961/)<br>Packages:<br>- docker 18.05.0<br>- ignition 0.25.1<br>- kernel 4.16.13<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-06-01T13:23:42+00:00 @@ -1006,7 +1014,7 @@ https://github.com/flatcar/manifest/releases/tag/v1786.1.0 1786.1.0 - 2023-10-25T10:20:33.838037+00:00 + 2023-11-22T09:59:23.559152+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1786.1.0):<br><br>Bug fixes:<br>- Fix inadvertent change of network interface names ([#2437](https://github.com/coreos/bugs/issues/2437))<br>- Fix Docker bind mounts from root filesystem ([#2440](https://github.com/coreos/bugs/issues/2440))<br><br>Packages:<br>- docker 18.05.0<br>- ignition 0.25.1<br>- kernel 4.16.10<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-05-27T09:02:47+00:00 @@ -1014,7 +1022,7 @@ https://github.com/flatcar/manifest/releases/tag/v1786.0.1 1786.0.1 - 2023-10-25T10:20:33.833515+00:00 + 2023-11-22T09:59:23.554617+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1786.0.1):<br><br>Security fixes:<br><br>- Fix ncurses denial of service and arbitrary code execution ([CVE-2017-10684](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10684), [CVE-2017-10685](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10685), [CVE-2017-11112](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11112), [CVE-2017-11113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11113), [CVE-2017-13728](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13728), [CVE-2017-13729](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13729), [CVE-2017-13730](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13730), [CVE-2017-13731](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13731), [CVE-2017-13732](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13732), [CVE-2017-13733](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13733), [CVE-2017-13734](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13734), [CVE-2017-16879](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16879))<br>- Fix rsync arbitrary command execution ([CVE-2018-5764](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5764))<br>- Fix wget cookie injection ([CVE-2018-0494](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0494))<br><br>Changes:<br>- Enable QLogic FCoE offload support ([#2367](https://github.com/coreos/bugs/issues/2367))<br>- Enable hardware RNG kernel drivers ([#2430](https://github.com/coreos/bugs/issues/2430))<br>- Add `notrap` to ntpd default access restrictions ([#2220](https://github.com/coreos/bugs/issues/2220))<br>- Allow booting default GRUB menu entry if GRUB password is enabled ([#1597](https://github.com/coreos/bugs/issues/1597))<br>- `coreos-install -i` no longer modifies `grub.cfg` ([#2291](https://github.com/coreos/bugs/issues/2291))<br>- QEMU wrapper script now enables VirtIO RNG device<br><br>Updates:<br>- bind-tools [9.11.2-P1](https://kb.isc.org/article/AA-01550/0/BIND-9.11.2-P1-Release-Notes.html)<br>- Docker [18.05.0-ce](https://github.com/docker/docker-ce/releases/tag/v18.05.0-ce)<br>- etcd-wrapper [3.3.5](https://github.com/coreos/etcd/releases/tag/v3.3.5)<br>- etcdctl [3.3.5](https://github.com/coreos/etcd/releases/tag/v3.3.5)<br>- GnuPG [2.2.7](https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000424.html)<br>- GPT fdisk [1.0.3](https://sourceforge.net/p/gptfdisk/code/ci/f1f6236fb44392bfe5673bc3889a2b17b1696b90/tree/NEWS)<br>- Ignition [0.25.1](https://github.com/coreos/ignition/releases/tag/v0.25.1)<br>- Less [529](http://www.greenwoodsoftware.com/less/news.529.html)<br>- Linux [4.16.10](https://lwn.net/Articles/754971/)<br>- rsync [3.1.3](https://download.samba.org/pub/rsync/src/rsync-3.1.3-NEWS)<br>- Rust [1.26](https://blog.rust-lang.org/2018/05/10/Rust-1.26.html)<br>- util-linux [2.32](https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.32/v2.32-ReleaseNotes)<br>- vim [8.0.1298](http://ftp.vim.org/pub/vim/patches/8.0/README)<br>- wget [1.19.5](https://git.savannah.gnu.org/cgit/wget.git/tree/NEWS?h=v1.19.5&id=15a39093b8751596fe87a6c1f143dff6b6a818ee)<br>Packages:<br>- docker 18.05.0<br>- ignition 0.25.1<br>- kernel 4.16.10<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-05-26T15:29:50+00:00 @@ -1022,7 +1030,7 @@ https://github.com/flatcar/manifest/releases/tag/v1772.0.0 1772.0.0 - 2023-10-25T10:20:33.827115+00:00 + 2023-11-22T09:59:23.548271+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1772.0.0):<br><br>Bug fixes:<br>- Fix GRUB free magic error on existing systems ([#2400](https://github.com/coreos/bugs/issues/2400))<br><br>Changes:<br>- Support storing sudoers in SSSD and LDAP<br>- No longer publish Oracle Cloud release images<br><br>Updates:<br>- audit [2.7.1](https://github.com/linux-audit/audit-userspace/blob/60aa3f2bc5f6483654599af4cb91731714079e26/ChangeLog)<br>- coreutils [8.28](https://git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?h=v8.28)<br>- etcd-wrapper [3.3.4](https://github.com/coreos/etcd/releases/tag/v3.3.4)<br>- etcdctl [3.3.4](https://github.com/coreos/etcd/releases/tag/v3.3.4)<br>- Go [1.9.6](https://golang.org/doc/devel/release.html#go1.9.minor)<br>- Go [1.10.2](https://golang.org/doc/devel/release.html#go1.10.minor)<br>- Linux [4.16.7](https://lwn.net/Articles/753348/)<br>- sudo [1.8.23](https://www.sudo.ws/stable.html#1.8.23)<br>- Update Engine [0.4.7](https://github.com/coreos/update_engine/releases/tag/v0.4.7)<br>- wa-linux-agent [2.2.25](https://github.com/Azure/WALinuxAgent/releases/tag/v2.2.25)<br>Packages:<br>- docker 18.04.0<br>- ignition 0.24.0<br>- kernel 4.16.7<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-05-11T11:45:29+00:00 @@ -1030,7 +1038,7 @@ https://github.com/flatcar/manifest/releases/tag/v1758.0.0 1758.0.0 - 2023-10-25T10:20:33.821936+00:00 + 2023-11-22T09:59:23.543063+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1758.0.0):<br><br>Security fixes:<br> - Fix ntp clock manipulation from ephemeral connections ([CVE-2016-1549](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549), [CVE-2018-7170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7170))<br> - Fix ntp denial of service from out of bounds read ([CVE-2018-7182](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7182)) <br> - Fix ntp denial of service from packets with timestamp 0 ([CVE-2018-7184](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7184), [CVE-2018-7185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7185))<br> - Fix ntp remote code execution ([CVE-2018-7183](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7183))<br><br>Bug fixes:<br> - Pass `/etc/machine-id` from the host to the kubelet<br> - Fix docker2aci tar conversion ([#2402](https://github.com/coreos/bugs/issues/2402))<br> - Switch `/boot` from FAT16 to FAT32 ([#2246](https://github.com/coreos/bugs/issues/2246))<br><br>Changes:<br> - Make Ignition failures more visible on the console<br><br>Updates:<br> - containerd [1.0.3](https://github.com/containerd/containerd/releases/tag/v1.0.3)<br> - coreos-cloudinit [1.14.0](https://github.com/coreos/coreos-cloudinit/releases/tag/v1.14.0)<br> - coreos-metadata [1.0.6](https://github.com/coreos/coreos-metadata/releases/tag/v1.0.6)<br> - Docker [18.04.0-ce](https://docs.docker.com/release-notes/docker-ce/#18040-ce-2018-04-10)<br> - Go [1.9.5](https://golang.org/doc/devel/release.html#go1.9.minor)<br> - Go [1.10.1](https://golang.org/doc/devel/release.html#go1.10.minor)<br> - Linux [4.16.3](https://lwn.net/ml/linux-kernel/20180419074956.GA22325@kroah.com/)<br> - ntp [4.2.8p11](https://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ChangeLog-stable)<br> - rkt [1.30.0](https://github.com/rkt/rkt/releases/tag/v1.30.0)<br> - Rust [1.25.0](https://blog.rust-lang.org/2018/03/29/Rust-1.25.html)<br> - torcx [0.1.3](https://github.com/coreos/torcx/releases/tag/v0.1.3)<br> - update-ssh-keys [0.1.2](https://github.com/coreos/update-ssh-keys/releases/tag/v0.1.2)<br>Packages:<br>- docker 18.04.0<br>- ignition 0.24.0<br>- kernel 4.16.3<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-04-26T09:58:53+00:00 @@ -1038,7 +1046,7 @@ https://github.com/flatcar/manifest/releases/tag/v1745.0.0 1745.0.0 - 2023-10-25T10:20:33.815890+00:00 + 2023-11-22T09:59:23.537079+00:00 ## Flatcar updates<br><br>Initial Flatcar release.<br><br>Notes:<br>- Previous test images have been removed from the release servers. This is due to a new update key being generated using our updated security policy which we [included](https://github.com/flatcar/coreos-overlay/pull/6) in the first public image.<br><br>## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1745.0.0):<br><br>Security fixes:<br>- Fix curl out of bounds read ([CVE-2018-1000005](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000005))<br>- Fix curl authentication data leak ([CVE-2018-1000007](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000007))<br>- Fix curl buffer overflow ([CVE-2018-1000120](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000120))<br>- Fix glibc integer overflow in libcidn ([CVE-2017-14062](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14062))<br>- Fix glibc memory issues in `glob()` with `~` ([CVE-2017-15670](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15670), [CVE-2017-15671](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15671), [CVE-2017-15804](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15804))<br>- Fix glibc mishandling RPATHs with `$ORIGIN` on setuid binaries ([CVE-2017-16997](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16997))<br>- Fix glibc buffer underflow in `realpath()` ([CVE-2018-1000001](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000001))<br>- Fix glibc integer overflow and heap corruption in `memalign()` ([CVE-2018-6485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6485))<br><br>Bug fixes:<br>- Fix GRUB crash at boot ([#2284](https://github.com/coreos/bugs/issues/2284))<br><br>Updates:<br>- curl [7.59.0](https://curl.haxx.se/changes.html#7_59_0)<br>- etcd-wrapper [3.3.3](https://github.com/coreos/etcd/releases/tag/v3.3.3)<br>- etcdctl [3.3.3](https://github.com/coreos/etcd/releases/tag/v3.3.3)<br>- glibc [2.25](https://www.sourceware.org/ml/libc-alpha/2017-02/msg00079.html)<br>- Ignition [0.24.0](https://github.com/coreos/ignition/releases/tag/v0.24.0)<br>- Linux [4.15.15](https://lwn.net/Articles/750656/)<br>- Update Engine [0.4.6](https://github.com/coreos/update_engine/releases/tag/v0.4.6)<br>Packages:<br>- docker 18.03.0<br>- ignition 0.24.0<br>- kernel 4.15.15<br>- rkt 1.29.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-04-25T14:36:35+00:00 diff --git a/static/releases-feed/releases-beta.xml b/static/releases-feed/releases-beta.xml index a4dc0d25..c6ea2bb5 100644 --- a/static/releases-feed/releases-beta.xml +++ b/static/releases-feed/releases-beta.xml @@ -2,7 +2,7 @@ https://www.flatcar.org/ Flatcar :: beta - 2023-10-25T10:20:35.497992+00:00 + 2023-11-22T09:59:25.211008+00:00 Flatcar Container Linux hello@kinvolk.io @@ -11,10 +11,18 @@ python-feedgen https://kinvolk.io/images/flatcar-logo.svg Flatcar Container Linux release feed + + https://github.com/flatcar/scripts/releases/tag/beta-3760.1.0 + 3760.1.0 + 2023-11-22T09:59:25.904993+00:00 + :warning: From Alpha 3794.0.0 Torcx has been removed - please assert that you don't rely on specific Torcx mechanism but now use systemd-sysext. See [here](https://www.flatcar.org/docs/latest/provisioning/sysext/) for more information.<br><br> _Changes since **Beta 3745.1.0**_<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2023-35827](https://nvd.nist.gov/vuln/detail/CVE-2023-35827), [CVE-2023-46813](https://nvd.nist.gov/vuln/detail/CVE-2023-46813), [CVE-2023-46862](https://nvd.nist.gov/vuln/detail/CVE-2023-46862), [CVE-2023-5178](https://nvd.nist.gov/vuln/detail/CVE-2023-5178), [CVE-2023-5717](https://nvd.nist.gov/vuln/detail/CVE-2023-5717))<br> - curl ([CVE-2023-38545](https://nvd.nist.gov/vuln/detail/CVE-2023-38545), [CVE-2023-38546](https://nvd.nist.gov/vuln/detail/CVE-2023-38546))<br> - glibc ([CVE-2023-4911](https://nvd.nist.gov/vuln/detail/CVE-2023-4911))<br> - go ([CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325), [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325))<br> - grub ([CVE-2023-4692](https://nvd.nist.gov/vuln/detail/CVE-2023-4692), [CVE-2023-4693](https://nvd.nist.gov/vuln/detail/CVE-2023-4693))<br> - libtirpc ([libtirpc-rhbg-2138317](http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=4a2d85c64110ee9e21a8c4f9dafd6b0ae621506d), [libtirpc-rhbg-2150611](http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=f7f0abdf267698de3f74a0285405b1b01f40893b), [libtirpc-rhbg-2224666](http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=1d2e10afb2ffc35cb3623f57a15f712359f18e75))<br> <br> #### Bug fixes:<br> <br> - Added AWS EKS support for versions 1.24-1.28. Fixed `/usr/share/amazon/eks/download-kubelet.sh` to include download paths for these versions. ([scripts#1210](https://github.com/flatcar/scripts/pull/1210))<br> - Fixed iterating over the OEM update payload signatures which prevented the AWS OEM update to 3745.x.y ([update-engine#31](https://github.com/flatcar/update_engine/pull/31))<br> - Fixed quotes handling for update-engine ([Flatcar#1209](https://github.com/flatcar/Flatcar/issues/1209))<br> - Made `sshkeys.service` more robust to only run `coreos-metadata-sshkeys@core.service` when not masked and also retry on failure ([init#112](https://github.com/flatcar/init/pull/112))<br> <br> #### Changes:<br> <br> - Brightbox: The regular OpenStack image should now be used, it includes Afterburn for instance metadata attributes<br> - OpenStack: An uncompressed image is provided for simpler import (since the images use qcow2 inline compression, there is no benefit in using the `.gz` or `.bz2` images)<br> <br> #### Updates:<br> <br> - Go ([1.20.10](https://go.dev/doc/devel/release#go1.20.10) (includes [1.20.9](https://go.dev/doc/devel/release#go1.20.9)))<br> - Linux ([6.1.62](https://lwn.net/Articles/950700) (includes [6.1.61](https://lwn.net/Articles/949826), [6.1.60](https://lwn.net/Articles/948817) and includes [6.1.59](https://lwn.net/Articles/948299)))<br> - containerd ([1.7.7](https://github.com/containerd/containerd/releases/tag/v1.7.7))<br> - curl ([8.4.0](https://curl.se/changes.html#8_4_0))<br> - libnl ([3.8.0](https://github.com/thom311/libnl/compare/libnl3_7_0...libnl3_8_0))<br> - libtirpc ([1.3.4](https://marc.info/?l=linux-nfs&m=169667640909830&w=2))<br> - libxml2 ([2.11.5](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.5))<br> - openssh ([9.5p1](https://www.openssh.com/releasenotes.html#9.5p1))<br> - pigz ([2.8](https://zlib.net/pipermail/pigz-announce_zlib.net/2023-August/000018.html))<br> - strace([6.4](https://github.com/strace/strace/releases/tag/v6.4))<br> - whois ([5.5.18](https://github.com/rfc1036/whois/blob/v5.5.18/debian/changelog))<br> <br> _Changes since **Alpha 3760.0.0**_<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2023-35827](https://nvd.nist.gov/vuln/detail/CVE-2023-35827), [CVE-2023-46813](https://nvd.nist.gov/vuln/detail/CVE-2023-46813), [CVE-2023-46862](https://nvd.nist.gov/vuln/detail/CVE-2023-46862), [CVE-2023-5178](https://nvd.nist.gov/vuln/detail/CVE-2023-5178), [CVE-2023-5717](https://nvd.nist.gov/vuln/detail/CVE-2023-5717))<br> <br> #### Bug fixes:<br> <br> - Fixed iterating over the OEM update payload signatures which prevented the AWS OEM update to 3745.x.y ([update-engine#31](https://github.com/flatcar/update_engine/pull/31))<br> - Made `sshkeys.service` more robust to only run `coreos-metadata-sshkeys@core.service` when not masked and also retry on failure ([init#112](https://github.com/flatcar/init/pull/112))<br> <br> #### Changes:<br> <br> - Brightbox: The regular OpenStack image should now be used, it includes Afterburn for instance metadata attributes<br> - OpenStack: An uncompressed image is provided for simpler import (since the images use qcow2 inline compression, there is no benefit in using the `.gz` or `.bz2` images)<br> <br> #### Updates:<br> <br> - Linux ([6.1.62](https://lwn.net/Articles/950700) (includes [6.1.61](https://lwn.net/Articles/949826), [6.1.60](https://lwn.net/Articles/948817) and includes [6.1.59](https://lwn.net/Articles/948299)))<br>Packages:<br>- containerd 1.7.7<br>- docker 20.10.24<br>- ignition 2.15.0<br>- kernel 6.1.62<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> + + 2023-11-22T07:54:40+00:00 + https://github.com/flatcar/scripts/releases/tag/beta-3745.1.0 3745.1.0 - 2023-10-25T10:20:36.176037+00:00 + 2023-11-22T09:59:25.897015+00:00 _Changes since **Beta 3732.1.0**_<br> <br> #### Security fixes:<br> <br> - curl ([CVE-2023-38039](https://nvd.nist.gov/vuln/detail/CVE-2023-38039), [CVE-2023-38545](https://nvd.nist.gov/vuln/detail/CVE-2023-38545), [CVE-2023-38546](https://nvd.nist.gov/vuln/detail/CVE-2023-38546))<br> - glibc ([CVE-2023-4527](https://nvd.nist.gov/vuln/detail/CVE-2023-4527), [CVE-2023-4806](https://nvd.nist.gov/vuln/detail/CVE-2023-4806))<br> - lua ([CVE-2022-33099](https://nvd.nist.gov/vuln/detail/CVE-2022-33099))<br> - mit-krb5 ([CVE-2023-36054](https://nvd.nist.gov/vuln/detail/CVE-2023-36054))<br> - procps ([CVE-2023-4016](https://nvd.nist.gov/vuln/detail/CVE-2023-4016))<br> - samba ([CVE-2021-44142](https://nvd.nist.gov/vuln/detail/CVE-2021-44142), [CVE-2022-1615](https://nvd.nist.gov/vuln/detail/CVE-2022-1615))<br> <br> #### Bug fixes:<br> <br> - Disabled systemd-networkd's RoutesToDNS setting by default to fix provisioning failures observed in VMs with multiple network interfaces on Azure ([scripts#1206](https://github.com/flatcar/scripts/pull/1206))<br> - Fixed the postinstall hook failure when updating from Azure instances without OEM systemd-sysext images to Flatcar Alpha 3745.x.y ([update_engine#29](https://github.com/flatcar/update_engine/pull/29))<br> <br> #### Changes:<br> <br> - AWS OEM images now use a systemd-sysext image for layering additional platform-specific software on top of `/usr`<br> - Reworked the VMware OEM software to be shipped as A/B updated systemd-sysext image<br> - SDK: Experimental support for [prefix builds](https://github.com/flatcar/scripts/blob/main/PREFIX.md) to create distro independent, portable, self-contained applications w/ all dependencies included. With contributions from [chewi](https://github.com/chewi) and [HappyTobi](https://github.com/HappyTobi).<br> - Started shipping default ssh client and ssh daemon configs in `/etc/ssh/ssh_config` and `/etc/ssh/sshd_config` which include config snippets in `/etc/ssh/ssh_config.d` and `/etc/ssh/sshd_config.d`, respectively.<br> - The open-vm-tools package in VMware OEM now comes with vmhgfs-fuse, udev rules, pam and vgauth<br> - To make Kubernetes work by default, `/usr/libexec/kubernetes/kubelet-plugins/volume/exec` is now a symlink to the writable folder `/var/kubernetes/kubelet-plugins/volume/exec` ([Flatcar#1193](https://github.com/flatcar/Flatcar/issues/1193))<br> <br> #### Updates:<br> <br> - Linux ([6.1.58](https://lwn.net/Articles/947820) (includes [6.1.57](https://lwn.net/Articles/947298), [6.1.56](https://lwn.net/Articles/946854)))<br> - Linux Firmware ([20230919](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20230919))<br> - bind-tools ([9.16.42](https://bind9.readthedocs.io/en/v9.16.42/notes.html#notes-for-bind-9-16-42))<br> - ca-certificates ([3.94](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_94.html))<br> - checkpolicy ([3.5](https://github.com/SELinuxProject/selinux/releases/tag/3.5))<br> - curl ([8.3.0](https://curl.se/changes.html#8_3_0))<br> - gcc ([13.2](https://gcc.gnu.org/gcc-13/changes.html))<br> - gzip ([1.13](https://savannah.gnu.org/news/?id=10501))<br> - libgcrypt ([1.10.2](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=blob;f=NEWS;h=c9a239615f8070427a96688b1be40a81e59e9b8a;hb=1c5cbacf3d88dded5063e959ee68678ff7d0fa56))<br> - libselinux ([3.5](https://github.com/SELinuxProject/selinux/releases/tag/3.5))<br> - libsemanage ([3.5](https://github.com/SELinuxProject/selinux/releases/tag/3.5))<br> - libsepol ([3.5](https://github.com/SELinuxProject/selinux/releases/tag/3.5))<br> - lua ([5.4.6](https://www.lua.org/manual/5.4/readme.html#changes))<br> - mit-krb5 ([1.21.2](http://web.mit.edu/kerberos/krb5-1.21/))<br> - openssh ([9.4p1](https://www.openssh.com/releasenotes.html#9.4p1))<br> - policycoreutils ([3.5](https://github.com/SELinuxProject/selinux/releases/tag/3.5))<br> - procps ([4.0.4](https://gitlab.com/procps-ng/procps/-/releases/v4.0.4) (includes [4.0.3](https://gitlab.com/procps-ng/procps/-/releases/v4.0.3) and [4.0.0](https://gitlab.com/procps-ng/procps/-/releases/v4.0.0)))<br> - rpcsvc-proto ([1.4.4](https://github.com/thkukuk/rpcsvc-proto/releases/tag/v1.4.4))<br> - samba ([4.18.4](https://wiki.samba.org/index.php/Samba_4.18_Features_added/changed#Samba_4.18.4))<br> - selinux-base ([2.20221101](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20221101))<br> - selinux-base-policy ([2.20221101](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20221101))<br> - selinux-container ([2.20221101](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20221101))<br> - selinux-sssd ([2.20221101](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20221101))<br> - selinux-unconfined ([2.20221101](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20221101))<br> - semodule-utils ([3.5](https://github.com/SELinuxProject/selinux/releases/tag/3.5))<br> - SDK: Rust ([1.72.1](https://github.com/rust-lang/rust/releases/tag/1.72.1))<br> - VMWARE: libdnet ([1.16.2](https://github.com/ofalk/libdnet/releases/tag/libdnet-1.16.2) (includes [1.16](https://github.com/ofalk/libdnet/releases/tag/libdnet-1.16)))<br><br> _Changes since **Alpha 3745.0.0**_<br> <br> #### Security fixes:<br> <br> - curl ([CVE-2023-38545](https://nvd.nist.gov/vuln/detail/CVE-2023-38545), [CVE-2023-38546](https://nvd.nist.gov/vuln/detail/CVE-2023-38546))<br> <br> #### Bug fixes:<br> <br> - Disabled systemd-networkd's RoutesToDNS setting by default to fix provisioning failures observed in VMs with multiple network interfaces on Azure ([scripts#1206](https://github.com/flatcar/scripts/pull/1206))<br> - Fixed the postinstall hook failure when updating from Azure instances without OEM systemd-sysext images to Flatcar Alpha 3745.x.y ([update_engine#29](https://github.com/flatcar/update_engine/pull/29))<br> <br> #### Changes:<br> <br> - To make Kubernetes work by default, `/usr/libexec/kubernetes/kubelet-plugins/volume/exec` is now a symlink to the writable folder `/var/kubernetes/kubelet-plugins/volume/exec` ([Flatcar#1193](https://github.com/flatcar/Flatcar/issues/1193))<br> <br> #### Updates:<br> <br> - Linux ([6.1.58](https://lwn.net/Articles/947820) (includes [6.1.57](https://lwn.net/Articles/947298), [6.1.56](https://lwn.net/Articles/946854)))<br> - ca-certificates ([3.94](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_94.html))<br>Packages:<br>- containerd 1.7.6<br>- docker 20.10.24<br>- ignition 2.15.0<br>- kernel 6.1.58<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-10-25T08:38:48+00:00 @@ -22,7 +30,7 @@ https://github.com/flatcar/scripts/releases/tag/beta-3732.1.0 3732.1.0 - 2023-10-25T10:20:36.167072+00:00 + 2023-11-22T09:59:25.887987+00:00 _Changes since **Alpha 3732.0.0**_<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2023-42755](https://nvd.nist.gov/vuln/detail/CVE-2023-42755))<br> <br> #### Bug fixes:<br> <br> - Triggered re-reading of partition table to fix adding partitions to the boot disk ([scripts#1202](https://github.com/flatcar/scripts/pull/1202))<br> <br> #### Changes:<br> <br> - Use qcow2 compressed format instead of additional compression layer in Qemu images ([Flatcar#1135](https://github.com/flatcar/Flatcar/issues/1135), [scripts#1132](https://github.com/flatcar/scripts/pull/1132))<br> <br> #### Updates:<br> <br> - Linux ([6.1.55](https://lwn.net/Articles/945379))<br><br>_Changes compared to **Beta 3602.1.6**_<br><br> #### Security fixes:<br> <br> - Linux ([CVE-2020-36516](https://nvd.nist.gov/vuln/detail/CVE-2020-36516),[CVE-2021-26401](https://nvd.nist.gov/vuln/detail/CVE-2021-26401),[CVE-2021-33135](https://nvd.nist.gov/vuln/detail/CVE-2021-33135),[CVE-2021-33655](https://nvd.nist.gov/vuln/detail/CVE-2021-33655),[CVE-2021-3923](https://nvd.nist.gov/vuln/detail/CVE-2021-3923),[CVE-2021-4155](https://nvd.nist.gov/vuln/detail/CVE-2021-4155),[CVE-2021-4197](https://nvd.nist.gov/vuln/detail/CVE-2021-4197),[CVE-2021-43976](https://nvd.nist.gov/vuln/detail/CVE-2021-43976),[CVE-2021-44879](https://nvd.nist.gov/vuln/detail/CVE-2021-44879),[CVE-2021-45469](https://nvd.nist.gov/vuln/detail/CVE-2021-45469),[CVE-2022-0001](https://nvd.nist.gov/vuln/detail/CVE-2022-0001),[CVE-2022-0002](https://nvd.nist.gov/vuln/detail/CVE-2022-0002),[CVE-2022-0168](https://nvd.nist.gov/vuln/detail/CVE-2022-0168),[CVE-2022-0185](https://nvd.nist.gov/vuln/detail/CVE-2022-0185),[CVE-2022-0330](https://nvd.nist.gov/vuln/detail/CVE-2022-0330),[CVE-2022-0382](https://nvd.nist.gov/vuln/detail/CVE-2022-0382),[CVE-2022-0433](https://nvd.nist.gov/vuln/detail/CVE-2022-0433),[CVE-2022-0435](https://nvd.nist.gov/vuln/detail/CVE-2022-0435),[CVE-2022-0487](https://nvd.nist.gov/vuln/detail/CVE-2022-0487),[CVE-2022-0492](https://nvd.nist.gov/vuln/detail/CVE-2022-0492),[CVE-2022-0494](https://nvd.nist.gov/vuln/detail/CVE-2022-0494),[CVE-2022-0500](https://nvd.nist.gov/vuln/detail/CVE-2022-0500),[CVE-2022-0516](https://nvd.nist.gov/vuln/detail/CVE-2022-0516),[CVE-2022-0617](https://nvd.nist.gov/vuln/detail/CVE-2022-0617),[CVE-2022-0742](https://nvd.nist.gov/vuln/detail/CVE-2022-0742),[CVE-2022-0847](https://nvd.nist.gov/vuln/detail/CVE-2022-0847),[CVE-2022-0995](https://nvd.nist.gov/vuln/detail/CVE-2022-0995),[CVE-2022-1011](https://nvd.nist.gov/vuln/detail/CVE-2022-1011),[CVE-2022-1012](https://nvd.nist.gov/vuln/detail/CVE-2022-1012),[CVE-2022-1015](https://nvd.nist.gov/vuln/detail/CVE-2022-1015),[CVE-2022-1016](https://nvd.nist.gov/vuln/detail/CVE-2022-1016),[CVE-2022-1048](https://nvd.nist.gov/vuln/detail/CVE-2022-1048),[CVE-2022-1055](https://nvd.nist.gov/vuln/detail/CVE-2022-1055),[CVE-2022-1158](https://nvd.nist.gov/vuln/detail/CVE-2022-1158),[CVE-2022-1184](https://nvd.nist.gov/vuln/detail/CVE-2022-1184),[CVE-2022-1198](https://nvd.nist.gov/vuln/detail/CVE-2022-1198),[CVE-2022-1199](https://nvd.nist.gov/vuln/detail/CVE-2022-1199),[CVE-2022-1204](https://nvd.nist.gov/vuln/detail/CVE-2022-1204),[CVE-2022-1205](https://nvd.nist.gov/vuln/detail/CVE-2022-1205),[CVE-2022-1263](https://nvd.nist.gov/vuln/detail/CVE-2022-1263),[CVE-2022-1353](https://nvd.nist.gov/vuln/detail/CVE-2022-1353),[CVE-2022-1462](https://nvd.nist.gov/vuln/detail/CVE-2022-1462),[CVE-2022-1516](https://nvd.nist.gov/vuln/detail/CVE-2022-1516),[CVE-2022-1651](https://nvd.nist.gov/vuln/detail/CVE-2022-1651),[CVE-2022-1652](https://nvd.nist.gov/vuln/detail/CVE-2022-1652),[CVE-2022-1671](https://nvd.nist.gov/vuln/detail/CVE-2022-1671),[CVE-2022-1679](https://nvd.nist.gov/vuln/detail/CVE-2022-1679),[CVE-2022-1729](https://nvd.nist.gov/vuln/detail/CVE-2022-1729),[CVE-2022-1734](https://nvd.nist.gov/vuln/detail/CVE-2022-1734),[CVE-2022-1789](https://nvd.nist.gov/vuln/detail/CVE-2022-1789),[CVE-2022-1852](https://nvd.nist.gov/vuln/detail/CVE-2022-1852),[CVE-2022-1882](https://nvd.nist.gov/vuln/detail/CVE-2022-1882),[CVE-2022-1943](https://nvd.nist.gov/vuln/detail/CVE-2022-1943),[CVE-2022-1973](https://nvd.nist.gov/vuln/detail/CVE-2022-1973),[CVE-2022-1974](https://nvd.nist.gov/vuln/detail/CVE-2022-1974),[CVE-2022-1975](https://nvd.nist.gov/vuln/detail/CVE-2022-1975),[CVE-2022-1976](https://nvd.nist.gov/vuln/detail/CVE-2022-1976),[CVE-2022-1998](https://nvd.nist.gov/vuln/detail/CVE-2022-1998),[CVE-2022-20008](https://nvd.nist.gov/vuln/detail/CVE-2022-20008),[CVE-2022-20158](https://nvd.nist.gov/vuln/detail/CVE-2022-20158),[CVE-2022-20368](https://nvd.nist.gov/vuln/detail/CVE-2022-20368),[CVE-2022-20369](https://nvd.nist.gov/vuln/detail/CVE-2022-20369),[CVE-2022-20421](https://nvd.nist.gov/vuln/detail/CVE-2022-20421),[CVE-2022-20422](https://nvd.nist.gov/vuln/detail/CVE-2022-20422),[CVE-2022-20423](https://nvd.nist.gov/vuln/detail/CVE-2022-20423),[CVE-2022-20566](https://nvd.nist.gov/vuln/detail/CVE-2022-20566),[CVE-2022-20572](https://nvd.nist.gov/vuln/detail/CVE-2022-20572),[CVE-2022-2078](https://nvd.nist.gov/vuln/detail/CVE-2022-2078),[CVE-2022-21123](https://nvd.nist.gov/vuln/detail/CVE-2022-21123),[CVE-2022-21125](https://nvd.nist.gov/vuln/detail/CVE-2022-21125),[CVE-2022-21166](https://nvd.nist.gov/vuln/detail/CVE-2022-21166),[CVE-2022-21499](https://nvd.nist.gov/vuln/detail/CVE-2022-21499),[CVE-2022-21505](https://nvd.nist.gov/vuln/detail/CVE-2022-21505),[CVE-2022-2153](https://nvd.nist.gov/vuln/detail/CVE-2022-2153),[CVE-2022-2196](https://nvd.nist.gov/vuln/detail/CVE-2022-2196),[CVE-2022-22942](https://nvd.nist.gov/vuln/detail/CVE-2022-22942),[CVE-2022-23036](https://nvd.nist.gov/vuln/detail/CVE-2022-23036),[CVE-2022-23037](https://nvd.nist.gov/vuln/detail/CVE-2022-23037),[CVE-2022-23038](https://nvd.nist.gov/vuln/detail/CVE-2022-23038),[CVE-2022-23039](https://nvd.nist.gov/vuln/detail/CVE-2022-23039),[CVE-2022-23040](https://nvd.nist.gov/vuln/detail/CVE-2022-23040),[CVE-2022-23041](https://nvd.nist.gov/vuln/detail/CVE-2022-23041),[CVE-2022-23042](https://nvd.nist.gov/vuln/detail/CVE-2022-23042),[CVE-2022-2308](https://nvd.nist.gov/vuln/detail/CVE-2022-2308),[CVE-2022-2318](https://nvd.nist.gov/vuln/detail/CVE-2022-2318),[CVE-2022-23222](https://nvd.nist.gov/vuln/detail/CVE-2022-23222),[CVE-2022-2380](https://nvd.nist.gov/vuln/detail/CVE-2022-2380),[CVE-2022-23960](https://nvd.nist.gov/vuln/detail/CVE-2022-23960),[CVE-2022-24448](https://nvd.nist.gov/vuln/detail/CVE-2022-24448),[CVE-2022-24958](https://nvd.nist.gov/vuln/detail/CVE-2022-24958),[CVE-2022-24959](https://nvd.nist.gov/vuln/detail/CVE-2022-24959),[CVE-2022-2503](https://nvd.nist.gov/vuln/detail/CVE-2022-2503),[CVE-2022-25258](https://nvd.nist.gov/vuln/detail/CVE-2022-25258),[CVE-2022-25375](https://nvd.nist.gov/vuln/detail/CVE-2022-25375),[CVE-2022-25636](https://nvd.nist.gov/vuln/detail/CVE-2022-25636),[CVE-2022-2585](https://nvd.nist.gov/vuln/detail/CVE-2022-2585),[CVE-2022-2586](https://nvd.nist.gov/vuln/detail/CVE-2022-2586),[CVE-2022-2588](https://nvd.nist.gov/vuln/detail/CVE-2022-2588),[CVE-2022-2590](https://nvd.nist.gov/vuln/detail/CVE-2022-2590),[CVE-2022-2602](https://nvd.nist.gov/vuln/detail/CVE-2022-2602),[CVE-2022-26365](https://nvd.nist.gov/vuln/detail/CVE-2022-26365),[CVE-2022-26373](https://nvd.nist.gov/vuln/detail/CVE-2022-26373),[CVE-2022-2639](https://nvd.nist.gov/vuln/detail/CVE-2022-2639),[CVE-2022-26490](https://nvd.nist.gov/vuln/detail/CVE-2022-26490),[CVE-2022-2663](https://nvd.nist.gov/vuln/detail/CVE-2022-2663),[CVE-2022-26966](https://nvd.nist.gov/vuln/detail/CVE-2022-26966),[CVE-2022-27223](https://nvd.nist.gov/vuln/detail/CVE-2022-27223),[CVE-2022-27666](https://nvd.nist.gov/vuln/detail/CVE-2022-27666),[CVE-2022-27672](https://nvd.nist.gov/vuln/detail/CVE-2022-27672),[CVE-2022-2785](https://nvd.nist.gov/vuln/detail/CVE-2022-2785),[CVE-2022-27950](https://nvd.nist.gov/vuln/detail/CVE-2022-27950),[CVE-2022-28356](https://nvd.nist.gov/vuln/detail/CVE-2022-28356),[CVE-2022-28388](https://nvd.nist.gov/vuln/detail/CVE-2022-28388),[CVE-2022-28389](https://nvd.nist.gov/vuln/detail/CVE-2022-28389),[CVE-2022-28390](https://nvd.nist.gov/vuln/detail/CVE-2022-28390),[CVE-2022-2873](https://nvd.nist.gov/vuln/detail/CVE-2022-2873),[CVE-2022-28796](https://nvd.nist.gov/vuln/detail/CVE-2022-28796),[CVE-2022-28893](https://nvd.nist.gov/vuln/detail/CVE-2022-28893),[CVE-2022-2905](https://nvd.nist.gov/vuln/detail/CVE-2022-2905),[CVE-2022-29156](https://nvd.nist.gov/vuln/detail/CVE-2022-29156),[CVE-2022-2938](https://nvd.nist.gov/vuln/detail/CVE-2022-2938),[CVE-2022-29581](https://nvd.nist.gov/vuln/detail/CVE-2022-29581),[CVE-2022-29582](https://nvd.nist.gov/vuln/detail/CVE-2022-29582),[CVE-2022-2959](https://nvd.nist.gov/vuln/detail/CVE-2022-2959),[CVE-2022-2964](https://nvd.nist.gov/vuln/detail/CVE-2022-2964),[CVE-2022-2977](https://nvd.nist.gov/vuln/detail/CVE-2022-2977),[CVE-2022-2978](https://nvd.nist.gov/vuln/detail/CVE-2022-2978),[CVE-2022-29900](https://nvd.nist.gov/vuln/detail/CVE-2022-29900),[CVE-2022-29901](https://nvd.nist.gov/vuln/detail/CVE-2022-29901),[CVE-2022-29968](https://nvd.nist.gov/vuln/detail/CVE-2022-29968),[CVE-2022-3028](https://nvd.nist.gov/vuln/detail/CVE-2022-3028),[CVE-2022-30594](https://nvd.nist.gov/vuln/detail/CVE-2022-30594),[CVE-2022-3077](https://nvd.nist.gov/vuln/detail/CVE-2022-3077),[CVE-2022-3078](https://nvd.nist.gov/vuln/detail/CVE-2022-3078),[CVE-2022-3104](https://nvd.nist.gov/vuln/detail/CVE-2022-3104),[CVE-2022-3105](https://nvd.nist.gov/vuln/detail/CVE-2022-3105),[CVE-2022-3107](https://nvd.nist.gov/vuln/detail/CVE-2022-3107),[CVE-2022-3108](https://nvd.nist.gov/vuln/detail/CVE-2022-3108),[CVE-2022-3110](https://nvd.nist.gov/vuln/detail/CVE-2022-3110),[CVE-2022-3111](https://nvd.nist.gov/vuln/detail/CVE-2022-3111),[CVE-2022-3112](https://nvd.nist.gov/vuln/detail/CVE-2022-3112),[CVE-2022-3113](https://nvd.nist.gov/vuln/detail/CVE-2022-3113),[CVE-2022-3115](https://nvd.nist.gov/vuln/detail/CVE-2022-3115),[CVE-2022-3169](https://nvd.nist.gov/vuln/detail/CVE-2022-3169),[CVE-2022-3202](https://nvd.nist.gov/vuln/detail/CVE-2022-3202),[CVE-2022-32250](https://nvd.nist.gov/vuln/detail/CVE-2022-32250),[CVE-2022-32296](https://nvd.nist.gov/vuln/detail/CVE-2022-32296),[CVE-2022-3239](https://nvd.nist.gov/vuln/detail/CVE-2022-3239),[CVE-2022-32981](https://nvd.nist.gov/vuln/detail/CVE-2022-32981),[CVE-2022-3303](https://nvd.nist.gov/vuln/detail/CVE-2022-3303),[CVE-2022-3344](https://nvd.nist.gov/vuln/detail/CVE-2022-3344),[CVE-2022-33740](https://nvd.nist.gov/vuln/detail/CVE-2022-33740),[CVE-2022-33741](https://nvd.nist.gov/vuln/detail/CVE-2022-33741),[CVE-2022-33742](https://nvd.nist.gov/vuln/detail/CVE-2022-33742),[CVE-2022-33743](https://nvd.nist.gov/vuln/detail/CVE-2022-33743),[CVE-2022-33744](https://nvd.nist.gov/vuln/detail/CVE-2022-33744),[CVE-2022-33981](https://nvd.nist.gov/vuln/detail/CVE-2022-33981),[CVE-2022-3424](https://nvd.nist.gov/vuln/detail/CVE-2022-3424),[CVE-2022-3435](https://nvd.nist.gov/vuln/detail/CVE-2022-3435),[CVE-2022-34494](https://nvd.nist.gov/vuln/detail/CVE-2022-34494),[CVE-2022-34495](https://nvd.nist.gov/vuln/detail/CVE-2022-34495),[CVE-2022-34918](https://nvd.nist.gov/vuln/detail/CVE-2022-34918),[CVE-2022-3521](https://nvd.nist.gov/vuln/detail/CVE-2022-3521),[CVE-2022-3524](https://nvd.nist.gov/vuln/detail/CVE-2022-3524),[CVE-2022-3526](https://nvd.nist.gov/vuln/detail/CVE-2022-3526),[CVE-2022-3534](https://nvd.nist.gov/vuln/detail/CVE-2022-3534),[CVE-2022-3541](https://nvd.nist.gov/vuln/detail/CVE-2022-3541),[CVE-2022-3543](https://nvd.nist.gov/vuln/detail/CVE-2022-3543),[CVE-2022-3564](https://nvd.nist.gov/vuln/detail/CVE-2022-3564),[CVE-2022-3565](https://nvd.nist.gov/vuln/detail/CVE-2022-3565),[CVE-2022-3577](https://nvd.nist.gov/vuln/detail/CVE-2022-3577),[CVE-2022-3586](https://nvd.nist.gov/vuln/detail/CVE-2022-3586),[CVE-2022-3594](https://nvd.nist.gov/vuln/detail/CVE-2022-3594),[CVE-2022-3595](https://nvd.nist.gov/vuln/detail/CVE-2022-3595),[CVE-2022-36123](https://nvd.nist.gov/vuln/detail/CVE-2022-36123),[CVE-2022-3619](https://nvd.nist.gov/vuln/detail/CVE-2022-3619),[CVE-2022-3621](https://nvd.nist.gov/vuln/detail/CVE-2022-3621),[CVE-2022-3623](https://nvd.nist.gov/vuln/detail/CVE-2022-3623),[CVE-2022-3625](https://nvd.nist.gov/vuln/detail/CVE-2022-3625),[CVE-2022-3628](https://nvd.nist.gov/vuln/detail/CVE-2022-3628),[CVE-2022-36280](https://nvd.nist.gov/vuln/detail/CVE-2022-36280),[CVE-2022-3635](https://nvd.nist.gov/vuln/detail/CVE-2022-3635),[CVE-2022-3640](https://nvd.nist.gov/vuln/detail/CVE-2022-3640),[CVE-2022-3643](https://nvd.nist.gov/vuln/detail/CVE-2022-3643),[CVE-2022-3646](https://nvd.nist.gov/vuln/detail/CVE-2022-3646),[CVE-2022-3649](https://nvd.nist.gov/vuln/detail/CVE-2022-3649),[CVE-2022-36879](https://nvd.nist.gov/vuln/detail/CVE-2022-36879),[CVE-2022-36946](https://nvd.nist.gov/vuln/detail/CVE-2022-36946),[CVE-2022-3707](https://nvd.nist.gov/vuln/detail/CVE-2022-3707),[CVE-2022-38457](https://nvd.nist.gov/vuln/detail/CVE-2022-38457),[CVE-2022-3910](https://nvd.nist.gov/vuln/detail/CVE-2022-3910),[CVE-2022-39189](https://nvd.nist.gov/vuln/detail/CVE-2022-39189),[CVE-2022-39190](https://nvd.nist.gov/vuln/detail/CVE-2022-39190),[CVE-2022-3977](https://nvd.nist.gov/vuln/detail/CVE-2022-3977),[CVE-2022-40133](https://nvd.nist.gov/vuln/detail/CVE-2022-40133),[CVE-2022-40307](https://nvd.nist.gov/vuln/detail/CVE-2022-40307),[CVE-2022-40768](https://nvd.nist.gov/vuln/detail/CVE-2022-40768),[CVE-2022-4095](https://nvd.nist.gov/vuln/detail/CVE-2022-4095),[CVE-2022-40982](https://nvd.nist.gov/vuln/detail/CVE-2022-40982),[CVE-2022-41218](https://nvd.nist.gov/vuln/detail/CVE-2022-41218),[CVE-2022-4128](https://nvd.nist.gov/vuln/detail/CVE-2022-4128),[CVE-2022-4139](https://nvd.nist.gov/vuln/detail/CVE-2022-4139),[CVE-2022-41674](https://nvd.nist.gov/vuln/detail/CVE-2022-41674),[CVE-2022-41849](https://nvd.nist.gov/vuln/detail/CVE-2022-41849),[CVE-2022-41850](https://nvd.nist.gov/vuln/detail/CVE-2022-41850),[CVE-2022-41858](https://nvd.nist.gov/vuln/detail/CVE-2022-41858),[CVE-2022-42328](https://nvd.nist.gov/vuln/detail/CVE-2022-42328),[CVE-2022-42329](https://nvd.nist.gov/vuln/detail/CVE-2022-42329),[CVE-2022-42432](https://nvd.nist.gov/vuln/detail/CVE-2022-42432),[CVE-2022-4269](https://nvd.nist.gov/vuln/detail/CVE-2022-4269),[CVE-2022-42703](https://nvd.nist.gov/vuln/detail/CVE-2022-42703),[CVE-2022-42719](https://nvd.nist.gov/vuln/detail/CVE-2022-42719),[CVE-2022-42720](https://nvd.nist.gov/vuln/detail/CVE-2022-42720),[CVE-2022-42721](https://nvd.nist.gov/vuln/detail/CVE-2022-42721),[CVE-2022-42722](https://nvd.nist.gov/vuln/detail/CVE-2022-42722),[CVE-2022-42895](https://nvd.nist.gov/vuln/detail/CVE-2022-42895),[CVE-2022-42896](https://nvd.nist.gov/vuln/detail/CVE-2022-42896),[CVE-2022-43750](https://nvd.nist.gov/vuln/detail/CVE-2022-43750),[CVE-2022-4378](https://nvd.nist.gov/vuln/detail/CVE-2022-4378),[CVE-2022-4379](https://nvd.nist.gov/vuln/detail/CVE-2022-4379),[CVE-2022-4382](https://nvd.nist.gov/vuln/detail/CVE-2022-4382),[CVE-2022-43945](https://nvd.nist.gov/vuln/detail/CVE-2022-43945),[CVE-2022-45869](https://nvd.nist.gov/vuln/detail/CVE-2022-45869),[CVE-2022-45886](https://nvd.nist.gov/vuln/detail/CVE-2022-45886),[CVE-2022-45887](https://nvd.nist.gov/vuln/detail/CVE-2022-45887),[CVE-2022-45919](https://nvd.nist.gov/vuln/detail/CVE-2022-45919),[CVE-2022-45934](https://nvd.nist.gov/vuln/detail/CVE-2022-45934),[CVE-2022-4662](https://nvd.nist.gov/vuln/detail/CVE-2022-4662),[CVE-2022-47518](https://nvd.nist.gov/vuln/detail/CVE-2022-47518),[CVE-2022-47519](https://nvd.nist.gov/vuln/detail/CVE-2022-47519),[CVE-2022-47520](https://nvd.nist.gov/vuln/detail/CVE-2022-47520),[CVE-2022-47521](https://nvd.nist.gov/vuln/detail/CVE-2022-47521),[CVE-2022-47929](https://nvd.nist.gov/vuln/detail/CVE-2022-47929),[CVE-2022-47938](https://nvd.nist.gov/vuln/detail/CVE-2022-47938),[CVE-2022-47939](https://nvd.nist.gov/vuln/detail/CVE-2022-47939),[CVE-2022-47940](https://nvd.nist.gov/vuln/detail/CVE-2022-47940),[CVE-2022-47941](https://nvd.nist.gov/vuln/detail/CVE-2022-47941),[CVE-2022-47942](https://nvd.nist.gov/vuln/detail/CVE-2022-47942),[CVE-2022-47943](https://nvd.nist.gov/vuln/detail/CVE-2022-47943),[CVE-2022-4842](https://nvd.nist.gov/vuln/detail/CVE-2022-4842),[CVE-2022-48423](https://nvd.nist.gov/vuln/detail/CVE-2022-48423),[CVE-2022-48424](https://nvd.nist.gov/vuln/detail/CVE-2022-48424),[CVE-2022-48425](https://nvd.nist.gov/vuln/detail/CVE-2022-48425),[CVE-2022-48502](https://nvd.nist.gov/vuln/detail/CVE-2022-48502),[CVE-2023-0045](https://nvd.nist.gov/vuln/detail/CVE-2023-0045),[CVE-2023-0160](https://nvd.nist.gov/vuln/detail/CVE-2023-0160),[CVE-2023-0179](https://nvd.nist.gov/vuln/detail/CVE-2023-0179),[CVE-2023-0210](https://nvd.nist.gov/vuln/detail/CVE-2023-0210),[CVE-2023-0266](https://nvd.nist.gov/vuln/detail/CVE-2023-0266),[CVE-2023-0386](https://nvd.nist.gov/vuln/detail/CVE-2023-0386),[CVE-2023-0394](https://nvd.nist.gov/vuln/detail/CVE-2023-0394),[CVE-2023-0458](https://nvd.nist.gov/vuln/detail/CVE-2023-0458),[CVE-2023-0459](https://nvd.nist.gov/vuln/detail/CVE-2023-0459),[CVE-2023-0461](https://nvd.nist.gov/vuln/detail/CVE-2023-0461),[CVE-2023-0468](https://nvd.nist.gov/vuln/detail/CVE-2023-0468),[CVE-2023-0469](https://nvd.nist.gov/vuln/detail/CVE-2023-0469),[CVE-2023-0590](https://nvd.nist.gov/vuln/detail/CVE-2023-0590),[CVE-2023-0615](https://nvd.nist.gov/vuln/detail/CVE-2023-0615),[CVE-2023-1032](https://nvd.nist.gov/vuln/detail/CVE-2023-1032),[CVE-2023-1073](https://nvd.nist.gov/vuln/detail/CVE-2023-1073),[CVE-2023-1074](https://nvd.nist.gov/vuln/detail/CVE-2023-1074),[CVE-2023-1075](https://nvd.nist.gov/vuln/detail/CVE-2023-1075),[CVE-2023-1076](https://nvd.nist.gov/vuln/detail/CVE-2023-1076),[CVE-2023-1077](https://nvd.nist.gov/vuln/detail/CVE-2023-1077),[CVE-2023-1078](https://nvd.nist.gov/vuln/detail/CVE-2023-1078),[CVE-2023-1079](https://nvd.nist.gov/vuln/detail/CVE-2023-1079),[CVE-2023-1095](https://nvd.nist.gov/vuln/detail/CVE-2023-1095),[CVE-2023-1118](https://nvd.nist.gov/vuln/detail/CVE-2023-1118),[CVE-2023-1192](https://nvd.nist.gov/vuln/detail/CVE-2023-1192),[CVE-2023-1194](https://nvd.nist.gov/vuln/detail/CVE-2023-1194),[CVE-2023-1206](https://nvd.nist.gov/vuln/detail/CVE-2023-1206),[CVE-2023-1249](https://nvd.nist.gov/vuln/detail/CVE-2023-1249),[CVE-2023-1281](https://nvd.nist.gov/vuln/detail/CVE-2023-1281),[CVE-2023-1380](https://nvd.nist.gov/vuln/detail/CVE-2023-1380),[CVE-2023-1382](https://nvd.nist.gov/vuln/detail/CVE-2023-1382),[CVE-2023-1513](https://nvd.nist.gov/vuln/detail/CVE-2023-1513),[CVE-2023-1582](https://nvd.nist.gov/vuln/detail/CVE-2023-1582),[CVE-2023-1583](https://nvd.nist.gov/vuln/detail/CVE-2023-1583),[CVE-2023-1611](https://nvd.nist.gov/vuln/detail/CVE-2023-1611),[CVE-2023-1637](https://nvd.nist.gov/vuln/detail/CVE-2023-1637),[CVE-2023-1652](https://nvd.nist.gov/vuln/detail/CVE-2023-1652),[CVE-2023-1670](https://nvd.nist.gov/vuln/detail/CVE-2023-1670),[CVE-2023-1829](https://nvd.nist.gov/vuln/detail/CVE-2023-1829),[CVE-2023-1838](https://nvd.nist.gov/vuln/detail/CVE-2023-1838),[CVE-2023-1855](https://nvd.nist.gov/vuln/detail/CVE-2023-1855),[CVE-2023-1859](https://nvd.nist.gov/vuln/detail/CVE-2023-1859),[CVE-2023-1872](https://nvd.nist.gov/vuln/detail/CVE-2023-1872),[CVE-2023-1989](https://nvd.nist.gov/vuln/detail/CVE-2023-1989),[CVE-2023-1990](https://nvd.nist.gov/vuln/detail/CVE-2023-1990),[CVE-2023-1998](https://nvd.nist.gov/vuln/detail/CVE-2023-1998),[CVE-2023-2002](https://nvd.nist.gov/vuln/detail/CVE-2023-2002),[CVE-2023-2006](https://nvd.nist.gov/vuln/detail/CVE-2023-2006),[CVE-2023-2008](https://nvd.nist.gov/vuln/detail/CVE-2023-2008),[CVE-2023-2019](https://nvd.nist.gov/vuln/detail/CVE-2023-2019),[CVE-2023-20569](https://nvd.nist.gov/vuln/detail/CVE-2023-20569),[CVE-2023-20588](https://nvd.nist.gov/vuln/detail/CVE-2023-20588),[CVE-2023-20593](https://nvd.nist.gov/vuln/detail/CVE-2023-20593),[CVE-2023-20928](https://nvd.nist.gov/vuln/detail/CVE-2023-20928),[CVE-2023-20938](https://nvd.nist.gov/vuln/detail/CVE-2023-20938),[CVE-2023-21102](https://nvd.nist.gov/vuln/detail/CVE-2023-21102),[CVE-2023-21106](https://nvd.nist.gov/vuln/detail/CVE-2023-21106),[CVE-2023-2124](https://nvd.nist.gov/vuln/detail/CVE-2023-2124),[CVE-2023-21255](https://nvd.nist.gov/vuln/detail/CVE-2023-21255),[CVE-2023-2156](https://nvd.nist.gov/vuln/detail/CVE-2023-2156),[CVE-2023-2162](https://nvd.nist.gov/vuln/detail/CVE-2023-2162),[CVE-2023-2163](https://nvd.nist.gov/vuln/detail/CVE-2023-2163),[CVE-2023-2166](https://nvd.nist.gov/vuln/detail/CVE-2023-2166),[CVE-2023-2177](https://nvd.nist.gov/vuln/detail/CVE-2023-2177),[CVE-2023-2194](https://nvd.nist.gov/vuln/detail/CVE-2023-2194),[CVE-2023-2235](https://nvd.nist.gov/vuln/detail/CVE-2023-2235),[CVE-2023-2236](https://nvd.nist.gov/vuln/detail/CVE-2023-2236),[CVE-2023-2269](https://nvd.nist.gov/vuln/detail/CVE-2023-2269),[CVE-2023-22996](https://nvd.nist.gov/vuln/detail/CVE-2023-22996),[CVE-2023-22997](https://nvd.nist.gov/vuln/detail/CVE-2023-22997),[CVE-2023-22998](https://nvd.nist.gov/vuln/detail/CVE-2023-22998),[CVE-2023-22999](https://nvd.nist.gov/vuln/detail/CVE-2023-22999),[CVE-2023-23001](https://nvd.nist.gov/vuln/detail/CVE-2023-23001),[CVE-2023-23002](https://nvd.nist.gov/vuln/detail/CVE-2023-23002),[CVE-2023-23454](https://nvd.nist.gov/vuln/detail/CVE-2023-23454),[CVE-2023-23455](https://nvd.nist.gov/vuln/detail/CVE-2023-23455),[CVE-2023-23559](https://nvd.nist.gov/vuln/detail/CVE-2023-23559),[CVE-2023-2430](https://nvd.nist.gov/vuln/detail/CVE-2023-2430),[CVE-2023-25012](https://nvd.nist.gov/vuln/detail/CVE-2023-25012),[CVE-2023-2513](https://nvd.nist.gov/vuln/detail/CVE-2023-2513),[CVE-2023-25775](https://nvd.nist.gov/vuln/detail/CVE-2023-25775),[CVE-2023-26544](https://nvd.nist.gov/vuln/detail/CVE-2023-26544),[CVE-2023-26545](https://nvd.nist.gov/vuln/detail/CVE-2023-26545),[CVE-2023-26606](https://nvd.nist.gov/vuln/detail/CVE-2023-26606),[CVE-2023-26607](https://nvd.nist.gov/vuln/detail/CVE-2023-26607),[CVE-2023-28327](https://nvd.nist.gov/vuln/detail/CVE-2023-28327),[CVE-2023-28328](https://nvd.nist.gov/vuln/detail/CVE-2023-28328),[CVE-2023-28410](https://nvd.nist.gov/vuln/detail/CVE-2023-28410),[CVE-2023-28466](https://nvd.nist.gov/vuln/detail/CVE-2023-28466),[CVE-2023-28866](https://nvd.nist.gov/vuln/detail/CVE-2023-28866),[CVE-2023-2898](https://nvd.nist.gov/vuln/detail/CVE-2023-2898),[CVE-2023-2985](https://nvd.nist.gov/vuln/detail/CVE-2023-2985),[CVE-2023-3006](https://nvd.nist.gov/vuln/detail/CVE-2023-3006),[CVE-2023-30456](https://nvd.nist.gov/vuln/detail/CVE-2023-30456),[CVE-2023-30772](https://nvd.nist.gov/vuln/detail/CVE-2023-30772),[CVE-2023-3090](https://nvd.nist.gov/vuln/detail/CVE-2023-3090),[CVE-2023-3111](https://nvd.nist.gov/vuln/detail/CVE-2023-3111),[CVE-2023-31248](https://nvd.nist.gov/vuln/detail/CVE-2023-31248),[CVE-2023-3141](https://nvd.nist.gov/vuln/detail/CVE-2023-3141),[CVE-2023-31436](https://nvd.nist.gov/vuln/detail/CVE-2023-31436),[CVE-2023-3159](https://nvd.nist.gov/vuln/detail/CVE-2023-3159),[CVE-2023-3161](https://nvd.nist.gov/vuln/detail/CVE-2023-3161),[CVE-2023-3212](https://nvd.nist.gov/vuln/detail/CVE-2023-3212),[CVE-2023-3220](https://nvd.nist.gov/vuln/detail/CVE-2023-3220),[CVE-2023-32233](https://nvd.nist.gov/vuln/detail/CVE-2023-32233),[CVE-2023-32247](https://nvd.nist.gov/vuln/detail/CVE-2023-32247),[CVE-2023-32248](https://nvd.nist.gov/vuln/detail/CVE-2023-32248),[CVE-2023-32250](https://nvd.nist.gov/vuln/detail/CVE-2023-32250),[CVE-2023-32252](https://nvd.nist.gov/vuln/detail/CVE-2023-32252),[CVE-2023-32254](https://nvd.nist.gov/vuln/detail/CVE-2023-32254),[CVE-2023-32257](https://nvd.nist.gov/vuln/detail/CVE-2023-32257),[CVE-2023-32258](https://nvd.nist.gov/vuln/detail/CVE-2023-32258),[CVE-2023-32269](https://nvd.nist.gov/vuln/detail/CVE-2023-32269),[CVE-2023-3268](https://nvd.nist.gov/vuln/detail/CVE-2023-3268),[CVE-2023-3269](https://nvd.nist.gov/vuln/detail/CVE-2023-3269),[CVE-2023-33203](https://nvd.nist.gov/vuln/detail/CVE-2023-33203),[CVE-2023-33288](https://nvd.nist.gov/vuln/detail/CVE-2023-33288),[CVE-2023-3355](https://nvd.nist.gov/vuln/detail/CVE-2023-3355),[CVE-2023-3357](https://nvd.nist.gov/vuln/detail/CVE-2023-3357),[CVE-2023-3358](https://nvd.nist.gov/vuln/detail/CVE-2023-3358),[CVE-2023-3359](https://nvd.nist.gov/vuln/detail/CVE-2023-3359),[CVE-2023-3390](https://nvd.nist.gov/vuln/detail/CVE-2023-3390),[CVE-2023-33951](https://nvd.nist.gov/vuln/detail/CVE-2023-33951),[CVE-2023-33952](https://nvd.nist.gov/vuln/detail/CVE-2023-33952),[CVE-2023-34319](https://nvd.nist.gov/vuln/detail/CVE-2023-34319),[CVE-2023-3439](https://nvd.nist.gov/vuln/detail/CVE-2023-3439),[CVE-2023-35001](https://nvd.nist.gov/vuln/detail/CVE-2023-35001),[CVE-2023-3567](https://nvd.nist.gov/vuln/detail/CVE-2023-3567),[CVE-2023-35788](https://nvd.nist.gov/vuln/detail/CVE-2023-35788),[CVE-2023-35823](https://nvd.nist.gov/vuln/detail/CVE-2023-35823),[CVE-2023-35824](https://nvd.nist.gov/vuln/detail/CVE-2023-35824),[CVE-2023-35826](https://nvd.nist.gov/vuln/detail/CVE-2023-35826),[CVE-2023-35828](https://nvd.nist.gov/vuln/detail/CVE-2023-35828),[CVE-2023-35829](https://nvd.nist.gov/vuln/detail/CVE-2023-35829),[CVE-2023-3609](https://nvd.nist.gov/vuln/detail/CVE-2023-3609),[CVE-2023-3610](https://nvd.nist.gov/vuln/detail/CVE-2023-3610),[CVE-2023-3611](https://nvd.nist.gov/vuln/detail/CVE-2023-3611),[CVE-2023-3772](https://nvd.nist.gov/vuln/detail/CVE-2023-3772),[CVE-2023-3773](https://nvd.nist.gov/vuln/detail/CVE-2023-3773),[CVE-2023-3776](https://nvd.nist.gov/vuln/detail/CVE-2023-3776),[CVE-2023-3777](https://nvd.nist.gov/vuln/detail/CVE-2023-3777),[CVE-2023-3812](https://nvd.nist.gov/vuln/detail/CVE-2023-3812),[CVE-2023-38409](https://nvd.nist.gov/vuln/detail/CVE-2023-38409),[CVE-2023-38426](https://nvd.nist.gov/vuln/detail/CVE-2023-38426),[CVE-2023-38427](https://nvd.nist.gov/vuln/detail/CVE-2023-38427),[CVE-2023-38428](https://nvd.nist.gov/vuln/detail/CVE-2023-38428),[CVE-2023-38429](https://nvd.nist.gov/vuln/detail/CVE-2023-38429),[CVE-2023-38430](https://nvd.nist.gov/vuln/detail/CVE-2023-38430),[CVE-2023-38431](https://nvd.nist.gov/vuln/detail/CVE-2023-38431),[CVE-2023-38432](https://nvd.nist.gov/vuln/detail/CVE-2023-38432),[CVE-2023-3863](https://nvd.nist.gov/vuln/detail/CVE-2023-3863),[CVE-2023-3865](https://nvd.nist.gov/vuln/detail/CVE-2023-3865),[CVE-2023-3866](https://nvd.nist.gov/vuln/detail/CVE-2023-3866),[CVE-2023-3867](https://nvd.nist.gov/vuln/detail/CVE-2023-3867),[CVE-2023-4004](https://nvd.nist.gov/vuln/detail/CVE-2023-4004),[CVE-2023-4015](https://nvd.nist.gov/vuln/detail/CVE-2023-4015),[CVE-2023-40283](https://nvd.nist.gov/vuln/detail/CVE-2023-40283),[CVE-2023-4128](https://nvd.nist.gov/vuln/detail/CVE-2023-4128),[CVE-2023-4132](https://nvd.nist.gov/vuln/detail/CVE-2023-4132),[CVE-2023-4147](https://nvd.nist.gov/vuln/detail/CVE-2023-4147),[CVE-2023-4155](https://nvd.nist.gov/vuln/detail/CVE-2023-4155),[CVE-2023-4206](https://nvd.nist.gov/vuln/detail/CVE-2023-4206),[CVE-2023-4207](https://nvd.nist.gov/vuln/detail/CVE-2023-4207),[CVE-2023-4208](https://nvd.nist.gov/vuln/detail/CVE-2023-4208),[CVE-2023-4273](https://nvd.nist.gov/vuln/detail/CVE-2023-4273),[CVE-2023-42752](https://nvd.nist.gov/vuln/detail/CVE-2023-42752),[CVE-2023-42753](https://nvd.nist.gov/vuln/detail/CVE-2023-42753),[CVE-2023-42755](https://nvd.nist.gov/vuln/detail/CVE-2023-42755),[CVE-2023-4385](https://nvd.nist.gov/vuln/detail/CVE-2023-4385),[CVE-2023-4387](https://nvd.nist.gov/vuln/detail/CVE-2023-4387),[CVE-2023-4389](https://nvd.nist.gov/vuln/detail/CVE-2023-4389),[CVE-2023-4394](https://nvd.nist.gov/vuln/detail/CVE-2023-4394),[CVE-2023-4459](https://nvd.nist.gov/vuln/detail/CVE-2023-4459),[CVE-2023-4569](https://nvd.nist.gov/vuln/detail/CVE-2023-4569),[CVE-2023-4623](https://nvd.nist.gov/vuln/detail/CVE-2023-4623),[CVE-2023-4921](https://nvd.nist.gov/vuln/detail/CVE-2023-4921), [CVE-2022-40982](https://nvd.nist.gov/vuln/detail/CVE-2022-40982), [CVE-2022-41804](https://nvd.nist.gov/vuln/detail/CVE-2022-41804), [CVE-2023-20569](https://nvd.nist.gov/vuln/detail/CVE-2023-20569), [CVE-2023-23908](https://nvd.nist.gov/vuln/detail/CVE-2023-23908))<br> - Go ([CVE-2023-29402](https://nvd.nist.gov/vuln/detail/CVE-2023-29402), [CVE-2023-29403](https://nvd.nist.gov/vuln/detail/CVE-2023-29403), [CVE-2023-29404](https://nvd.nist.gov/vuln/detail/CVE-2023-29404), [CVE-2023-29405](https://nvd.nist.gov/vuln/detail/CVE-2023-29405), [CVE-2023-29406](https://nvd.nist.gov/vuln/detail/CVE-2023-29406),[CVE-2023-29409](https://nvd.nist.gov/vuln/detail/CVE-2023-29409),[CVE-2023-39318](https://nvd.nist.gov/vuln/detail/CVE-2023-39318), [CVE-2023-39319](https://nvd.nist.gov/vuln/detail/CVE-2023-39319), [CVE-2023-39320](https://nvd.nist.gov/vuln/detail/CVE-2023-39320), [CVE-2023-39321](https://nvd.nist.gov/vuln/detail/CVE-2023-39321), [CVE-2023-39322](https://nvd.nist.gov/vuln/detail/CVE-2023-39322))<br> - binutils ([CVE-2022-38533](https://nvd.nist.gov/vuln/detail/CVE-2022-38533), [CVE-2022-4285](https://nvd.nist.gov/vuln/detail/CVE-2022-4285), [CVE-2023-1579](https://nvd.nist.gov/vuln/detail/CVE-2023-1579))<br> - c-ares ([CVE-2023-31124](https://nvd.nist.gov/vuln/detail/CVE-2023-31124), [CVE-2023-31130](https://nvd.nist.gov/vuln/detail/CVE-2023-31130), [CVE-2023-31147](https://nvd.nist.gov/vuln/detail/CVE-2023-31147), [CVE-2023-32067](https://nvd.nist.gov/vuln/detail/CVE-2023-32067))<br> - curl ([CVE-2023-28319](https://nvd.nist.gov/vuln/detail/CVE-2023-28319), [CVE-2023-28320](https://nvd.nist.gov/vuln/detail/CVE-2023-28320), [CVE-2023-28321](https://nvd.nist.gov/vuln/detail/CVE-2023-28321), [CVE-2023-28322](https://nvd.nist.gov/vuln/detail/CVE-2023-28322))<br> - git ([CVE-2023-25652](https://nvd.nist.gov/vuln/detail/CVE-2023-25652), [CVE-2023-25815](https://nvd.nist.gov/vuln/detail/CVE-2023-25815), [CVE-2023-29007](https://nvd.nist.gov/vuln/detail/CVE-2023-29007))<br> - grub ([CVE-2020-10713](https://nvd.nist.gov/vuln/detail/CVE-2020-10713), [CVE-2020-14372](https://nvd.nist.gov/vuln/detail/CVE-2020-14372), [CVE-2020-25632](https://nvd.nist.gov/vuln/detail/CVE-2020-25632), [CVE-2020-25647](https://nvd.nist.gov/vuln/detail/CVE-2020-25647), [CVE-2020-27749](https://nvd.nist.gov/vuln/detail/CVE-2020-27749), [CVE-2020-27779](https://nvd.nist.gov/vuln/detail/CVE-2020-27779), [CVE-2021-20225](https://nvd.nist.gov/vuln/detail/CVE-2021-20225), [CVE-2021-20233](https://nvd.nist.gov/vuln/detail/CVE-2021-20233), [CVE-2021-3981](https://nvd.nist.gov/vuln/detail/CVE-2021-3981), [CVE-2021-3695](https://nvd.nist.gov/vuln/detail/CVE-2021-3695), [CVE-2021-3696](https://nvd.nist.gov/vuln/detail/CVE-2021-3696), [CVE-2021-3697](https://nvd.nist.gov/vuln/detail/CVE-2021-3697), [CVE-2022-28733](https://nvd.nist.gov/vuln/detail/CVE-2022-28733), [CVE-2022-28734](https://nvd.nist.gov/vuln/detail/CVE-2022-28734), [CVE-2022-28735](https://nvd.nist.gov/vuln/detail/CVE-2022-28735), [CVE-2022-28736](https://nvd.nist.gov/vuln/detail/CVE-2022-28736), [CVE-2022-28737](https://nvd.nist.gov/vuln/detail/CVE-2022-28737), [CVE-2022-2601](https://nvd.nist.gov/vuln/detail/CVE-2022-2601), [CVE-2022-3775](https://nvd.nist.gov/vuln/detail/CVE-2022-3775))<br> - intel-microcode ([CVE-2022-40982](https://nvd.nist.gov/vuln/detail/CVE-2022-40982), [CVE-2022-41804](https://nvd.nist.gov/vuln/detail/CVE-2022-41804), [CVE-2023-23908](https://nvd.nist.gov/vuln/detail/CVE-2023-23908))<br> - libarchive ([libarchive-20230729](https://github.com/libarchive/libarchive/releases/tag/v3.7.1))<br> - libcap ([CVE-2023-2602](https://nvd.nist.gov/vuln/detail/CVE-2023-2602), [CVE-2023-2603](https://nvd.nist.gov/vuln/detail/CVE-2023-2603))<br> - libmicrohttpd ([CVE-2023-27371](https://nvd.nist.gov/vuln/detail/CVE-2023-27371))<br> - libxml2 ([libxml2-20230428](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.4))<br> - ncurses ([CVE-2023-29491](https://nvd.nist.gov/vuln/detail/CVE-2023-29491))<br> - nvidia-drivers ([CVE-2023-25515](https://nvd.nist.gov/vuln/detail/CVE-2023-25515), [CVE-2023-25516](https://nvd.nist.gov/vuln/detail/CVE-2023-25516))<br> - openldap ([CVE-2023-2953](https://nvd.nist.gov/vuln/detail/CVE-2023-2953))<br> - OpenSSL ([CVE-2023-2650](https://nvd.nist.gov/vuln/detail/CVE-2023-2650), [CVE-2023-2975](https://nvd.nist.gov/vuln/detail/CVE-2023-2975), [CVE-2023-3446](https://nvd.nist.gov/vuln/detail/CVE-2023-3446))<br> - protobuf ([CVE-2022-1941](https://nvd.nist.gov/vuln/detail/CVE-2022-1941))<br> - shadow ([CVE-2023-29383](https://nvd.nist.gov/vuln/detail/CVE-2023-29383))<br> - sudo ([CVE-2023-27320](https://nvd.nist.gov/vuln/detail/CVE-2023-27320), [CVE-2023-28486](https://nvd.nist.gov/vuln/detail/CVE-2023-28486), [CVE-2023-28487](https://nvd.nist.gov/vuln/detail/CVE-2023-28487))<br> - torcx ([CVE-2022-28948](https://nvd.nist.gov/vuln/detail/CVE-2022-28948))<br> - vim ([CVE-2023-2609](https://nvd.nist.gov/vuln/detail/CVE-2023-2609), [CVE-2023-2610](https://nvd.nist.gov/vuln/detail/CVE-2023-2610), [CVE-2023-2426](https://nvd.nist.gov/vuln/detail/CVE-2023-2426))<br> - SDK: Python ([CVE-2023-40217](https://nvd.nist.gov/vuln/detail/CVE-2023-40217), [CVE-2023-41105](https://nvd.nist.gov/vuln/detail/CVE-2023-41105))<br> - SDK: qemu ([CVE-2023-0330](https://nvd.nist.gov/vuln/detail/CVE-2023-0330), [CVE-2023-2861](https://nvd.nist.gov/vuln/detail/CVE-2023-2861))<br> - SDK: Rust ([CVE-2023-38497](https://nvd.nist.gov/vuln/detail/CVE-2023-38497))<br> - VMware: open-vm-tools ([CVE-2023-20867](https://nvd.nist.gov/vuln/detail/CVE-2023-20867), [CVE-2023-20900](https://nvd.nist.gov/vuln/detail/CVE-2023-20900))<br> <br> #### Bug fixes:<br> <br> - Fix the RemainAfterExit clause in nvidia.service ([Flatcar#1169](https://github.com/flatcar/Flatcar/issues/1169))<br> - Fixed bug in handling renamed network interfaces when generating login issue ([init#102](https://github.com/flatcar/init/pull/102))<br> - Triggered re-reading of partition table to fix adding partitions to the boot disk ([scripts#1202](https://github.com/flatcar/scripts/pull/1202))<br> <br> #### Changes:<br> <br> - :warning: Dropped support for niftycloud and interoute. For interoute we haven't been generating the images for some time already. ([scripts#971](https://github.com/flatcar/scripts/pull/971)) :warning:<br> - Added TLS Kernel module ([scripts#865](https://github.com/flatcar/scripts/pull/865))<br> - Added support for multipart MIME userdata in coreos-cloudinit. Ignition now detects multipart userdata and delegates execution to coreos-cloudinit. ([scripts#873](https://github.com/flatcar/scripts/pull/873))<br> - Azure and QEMU OEM images now use systemd-sysext images for layering additional platform-specific software on top of `/usr`. For Azure images this also means that the image has a normal Python installation available through the sysext image. The OEM software is still not updated but this will be added soon.<br> - Change nvidia.service to type oneshot (from the default "simple") so the subsequent services (configured with "Requires/After") are executed after the driver installation is successfully finished ([flatcar/Flatcar#1136](https://github.com/flatcar/Flatcar/issues/1136))<br> - Enabled the virtio GPU driver ([scripts#830](https://github.com/flatcar/scripts/pull/830))<br> - Migrate to Type=notify in containerd.service. Changed the unit to Type=notify, utilizing the existing containerd support for sd_notify call after socket setup.<br> - Migrated the NVIDIA installer from the Azure/AWS OEM partition to `/usr` to make it available on all platforms ([scripts#932](https://github.com/flatcar/scripts/pull/932/), [Flatcar#1077](https://github.com/flatcar/Flatcar/issues/1077))<br> - Moved a mountpoint of the OEM partition from `/usr/share/oem` to `/oem`. `/usr/share/oem` became a symlink to `/oem` for backward compatibility. Despite the move, the initrd images providing files through `/usr/share/oem` should keep using `/usr/share/oem`. The move was done to enable activating the OEM sysext images that are placed in the OEM partition.<br> - OEM vendor tools are now A/B updated if they are shipped as systemd-sysext images, the migration happens when both partitions require a systemd-sysext OEM image - note that this will delete the `nvidia.service` from `/etc` on Azure because it's now part of `/usr` ([Flatcar#60](https://github.com/flatcar/Flatcar/issues/60))<br> - Updated locksmith to use non-deprecated resource control options in the systemd unit ([Locksmith#20](https://github.com/flatcar/locksmith/pull/20))<br> - Use qcow2 compressed format instead of additional compression layer in Qemu images ([Flatcar#1135](https://github.com/flatcar/Flatcar/issues/1135), [scripts#1132](https://github.com/flatcar/scripts/pull/1132))<br> <br> #### Updates:<br> <br> - Linux ([6.1.55](https://lwn.net/Articles/945379) (includes [6.1.54](https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tag/?h=v6.1.54), [6.1.53](https://lwn.net/Articles/944358),[6.1.52](https://lwn.net/Articles/943754), [6.1.51](https://lwn.net/Articles/943403), [6.1.50](https://lwn.net/Articles/943112), [6.1.49](https://lwn.net/Articles/942880), [6.1.48](https://lwn.net/Articles/942865), [6.1.47](https://lwn.net/Articles/942531), [6.1.46](https://lwn.net/Articles/941774), [6.1.45](https://lwn.net/Articles/941273), [6.1.44](https://lwn.net/Articles/940800), [6.1.43](https://lwn.net/Articles/940338), [6.1.42](https://lwn.net/Articles/939423), [6.1.41](https://lwn.net/Articles/939103), [6.1.40](https://lwn.net/Articles/939015), [6.1.39](https://lwn.net/Articles/938619), [6.1.38](https://lwn.net/Articles/937403), [6.1.37](https://lwn.net/Articles/937082), [6.1.36](https://lwn.net/Articles/936674), [6.1.35](https://lwn.net/Articles/935588), [6.1.34](https://lwn.net/Articles/934623), [6.1.33](https://lwn.net/Articles/934319), [6.1.32](https://lwn.net/Articles/933908), [6.1.31](https://lwn.net/Articles/933281), [6.1.30](https://lwn.net/Articles/932882), [6.1.29](https://lwn.net/Articles/932133), [6.1.28](https://lwn.net/Articles/931651), [6.1.27](https://lwn.net/Articles/930597/), [6.1](https://kernelnewbies.org/Linux_6.1)))<br> - Linux Firmware ([20230804](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20230804) (includes [20230625](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20230625), [20230515](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20230515)))<br> - Go ([1.20.8](https://go.dev/doc/devel/release#go1.20.8) (includes [1.20.7](https://go.dev/doc/devel/release#go1.20.7), [1.20.6](https://go.dev/doc/devel/release#go1.20.6), [1.20.5](https://go.dev/doc/devel/release#go1.20.5), [1.20.4](https://go.dev/doc/devel/release#go1.20.4), [1.19.13](https://go.dev/doc/devel/release#go1.19.13), [1.19.12](https://go.dev/doc/devel/release#go1.19.12), [1.19.11](https://go.dev/doc/devel/release#go1.19.11), [1.19.10](https://go.dev/doc/devel/release#go1.19.10)))<br> - bind tools ([9.16.41](https://bind9.readthedocs.io/en/v9.16.41/notes.html#notes-for-bind-9-16-41))<br> - binutils ([2.40](https://lists.gnu.org/archive/html/info-gnu/2023-01/msg00003.html))<br> - bpftool ([6.3](https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/log/tools/bpf/bpftool?h=v6.3))<br> - c-ares ([1.19.1](https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1))<br> - cJSON ([1.7.16](https://github.com/DaveGamble/cJSON/releases/tag/v1.7.16))<br> - cifs-utils ([7.0](https://lists.samba.org/archive/samba-technical/2022-August/137528.html))<br> - containerd ([1.7.6](https://github.com/containerd/containerd/releases/tag/v1.7.6) (includes [1.7.5](https://github.com/containerd/containerd/releases/tag/v1.7.5),[1.7.4](https://github.com/containerd/containerd/releases/tag/v1.7.4), [1.7.3](https://github.com/containerd/containerd/releases/tag/v1.7.3), [1.7.2](https://github.com/containerd/containerd/releases/tag/v1.7.2)))<br> - coreutils ([9.3](https://lists.gnu.org/archive/html/info-gnu/2023-04/msg00006.html) (includes [9.1](https://git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?h=v9.1)))<br> - cryptsetup ([2.6.1](https://gitlab.com/cryptsetup/cryptsetup/-/blob/v2.6.1/docs/v2.6.1-ReleaseNotes) (includes [2.6.0](https://gitlab.com/cryptsetup/cryptsetup/-/blob/v2.6.0/docs/v2.6.0-ReleaseNotes) and [2.5.0](https://gitlab.com/cryptsetup/cryptsetup/-/blob/v2.5.0/docs/v2.5.0-ReleaseNotes)))<br> - curl ([8.2.1](https://curl.se/changes.html#8_2_1) (includes [8.2.0](https://curl.se/changes.html#8_2_0), [8.1.2](https://curl.se/changes.html#8_1_2), [8.1.0](https://curl.se/changes.html#8_1_0)))<br> - debianutils ([5.7](https://metadata.ftp-master.debian.org/changelogs//main/d/debianutils/debianutils_5.7-0.4_changelog))<br> - diffutils ([3.10](https://lists.gnu.org/archive/html/info-gnu/2023-05/msg00009.html))<br> - elfutils ([0.189](https://sourceware.org/pipermail/elfutils-devel/2023q1/006023.html))<br> - ethtool ([6.4](https://git.kernel.org/pub/scm/network/ethtool/ethtool.git/tree/NEWS?h=v6.4) (includes [6.3](https://git.kernel.org/pub/scm/network/ethtool/ethtool.git/commit/?id=7bdf78f0d2a9ae1571fe9444e552490130e573fd), [6.2](https://git.kernel.org/pub/scm/network/ethtool/ethtool.git/tree/NEWS?h=v6.2)))<br> - gawk ([5.2.2](https://lists.gnu.org/archive/html/info-gnu/2023-05/msg00008.html))<br> - gdb ([13.2](https://lists.gnu.org/archive/html/info-gnu/2023-05/msg00011.html))<br> - gdbm ([1.23](https://lists.gnu.org/archive/html/info-gnu/2022-02/msg00004.html))<br> - git ([2.41.0](https://lore.kernel.org/git/xmqqleh3a3wm.fsf@gitster.g/) (includes [2.39.3](https://github.com/git/git/blob/v2.39.3/Documentation/RelNotes/2.39.3.txt)))<br> - glib ([2.76.4](https://gitlab.gnome.org/GNOME/glib/-/releases/2.76.4) (includes [2.76.3](https://gitlab.gnome.org/GNOME/glib/-/releases/2.76.3), [2.76.2](https://gitlab.gnome.org/GNOME/glib/-/releases/2.76.2)))<br> - glibc ([2.37](https://sourceware.org/git/?p=glibc.git;a=tag;h=refs/tags/glibc-2.37))<br> - gmp ([6.3.0](https://gmplib.org/gmp6.3))<br> - gptfdisk ([1.0.9](https://sourceforge.net/p/gptfdisk/code/ci/1d46f3723bc25f5598266f7d9a3548af3cee0c77/tree/NEWS))<br> - grep ([3.11](https://lists.gnu.org/archive/html/info-gnu/2023-05/msg00004.html) (includes [3.8](http://savannah.gnu.org/forum/forum.php?forum_id=10227)))<br> - grub ([2.06](https://lists.gnu.org/archive/html/grub-devel/2021-06/msg00022.html))<br> - hwdata ([0.373](https://github.com/vcrhonek/hwdata/commits/v0.373) (includes [0.372](https://github.com/vcrhonek/hwdata/commits/v0.372), [0.371](https://github.com/vcrhonek/hwdata/commits/v0.371), [0.367](https://github.com/vcrhonek/hwdata/releases/tag/v0.367)))<br> - inih ([57](https://github.com/benhoyt/inih/releases/tag/r57) (includes [56](https://github.com/benhoyt/inih/releases/tag/r56)))<br> - intel-microcode ([20230808](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230808) (includes [20230613](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230613), [20230512](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230512)))<br> - iperf ([3.14](https://github.com/esnet/iperf/blob/master/RELNOTES.md#iperf-314-2023-07-07))<br> - iproute2 ([6.4.0](https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/log/?h=v6.4.0) (includes [6.3.0](https://lwn.net/Articles/930473/), [6.2](https://lwn.net/Articles/923952/)))<br> - ipset ([7.17](https://git.netfilter.org/ipset/tree/ChangeLog?id=186f9b57c60bb53aae5f6633eff1e9d5e9095c3e))<br> - kbd ([2.6.1](https://github.com/legionus/kbd/releases/tag/v2.6.1) (includes [2.6.0](https://github.com/legionus/kbd/releases/tag/v2.6.0), [2.5.1](https://github.com/legionus/kbd/releases/tag/v2.5.1)))<br> - kmod ([30](https://lwn.net/Articles/899526/))<br> - ldb ([2.4.4](https://gitlab.com/samba-team/samba/-/commit/b686ef00da46d4a0c0aba0c61b1866cbc9b462b6) (includes [2.4.3](https://gitlab.com/samba-team/samba/-/commit/604f94704f30e90ef960aa2be62a14d2e614a002), [2.4.2](https://gitlab.com/samba-team/samba/-/commit/d93892d2e8ed69758c15ab18bc03bba09e715bc6)))<br> - less ([633](http://www.greenwoodsoftware.com/less/news.633.html) (includes [632](http://www.greenwoodsoftware.com/less/news.632.html)))<br> - libarchive ([3.7.1](https://github.com/libarchive/libarchive/releases/tag/v3.7.1) (includes [3.7.0](https://github.com/libarchive/libarchive/releases/tag/v3.7.0)))<br> - libassuan ([2.5.6](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libassuan.git;a=blob;f=NEWS;h=e52bb5dd36ac93ea227e53e89f82af9ccf38f339;hb=6b50ee6bcdd6aa81bd7cc3fb2379864c3ed479b8))<br> - libbsd ([0.11.7](https://lists.freedesktop.org/archives/libbsd/2022-October/000337.html))<br> - libcap ([2.69](https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.iuvg7sbjg8pe))<br> - libgcrypt ([1.10.1](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=blob;f=NEWS;h=03132c2a115e35783a782c64777cf5f5b1a2825f;hb=ae0e567820c37f9640440b3cff77d7c185aa6742))<br> - libgpg-error ([1.47](https://dev.gnupg.org/T6231) (includes [1.46](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgpg-error.git;a=blob;f=NEWS;h=14b0ba97d6ba2b10b3178f2e4a3e24bfc2355bb3;hb=ea031873aa9642831017937fd33e9009d514ee07)))<br> - libksba ([1.6.4](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=blob;f=NEWS;h=f640523209c1c9ce9855040e53914a79d24d6a67;hb=557999424ebd13e70d6fc17e648a5dd2a06f440b))<br> - libmd ([1.1.0](https://git.hadrons.org/cgit/libmd.git/log/?h=1.1.0))<br> - libmicrohttpd ([0.9.77](https://gitlab.com/libmicrohttpd/libmicrohttpd/-/releases/v0.9.77) (includes [0.9.76](https://lists.gnu.org/archive/html/libmicrohttpd/2023-02/msg00000.html)))<br> - libnftnl ([1.2.6](https://git.netfilter.org/libnftnl/log/?h=libnftnl-1.2.6) (includes [1.2.5](https://git.netfilter.org/libnftnl/log/?h=libnftnl-1.2.5)))<br> - libnvme ([1.5](https://github.com/linux-nvme/libnvme/releases/tag/v1.5))<br> - libpcap ([1.10.4](https://github.com/the-tcpdump-group/libpcap/blob/24832dd2728bd95ed9b9464ef27b47a943c38003/CHANGES#L51))<br> - libpcre (8.45)<br> - libpipeline ([1.5.7](https://gitlab.com/libpipeline/libpipeline/-/tags/1.5.7))<br> - libusb ([1.0.26](https://github.com/libusb/libusb/blob/v1.0.26/ChangeLog))<br> - libuv ([1.46.0](https://github.com/libuv/libuv/releases/tag/v1.46.0) (includes [1.45.0](https://github.com/libuv/libuv/releases/tag/v1.45.0)))<br> - libxml2 ([2.11.4](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.4))<br> - libxslt ([1.1.38](https://gitlab.gnome.org/GNOME/libxslt/-/releases/v1.1.38))<br> - lsof ([4.98.0](https://github.com/lsof-org/lsof/blob/4.98.0/00DIST#L5471))<br> - lua ([5.4.4](https://www.lua.org/manual/5.4/readme.html#changes))<br> - multipath-tools ([0.9.5](https://github.com/opensvc/multipath-tools/commits/0.9.5))<br> - ncurses ([6.4](https://invisible-island.net/ncurses/announce.html#h2-release-notes))<br> - nettle ([3.9.1](https://git.lysator.liu.se/nettle/nettle/-/blob/nettle_3.9.1_release_20230601/ChangeLog))<br> - nmap ([7.94](https://nmap.org/changelog.html#7.94))<br> - nvidia-drivers ([535.104.05](https://docs.nvidia.com/datacenter/tesla/tesla-release-notes-535-104-05/index.html))<br> - nvme-cli ([2.5](https://github.com/linux-nvme/nvme-cli/releases/tag/v2.5) (includes [2.3](https://github.com/linux-nvme/nvme-cli/releases/tag/v2.3)))<br> - open-isns ([0.102](https://github.com/open-iscsi/open-isns/blob/v0.102/ChangeLog))<br> - openldap ([2.6.4](https://git.openldap.org/openldap/openldap/-/blob/OPENLDAP_REL_ENG_2_6_4/CHANGES) (includes [2.6.3](https://lists.openldap.org/hyperkitty/list/openldap-announce@openldap.org/thread/FQJM2JSSSOMLQH7XC7Q5IZJYOGCTV2LK/), [2.6](https://lists.openldap.org/hyperkitty/list/openldap-announce@openldap.org/thread/IHS5V46H6NFNFUERMC6AWMPHTWRVNLFA/), [2.5.14](https://lists.openldap.org/hyperkitty/list/openldap-announce@openldap.org/thread/TZQHR4SIWUA5BZTKDAKSFDOOGDVU4TU7/), [2.5](https://lists.openldap.org/hyperkitty/list/openldap-announce@openldap.org/thread/BH3VDPG6IYYF5L5U6LZGHHKMJY5HFA3L/)))<br> - OpenSSL ([3.0.9](https://github.com/openssl/openssl/blob/openssl-3.0.9/NEWS.md#major-changes-between-openssl-308-and-openssl-309-30-may-2023))<br> - parted ([3.6](https://git.savannah.gnu.org/gitweb/?p=parted.git;a=blob;f=NEWS;h=52bb11697039f70e55120c571750f9ee761a75aa;hb=3b5f327b213d21e9adb9ba933c78dd898fee5b1d))<br> - pax-utils ([1.3.7](https://gitweb.gentoo.org/proj/pax-utils.git/log/?h=v1.3.7))<br> - pciutils ([3.10.0](https://github.com/pciutils/pciutils/blob/v3.10.0/ChangeLog) (includes [3.9.0](https://github.com/pciutils/pciutils/releases/tag/v3.9.0)))<br> - popt ([1.19](https://github.com/rpm-software-management/popt/releases/tag/popt-1.19-release))<br> - protobuf ([21.9](https://github.com/protocolbuffers/protobuf/releases/tag/v21.9))<br> - psmisc ([23.6](https://gitlab.com/psmisc/psmisc/-/blob/v23.6/ChangeLog))<br> - qemu guest agent ([8.0.3](https://wiki.qemu.org/ChangeLog/8.0#Guest_agent) (includes [8.0.0](https://wiki.qemu.org/ChangeLog/8.0#Guest_agent)))<br> - quota ([4.09](https://sourceforge.net/p/linuxquota/code/ci/87d2fd7635e4bca54fa2a00b8d5b073ba9ca521b/tree/Changelog))<br> - runc ([1.1.9](https://github.com/opencontainers/runc/releases/tag/v1.1.9) (includes [1.1.8](https://github.com/opencontainers/runc/releases/tag/v1.1.8)))<br> - sed ([4.9](https://lists.gnu.org/archive/html/info-gnu/2022-11/msg00001.html))<br> - smartmontools ([7.3](https://github.com/smartmontools/smartmontools/releases/tag/RELEASE_7_3))<br> - sqlite ([3.42.0](https://sqlite.org/releaselog/3_42_0.html))<br> - strace ([6.3](https://github.com/strace/strace/releases/tag/v6.3) (includes [6.2](https://github.com/strace/strace/releases/tag/v6.2)))<br> - sudo ([1.9.13p3](https://www.sudo.ws/releases/stable/#1.9.13p3))<br> - talloc ([2.4.0](https://gitlab.com/samba-team/samba/-/commit/5224ed98eeba43f22b5f5f87de5947fbb1c1c7c1) (includes [2.3.4](https://gitlab.com/samba-team/samba/-/commit/0189ccf9fc3d2a77cc83cffe180e307bcdccebb4)))<br> - tar ([1.35](https://lists.gnu.org/archive/html/info-gnu/2023-07/msg00005.html))<br> - tdb ([1.4.8](https://gitlab.com/samba-team/samba/-/commit/eab796a4f9172e602dc262f3c99ead35b35929e7) (includes [1.4.7](https://gitlab.com/samba-team/samba/-/commit/27ceb1c3ad786386e746a5e2968780d791393b9e), [1.4.6](https://gitlab.com/samba-team/samba/-/commit/1c776e54cf33b46b2ed73263f093d596a0cdbb2f)))<br> - tevent ([0.14.1](https://gitlab.com/samba-team/samba/-/commit/d80f28b081e515e32a480daf80b42cf782447a9c) (includes [0.14.0](https://gitlab.com/samba-team/samba/-/commit/3c6d28ebae27dba8e40558ae37ae8138ea0b4bdc), [0.13.0](https://gitlab.com/samba-team/samba/-/commit/63d4db63feda920c8020f8484a8b31065b7f1380), [0.12.1](https://gitlab.com/samba-team/samba/-/commit/53692735c733d01acbd953641f831a1f5e0cf6c5), 0.12.0))<br> - usbutils ([015](https://github.com/gregkh/usbutils/blob/79b796f945ea7d5c2b0e2a74f9b8819cb7948680/NEWS))<br> - userspace-rcu ([0.14.0](https://github.com/urcu/userspace-rcu/blob/v0.13.2/ChangeLog))<br> - util-linux ([2.38.1](https://github.com/util-linux/util-linux/releases/tag/v2.38.1))<br> - vim ([9.0.1678](https://github.com/vim/vim/commits/v9.0.1678) includes ([9.0.1677](https://github.com/vim/vim/commits/v9.0.1677), [9.0.1503](https://github.com/vim/vim/commits/v9.0.1503)))<br> - wget ([1.21.4](https://lists.gnu.org/archive/html/info-gnu/2023-05/msg00003.html))<br> - whois ([5.5.17](https://github.com/rfc1036/whois/commit/bac7108b01cfd54c517444efa1239e10e6edd5a4))<br> - xfsprogs ([6.4.0](https://git.kernel.org/pub/scm/fs/xfs/xfsprogs-dev.git/tree/doc/CHANGES?h=v6.4.0) (includes ([6.3.0](https://git.kernel.org/pub/scm/fs/xfs/xfsprogs-dev.git/tree/doc/CHANGES?h=v6.3.0)))<br> - XZ utils ([5.4.3](https://git.tukaani.org/?p=xz.git;a=blob;f=NEWS;h=2f4d35adca6198671434d2988803cc9316ad1ec8;hb=dbb3a536ed9873ffa0870321f6873e564c6a9da8))<br> - zstandard ([1.5.5](https://github.com/facebook/zstd/releases/tag/v1.5.5))<br> - AWS: amazon-ssm-agent ([3.2.985.0](https://github.com/aws/amazon-ssm-agent/releases/tag/3.2.985.0))<br> - SDK: file ([5.45](https://github.com/file/file/blob/FILE5_45/ChangeLog))<br> - SDK: gnuconfig ([20230731](https://git.savannah.gnu.org/cgit/config.git/log/?id=d4e37b5868ef910e3e52744c34408084bb13051c))<br> - SDK: kexec-tools ([2.0.24](https://github.com/horms/kexec-tools/releases/tag/v2.0.24))<br> - SDK: man-db ([2.11.2](https://gitlab.com/man-db/man-db/-/tags/2.11.2))<br> - SDK: man-pages ([6.03](https://lore.kernel.org/lkml/d56662b2-538c-7252-9052-8afbf325f843@gmail.com/T/))<br> - SDK: pahole ([1.25](https://github.com/acmel/dwarves/blob/master/changes-v1.25))<br> - SDK: perf ([6.3](https://kernelnewbies.org/LinuxChanges#Linux_6.3.Tracing.2C_perf_and_BPF))<br> - SDK: perl ([5.36.1](https://perldoc.perl.org/perl5361delta))<br> - SDK: portage ([3.0.49](https://gitweb.gentoo.org/proj/portage.git/tree/NEWS?h=portage-3.0.49) (includes [3.0.46](https://gitweb.gentoo.org/proj/portage.git/tree/NEWS?h=portage-3.0.46)))<br> - SDK: python ([3.11.5](https://www.python.org/downloads/release/python-3115/) (includes [3.11.3](https://www.python.org/downloads/release/python-3113/), [3.10.12](https://www.python.org/downloads/release/python-31012/), [3.10.11](https://www.python.org/downloads/release/python-31011/)))<br> - SDK: qemu ([8.0.4](https://wiki.qemu.org/ChangeLog/8.0) (includes [8.0.3](https://wiki.qemu.org/ChangeLog/8.0), [7.2.3](https://wiki.qemu.org/ChangeLog/7.2)))<br> - SDK: Rust ([1.72.0](https://github.com/rust-lang/rust/releases/tag/1.72.0) (includes ([1.71.1](https://github.com/rust-lang/rust/releases/tag/1.71.1), [1.71.0](https://github.com/rust-lang/rust/releases/tag/1.71.0), [1.70.0](https://github.com/rust-lang/rust/releases/tag/1.70.0)))<br> - VMware: open-vm-tools ([12.3.0](https://github.com/vmware/open-vm-tools/releases/tag/stable-12.3.0) (includes [12.2.5](https://github.com/vmware/open-vm-tools/releases/tag/stable-12.2.5)))<br>Packages:<br>- containerd 1.7.6<br>- docker 20.10.24<br>- ignition 2.15.0<br>- kernel 6.1.55<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-10-05T10:00:33+00:00 @@ -30,7 +38,7 @@ https://github.com/flatcar/scripts/releases/tag/beta-3602.1.6 3602.1.6 - 2023-10-25T10:20:36.132822+00:00 + 2023-11-22T09:59:25.854043+00:00 _Changes since **Beta 3602.1.5**_<br> <br> #### Changes:<br> <br> - Azure: Add support for Microsoft Azure Network Adapter (MANA) NICs on Azure ([scripts#1131](https://github.com/flatcar/scripts/pull/1131))<br> <br> #### Updates:<br> <br> - Linux ([5.15.132](https://lwn.net/Articles/944877) (includes [5.15.131](https://lwn.net/Articles/943755), [5.15.130](https://lwn.net/Articles/943404)))<br> - ca-certificates ([3.93](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_93.html))<br>Packages:<br>- containerd 1.6.21<br>- docker 20.10.24<br>- ignition 2.15.0<br>- kernel 5.15.132<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-09-21T11:36:01+00:00 @@ -38,7 +46,7 @@ https://github.com/flatcar/scripts/releases/tag/beta-3602.1.5 3602.1.5 - 2023-10-25T10:20:36.128215+00:00 + 2023-11-22T09:59:25.849380+00:00 _Changes since **Beta 3602.1.4**_<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2022-40982](https://nvd.nist.gov/vuln/detail/CVE-2022-40982), [CVE-2022-41804](https://nvd.nist.gov/vuln/detail/CVE-2022-41804), [CVE-2023-20569](https://nvd.nist.gov/vuln/detail/CVE-2023-20569), [CVE-2023-20588](https://nvd.nist.gov/vuln/detail/CVE-2023-20588), [CVE-2023-40283](https://nvd.nist.gov/vuln/detail/CVE-2023-40283), [CVE-2023-4128](https://nvd.nist.gov/vuln/detail/CVE-2023-4128), [CVE-2023-23908](https://nvd.nist.gov/vuln/detail/CVE-2023-23908))<br> <br> #### Bug fixes:<br> <br> - Fixed the restart of Systemd services when the main process is being killed by a SIGHUP signal ([flatcar#1157](https://github.com/flatcar/Flatcar/issues/1157))<br> <br> #### Updates:<br> <br> - Linux ([5.15.129](https://lwn.net/Articles/943113) (includes [5.15.128](https://lwn.net/Articles/942866), [5.15.127](https://lwn.net/Articles/941775), [5.15.126](https://lwn.net/Articles/941296), [5.15.125](https://lwn.net/Articles/940801)))<br>Packages:<br>- containerd 1.6.21<br>- docker 20.10.24<br>- ignition 2.15.0<br>- kernel 5.15.129<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-09-06T13:18:11+00:00 @@ -46,7 +54,7 @@ https://github.com/flatcar/scripts/releases/tag/beta-3602.1.4 3602.1.4 - 2023-10-25T10:20:36.123272+00:00 + 2023-11-22T09:59:25.844426+00:00 _Changes since **Beta 3602.1.3**_<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2022-48502](https://nvd.nist.gov/vuln/detail/CVE-2022-48502), [CVE-2023-20593](https://nvd.nist.gov/vuln/detail/CVE-2023-20593), [CVE-2023-2898](https://nvd.nist.gov/vuln/detail/CVE-2023-2898), [CVE-2023-31248](https://nvd.nist.gov/vuln/detail/CVE-2023-31248), [CVE-2023-35001](https://nvd.nist.gov/vuln/detail/CVE-2023-35001), [CVE-2023-3611](https://nvd.nist.gov/vuln/detail/CVE-2023-3611), [CVE-2023-3776](https://nvd.nist.gov/vuln/detail/CVE-2023-3776), [CVE-2023-38432](https://nvd.nist.gov/vuln/detail/CVE-2023-38432), [CVE-2023-3863](https://nvd.nist.gov/vuln/detail/CVE-2023-3863))<br> - OpenSSH ([CVE-2023-38408](https://nvd.nist.gov/vuln/detail/CVE-2023-38408))<br> - linux-firmware ([CVE-2023-20593](https://nvd.nist.gov/vuln/detail/CVE-2023-20593))<br><br> #### Updates:<br> <br> - Linux ([5.15.124](https://lwn.net/Articles/940339) (includes [5.15.123](https://lwn.net/Articles/939424), [5.15.122](https://lwn.net/Articles/939104), [5.15.121](https://lwn.net/Articles/939016)))<br> - ca-certificates ([3.92](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_92.html))<br> - linux-firmware ([20230625](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20230625))<br><br>Packages:<br>- containerd 1.6.21<br>- docker 20.10.24<br>- ignition 2.15.0<br>- kernel 5.15.124<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-08-09T11:43:20+00:00 @@ -54,7 +62,7 @@ https://github.com/flatcar/scripts/releases/tag/beta-3602.1.3 3602.1.3 - 2023-10-25T10:20:36.118196+00:00 + 2023-11-22T09:59:25.839340+00:00 _Changes since **Beta 3602.1.2**_<br><br> #### Updates:<br> <br> - Linux ([5.15.120](https://lwn.net/Articles/937404))<br>Packages:<br>- containerd 1.6.21<br>- docker 20.10.24<br>- ignition 2.15.0<br>- kernel 5.15.120<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-07-18T08:59:31+00:00 @@ -62,7 +70,7 @@ https://github.com/flatcar/scripts/releases/tag/beta-3602.1.2 3602.1.2 - 2023-10-25T10:20:36.113816+00:00 + 2023-11-22T09:59:25.834967+00:00 _Changes since **Beta 3602.1.1**_<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2023-3338](https://nvd.nist.gov/vuln/detail/CVE-2023-3338), [CVE-2023-3390](https://nvd.nist.gov/vuln/detail/CVE-2023-3390))<br> <br> #### Bug fixes:<br> <br> - Ensured that the folder `/var/log/sssd` is created if it doesn't exist, required for `sssd.service` ([Flatcar#1096](https://github.com/flatcar/Flatcar/issues/1096))<br> - Worked around a bash regression in `flatcar-install` and added error reporting for disk write failures ([Flatcar#1059](https://github.com/flatcar/Flatcar/issues/1059))<br> <br> #### Changes:<br> <br> - Changed ext4 inode size of root partition to 256 bytes. This improves compatibility with applications and is necessary for 2038 readiness ([Flatcar#1082](https://github.com/flatcar/Flatcar/issues/1082))<br> <br> #### Updates:<br> <br> - Linux ([5.15.119](https://lwn.net/Articles/936675) (includes [5.15.118](https://lwn.net/Articles/935584)))<br> - ca-certificates ([3.91](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_91.html))<br>Packages:<br>- containerd 1.6.21<br>- docker 20.10.24<br>- ignition 2.15.0<br>- kernel 5.15.119<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-07-06T12:15:43+00:00 @@ -70,7 +78,7 @@ https://github.com/flatcar/scripts/releases/tag/beta-3602.1.1 3602.1.1 - 2023-10-25T10:20:36.108731+00:00 + 2023-11-22T09:59:25.829843+00:00 _Changes since **Beta 3602.1.0**_<br> <br>#### Bug fixes:<br> <br>- Resolved the conflicting FD usage of libselinux and systemd which caused, e.g., a systemd crash on certain watchdog interaction during shutdown (patch in systemd 252.11)<br> <br>#### Updates:<br> <br>- Linux ([5.15.117](https://lwn.net/Articles/934622) (includes [5.15.116](https://lwn.net/Articles/934320), [5.15.115](https://lwn.net/Articles/933909), [5.15.114](https://lwn.net/Articles/933280)))<br>- ca-certificates ([3.90](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_90.html))<br>- systemd ([252.11](https://github.com/systemd/systemd-stable/releases/tag/v252.11) (from 252.5))<br>Packages:<br>- containerd 1.6.21<br>- docker 20.10.24<br>- ignition 2.15.0<br>- kernel 5.15.117<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-06-21T12:17:56+00:00 @@ -78,7 +86,7 @@ https://github.com/flatcar/scripts/releases/tag/beta-3602.1.0 3602.1.0 - 2023-10-25T10:20:36.103897+00:00 + 2023-11-22T09:59:25.825029+00:00 _Changes since **Beta 3572.1.0**_<br> <br>#### Security fixes:<br> <br> - Linux ([CVE-2022-48425](https://nvd.nist.gov/vuln/detail/CVE-2022-48425))<br> - Go ([CVE-2023-24539](https://nvd.nist.gov/vuln/detail/CVE-2023-24539), [CVE-2023-24540](https://nvd.nist.gov/vuln/detail/CVE-2023-24540), [CVE-2023-29400](https://nvd.nist.gov/vuln/detail/CVE-2023-29400))<br> - OpenSSH ([CVE-2023-28531](https://nvd.nist.gov/vuln/detail/CVE-2023-28531))<br> - OpenSSL ([CVE-2023-0464](https://nvd.nist.gov/vuln/detail/CVE-2023-0464), [CVE-2023-0465](https://nvd.nist.gov/vuln/detail/CVE-2023-0465), [CVE-2023-0466](https://nvd.nist.gov/vuln/detail/CVE-2023-0466), [CVE-2023-1255](https://nvd.nist.gov/vuln/detail/CVE-2023-1255))<br> - bash ([CVE-2022-3715](https://nvd.nist.gov/vuln/detail/CVE-2022-3715))<br> - c-ares ([CVE-2022-4904](https://nvd.nist.gov/vuln/detail/CVE-2022-4904))<br> - curl ([CVE-2023-27533](https://nvd.nist.gov/vuln/detail/CVE-2023-27533), [CVE-2023-27534](https://nvd.nist.gov/vuln/detail/CVE-2023-27534), [CVE-2023-27535](https://nvd.nist.gov/vuln/detail/CVE-2023-27535), [CVE-2023-27536](https://nvd.nist.gov/vuln/detail/CVE-2023-27536), [CVE-2023-27537](https://nvd.nist.gov/vuln/detail/CVE-2023-27537), [CVE-2023-27538](https://nvd.nist.gov/vuln/detail/CVE-2023-27538))<br> - libxml2 ([CVE-2023-28484](https://nvd.nist.gov/vuln/detail/CVE-2023-28484), [CVE-2023-29469](https://nvd.nist.gov/vuln/detail/CVE-2023-29469))<br> <br>#### Bug fixes:<br> <br> - Restored the reboot warning and delay for non-SSH console sessions ([locksmith#21](https://github.com/flatcar/locksmith/pull/21))<br> <br>#### Changes:<br> <br> - Changed coreos-cloudinit to now set the short hostname instead of the FQDN when fetched from the metadata service ([coreos-cloudinit#19](https://github.com/flatcar/coreos-cloudinit/pull/19))<br> <br>#### Updates:<br> <br> - Linux ([5.15.113](https://lwn.net/Articles/932883) (includes [5.15.112](https://lwn.net/Articles/932134)))<br> - Go ([1.19.9](https://go.dev/doc/devel/release#go1.19.9))<br> - OpenSSH ([9.3](http://www.openssh.com/releasenotes.html#9.3))<br> - bash ([5.2](https://lists.gnu.org/archive/html/bash-announce/2022-09/msg00000.html))<br> - bpftool ([6.2.1](https://kernelnewbies.org/LinuxChanges#Linux_6.2.Tracing.2C_perf_and_BPF))<br> - c-ares ([1.19.0](https://c-ares.org/changelog.html#1_19_0))<br> - containerd ([1.6.21](https://github.com/containerd/containerd/releases/tag/v1.6.21))<br> - curl ([8.0.1](https://curl.se/changes.html#8_0_1))<br> - e2fsprogs ([1.47.0](https://e2fsprogs.sourceforge.net/e2fsprogs-release.html##1.47.0))<br> - gdb ([13.1.90](https://lwn.net/Articles/923819/))<br> - GLib ([2.74.6](https://gitlab.gnome.org/GNOME/glib/-/tags/2.74.6))<br> - libarchive ([3.6.2](https://github.com/libarchive/libarchive/releases/tag/v3.6.2))<br> - libxml2 ([2.10.4](https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.4))<br> - multipath-tools ([0.9.4](https://github.com/opensvc/multipath-tools/commits/0.9.4))<br> - pinentry ([1.2.1](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=pinentry.git;a=blob;f=NEWS;h=c080b34e57d01a6ccca9d2996d7096c42b1a3f84;hb=8ab1682e80a2b4185ee9ef66cbb44340245966fc))<br> - readline ([8.2](https://lists.gnu.org/archive/html/info-gnu/2022-09/msg00013.html))<br> - runc ([1.1.7](https://github.com/opencontainers/runc/releases/tag/v1.1.7))<br> - sqlite ([3.41.2](https://sqlite.org/releaselog/3_41_2.html))<br> - XZ utils ([5.4.2](https://github.com/tukaani-project/xz/releases/tag/v5.4.2))<br> - SDK: nano ([7.2](https://git.savannah.gnu.org/cgit/nano.git/tree/NEWS?h=v7.2))<br><br>_Changes since **Alpha 3602.0.0**_<br> <br>#### Security fixes:<br> <br> - Linux ([CVE-2022-48425](https://nvd.nist.gov/vuln/detail/CVE-2022-48425))<br> <br>#### Bug fixes:<br> <br> <br>#### Changes:<br> <br> <br>#### Updates:<br> <br> - Linux ([5.15.113](https://lwn.net/Articles/932883) (includes [5.15.112](https://lwn.net/Articles/932134)))<br><br>Packages:<br>- containerd 1.6.21<br>- docker 20.10.24<br>- ignition 2.15.0<br>- kernel 5.15.113<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-06-01T11:51:22+00:00 @@ -86,7 +94,7 @@ https://github.com/flatcar/scripts/releases/tag/beta-3572.1.0 3572.1.0 - 2023-10-25T10:20:36.097031+00:00 + 2023-11-22T09:59:25.818173+00:00 _Changes since **Beta 3549.1.1**_<br> <br>#### Security fixes:<br> <br>- Linux ([CVE-2023-1380](https://nvd.nist.gov/vuln/detail/CVE-2023-1380), [CVE-2023-2002](https://nvd.nist.gov/vuln/detail/CVE-2023-2002), [CVE-2023-31436](https://nvd.nist.gov/vuln/detail/CVE-2023-31436))<br>- Docker ([CVE-2023-28840](https://nvd.nist.gov/vuln/detail/CVE-2023-28840), [CVE-2023-28841](https://nvd.nist.gov/vuln/detail/CVE-2023-28841), [CVE-2023-28842](https://nvd.nist.gov/vuln/detail/CVE-2023-28842))<br>- Go ([CVE-2023-24534](https://nvd.nist.gov/vuln/detail/CVE-2023-24534), [CVE-2023-24536](https://nvd.nist.gov/vuln/detail/CVE-2023-24536), [CVE-2023-24537](https://nvd.nist.gov/vuln/detail/CVE-2023-24537), [CVE-2023-24538](https://nvd.nist.gov/vuln/detail/CVE-2023-24538))<br>- runc ([CVE-2023-25809](https://nvd.nist.gov/vuln/detail/CVE-2023-25809), [CVE-2023-27561](https://nvd.nist.gov/vuln/detail/CVE-2023-27561), [CVE-2023-28642](https://nvd.nist.gov/vuln/detail/CVE-2023-28642))<br>- tar ([CVE-2022-48303](https://nvd.nist.gov/vuln/detail/CVE-2022-48303))<br>- vim ([CVE-2023-1127](https://nvd.nist.gov/vuln/detail/CVE-2023-1127), [CVE-2023-1175](https://nvd.nist.gov/vuln/detail/CVE-2023-1175), [CVE-2023-1170](https://nvd.nist.gov/vuln/detail/CVE-2023-1170))<br> <br>#### Bug fixes:<br> <br>- Fixed a miscompilation of getfacl causing it to dump core when executed ([scripts#809](https://github.com/flatcar/scripts/pull/809))<br> <br>#### Changes:<br> <br>- Improved the OS reset tool to offer preview, backup and restore ([init#94](https://github.com/flatcar/init/pull/94))<br> <br>#### Updates:<br> <br>- Linux ([5.15.111](https://lwn.net/Articles/931680) (includes [5.15.110](https://lwn.net/Articles/930600), [5.15.109](https://lwn.net/Articles/930263)))<br>- Linux Firmware ([20230404](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20230404))<br>- ca-certificates ([3.89.1](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_89_1.html))<br>- containerd ([1.6.20](https://github.com/containerd/containerd/releases/tag/v1.6.20))<br>- docker ([20.10.24](https://docs.docker.com/engine/release-notes/20.10/#201024))<br>- go ([1.19.8](https://go.dev/doc/devel/release#go1.19.8))<br>- iperf ([3.13](https://github.com/esnet/iperf/blob/3.13/RELNOTES.md))<br>- runc ([1.1.5](https://github.com/opencontainers/runc/releases/tag/v1.1.5))<br>- vim ([9.0.1403](https://github.com/vim/vim/releases/tag/v9.0.1403))<br>- zstandard ([1.5.4](https://github.com/facebook/zstd/releases/tag/v1.5.4))<br>- SDK: pahole ([1.24](https://github.com/acmel/dwarves/releases/tag/v1.24)) <br>- SDK: rust ([1.68.2](https://github.com/rust-lang/rust/releases/tag/1.68.2))<br> <br>_Changes since **Alpha 3572.0.1**_<br> <br>#### Security fixes:<br> <br>- Linux ([CVE-2023-1380](https://nvd.nist.gov/vuln/detail/CVE-2023-1380), [CVE-2023-2002](https://nvd.nist.gov/vuln/detail/CVE-2023-2002), [CVE-2023-31436](https://nvd.nist.gov/vuln/detail/CVE-2023-31436))<br> <br>#### Bug fixes:<br> <br>- Fixed a miscompilation of getfacl causing it to dump core when executed ([scripts#809](https://github.com/flatcar/scripts/pull/809))<br> <br>#### Updates:<br> <br>- Linux ([5.15.111](https://lwn.net/Articles/931680) (includes [5.15.110](https://lwn.net/Articles/930600), [5.15.109](https://lwn.net/Articles/930263)))<br>- ca-certificates ([3.89.1](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_89_1.html))<br><br>Packages:<br>- containerd 1.6.20<br>- docker 20.10.24<br>- ignition 2.15.0<br>- kernel 5.15.111<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-05-16T10:20:20+00:00 @@ -94,7 +102,7 @@ https://github.com/flatcar/scripts/releases/tag/beta-3549.1.1 3549.1.1 - 2023-10-25T10:20:36.090512+00:00 + 2023-11-22T09:59:25.811641+00:00 _Changes since **Beta 3549.1.0**_<br><br>#### Security fixes:<br><br>- nvidia-drivers ([CVE-2022-31607](https://nvd.nist.gov/vuln/detail/CVE-2022-31607), [CVE-2022-31608](https://nvd.nist.gov/vuln/detail/CVE-2022-31608), [CVE-2022-31615](https://nvd.nist.gov/vuln/detail/CVE-2022-31615), [CVE-2022-34665](https://nvd.nist.gov/vuln/detail/CVE-2022-34665), [CVE-2022-34666](https://nvd.nist.gov/vuln/detail/CVE-2022-34666), [CVE-2022-34670](https://nvd.nist.gov/vuln/detail/CVE-2022-34670), [CVE-2022-34673](https://nvd.nist.gov/vuln/detail/CVE-2022-34673), [CVE-2022-34674](https://nvd.nist.gov/vuln/detail/CVE-2022-34674), [CVE-2022-34676](https://nvd.nist.gov/vuln/detail/CVE-2022-34676), [CVE-2022-34677](https://nvd.nist.gov/vuln/detail/CVE-2022-34677), [CVE-2022-34678](https://nvd.nist.gov/vuln/detail/CVE-2022-34678), [CVE-2022-34679](https://nvd.nist.gov/vuln/detail/CVE-2022-34679), [CVE-2022-34680](https://nvd.nist.gov/vuln/detail/CVE-2022-34680), [CVE-2022-34682](https://nvd.nist.gov/vuln/detail/CVE-2022-34682), [CVE-2022-34684](https://nvd.nist.gov/vuln/detail/CVE-2022-34684), [CVE-2022-42254](https://nvd.nist.gov/vuln/detail/CVE-2022-42254), [CVE-2022-42255](https://nvd.nist.gov/vuln/detail/CVE-2022-42255), [CVE-2022-42256](https://nvd.nist.gov/vuln/detail/CVE-2022-42256), [CVE-2022-42257](https://nvd.nist.gov/vuln/detail/CVE-2022-42257), [CVE-2022-42258](https://nvd.nist.gov/vuln/detail/CVE-2022-42258), [CVE-2022-42259](https://nvd.nist.gov/vuln/detail/CVE-2022-42259), [CVE-2022-42260](https://nvd.nist.gov/vuln/detail/CVE-2022-42260), [CVE-2022-42261](https://nvd.nist.gov/vuln/detail/CVE-2022-42261), [CVE-2022-42263](https://nvd.nist.gov/vuln/detail/CVE-2022-42263), [CVE-2022-42264](https://nvd.nist.gov/vuln/detail/CVE-2022-42264), [CVE-2022-42265](https://nvd.nist.gov/vuln/detail/CVE-2022-42265))<br><br>#### Bug fixes:<br>- Fixed systemd journal logs persistency on the first boot ([flatcar#1005](https://github.com/flatcar/Flatcar/issues/1005))<br>- Fixed the broken emerge-gitclone in the dev-container owing to the missing migration action around the unification of the Flatcar core repositories<br><br>#### Changes:<br>- The package upgrade for nvidia-drivers might result in not supporting a few of the older NVIDIA Tesla GPUs. If you are facing issues, set `NVIDIA_DRIVER_VERSION=460.106.00` in `/etc/flatcar/nvidia-metadata`<br><br><br>#### Updates:<br><br>- Linux ([5.15.108](https://lwn.net/Articles/929679/) (includes [5.15.107](https://lwn.net/Articles/929015/)))<br>- nvidia-drivers ([525.105.17](https://docs.nvidia.com/datacenter/tesla/tesla-release-notes-525-105-17/index.html))<br><br>Packages:<br>- containerd 1.6.19<br>- docker 20.10.23<br>- ignition 2.15.0<br>- kernel 5.15.108<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-04-25T13:37:33+00:00 @@ -102,7 +110,7 @@ https://github.com/flatcar/scripts/releases/tag/beta-3549.1.0 3549.1.0 - 2023-10-25T10:20:36.084547+00:00 + 2023-11-22T09:59:25.805654+00:00 _Changes since **Beta 3510.1.0**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-4269](https://nvd.nist.gov/vuln/detail/CVE-2022-4269), [CVE-2022-4379](https://nvd.nist.gov/vuln/detail/CVE-2022-4379), [CVE-2023-1076](https://nvd.nist.gov/vuln/detail/CVE-2023-1076), [CVE-2023-1077](https://nvd.nist.gov/vuln/detail/CVE-2023-1077), [CVE-2023-1079](https://nvd.nist.gov/vuln/detail/CVE-2023-1079), [CVE-2023-1118](https://nvd.nist.gov/vuln/detail/CVE-2023-1118), [CVE-2023-1611](https://nvd.nist.gov/vuln/detail/CVE-2023-1611), [CVE-2023-1670](https://nvd.nist.gov/vuln/detail/CVE-2023-1670), [CVE-2023-1829](https://nvd.nist.gov/vuln/detail/CVE-2023-1829), [CVE-2023-1855](https://nvd.nist.gov/vuln/detail/CVE-2023-1855), [CVE-2023-1989](https://nvd.nist.gov/vuln/detail/CVE-2023-1989), [CVE-2023-1990](https://nvd.nist.gov/vuln/detail/CVE-2023-1990), [CVE-2023-23004](https://nvd.nist.gov/vuln/detail/CVE-2023-23004), [CVE-2023-25012](https://nvd.nist.gov/vuln/detail/CVE-2023-25012), [CVE-2023-28466](https://nvd.nist.gov/vuln/detail/CVE-2023-28466), [CVE-2023-30456](https://nvd.nist.gov/vuln/detail/CVE-2023-30456), [CVE-2023-30772](https://nvd.nist.gov/vuln/detail/CVE-2023-30772))<br>- containerd ([CVE-2023-25153](https://nvd.nist.gov/vuln/detail/CVE-2023-25153), [CVE-2023-25173](https://nvd.nist.gov/vuln/detail/CVE-2023-25173))<br>- curl ([CVE-2023-23914](https://nvd.nist.gov/vuln/detail/CVE-2023-23914), [CVE-2023-23915](https://nvd.nist.gov/vuln/detail/CVE-2023-23915), [CVE-2023-23916](https://nvd.nist.gov/vuln/detail/CVE-2023-23916))<br>- e2fsprogs ([CVE-2022-1304](https://nvd.nist.gov/vuln/detail/CVE-2022-1304))<br>- git ([CVE-2023-22490](https://nvd.nist.gov/vuln/detail/CVE-2023-22490), [CVE-2023-23946](https://nvd.nist.gov/vuln/detail/CVE-2023-23946))<br>- GnuTLS ([CVE-2023-0361](https://nvd.nist.gov/vuln/detail/CVE-2023-0361))<br>- Go ([CVE-2022-41723](https://nvd.nist.gov/vuln/detail/CVE-2022-41723), [CVE-2022-41724](https://nvd.nist.gov/vuln/detail/CVE-2022-41724), [CVE-2022-41725](https://nvd.nist.gov/vuln/detail/CVE-2022-41725), [CVE-2023-24532](https://nvd.nist.gov/vuln/detail/CVE-2023-24532))<br>- intel-microcode ([CVE-2022-21216](https://nvd.nist.gov/vuln/detail/CVE-2022-21216), [CVE-2022-33196](https://nvd.nist.gov/vuln/detail/CVE-2022-33196), [CVE-2022-38090](https://nvd.nist.gov/vuln/detail/CVE-2022-38090))<br>- less ([CVE-2022-46663](https://nvd.nist.gov/vuln/detail/CVE-2022-46663))<br>- OpenSSH ([CVE-2023-25136](https://nvd.nist.gov/vuln/detail/CVE-2023-25136))<br>- OpenSSL ([CVE-2022-4203](https://nvd.nist.gov/vuln/detail/CVE-2022-4203), [CVE-2022-4304](https://nvd.nist.gov/vuln/detail/CVE-2022-4304), [CVE-2022-4450](https://nvd.nist.gov/vuln/detail/CVE-2022-4450), [CVE-2023-0215](https://nvd.nist.gov/vuln/detail/CVE-2023-0215), [CVE-2023-0216](https://nvd.nist.gov/vuln/detail/CVE-2023-0216), [CVE-2023-0217](https://nvd.nist.gov/vuln/detail/CVE-2023-0217), [CVE-2023-0286](https://nvd.nist.gov/vuln/detail/CVE-2023-0286), [CVE-2023-0401](https://nvd.nist.gov/vuln/detail/CVE-2023-0401))<br>- torcx ([CVE-2022-32149](https://nvd.nist.gov/vuln/detail/CVE-2022-32149))<br>- vim ([CVE-2023-0288](https://nvd.nist.gov/vuln/detail/CVE-2023-0288), [CVE-2023-0433](https://nvd.nist.gov/vuln/detail/CVE-2023-0433))<br>- SDK: dnsmasq ([CVE-2022-0934](https://nvd.nist.gov/vuln/detail/CVE-2022-0934))<br>- SDK: pkgconf ([CVE-2023-24056](https://nvd.nist.gov/vuln/detail/CVE-2023-24056))<br>- SDK: python ([CVE-2023-24329](https://nvd.nist.gov/vuln/detail/CVE-2023-24329))<br><br>#### Bug fixes:<br><br>- Ensured that `/var/log/journal/` is created early enough for systemd-journald to persist the logs on first boot ([bootengine#60](https://github.com/flatcar/bootengine/pull/60), [baselayout#29](https://github.com/flatcar/baselayout/pull/29))<br>- Fixed `journalctl --user` permission issue ([Flatcar#989](https://github.com/flatcar/Flatcar/issues/989))<br>- Restored the support to specify OEM partition files in Ignition when `/usr/share/oem` is given as initrd mount point ([bootengine#58](https://github.com/flatcar/bootengine/pull/58))<br><br>#### Changes:<br><br>- Added a new `flatcar-reset` tool and boot logic for selective OS resets to reconfigure the system with Ignition while avoiding config drift ([bootengine#55](https://github.com/flatcar/bootengine/pull/55), [init#91](https://github.com/flatcar/init/pull/91))<br>- Added new image signing pub key to `flatcar-install`, needed for download verification of releases built from July 2023 onwards, if you have copies of `flatcar-install` or the image signing pub key, you need to update them as well ([init#92](https://github.com/flatcar/init/pull/92))<br>- Added `pigz` to the image, a parallel gzip implementation, which is useful to speed up the (de)compression for large container image imports/exports ([coreos-overlay#2504](https://github.com/flatcar/coreos-overlay/pull/2504))<br>- Enabled elfutils support in systemd-coredump. A backtrace will now appear in the journal for any program that dumps core ([coreos-overlay#2489](https://github.com/flatcar/coreos-overlay/pull/2489))<br>- `/etc` is now set up as overlayfs with the original `/etc` folder being the store for changed files/directories and `/usr/share/flatcar/etc` providing the lower default directory tree ([bootengine#53](https://github.com/flatcar/bootengine/pull/53), [scripts#666](https://github.com/flatcar/scripts/pull/666))<br>- On boot any files in `/etc` that are the same as provided by the booted `/usr/share/flatcar/etc` default for the overlay mount on `/etc` are deleted to ensure that future updates of `/usr/share/flatcar/etc` are propagated - to opt out create `/etc/.no-dup-update` in case you want to keep an unmodified config file as is or because you fear that a future Flatcar version may use the same file as you at which point your copy is cleaned up and any other future Flatcar changes would be applied ([bootengine#54](https://github.com/flatcar/bootengine/pull/54))<br>- Specifying the OEM filesystem in Ignition to write files to `/usr/share/oem` is not needed anymore ([bootengine#58](https://github.com/flatcar/bootengine/pull/58))<br>- Switched systemd log reporting to the combined format of both unit description, as before, and now the unit name to easily find the unit ([coreos-overlay#2436](https://github.com/flatcar/coreos-overlay/pull/2436))<br><br>#### Updates:<br><br>- Linux ([5.15.106](https://lwn.net/Articles/928343) (includes [5.15.105](https://lwn.net/Articles/927860), [5.15.104](https://lwn.net/Articles/926873), [5.15.103](https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tag/?h=v5.15.103) [5.15.102](https://lwn.net/Articles/925991), [5.15.101](https://lwn.net/Articles/925939), [5.15.100](https://lwn.net/Articles/925913), [5.15.99](https://lwn.net/Articles/925844)))<br>- Linux Firmware ([20230310](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20230310) (includes [20230210](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20230210)))<br>- bind tools ([9.16.37](https://bind9.readthedocs.io/en/v9_16_37/notes.html#notes-for-bind-9-16-37))<br>- btrfs-progs ([6.0.2](https://btrfs.readthedocs.io/en/latest/CHANGES.html#btrfs-progs-6-0-2-2022-11-24) (includes [6.0](https://btrfs.readthedocs.io/en/latest/CHANGES.html#btrfs-progs-6-0-2022-10-11)))<br>- ca-certificates ([3.89](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_89.html))<br>- containerd ([1.6.19](https://github.com/containerd/containerd/releases/tag/v1.6.19) (includes [1.6.18](https://github.com/containerd/containerd/releases/tag/v1.6.18)))<br>- curl ([7.88.1](https://curl.se/changes.html#7_88_1) (includes [7.88.0](https://curl.se/changes.html#7_88_0)))<br>- diffutils ([3.9](https://savannah.gnu.org/forum/forum.php?forum_id=10282))<br>- e2fsprogs ([1.46.6](https://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.46.6))<br>- findutils ([4.9.0](https://lists.gnu.org/archive/html/info-gnu/2022-02/msg00003.html))<br>- Go ([1.19.7](https://go.dev/doc/devel/release#go1.19.7) (includes [1.19.6](https://go.dev/doc/devel/release#go1.19.6)))<br>- gcc ([12.2.1](https://gcc.gnu.org/gcc-12/changes.html))<br>- git ([2.39.2](https://github.com/git/git/blob/v2.39.2/Documentation/RelNotes/2.39.2.txt))<br>- GLib ([2.74.5](https://gitlab.gnome.org/GNOME/glib/-/tags/2.74.5))<br>- GnuTLS ([3.8.0](https://gitlab.com/gnutls/gnutls/-/blob/3.8.0/NEWS))<br>- ignition ([2.15.0](https://coreos.github.io/ignition/release-notes/#ignition-2150-2023-02-21))<br>- intel-microcode ([20230214](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230214))<br>- iputils ([20221126](https://github.com/iputils/iputils/releases/tag/20221126))<br>- less ([608](http://www.greenwoodsoftware.com/less/news.608.html))<br>- libpcap ([1.10.3](https://git.tcpdump.org/libpcap/blob/refs/tags/libpcap-1.10.3:/CHANGES) (includes [1.10.2](https://git.tcpdump.org/libpcap/blob/refs/tags/libpcap-1.10.2:/CHANGES)))<br>- libpcre2 ([10.42](https://github.com/PCRE2Project/pcre2/blob/pcre2-10.42/NEWS))<br>- OpenSSH ([9.2](http://www.openssh.com/releasenotes.html#9.2))<br>- OpenSSL ([3.0.8](https://github.com/openssl/openssl/blob/openssl-3.0.8/NEWS.md#major-changes-between-openssl-307-and-openssl-308-7-feb-2023))<br>- qemu guest agent ([7.1.0](https://wiki.qemu.org/ChangeLog/7.1#Guest_agent))<br>- socat ([1.7.4.4](https://repo.or.cz/socat.git/blob/refs/tags/tag-1.7.4.4:/CHANGES))<br>- strace ([6.1](https://github.com/strace/strace/releases/tag/v6.1))<br>- traceroute (2.1.1)<br>- vim ([9.0.1363](https://github.com/vim/vim/releases/tag/v9.0.1363))<br>- SDK: cmake ([3.25.2](https://cmake.org/cmake/help/v3.25/release/3.25.html))<br>- SDK: dnsmasq ([2.89](https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2023q1/016859.html))<br>- SDK: portage ([3.0.44](https://gitweb.gentoo.org/proj/portage.git/tree/NEWS?h=portage-3.0.44))<br>- SDK: python ([3.10.10](https://docs.python.org/3.10/whatsnew/changelog.html#python-3-10-10-final) (includes [3.10.9](https://docs.python.org/3.10/whatsnew/changelog.html#python-3-10-9-final), [3.10](https://www.python.org/downloads/release/python-3100/)))<br>- SDK: Rust ([1.68.0](https://github.com/rust-lang/rust/releases/tag/1.68.0) (includes [1.67.1](https://github.com/rust-lang/rust/releases/tag/1.67.1)))<br>- VMware: open-vm-tools ([12.2.0](https://github.com/vmware/open-vm-tools/releases/tag/stable-12.2.0))<br><br><br>_Changes since **Alpha 3549.0.0**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-4269](https://nvd.nist.gov/vuln/detail/CVE-2022-4269), [CVE-2022-4379](https://nvd.nist.gov/vuln/detail/CVE-2022-4379), [CVE-2023-1611](https://nvd.nist.gov/vuln/detail/CVE-2023-1611), [CVE-2023-1670](https://nvd.nist.gov/vuln/detail/CVE-2023-1670), [CVE-2023-1855](https://nvd.nist.gov/vuln/detail/CVE-2023-1855), [CVE-2023-1989](https://nvd.nist.gov/vuln/detail/CVE-2023-1989), [CVE-2023-1990](https://nvd.nist.gov/vuln/detail/CVE-2023-1990), [CVE-2023-28466](https://nvd.nist.gov/vuln/detail/CVE-2023-28466), [CVE-2023-30456](https://nvd.nist.gov/vuln/detail/CVE-2023-30456), [CVE-2023-30772](https://nvd.nist.gov/vuln/detail/CVE-2023-30772))<br><br>#### Bug fixes:<br><br>- Ensured that `/var/log/journal/` is created early enough for systemd-journald to persist the logs on first boot ([bootengine#60](https://github.com/flatcar/bootengine/pull/60), [baselayout#29](https://github.com/flatcar/baselayout/pull/29))<br>- Fixed `journalctl --user` permission issue ([Flatcar#989](https://github.com/flatcar/Flatcar/issues/989))<br><br>#### Changes:<br><br><br>#### Updates:<br><br>- Linux ([5.15.106](https://lwn.net/Articles/928343) (includes [5.15.105](https://lwn.net/Articles/927860), [5.15.104](https://lwn.net/Articles/926873)))<br><br>Packages:<br>- containerd 1.6.19<br>- docker 20.10.23<br>- ignition 2.15.0<br>- kernel 5.15.106<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-04-17T13:18:23+00:00 @@ -110,7 +118,7 @@ https://github.com/flatcar/scripts/releases/tag/beta-3510.1.0 3510.1.0 - 2023-10-25T10:20:36.072529+00:00 + 2023-11-22T09:59:25.793665+00:00 _Changes since **Beta 3493.1.0**_<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2022-2196](https://nvd.nist.gov/vuln/detail/CVE-2022-2196), [CVE-2022-27672](https://nvd.nist.gov/vuln/detail/CVE-2022-27672), [CVE-2022-3707](https://nvd.nist.gov/vuln/detail/CVE-2022-3707), [CVE-2023-1078](https://nvd.nist.gov/vuln/detail/CVE-2023-1078), [CVE-2023-26545](https://nvd.nist.gov/vuln/detail/CVE-2023-26545))<br> - curl ([CVE-2022-43551](https://nvd.nist.gov/vuln/detail/CVE-2022-43551), [CVE-2022-43552](https://nvd.nist.gov/vuln/detail/CVE-2022-43552))<br> - sudo ([CVE-2023-22809](https://nvd.nist.gov/vuln/detail/CVE-2023-22809))<br> - vim ([CVE-2023-0049](https://nvd.nist.gov/vuln/detail/CVE-2023-0049), [CVE-2023-0051](https://nvd.nist.gov/vuln/detail/CVE-2023-0051), [CVE-2023-0054](https://nvd.nist.gov/vuln/detail/CVE-2023-0054))<br> - SDK: qemu ([CVE-2022-4172](https://nvd.nist.gov/vuln/detail/CVE-2022-4172))<br> <br> #### Bug fixes:<br> <br> - Excluded the special Kubernetes network interfaces `nodelocaldns` and `kube-ipvs0` from being managed with systemd-networkd which interfered with the setup ([init#89](https://github.com/flatcar/init/pull/89)).<br> <br> #### Updates:<br> <br> - Linux ([5.15.98](https://lwn.net/Articles/925080) (includes [5.15.97](https://lwn.net/Articles/925064), [5.15.96](https://lwn.net/Articles/924441), [5.15.95](https://lwn.net/Articles/924073), [5.15.94](https://lwn.net/Articles/923308), [5.15.93](https://lwn.net/Articles/922814)))<br> - Docker ([20.10.23](https://docs.docker.com/engine/release-notes/#201023))<br> - bind tools ([9.16.36](https://bind9.readthedocs.io/en/v9_16_36/notes.html#notes-for-bind-9-16-36) (includes [9.16.34](https://bind9.readthedocs.io/en/v9_16_35/notes.html#notes-for-bind-9-16-34) and [9.16.35](https://bind9.readthedocs.io/en/v9_16_34/notes.html#notes-for-bind-9-16-35)))<br> - bpftool ([5.19.12](https://lwn.net/Articles/909678/))<br> - ca-certificates ([3.88.1](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_88_1.html))<br> - containerd ([1.6.16](https://github.com/containerd/containerd/releases/tag/v1.6.16))<br> - curl ([7.87.0](https://curl.se/changes.html#7_87_0))<br> - git ([2.39.1](https://github.com/git/git/blob/v2.39.1/Documentation/RelNotes/2.39.1.txt) (includes [2.39.0](https://github.com/git/git/blob/v2.39.0/Documentation/RelNotes/2.39.0.txt)))<br> - iptables ([1.8.8](https://www.netfilter.org/projects/iptables/files/changes-iptables-1.8.8.txt))<br> - sudo ([1.9.12_p2](https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_12p2))<br> - systemd ([252.5](https://github.com/systemd/systemd-stable/releases/tag/v252.5))<br> - vim ([9.0.1157](https://github.com/vim/vim/releases/tag/v9.0.1157))<br> - XZ utils ([5.4.1](https://github.com/tukaani-project/xz/releases/tag/v5.4.1) (includes [5.4.0](https://github.com/tukaani-project/xz/releases/tag/v5.4.0)))<br> - SDK: boost ([1.81.0](https://www.boost.org/users/history/version_1_81_0.html))<br> - SDK: file ([5.44](https://github.com/file/file/blob/FILE5_44/ChangeLog))<br> - SDK: portage ([3.0.43](https://github.com/gentoo/portage/blob/portage-3.0.43/NEWS) (includes [3.0.42](https://github.com/gentoo/portage/blob/portage-3.0.42/NEWS)))<br> - SDK: qemu ([7.2.0](https://wiki.qemu.org/ChangeLog/7.2))<br> - SDK: Rust ([1.67.0](https://github.com/rust-lang/rust/releases/tag/1.67.0))<br> <br> _Changes since **Alpha 3510.0.0**_<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2022-2196](https://nvd.nist.gov/vuln/detail/CVE-2022-2196), [CVE-2022-27672](https://nvd.nist.gov/vuln/detail/CVE-2022-27672), [CVE-2022-3707](https://nvd.nist.gov/vuln/detail/CVE-2022-3707), [CVE-2023-1078](https://nvd.nist.gov/vuln/detail/CVE-2023-1078), [CVE-2023-26545](https://nvd.nist.gov/vuln/detail/CVE-2023-26545))<br> <br> #### Bug fixes:<br> <br> - Excluded the special Kubernetes network interfaces `nodelocaldns` and `kube-ipvs0` from being managed with systemd-networkd which interfered with the setup ([init#89](https://github.com/flatcar/init/pull/89)).<br> <br> #### Updates:<br> <br> - Linux ([5.15.98](https://lwn.net/Articles/925080) (includes [5.15.97](https://lwn.net/Articles/925064), [5.15.96](https://lwn.net/Articles/924441), [5.15.95](https://lwn.net/Articles/924073), [5.15.94](https://lwn.net/Articles/923308), [5.15.93](https://lwn.net/Articles/922814)))<br>Packages:<br>- containerd 1.6.16<br>- docker 20.10.23<br>- ignition 2.14.0<br>- kernel 5.15.98<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-03-07T15:23:17+00:00 @@ -118,7 +126,7 @@ https://github.com/flatcar/scripts/releases/tag/beta-3493.1.0 3493.1.0 - 2023-10-25T10:20:36.065397+00:00 + 2023-11-22T09:59:25.786514+00:00 _Changes since **Beta 3446.1.1**_<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2022-4129](https://nvd.nist.gov/vuln/detail/CVE-2022-4129), [CVE-2022-4382](https://nvd.nist.gov/vuln/detail/CVE-2022-4382), [CVE-2022-4842](https://nvd.nist.gov/vuln/detail/CVE-2022-4842), [CVE-2023-23559](https://nvd.nist.gov/vuln/detail/CVE-2023-23559))<br> - Go ([CVE-2022-41717](https://nvd.nist.gov/vuln/detail/CVE-2022-41717))<br> - containerd ([CVE-2022-23471](https://nvd.nist.gov/vuln/detail/CVE-2022-23471))<br> - git ([CVE-2022-23521](https://nvd.nist.gov/vuln/detail/CVE-2022-23521), [CVE-2022-41903](https://nvd.nist.gov/vuln/detail/CVE-2022-41903))<br> - glib ([fixes to normal form handling in GVariant](https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835))<br> - libarchive ([CVE-2022-36227](https://nvd.nist.gov/vuln/detail/CVE-2022-36227))<br> - systemd ([CVE-2022-3821](https://nvd.nist.gov/vuln/detail/CVE-2022-3821), [CVE-2022-4415](https://nvd.nist.gov/vuln/detail/CVE-2022-4415))<br> - vim ([CVE-2022-3491](https://nvd.nist.gov/vuln/detail/CVE-2022-3491), [CVE-2022-3520](https://nvd.nist.gov/vuln/detail/CVE-2022-3520), [CVE-2022-3591](https://nvd.nist.gov/vuln/detail/CVE-2022-3591), [CVE-2022-4141](https://nvd.nist.gov/vuln/detail/CVE-2022-4141), [CVE-2022-4292](https://nvd.nist.gov/vuln/detail/CVE-2022-4292), [CVE-2022-4293](https://nvd.nist.gov/vuln/detail/CVE-2022-4293))<br> - SDK: Python ([CVE-2015-20107](https://nvd.nist.gov/vuln/detail/CVE-2015-20107), [CVE-2020-10735](https://nvd.nist.gov/vuln/detail/CVE-2020-10735), [CVE-2021-3654](https://nvd.nist.gov/vuln/detail/CVE-2021-3654), [CVE-2022-37454](https://nvd.nist.gov/vuln/detail/CVE-2022-37454), [CVE-2022-42919](https://nvd.nist.gov/vuln/detail/CVE-2022-42919), [CVE-2022-45061](https://nvd.nist.gov/vuln/detail/CVE-2022-45061))<br> - SDK: qemu ([CVE-2020-14394](https://nvd.nist.gov/vuln/detail/CVE-2020-14394), [CVE-2022-0216](https://nvd.nist.gov/vuln/detail/CVE-2022-0216), [CVE-2022-3872](https://nvd.nist.gov/vuln/detail/CVE-2022-3872))<br> - SDK: rust ([CVE-2022-46176](https://nvd.nist.gov/vuln/detail/CVE-2022-46176))<br><br> <br> #### Updates:<br> - Linux ([5.15.92](https://lwn.net/Articles/922340) (includes [5.15.91](https://lwn.net/Articles/921851), [5.15.90](https://lwn.net/Articles/921029)))<br> - Linux Firmware ([20230117](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20230117))<br> - Docker ([20.10.22](https://docs.docker.com/engine/release-notes/20.10/#201022))<br> - adcli ([0.9.2](https://gitlab.freedesktop.org/realmd/adcli/-/commits/8e88e3590a19006362ea8b8dfdc18bb88b3cb3b5/))<br> - binutils ([2.39](https://sourceware.org/pipermail/binutils/2022-August/122246.html))<br> - containerd ([1.6.15](https://github.com/containerd/containerd/releases/tag/v1.6.15) (includes [1.6.14](https://github.com/containerd/containerd/releases/tag/v1.6.14), [1.6.13](https://github.com/containerd/containerd/releases/tag/v1.6.13), [1.6.12](https://github.com/containerd/containerd/releases/tag/v1.6.12)))<br> - cri-tools ([1.24.2](https://github.com/kubernetes-sigs/cri-tools/releases/tag/v1.24.2))<br> - elfutils ([0.188](https://sourceware.org/pipermail/elfutils-devel/2022q4/005561.html) (includes [0.187](https://sourceware.org/pipermail/elfutils-devel/2022q2/004978.html))<br> - file ([5.43](https://mailman.astron.com/pipermail/file/2022-September/000857.html))<br> - gawk ([5.2.1](https://lists.gnu.org/archive/html/help-gawk/2022-11/msg00008.html) (includes [5.2.0](https://lists.gnu.org/archive/html/help-gawk/2022-09/msg00000.html)))<br> - git ([2.38.3](https://github.com/git/git/blob/v2.38.3/Documentation/RelNotes/2.38.3.txt))<br> - glib ([2.74.4](https://gitlab.gnome.org/GNOME/glib/-/tags/2.74.4))<br> - GNU C Library ([2.36](https://sourceware.org/pipermail/libc-alpha/2022-August/141193.html))<br> - Go ([1.19.5](https://go.dev/doc/devel/release#go1.19.5))<br> - I2C tools ([4.3](https://git.kernel.org/pub/scm/utils/i2c-tools/i2c-tools.git/tree/CHANGES?id=d8bc1f1ff4b00a6bd988aa114100ae9b787f50d8))<br> - Intel Microcode Package ([20221108](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20221108))<br> - libcap-ng ([0.8.3](https://people.redhat.com/sgrubb/libcap-ng/ChangeLog))<br> - libseccomp ([2.5.4](https://github.com/seccomp/libseccomp/releases/tag/v2.5.4) (includes [2.5.2](https://github.com/seccomp/libseccomp/releases/tag/v2.5.2), [2.5.3](https://github.com/seccomp/libseccomp/releases/tag/v2.5.3)))<br> - MIT Kerberos V ([1.20.1](https://web.mit.edu/kerberos/krb5-1.20/krb5-1.20.1.html))<br> - nettle ([3.8.1](https://git.lysator.liu.se/nettle/nettle/-/blob/990abad16ceacd070747dcc76ed16a39c129321e/ChangeLog))<br> - rsync ([3.2.7](https://download.samba.org/pub/rsync/NEWS#3.2.7))<br> - shadow ([4.13](https://github.com/shadow-maint/shadow/releases/tag/4.13))<br> - sqlite ([3.40.1](https://www.sqlite.org/releaselog/3_40_1.html) (includes [3.40.0](https://www.sqlite.org/releaselog/3_40_0.html)))<br> - systemd ([251.10](https://github.com/systemd/systemd-stable/commits/v251.10) (includes [251](https://github.com/systemd/systemd/releases/tag/v251)))<br> - vim ([9.0.1000](https://github.com/vim/vim/releases/tag/v9.0.1000))<br> - XZ utils ([5.2.10](https://git.tukaani.org/?p=xz.git;a=blob;f=NEWS;h=d92fa88a835180af5d6ff22ad0e240d6468f81af;hb=f7c2cc55618b9af3318f0c908cf8db0df1e28e7c))<br> - OEM: python-oem ([3.9.16](https://www.python.org/downloads/release/python-3916/))<br> - SDK: libpng ([1.6.39](http://www.libpng.org/pub/png/src/libpng-1.6.39-README.txt) (includes [1.6.38](http://www.libpng.org/pub/png/src/libpng-1.6.38-README.txt)))<br> - SDK: perl ([5.36.0](https://perldoc.perl.org/5.36.0/perldelta))<br> - SDK: portage ([3.0.41](https://gitweb.gentoo.org/proj/portage.git/tree/NEWS?h=portage-3.0.41))<br> - SDK: qemu ([7.1.0](https://wiki.qemu.org/ChangeLog/7.1))<br> - SDK: Rust ([1.66.1](https://github.com/rust-lang/rust/releases/tag/1.66.1))<br><br>_Changes since **Alpha 3493.0.0**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-4129](https://nvd.nist.gov/vuln/detail/CVE-2022-4129), [CVE-2022-4382](https://nvd.nist.gov/vuln/detail/CVE-2022-4382), [CVE-2022-4842](https://nvd.nist.gov/vuln/detail/CVE-2022-4842), [CVE-2023-23559](https://nvd.nist.gov/vuln/detail/CVE-2023-23559))<br><br>#### Bug fixes:<br><br><br>#### Changes:<br><br><br>#### Updates:<br><br>- Linux ([5.15.92](https://lwn.net/Articles/922340) (includes [5.15.91](https://lwn.net/Articles/921851), [5.15.90](https://lwn.net/Articles/921029)))<br>- cri-tools ([1.24.2](https://github.com/kubernetes-sigs/cri-tools/releases/tag/v1.24.2))<br><br>Packages:<br>- containerd 1.6.15<br>- docker 20.10.22<br>- ignition 2.14.0<br>- kernel 5.15.92<br>- systemd 251<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-02-16T13:07:54+00:00 @@ -126,7 +134,7 @@ https://github.com/flatcar/scripts/releases/tag/beta-3446.1.1 3446.1.1 - 2023-10-25T10:20:36.056931+00:00 + 2023-11-22T09:59:25.778049+00:00 _Changes since **Beta 3446.1.0**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-36280](https://nvd.nist.gov/vuln/detail/CVE-2022-36280), [CVE-2022-41218](https://nvd.nist.gov/vuln/detail/CVE-2022-41218), [CVE-2022-47929](https://nvd.nist.gov/vuln/detail/CVE-2022-47929), [CVE-2023-0210](https://nvd.nist.gov/vuln/detail/CVE-2023-0210), [CVE-2023-0266](https://nvd.nist.gov/vuln/detail/CVE-2023-0266), [CVE-2023-0394](https://nvd.nist.gov/vuln/detail/CVE-2023-0394), [CVE-2023-23454](https://nvd.nist.gov/vuln/detail/CVE-2023-23454), [CVE-2023-23455](https://nvd.nist.gov/vuln/detail/CVE-2023-23455))<br>- git ([CVE-2022-23521](https://nvd.nist.gov/vuln/detail/CVE-2022-23521), [CVE-2022-41903](https://nvd.nist.gov/vuln/detail/CVE-2022-41903))<br><br>#### Bug fixes:<br><br>- Fixed a regression (in Alpha/Beta) where machines failed to boot if they didn't have the `core` user or group in `/etc/passwd` or `/etc/group` ([baselayout#26](https://github.com/flatcar/baselayout/pull/26))<br><br>#### Changes:<br><br><br>#### Updates:<br><br>- Linux ([5.15.89](https://lwn.net/Articles/920321) (includes [5.15.88](https://lwn.net/Articles/920012), [5.15.87](https://lwn.net/Articles/919793)))<br>- git ([2.37.5](https://github.com/git/git/blob/v2.37.5/Documentation/RelNotes/2.37.5.txt))<br><br>Packages:<br>- containerd 1.6.10<br>- docker 20.10.21<br>- ignition 2.14.0<br>- kernel 5.15.89<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-01-24T13:16:19+00:00 @@ -134,7 +142,7 @@ https://github.com/flatcar/scripts/releases/tag/beta-3446.1.0 3446.1.0 - 2023-10-25T10:20:36.051830+00:00 + 2023-11-22T09:59:25.772937+00:00 _Changes since **Beta 3432.1.0**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-3424](https://nvd.nist.gov/vuln/detail/CVE-2022-3424), [CVE-2022-3534](https://nvd.nist.gov/vuln/detail/CVE-2022-3534), [CVE-2022-3545](https://nvd.nist.gov/vuln/detail/CVE-2022-3545), [CVE-2022-3643](https://nvd.nist.gov/vuln/detail/CVE-2022-3643), [CVE-2022-4378](https://nvd.nist.gov/vuln/detail/CVE-2022-4378), [CVE-2022-45869](https://nvd.nist.gov/vuln/detail/CVE-2022-45869), [CVE-2022-45934](https://nvd.nist.gov/vuln/detail/CVE-2022-45934))<br>- sudo ([CVE-2022-43995](https://nvd.nist.gov/vuln/detail/CVE-2022-43995))<br>- libksba ([CVE-2022-47629](https://nvd.nist.gov/vuln/detail/CVE-2022-47629))<br><br>#### Bug fixes:<br><br>- Added back Ignition support for Vagrant ([coreos-overlay#2351](https://github.com/flatcar/coreos-overlay/pull/2351))<br>- The rootfs setup in the initrd now runs systemd-tmpfiles on every boot, not only when Ignition runs, to fix a dbus failure due to missing files ([Flatcar#944](https://github.com/flatcar/Flatcar/issues/944))<br><br>#### Updates:<br><br>- Linux ([5.15.86](https://lwn.net/Articles/918808) (includes [5.15.85](https://lwn.net/Articles/918329), [5.15.84](https://lwn.net/Articles/918206), [5.15.83](https://lwn.net/Articles/917896), [5.15.82](https://lwn.net/Articles/917400)))<br>- ca-certificates ([3.87](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_87.html))<br>- sudo ([1.9.12_p1](https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_12p1))<br>- GnuTLS ([3.7.8](https://lists.gnupg.org/pipermail/gnutls-help/2022-September/004765.html))<br>- XZ utils ([5.2.8](https://git.tukaani.org/?p=xz.git;a=blob;f=NEWS;h=c244b42a6771a6e8af206318dfc500d78929fd6f;hb=5476089d9c42b9b04e92b80e1800b384a98265cb))<br>- gettext ([0.21.1](https://git.savannah.gnu.org/gitweb/?p=gettext.git;a=blob;f=NEWS;h=cdbb16746c23555e70bb1e16917f5c349ce92d9e;hb=8b38ee827251cadbb90cb6cb576ae98702566288))<br>- libksba ([1.6.3](https://dev.gnupg.org/T6304))<br>- VMware: open-vm-tools ([12.1.5](https://github.com/vmware/open-vm-tools/releases/tag/stable-12.1.5))<br><br>_Changes since **Alpha 3446.0.0**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-3424](https://nvd.nist.gov/vuln/detail/CVE-2022-3424), [CVE-2022-3534](https://nvd.nist.gov/vuln/detail/CVE-2022-3534), [CVE-2022-3545](https://nvd.nist.gov/vuln/detail/CVE-2022-3545), [CVE-2022-3643](https://nvd.nist.gov/vuln/detail/CVE-2022-3643), [CVE-2022-4378](https://nvd.nist.gov/vuln/detail/CVE-2022-4378), [CVE-2022-45869](https://nvd.nist.gov/vuln/detail/CVE-2022-45869), [CVE-2022-45934](https://nvd.nist.gov/vuln/detail/CVE-2022-45934))<br>- libksba ([CVE-2022-47629](https://nvd.nist.gov/vuln/detail/CVE-2022-47629))<br><br>#### Bug fixes:<br><br>- Added back Ignition support for Vagrant ([coreos-overlay#2351](https://github.com/flatcar/coreos-overlay/pull/2351))<br>- The rootfs setup in the initrd now runs systemd-tmpfiles on every boot, not only when Ignition runs, to fix a dbus failure due to missing files ([Flatcar#944](https://github.com/flatcar/Flatcar/issues/944))<br><br>#### Updates:<br><br>- Linux ([5.15.86](https://lwn.net/Articles/918808) (includes [5.15.85](https://lwn.net/Articles/918329), [5.15.84](https://lwn.net/Articles/918206), [5.15.83](https://lwn.net/Articles/917896), [5.15.82](https://lwn.net/Articles/917400)))<br>- ca-certificates ([3.87](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_87.html))<br>- libksba ([1.6.3](https://dev.gnupg.org/T6304))<br><br>Packages:<br>- containerd 1.6.10<br>- docker 20.10.21<br>- ignition 2.14.0<br>- kernel 5.15.86<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-01-11T13:32:59+00:00 @@ -142,7 +150,7 @@ https://github.com/flatcar/scripts/releases/tag/beta-3432.1.0 3432.1.0 - 2023-10-25T10:20:36.045294+00:00 + 2023-11-22T09:59:25.766405+00:00 _Changes since **Beta 3417.1.0**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-3169](https://nvd.nist.gov/vuln/detail/CVE-2022-169), [CVE-2022-3521](https://nvd.nist.gov/vuln/detail/CVE-2022-521))<br>- cpio ([CVE-2021-38185](https://nvd.nist.gov/vuln/detail/CVE-2021-8185))<br>- curl ([CVE-2022-32221](https://nvd.nist.gov/vuln/detail/CVE-2022-2221), [CVE-2022-35260](https://nvd.nist.gov/vuln/detail/CVE-2022-2221), [CVE-2022-42915](https://nvd.nist.gov/vuln/detail/CVE-2022-2221), [CVE-2022-42916](https://nvd.nist.gov/vuln/detail/CVE-2022-2221))<br>- expat ([CVE-2022-43680](https://nvd.nist.gov/vuln/detail/CVE-2022-3680))<br>- libksba ([CVE-2022-3515](https://nvd.nist.gov/vuln/detail/CVE-2022-515))<br>- vim ([CVE-2022-3705](https://nvd.nist.gov/vuln/detail/CVE-2022-705))<br><br>#### Bug fixes:<br><br>- Added support for hardware security keys in update-ssh-keys ([update-ssh-keys#7](https://github.com/flatcar/update-ssh-eys/pull/7))<br>- Fix "ext4 deadlock under heavy I/O load" kernel issue. The patch for this is included provisionally while we wait for it to be merged pstream ([Flatcar#847](https://github.com/flatcar/Flatcar/issues/847), [coreos-overlay#2315](https://github.com/flatcar/coreos-overlay/pull/2315))<br><br>#### Updates:<br><br>- Linux ([5.15.81](https://lwn.net/Articles/916763) (includes [5.15.80](https://lwn.net/Articles/916003)))<br>- Linux Firmware ([20221109](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20221109))<br>- OpenSSH ([9.1](http://www.openssh.com/releasenotes.html#9.1))<br>- containerd ([1.6.10](https://github.com/containerd/containerd/releases/tag/v1.6.10))<br>- cpio ([2.13](https://lists.gnu.org/archive/html/bug-cpio/2019-11/msg00000.html))<br>- curl ([7.86](https://curl.se/changes.html#7_86_0))<br>- Expat ([2.5.0](https://github.com/libexpat/libexpat/blob/R_2_5_0/expat/Changes))<br>- glib ([2.74.1](https://gitlab.gnome.org/GNOME/glib/-/tags/2.74.1))<br>- libcap ([2.66](https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.d9ygdose5kw))<br>- libksba ([1.6.2](https://dev.gnupg.org/T6230))<br>- sqlite ([3.39.4](https://sqlite.org/releaselog/3_39_4.html))<br>- vim ([9.0.0828](https://github.com/vim/vim/releases/tag/v9.0.0828))<br>- whois ([5.5.14](https://github.com/rfc1036/whois/commit/ab10466cf2e1ec4887f6a44375c3e29c1720157f))<br>- XZ utils ([5.2.7](https://git.tukaani.org/?p=xz.git;a=blob;f=NEWS;h=0205423e79ce8297102096b0fc8b030ddf5b2023;hb=d24a57b7fc7e5e9267b84367cb0788d3acf7f569))<br>- SDK: Rust ([1.65.0](https://github.com/rust-ang/rust/releases/tag/1.65.0))<br><br>_Changes since **Alpha 3432.0.0**_<br> <br>#### Security fixes:<br> <br>- Linux ([CVE-2022-3169](https://nvd.nist.gov/vuln/detail/CVE-2022-3169), [CVE-2022-3521](https://nvd.nist.gov/vuln/detail/CVE-2022-3521))<br> <br>#### Bug fixes:<br> <br>- Fix "ext4 deadlock under heavy I/O load" kernel issue. The patch for this is included provisionally while we wait for it to be merged upstream ([Flatcar#847](https://github.com/flatcar/Flatcar/issues/847), [coreos-overlay#2315](https://github.com/flatcar/coreos-overlay/pull/2315))<br> <br> #### Updates:<br> <br>- Linux ([5.15.81](https://lwn.net/Articles/916763) (includes [5.15.80](https://lwn.net/Articles/916003)))<br>Packages:<br>- containerd 1.6.10<br>- docker 20.10.21<br>- ignition 2.14.0<br>- kernel 5.15.81<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-12-09T09:47:46+00:00 @@ -150,7 +158,7 @@ https://github.com/flatcar/scripts/releases/tag/beta-3417.1.0 3417.1.0 - 2023-10-25T10:20:36.038727+00:00 + 2023-11-22T09:59:25.759847+00:00 _Changes since **Beta 3402.1.0**_<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2022-3543](https://nvd.nist.gov/vuln/detail/CVE-2022-3543), [CVE-2022-3564](https://nvd.nist.gov/vuln/detail/CVE-2022-3564), [CVE-2022-3619](https://nvd.nist.gov/vuln/detail/CVE-2022-3619), [CVE-2022-3623](https://nvd.nist.gov/vuln/detail/CVE-2022-3623), [CVE-2022-3628](https://nvd.nist.gov/vuln/detail/CVE-2022-3628), [CVE-2022-42895](https://nvd.nist.gov/vuln/detail/CVE-2022-42895), [CVE-2022-42896](https://nvd.nist.gov/vuln/detail/CVE-2022-42896))<br> - git ([CVE-2022-39253](https://nvd.nist.gov/vuln/detail/CVE-2022-39253), [CVE-2022-39260](https://nvd.nist.gov/vuln/detail/CVE-2022-39260))<br> - multipath-tools ([CVE-2022-41973](https://nvd.nist.gov/vuln/detail/CVE-2022-41973), [CVE-2022-41974](https://nvd.nist.gov/vuln/detail/CVE-2022-41974))<br> <br> #### Bug fixes:<br> <br> - Fixed Ignition btrfs forced formatting for OEM partition ([coreos-overlay#2277](https://github.com/flatcar/coreos-overlay/pull/2277))<br> <br> #### Changes:<br> <br> - Toolbox now uses containerd to download and mount the image ([toolbox#7](https://github.com/flatcar/toolbox/pull/7))<br> <br> #### Updates:<br> <br> - Linux ([5.15.79](https://lwn.net/Articles/915100) (includes [5.15.78](https://lwn.net/Articles/914423)))<br> - Docker ([20.10.21](https://docs.docker.com/engine/release-notes/#201021))<br> - Go ([1.19.3](https://go.dev/doc/devel/release#go1.19.3))<br> - ca-certificates ([3.85](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_85.html))<br> - containerd ([1.6.9](https://github.com/containerd/containerd/releases/tag/v1.6.9))<br> - glibc ([2.35](https://savannah.gnu.org/forum/forum.php?forum_id=10111))<br> - bpftool ([5.19.8](https://lwn.net/Articles/907523/))<br> - git ([2.37.4](https://github.com/git/git/blob/master/Documentation/RelNotes/2.37.4.txt))<br> - iputils ([20211215](https://github.com/iputils/iputils/releases/tag/20211215))<br> - libcap ([2.65](https://sites.google.com/site/fullycapable/release-notes-for-libcap?authuser=0#h.wfblevfzkj0))<br> - multipath-tools ([0.9.3](https://github.com/opensvc/multipath-tools/releases/tag/0.9.3))<br> - wget ([1.21.3](https://lists.gnu.org/archive/html/info-gnu/2022-02/msg00017.html))<br> - whois ([5.5.13](https://github.com/rfc1036/whois/blob/v5.5.13/debian/changelog))<br> - xz-utils ([5.2.6](https://git.tukaani.org/?p=xz.git;a=blob;f=NEWS;h=4c79b18ff26a1c479a920b21f07d050599c04c9e;hb=8dfed05bdaa4873833ba24279f02ad2db25effea))<br><br>_Changes since **Alpha 3417.0.0**_<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2022-3543](https://nvd.nist.gov/vuln/detail/CVE-2022-3543), [CVE-2022-3564](https://nvd.nist.gov/vuln/detail/CVE-2022-3564), [CVE-2022-3619](https://nvd.nist.gov/vuln/detail/CVE-2022-3619), [CVE-2022-3623](https://nvd.nist.gov/vuln/detail/CVE-2022-3623), [CVE-2022-3628](https://nvd.nist.gov/vuln/detail/CVE-2022-3628), [CVE-2022-42895](https://nvd.nist.gov/vuln/detail/CVE-2022-42895), [CVE-2022-42896](https://nvd.nist.gov/vuln/detail/CVE-2022-42896))<br> <br> #### Bug fixes:<br> <br> - Fixed Ignition btrfs forced formatting for OEM partition ([coreos-overlay#2277](https://github.com/flatcar/coreos-overlay/pull/2277))<br> <br> #### Updates:<br> <br> - Linux ([5.15.79](https://lwn.net/Articles/915100) (includes [5.15.78](https://lwn.net/Articles/914423)))<br> - ca-certificates ([3.85](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_85.html))<br><br>Packages:<br>- containerd 1.6.9<br>- docker 20.10.21<br>- ignition 2.14.0<br>- kernel 5.15.79<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-11-24T15:10:53+00:00 @@ -158,7 +166,7 @@ https://github.com/flatcar/scripts/releases/tag/beta-3402.1.0 3402.1.0 - 2023-10-25T10:20:36.032153+00:00 + 2023-11-22T09:59:25.753257+00:00 _Changes since **Beta 3374.1.1**_<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2022-2602](https://nvd.nist.gov/vuln/detail/CVE-2022-2602), [CVE-2022-3535](https://nvd.nist.gov/vuln/detail/CVE-2022-3535), [CVE-2022-3542](https://nvd.nist.gov/vuln/detail/CVE-2022-3542), [CVE-2022-3565](https://nvd.nist.gov/vuln/detail/CVE-2022-3565), [CVE-2022-3594](https://nvd.nist.gov/vuln/detail/CVE-2022-3594))<br> - bind tools ([CVE-2022-2795](https://nvd.nist.gov/vuln/detail/CVE-2022-2795), [CVE-2022-2881](https://nvd.nist.gov/vuln/detail/CVE-2022-2881), [CVE-2022-2906](https://nvd.nist.gov/vuln/detail/CVE-2022-2906), [CVE-2022-3080](https://nvd.nist.gov/vuln/detail/CVE-2022-3080), [CVE-2022-38177](https://nvd.nist.gov/vuln/detail/CVE-2022-38177), [CVE-2022-38178](https://nvd.nist.gov/vuln/detail/CVE-2022-38178))<br> - curl ([CVE-2022-35252](https://nvd.nist.gov/vuln/detail/CVE-2022-35252))<br> - dbus ([CVE-2022-42010](https://nvd.nist.gov/vuln/detail/CVE-2022-42010), [CVE-2022-42011](https://nvd.nist.gov/vuln/detail/CVE-2022-42011), [CVE-2022-42012](https://nvd.nist.gov/vuln/detail/CVE-2022-42012))<br> - go ([CVE-2022-41715](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41715), [CVE-2022-2880](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880), [CVE-2022-2879](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879))<br> - libxml2 ([CVE-2022-40303](https://nvd.nist.gov/vuln/detail/CVE-2022-40303), [CVE-2022-40304](https://nvd.nist.gov/vuln/detail/CVE-2022-40304))<br> - logrotate ([CVE-2022-1348](https://nvd.nist.gov/vuln/detail/CVE-2022-1348))<br> - vim ([CVE-2022-1725](https://nvd.nist.gov/vuln/detail/CVE-2022-1725), [CVE-2022-2042](https://nvd.nist.gov/vuln/detail/CVE-2022-2042), [CVE-2022-2124](https://nvd.nist.gov/vuln/detail/CVE-2022-2124), [CVE-2022-2125](https://nvd.nist.gov/vuln/detail/CVE-2022-2125), [CVE-2022-2126](https://nvd.nist.gov/vuln/detail/CVE-2022-2126), [CVE-2022-2129](https://nvd.nist.gov/vuln/detail/CVE-2022-2129), [CVE-2022-2175](https://nvd.nist.gov/vuln/detail/CVE-2022-2175), [CVE-2022-2182](https://nvd.nist.gov/vuln/detail/CVE-2022-2182), [CVE-2022-2183](https://nvd.nist.gov/vuln/detail/CVE-2022-2183), [CVE-2022-2206](https://nvd.nist.gov/vuln/detail/CVE-2022-2206), [CVE-2022-2207](https://nvd.nist.gov/vuln/detail/CVE-2022-2207), [CVE-2022-2208](https://nvd.nist.gov/vuln/detail/CVE-2022-2208), [CVE-2022-2210](https://nvd.nist.gov/vuln/detail/CVE-2022-2210), [CVE-2022-2231](https://nvd.nist.gov/vuln/detail/CVE-2022-2231), [CVE-2022-2257](https://nvd.nist.gov/vuln/detail/CVE-2022-2257), [CVE-2022-2264](https://nvd.nist.gov/vuln/detail/CVE-2022-2264), [CVE-2022-2284](https://nvd.nist.gov/vuln/detail/CVE-2022-2284), [CVE-2022-2285](https://nvd.nist.gov/vuln/detail/CVE-2022-2285), [CVE-2022-2286](https://nvd.nist.gov/vuln/detail/CVE-2022-2286), [CVE-2022-2287](https://nvd.nist.gov/vuln/detail/CVE-2022-2287), [CVE-2022-2288](https://nvd.nist.gov/vuln/detail/CVE-2022-2288), [CVE-2022-2289](https://nvd.nist.gov/vuln/detail/CVE-2022-2289), [CVE-2022-2304](https://nvd.nist.gov/vuln/detail/CVE-2022-2304), [CVE-2022-2343](https://nvd.nist.gov/vuln/detail/CVE-2022-2343), [CVE-2022-2344](https://nvd.nist.gov/vuln/detail/CVE-2022-2344), [CVE-2022-2345](https://nvd.nist.gov/vuln/detail/CVE-2022-2345), [CVE-2022-2522](https://nvd.nist.gov/vuln/detail/CVE-2022-2522), [CVE-2022-2816](https://nvd.nist.gov/vuln/detail/CVE-2022-2816), [CVE-2022-2817](https://nvd.nist.gov/vuln/detail/CVE-2022-2817), [CVE-2022-2819](https://nvd.nist.gov/vuln/detail/CVE-2022-2819), [CVE-2022-2845](https://nvd.nist.gov/vuln/detail/CVE-2022-2845), [CVE-2022-2849](https://nvd.nist.gov/vuln/detail/CVE-2022-2849), [CVE-2022-2862](https://nvd.nist.gov/vuln/detail/CVE-2022-2862), [CVE-2022-2874](https://nvd.nist.gov/vuln/detail/CVE-2022-2874), [CVE-2022-2889](https://nvd.nist.gov/vuln/detail/CVE-2022-2889), [CVE-2022-2923](https://nvd.nist.gov/vuln/detail/CVE-2022-2923), [CVE-2022-2946](https://nvd.nist.gov/vuln/detail/CVE-2022-2946), [CVE-2022-2980](https://nvd.nist.gov/vuln/detail/CVE-2022-2980), [CVE-2022-2982](https://nvd.nist.gov/vuln/detail/CVE-2022-2982), [CVE-2022-3016](https://nvd.nist.gov/vuln/detail/CVE-2022-3016), [CVE-2022-3099](https://nvd.nist.gov/vuln/detail/CVE-2022-3099), [CVE-2022-3134](https://nvd.nist.gov/vuln/detail/CVE-2022-3134), [CVE-2022-3153](https://nvd.nist.gov/vuln/detail/CVE-2022-3153), [CVE-2022-3234](https://nvd.nist.gov/vuln/detail/CVE-2022-3234), [CVE-2022-3235](https://nvd.nist.gov/vuln/detail/CVE-2022-3235), [CVE-2022-3278](https://nvd.nist.gov/vuln/detail/CVE-2022-3278), [CVE-2022-3256](https://nvd.nist.gov/vuln/detail/CVE-2022-3256), [CVE-2022-3296](https://nvd.nist.gov/vuln/detail/CVE-2022-3296), [CVE-2022-3297](https://nvd.nist.gov/vuln/detail/CVE-2022-3297), [CVE-2022-3324](https://nvd.nist.gov/vuln/detail/CVE-2022-3324), [CVE-2022-3352](https://nvd.nist.gov/vuln/detail/CVE-2022-3352))<br> - SDK: rust ([CVE-2022-36113](https://nvd.nist.gov/vuln/detail/CVE-2022-36113), [CVE-2022-36114](https://nvd.nist.gov/vuln/detail/CVE-2022-36114))<br><br> #### Bug fixes:<br> <br> - Enabled IOMMU on arm64 kernels, the lack of which prevented some systems from booting ([coreos-overlay#2235](https://github.com/flatcar/coreos-overlay/pull/2235))<br> <br> #### Changes:<br> <br> - Added `CONFIG_NF_CONNTRACK_BRIDGE` (for nf_conntrack_bridge) and `CONFIG_NFT_BRIDGE_META` (for nft_meta_bridge) to the kernel config to allow using conntrack rules for bridges in nftables and to match on bridge interface names ([coreos-overlay#2207](https://github.com/flatcar/coreos-overlay/pull/2207))<br> - Change CONFIG_WIREGUARD kernel option to module to save space on boot partition ([coreos-overlay#2239](https://github.com/flatcar/coreos-overlay/pull/2239))<br> - Disable several arch specific arm64 kernel config options for unsupported platforms to save space on boot partition ([coreos-overlay#2239](https://github.com/flatcar/coreos-overlay/pull/2239))<br> - Switched from `--strip-unneeded` to `--strip-debug` when installing kernel modules, which makes kernel stacktraces more accurate and makes debugging issues easier ([coreos-overlay#2196](https://github.com/flatcar/coreos-overlay/pull/2196))<br> - The flatcar-update tool got two new flags to customize ports used on the host while updating flatcar ([init#81](https://github.com/flatcar/init/pull/81))<br> - Add qemu-guest-agent to all amd64 images, it will be automatically enabled when qemu-ga virtio-port is detected ([coreos-overlay#2240](https://github.com/flatcar/coreos-overlay/pull/2240), [portage-stable#373](https://github.com/flatcar/portage-stable/pull/373))<br> <br> #### Updates:<br> <br> - Linux ([5.15.77](https://lwn.net/Articles/913681) (includes [5.15.76](https://lwn.net/Articles/912997), [5.15.75](https://lwn.net/Articles/912500)))<br> - Linux Firmware ([20221012](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20221012))<br> - Docker ([20.10.20](https://docs.docker.com/engine/release-notes/#201020))<br> - Go ([1.18.7](https://go.dev/doc/devel/release#1.18.7))<br> - OpenSSL ([3.0.7](https://www.openssl.org/news/openssl-3.0-notes.html))<br> - bind tools ([9.16.33](https://gitlab.isc.org/isc-projects/bind9/-/raw/v9_16_33/CHANGES))<br> - bpftool ([5.19.2](https://lwn.net/Articles/904957/))<br> - curl ([7.85](https://curl.se/mail/archive-2022-08/0012.html))<br> - dbus ([1.14.4](https://gitlab.freedesktop.org/dbus/dbus/-/raw/dbus-1.14.4/NEWS))<br> - git ([2.37.3](https://github.com/git/git/blob/v2.37.3/Documentation/RelNotes/2.37.3.txt))<br> - glibc ([2.34](https://sourceware.org/pipermail/libc-alpha/2021-August/129718.html))<br> - libxml2 ([2.10.3](https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3))<br> - logrotate ([3.20.1](https://github.com/logrotate/logrotate/releases/tag/3.20.1))<br> - nmap ([7.93](https://nmap.org/changelog.html#7.93))<br> - pahole ([1.23](https://git.kernel.org/pub/scm/devel/pahole/pahole.git/tag/?h=v1.23))<br> - strace ([5.19](https://github.com/strace/strace/releases/tag/v5.19))<br> - vim ([9.0.0655](https://github.com/vim/vim/releases/tag/v9.0.0655))<br> - wireguard-tools ([1.0.20210914](https://github.com/WireGuard/wireguard-tools/releases/tag/v1.0.20210914))<br> - zlib ([1.2.13](https://github.com/madler/zlib/releases/tag/v1.2.13))<br> - SDK: catalyst ([3.0.21](https://gitweb.gentoo.org/proj/catalyst.git/log/?h=3.0.21))<br> - SDK: cmake ([3.23.3](https://cmake.org/cmake/help/v3.23/release/3.23.html))<br> - SDK: libxslt ([1.1.37](https://gitlab.gnome.org/GNOME/libxslt/-/tags/v1.1.37))<br> - SDK: meson ([0.62.2](https://mesonbuild.com/Release-notes-for-0-62-0.html))<br> - SDK: ninja ([1.11.0](https://groups.google.com/g/ninja-build/c/R2oCyDctDf8/m/-U94Y5I8AgAJ?pli=1))<br> - SDK: Rust ([1.64.0](https://github.com/rust-lang/rust/releases/tag/1.64.0))<br> <br> _Changes since **Alpha 3402.0.1**_<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2022-2602](https://nvd.nist.gov/vuln/detail/CVE-2022-2602), [CVE-2022-3535](https://nvd.nist.gov/vuln/detail/CVE-2022-3535), [CVE-2022-3542](https://nvd.nist.gov/vuln/detail/CVE-2022-3542), [CVE-2022-3565](https://nvd.nist.gov/vuln/detail/CVE-2022-3565), [CVE-2022-3594](https://nvd.nist.gov/vuln/detail/CVE-2022-3594))<br><br> #### Updates:<br> <br> - Linux ([5.15.77](https://lwn.net/Articles/913681) (includes [5.15.76](https://lwn.net/Articles/912997), [5.15.75](https://lwn.net/Articles/912500)))<br> - OpenSSL ([3.0.7](https://www.openssl.org/news/openssl-3.0-notes.html))<br><br>Packages:<br>- containerd 1.6.8<br>- docker 20.10.20<br>- ignition 2.14.0<br>- kernel 5.15.77<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-11-09T12:52:43+00:00 @@ -166,7 +174,7 @@ https://github.com/flatcar/scripts/releases/tag/beta-3374.1.1 3374.1.1 - 2023-10-25T10:20:36.021934+00:00 + 2023-11-22T09:59:25.743063+00:00 _Changes since **Beta 3374.1.0**_<br> <br>#### Security fixes:<br> - OpenSSL ([CVE-2022-3602](https://nvd.nist.gov/vuln/detail/CVE-2022-3602), [CVE-2022-3786](https://nvd.nist.gov/vuln/detail/CVE-2022-3786))<br><br>Packages:<br>- containerd 1.6.8<br>- docker 20.10.18<br>- ignition 2.14.0<br>- kernel 5.15.74<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-11-01T13:15:45+00:00 @@ -174,7 +182,7 @@ https://github.com/flatcar/scripts/releases/tag/beta-3374.1.0 3374.1.0 - 2023-10-25T10:20:36.017568+00:00 + 2023-11-22T09:59:25.738617+00:00 New **Beta** Release **3374.1.0**<br><br>_Changes since **Beta 3346.1.0**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-2308](https://nvd.nist.gov/vuln/detail/CVE-2022-2308), [CVE-2022-40768](https://nvd.nist.gov/vuln/detail/CVE-2022-40768), [CVE-2022-41674](https://nvd.nist.gov/vuln/detail/CVE-2022-41674), [CVE-2022-42719](https://nvd.nist.gov/vuln/detail/CVE-2022-42719), [CVE-2022-42720](https://nvd.nist.gov/vuln/detail/CVE-2022-42720), [CVE-2022-42721](https://nvd.nist.gov/vuln/detail/CVE-2022-42721), [CVE-2022-42722](https://nvd.nist.gov/vuln/detail/CVE-2022-42722))<br>- Docker ([CVE-2022-36109](https://nvd.nist.gov/vuln/detail/CVE-2022-36109))<br>- GNU Libtasn1 ([Gentoo#866237](https://bugs.gentoo.org/866237))<br>- intel-microcode ([CVE-2022-21233](https://nvd.nist.gov/vuln/detail/CVE-2022-21233))<br>- libxml2 ([CVE-2016-3709](https://nvd.nist.gov/vuln/detail/CVE-2016-3709), [CVE-2022-2309](https://nvd.nist.gov/vuln/detail/CVE-2022-2309))<br>- polkit ([CVE-2021-4115](https://nvd.nist.gov/vuln/detail/CVE-2021-4115))<br>- rsync ([CVE-2022-29154](https://nvd.nist.gov/vuln/detail/CVE-2022-29154))<br>- unzip ([CVE-2022-0529](https://nvd.nist.gov/vuln/detail/CVE-2022-0529), [CVE-2022-0530](https://nvd.nist.gov/vuln/detail/CVE-2022-0530), [CVE-2021-4217](https://nvd.nist.gov/vuln/detail/CVE-2021-4217))<br>- zlib ([CVE-2022-37434](https://nvd.nist.gov/vuln/detail/CVE-2022-37434))<br><br>#### Changes:<br><br>- OpenStack: enabled `coreos-metadata-sshkeys@.service` to provision SSH keys from metadata. ([Flatcar#817](https://github.com/flatcar/Flatcar/issues/817), [coreos-overlay#2246](https://github.com/flatcar/coreos-overlay/pull/2246))<br><br>#### Updates:<br><br>- Linux ([5.15.74](https://lwn.net/Articles/911275/) (includes [5.15.71](https://lwn.net/Articles/909679), [5.15.72](https://lwn.net/Articles/910398), [5.15.73](https://lwn.net/Articles/910957)))<br>- Linux Firmware ([20220913](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20220913))<br>- ca-certificates ([3.84](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_84.html))<br>- Docker ([20.10.18](https://docs.docker.com/engine/release-notes/#201018))<br>- GNU Libtasn1 ([4.19.0](https://lists.gnu.org/archive/html/help-libtasn1/2022-08/msg00001.html))<br>- intel-microcode ([20220809](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20220809))<br>- libxml2 ([2.10.2](https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.2))<br>- polkit ([121](https://gitlab.freedesktop.org/polkit/polkit/-/commit/827b0ddac5b1ef00a47fca4526fcf057bee5f1db))<br>- rsync ([3.2.6](https://github.com/WayneD/rsync/releases/tag/v3.2.6))<br>- runc ([1.1.4](https://github.com/opencontainers/runc/releases/tag/v1.1.4))<br>- unzip ([6.0_p27](https://metadata.ftp-master.debian.org/changelogs//main/u/unzip/unzip_6.0-27_changelog))<br>- SDK: libxslt ([1.1.35](https://gitlab.gnome.org/GNOME/libxslt/-/tags/v1.1.35))<br><br>_Changes since **Alpha 3374.0.0**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-2308](https://nvd.nist.gov/vuln/detail/CVE-2022-2308), [CVE-2022-40768](https://nvd.nist.gov/vuln/detail/CVE-2022-40768), [CVE-2022-41674](https://nvd.nist.gov/vuln/detail/CVE-2022-41674), [CVE-2022-42719](https://nvd.nist.gov/vuln/detail/CVE-2022-42719), [CVE-2022-42720](https://nvd.nist.gov/vuln/detail/CVE-2022-42720), [CVE-2022-42721](https://nvd.nist.gov/vuln/detail/CVE-2022-42721), [CVE-2022-42722](https://nvd.nist.gov/vuln/detail/CVE-2022-42722))<br><br>#### Changes:<br><br>- OpenStack: enabled `coreos-metadata-sshkeys@.service` to provision SSH keys from metadata. ([Flatcar#817](https://github.com/flatcar/Flatcar/issues/817), [coreos-overlay#2246](https://github.com/flatcar/coreos-overlay/pull/2246))<br><br>#### Updates:<br><br>- Linux ([5.15.74](https://lwn.net/Articles/911275/) (includes [5.15.71](https://lwn.net/Articles/909679), [5.15.72](https://lwn.net/Articles/910398), [5.15.73](https://lwn.net/Articles/910957)))<br>- ca-certificates ([3.84](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_84.html))<br>Packages:<br>- containerd 1.6.8<br>- docker 20.10.18<br>- ignition 2.14.0<br>- kernel 5.15.74<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-10-26T09:26:18+00:00 @@ -182,7 +190,7 @@ https://github.com/flatcar/scripts/releases/tag/beta-3346.1.0 3346.1.0 - 2023-10-25T10:20:36.010709+00:00 + 2023-11-22T09:59:25.731732+00:00 _Changes since **Beta 3277.1.2**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-0171](https://nvd.nist.gov/vuln/detail/CVE-2022-0171), [CVE-2022-2663](https://nvd.nist.gov/vuln/detail/CVE-2022-2663), [CVE-2022-2905](https://nvd.nist.gov/vuln/detail/CVE-2022-2905), [CVE-2022-3028](https://nvd.nist.gov/vuln/detail/CVE-2022-3028), [CVE-2022-3061](https://nvd.nist.gov/vuln/detail/CVE-2022-3061), [CVE-2022-3176](https://nvd.nist.gov/vuln/detail/CVE-2022-3176), [CVE-2022-3303](https://nvd.nist.gov/vuln/detail/CVE-2022-3303), [CVE-2022-39190](https://nvd.nist.gov/vuln/detail/CVE-2022-39190), [CVE-2022-39842](https://nvd.nist.gov/vuln/detail/CVE-2022-39842), [CVE-2022-40307](https://nvd.nist.gov/vuln/detail/CVE-2022-40307))<br>- Go ([CVE-2022-27664](https://nvd.nist.gov/vuln/detail/CVE-2022-27664), [CVE-2022-32190](https://nvd.nist.gov/vuln/detail/CVE-2022-32190), ([CVE-2022-32189](https://nvd.nist.gov/vuln/detail/CVE-2022-32189)))<br>- binutils ([CVE-2021-45078](https://nvd.nist.gov/vuln/detail/CVE-2021-45078))<br>- cifs-utils ([CVE-2022-27239](https://nvd.nist.gov/vuln/detail/CVE-2022-27239), [CVE-2022-29869](https://nvd.nist.gov/vuln/detail/CVE-2022-29869))<br>- curl ([CVE-2022-32205](https://nvd.nist.gov/vuln/detail/CVE-2022-32205), [CVE-2022-32206](https://nvd.nist.gov/vuln/detail/CVE-2022-32206), [CVE-2022-32207](https://nvd.nist.gov/vuln/detail/CVE-2022-32207), [CVE-2022-32208](https://nvd.nist.gov/vuln/detail/CVE-2022-32208))<br>- expat ([CVE-2022-40674](https://nvd.nist.gov/vuln/detail/CVE-2022-40674))<br>- git ([CVE-2022-29187](https://nvd.nist.gov/vuln/detail/CVE-2022-29187))<br>- gnupg ([CVE-2022-34903](https://nvd.nist.gov/vuln/detail/CVE-2022-34903))<br>- gnutls ([CVE-2022-2509](https://nvd.nist.gov/vuln/detail/CVE-2022-2509))<br>- libtirpc ([CVE-2021-46828](https://nvd.nist.gov/vuln/detail/CVE-2021-46828))<br>- oniguruma ([oniguruma-20220430](https://bugs.gentoo.org/841893))<br>- open-vm-tools ([CVE-2022-31676](https://nvd.nist.gov/vuln/detail/CVE-2022-31676))<br>- shadow ([CVE-2013-4235](https://nvd.nist.gov/vuln/detail/CVE-2013-4235))<br>- vim ([CVE-2022-0629](https://nvd.nist.gov/vuln/detail/CVE-2022-0629), [CVE-2022-0685](https://nvd.nist.gov/vuln/detail/CVE-2022-0685), [CVE-2022-0714](https://nvd.nist.gov/vuln/detail/CVE-2022-0714), [CVE-2022-0729](https://nvd.nist.gov/vuln/detail/CVE-2022-0729), [CVE-2022-0943](https://nvd.nist.gov/vuln/detail/CVE-2022-0943), [CVE-2022-1154](https://nvd.nist.gov/vuln/detail/CVE-2022-1154), [CVE-2022-1160](https://nvd.nist.gov/vuln/detail/CVE-2022-1160), [CVE-2022-1381](https://nvd.nist.gov/vuln/detail/CVE-2022-1381), [CVE-2022-1420](https://nvd.nist.gov/vuln/detail/CVE-2022-1420), [CVE-2022-1616](https://nvd.nist.gov/vuln/detail/CVE-2022-1616), [CVE-2022-1619](https://nvd.nist.gov/vuln/detail/CVE-2022-1619), [CVE-2022-1620](https://nvd.nist.gov/vuln/detail/CVE-2022-1620), [CVE-2022-1621](https://nvd.nist.gov/vuln/detail/CVE-2022-1621), [CVE-2022-1629](https://nvd.nist.gov/vuln/detail/CVE-2022-1629), [CVE-2022-1674](https://nvd.nist.gov/vuln/detail/CVE-2022-1674), [CVE-2022-1733](https://nvd.nist.gov/vuln/detail/CVE-2022-1733), [CVE-2022-1735](https://nvd.nist.gov/vuln/detail/CVE-2022-1735), [CVE-2022-1769](https://nvd.nist.gov/vuln/detail/CVE-2022-1769), [CVE-2022-1771](https://nvd.nist.gov/vuln/detail/CVE-2022-1771), [CVE-2022-1785](https://nvd.nist.gov/vuln/detail/CVE-2022-1785), [CVE-2022-1796](https://nvd.nist.gov/vuln/detail/CVE-2022-1796), [CVE-2022-1897](https://nvd.nist.gov/vuln/detail/CVE-2022-1897), [CVE-2022-1898](https://nvd.nist.gov/vuln/detail/CVE-2022-1898), [CVE-2022-1886](https://nvd.nist.gov/vuln/detail/CVE-2022-1886), [CVE-2022-1851](https://nvd.nist.gov/vuln/detail/CVE-2022-1851), [CVE-2022-1927](https://nvd.nist.gov/vuln/detail/CVE-2022-1927), [CVE-2022-1942](https://nvd.nist.gov/vuln/detail/CVE-2022-1942), [CVE-2022-1968](https://nvd.nist.gov/vuln/detail/CVE-2022-1968), [CVE-2022-2000](https://nvd.nist.gov/vuln/detail/CVE-2022-2000))<br><br>#### Bug fixes:<br><br>- Added back `gettext` to the OS ([Flatcar#849](https://github.com/flatcar-linux/Flatcar/issues/849))<br>- Added merging of Ignition systemd duplicated units when auto-translating from Ignition 2 to Ignition 3. ([coreos-overlay#2187](https://github.com/flatcar/coreos-overlay/pull/2187))<br>- Equinix Metal: Fixed serial console settings for the `m3.small.x86` instance by expanding the GRUB check for `i386` to `x86_64` ([coreos-overlay#2122](https://github.com/flatcar-linux/coreos-overlay/pull/2122))<br>- Removed outdated LTS channel information printed on login ([init#75](https://github.com/flatcar-linux/init/pull/75))<br><br>#### Changes:<br><br>- Added symlink from `nc` to `ncat`. `-q` option is [not yet supported](https://github.com/nmap/nmap/issues/2422) ([flatcar#545](https://github.com/flatcar-linux/Flatcar/issues/545))<br>- emerge-gitclone: Migrate emerge-gitclone to use scripts repo tags and submodule refs<br><br>#### Updates:<br><br>- Linux ([5.15.70](https://lwn.net/Articles/909212) (includes [5.15.69](https://lwn.net/Articles/908782), [5.15.68](https://lwn.net/Articles/908140), [5.15.67](https://lwn.net/Articles/907526), [5.15.66](https://lwn.net/Articles/907524), [5.15.65](https://lwn.net/Articles/907204), [5.15.64](https://lwn.net/Articles/906630), [5.15.51](https://lwn.net/Articles/899370)))<br>- Linux Firmware ([20220815](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20220815) (includes [20220708](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20220708)))<br>- Go ([1.18.6](https://go.dev/doc/devel/release#go1.18.6))<br>- adcli ([0.9.1](https://gitlab.freedesktop.org/realmd/adcli/-/releases#0.9.1))<br>- automake ([1.16.5](https://savannah.gnu.org/forum/forum.php?forum_id=10055))<br>- binutils ([2.38](https://lwn.net/Articles/884264/))<br>- bison ([3.8.2](https://lists.gnu.org/archive/html/bug-bison/2021-09/msg00056.html))<br>- boost ([1.79](https://www.boost.org/users/history/version_1_79_0.html))<br>- ca-certificates ([3.83](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_83.html))<br>- cifs-utils ([6.15](https://lists.samba.org/archive/samba-technical/2022-April/137335.html))<br>- containerd ([1.6.8](https://github.com/containerd/containerd/releases/tag/v1.6.8) (includes [1.6.7](https://github.com/containerd/containerd/releases/tag/v1.6.7)))<br>- curl ([7.84.0](https://github.com/curl/curl/releases/tag/curl-7_84_0))<br>- Cyrus SASL ([2.1.28](https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28))<br>- expat ([2.4.9](https://github.com/libexpat/libexpat/blob/R_2_4_9/expat/Changes))<br>- gcc ([11.3.0](https://gcc.gnu.org/gcc-11/changes.html))<br>- gdb ([11.2](https://lists.gnu.org/archive/html/info-gnu/2022-01/msg00009.html))<br>- gettext ([0.21](https://www.gnu.org/software/gettext/))<br>- git ([2.37.1](https://github.com/git/git/blob/v2.37.1/Documentation/RelNotes/2.37.1.txt))<br>- glib ([2.72.3](https://gitlab.gnome.org/GNOME/glib/-/tags/2.73.3))<br>- gnupg ([2.2.35](https://dev.gnupg.org/T5928))<br>- gnutls ([3.7.7](https://gitlab.com/gnutls/gnutls/-/tags/3.7.7))<br>- libtool ([2.4.7](https://savannah.gnu.org/forum/forum.php?forum_id=10139))<br>- locksmith([0.7.0](https://github.com/flatcar/locksmith/blob/v0.7.0/CHANGELOG.md#v070--30112021))<br>- oniguruma ([6.9.8](https://github.com/kkos/oniguruma/releases/tag/v6.9.8))<br>- perl ([5.34.1](https://perldoc.perl.org/5.34.1/perldelta))<br>- pkgconf ([1.8.0](https://gitea.treehouse.systems/ariadne/pkgconf/src/tag/pkgconf-1.8.0/NEWS))<br>- shadow ([4.12.3](https://github.com/shadow-maint/shadow/releases/tag/4.12.3))<br>- sudo ([1.9.10](https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_10))<br>- vim ([8.2.5066](https://github.com/vim/vim/releases/tag/v8.2.5066))<br>- SDK: Rust ([1.63.0](https://github.com/rust-lang/rust/releases/tag/1.63.0) (includes [1.62.1](https://github.com/rust-lang/rust/releases/tag/1.62.1), [1.62.0](https://github.com/rust-lang/rust/releases/tag/1.62.0)))<br>- VMware: open-vm-tools ([12.1.0](https://github.com/vmware/open-vm-tools/releases/tag/stable-12.1.0))<br><br>_Changes since **Alpha 3346.0.0**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-0171](https://nvd.nist.gov/vuln/detail/CVE-2022-0171), [CVE-2022-2663](https://nvd.nist.gov/vuln/detail/CVE-2022-2663), [CVE-2022-2905](https://nvd.nist.gov/vuln/detail/CVE-2022-2905), [CVE-2022-3028](https://nvd.nist.gov/vuln/detail/CVE-2022-3028), [CVE-2022-3061](https://nvd.nist.gov/vuln/detail/CVE-2022-3061), [CVE-2022-3176](https://nvd.nist.gov/vuln/detail/CVE-2022-3176), [CVE-2022-3303](https://nvd.nist.gov/vuln/detail/CVE-2022-3303), [CVE-2022-39190](https://nvd.nist.gov/vuln/detail/CVE-2022-39190), [CVE-2022-39842](https://nvd.nist.gov/vuln/detail/CVE-2022-39842), [CVE-2022-40307](https://nvd.nist.gov/vuln/detail/CVE-2022-40307))<br>- Go ([CVE-2022-27664](https://nvd.nist.gov/vuln/detail/CVE-2022-27664), [CVE-2022-32190](https://nvd.nist.gov/vuln/detail/CVE-2022-32190))<br>- expat ([CVE-2022-40674](https://nvd.nist.gov/vuln/detail/CVE-2022-40674))<br><br>#### Bug fixes:<br><br>- Added back `gettext` to the OS ([Flatcar#849](https://github.com/flatcar-linux/Flatcar/issues/849))<br>- Added merging of Ignition systemd duplicated units when auto-translating from Ignition 2 to Ignition 3. ([coreos-overlay#2187](https://github.com/flatcar/coreos-overlay/pull/2187))<br>- Equinix Metal: Fixed serial console settings for the `m3.small.x86` instance by expanding the GRUB check for `i386` to `x86_64` ([coreos-overlay#2122](https://github.com/flatcar-linux/coreos-overlay/pull/2122))<br><br>#### Changes:<br><br>- emerge-gitclone: Migrate emerge-gitclone to use scripts repo tags and submodule refs<br><br>#### Updates:<br><br>- Linux ([5.15.70](https://lwn.net/Articles/909212) (includes [5.15.69](https://lwn.net/Articles/908782), [5.15.68](https://lwn.net/Articles/908140), [5.15.67](https://lwn.net/Articles/907526), [5.15.66](https://lwn.net/Articles/907524), [5.15.65](https://lwn.net/Articles/907204), [5.15.64](https://lwn.net/Articles/906630)))<br>- Go ([1.18.6](https://go.dev/doc/devel/release#go1.18.6))<br>- ca-certificates ([3.83](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_83.html))<br>- gettext ([0.21](https://www.gnu.org/software/gettext/))<br>- locksmith([0.7.0](https://github.com/flatcar/locksmith/blob/v0.7.0/CHANGELOG.md#v070--30112021))<br>- expat ([2.4.9](https://github.com/libexpat/libexpat/blob/R_2_4_9/expat/Changes))<br><br>Packages:<br>- containerd 1.6.8<br>- docker 20.10.17<br>- ignition 2.14.0<br>- kernel 5.15.70<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-10-04T12:19:52+00:00 @@ -190,7 +198,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3277.1.2 3277.1.2 - 2023-10-25T10:20:35.999973+00:00 + 2023-11-22T09:59:25.720986+00:00 _Changes since **Beta 3277.1.1**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-1679](https://nvd.nist.gov/vuln/detail/CVE-2022-1679), [CVE-2022-2585](https://nvd.nist.gov/vuln/detail/CVE-2022-2585), [CVE-2022-2586](https://nvd.nist.gov/vuln/detail/CVE-2022-2586), [CVE-2022-2588](https://nvd.nist.gov/vuln/detail/CVE-2022-2588), [CVE-2022-26373](https://nvd.nist.gov/vuln/detail/CVE-2022-26373), [CVE-2022-36946](https://nvd.nist.gov/vuln/detail/CVE-2022-36946))<br><br>#### Bug fixes:<br><br>- AWS: added EKS support for version 1.22 and 1.23. ([coreos-overlay#2110](https://github.com/flatcar/coreos-overlay/pull/2110), [Flatcar#829](https://github.com/flatcar/Flatcar/issues/829))<br>- VMWare: excluded `wireguard` (and others) from `systemd-networkd` management. ([init#80](https://github.com/flatcar/init/pull/80))<br><br>#### Changes:<br><br>- The new image signing subkey was added to the public key embedded into `flatcar-install` (the old expired on 10th August 2022), only an updated `flatcar-install` script can verify releases signed with the new key ([init#79](https://github.com/flatcar/init/pull/79))<br>- AWS: Added AWS IMDSv2 support to coreos-cloudinit ([flatcar-linux/coreos-cloudinit#13](https://github.com/flatcar/coreos-cloudinit/pull/13))<br><br>#### Updates:<br><br>- Linux ([5.15.63](https://lwn.net/Articles/906061) (includes [5.15.62](https://lwn.net/Articles/905533), [5.15.61](https://lwn.net/Articles/904959), [5.15.60](https://lwn.net/Articles/904461), [5.15.59](https://lwn.net/Articles/903688))<br>- ca-certificates ([3.82](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_82.html))<br><br>Packages:<br>- containerd 1.6.6<br>- docker 20.10.17<br>- ignition 2.14.0<br>- kernel 5.15.63<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-09-01T13:01:56+00:00 @@ -198,7 +206,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3277.1.1 3277.1.1 - 2023-10-25T10:20:35.994615+00:00 + 2023-11-22T09:59:25.715531+00:00 New Beta Release 3277.1.1<br><br>Changes since Beta 3277.1.0<br><br>## Security fixes:<br><br>- Linux ([CVE-2022-23816](https://nvd.nist.gov/vuln/detail/CVE-2022-23816), [CVE-2022-23825](https://nvd.nist.gov/vuln/detail/CVE-2022-23825), [CVE-2022-29900](https://nvd.nist.gov/vuln/detail/CVE-2022-29900), [CVE-2022-29901](https://nvd.nist.gov/vuln/detail/CVE-2022-29901))<br><br>## Bug fixes:<br><br>- Added support for Openstack for cloud-init activation ([flatcar-linux/init#76](https://github.com/flatcar/init/pull/76))<br>- Excluded Wireguard interface from `systemd-networkd` default management ([Flatcar#808](https://github.com/flatcar/Flatcar/issues/808))<br>- Fixed `/etc/resolv.conf` symlink by pointing it at `resolv.conf` instead of `stub-resolv.conf`. This bug was present since the update to systemd v250 ([coreos-overlay#2057](https://github.com/flatcar/coreos-overlay/pull/2057))<br>- Fixed excluded interface type from default systemd-networkd configuration ([flatcar-linux/init#78](https://github.com/flatcar/init/pull/78))<br>- Fixed space escaping in the `networkd` Ignition translation ([Flatcar#812](https://github.com/flatcar/Flatcar/issues/812))<br><br>## Changes:<br><br><br>## Updates:<br><br>- Linux ([5.15.58](https://lwn.net/Articles/902917) (includes [5.15.57](https://lwn.net/Articles/902317), [5.15.56](https://lwn.net/Articles/902101)))<br>- ca-certificates ([3.81](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_81.html))<br><br>Packages:<br>- containerd 1.6.6<br>- docker 20.10.17<br>- ignition 2.14.0<br>- kernel 5.15.58<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-08-04T12:08:33+00:00 @@ -206,7 +214,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3277.1.0 3277.1.0 - 2023-10-25T10:20:35.989260+00:00 + 2023-11-22T09:59:25.710172+00:00 New **Beta** Release **3277.1.0**<br><br>_Changes since **Alpha 3277.0.0**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2021-33655](https://nvd.nist.gov/vuln/detail/CVE-2021-33655), [CVE-2022-2318](https://nvd.nist.gov/vuln/detail/CVE-2022-2318), [CVE-2022-26365](https://nvd.nist.gov/vuln/detail/CVE-2022-26365), [CVE-2022-33740](https://nvd.nist.gov/vuln/detail/CVE-2022-33740), [CVE-2022-33741](https://nvd.nist.gov/vuln/detail/CVE-2022-33741), [CVE-2022-33742](https://nvd.nist.gov/vuln/detail/CVE-2022-33742), [CVE-2022-33743](https://nvd.nist.gov/vuln/detail/CVE-2022-33743), [CVE-2022-33744](https://nvd.nist.gov/vuln/detail/CVE-2022-33744), [CVE-2022-34918](https://nvd.nist.gov/vuln/detail/CVE-2022-34918))<br>- Go ([CVE-2022-1705](https://nvd.nist.gov/vuln/detail/CVE-2022-1705), [CVE-2022-1962](https://nvd.nist.gov/vuln/detail/CVE-2022-1962), [CVE-2022-28131](https://nvd.nist.gov/vuln/detail/CVE-2022-28131), [CVE-2022-30630](https://nvd.nist.gov/vuln/detail/CVE-2022-30630), [CVE-2022-30631](https://nvd.nist.gov/vuln/detail/CVE-2022-30631), [CVE-2022-30632](https://nvd.nist.gov/vuln/detail/CVE-2022-30632), [CVE-2022-30633](https://nvd.nist.gov/vuln/detail/CVE-2022-30633), [CVE-2022-30635](https://nvd.nist.gov/vuln/detail/CVE-2022-30635), [CVE-2022-32148](https://nvd.nist.gov/vuln/detail/CVE-2022-32148))<br><br>#### Bug fixes:<br><br>- The Ignition v3 kargs directive failed before when used with the generic image where no `grub.cfg` exists, this was fixed by creating it first ([bootengine#47](https://github.com/flatcar/bootengine/pull/47))<br><br>#### Updates:<br>- Linux ([5.15.55](https://lwn.net/Articles/901380) (includes [5.15.54](https://lwn.net/Articles/900911), [5.15.53](https://lwn.net/Articles/900321), [5.15.52](https://lwn.net/Articles/899788), [5.15.51](https://lwn.net/Articles/899370), [5.15.50](https://lwn.net/Articles/899091), [5.15.49](https://lwn.net/Articles/898622)))<br>- ca-certificates ([3.80](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_80.html))<br>- Go ([1.18.4](https://go.dev/doc/devel/release#go1.18.4))<br><br><br><br>_Changes since **Beta 3227.1.1**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2021-33655](https://nvd.nist.gov/vuln/detail/CVE-2021-33655), [CVE-2022-2318](https://nvd.nist.gov/vuln/detail/CVE-2022-2318), [CVE-2022-26365](https://nvd.nist.gov/vuln/detail/CVE-2022-26365), [CVE-2022-33740](https://nvd.nist.gov/vuln/detail/CVE-2022-33740), [CVE-2022-33741](https://nvd.nist.gov/vuln/detail/CVE-2022-33741), [CVE-2022-33742](https://nvd.nist.gov/vuln/detail/CVE-2022-33742), [CVE-2022-33743](https://nvd.nist.gov/vuln/detail/CVE-2022-33743), [CVE-2022-33744](https://nvd.nist.gov/vuln/detail/CVE-2022-33744), [CVE-2022-34918](https://nvd.nist.gov/vuln/detail/CVE-2022-34918))<br>- curl ([CVE-2022-22576](https://nvd.nist.gov/vuln/detail/CVE-2022-22576), [CVE-2022-27774](https://nvd.nist.gov/vuln/detail/CVE-2022-27774), [CVE-2022-27775](https://nvd.nist.gov/vuln/detail/CVE-2022-27775), [CVE-2022-27776](https://nvd.nist.gov/vuln/detail/CVE-2022-27776), [CVE-2022-27778](https://nvd.nist.gov/vuln/detail/CVE-2022-27778), [CVE-2022-27779](https://nvd.nist.gov/vuln/detail/CVE-2022-27779), [CVE-2022-27780](https://nvd.nist.gov/vuln/detail/CVE-2022-27780), [CVE-2022-27781](https://nvd.nist.gov/vuln/detail/CVE-2022-27781), [CVE-2022-27782](https://nvd.nist.gov/vuln/detail/CVE-2022-27782), [CVE-2022-30115](https://nvd.nist.gov/vuln/detail/CVE-2022-30115))<br>- docker ([CVE-2022-29526](https://nvd.nist.gov/vuln/detail/CVE-2022-29526))<br>- git ([CVE-2022-24765](https://nvd.nist.gov/vuln/detail/CVE-2022-24765))<br>- go ([CVE-2022-1705](https://nvd.nist.gov/vuln/detail/CVE-2022-1705), [CVE-2022-1962](https://nvd.nist.gov/vuln/detail/CVE-2022-1962), [CVE-2022-28131](https://nvd.nist.gov/vuln/detail/CVE-2022-28131), [CVE-2022-30630](https://nvd.nist.gov/vuln/detail/CVE-2022-30630), [CVE-2022-30631](https://nvd.nist.gov/vuln/detail/CVE-2022-30631), [CVE-2022-30632](https://nvd.nist.gov/vuln/detail/CVE-2022-30632), [CVE-2022-30633](https://nvd.nist.gov/vuln/detail/CVE-2022-30633), [CVE-2022-30635](https://nvd.nist.gov/vuln/detail/CVE-2022-30635), [CVE-2022-32148](https://nvd.nist.gov/vuln/detail/CVE-2022-32148), [CVE-2022-29526](https://nvd.nist.gov/vuln/detail/CVE-2022-29526))<br>- ignition ([CVE-2022-1706](https://nvd.nist.gov/vuln/detail/CVE-2022-1706))<br>- intel-microcode ([CVE-2022-21151](https://nvd.nist.gov/vuln/detail/CVE-2022-21151)) <br>- libxml2 ([CVE-2022-29824](https://nvd.nist.gov/vuln/detail/CVE-2022-29824))<br>- ncurses ([CVE-2022-29458](https://nvd.nist.gov/vuln/detail/CVE-2022-29458))<br>- openssl ([CVE-2022-1292](https://nvd.nist.gov/vuln/detail/CVE-2022-1292), [CVE-2022-1343](https://nvd.nist.gov/vuln/detail/CVE-2022-1343), [CVE-2022-1434](https://nvd.nist.gov/vuln/detail/CVE-2022-1434), [CVE-2022-1473](https://nvd.nist.gov/vuln/detail/CVE-2022-1473))<br>- rsync ([CVE-2018-25032](https://nvd.nist.gov/vuln/detail/CVE-2018-25032))<br>- runc ([CVE-2022-29162](https://nvd.nist.gov/vuln/detail/CVE-2022-29162))<br>- torcx ([CVE-2022-27191](https://nvd.nist.gov/vuln/detail/CVE-2022-27191))<br>- SDK: qemu ([CVE-2021-20203](https://nvd.nist.gov/vuln/detail/CVE-2021-20203), [CVE-2021-3713](https://nvd.nist.gov/vuln/detail/CVE-2021-3713), [CVE-2021-3930](https://nvd.nist.gov/vuln/detail/CVE-2021-3930), [CVE-2021-3947](https://nvd.nist.gov/vuln/detail/CVE-2021-3947), [CVE-2021-4145](https://nvd.nist.gov/vuln/detail/CVE-2021-4145), [CVE-2022-26353](https://nvd.nist.gov/vuln/detail/CVE-2022-26353), [CVE-2022-26354](https://nvd.nist.gov/vuln/detail/CVE-2022-26354))<br><br>#### Bug fixes:<br><br>- The Ignition v3 kargs directive failed before when used with the generic image where no `grub.cfg` exists, this was fixed by creating it first ([bootengine#47](https://github.com/flatcar/bootengine/pull/47))<br><br>#### Changes:<br><br>- Added efibootmgr binary to the image ([coreos-overlay#1955](https://github.com/flatcar/coreos-overlay/pull/1955))<br>- Added VMware networking configuration in the initramfs via guestinfo settings ([bootengine#44](https://github.com/flatcar/bootengine/pull/44), [flatcar#717](https://github.com/flatcar/Flatcar/issues/717))<br>- Enabled `containerd.service` unit, `br_netfilter` and `overlay` modules by default to follow Kubernetes requirements ([coreos-overlay#1944](https://github.com/flatcar/coreos-overlay/pull/1944), [init#72](https://github.com/flatcar/init/pull/72))<br>- flatcar-install: Added option to create UEFI boot entry ([init#74](https://github.com/flatcar/init/pull/74))<br>- VMWare: Added `ignition-delete-config.service` to remove Ignition config from VM metadata, see also [here](https://coreos.github.io/ignition/operator-notes/#automatic-config-deletion) ([coreos-overlay#1948](https://github.com/flatcar/coreos-overlay/pull/1948))<br><br>#### Updates:<br><br>- Linux ([5.15.55](https://lwn.net/Articles/901380) (includes [5.15.54](https://lwn.net/Articles/900911), [5.15.53](https://lwn.net/Articles/900321), [5.15.52](https://lwn.net/Articles/899788), [5.15.51](https://lwn.net/Articles/899370), [5.15.50](https://lwn.net/Articles/899091), [5.15.49](https://lwn.net/Articles/898622)))<br>- Linux Firmware ([20220610](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20220610))<br>- Docker ([20.10.17](https://docs.docker.com/engine/release-notes/#201017))<br>- Go ([1.18.4](https://go.dev/doc/devel/release#go1.18.4))<br>- ca-certificates ([3.80](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_80.html))<br>- curl [7.83.1](https://curl.se/mail/lib-2022-05/0010.html)<br>- dbus ([1.12.22](https://gitlab.freedesktop.org/dbus/dbus/-/blob/177ab044bc87cbc4ded75d21b900795a6fefef76/NEWS))<br>- e2fsprogs ([1.46.5](http://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.46.5))<br>- gdbm ([1.22](https://lists.gnu.org/archive/html/info-gnu/2021-10/msg00006.html))<br>- git ([2.35.3](https://github.com/git/git/blob/v2.35.3/Documentation/RelNotes/2.35.3.txt))<br>- ignition ([2.14.0](https://github.com/coreos/ignition/releases/tag/v2.14.0))<br>- intel-microcode ([20220510](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20220510)) <br>- ldb ([2.4.1](https://gitlab.com/samba-team/samba/-/commit/a795e0c84597aa045d011e663dbad3cdabf0f1e6))<br>- libxml2 ([2.9.14](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.9.14))<br>- ncurses ([6.3_p20220423](https://lists.gnu.org/archive/html/info-gnu/2021-11/msg00001.html))<br>- open-vm-tools ([12.0.5](https://github.com/vmware/open-vm-tools/releases/tag/stable-12.0.5))<br>- openssl ([3.0.3](https://www.openssl.org/news/changelog.html#openssl-30))<br>- python ([3.9.12](https://www.python.org/downloads/release/python-3912/))<br>- rsync ([3.2.4](https://download.samba.org/pub/rsync/NEWS.html#3.2.4))<br>- runc ([1.1.3](https://github.com/opencontainers/runc/releases/tag/v1.1.3))<br>- samba ([4.15.4](https://www.samba.org/samba/history/samba-4.15.4.html))<br>- sqlite ([3.38.1](https://www.sqlite.org/releaselog/3_38_1.html))<br>- talloc ([2.3.3](https://gitlab.com/samba-team/samba/-/commit/bc1ee7ca0640f0136e5af7dcc4ca8ed0a5893053))<br>- tevent ([0.11.0](https://gitlab.com/samba-team/samba/-/commit/de4e8a1af9564f6056f9af90867c2f013449051c))<br>- new: acpid ([2.0.33](https://sourceforge.net/p/acpid2/code/ci/2.0.33/tree/Changelog))<br>- OEM: distro ([1.7.0](https://github.com/python-distro/distro/releases/tag/v1.7.0))<br>- OEM: python ([3.9.12](https://www.python.org/downloads/release/python-3912/))<br>- SDK: qemu ([7.0.0](https://wiki.qemu.org/ChangeLog/7.0))<br>- SDK: Rust ([1.61.0](https://github.com/rust-lang/rust/releases/tag/1.61.0))<br>Packages:<br>- containerd 1.6.6<br>- docker 20.10.17<br>- ignition 2.14.0<br>- kernel 5.15.55<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-07-21T15:29:48+00:00 @@ -214,7 +222,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3227.1.1 3227.1.1 - 2023-10-25T10:20:35.979045+00:00 + 2023-11-22T09:59:25.699938+00:00 New **Beta** Release **3227.1.1**<br><br>Changes since **Beta 3227.1.0**<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-1789](https://nvd.nist.gov/vuln/detail/CVE-2022-1789), [CVE-2022-1852](https://nvd.nist.gov/vuln/detail/CVE-2022-1852), [CVE-2022-1972](https://nvd.nist.gov/vuln/detail/CVE-2022-1972), [CVE-2022-1973](https://nvd.nist.gov/vuln/detail/CVE-2022-1973), [CVE-2022-2078](https://nvd.nist.gov/vuln/detail/CVE-2022-2078), [CVE-2022-32250](https://nvd.nist.gov/vuln/detail/CVE-2022-32250), [CVE-2022-32981](https://nvd.nist.gov/vuln/detail/CVE-2022-32981))<br>- containerd ([CVE-2022-31030](https://nvd.nist.gov/vuln/detail/CVE-2022-31030))<br>- libpcre2 ([CVE-2022-1586](https://nvd.nist.gov/vuln/detail/CVE-2022-1586), [CVE-2022-1587](https://nvd.nist.gov/vuln/detail/CVE-2022-1587))<br><br>#### Changes:<br><br>- ARM64: Added [cifs-utils](https://wiki.samba.org/index.php/LinuxCIFS_utils) for ARM64<br>- ARM64: Added [sssd](https://sssd.io/), [adcli](https://www.freedesktop.org/software/realmd/adcli/adcli.html) and realmd for ARM64<br>- SDK / ARM64: Added [go-tspi](https://pkg.go.dev/github.com/coreos/go-tspi) bindings for ARM64<br><br>#### Updates:<br><br>- Linux ([5.15.48](https://lwn.net/Articles/898124) (includes [5.15.47](https://lwn.net/Articles/897904), [5.15.46](https://lwn.net/Articles/897377), [5.15.45](https://lwn.net/Articles/897167), [5.15.44](https://lwn.net/Articles/896647)))<br>- ca-certificates ([3.79](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_79.html))<br>- containerd ([1.6.6](https://github.com/containerd/containerd/releases/tag/v1.6.6))<br>- libpcre2 ([10.40](https://github.com/PCRE2Project/pcre2/blob/pcre2-10.40/NEWS))<br>Packages:<br>- containerd 1.6.6<br>- docker 20.10.14<br>- ignition 2.13.0<br>- kernel 5.15.48<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-06-23T11:46:15+00:00 @@ -222,7 +230,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3227.1.0 3227.1.0 - 2023-10-25T10:20:35.973651+00:00 + 2023-11-22T09:59:25.694452+00:00 New **Beta** Release **3227.1.0**<br><br>_Changes since **Beta 3185.1.1**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-1734](https://nvd.nist.gov/vuln/detail/CVE-2022-1734), [CVE-2022-28893](https://nvd.nist.gov/vuln/detail/CVE-2022-28893), [CVE-2022-1012](https://nvd.nist.gov/vuln/detail/CVE-2022-1012), [CVE-2022-1729](https://nvd.nist.gov/vuln/detail/CVE-2022-1729))<br>- Go ([CVE-2022-29526](https://nvd.nist.gov/vuln/detail/CVE-2022-29526))<br>- containerd ([CVE-2022-24769](https://nvd.nist.gov/vuln/detail/CVE-2022-24769))<br>- gnutls ([CVE-2021-4209](https://nvd.nist.gov/vuln/detail/CVE-2021-4209), [GNUTLS-SA-2022-01-17](https://gitlab.com/gnutls/gnutls/-/issues/1277))<br>- gzip,xz-utils ([CVE-2022-1271](https://nvd.nist.gov/vuln/detail/CVE-2022-1271))<br>- libarchive ([CVE-2022-26280](https://nvd.nist.gov/vuln/detail/CVE-2022-26280))<br>- nvidia-drivers ([CVE-2022-28181](https://nvd.nist.gov/vuln/detail/CVE-2022-28181), [CVE-2022-28183](https://nvd.nist.gov/vuln/detail/CVE-2022-28183), [CVE-2022-28184](https://nvd.nist.gov/vuln/detail/CVE-2022-28184), [CVE-2022-28185](https://nvd.nist.gov/vuln/detail/CVE-2022-28185))<br>- util-linux ([CVE-2021-3995](https://nvd.nist.gov/vuln/detail/CVE-2021-3995), [CVE-2021-3996](https://nvd.nist.gov/vuln/detail/CVE-2021-3996), [CVE-2022-0563](https://nvd.nist.gov/vuln/detail/CVE-2022-0563))<br>- zlib ([CVE-2018-25032](https://nvd.nist.gov/vuln/detail/CVE-2018-25032))<br><br>#### Bug fixes:<br><br>- Ensured `/etc/flatcar/update.conf` exists because it happens to be used as flag file for Ansible ([init#71](https://github.com/flatcar/init/pull/71))<br>- Fixed Ignition's OEM ID to be `metal` to follow the Ignition upstream change which otherwise resulted in a broken boot when the Flatcar OEM ID `pxe` was used ([bootengine#45](https://github.com/flatcar/bootengine/pull/45))<br>- Added `networkd` translation to `files` section when converting from Ignition 2.x to Ignition 3.x ([coreos-overlay#1910](https://github.com/flatcar/coreos-overlay/pull/1910), [flatcar#741](https://github.com/flatcar/Flatcar/issues/741))<br>- GCP: Fixed shutdown script execution ([coreos-overlay#1912](https://github.com/flatcar/coreos-overlay/pull/1912), [flatcar#743](https://github.com/flatcar/Flatcar/issues/743))<br><br>#### Changes:<br><br>- Enabled `CONFIG_INTEL_RAPL` on AMD64 Kernel config to compile `intel_rapl_common` module in order to allow power monitoring on modern Intel processors ([flatcar#coreos-overlay#1801](https://github.com/flatcar/coreos-overlay/pull/1801))<br><br>#### Updates:<br><br>- Linux ([5.15.43](https://lwn.net/Articles/896231/) (includes [5.15.42](https://lwn.net/Articles/896226), [5.15.41](https://lwn.net/Articles/895645), [5.15.40](https://lwn.net/Articles/895318), [5.15.39](https://lwn.net/Articles/895070), [5.15.38](https://lwn.net/Articles/894357)))<br>- Linux Firmware ([20220411](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20220411))<br>- Go ([1.17.10](https://go.googlesource.com/go/+/refs/tags/go1.17.10))<br>- afterburn ([5.2.0](https://github.com/coreos/afterburn/releases/tag/v5.2.0))<br>- bind-tools ([9.16.27](https://gitlab.isc.org/isc-projects/bind9/-/blob/v9_16_27/CHANGES))<br>- conntrack-tools ([1.4.6](https://lists.netfilter.org/pipermail/netfilter-announce/2020/000240.html))<br>- containerd ([1.6.3](https://github.com/containerd/containerd/releases/tag/v1.6.3) (includes [1.6.2](https://github.com/containerd/containerd/releases/tag/v1.6.2)))<br>- Docker ([20.10.14](https://docs.docker.com/engine/release-notes/#201014))<br>- e2fsprogs ([1.46.4](http://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.46.4))<br>- elfutils ([0.186](https://sourceware.org/git/?p=elfutils.git;a=blob;f=NEWS;h=490932ae4ef9b5a3af01d2c8c616f14d57586046;hb=983e86fd89e8bf02f2d27ba5dce5bf078af4ceda))<br>- gnutls ([3.7.3](https://gitlab.com/gnutls/gnutls/-/merge_requests/1517))<br>- gzip ([1.12](https://savannah.gnu.org/forum/forum.php?forum_id=10157) (includes [1.11](https://lists.gnu.org/archive/html/info-gnu/2021-09/msg00002.html)))<br>- jansson ([2.14](https://github.com/akheron/jansson/blob/v2.14/CHANGES))<br>- libarchive [3.6.1](https://github.com/libarchive/libarchive/releases/tag/v3.6.1)<br>- libbsd ([0.11.3](https://gitlab.freedesktop.org/libbsd/libbsd/-/commits/0.11.3/))<br>- libnetfilter_queue ([1.0.5](https://git.netfilter.org/libnetfilter_queue/log/?h=libnetfilter_queue-1.0.5))<br>- libpcap ([1.10.1](https://git.tcpdump.org/libpcap/blob/c7642e2cc0c5bd65754685b160d25dc23c76c6bd:/CHANGES))<br>- libtasn1 ([4.17.0](https://gitlab.com/gnutls/libtasn1/-/blob/v4.17.0/NEWS))<br>- liburing ([2.1](https://github.com/axboe/liburing/commits/liburing-2.1))<br>- mdadm ([4.2](https://lore.kernel.org/all/28fdbc45-96ca-7cdb-3ced-a5f65d978048@trained-monkey.org/T/))<br>- multipath-tools ([0.8.7](https://github.com/opensvc/multipath-tools/commits/0.8.7))<br>- nghttp2 ([1.45.1](https://github.com/nghttp2/nghttp2/releases/tag/v1.45.1))<br>- nvidia-drivers ([510.73.05](https://docs.nvidia.com/datacenter/tesla/tesla-release-notes-510-73-05/index.html))<br>- oniguruma ([6.9.7.1](https://github.com/kkos/oniguruma/releases/tag/v6.9.7.1))<br>- open-isns ([0.101](https://github.com/open-iscsi/open-isns/blob/v0.101/ChangeLog))<br>- pcre2 ([10.39](https://github.com/PhilipHazel/pcre2/blob/pcre2-10.39/NEWS))<br>- runc ([1.1.1](https://github.com/opencontainers/runc/releases/tag/v1.1.1))<br>- tcpdump ([4.99.1](https://git.tcpdump.org/tcpdump/blob/5f552b5e6e9fe05f7ad9681d51d0303233daba6a:/CHANGES))<br>- unzip ([6.0_p26](https://metadata.ftp-master.debian.org/changelogs//main/u/unzip/unzip_6.0-26_changelog))<br>- util-linux ([2.37.4](https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.4-ChangeLog))<br>- zlib ([1.2.12](https://github.com/madler/zlib/blob/21767c654d31d2dccdde4330529775c6c5fd5389/ChangeLog#L4)) <br>- SDK: Rust ([1.60.0](https://github.com/rust-lang/rust/releases/tag/1.60.0))<br><br><br>_Changes since **Alpha 3227.0.0**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-1734](https://nvd.nist.gov/vuln/detail/CVE-2022-1734), [CVE-2022-28893](https://nvd.nist.gov/vuln/detail/CVE-2022-28893), [CVE-2022-1012](https://nvd.nist.gov/vuln/detail/CVE-2022-1012), [CVE-2022-1729](https://nvd.nist.gov/vuln/detail/CVE-2022-1729))<br>- Go ([CVE-2022-29526](https://nvd.nist.gov/vuln/detail/CVE-2022-29526))<br>- nvidia-drivers ([CVE-2022-28181](https://nvd.nist.gov/vuln/detail/CVE-2022-28181), [CVE-2022-28183](https://nvd.nist.gov/vuln/detail/CVE-2022-28183), [CVE-2022-28184](https://nvd.nist.gov/vuln/detail/CVE-2022-28184), [CVE-2022-28185](https://nvd.nist.gov/vuln/detail/CVE-2022-28185))<br><br>#### Bug fixes:<br><br>- Ensured `/etc/flatcar/update.conf` exists because it happens to be used as flag file for Ansible ([init#71](https://github.com/flatcar/init/pull/71))<br>- Fixed Ignition's OEM ID to be `metal` to follow the Ignition upstream change which otherwise resulted in a broken boot when the Flatcar OEM ID `pxe` was used ([bootengine#45](https://github.com/flatcar/bootengine/pull/45))<br>- Added `networkd` translation to `files` section when converting from Ignition 2.x to Ignition 3.x ([coreos-overlay#1910](https://github.com/flatcar/coreos-overlay/pull/1910), [flatcar#741](https://github.com/flatcar/Flatcar/issues/741))<br>- GCP: Fixed shutdown script execution ([coreos-overlay#1912](https://github.com/flatcar/coreos-overlay/pull/1912), [flatcar#743](https://github.com/flatcar/Flatcar/issues/743))<br><br><br>#### Updates:<br><br>- Linux ([5.15.43](https://lwn.net/Articles/896231/) (includes [5.15.42](https://lwn.net/Articles/896226), [5.15.41](https://lwn.net/Articles/895645), [5.15.40](https://lwn.net/Articles/895318), [5.15.39](https://lwn.net/Articles/895070), [5.15.38](https://lwn.net/Articles/894357)))<br>- Go ([1.17.10](https://go.googlesource.com/go/+/refs/tags/go1.17.10))<br>- nvidia-drivers ([510.73.05](https://docs.nvidia.com/datacenter/tesla/tesla-release-notes-510-73-05/index.html))<br><br>Packages:<br>- docker 20.10.14<br>- ignition 2.13.0<br>- kernel 5.15.43<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-06-02T15:06:28+00:00 @@ -230,7 +238,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3185.1.1 3185.1.1 - 2023-10-25T10:20:35.964309+00:00 + 2023-11-22T09:59:25.684980+00:00 New **Beta** Release **3185.1.1**<br><br>_Changes since **Beta 3185.1.0**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-28390](https://nvd.nist.gov/vuln/detail/CVE-2022-28390), [CVE-2022-0168](https://nvd.nist.gov/vuln/detail/CVE-2022-0168), [CVE-2022-1158](https://nvd.nist.gov/vuln/detail/CVE-2022-1158), [CVE-2022-1353](https://nvd.nist.gov/vuln/detail/CVE-2022-1353), [CVE-2022-1198](https://nvd.nist.gov/vuln/detail/CVE-2022-1198), [CVE-2022-28389](https://nvd.nist.gov/vuln/detail/CVE-2022-28389), [CVE-2022-28388](https://nvd.nist.gov/vuln/detail/CVE-2022-28388), [CVE-2022-1516](https://nvd.nist.gov/vuln/detail/CVE-2022-1516), [CVE-2022-1263](https://nvd.nist.gov/vuln/detail/CVE-2022-1263), [CVE-2022-29582](https://nvd.nist.gov/vuln/detail/CVE-2022-29582), [CVE-2022-1204](https://nvd.nist.gov/vuln/detail/CVE-2022-1204), [CVE-2022-1205](https://nvd.nist.gov/vuln/detail/CVE-2022-1205), [CVE-2022-0500](https://nvd.nist.gov/vuln/detail/CVE-2022-0500), [CVE-2022-23222](https://nvd.nist.gov/vuln/detail/CVE-2022-23222))<br>- Go ([CVE-2022-24675](https://nvd.nist.gov/vuln/detail/CVE-2022-24675))<br><br>#### Bug fixes:<br><br>- GCE: Restored oem-gce.service functionality on GCP ([coreos-overlay#1813](https://github.com/flatcar/coreos-overlay/pull/1813))<br>- Skipped starting `ensure-sysext.service` if `systemd-sysext.service` won't be started, to prevent reporting a dependency failure ([Flatcar#710](https://github.com/flatcar/Flatcar/issues/710))<br>- Added a remount action as `systemd-sysext.service` drop-in unit to restore the OEM partition mount after the overlay mounts in `/usr` are done ([init#69](https://github.com/flatcar/init/pull/69))<br>- Added pahole to developer container, without it kernel modules built against /usr/src/linux may fail to probe with an 'invalid relocation target' error ([coreos-overlay#1839](https://github.com/flatcar/coreos-overlay/pull/1839))<br><br>#### Changes:<br><br>- GCE: Enabled GVE kernel driver, which adds support for Google Virtual NIC on GCP ([coreos-overlay#1802](https://github.com/flatcar/coreos-overlay/pull/1802))<br>- Azure: Set up `/etc/hostname` from instance metadata with Afterburn<br>- AWS EC2: Removed the setup of `/etc/hostname` from the instance metadata because it used a long FQDN but we can just use use the hostname set via DHCP ([Flatcar#707](https://github.com/flatcar/Flatcar/issues/707))<br>- SDK: Dropped the mantle binaries (kola, ore, etc.) from the SDK, they are now provided by the `ghcr.io/flatcar/mantle` image ([coreos-overlay#1827](https://github.com/flatcar/coreos-overlay/pull/1827), [scripts#275](https://github.com/flatcar/scripts/pull/275))<br><br>#### Updates:<br><br>- Linux ([5.15.37](https://lwn.net/Articles/893264) (includes [5.15.36](https://lwn.net/Articles/892812), [5.15.35](https://lwn.net/Articles/892002), [5.15.34](https://lwn.net/Articles/891251), [5.15.33](https://lwn.net/Articles/890722)))<br>- Go ([1.17.9](https://go.googlesource.com/go/+/refs/tags/go1.17.9))<br>- ca-certificates ([3.78](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_78.html))<br>- GCE: google compute-image-packages ([20190124](https://github.com/GoogleCloudPlatform/compute-image-packages/releases/tag/20190124))<br>Packages:<br>- docker 20.10.13<br>- ignition 2.13.0<br>- kernel 5.15.37<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-05-09T14:42:03+00:00 @@ -238,7 +246,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3185.1.0 3185.1.0 - 2023-10-25T10:20:35.957807+00:00 + 2023-11-22T09:59:25.678444+00:00 New **Beta** Release **3185.1.0**<br><br>_Changes since **Beta 3139.1.1**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-1015](https://nvd.nist.gov/vuln/detail/CVE-2022-1015), [CVE-2022-1016](https://nvd.nist.gov/vuln/detail/CVE-2022-1016))<br>- cifs-utils ([CVE-2021-20208](https://nvd.nist.gov/vuln/detail/CVE-2021-20208))<br>- containerd ([CVE-2022-23648](https://nvd.nist.gov/vuln/detail/CVE-2022-23648))<br>- cryptsetup ([CVE-2021-4122](https://nvd.nist.gov/vuln/detail/CVE-2021-4122))<br>- duktape ([CVE-2021-46322](https://nvd.nist.gov/vuln/detail/CVE-2021-46322))<br>- intel-microcode ([CVE-2021-0127](https://nvd.nist.gov/vuln/detail/CVE-2021-0127), [CVE-2021-0146](https://nvd.nist.gov/vuln/detail/CVE-2021-0146))<br>- libarchive ([CVE-2021-31566](https://nvd.nist.gov/vuln/detail/CVE-2021-31566), [CVE-2021-36976](https://nvd.nist.gov/vuln/detail/CVE-2021-36976))<br>- libxml2 ([CVE-2022-23308](https://nvd.nist.gov/vuln/detail/CVE-2022-23308))<br>- nvidia-drivers ([CVE-2022-21814](https://nvd.nist.gov/vuln/detail/CVE-2022-21814), [CVE-2022-21813](https://nvd.nist.gov/vuln/detail/CVE-2022-21813))<br>- shadow ([CVE-2013-4235](https://nvd.nist.gov/vuln/detail/CVE-2013-4235))<br>- systemd ([CVE-2021-3997](https://nvd.nist.gov/vuln/detail/CVE-2021-3997))<br>- vim ([CVE-2021-3984](https://nvd.nist.gov/vuln/detail/CVE-2021-3984), [CVE-2021-4019](https://nvd.nist.gov/vuln/detail/CVE-2021-4019), [CVE-2021-4069](https://nvd.nist.gov/vuln/detail/CVE-2021-4069), [CVE-2021-4136](https://nvd.nist.gov/vuln/detail/CVE-2021-4136), [CVE-2021-4173](https://nvd.nist.gov/vuln/detail/CVE-2021-4173),[ CVE-2021-4166](https://nvd.nist.gov/vuln/detail/CVE-2021-4166), [CVE-2021-4187](https://nvd.nist.gov/vuln/detail/CVE-2021-4187), [CVE-2021-4192](https://nvd.nist.gov/vuln/detail/CVE-2021-4192), [CVE-2021-4193](https://nvd.nist.gov/vuln/detail/CVE-2021-4193), [CVE-2022-0128](https://nvd.nist.gov/vuln/detail/CVE-2022-0128), [CVE-2022-0156](https://nvd.nist.gov/vuln/detail/CVE-2022-0156), [CVE-2022-0158](https://nvd.nist.gov/vuln/detail/CVE-2022-0158), [CVE-2022-0213](https://nvd.nist.gov/vuln/detail/CVE-2022-0213), [CVE-2022-0261](https://nvd.nist.gov/vuln/detail/CVE-2022-0261), [CVE-2022-0318](https://nvd.nist.gov/vuln/detail/CVE-2022-0318), [CVE-2022-0319](https://nvd.nist.gov/vuln/detail/CVE-2022-0319), [CVE-2022-0351](https://nvd.nist.gov/vuln/detail/CVE-2022-0351), [CVE-2022-0359](https://nvd.nist.gov/vuln/detail/CVE-2022-0359), [CVE-2022-0361](https://nvd.nist.gov/vuln/detail/CVE-2022-0361), [CVE-2022-0368](https://nvd.nist.gov/vuln/detail/CVE-2022-0368), [CVE-2022-0392](https://nvd.nist.gov/vuln/detail/CVE-2022-0392), [CVE-2022-0393](https://nvd.nist.gov/vuln/detail/CVE-2022-0393), [CVE-2022-0407](https://nvd.nist.gov/vuln/detail/CVE-2022-0407), [CVE-2022-0408](https://nvd.nist.gov/vuln/detail/CVE-2022-0408), [CVE-2022-0413](https://nvd.nist.gov/vuln/detail/CVE-2022-0413), [CVE-2022-0417](https://nvd.nist.gov/vuln/detail/CVE-2022-0417), [CVE-2022-0443](https://nvd.nist.gov/vuln/detail/CVE-2022-0443))<br>- SDK: squashfs-tools ([CVE-2021-40153](https://nvd.nist.gov/vuln/detail/CVE-2021-40153), [CVE-2021-41072](https://nvd.nist.gov/vuln/detail/CVE-2021-41072))<br><br>#### Bug fixes:<br><br>- AWS: specify correct console (ttyS0) on kernel command line for ARM64 instances ([coreos-overlay#1628](https://github.com/flatcar/coreos-overlay/pull/1628))<br>- Made Ignition write the SSH keys into a file under `authorized_keys.d/ignition` again and added a call to `update-ssh-keys` after Ignition ran to create the merged `authorized_keys` file, which fixes the problem that keys added by Ignition get lost when `update-ssh-keys` runs ([init#66](https://github.com/flatcar/init/pull/66))<br><br>#### Changes:<br><br>- Added `auditd.service` but left it disabled by default, a custom configuration can be created by removing `/etc/audit/auditd.conf` and replacing it with an own file ([coreos-overlay#1636](https://github.com/flatcar/coreos-overlay/pull/1636))<br>- The systemd-networkd `ManageForeignRoutes` and `ManageForeignRoutingPolicyRules` settings are now disabled through a drop-in file and thus can only be enabled again by a drop-in file under `/etc/systemd/networkd.conf.d/` because drop-in files take precedence over `/etc/systemd/networkd.conf` ([init#61](https://github.com/flatcar/init/pull/61))<br>- Bring in dependencies for NFS4 with Kerberos both in kernel and userspace. Tested against NFS4.1 server. ([coreos-overlay#1664](https://github.com/flatcar/coreos-overlay/pull/1664))<br>- Merge the Flatcar Pro features into the regular Flatcar images ([coreos-overlay#1679](https://github.com/flatcar/coreos-overlay/pull/1679))<br>- Besides Ignition v1 and v2 configurations, Ignition configurations with specification v3 (up to 3.3.0) are now supported, see the [docs section for details](https://www.flatcar.org/docs/latest/provisioning/ignition/specification/#ignition-v3)<br>- Made SELinux enabled by default in default containerd configuration file. ([coreos-overlay#1699](https://github.com/flatcar/coreos-overlay/pull/1699))<br>- Removed rngd.service because it is not essential anymore for the kernel to boot fast in VM environments ([coreos-overlay#1700](https://github.com/flatcar/coreos-overlay/pull/1700))<br>- Enabled `systemd-sysext.service` to activate systemd-sysext images on boot, to disable you will need to mask it. Also added a helper service `ensure-sysext.service` which reloads the systemd units to reevaluate the `sockets`, `timers`, and `multi-user` targets when `systemd-sysext.service` is (re)started, making it possible to enable units that are part of a sysext image ([coreos-overlay#65](https://github.com/flatcar/init/pull/65))<br>- For amd64 `/usr/lib` used to be a symlink to `/usr/lib64` but now they became two separate folders as common in other distributions (and was the case for arm64 already). Compatibility symlinks exist in case `/usr/lib64` was used to access, e.g., the `modules` folder or the `systemd` folder ([coreos-overlay#1713](https://github.com/flatcar/coreos-overlay/pull/1713), [scripts#255](https://github.com/flatcar/scripts/pull/255))<br>- Enabled FIPS mode for cryptsetup ([coreos-overlay#1747](https://github.com/flatcar/coreos-overlay/pull/1747))<br>- Added `cryptsetup` to the initramfs for the Ignition `luks` directive ([flatcar-linux/coreos-overlay#1760](https://github.com/flatcar/coreos-overlay/pull/1760))<br>- Enabled FIPS mode for cryptsetup ([portage-stable#312](https://github.com/flatcar/portage-stable/pull/312))<br>- Defined a systemd-sysext level that sysext images can match for instead of the OS version when they don't have a strong coupling, meaning the only metadata required is `SYSEXT_LEVEL=1.0` and `ID=flatcar` ([Flatcar#643](https://github.com/flatcar/Flatcar/issues/643))<br>- Azure: Azure VHD disks are now created using subformat=fixed, which makes them suitable for immediate upload to Azure using any tool.<br>- DigitalOcean: In addition to the `bz2` image, a `gz` compressed image is published. This helps against hitting the compression timeout that sometimes lets the image import fail.<br>- OpenStack: In addition to the `bz2` image, a `gz` compressed image is published. This allows Glance to directly consume the images by simply passing in the URL of the image.<br>- SDK: The image compression format is now configurable. Supported formats are: `bz2`, `gz`, `zip`, `none`, `zst`. Selecting the image format can now be done by passing the `--image_compression_formats` option. This flag gets a comma separated list of formats.<br><br>#### Updates:<br><br>- Linux ([5.15.32](https://lwn.net/Articles/889438)) (from 5.15.30)<br>- Linux Firmware ([20220310](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20220310))<br>- Docker ([20.10.13](https://docs.docker.com/engine/release-notes/#201013))<br>- bpftool ([5.15.8](https://lwn.net/Articles/878631/))<br>- bridge-utils ([1.7.1](https://git.kernel.org/pub/scm/network/bridge/bridge-utils.git/log/?h=v1.7.1))<br>- ca-certificates ([3.77](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_77.html))<br>- cifs-utils ([6.13](https://lkml.kernel.org/linux-cifs/CAKywueSqRGSFmeDHQacyu831BNUeGFxGg3vgBmozzhkGBCjyXQ@mail.gmail.com/T/))<br>- containerd ([1.6.1](https://github.com/containerd/containerd/releases/tag/v1.6.1))<br>- cryptsetup ([2.4.3](https://lore.kernel.org/all/572c18a7bf60cb1b0f67c3a03c531d7e7ed31832.camel@scientia.net/T/))<br>- dosfstools ([4.2](https://github.com/dosfstools/dosfstools/releases/tag/v4.2))<br>- duktape ([2.7.0](https://github.com/svaarala/duktape/releases/tag/v2.7.0))<br>- gcc ([10.3.0](https://gcc.gnu.org/gcc-10/changes.html))<br>- grep ([3.7](https://savannah.gnu.org/forum/forum.php?forum_id=10037))<br>- ignition ([2.13.0](https://github.com/coreos/ignition/releases/tag/v2.13.0))<br>- intel-microcode ([20220207_p20220207](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20220207))<br>- iperf ([3.10.1](https://github.com/esnet/iperf/blob/master/RELNOTES.md#iperf-3101-2021-06-03))<br>- kexec-tools ([2.0.22](https://www.spinics.net/lists/kexec/msg26864.html))<br>- less ([590](https://www.greenwoodsoftware.com/less/news.590.html))<br>- libarchive ([3.5.3](https://github.com/libarchive/libarchive/releases/tag/v3.5.3))<br>- libmspack ([0.10.1_alpha](https://github.com/kyz/libmspack/blob/v0.10.1alpha/libmspack/ChangeLog))<br>- libxml2 ([2.9.13](http://www.xmlsoft.org/news.html))<br>- lsscsi ([0.32](https://sg.danny.cz/scsi/lsscsi.ChangeLog))<br>- nfs-utils ([2.5.4](https://lore.kernel.org/linux-fsdevel/c8795653-7728-18a4-93dc-58943ad0fe09@redhat.com/))<br>- nvidia-drivers ([510.47.03](https://docs.nvidia.com/datacenter/tesla/tesla-release-notes-510-47-03/index.html))<br>- nvme-cli ([1.16](https://github.com/linux-nvme/nvme-cli/commits/deee9cae1ac94760deebd71f8e5449061338666c))<br>- pam ([1.5.1_p20210622](https://github.com/linux-pam/linux-pam/commit/fe1307512fb8892b5ceb3d884c793af8dbd4c16a))<br>- pambase (20220214)<br>- pinentry ([1.2.0](https://dev.gnupg.org/T5566))<br>- quota ([4.06](https://sourceforge.net/p/linuxquota/code/ci/0acd4cc6275122fd9864cb7b5d349e65a2622920/))<br>- rpcbind ([1.2.6](https://git.linux-nfs.org/?p=steved/rpcbind.git;a=shortlog;h=refs/tags/rpcbind-1_2_6))<br>- shadow ([4.11.1](https://github.com/shadow-maint/shadow/releases/tag/v4.11.1))<br>- socat ([1.7.4.3](https://repo.or.cz/socat.git/blob/refs/tags/tag-1.7.4.3:/CHANGES))<br>- systemd ([250.3](https://github.com/systemd/systemd-stable/releases/tag/v250.3))<br>- thin-provisioning-tools ([0.9.0](https://github.com/jthornber/thin-provisioning-tools/blob/d6d93c3157631b242a13a81d30f75453e576c55a/CHANGES#L1-L9))<br>- timezone-data ([2021a](https://mm.icann.org/pipermail/tz-announce/2021-January/000065.html))<br>- vim ([8.2.4328](https://github.com/vim/vim/releases/tag/v8.2.4328))<br>- whois ([5.5.11](https://github.com/rfc1036/whois/commit/5f5ba8312c04a759dad05723c035549273d07461))<br>- xfsprogs ([5.14.2](https://marc.info/?l=linux-xfs&m=163883318025390&w=2))<br>- Azure: WALinuxAgent ([2.6.0.2](https://github.com/Azure/WALinuxAgent/releases/tag/v2.6.0.2))<br>- VMWare: open-vm-tools ([12.0.0](https://github.com/vmware/open-vm-tools/releases/tag/stable-12.0.0))<br>- SDK: gcc-config ([2.5](https://gitweb.gentoo.org/proj/gcc-config.git/tag/?h=v2.5))<br>- SDK: iasl ([20200717](https://www.acpica.org/node/183))<br>- SDK: man-db ([2.9.4](https://gitlab.com/cjwatson/man-db/-/tags/2.9.4))<br>- SDK: man-pages ([5.12-r2](https://man7.org/linux/man-pages/changelog.html#release_5.12))<br>- SDK: netperf ([2.7.0](https://github.com/HewlettPackard/netperf/blob/netperf-2.7.0/Release_Notes))<br>- SDK: Rust ([1.59.0](https://github.com/rust-lang/rust/releases/tag/1.59.0))<br>- SDK: squashfs-tools ([4.5_p20210914](https://lore.kernel.org/lkml/CAB3woddJss+ziGp-RjJ-yiax6pc_HLMdxk3Qk5nJdRgjpEYWBg@mail.gmail.com/))<br><br>_Changes since **Alpha 3185.0.0**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-1015](https://nvd.nist.gov/vuln/detail/CVE-2022-1015), [CVE-2022-1016](https://nvd.nist.gov/vuln/detail/CVE-2022-1016))<br><br>#### Bug fixes:<br><br>- Made Ignition write the SSH keys into a file under `authorized_keys.d/ignition` again and added a call to `update-ssh-keys` after Ignition ran to create the merged `authorized_keys` file, which fixes the problem that keys added by Ignition get lost when `update-ssh-keys` runs ([init#66](https://github.com/flatcar/init/pull/66))<br><br>#### Changes:<br><br>- Enabled FIPS mode for cryptsetup ([flatcar-linux/coreos-overlay#1747](https://github.com/flatcar/coreos-overlay/pull/1747))<br>- Added `cryptsetup` to the initramfs for the Ignition `luks` directive ([flatcar-linux/coreos-overlay#1760](https://github.com/flatcar/coreos-overlay/pull/1760))<br>- Enabled FIPS mode for cryptsetup ([portage-stable#312](https://github.com/flatcar/portage-stable/pull/312))<br><br>#### Updates:<br><br>- Linux ([5.15.32](https://lwn.net/Articles/889438)) (from 5.15.30)<br>- ca-certificates ([3.77](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_77.html))<br><br>Packages:<br>- docker 20.10.13<br>- ignition 2.13.0<br>- kernel 5.15.32<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-04-07T12:04:52+00:00 @@ -246,7 +254,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3139.1.1 3139.1.1 - 2023-10-25T10:20:35.944507+00:00 + 2023-11-22T09:59:25.665141+00:00 New **Beta** Release **3139.1.1**<br><br>**Changes since Beta-3139.1.0**<br><br>#### Security fixes<br>- Linux ([CVE-2022-25636](https://nvd.nist.gov/vuln/detail/CVE-2022-25636))<br>- Go ([CVE-2022-24921](https://nvd.nist.gov/vuln/detail/CVE-2022-24921))<br>- systemd ([CVE-2021-3997](https://nvd.nist.gov/vuln/detail/CVE-2021-3997))<br>- containerd ([CVE-2022-23648](https://nvd.nist.gov/vuln/detail/CVE-2022-23648))<br>- openssl ([CVE-2022-0778](https://nvd.nist.gov/vuln/detail/CVE-2022-0778))<br><br>#### Bug fixes<br>- Reverted the Linux kernel commit which broke networking on AWS instances which use Intel 82559 NIC (c4/m4) ([Flatcar#665](https://github.com/flatcar/Flatcar/issues/665), [coreos-overlay#1723](https://github.com/flatcar/coreos-overlay/pull/1723))<br>- Re-added the `brd drbd nbd rbd xen-blkfront zram libarc4 lru_cache zsmalloc` kernel modules to the initramfs since they were missing compared to the Flatcar 3033.2.x releases where the 5.10 kernel is used ([bootengine#40](https://github.com/flatcar/bootengine/pull/40))<br><br>#### Changes<br>- (none)<br><br>#### Updates<br>- Linux ([5.15.30](https://lwn.net/Articles/888521) (from 5.15.25, includes [5.15.26](https://lwn.net/Articles/886569), [5.15.27](https://lwn.net/Articles/887219), [5.15.28](https://lwn.net/Articles/887638), [5.15.29](https://lwn.net/Articles/888116)))<br>- Go ([1.17.8](https://go.googlesource.com/go/+/refs/tags/go1.17.8))<br>- systemd ([249.10](https://github.com/systemd/systemd-stable/releases/tag/v249.10))<br>- ca-certificates ([3.76](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_76.html))<br>- containerd ([1.5.10](https://github.com/containerd/containerd/releases/tag/v1.5.10))<br>- openssl ([3.0.2](https://www.openssl.org/news/changelog.html#openssl-30))<br><br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.15.30<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-03-23T13:34:49+00:00 @@ -254,7 +262,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3139.1.0 3139.1.0 - 2023-10-25T10:20:35.939047+00:00 + 2023-11-22T09:59:25.659631+00:00 New **Beta** Release **3139.1.0**<br><br>_Changes since **Alpha 3139.0.0**_<br><br>#### Security fixes<br>- Linux ([CVE-2022-0492](https://nvd.nist.gov/vuln/detail/CVE-2022-0492), [CVE-2022-0516](https://nvd.nist.gov/vuln/detail/CVE-2022-0516), [CVE-2022-0435](https://nvd.nist.gov/vuln/detail/CVE-2022-0435), [CVE-2022-0487](https://nvd.nist.gov/vuln/detail/CVE-2022-0487), [CVE-2022-25375](https://nvd.nist.gov/vuln/detail/CVE-2022-25375), [CVE-2022-25258](https://nvd.nist.gov/vuln/detail/CVE-2022-25258), [CVE-2022-0847](https://nvd.nist.gov/vuln/detail/CVE-2022-0847))<br>- go ([CVE-2022-23806](https://nvd.nist.gov/vuln/detail/CVE-2022-23806), [CVE-2022-23772](https://nvd.nist.gov/vuln/detail/CVE-2022-23772), [CVE-2022-23773](https://nvd.nist.gov/vuln/detail/CVE-2022-23773))<br>- expat ([CVE-2022-25235](https://nvd.nist.gov/vuln/detail/CVE-2022-25235), [CVE-2022-25236](https://nvd.nist.gov/vuln/detail/CVE-2022-25236), [CVE-2022-25313](https://nvd.nist.gov/vuln/detail/CVE-2022-25313), [CVE-2022-25314](https://nvd.nist.gov/vuln/detail/CVE-2022-25314), [CVE-2022-25315](https://nvd.nist.gov/vuln/detail/CVE-2022-25315))<br><br>#### Bug fixes<br>- Disabled the systemd-networkd settings `ManageForeignRoutes` and `ManageForeignRoutingPolicyRules` by default to ensure that CNIs like Cilium don't get their routes or routing policy rules discarded on network reconfiguration events ([Flatcar#620](https://github.com/flatcar/Flatcar/issues/620)).<br>- Prevented hitting races when creating filesystems in Ignition, these races caused boot failures like `fsck[1343]: Failed to stat /dev/disk/by-label/ROOT: No such file or directory` when creating a btrfs root filesystem ([ignition#35](https://github.com/flatcar/ignition/pull/35))<br>- Reverted the Linux kernel change to forbid xfrm id 0 for IPSec state because it broke Cilium ([Flatcar#626](https://github.com/flatcar/Flatcar/issues/626), [coreos-overlay#1682](https://github.com/flatcar/coreos-overlay/pull/1682))<br><br>#### Changes<br>- Added support for switching back to CGroupsV1 without requiring a reboot. Create `/etc/flatcar-cgroupv1` through ignition. ([coreos-overlay#1666](https://github.com/flatcar/coreos-overlay/pull/1666))<br><br>#### Updates<br>- Linux ([5.15.25](https://lwn.net/Articles/885896)) (from 5.15.19)<br>- ca-certificates ([3.75](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_75.html))<br>- Go ([1.17.7](https://go.googlesource.com/go/+/refs/tags/go1.17.7))<br>- expat ([2.4.6](https://github.com/libexpat/libexpat/blob/R_2_4_6/expat/Changes))<br><br>_Changes since **Beta 3066.1.2**_<br><br>#### Security fixes<br>- GCC ([CVE-2020-13844](https://nvd.nist.gov/vuln/detail/CVE-2020-13844))<br>- Go ([CVE-2021-44716](https://nvd.nist.gov/vuln/detail/CVE-2021-44716), [CVE-2021-44717](https://nvd.nist.gov/vuln/detail/CVE-2021-44717), [CVE-2022-23806](https://nvd.nist.gov/vuln/detail/CVE-2022-23806), [CVE-2022-23772](https://nvd.nist.gov/vuln/detail/CVE-2022-23772), [CVE-2022-23773](https://nvd.nist.gov/vuln/detail/CVE-2022-23773))<br>- containerd ([CVE-2021-43816](https://nvd.nist.gov/vuln/detail/CVE-2021-43816))<br>- expat ([CVE-2022-25235](https://nvd.nist.gov/vuln/detail/CVE-2022-25235), [CVE-2022-25236](https://nvd.nist.gov/vuln/detail/CVE-2022-25236), [CVE-2022-25313](https://nvd.nist.gov/vuln/detail/CVE-2022-25313), [CVE-2022-25314](https://nvd.nist.gov/vuln/detail/CVE-2022-25314), [CVE-2022-25315](https://nvd.nist.gov/vuln/detail/CVE-2022-25315))<br>- ignition ([CVE-2020-14040](https://nvd.nist.gov/vuln/detail/CVE-2020-14040), [CVE-2021-38561](https://nvd.nist.gov/vuln/detail/CVE-2021-38561))<br>- krb5 ([CVE-2021-37750](https://nvd.nist.gov/vuln/detail/CVE-2021-37750))<br>- libarchive ([libarchive-1565](https://github.com/libarchive/libarchive/issues/1565), [libarchive-1566](https://github.com/libarchive/libarchive/issues/1566))<br>- openssh ([CVE-2021-41617](https://nvd.nist.gov/vuln/detail/CVE-2021-41617))<br>- openssl ([CVE-2021-4044](https://nvd.nist.gov/vuln/detail/CVE-2021-4044))<br>- torcx ([CVE-2021-38561](https://nvd.nist.gov/vuln/detail/CVE-2021-38561), [CVE-2021-43565](https://nvd.nist.gov/vuln/detail/CVE-2021-43565))<br>- vim ([CVE-2021-3872](https://nvd.nist.gov/vuln/detail/CVE-2021-3872), [CVE-2021-3875](https://nvd.nist.gov/vuln/detail/CVE-2021-3875), [CVE-2021-3903](https://nvd.nist.gov/vuln/detail/CVE-2021-3903), [CVE-2021-3927](https://nvd.nist.gov/vuln/detail/CVE-2021-3927), [CVE-2021-3928](https://nvd.nist.gov/vuln/detail/CVE-2021-3928), [CVE-2021-3968](https://nvd.nist.gov/vuln/detail/CVE-2021-3968), [CVE-2021-3973](https://nvd.nist.gov/vuln/detail/CVE-2021-3973), [CVE-2021-3974](https://nvd.nist.gov/vuln/detail/CVE-2021-3974))<br>- SDK: edk2-ovmf ([CVE-2019-14584](https://nvd.nist.gov/vuln/detail/CVE-2019-14584), [CVE-2021-28210](https://nvd.nist.gov/vuln/detail/CVE-2021-28210), [CVE-2021-28211](https://nvd.nist.gov/vuln/detail/CVE-2021-28211), [CVE-2021-28213](https://nvd.nist.gov/vuln/detail/CVE-2021-28213))<br>- SDK: libxslt ([CVE-2021-30560](https://nvd.nist.gov/vuln/detail/CVE-2021-30560))<br>- SDK: mantle ([CVE-2021-3121](https://nvd.nist.gov/vuln/detail/CVE-2021-3121), [CVE-2021-38561](https://nvd.nist.gov/vuln/detail/CVE-2021-38561), [CVE-2021-43565](https://nvd.nist.gov/vuln/detail/CVE-2021-43565))<br>- SDK: Rust ([CVE-2022-21658](https://nvd.nist.gov/vuln/detail/CVE-2022-21658))<br>- SDK: QEMU ([CVE-2020-35504](https://nvd.nist.gov/vuln/detail/CVE-2020-35504), [CVE-2020-35505](https://nvd.nist.gov/vuln/detail/CVE-2020-35505), [CVE-2020-35506](https://nvd.nist.gov/vuln/detail/CVE-2020-35506), [CVE-2020-35517](https://nvd.nist.gov/vuln/detail/CVE-2020-35517), [CVE-2021-20203](https://nvd.nist.gov/vuln/detail/CVE-2021-20203), [CVE-2021-20255](https://nvd.nist.gov/vuln/detail/CVE-2021-20255), [CVE-2021-20257](https://nvd.nist.gov/vuln/detail/CVE-2021-20257), [CVE-2021-20263](https://nvd.nist.gov/vuln/detail/CVE-2021-20263), [CVE-2021-3409](https://nvd.nist.gov/vuln/detail/CVE-2021-3409), [CVE-2021-3416](https://nvd.nist.gov/vuln/detail/CVE-2021-3416), [CVE-2021-3527](https://nvd.nist.gov/vuln/detail/CVE-2021-3527), [CVE-2021-3544](https://nvd.nist.gov/vuln/detail/CVE-2021-3544), [CVE-2021-3545](https://nvd.nist.gov/vuln/detail/CVE-2021-3545), [CVE-2021-3546](https://nvd.nist.gov/vuln/detail/CVE-2021-3546), [CVE-2021-3582](https://nvd.nist.gov/vuln/detail/CVE-2021-3582), [CVE-2021-3607](https://nvd.nist.gov/vuln/detail/CVE-2021-3607), [CVE-2021-3608](https://nvd.nist.gov/vuln/detail/CVE-2021-3608), [CVE-2021-3682](https://nvd.nist.gov/vuln/detail/CVE-2021-3682))<br><br>#### Bug fixes<br>- Excluded the Kubenet cbr0 interface from networkd's DHCP config and set it to Unmanaged to prevent interference and ensure that it is not part of the network online check ([init#55](https://github.com/flatcar/init/pull/55))<br>- Fixed the dracut emergency Ignition log printing that had a scripting error causing the cat command to fail ([bootengine#33](https://github.com/flatcar/bootengine/pull/33))<br>- network: Accept ICMPv6 Router Advertisements to fix IPv6 address assignment in the default DHCP setting ([init#51](https://github.com/flatcar/init/pull/51), [coreos-cloudinit#12](https://github.com/flatcar/coreos-cloudinit/pull/12), [bootengine#30](https://github.com/flatcar/bootengine/pull/30))<br>- flatcar-update: Stopped checking for the `USER` environment variable which may not be set in all environments, causing the script to fail unless a workaround was used like prepending an additional `sudo` invocation ([init#58](https://github.com/flatcar/init/pull/58))<br>- Disabled the systemd-networkd settings `ManageForeignRoutes` and `ManageForeignRoutingPolicyRules` by default to ensure that CNIs like Cilium don't get their routes or routing policy rules discarded on network reconfiguration events ([Flatcar#620](https://github.com/flatcar/Flatcar/issues/620)).<br>- Prevented hitting races when creating filesystems in Ignition, these races caused boot failures like `fsck[1343]: Failed to stat /dev/disk/by-label/ROOT: No such file or directory` when creating a btrfs root filesystem ([ignition#35](https://github.com/flatcar/ignition/pull/35))<br>- Reverted the Linux kernel change to forbid xfrm id 0 for IPSec state because it broke Cilium ([Flatcar#626](https://github.com/flatcar/Flatcar/issues/626), [coreos-overlay#1682](https://github.com/flatcar/coreos-overlay/pull/1682))<br><br>#### Changes<br>- Update-engine now creates the `/run/reboot-required` flag file for [kured](https://github.com/weaveworks/kured) ([update_engine#15](https://github.com/flatcar/update_engine/pull/15))<br>- Excluded special network interface devices like bridge, tunnel, vxlan, and veth devices from the default DHCP configuration to prevent networkd interference ([init#56](https://github.com/flatcar/init/pull/56))<br>- Added CONFIG_NF_CT_NETLINK_HELPER (for libnetfilter_cthelper), CONFIG_NET_VRF (for virtual routing and forwarding) and CONFIG_KEY_DH_OPERATIONS (for keyutils) to the kernel config ([coreos-overlay#1524](https://github.com/flatcar/coreos-overlay/pull/1524))<br>- Enabled the FIPS support for the Linux kernel, which users can now choose through a kernel parameter in `grub.cfg` (check it taking effect with `cat /proc/sys/crypto/fips_enabled`) ([coreos-overlay#1602](https://github.com/flatcar/coreos-overlay/pull/1602))<br>- Added support for switching back to CGroupsV1 without requiring a reboot. Create `/etc/flatcar-cgroupv1` through ignition. ([coreos-overlay#1666](https://github.com/flatcar/coreos-overlay/pull/1666))<br>- Removed the pre-shipped `/etc/flatcar/update.conf` file, leaving it totally to the user to define the contents as it was unnecessarily overwriting the `/use/share/flatcar/update.conf` ([flatcar-linux/scripts#212](https://github.com/flatcar/scripts/pull/212))<br><br>#### Updates<br>- Linux ([5.15.25](https://lwn.net/Articles/885895)) (from 5.10.96)<br>- GCC ([9.4.0](https://lists.gnu.org/archive/html/info-gnu/2021-06/msg00000.html))<br>- Go ([1.17.7](https://go.googlesource.com/go/+/refs/tags/go1.17.7))<br>- ca-certificates ([3.75](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_75.html))<br>- systemd ([249.7](https://github.com/systemd/systemd-stable/blob/v249.7/NEWS))<br>- acl ([2.3.1](https://git.savannah.nongnu.org/cgit/acl.git/log/?h=v2.3.1))<br>- attr ([2.5.1](https://git.savannah.nongnu.org/cgit/attr.git/log/?h=v2.5.1))<br>- audit ([3.0.6](https://listman.redhat.com/archives/linux-audit/2021-October/msg00000.html))<br>- boost ([1.76.0](https://www.boost.org/users/history/version_1_76_0.html))<br>- btrfs-progs ([5.15.1](https://btrfs.wiki.kernel.org/index.php/Changelog#btrfs-progs_v5.15_.28Nov_2021.29))<br>- coreutils ([8.32](https://lists.gnu.org/archive/html/coreutils-announce/2020-03/msg00000.html))<br>- diffutils ([3.8](https://lists.gnu.org/archive/html/info-gnu/2021-08/msg00000.html))<br>- ethtool ([5.10](https://git.kernel.org/pub/scm/network/ethtool/ethtool.git/tree/NEWS?h=v5.10))<br>- expat ([2.4.6](https://github.com/libexpat/libexpat/blob/R_2_4_6/expat/Changes))<br>- findutils ([4.8.0](https://savannah.gnu.org/forum/forum.php?forum_id=9914))<br>- glib ([2.68.4](https://gitlab.gnome.org/GNOME/glib/-/releases/2.68.4))<br>- i2c-tools ([4.2](https://git.kernel.org/pub/scm/utils/i2c-tools/i2c-tools.git/log/?h=v4.2))<br>- iproute2 ([5.15](https://lwn.net/ml/linux-kernel/20211101164705.6f4f2e41%40hermes.local/))<br>- ipset ([7.11](https://ipset.netfilter.org/changelog.html))<br>- ipvsadm ([1.27](http://archive.linuxvirtualserver.org/html/lvs-devel/2013-09/msg00011.html))<br>- iputils ([20210722](https://github.com/iputils/iputils/releases/tag/20210722))<br>- kmod ([29](https://git.kernel.org/pub/scm/utils/kernel/kmod/kmod.git/commit/?id=b6ecfc916a17eab8f93be5b09f4e4f845aabd3d1))<br>- libarchive ([3.5.2](https://github.com/libarchive/libarchive/releases/tag/v3.5.2))<br>- libcap-ng ([0.8.2](https://github.com/stevegrubb/libcap-ng/releases/tag/v0.8.2))<br>- libseccomp ([2.5.1](https://github.com/seccomp/libseccomp/releases/tag/v2.5.1))<br>- lshw ([02.19.2b_p20210121](https://www.ezix.org/project/wiki/HardwareLiSter#Changes))<br>- lsof ([4.94.0](https://github.com/lsof-org/lsof/releases/tag/4.94.0))<br>- openssh ([8.8](http://www.openssh.com/txt/release-8.8))<br>- openssl ([3.0.1](https://www.openssl.org/news/changelog.html#openssl-30))<br>- parted ([3.4](https://savannah.gnu.org/forum/forum.php?forum_id=9924) (includes [3.3](https://savannah.gnu.org/forum/forum.php?forum_id=9569)))<br>- pciutils ([3.7.0](https://github.com/pciutils/pciutils/commit/864aecdea9c7db626856d8d452f6c784316a878c))<br>- polkit ([0.120](https://gitlab.freedesktop.org/polkit/polkit/-/blob/0.120/NEWS))<br>- runc ([1.1.0](https://github.com/opencontainers/runc/releases/tag/v1.1.0))<br>- sbsigntools ([0.9.4](https://git.kernel.org/pub/scm/linux/kernel/git/jejb/sbsigntools.git/tag/?h=v0.9.4))<br>- sed ([4.8](https://savannah.gnu.org/forum/forum.php?forum_id=9647))<br>- usbutils ([014](https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usbutils.git/commit/?id=57fb18e59cce31a50a1ca62d1e192512c905ba00))<br>- vim ([8.2.3582](https://github.com/vim/vim/releases/tag/v8.2.3582))<br>- Azure: Python for OEM images ([3.9.8](https://www.python.org/downloads/release/python-398/))<br>- SDK: Linux headers ([5.15](https://lwn.net/Articles/876611/))<br>- SDK: edk2-ovmf ([202105](https://github.com/tianocore/edk2/releases/tag/edk2-stable202105))<br>- SDK: file ([5.40](https://mailman.astron.com/pipermail/file/2021-March/000478.html))<br>- SDK: ipxe ([1.21.1](https://github.com/ipxe/ipxe/releases/tag/v1.21.1))<br>- SDK: mantle ([0.18.0](https://github.com/flatcar/mantle/releases/tag/v0.18.0))<br>- SDK: perf ([5.15](https://kernelnewbies.org/LinuxChanges#Linux_5.15.Tracing.2C_perf_and_BPF))<br>- SDK: Python ([3.9.8](https://www.python.org/downloads/release/python-398/))<br>- SDK: Rust ([1.58.1](https://github.com/rust-lang/rust/releases/tag/1.58.1))<br>- SDK: QEMU ([6.1.0](https://wiki.qemu.org/ChangeLog/6.1))<br>- SDK: seabios ([1.14.0](https://seabios.org/Releases#SeaBIOS_1.14.0))<br>- SDK: sgabios ([0.1_pre10](https://git.qemu.org/?p=sgabios.git;a=tree;h=a85446adb0e0))<br><br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.15.25<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-03-07T13:13:36+00:00 @@ -262,7 +270,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3066.1.2 3066.1.2 - 2023-10-25T10:20:35.925579+00:00 + 2023-11-22T09:59:25.646045+00:00 New **Beta** Release **3066.1.2**<br><br>_Changes since **Beta 3066.1.1**_<br><br>#### Security fixes<br>- Linux ([CVE-2021-43976](https://nvd.nist.gov/vuln/detail/CVE-2021-43976), [CVE-2022-0330](https://nvd.nist.gov/vuln/detail/CVE-2022-0330), [CVE-2022-22942](https://nvd.nist.gov/vuln/detail/CVE-2022-22942))<br>- expat ([CVE-2022-23852](https://nvd.nist.gov/vuln/detail/CVE-2022-23852), [CVE-2022-23990](https://nvd.nist.gov/vuln/detail/CVE-2022-23990))<br>- glibc ([CVE-2021-3998](https://nvd.nist.gov/vuln/detail/CVE-2021-3998), [CVE-2021-3999](https://nvd.nist.gov/vuln/detail/CVE-2021-3999), [CVE-2022-23218](https://nvd.nist.gov/vuln/detail/CVE-2022-23218), [CVE-2022-23219](https://nvd.nist.gov/vuln/detail/CVE-2022-23219))<br>- polkit ([CVE-2021-4034](https://nvd.nist.gov/vuln/detail/CVE-2021-4034))<br><br><br>#### Bug fixes<br>- SDK: Fixed build error popping up in the new SDK Container because `policycoreutils` used the wrong ROOT to update the SELinux store ([flatcar-linux/coreos-overlay#1502](https://github.com/flatcar/coreos-overlay/pull/1502))<br>- Fixed leak of SELinux policy store to the root filesystem top directory due to wrong store path in `policycoreutils` instead of `/var/lib/selinux` ([flatcar-linux/Flatcar#596](https://github.com/flatcar/Flatcar/issues/596))<br><br>#### Updates<br>- Linux ([5.10.96](https://lwn.net/Articles/883442)) (from 5.10.93)<br>- Linux Firmware ([20211216](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20211216))<br>- expat ([2.4.4](https://github.com/libexpat/libexpat/blob/R_2_4_4/expat/Changes))<br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.10.96<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-02-09T10:02:57+00:00 @@ -270,7 +278,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3066.1.1 3066.1.1 - 2023-10-25T10:20:35.920321+00:00 + 2023-11-22T09:59:25.640722+00:00 New **Beta** release **3066.1.1**<br><br>_Changes since **Beta 3066.1.0**_<br><br>#### Known issues:<br>- The SELinux policy store update fix resulted in some files leaked to the root filesystem top directory ([flatcar-linux/Flatcar#596](https://github.com/flatcar/Flatcar/issues/596))<br><br>#### Security fixes:<br><br>- Linux ([CVE-2021-4135](https://nvd.nist.gov/vuln/detail/CVE-2021-4135), [CVE-2021-4155](https://nvd.nist.gov/vuln/detail/CVE-2021-4155), [CVE-2021-28711](https://nvd.nist.gov/vuln/detail/CVE-2021-28711), [CVE-2021-28712](https://nvd.nist.gov/vuln/detail/CVE-2021-28712), [CVE-2021-28713](https://nvd.nist.gov/vuln/detail/CVE-2021-28713), [CVE-2021-28714](https://nvd.nist.gov/vuln/detail/CVE-2021-28714), [CVE-2021-28715](https://nvd.nist.gov/vuln/detail/CVE-2021-28715), [CVE-2021-39685](https://nvd.nist.gov/vuln/detail/CVE-2021-39685), [CVE-2021-44733](https://nvd.nist.gov/vuln/detail/CVE-2021-44733), [CVE-2021-45095](https://nvd.nist.gov/vuln/detail/CVE-2021-45095), [CVE-2022-0185](https://nvd.nist.gov/vuln/detail/CVE-2022-0185))<br>- ca-certificates ([CVE-2021-43527](https://nvd.nist.gov/vuln/detail/CVE-2021-43527))<br>- containerd ([CVE-2021-43816](https://nvd.nist.gov/vuln/detail/CVE-2021-43816))<br>- expat ([CVE-2021-45960](https://nvd.nist.gov/vuln/detail/CVE-2021-45960), [CVE-2021-46143](https://nvd.nist.gov/vuln/detail/CVE-2021-46143), [CVE-2022-22822](https://nvd.nist.gov/vuln/detail/CVE-2022-22822), [CVE-2022-22823](https://nvd.nist.gov/vuln/detail/CVE-2022-22823), [CVE-2022-22824](https://nvd.nist.gov/vuln/detail/CVE-2022-22824), [CVE-2022-22825](https://nvd.nist.gov/vuln/detail/CVE-2022-22825), [CVE-2022-22826](https://nvd.nist.gov/vuln/detail/CVE-2022-22826), [CVE-2022-22827](https://nvd.nist.gov/vuln/detail/CVE-2022-22827))<br><br>#### Bug fixes:<br><br>- Ensured that the `/run/xtables.lock` coordination file exists for modifications of the xtables backend from containers (must be bind-mounted) or the `iptables-legacy` binaries on the host ([flatcar-linux/init#57](https://github.com/flatcar/init/pull/57))<br>- Excluded the Kubenet cbr0 interface from networkd’s DHCP config and set it to Unmanaged to prevent interference and ensure that it is not part of the network online check ([flatcar-linux/init#55](https://github.com/flatcar/init/pull/55))<br>- dev container: Fix github URL for coreos-overlay and portage-stable to use repos from flatcar-linux org directly instead of relying on redirects from the kinvolk org. This fixes checkouts with emerge-gitclone inside dev-container. ([flatcar-linux/scripts#194](https://github.com/flatcar/scripts/pull/194))<br>- SDK: Fixed build error popping up in the new SDK Container because `policycoreutils` used the wrong ROOT to update the SELinux store ([flatcar-linux/coreos-overlay#1502](https://github.com/flatcar/coreos-overlay/pull/1502))<br><br>#### Changes:<br><br>- Backported `elf` support for `iproute2` ([flatcar-linux/coreos-overlay#1256](https://github.com/flatcar/coreos-overlay/pull/1526))<br><br>#### Updates:<br><br>- Linux ([5.10.93](https://lwn.net/Articles/881964)) (from 5.10.84)<br>- ca-certificates ([3.74](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_74.html))<br>- Docker ([20.10.12](https://docs.docker.com/engine/release-notes/#201012))<br>- containerd ([1.5.9](https://github.com/containerd/containerd/releases/tag/v1.5.9))<br>- expat ([2.4.3](https://github.com/libexpat/libexpat/blob/R_2_4_3/expat/Changes))<br><br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.10.93<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-01-26T08:13:36+00:00 @@ -278,7 +286,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3066.1.0 3066.1.0 - 2023-10-25T10:20:35.913723+00:00 + 2023-11-22T09:59:25.634057+00:00 New **Beta** release **3066.1.0**<br><br>_Changes since **Alpha 3066.0.0**_<br><br>**Security fixes**<br><br><br><br>* Linux ([CVE-2021-4002](https://nvd.nist.gov/vuln/detail/CVE-2021-4002), [CVE-2020-27820](https://nvd.nist.gov/vuln/detail/CVE-2020-27820), [CVE-2021-4001](https://nvd.nist.gov/vuln/detail/CVE-2021-4001), [CVE-2021-43975](https://nvd.nist.gov/vuln/detail/CVE-2021-43975))<br>* Go ([CVE-2021-44716](https://nvd.nist.gov/vuln/detail/CVE-2021-44716), [CVE-2021-44717](https://nvd.nist.gov/vuln/detail/CVE-2021-44717))<br>* ca-certificates ([CVE-2021-43527](https://nvd.nist.gov/vuln/detail/CVE-2021-43527))<br><br>**Bug Fixes**<br><br><br><br>* Added configuration files for logrotate ([flatcar-linux/coreos-overlay#1442](https://github.com/flatcar/coreos-overlay/pull/1442))<br>* Fixed `ETCD_NAME` conflicting with `--name` for `etcd-member` to start ([flatcar-linux/coreos-overlay#1444](https://github.com/flatcar/coreos-overlay/pull/1444))<br>* The Torcx profile docker-1.12-no got fixed to reference the current Docker version instead of 19.03 which wasn't found on the image, causing Torcx to fail to provide Docker [flatcar-linux/coreos-overlay#1456](https://github.com/flatcar/coreos-overlay/pull/1456)<br>* Fix vim warnings on missing file, when built with USE=”minimal” ([portage-stable#260](https://github.com/flatcar/portage-stable/pull/260))<br><br>**Changes**<br><br><br><br>* Added a new `flatcar-update` tool to the image to ease manual updates, rollbacks, channel/release jumping, and airgapped updates ([flatcar-linux/init#53](https://github.com/flatcar/init/pull/53))<br><br>**Updates**<br><br><br><br>* ca-certificates ([3.73](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_73.html))<br>* runc ([1.0.3](https://github.com/opencontainers/runc/releases/tag/v1.0.3))<br>* Go ([1.17.5](https://go.googlesource.com/go/+/refs/tags/go1.17.5))<br>* Linux ([5.10.84](https://lwn.net/Articles/878041))<br><br>_Changes since **Beta 3033.1.1**_<br><br>**Security fixes**<br><br><br><br>* Linux ([CVE-2021-4002](https://nvd.nist.gov/vuln/detail/CVE-2021-4002), [CVE-2020-27820](https://nvd.nist.gov/vuln/detail/CVE-2020-27820), [CVE-2021-4001](https://nvd.nist.gov/vuln/detail/CVE-2021-4001), [CVE-2021-43975](https://nvd.nist.gov/vuln/detail/CVE-2021-43975))<br>* Go ([CVE-2021-44716](https://nvd.nist.gov/vuln/detail/CVE-2021-44716), [CVE-2021-44717](https://nvd.nist.gov/vuln/detail/CVE-2021-44717))<br>* ca-certificates ([CVE-2021-43527](https://nvd.nist.gov/vuln/detail/CVE-2021-43527))<br>* Docker, containerd ([CVE-2021-41190](https://nvd.nist.gov/vuln/detail/CVE-2021-41190))<br>* rsync ([CVE-2020-14387](https://nvd.nist.gov/vuln/detail/CVE-2020-14387))<br>* SDK: u-boot-tools ([CVE-2021-27097](https://nvd.nist.gov/vuln/detail/CVE-2021-27097),[CVE-2021-27138](https://nvd.nist.gov/vuln/detail/CVE-2021-27138))<br><br>**Changes:**<br><br><br><br>* Added sgx group to /etc/group in baselayout ([baselayout#20](https://github.com/flatcar/baselayout/pull/20))<br>* Added missing SELinux rule as initial step to resolve Torcx unpacking issue ([coreos-overlay#1426](https://github.com/flatcar/coreos-overlay/pull/1426))<br><br>**Bug Fixes**<br><br><br><br>* Skip `tcsd` for machine with TPM 2.0 ([flatcar-linux/coreos-overlay#1364](https://github.com/flatcar/coreos-overlay/pull/1364),[flatcar-linux/coreos-overlay#1365](https://github.com/flatcar/coreos-overlay/pull/1365))<br>* Fix vim warnings on missing file, when built with USE=”minimal” ([portage-stable#260](https://github.com/flatcar/portage-stable/pull/260))<br>* SDK: Add missing arm64 SDK keywords to profiles ([coreos-overlay#1407](https://github.com/flatcar/coreos-overlay/pull/1407))<br><br>**Updates**<br><br><br><br>* Openssl ([3.0.0](https://www.openssl.org/news/cl30.txt))<br>* Docker ([20.10.11](https://docs.docker.com/engine/release-notes/#20111))<br>* containerd ([1.5.8](https://github.com/containerd/containerd/releases/tag/v1.5.8))<br>* btrfs-progs ([5.10.1](https://btrfs.wiki.kernel.org/index.php/Changelog#btrfs-progs_v5.10_.28Jan_2021.29))<br>* dbus-glib ([0.112](https://gitlab.freedesktop.org/dbus/dbus-glib/-/tags/dbus-glib-0.112))<br>* gmp ([6.2.1](https://gmplib.org/gmp6.2))<br>* ignition ([0.36.1](https://github.com/flatcar/ignition/releases/tag/v0.36.1))<br>* json-c ([0.15](https://github.com/json-c/json-c/wiki/Notes-for-v0.15-release))<br>* libgpg-error ([1.42](https://dev.gnupg.org/T5194))<br>* logrotate ([3.18.1](https://github.com/logrotate/logrotate/releases/tag/3.18.1))<br>* p11-kit ([0.23.22](https://github.com/p11-glue/p11-kit/releases/tag/0.23.22))<br>* popt ([1.18](https://github.com/rpm-software-management/popt/releases/tag/popt-1.18-release))<br>* rpcsvc-proto ([1.4.2](https://github.com/thkukuk/rpcsvc-proto/releases/tag/v1.4.2))<br>* SDK: crossdev ([20210621](https://gitweb.gentoo.org/proj/crossdev.git/commit/?id=b40ebcdb89f19d2fd0c563590f30d7574cfe0755))<br>* SDK: gdbm ([1.20](https://lists.gnu.org/archive/html/info-gnu/2021-06/msg00008.html))<br>* SDK: man-pages-posix ([2017a](https://www.mail-archive.com/cygwin-announce@cygwin.com/msg09598.html))<br>* SDK: miscfiles ([1.5](https://lists.gnu.org/archive/html/info-gnu/2010-11/msg00009.html))<br>* SDK: pkgconf ([1.7.4](https://git.sr.ht/~kaniini/pkgconf/tree/458101e787a47378d2fc74c64f649fd3a5f75e55/item/NEWS))<br>* SDK: swig ([4.0.2](https://sourceforge.net/p/swig/news/2020/06/swig-402-released/))<br>* SDK: u-boot-tools ([2021.04_rc2](https://source.denx.de/u-boot/u-boot/-/tags/v2021.04-rc2))<br>Packages:<br>- docker 20.10.11<br>- ignition 0.36.1<br>- kernel 5.10.84<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2021-12-15T19:40:26+00:00 @@ -286,7 +294,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3033.1.1 3033.1.1 - 2023-10-25T10:20:35.905852+00:00 + 2023-11-22T09:59:25.626070+00:00 New **Beta** Release **3033.1.1**<br><br>_Changes since **Beta 3033.1.0**_<br><br>**Security fixes**<br><br>* Linux ([CVE-2021-42739](https://nvd.nist.gov/vuln/detail/CVE-2021-42739))<br>* Docker, containerd ([CVE-2021-41190](https://nvd.nist.gov/vuln/detail/CVE-2021-41190))<br><br>**Updates**<br><br>* Linux ([5.10.80](https://lwn.net/Articles/876426/))<br>* Docker ([20.10.11](https://docs.docker.com/engine/release-notes/#20111))<br>* containerd ([1.5.8](https://github.com/containerd/containerd/releases/tag/v1.5.8))<br>* ca-certificates ([3.72](https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/7O6a4NlaI2A))<br><br>**Changes**<br><br>* Added missing SELinux rule as initial step to resolve Torcx unpacking issue ([coreos-overlay#1426](https://github.com/flatcar/coreos-overlay/pull/1426))<br>Packages:<br>- docker 20.10.11<br>- ignition 0.34.0<br>- kernel 5.10.80<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2021-11-25T11:11:55+00:00 @@ -294,7 +302,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3033.1.0 3033.1.0 - 2023-10-25T10:20:35.901117+00:00 + 2023-11-22T09:59:25.621174+00:00 New **Beta** release **3033.1.0**<br><br>_Changes since **Alpha 3033.0.0**_<br><br>**Security fixes**<br><br><br><br>* Linux ([CVE-2021-3760](https://nvd.nist.gov/vuln/detail/CVE-2021-3760), [CVE-2021-3772](https://nvd.nist.gov/vuln/detail/CVE-2021-3772), [CVE-2021-42327](https://nvd.nist.gov/vuln/detail/CVE-2021-42327), [CVE-2021-43056](https://nvd.nist.gov/vuln/detail/CVE-2021-43056), [CVE-2021-43267](https://nvd.nist.gov/vuln/detail/CVE-2021-43267), [CVE-2021-43389](https://nvd.nist.gov/vuln/detail/CVE-2021-43389))<br>* Docker ([CVE-2021-41092](https://nvd.nist.gov/vuln/detail/CVE-2021-41092), [CVE-2021-41089](https://nvd.nist.gov/vuln/detail/CVE-2021-41089),[ CVE-2021-41091](https://nvd.nist.gov/vuln/detail/CVE-2021-41091))<br>* Go ([CVE-2021-41771](https://nvd.nist.gov/vuln/detail/CVE-2021-41771),[ CVE-2021-41772](https://nvd.nist.gov/vuln/detail/CVE-2021-41772))<br><br>**Changes**<br><br><br><br>* Use https protocol instead of git for Github URLs ([flatcar-linux/coreos-overlay#1394](https://github.com/flatcar/coreos-overlay/pull/1394))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.77](https://lwn.net/Articles/874852/))<br>* docker ([20.10.10](https://docs.docker.com/engine/release-notes/#201010))<br>* Go ([1.17.3](https://go.googlesource.com/go/+/refs/tags/go1.17.3))<br><br>_Changes since **Beta 2983.1.2**_<br><br>**Security fixes**<br><br><br><br>* Linux ([CVE-2021-3739](https://nvd.nist.gov/vuln/detail/CVE-2021-3739), [CVE-2021-3744](https://nvd.nist.gov/vuln/detail/CVE-2021-3744), [CVE-2021-3753](https://nvd.nist.gov/vuln/detail/CVE-2021-3753),[ CVE-2021-3760](https://nvd.nist.gov/vuln/detail/CVE-2021-3739), [CVE-2021-3764](https://nvd.nist.gov/vuln/detail/CVE-2021-3764), [CVE-2021-3772](https://nvd.nist.gov/vuln/detail/CVE-2021-3772), [CVE-2021-20321](https://nvd.nist.gov/vuln/detail/CVE-2021-20321), [CVE-2021-38300](https://nvd.nist.gov/vuln/detail/CVE-2021-38300), [CVE-2021-40490](https://nvd.nist.gov/vuln/detail/CVE-2021-40490), [CVE-2021-41864](https://nvd.nist.gov/vuln/detail/CVE-2021-41864), [CVE-2021-42327](https://nvd.nist.gov/vuln/detail/CVE-2021-42327), [CVE-2021-43056](https://nvd.nist.gov/vuln/detail/CVE-2021-43056), [CVE-2021-43267](https://nvd.nist.gov/vuln/detail/CVE-2021-43267), [CVE-2021-43389](https://nvd.nist.gov/vuln/detail/CVE-2021-43389))<br>* Go ([CVE-2021-29923](https://nvd.nist.gov/vuln/detail/CVE-2021-29923), [CVE-2021-38297](https://nvd.nist.gov/vuln/detail/CVE-2021-38297), [CVE-2021-39293](https://nvd.nist.gov/vuln/detail/CVE-2021-39293), [CVE-2021-41771](https://nvd.nist.gov/vuln/detail/CVE-2021-41771),[ CVE-2021-41772](https://nvd.nist.gov/vuln/detail/CVE-2021-41772))<br>* Docker ([CVE-2021-41092](https://nvd.nist.gov/vuln/detail/CVE-2021-41092), [CVE-2021-41089](https://nvd.nist.gov/vuln/detail/CVE-2021-41089),[ CVE-2021-41091](https://nvd.nist.gov/vuln/detail/CVE-2021-41091))<br>* bash ([CVE-2019-9924](https://nvd.nist.gov/vuln/detail/CVE-2019-9924),[ CVE-2019-18276](https://nvd.nist.gov/vuln/detail/CVE-2019-18276))<br>* binutils ([CVE-2021-3530](https://nvd.nist.gov/vuln/detail/CVE-2021-3530),[ CVE-2021-3549](https://nvd.nist.gov/vuln/detail/CVE-2021-3549))<br>* containerd ([CVE-2021-41103](https://nvd.nist.gov/vuln/detail/CVE-2021-41103))<br>* curl ([CVE-2021-22945](https://nvd.nist.gov/vuln/detail/CVE-2021-22945),[ CVE-2021-22946](https://nvd.nist.gov/vuln/detail/CVE-2021-22946),[ CVE-2021-22947](https://nvd.nist.gov/vuln/detail/CVE-2021-22947))<br>* git ([CVE-2021-40330](https://nvd.nist.gov/vuln/detail/CVE-2021-40330))<br>* glibc ([CVE-2021-38604](https://nvd.nist.gov/vuln/detail/CVE-2021-38604))<br>* gnuPG ([CVE-2020-25125](https://nvd.nist.gov/vuln/detail/CVE-2020-25125))<br>* libgcrypt ([CVE-2021-40528](https://nvd.nist.gov/vuln/detail/CVE-2021-40528))<br>* nettle ([CVE-2021-20305](https://nvd.nist.gov/vuln/detail/CVE-2021-20305), [CVE-2021-3580](https://nvd.nist.gov/vuln/detail/CVE-2021-3580))<br>* polkit ([CVE-2021-3560](https://nvd.nist.gov/vuln/detail/CVE-2021-3560))<br>* sssd ([CVE-2018-16883](https://nvd.nist.gov/vuln/detail/CVE-2018-16883), [CVE-2019-3811](https://nvd.nist.gov/vuln/detail/CVE-2019-3811), [CVE-2018-16838](https://nvd.nist.gov/vuln/detail/CVE-2018-16838))<br>* util-linux ([CVE-2021-37600](https://nvd.nist.gov/vuln/detail/CVE-2021-37600))<br>* vim ([CVE-2021-3770](https://nvd.nist.gov/vuln/detail/CVE-2021-3770), [CVE-2021-3778](https://nvd.nist.gov/vuln/detail/CVE-2021-3778), [CVE-2021-3796](https://nvd.nist.gov/vuln/detail/CVE-2021-3796))<br>* SDK: bison ([CVE-2020-14150](https://nvd.nist.gov/vuln/detail/CVE-2020-14150),[ CVE-2020-24240](https://nvd.nist.gov/vuln/detail/CVE-2020-24240))<br>* SDK: perl ([CVE-2020-10878](https://nvd.nist.gov/vuln/detail/CVE-2020-10878))<br><br>**Bug fixes**<br><br><br><br>* toolbox: fixed support for multi-layered docker images ([flatcar-linux/toolbox#5](https://github.com/flatcar/toolbox/pull/5))<br>* arm64: the Polkit service does not crash anymore. ([flatcar-linux/Flatcar#156](https://github.com/flatcar/Flatcar/issues/156))<br>* The tcsd service for TPM 1 is not started on machines with TPM 2 anymore where it fails and isn’t necessary. ([flatcar-linux/coreos-overlay#1365](https://github.com/flatcar/coreos-overlay/pull/1365))<br>* Skip tcsd.service for TPM2 devices to fix failures on c3.small.x86 instances of Equinix Metal ([Flatcar#208](https://github.com/flatcar/Flatcar/issues/208))<br>* Fixed locksmith adhering to reboot window when getting the etcd lock ([flatcar-linux/locksmith#10](https://github.com/flatcar/locksmith/pull/10))<br>* Run emergency.target on `ignition/torcx` service unit failure in dracut ([bootengine#28](https://github.com/flatcar/bootengine/pull/28))<br><br>**Changes**<br><br><br><br>* Added GPIO support ([coreos-overlay#1236](https://github.com/flatcar/coreos-overlay/pull/1236))<br>* Enabled SELinux in permissive mode on ARM64 ([coreos-overlay#1245](https://github.com/flatcar/coreos-overlay/pull/1245))<br>* Added support for some alias commands from `bcc` ([flatcar-linux/coreos-overlay#1278](https://github.com/flatcar/coreos-overlay/pull/1278))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.77](https://lwn.net/Articles/874852/))<br>* Linux firmware ([20210919](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20210919))<br>* Go ([1.17.3](https://go.googlesource.com/go/+/refs/tags/go1.17.3))<br>* bash ([5.1_p8](https://lists.gnu.org/archive/html/info-gnu/2020-12/msg00003.html))<br>* binutils ([2.37](https://sourceware.org/pipermail/binutils/2021-July/117384.html))<br>* ca-certificates ([3.69.1](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_69_1.html#nss-3-69-1-release-notes))<br>* containerd ([1.5.7](https://github.com/containerd/containerd/releases/tag/v1.5.7))<br>* curl ([7.79.1](https://curl.se/changes.html#7_79_1))<br>* duktape ([2.6.0](https://github.com/svaarala/duktape/blob/master/doc/release-notes-v2-6.rst))<br>* ebtables ([2.0.11](https://lwn.net/Articles/806179/))<br>* gawk ([5.1.0](https://lists.gnu.org/archive/html/info-gnu/2020-04/msg00007.html))<br>* git ([2.32.0](https://github.com/git/git/blob/master/Documentation/RelNotes/2.32.0.txt))<br>* gnuPG ([2.2.29](https://lists.gnupg.org/pipermail/gnupg-announce/2021q3/000461.html))<br>* iptables ([1.8.7](https://lwn.net/Articles/843069/))<br>* keyutils ([1.6.1](https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/keyutils.git/tag/?h=v1.6.1))<br>* libdnet ([1.14](https://github.com/ofalk/libdnet/releases/tag/libdnet-1.14))<br>* libgcrypt ([1.9.4](https://dev.gnupg.org/T5402))<br>* libmnl ([1.0.4](https://marc.info/?l=netfilter-devel&m=146745072727070&w=2))<br>* libnftnl ([1.2.0](https://marc.info/?l=netfilter&m=162194376520385&w=2))<br>* libtirpc ([1.3.2](https://www.spinics.net/lists/linux-nfs/msg84129.html))<br>* ldb ([2.3.0](https://gitlab.com/samba-team/samba/-/tags/ldb-2.3.0))<br>* lvm2 ([2.02.188](https://github.com/lvmteam/lvm2/releases/tag/v2_02_188))<br>* nettle ([3.7.3](https://git.lysator.liu.se/nettle/nettle/-/blob/master/NEWS#L1-37))<br>* net-tools ([2.10](https://sourceforge.net/p/net-tools/news/2021/01/net-tools-210-released/))<br>* nftables ([0.9.9](https://lwn.net/Articles/857369/))<br>* openssh ([8.7_p1-r1](https://www.openssh.com/txt/release-8.7))<br>* polkit ([0.119](https://gitlab.freedesktop.org/polkit/polkit/-/blob/0.119/NEWS))<br>* realmd ([0.17.0](https://gitlab.freedesktop.org/realmd/realmd/-/tags/0.17.0))<br>* sssd (2.3.1)<br>* systemd ([249.4](https://github.com/systemd/systemd-stable/blob/v249.4/NEWS))<br>* talloc ([2.3.2](https://gitlab.com/samba-team/samba/-/tags/talloc-2.3.2))<br>* util-linux ([2.37.2](https://github.com/karelzak/util-linux/blob/v2.37.2/NEWS))<br>* vim ([8.2.3428](https://github.com/vim/vim/releases/tag/v8.2.3428))<br>* xenstore ([4.14.2](https://xenproject.org/downloads/xen-project-archives/xen-project-4-14-series/xen-project-4-14-2/))<br>* SDK: bison (3.7.6)<br>* SDK: perl ([5.34.0](https://perldoc.perl.org/perl5340delta))<br>* SDK: rust ([1.55](https://github.com/rust-lang/rust/releases/tag/1.55.0))<br>* VMWare: open-vm-tools ([11.3.5](https://github.com/vmware/open-vm-tools/releases/tag/stable-11.3.5))<br>Packages:<br>- docker 20.10.10<br>- ignition 0.34.0<br>- kernel 5.10.77<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2021-11-09T06:39:46+00:00 @@ -302,7 +310,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2983.1.2 2983.1.2 - 2023-10-25T10:20:35.891084+00:00 + 2023-11-22T09:59:25.610257+00:00 **Update to CGroupsV2**<br><br>As of Alpha version 2969.0.0, Flatcar Container Linux migrates to the unified cgroup hierarchy (aka CGroupsV2)! New nodes will utilize CGroupsV2 by default. Existing nodes remain on CGroupsV1 and need to be manually migrated to CGroupsV2. To learn more about CGroupsV2 on Flatcar Container Linux and the migration guide, please refer to[ https://flatcar-linux.org/docs/latest/container-runtimes/switching-to-unified-cgroups/](https://flatcar-linux.org/docs/latest/container-runtimes/switching-to-unified-cgroups/)<br><br>New **Beta** release **2983.1.2**<br><br>_Changes since **Beta 2983.1.1**_<br><br>**Security fixes**<br><br><br><br>* Linux ([CVE-2021-3764](https://nvd.nist.gov/vuln/detail/CVE-2021-3764), [CVE-2021-3744](https://nvd.nist.gov/vuln/detail/CVE-2021-3744), [CVE-2021-38300](https://nvd.nist.gov/vuln/detail/CVE-2021-38300), [CVE-2021-20321](https://nvd.nist.gov/vuln/detail/CVE-2021-20321), [CVE-2021-41864](https://nvd.nist.gov/vuln/detail/CVE-2021-41864))<br>* Docker ([CVE-2021-41092](https://nvd.nist.gov/vuln/detail/CVE-2021-41092), [CVE-2021-41089](https://nvd.nist.gov/vuln/detail/CVE-2021-41089),[ CVE-2021-41091](https://nvd.nist.gov/vuln/detail/CVE-2021-41091))<br>* containerd ([CVE-2021-41103](https://nvd.nist.gov/vuln/detail/CVE-2021-41103))<br><br>**Bux fixes**<br><br><br><br>* The tcsd service for TPM 1 is not started on machines with TPM 2 anymore where it fails and isn’t necessary ([flatcar-linux/coreos-overlay#1364](https://github.com/flatcar/coreos-overlay/pull/1364))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.75](https://lwn.net/Articles/873465/))<br>* Docker ([20.10.9](https://docs.docker.com/engine/release-notes/#20109))<br>* ca-certificates ([3.69.1](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_69_1.html#nss-3-69-1-release-notes))<br>* containerd ([1.5.7](https://github.com/containerd/containerd/releases/tag/v1.5.7))<br>Packages:<br>- docker 20.10.9<br>- ignition 0.34.0<br>- kernel 5.10.75<br>- systemd 247<br><br>Architectures:<br>- amd64<br> 2021-10-25T15:56:14+00:00 @@ -310,7 +318,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2983.1.1 2983.1.1 - 2023-10-25T10:20:35.885600+00:00 + 2023-11-22T09:59:25.603992+00:00 New **Beta** release **2983.1.1**<br><br>_Changes since **Beta 2983.1.0**_<br><br>**Security fixes**<br><br>* Linux ([CVE-2021-41073](https://nvd.nist.gov/vuln/detail/CVE-2021-41073), [CVE-2020-16119](https://nvd.nist.gov/vuln/detail/CVE-2020-16119))<br><br>**Updates**<br><br>* Linux ([5.10.69](https://lwn.net/Articles/870544/))<br>Packages:<br>- docker 20.10.8<br>- ignition 0.34.0<br>- kernel 5.10.69<br>- systemd 247<br><br>Architectures:<br>- amd64<br> 2021-09-30T16:22:00+00:00 @@ -318,7 +326,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2983.1.0 2983.1.0 - 2023-10-25T10:20:35.881246+00:00 + 2023-11-22T09:59:25.599028+00:00 New **Beta** release **2983.1.0**<br><br>_Changes since **Beta 2942.1.2**_<br><br>**Update to CGroupsV2**<br><br>As of Alpha version 2969.0.0, Flatcar Container Linux migrates to the unified cgroup hierarchy (aka CGroupsV2)! New nodes will utilize CGroupsV2 by default. Existing nodes remain on CGroupsV1 and need to be manually migrated to CGroupsV2. To learn more about CGroupsV2 on Flatcar Container Linux and the migration guide, please refer to [https://flatcar-linux.org/docs/latest/container-runtimes/switching-to-unified-cgroups/](https://flatcar-linux.org/docs/latest/container-runtimes/switching-to-unified-cgroups/) <br><br>**Security fixes**<br><br><br><br>* dnsmasq ([CVE-2021-3448](https://nvd.nist.gov/vuln/detail/CVE-2021-3448))<br>* glibc ([CVE-2021-35942](https://nvd.nist.gov/vuln/detail/CVE-2021-35942))<br>* Go ([CVE-2021-36221](https://nvd.nist.gov/vuln/detail/CVE-2021-36221))<br>* libuv ([CVE-2021-22918](https://nvd.nist.gov/vuln/detail/CVE-2021-22918))<br>* mit-krb5 ([CVE-2021-36222](https://nvd.nist.gov/vuln/detail/CVE-2021-36222))<br>* tar ([CVE-2021-20193](https://nvd.nist.gov/vuln/detail/CVE-2021-20193))<br>* expat ([CVE-2013-0340](https://nvd.nist.gov/vuln/detail/CVE-2013-0340))<br>* Linux ([CVE-2021-3753](https://nvd.nist.gov/vuln/detail/CVE-2021-3753), [CVE-2021-3739](https://nvd.nist.gov/vuln/detail/CVE-2021-3739))<br><br>**Bug Fixes**<br><br><br><br>* Fixed containerd config after introduction of CGroupsV2 ([coreos-overlay#1214](https://github.com/kinvolk/coreos-overlay/pull/1214))<br>* Fixed path for amazon-ssm-agent in base-ec2.ign ([coreos-overlay#1228](https://github.com/kinvolk/coreos-overlay/pull/1228))<br>* Fixed locksmith adhering to reboot window when getting the etcd lock ([locksmith#10](https://github.com/kinvolk/locksmith/pull/10))<br>* Disabled SELinux by default on dockerd wrapper script ([coreos-overlay#1149](https://github.com/kinvolk/coreos-overlay/pull/1149))<br>* Let network-cleanup.service finish before entering rootfs ([coreos-overlay#1182](https://github.com/kinvolk/coreos-overlay/pull/1182))<br><br>**Changes**<br><br><br><br>* Added Azure [Generation 2 VM](https://docs.microsoft.com/en-us/azure/virtual-machines/generation-2) support ([coreos-overlay#1198](https://github.com/kinvolk/coreos-overlay/pull/1198))<br>* cgroups v2 by default for new nodes ([coreos-overlay#931](https://github.com/kinvolk/coreos-overlay/pull/931)).<br>* Upgrade Docker to 20.10 ([coreos-overlay#931](https://github.com/kinvolk/coreos-overlay/pull/931))<br>* Switched Docker ecosystem packages to go1.16 ([coreos-overlay#1217](https://github.com/kinvolk/coreos-overlay/pull/1217))<br>* Added lbzip2 binary to the image ([coreos-overlay#1221](https://github.com/kinvolk/coreos-overlay/pull/1221))<br>* flatcar-install uses lbzip2 if present, falls back on bzip2 if not ([init#46](https://github.com/kinvolk/init/pull/46))<br>* Added Intel E800 series network adapter driver ([coreos-overlay#1237](https://github.com/kinvolk/coreos-overlay/pull/1237))<br>* Enabled 'audit' use flag for sys-libs/pam ([coreos-overlay#1233](https://github.com/kinvolk/coreos-overlay/pull/1233))<br>* Bumped etcd and flannel to respectively `3.5.0`, `0.14.0` to get multiarch images for arm64 support. _Note for users of the old etcd v2 support_: `ETCDCTL_API=2` must be set to use v2 store as well as `ETCD_ENABLE_V2=true` in the `etcd-member.service` - this support will be removed in `3.6.0` ([coreos-overlay#1179](https://github.com/kinvolk/coreos-overlay/pull/1179))<br>* Switched to zstd compression for the initramfs ([coreos-overlay#1136](https://github.com/kinvolk/coreos-overlay/pull/1136))<br>* Support BTRFS in OEM and /usr partitions, but only used it for the OEM partition for now. Ignition configurations that refer to the OEM partition will work with any filesystem format specified, a mismatch is not resulting in a boot error. ([coreos-overlay#1106](https://github.com/kinvolk/coreos-overlay/pull/1106))<br>* Switched the arm64 kernel to use a 4k page size instead of 64k<br>* Switched dm-verity corruption detection to issue a kernel panic (a panic results in a reboot after 1 minute, this was the case before already) instead of merely failing certain syscalls that try to use the corrupted data<br>* Support BTRFS in OEM and /usr partitions, but only used it for the OEM partition for now. Ignition configurations that refer to the OEM partition will work with any filesystem format specified, a mismatch is not resulting in a boot error. ([coreos-overlay#1106](https://github.com/kinvolk/coreos-overlay/pull/1106))<br>* Enabled zstd compression for the initramfs and for amd64 also for the kernel because we hit the vmlinuz size limit on the /boot partition<br>* Deleted the unused kernel+initramfs vmlinuz file from the /usr partition<br>* devcontainer: added support to run on arm64 by switching to an architecture-agnostic partition UUID<br>* Enabled ARM64 SDK bootstrap ([scripts#134](https://github.com/kinvolk/flatcar-scripts/pull/134))<br>* SDK: enabled experimental ARM64 SDK usage ([flatcar-scripts#134](https://github.com/kinvolk/flatcar-scripts/pull/134)) ([flatcar-scripts#141](https://github.com/kinvolk/flatcar-scripts/pull/141))<br>* AWS: Added amazon-ssm-agent ([coreos-overlay#1162](https://github.com/kinvolk/coreos-overlay/pull/1162))<br>* Azure: Compile OEM contents for all architectures ([coreos-overlay#1196](https://github.com/kinvolk/coreos-overlay/pull/1196))<br>* update_engine: add postinstall hook to stay on cgroupv1 ([update_engine#13](https://github.com/kinvolk/update_engine/pull/13))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.63](https://lwn.net/Articles/868663/))<br>* Linux firmware ([20210818](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20210818))<br>* c-ares ([1.17.2](https://c-ares.haxx.se/changelog.html#1_17_2))<br>* docker ([20.10.8](https://docs.docker.com/engine/release-notes/#20108))<br>* docker CLI ([20.10.8](https://github.com/docker/cli/releases/tag/v20.10.8))<br>* docker proxy ([0.8.0_p20210525](https://github.com/moby/libnetwork/commit/64b7a4574d1426139437d20e81c0b6d391130ec8))<br>* Go ([1.16.7](https://golang.org/doc/devel/release#go1.16.minor))<br>* glibc ([2.33-r5](https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7dfddd056de5f23bc29591d212f4051ed9d0634e))<br>* etcd ([3.5.0](https://github.com/etcd-io/etcd/releases/tag/v3.5.0))<br>* flannel ([0.14.0](https://github.com/flannel-io/flannel/releases/tag/v0.14.0))<br>* runc ([1.0.2](https://github.com/opencontainers/runc/releases/tag/v1.0.2))<br>* strace ([5.12](https://github.com/strace/strace/releases/tag/v5.12))<br>* wa-linux-agent ([2.3.1.1](https://github.com/Azure/WALinuxAgent/releases/tag/v2.3.1.1))<br>* cryptsetup ([2.3.6](https://gitlab.com/cryptsetup/cryptsetup/-/tags/v2.3.6))<br>* expat ([2.4.1](https://www.xml.com/news/2021-05-expat-240-and-241/))<br>* portage-utils ([0.90](https://github.com/gentoo/portage-utils/releases/tag/v0.90))<br>* libarchive ([3.5.1](https://github.com/libarchive/libarchive/releases/tag/3.5.1))<br>* xz-utils ([5.2.5](https://git.tukaani.org/?p=xz.git;a=blob;f=NEWS;h=aade49443ad7ddba13bbfd9da188c99664736d80;hb=3247e95115acb95bc27f41e8cf4501db5b0b4309#l16))<br>* tar ([1.34](https://savannah.gnu.org/forum/forum.php?forum_id=9935))<br>* libuv ([1.41.1](https://github.com/libuv/libuv/releases/tag/v1.41.1))<br>* tini ([0.19](https://github.com/krallin/tini/releases/tag/v0.19.0))<br>* mit-krb5 ([1.19.2](https://github.com/krb5/krb5/tree/krb5-1.19.2-final))<br>* SDK: dnsmasq ([2.85](https://thekelleys.org.uk/dnsmasq/CHANGELOG))<br>* SDK: rust ([1.54](https://github.com/rust-lang/rust/releases/tag/1.54.0))<br><br>_Changes since **Alpha 2983.0.0**_<br><br>**Security fixes**<br><br><br><br>* Linux([CVE-2021-3753](https://nvd.nist.gov/vuln/detail/CVE-2021-3753), [CVE-2021-3739](https://nvd.nist.gov/vuln/detail/CVE-2021-3739))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.63](https://lwn.net/Articles/868663/))<br>Packages:<br>- docker 20.10.8<br>- ignition 0.34.0<br>- kernel 5.10.63<br>- systemd 247<br><br>Architectures:<br>- amd64<br> 2021-09-16T14:56:46+00:00 @@ -326,7 +334,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2942.1.2 2942.1.2 - 2023-10-25T10:20:35.871218+00:00 + 2023-11-22T09:59:25.587909+00:00 New **Beta** release **2942.1.2**<br><br>_Changes since **Beta 2942.1.1**_<br><br>**Security fixes**<br><br><br><br>* Linux ([CVE-2021-3653](https://nvd.nist.gov/vuln/detail/CVE-2021-3653), [CVE-2021-3656](https://nvd.nist.gov/vuln/detail/CVE-2021-3656), [CVE-2021-38166](https://nvd.nist.gov/vuln/detail/CVE-2021-38166)) <br>* openssl ([CVE-2021-3711](https://nvd.nist.gov/vuln/detail/CVE-2021-3711), [CVE-2021-3712](https://nvd.nist.gov/vuln/detail/CVE-2021-3712))<br><br>**Bug Fixes**<br><br><br><br>* Re-enabled kernel config FS_ENCRYPTION ([coreos-overlay#1212](https://github.com/kinvolk/coreos-overlay/pull/1212/))<br>* Fixed Perl in dev-container ([coreos-overlay#1238](https://github.com/kinvolk/coreos-overlay/pull/1238))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.61](https://lwn.net/Articles/867497/))<br>* openssl ([1.1.1l](https://mta.openssl.org/pipermail/openssl-announce/2021-August/000206.html))<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.10.61<br>- systemd 247<br><br>Architectures:<br>- amd64<br> 2021-09-01T14:14:50+00:00 @@ -334,7 +342,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2942.1.1 2942.1.1 - 2023-10-25T10:20:35.866444+00:00 + 2023-11-22T09:59:25.582519+00:00 _Changes since **Beta 2942.1.0**_<br><br>**Security fixes**<br><br><br><br>* Linux ([CVE-2021-34556](https://nvd.nist.gov/vuln/detail/CVE-2021-34556), [CVE-2021-35477](https://nvd.nist.gov/vuln/detail/CVE-2021-35477), [CVE-2021-38205](https://nvd.nist.gov/vuln/detail/CVE-2021-38205))<br>* NVIDIA Drivers ([CVE-2021-1090](https://nvd.nist.gov/vuln/detail/CVE-2021-1090), [CVE-2021-1093](https://nvd.nist.gov/vuln/detail/CVE-2021-1093), [CVE-2021-1094](https://nvd.nist.gov/vuln/detail/CVE-2021-1094), [CVE-2021-1095](https://nvd.nist.gov/vuln/detail/CVE-2021-1095))<br>* Go ([CVE-2021-36221](https://nvd.nist.gov/vuln/detail/CVE-2021-36221))<br>* Systemd ([CVE-2020-13529](https://nvd.nist.gov/vuln/detail/CVE-2020-13529), [CVE-2021-33910](https://nvd.nist.gov/vuln/detail/CVE-2021-33910))<br><br>**Bug Fixes**<br><br><br><br>* Fixed `pam.d` sssd LDAP auth with sudo ([coreos-overlay#1170](https://github.com/kinvolk/coreos-overlay/pull/1170))<br>* Let network-cleanup.service finish before entering rootfs ([coreos-overlay#1182](https://github.com/kinvolk/coreos-overlay/pull/1182))<br>* Fixed SELinux policy for Flannel CNI ([coreos-overlay#1181](https://github.com/kinvolk/coreos-overlay/pull/1181))<br><br>**Changes**<br><br><br><br>* Switched to zstd for the initramfs ([coreos-overlay#1136](https://github.com/kinvolk/coreos-overlay/pull/1136))<br>* Embedded new subkey in flatcar-install ([coreos-overlay#1180](https://github.com/kinvolk/coreos-overlay/pull/1180))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.59](https://lwn.net/Articles/866302/))<br>* NVIDIA Drivers ([470.57.02](https://docs.nvidia.com/datacenter/tesla/tesla-release-notes-470-57-02/index.html))<br>* Systemd ([247.9](https://github.com/systemd/systemd-stable/releases/tag/v247.9))<br>* Go ([1.16.7](https://golang.org/doc/devel/release#go1.16.minor))<br>* portage-utils ([0.90](https://github.com/gentoo/portage-utils/releases/tag/v0.90))<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.10.59<br>- systemd 247<br><br>Architectures:<br>- amd64<br> 2021-08-19T13:36:00+00:00 @@ -342,7 +350,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2942.1.0 2942.1.0 - 2023-10-25T10:20:35.861038+00:00 + 2023-11-22T09:59:25.576333+00:00 _Changes since **Beta 2920.1.0**_<br><br>**Security Fixes**<br><br>* Linux ([CVE-2021-37576](https://nvd.nist.gov/vuln/detail/CVE-2021-37576))<br>* containerd ([CVE-2021-32760](https://nvd.nist.gov/vuln/detail/CVE-2021-32760))<br>* glibc ([CVE-2020-29562](https://nvd.nist.gov/vuln/detail/CVE-2020-29562), [CVE-2019-25013](https://nvd.nist.gov/vuln/detail/CVE-2019-25013), [CVE-2020-27618](https://nvd.nist.gov/vuln/detail/https://cve.circl.lu/cve/CVE-2020-27618), [CVE-2021-27645](https://nvd.nist.gov/vuln/detail/CVE-2021-27645), [CVE-2021-33574](https://nvd.nist.gov/vuln/detail/CVE-2021-33574))<br>* Go ([CVE-2021-34558](https://nvd.nist.gov/vuln/detail/CVE-2021-34558))<br>* libgcrypt ([CVE-2021-33560](https://nvd.nist.gov/vuln/detail/CVE-2021-33560))<br>* libpcre ([CVE-2019-20838](https://nvd.nist.gov/vuln/detail/CVE-2019-20838), [CVE-2020-14155](https://nvd.nist.gov/vuln/detail/CVE-2020-14155))<br><br>**Bug Fixes**<br><br>* Added the systemd tag in udev for Azure storage devices, to fix /boot automount ([init#41](https://github.com/kinvolk/init/pull/41))<br>* Disabled SELinux by default on `dockerd` wrapper script ([coreos-overlay#1149](https://github.com/kinvolk/coreos-overlay/pull/1149))<br>* Set the cilium_vxlan interface to be not managed by networkd's default setup with DHCP as it's managed by Cilium. ([init#43](https://github.com/kinvolk/init/pull/43))<br>* update_engine_client: Improve feedback when an update is not needed([update_engine#10](https://github.com/kinvolk/update_engine/pull/10))<br>* GCE: Granted CAP_NET_ADMIN to set routes for the TCP LB when starting oem-gce.service ([coreos-overlay#1146](https://github.com/kinvolk/coreos-overlay/pull/1146))<br><br>**Changes**<br><br>* Enabled telnet support for curl ([coreos-overlay#1099](https://github.com/kinvolk/coreos-overlay/pull/1099))<br>* Enabled ssl USE flag for wget ([coreos-overlay#932](https://github.com/kinvolk/coreos-overlay/pull/932))<br>* Enabled MDIO_BCM_UNIMAC for arm64 ([coreos-overlay#929](https://github.com/kinvolk/coreos-overlay/pull/929))<br><br>**Updates**<br><br>* Linux ([5.10.55](https://lwn.net/Articles/864901/))<br>* containerd ([1.5.4](https://github.com/containerd/containerd/releases/tag/v1.5.4))<br>* dbus ([1.12.20](https://github.com/freedesktop/dbus/blob/ab88811768f750777d1a8b9d9ab12f13390bfd3a/NEWS#L1))<br>* dracut ([053](https://github.com/dracutdevs/dracut/releases/tag/053))<br>* glibc ([2.33](https://sourceware.org/pipermail/libc-alpha/2021-February/122207.html))<br>* go ([1.16.6](https://golang.org/doc/devel/release#go1.16.minor)) <br>* libev (4.33)<br>* libgcrypt ([1.9.3](https://github.com/gpg/libgcrypt/blob/cb78627203705365d24b48ec4fc4cf2fc804b277/NEWS#L1))<br>* libpcre (8.44)<br>* libverto ([0.3.1](https://github.com/latchset/libverto/releases/tag/0.3.1))<br>* pax-utils (1.3.1)<br>* readline ([8.1_p1](https://tiswww.case.edu/php/chet/readline/CHANGES))<br>* rust ([1.53.0](https://blog.rust-lang.org/2021/06/17/Rust-1.53.0.html))<br>* selinux ([3.1](https://github.com/SELinuxProject/selinux/releases/tag/20200710))<br>* selinux-refpolicy ([2.20200818](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20200818))<br>* systemd ([247.7](https://github.com/systemd/systemd-stable/releases/tag/v247.7))<br>* VMWare: open-vm-tools ([11.3.0](https://github.com/vmware/open-vm-tools/releases/tag/stable-11.3.0))<br><br>_Changes since **Alpha 2942.0.0**_<br><br>**Security fixes**<br><br>* Linux ([CVE-2021-37576](https://nvd.nist.gov/vuln/detail/CVE-2021-37576))<br><br>**Bug fixes**<br><br>* Set the cilium_vxlan interface to be not managed by networkd's default setup with DHCP as it's managed by Cilium. ([init#43](https://github.com/kinvolk/init/pull/43))<br>* Disabled SELinux by default on `dockerd` wrapper script ([coreos-overlay#1149](https://github.com/kinvolk/coreos-overlay/pull/1149))<br>* GCE: Granted CAP_NET_ADMIN to set routes for the TCP LB when starting oem-gce.service ([coreos-overlay#1146](https://github.com/kinvolk/coreos-overlay/pull/1146))<br><br>**Updates**<br><br>* Linux ([5.10.55](https://lwn.net/Articles/864901/))<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.10.55<br>- systemd 247<br><br>Architectures:<br>- amd64<br> 2021-08-04T13:23:23+00:00 @@ -350,7 +358,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2920.1.0 2920.1.0 - 2023-10-25T10:20:35.854111+00:00 + 2023-11-22T09:59:25.568606+00:00 _Changes since **Alpha 2920.0.0**_<br><br>**Security Fixes**<br><br><br><br>* containerd ([CVE-2021-32760](https://nvd.nist.gov/vuln/detail/CVE-2021-32760))<br>* curl (CVE-2021-22922, CVE-2021-22923, CVE-2021-22924, CVE-2021-22925, CVE-2021-22926)<br>* linux ([CVE-2020-26541](https://nvd.nist.gov/vuln/detail/CVE-2020-26541), [CVE-2021-35039](https://nvd.nist.gov/vuln/detail/CVE-2021-35039), [CVE-2021-22543](https://nvd.nist.gov/vuln/detail/CVE-2021-22543), CVE-2021-3609, CVE-2021-3655, [CVE-2021-33909](https://nvd.nist.gov/vuln/detail/CVE-2021-33909))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.52](https://lwn.net/Articles/863648/))<br>* curl ([7.78](https://curl.se/changes.html#7_78_0))<br>* containerd ([1.5.4](https://github.com/containerd/containerd/releases/tag/v1.5.4))<br><br>_Changes since **Beta 2905.1.0**_<br><br>**Updates**<br><br><br><br>* Linux ([5.10.52](https://lwn.net/Articles/863648/))<br>* lz4 ([1.9.3-r1](https://github.com/lz4/lz4/releases/tag/v1.9.3))<br>* curl ([7.78](https://curl.se/changes.html#7_78_0))<br>* gptfdisk (1.0.7)<br>* gettext ([0.21-r1](https://lists.gnu.org/archive/html/info-gnu/2020-07/msg00009.html))<br>* intel-microcode ([20210608_p20210608](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20210608))<br>* runc ([1.0.0](https://github.com/opencontainers/runc/releases/tag/v1.0.0))<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.10.52<br>- systemd 247<br><br>Architectures:<br>- amd64<br> 2021-07-28T08:21:00+00:00 @@ -358,7 +366,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2905.1.0 2905.1.0 - 2023-10-25T10:20:35.849068+00:00 + 2023-11-22T09:59:25.563070+00:00 _Changes since **Alpha** **2905.0.0**:_<br>**Security fixes**<br><br>* Linux ([CVE-2021-34693](https://nvd.nist.gov/vuln/detail/CVE-2021-34693), [CVE-2021-33624](https://nvd.nist.gov/vuln/detail/CVE-2021-33624))<br><br>**Changes**<br><br>* NVIDIA GPU Support added in the AWS Pro images ([coreos-overlay#1078](https://github.com/kinvolk/coreos-overlay/pull/1078)) <br><br>**Updates**<br><br>* Linux ([5.10.46](https://lwn.net/Articles/860655/))<br><br><br><br>_Changes since **Beta** **2823.1.3**:_<br>**Security fixes**<br><br><br><br>* Linux ([CVE-2021-34693](https://nvd.nist.gov/vuln/detail/CVE-2021-34693), [CVE-2021-33624](https://nvd.nist.gov/vuln/detail/CVE-2021-33624))<br>* binutils ([CVE-2021-20197](https://nvd.nist.gov/vuln/detail/CVE-2021-20197),[CVE-2021-3487](https://nvd.nist.gov/vuln/detail/CVE-2021-3487))<br>* openldap ([CVE-2021-27212](https://nvd.nist.gov/vuln/detail/CVE-2021-27212))<br>* sqlite ([CVE-2021-20227](https://nvd.nist.gov/vuln/detail/CVE-2021-20227))<br>* Go (CVE-2021-33195,CVE-2021-33196,CVE-2021-33197,CVE-2021-33198)<br>* libxml2 ([CVE-2021-3516](https://nvd.nist.gov/vuln/detail/CVE-2021-3516),[CVE-2021-3517](https://nvd.nist.gov/vuln/detail/CVE-2021-3517),[CVE-2021-3518](https://nvd.nist.gov/vuln/detail/CVE-2021-3518),CVE-2021-3541)<br>* qemu ([CVE-2020-10717](https://nvd.nist.gov/vuln/detail/CVE-2020-10717),[ CVE-2020-13754](https://nvd.nist.gov/vuln/detail/CVE-2020-13754),[ CVE-2020-15859](https://nvd.nist.gov/vuln/detail/CVE-2020-15859),[ CVE-2020-15863](https://nvd.nist.gov/vuln/detail/CVE-2020-15863),[ CVE-2020-16092](https://nvd.nist.gov/vuln/detail/CVE-2020-16092),[ CVE-2020-25741](https://nvd.nist.gov/vuln/detail/CVE-2020-25741),[ CVE-2020-25742](https://nvd.nist.gov/vuln/detail/CVE-2020-25742),[ CVE-2020-25743](https://nvd.nist.gov/vuln/detail/CVE-2020-25743))<br>* git ([CVE-2021-21300](https://nvd.nist.gov/vuln/detail/CVE-2021-21300))<br>* gnutls ([CVE-2021-20231](https://nvd.nist.gov/vuln/detail/CVE-2021-20231),[ CVE-2021-20232](https://nvd.nist.gov/vuln/detail/CVE-2021-20232))<br>* curl ([CVE-2021-22876](https://nvd.nist.gov/vuln/detail/CVE-2021-22876),[ CVE-2021-22890](https://nvd.nist.gov/vuln/detail/CVE-2021-22890))<br><br>**Bug Fixes**<br><br><br><br>* NVIDIA GPU Support added in the AWS Pro images ([coreos-overlay#1078](https://github.com/kinvolk/coreos-overlay/pull/1078)) <br><br>**Updates**<br><br><br><br>* Linux ([5.10.46](https://lwn.net/Articles/860655/))<br>* dbus ([1.10.32](https://github.com/freedesktop/dbus/releases/tag/dbus-1.10.32))<br>* openssh ([8.6_p1](https://www.openssh.com/txt/release-8.6))<br>* openldap ([2.4.58](https://www.openldap.org/software/release/announce.html))<br>* curl ([7.76.1](https://curl.se/changes.html#7_76_1))<br>* gnutls ([3.7.1](https://gitlab.com/gnutls/gnutls/-/tags/3.7.1))<br>* git ([2.26.3](https://raw.githubusercontent.com/git/git/v2.26.3/Documentation/RelNotes/2.26.3.txt))<br>* go ([1.16.4](https://go.googlesource.com/go/+/refs/tags/go1.16.4))<br>* dnsmasq ([2.83](https://thekelleys.org.uk/dnsmasq/CHANGELOG))<br>* libxml2 ([2.9.12](https://github.com/GNOME/libxml2/releases/tag/v2.9.12))<br>* sqlite ([3.34.1](https://www.sqlite.org/releaselog/3_34_1.html))<br>* SDK: binutils ([2.36.1](https://sourceware.org/pipermail/binutils/2021-February/115240.html))<br>* SDK: QEMU ([5.2.0](https://wiki.qemu.org/ChangeLog/5.2))<br><br>**Deprecation**<br><br><br><br>* rkt and kubelet-wrapper are deprecated and removed from Beta, also from subsequent channels in the future. Please read the[ removal announcement](https://groups.google.com/g/flatcar-linux-user/c/MeinndLqJO4) to know more.<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.10.46<br>- systemd 247<br><br>Architectures:<br>- amd64<br> 2021-07-02T07:37:53+00:00 @@ -366,7 +374,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2823.1.3 2823.1.3 - 2023-10-25T10:20:35.842601+00:00 + 2023-11-22T09:59:25.556638+00:00 **Security fixes**<br><br><br><br>* Linux ([CVE-2020-26558](https://nvd.nist.gov/vuln/detail/CVE-2020-26558), [CVE-2021-0129](https://nvd.nist.gov/vuln/detail/CVE-2021-0129), [CVE-2020-24587](https://nvd.nist.gov/vuln/detail/CVE-2020-24587), [CVE-2020-24586](https://nvd.nist.gov/vuln/detail/CVE-2020-24586), [CVE-2020-24588](https://nvd.nist.gov/vuln/detail/CVE-2020-24588), [CVE-2020-26139](https://nvd.nist.gov/vuln/detail/CVE-2020-26139), [CVE-2020-26145](https://nvd.nist.gov/vuln/detail/CVE-2020-26145), [CVE-2020-26147](https://nvd.nist.gov/vuln/detail/CVE-2020-26147), [CVE-2020-26141](https://nvd.nist.gov/vuln/detail/CVE-2020-26141), [CVE-2021-3564](https://nvd.nist.gov/vuln/detail/CVE-2021-3564), [CVE-2021-28691](https://nvd.nist.gov/vuln/detail/CVE-2021-28691), [CVE-2021-3587](https://nvd.nist.gov/vuln/detail/CVE-2021-3587), [CVE-2021-3573](https://nvd.nist.gov/vuln/detail/CVE-2021-3573))<br><br>**Bug fixes**<br><br><br><br>* Update-engine sent empty requests when restarted before a pending reboot ([Flatcar#388](https://github.com/kinvolk/Flatcar/issues/388))<br><br>**Changes**<br><br><br><br>* Disabled SELinux for Docker ([coreos-overlay#1055](https://github.com/kinvolk/coreos-overlay/pull/1055))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.43](https://lwn.net/Articles/859022/))<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.10.43<br>- systemd 247<br><br>Architectures:<br>- amd64<br> 2021-06-17T10:30:54+00:00 @@ -374,7 +382,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2823.1.2 2823.1.2 - 2023-10-25T10:20:35.837679+00:00 + 2023-11-22T09:59:25.551647+00:00 **Bug fixes**<br><br>* The Linux kernel IOMMU-related crash introduced in the 5.10.37 update got fixed through the 5.10.38 update ([Flatcar#400](https://github.com/kinvolk/Flatcar/issues/400))<br><br>**Updates**<br><br>* Linux ([5.10.38](https://lwn.net/Articles/856654/))<br><br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.10.38<br>- systemd 247<br><br>Architectures:<br>- amd64<br> 2021-05-21T12:08:31+00:00 @@ -382,7 +390,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2823.1.1 2823.1.1 - 2023-10-25T10:20:35.833343+00:00 + 2023-11-22T09:59:25.547304+00:00 **Security fixes**<br><br>* Linux ([CVE-2021-3491](https://nvd.nist.gov/vuln/detail/CVE-2021-3491), [CVE-2021-31440](https://nvd.nist.gov/vuln/detail/CVE-2021-31440), [CVE-2021-31829](https://nvd.nist.gov/vuln/detail/CVE-2021-31829))<br>* nvidia-drivers ([CVE-2021-1052](https://nvd.nist.gov/vuln/detail/CVE-2021-1052), [CVE-2021-1053](https://nvd.nist.gov/vuln/detail/CVE-2021-1053), [CVE-2021-1056](https://nvd.nist.gov/vuln/detail/CVE-2021-1056), [CVE-2021-1076](https://nvd.nist.gov/vuln/detail/CVE-2021-1076), [CVE-2021-1077](https://nvd.nist.gov/vuln/detail/CVE-2021-1077))<br>* runc ([CVE-2021-30465](https://nvd.nist.gov/vuln/detail/CVE-2021-30465))<br><br>**Updates**<br><br>* Linux ([5.10.37](https://lwn.net/Articles/856269/))<br>* nvidia-drivers ([460.73.01](https://www.nvidia.com/Download/driverResults.aspx/172376/en-us))<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.10.37<br>- systemd 247<br><br>Architectures:<br>- amd64<br> 2021-05-19T11:39:05+00:00 @@ -390,7 +398,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2823.1.0 2823.1.0 - 2023-10-25T10:20:35.828665+00:00 + 2023-11-22T09:59:25.542633+00:00 _Changes since **Alpha** **2823.0.0**:_<br><br><br>**Security fixes**<br><br><br><br>* Linux ([CVE-2021-28964](https://nvd.nist.gov/vuln/detail/CVE-2021-28964), [CVE-2021-28972](https://nvd.nist.gov/vuln/detail/CVE-2021-28972), [CVE-2021-28971](https://nvd.nist.gov/vuln/detail/CVE-2021-28971), [CVE-2021-28951](https://nvd.nist.gov/vuln/detail/CVE-2021-28951), [CVE-2021-28952](https://nvd.nist.gov/vuln/detail/CVE-2021-28952), [CVE-2021-29266](https://nvd.nist.gov/vuln/detail/CVE-2021-29266), [CVE-2021-28688](https://nvd.nist.gov/vuln/detail/CVE-2021-28688), [CVE-2021-29264](https://nvd.nist.gov/vuln/detail/CVE-2021-29264), [CVE-2021-29649](https://nvd.nist.gov/vuln/detail/CVE-2021-29649), [CVE-2021-29650](https://nvd.nist.gov/vuln/detail/CVE-2021-29650), [CVE-2021-29646](https://nvd.nist.gov/vuln/detail/CVE-2021-29646), [CVE-2021-29647](https://nvd.nist.gov/vuln/detail/CVE-2021-29647), [CVE-2021-29154](https://nvd.nist.gov/vuln/detail/CVE-2021-29154), [CVE-2021-29155](https://nvd.nist.gov/vuln/detail/CVE-2021-29155), [CVE-2021-23133](https://nvd.nist.gov/vuln/detail/CVE-2021-23133))<br><br>**Bug fixes**<br><br><br><br>* Fix the patch to update DefaultTasksMax in systemd ([coreos-overlay#971](https://github.com/kinvolk/coreos-overlay/pull/971))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.32](https://lwn.net/Articles/853762/))<br>* systemd ([247.6](https://github.com/systemd/systemd-stable/releases/tag/v247.6))<br><br>_Changes since **Beta** **2801.1.0**:_<br><br>**Security fixes**<br><br><br><br>* Linux ([CVE-2021-28964](https://nvd.nist.gov/vuln/detail/CVE-2021-28964), [CVE-2021-28972](https://nvd.nist.gov/vuln/detail/CVE-2021-28972), [CVE-2021-28971](https://nvd.nist.gov/vuln/detail/CVE-2021-28971), [CVE-2021-28951](https://nvd.nist.gov/vuln/detail/CVE-2021-28951), [CVE-2021-28952](https://nvd.nist.gov/vuln/detail/CVE-2021-28952), [CVE-2021-29266](https://nvd.nist.gov/vuln/detail/CVE-2021-29266), [CVE-2021-28688](https://nvd.nist.gov/vuln/detail/CVE-2021-28688), [CVE-2021-29264](https://nvd.nist.gov/vuln/detail/CVE-2021-29264), [CVE-2021-29649](https://nvd.nist.gov/vuln/detail/CVE-2021-29649), [CVE-2021-29650](https://nvd.nist.gov/vuln/detail/CVE-2021-29650), [CVE-2021-29646](https://nvd.nist.gov/vuln/detail/CVE-2021-29646), [CVE-2021-29647](https://nvd.nist.gov/vuln/detail/CVE-2021-29647), [CVE-2021-29154](https://nvd.nist.gov/vuln/detail/CVE-2021-29154), [CVE-2021-29155](https://nvd.nist.gov/vuln/detail/CVE-2021-29155), [CVE-2021-23133](https://nvd.nist.gov/vuln/detail/CVE-2021-23133))<br>* Go ([CVE-2021-27918](https://nvd.nist.gov/vuln/detail/CVE-2021-27918),[ CVE-2021-27919](https://nvd.nist.gov/vuln/detail/CVE-2021-27919)) <br>* glib ([CVE-2021-28153](https://nvd.nist.gov/vuln/detail/CVE-2021-28153),[ CVE-2021-27218](https://nvd.nist.gov/vuln/detail/CVE-2021-27218),[ CVE-2021-27219](https://nvd.nist.gov/vuln/detail/CVE-2021-27219)) <br>* boost ([CVE-2012-2677](https://nvd.nist.gov/vuln/detail/CVE-2012-2677))<br>* ncurses ([CVE-2019-17594](https://nvd.nist.gov/vuln/detail/CVE-2019-17594),[ CVE-2019-17595](https://nvd.nist.gov/vuln/detail/CVE-2019-17595))<br>* zstd ([CVE-2021-24032](https://nvd.nist.gov/vuln/detail/CVE-2021-24032))<br><br>**Bug Fixes**<br><br><br><br>* Fix the patch to update DefaultTasksMax in systemd ([coreos-overlay#971](https://github.com/kinvolk/coreos-overlay/pull/971))<br><br>**Changes**<br><br><br><br>* The pam_faillock PAM module was enabled as replacement for the removed pam_tally2 module and will temporarily lock an account if there were login attempts with a wrong password. The faillock command can be used to show the current state. With pam_tally2 there was no limit for wrong password login attempts but with faillock the default is already restricting the attempts. The default behavior was relaxed to allow 5 wrong passwords per two minutes, and a one minute account lock time. This does not apply to logins with an SSH key. ([baselayout#17](https://github.com/kinvolk/baselayout/pull/17))<br>* The etcd and flannel services are now run with Docker and any rkt-based customizations of the etcd-member and flanneld services not supported anymore. Also, because the flanneld service relies on Docker and will restart Docker after applying the new configuration, it is not possible anymore to set Requires=flanneld.service for docker.service and instead it’s enough to have flanneld.service enabled. ([coreos-overlay#857](https://github.com/kinvolk/coreos-overlay/pull/857))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.32](https://lwn.net/Articles/853762/))<br>* Linux firmware ([20210315](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20210315))<br>* systemd ([247.6](https://github.com/systemd/systemd-stable/releases/tag/v247.6))<br>* Go ([1.15.10](https://go.googlesource.com/go/+/refs/tags/go1.15.10))<br>* boost ([1.75.0](https://www.boost.org/users/history/version_1_75_0.html))<br>* glib ([2.66.8](https://gitlab.gnome.org/GNOME/glib/-/releases/2.66.8))<br>* ncurses ([6.2](https://invisible-island.net/ncurses/announce-6.2.html))<br>* zstd ([1.4.9](https://github.com/facebook/zstd/releases/tag/v1.4.9))<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.10.32<br>- systemd 247<br><br>Architectures:<br>- amd64<br> 2021-04-28T13:33:49+00:00 @@ -398,7 +406,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2801.1.0 2801.1.0 - 2023-10-25T10:20:35.821036+00:00 + 2023-11-22T09:59:25.534941+00:00 **Security fixes**<br><br><br><br>* Linux ([CVE-2021-27365](https://nvd.nist.gov/vuln/detail/CVE-2021-27365), [CVE-2021-27364](https://nvd.nist.gov/vuln/detail/CVE-2021-27364), [CVE-2021-27363](https://nvd.nist.gov/vuln/detail/CVE-2021-27363), [CVE-2021-28038](https://nvd.nist.gov/vuln/detail/CVE-2021-28038), [CVE-2021-28039](https://nvd.nist.gov/vuln/detail/CVE-2021-28039), [CVE-2021-28375](https://nvd.nist.gov/vuln/detail/CVE-2021-28375), [CVE-2021-28660](https://nvd.nist.gov/vuln/detail/CVE-2021-28660), [CVE-2021-27218](https://nvd.nist.gov/vuln/detail/CVE-2021-27218), [CVE-2021-27219](https://nvd.nist.gov/vuln/detail/CVE-2021-27219), [CVE-2021-3444](https://nvd.nist.gov/vuln/detail/CVE-2021-3444))<br>* openssl ([CVE-2021-23840](https://nvd.nist.gov/vuln/detail/CVE-2021-23840),[ CVE-2021-23841](https://nvd.nist.gov/vuln/detail/CVE-2021-23841), [CVE-2020-1971](https://nvd.nist.gov/vuln/detail/CVE-2020-1971),[ CVE-2021-23840](https://nvd.nist.gov/vuln/detail/CVE-2021-23840),[ CVE-2021-23841](https://nvd.nist.gov/vuln/detail/CVE-2021-23841), [CVE-2021-3449](https://nvd.nist.gov/vuln/detail/CVE-2021-3449),[ CVE-2021-3450](https://nvd.nist.gov/vuln/detail/CVE-2021-3450))<br><br>**Bug Fixes**<br><br><br><br>* GCE: The old interface name ens4v1 which was replaced by eth0 due to a broken udev rule was restored, but now as alternative interface name, and eth0 will stay the primary name for consistency across cloud environments. ([init#38](https://github.com/kinvolk/init/pull/38))<br><br>**Changes**<br><br><br><br>* The virtio network interfaces got predictable interface names as alternative interface names, and thus these names can also be used to match for a specific interface in case there is more than one and the eth0 and eth1 name assignment is not stable. ([init#38](https://github.com/kinvolk/init/pull/38))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.25](https://lwn.net/Articles/849951/))<br>* openssl ([1.1.1k](https://mta.openssl.org/pipermail/openssl-announce/2021-March/000197.html))<br>* open-iscsi ([2.1.4](https://github.com/open-iscsi/open-iscsi/releases/tag/2.1.4))<br><br>**Deprecation**<br><br><br><br>* dhcpcd and containerd-stress are deprecated and removed from Beta, also from subsequent channels in the future. Users that relied on dhcpd should either migrate to systemd-networkd as a DHCP server or run dhcpd from a container.<br>* Docker 1.12 is deprecated and removed from Beta, also from subsequent channels in the future.<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.10.25<br>- systemd 247<br><br>Architectures:<br>- amd64<br> 2021-03-25T15:38:18+00:00 @@ -406,7 +414,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2765.1.0 2765.1.0 - 2023-10-25T10:20:35.815047+00:00 + 2023-11-22T09:59:25.528976+00:00 **Security fixes**<br><br><br><br>* Linux ([CVE-2021-3347](https://nvd.nist.gov/vuln/detail/CVE-2021-3347), [CVE-2021-3348](https://nvd.nist.gov/vuln/detail/CVE-2021-3348), [CVE-2021-26708](https://nvd.nist.gov/vuln/detail/CVE-2021-26708), [CVE-2021-20194](https://nvd.nist.gov/vuln/detail/CVE-2021-20194))<br>* Docker ([CVE-2021-21285](https://nvd.nist.gov/vuln/detail/CVE-2021-21285), [CVE-2021-21284](https://nvd.nist.gov/vuln/detail/CVE-2021-21284))<br>* NVIDIA ([CVE-2021-1052](https://nvd.nist.gov/vuln/detail/CVE-2021-1052),[ CVE-2021-1053](https://nvd.nist.gov/vuln/detail/CVE-2021-1053),[ CVE-2021-1056](https://nvd.nist.gov/vuln/detail/CVE-2021-1056))<br><br>**Bug Fixes**<br><br><br><br>* app-crypt/trousers: use correct file permissions ([coreos-overlay#809](https://github.com/kinvolk/coreos-overlay/pull/809))<br>* x11-drivers/nvidia-drivers: Handle NVIDIA Version upgrades ([https://github.com/kinvolk/coreos-overlay/pull/762](https://github.com/kinvolk/coreos-overlay/pull/762))<br>* flatcar-eks: add missing mkdir and update to latest versions ([https://github.com/kinvolk/coreos-overlay/pull/817](https://github.com/kinvolk/coreos-overlay/pull/817))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.16](https://lwn.net/Articles/846116/))<br>* Docker ([19.03.15](https://docs.docker.com/engine/release-notes/19.03/#190315))<br>* NVIDIA Tesla Driver ([460.32.03](https://docs.nvidia.com/datacenter/tesla/tesla-release-notes-460-32-03/index.html))<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.10.16<br>- systemd 247<br><br>Architectures:<br>- amd64<br> 2021-02-18T12:44:47+00:00 @@ -414,7 +422,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2705.1.2 2705.1.2 - 2023-10-25T10:20:35.809992+00:00 + 2023-11-22T09:59:25.523877+00:00 **Security fixes**<br><br>* go - [CVE-2021-3114](https://github.com/golang/go/issues/43786)<br>* sudo - [CVE-2021-3156](https://nvd.nist.gov/vuln/detail/CVE-2021-3156), [CVE-2021-23239](https://nvd.nist.gov/vuln/detail/CVE-2021-23239)<br><br>**Bug fixes**<br><br>* `/etc/iscsi/initiatorname.iscsi` is generated by the iscsi-init service ([#321](https://github.com/kinvolk/Flatcar/issues/321))<br>* Prevent iscsiadm buffer overflow ([#318](https://github.com/kinvolk/Flatcar/issues/318))<br><br>**Changes**<br><br>* Revert to building docker and containerd with go1.13 instead of go1.15. This reduces the SIGURG log spam ([Issue #315](https://github.com/kinvolk/Flatcar/issues/315) [PR #774](https://github.com/kinvolk/coreos-overlay/pull/774))<br>* The containerd socket is now available in the default location (`/run/containerd/containerd.sock`) and also as a symlink in the previous location (`/run/docker/libcontainerd/docker-containerd.sock`) ([#771](https://github.com/kinvolk/coreos-overlay/pull/771))<br>* With the iscsi update, the service unit has changed from iscsid to iscsi ([#791](https://github.com/kinvolk/coreos-overlay/pull/791))<br>* AWS Pro: include scripts to facilitate setup of EKS workers ([#794](https://github.com/kinvolk/coreos-overlay/pull/794)).<br>* Missed from earlier notes: with the previous open-iscsi update to 2.1.2, the service unit name changed from iscsid to iscsi ([#682](https://github.com/kinvolk/coreos-overlay/pull/682))<br><br>**Updates**<br><br>* open-iscsi ([2.1.3](https://github.com/open-iscsi/open-iscsi/releases/tag/2.1.3))<br>* go ([1.15.7](https://go.googlesource.com/go/+/refs/tags/go1.15.7))<br>* sudo ([1.9.5p2](https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_5p2))<br>Packages:<br>- docker 19.03.14<br>- ignition 0.34.0<br>- kernel 5.9.16<br>- systemd 246<br><br>Architectures:<br>- amd64<br> 2021-01-28T11:01:35+00:00 @@ -422,7 +430,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2705.1.1 2705.1.1 - 2023-10-25T10:20:35.804579+00:00 + 2023-11-22T09:59:25.518416+00:00 **Security fixes**<br><br>* Linux<br> - [CVE-2020-27835](https://nvd.nist.gov/vuln/detail/CVE-2020-27835)<br> - [CVE-2020-29661](https://nvd.nist.gov/vuln/detail/CVE-2020-29661)<br> - [CVE-2020-29660](https://nvd.nist.gov/vuln/detail/CVE-2020-29660)<br> - [CVE-2020-27830](https://www.openwall.com/lists/oss-security/2020/12/07/1)<br> - [CVE-2020-28588](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4f134b89a24b965991e7c345b9a4591821f7c2a6)<br><br>**Bug fixes**<br><br>* The sysctl `net.ipv4.conf.*.rp_filter` is set to `0` for the Cilium CNI plugin to work ([kinvolk/Flatcar#181](https://github.com/kinvolk/Flatcar/issues/181))<br>* Package downloads in the developer container now use the correct URL again ([kinvolk/Flatcar#298](https://github.com/kinvolk/Flatcar/issues/298))<br>* networkd: avoid managing MAC addresses for veth devices ([kinvolk/init#33](https://github.com/kinvolk/init/pull/33))<br><br>**Changes**<br><br>* The sysctl default config file is now applied under the prefix 60 which allows for custom sysctl config files to take effect when they start with a prefix of 70, 80, or 90 ([kinvolk/baselayout#13](https://github.com/kinvolk/baselayout/pull/13))<br>* Containerd CRI plugin got enabled by default, only the containerd socket path needs to be specified as kubelet parameter for Kubernetes 1.20 to use containerd instead of Docker ([kinvolk/Flatcar#283](https://github.com/kinvolk/Flatcar/issues/283))<br>* For users with a custom update server a machine alias setting in update-engine allows to give human-friendly names to client instances ([kinvolk/update-engine#8](https://github.com/kinvolk/update_engine/pull/8))<br><br>**Updates**<br><br>* Linux ([5.9.16](https://lwn.net/Articles/840977/))<br>* containerd ([1.4.3](https://github.com/containerd/containerd/releases/tag/v1.4.3))<br>* Docker ([19.03.14](https://github.com/docker/docker-ce/releases/tag/v19.03.14))<br><br>Packages:<br>- docker 19.03.14<br>- ignition 0.34.0<br>- kernel 5.9.16<br>- systemd 246<br><br>Architectures:<br>- amd64<br> 2021-01-12T17:00:58+00:00 @@ -430,7 +438,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2705.1.0 2705.1.0 - 2023-10-25T10:20:35.798933+00:00 + 2023-11-22T09:59:25.512781+00:00 Security fixes:<br>* No changes since Alpha 2705.0.0<br><br>Bug fixes:<br>* No changes since Alpha 2705.0.0<br><br>Changes:<br>* No changes since Alpha 2705.0.0<br><br>Updates:<br>* No changes since Alpha 2705.0.0<br><br>Packages:<br>- docker 19.03.13<br>- ignition 0.34.0<br>- kernel 5.9.11<br>- systemd 246<br><br>Architectures:<br>- amd64<br> 2020-12-01T13:28:41+00:00 @@ -438,7 +446,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2643.1.1 2643.1.1 - 2023-10-25T10:20:35.794641+00:00 + 2023-11-22T09:59:25.508438+00:00 Security fixes:<br><br>* Linux - [CVE-2020-27194](https://nvd.nist.gov/vuln/detail/CVE-2020-27194), [CVE-2020-27152](https://nvd.nist.gov/vuln/detail/CVE-2020-27152)<br>* Go - [CVE-2020-28362](https://nvd.nist.gov/vuln/detail/CVE-2020-28362), [CVE-2020-28367](https://nvd.nist.gov/vuln/detail/CVE-2020-28367), [CVE-2020-28366](https://nvd.nist.gov/vuln/detail/CVE-2020-28366)<br><br>Bug fixes:<br><br>* network: Restore KeepConfiguration=dhcp-on-stop ([kinvolk/init#30](https://github.com/kinvolk/init/pull/30))<br><br>Updates:<br><br>* Linux ([5.8.18](https://lwn.net/Articles/835763/))<br>* Go ([1.15.5](https://go.googlesource.com/go/+/refs/tags/go1.15.5))<br><br>Packages:<br>- docker 19.03.13<br>- ignition 0.34.0<br>- kernel 5.8.18<br>- systemd 245<br><br>Architectures:<br>- amd64<br> 2020-11-19T15:42:05+00:00 @@ -446,7 +454,7 @@ https://github.com/flatcar/manifest/releases/tag/v2643.1.0 2643.1.0 - 2023-10-25T10:20:35.790030+00:00 + 2023-11-22T09:59:25.503790+00:00 Security fixes:<br>- Linux - [CVE-2020-25645](https://nvd.nist.gov/vuln/detail/CVE-2020-25645), [CVE-2020-25643](https://nvd.nist.gov/vuln/detail/CVE-2020-25643), [CVE-2020-25211](https://nvd.nist.gov/vuln/detail/CVE-2020-25211)<br><br>Bug fixes:<br>- Ensured that the `/etc/coreos` to `/etc/flatcar` symlink always exists, relevant for the Container Linux Config transpiler (ct) when specifying directives for `update:` or `locksmith:` while also reformatting the rootfs ([baselayout PR#7](https://github.com/flatcar/baselayout/pull/7))<br><br>Updates:<br>- Linux [5.8.14](https://lwn.net/Articles/833689/)<br>Packages:<br>- docker 19.03.13<br>- ignition 0.34.0<br>- kernel 5.8.14<br>- systemd 245<br><br>Architectures:<br>- amd64<br> 2020-10-16T08:05:22+00:00 @@ -454,7 +462,7 @@ https://github.com/flatcar/manifest/releases/tag/v2632.1.0 2632.1.0 - 2023-10-25T10:20:35.785482+00:00 + 2023-11-22T09:59:25.499201+00:00 Security fixes:<br>- Linux: [CVE-2020-25284](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25284), [CVE-2020-14390](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14390)<br><br>Bug fixes:<br><br>- Enabled missing systemd services ([#191](https://github.com/flatcar/Flatcar/issues/191), [PR #612](https://github.com/flatcar/coreos-overlay/pull/612))<br>- Fixed Docker torcx image unpacking error on machines with less than ~600 MB total RAM ([#32](https://github.com/flatcar/Flatcar/issues/32))<br>- Solved adcli Kerberos Active Directory incompatibility ([#194](https://github.com/flatcar/Flatcar/issues/194))<br>- Fixed the makefile path when building kernel modules with the developer container ([#195](https://github.com/flatcar/Flatcar/issues/195))<br>- Removed the `/etc/portage/savedconfig/` folder that contained a dump of the firmware config [flatcar-linux/coreos-overlay#613](https://github.com/flatcar/coreos-overlay/pull/613)<br><br>Changes:<br><br>- GCE: Improved oslogin support and added shell aliases to run a Python Docker image ([PR #592](https://github.com/flatcar/coreos-overlay/pull/592))<br><br>Updates:<br><br>- Linux [5.8.11](https://lwn.net/Articles/832305/)<br>- adcli [0.9.0](https://cgit.freedesktop.org/realmd/adcli/tree/NEWS?h=0.9.0)<br>- GCE: oslogin [20200910.00](https://github.com/GoogleCloudPlatform/guest-oslogin/releases/tag/20200910.00)<br>Packages:<br>- docker 19.03.12<br>- ignition 0.34.0<br>- kernel 5.8.11<br>- rkt 1.30.0<br>- systemd 245<br><br>Architectures:<br>- amd64<br> 2020-09-30T12:22:40+00:00 @@ -462,7 +470,7 @@ https://github.com/flatcar/manifest/releases/tag/v2605.4.0 2605.4.0 - 2023-10-25T10:20:35.780226+00:00 + 2023-11-22T09:59:25.493918+00:00 Bug fixes:<br><br>- Fix resetting of DNS nameservers in systemd-networkd units ([PR#12](https://github.com/flatcar/systemd/pull/12))<br><br>Changes:<br><br>- Disable TX checksum offloading for the IP-in-IP tunl0 interface used by Calico ([PR#26](https://github.com/flatcar/init/pull/26)). This is a workaround for a Mellanox driver issue, currently tracked in [Flatcar#183](https://github.com/flatcar/Flatcar/issues/183)<br>- Set `sysctl net.ipv4.conf.(all|*).rp_filter` to 0 (instead of the systemd upstream value 2) to be less restrictive which some network solutions rely on ([PR#11](https://github.com/flatcar/systemd/pull/11))<br>- `flatcar-install` allows installation to a multipath drive ([PR#24](https://github.com/flatcar/init/pull/24))<br><br>Updates:<br><br>- Linux [5.4.65](https://lwn.net/Articles/831366/)<br><br>Packages:<br>- docker 19.03.12<br>- ignition 0.34.0<br>- kernel 5.4.65<br>- rkt 1.30.0<br>- systemd 245<br><br>Architectures:<br>- amd64<br> 2020-09-16T06:13:42+00:00 @@ -470,7 +478,7 @@ https://github.com/flatcar/manifest/releases/tag/v2605.3.0 2605.3.0 - 2023-10-25T10:20:35.775374+00:00 + 2023-11-22T09:59:25.488986+00:00 Security fixes:<br>- Linux kernel: Fix AF_PACKET overflow in tpacket_rcv [CVE-2020-14386](https://seclists.org/oss-sec/2020/q3/146)<br><br>Updates:<br>- Linux [5.4.62](https://lwn.net/Articles/830502/)<br>Packages:<br>- docker 19.03.12<br>- ignition 0.34.0<br>- kernel 5.4.62<br>- rkt 1.30.0<br>- systemd 245<br><br>Architectures:<br>- amd64<br> 2020-09-07T15:37:41+00:00 @@ -478,7 +486,7 @@ https://github.com/flatcar/manifest/releases/tag/v2605.2.0 2605.2.0 - 2023-10-25T10:20:35.771015+00:00 + 2023-11-22T09:59:25.484534+00:00 Changes from Alpha release 2605.1.0<br><br>Changes:<br>- Update public key to include [new subkey](https://github.com/flatcar/init/pull/25)<br>Packages:<br>- docker 19.03.12<br>- ignition 0.34.0<br>- kernel 5.4.61<br>- rkt 1.30.0<br>- systemd 245<br><br>Architectures:<br>- amd64<br> 2020-09-03T12:48:56+00:00 @@ -486,7 +494,7 @@ https://github.com/flatcar/manifest/releases/tag/v2513.3.0 2513.3.0 - 2023-10-25T10:20:35.766629+00:00 + 2023-11-22T09:59:25.480140+00:00 Security fixes:<br><br>* Bind: fixes for [CVE-2020-8616](https://nvd.nist.gov/vuln/detail/CVE-2020-8616), [CVE-2020-8617](https://nvd.nist.gov/vuln/detail/CVE-2020-8617), [CVE-2020-8620](https://nvd.nist.gov/vuln/detail/CVE-2020-8620), [CVE-2020-8621](https://nvd.nist.gov/vuln/detail/CVE-2020-8621), [CVE-2020-8622](https://nvd.nist.gov/vuln/detail/CVE-2020-8622), [CVE-2020-8623](https://nvd.nist.gov/vuln/detail/CVE-2020-8623), [CVE-2020-8624](https://nvd.nist.gov/vuln/detail/CVE-2020-8624)<br><br>Bug fixes:<br><br>* etcd-wrapper: Adjust data dir permissions ([flatcar-linux/coreos-overlay#536](https://github.com/flatcar/coreos-overlay/pull/536))<br><br>Updates:<br><br>* Linux [5.4.59](https://lwn.net/Articles/829106/)<br>* bind-tools [9.11.22](https://ftp.isc.org/isc/bind9/cur/9.11/RELEASE-NOTES-bind-9.11.22.txt)<br>* etcd-wrapper [3.3.24](https://github.com/etcd-io/etcd/releases/tag/v3.3.24)<br><br>Packages:<br>- docker 19.03.11<br>- ignition 0.34.0<br>- kernel 5.4.59<br>- rkt 1.30.0<br>- systemd 243<br><br>Architectures:<br>- amd64<br> 2020-08-20T21:46:48+00:00 @@ -494,7 +502,7 @@ https://github.com/flatcar/manifest/releases/tag/v2513.2.0 2513.2.0 - 2023-10-25T10:20:35.761923+00:00 + 2023-11-22T09:59:25.475328+00:00 Changes since the Alpha release 2513.1.0<br><br>Bug Fixes:<br>- The [static IP address configuration in the initramfs](https://docs.flatcar-linux.org/ignition/network-configuration/#using-static-ip-addresses-with-ignition) works again in the format `ip=<ip>::<gateway>:<netmask>:<hostname>:<iface>:none[:<dns1>[:<dns2>]]` https://github.com/flatcar/bootengine/pull/15<br><br><br>Updates:<br>- Linux [5.4.52](https://lwn.net/Articles/826291/)<br><br>Packages:<br>- docker 19.03.11<br>- ignition 0.34.0<br>- kernel 5.4.52<br>- rkt 1.30.0<br>- systemd 243<br><br>Architectures:<br>- amd64<br> 2020-07-23T09:44:10+00:00 @@ -502,7 +510,7 @@ https://github.com/flatcar/manifest/releases/tag/v2512.1.1 2512.1.1 - 2023-10-25T10:20:35.757420+00:00 + 2023-11-22T09:59:25.470774+00:00 ## Flatcar updates<br><br>Security fixes:<br>- Fix the Intel Microcode vulnerabilities ([CVE-2020-0543](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0543))<br><br>Changes:<br>- A source code and licensing overview is available under `/usr/share/licenses/INFO`<br><br>Updates:<br>- Linux [4.19.128](https://lwn.net/Articles/822841/)<br>- intel-microcode [20200609](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20200609)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.34.0<br>- kernel 4.19.128<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2020-06-17T15:46:09+00:00 @@ -510,7 +518,7 @@ https://github.com/flatcar/manifest/releases/tag/v2512.1.0 2512.1.0 - 2023-10-25T10:20:35.752861+00:00 + 2023-11-22T09:59:25.466190+00:00 ## Flatcar updates<br><br>Security fixes:<br>- Fix e2fsprogs arbitrary code execution via crafted filesystem ([CVE-2019-5094](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094))<br>- Fix Git arbitrary path overwrite, credential leak from credential helpers, remote code execution in recursive clones, and arbitrary command execution via submodules ([CVE-2019-1348](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1348), [CVE-2019-1387](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1387), [CVE-2019-19604](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19604), [CVE-2020-11008](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11008), [CVE-2020-5260](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5260))<br>- Fix libarchive crash or use-after-free via crafted RAR file ([CVE-2019-18408](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18408), [CVE-2020-9308](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9308))<br>- Fix libgcrypt ECDSA timing attack ([CVE-2019-13627](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13627))<br>- Fix libidn2 domain impersonation ([CVE-2019-12290](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12290))<br>- Fix NSS crashes and heap corruption ([CVE-2017-11695](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11695), [CVE-2017-11696](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11696), [CVE-2017-11697](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11697), [CVE-2017-11698](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11698), [CVE-2018-18508](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18508), [CVE-2019-11745](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745))<br>- Fix OpenSSL overflow in Montgomery squaring procedure ([CVE-2019-1551](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551))<br>- Fix SQLite crash and heap corruption ([CVE-2019-16168](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16168), [CVE-2019-5827](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5827))<br>- Fix unzip heap overflow or excessive resource consumption via crafted archive ([CVE-2018-1000035](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000035), [CVE-2019-13232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13232))<br>- Fix vim arbitrary command execution via crafted file ([CVE-2019-12735](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12735))<br><br>Bug fixes:<br>- When writing the update kernel, prefer `/boot/coreos` only if `/boot/coreos/vmlinux-*` exists (https://github.com/flatcar/update_engine/pull/5)<br>- Fixed sysroot-boot initramfs service race which resulted in a warning that this service failed<br>- Use the correct `BINHOST` URLs in the development container to download binary packages<br><br>Changes:<br>- Support the CoreOS GRUB `/boot/coreos/first_boot` flag file (https://github.com/flatcar/bootengine/pull/13)<br>- Fetch container images in docker format rather than ACI by default in `etcd-member.service`, `flanneld.service`, and `kubelet-wrapper`<br>- Use `flatcar.autologin` kernel command line parameter on Azure and VMware for auto login on the serial console<br>- Include `conntrack` ([conntrack-tools](http://conntrack-tools.netfilter.org/))<br>- Include `journalctl` output, `pstore` kernel crash logs, and `coredumpctl list` output in the `mayday` report<br>- Update wa-linux-agent to 2.2.46 on Azure<br>- Support both `coreos.config.*` and `flatcar.config.*` guestinfo variables on VMware OEM<br><br>Updates:<br>- e2fsprogs [1.45.5](http://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.45.5)<br>- etcd [3.3.20](https://github.com/etcd-io/etcd/releases/tag/v3.3.20)<br>- etcdctl [3.3.20](https://github.com/etcd-io/etcd/releases/tag/v3.3.20)<br>- Git [2.24.1](https://raw.githubusercontent.com/git/git/v2.24.1/Documentation/RelNotes/2.24.1.txt)<br>- Linux [4.19.124](https://lwn.net/Articles/820974/)<br>- OpenSSL [1.0.2u](https://www.openssl.org/news/openssl-1.0.2-notes.html)<br>- vim [8.2.0360](http://ftp.vim.org/pub/vim/patches/8.2/README)<br><br>Packages:<br>- docker 18.06.3<br>- ignition 0.34.0<br>- kernel 4.19.124<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2020-05-26T16:58:31+00:00 @@ -518,7 +526,7 @@ https://github.com/flatcar/manifest/releases/tag/v2411.1.1 2411.1.1 - 2023-10-25T10:20:35.745752+00:00 + 2023-11-22T09:59:25.459025+00:00 ## Flatcar updates<br><br>Bug fixes:<br><br>- Use newest network interface naming scheme (https://github.com/flatcar/Flatcar/issues/36)<br> - It is a possible breaking change for some persistent network interface names<br>- Fix URL scheme in emerge-gitclone (https://github.com/flatcar/coreos-overlay/issues/223)<br>- Fix coreos-cloudinit variable names (https://github.com/flatcar/coreos-overlay/pull/206)<br>- Prefer /boot/coreos to write updates (https://github.com/flatcar/update_engine/pull/2)<br>- Remove /boot/coreos/first_boot after a Ignition rerun on migration (https://github.com/flatcar/bootengine/pull/10)<br>- Support coreos.config.url as kernel command line parameter for Ignition (https://github.com/flatcar/ignition/pull/10)<br><br>Changes:<br><br>- Add kernel config for QEDE driver (https://github.com/flatcar/coreos-overlay/pull/198)<br>- Add `tracepath` alongside `traceroute6` (https://github.com/flatcar/Flatcar/issues/50)<br><br>Updates:<br><br>- Linux [4.19.112](https://lwn.net/Articles/815677/)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.34.0<br>- kernel 4.19.112<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2020-03-31T16:25:22+00:00 @@ -526,7 +534,7 @@ https://github.com/flatcar/manifest/releases/tag/v2411.1.0 2411.1.0 - 2023-10-25T10:20:35.740712+00:00 + 2023-11-22T09:59:25.453985+00:00 ## Flatcar updates<br>Bug fixes:<br>- Enable persistent network interface names already in the initramfs to fix https://github.com/coreos/bugs/issues/1767<br>- Fix backwards compatibility issues for users to migrate from CoreOS Container Linux. Support the kernel command line parameters `coreos.oem.*`, `coreos.autologin`, `coreos.first_boot`, and the QEMU firmware config path `opt/com.coreos/config` (https://github.com/flatcar/Flatcar/issues/16 https://github.com/flatcar/afterburn/pull/7 https://github.com/flatcar/bootengine/pull/7 https://github.com/flatcar/bootengine/pull/8 https://github.com/flatcar/init/pull/16 https://github.com/flatcar/init/pull/17 https://github.com/flatcar/ignition/pull/8)<br><br>## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2411.1.0)<br>Updates:<br>- Linux [4.19.106](https://lwn.net/Articles/813157/)<br><br>Packages:<br>- docker 18.06.3<br>- ignition 0.34.0<br>- kernel 4.19.106<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2020-03-02T11:57:48+00:00 @@ -534,7 +542,7 @@ https://github.com/flatcar/manifest/releases/tag/v2345.2.0 2345.2.0 - 2023-10-25T10:20:35.735868+00:00 + 2023-11-22T09:59:25.449155+00:00 ## Flatcar updates<br><br>Bug fixes:<br>- Fix DNS resolution for the GCE metadata server (https://github.com/flatcar/coreos-overlay/pull/160)<br>- Create symlink for /run/metadata/coreos (https://github.com/flatcar/coreos-overlay/pull/166)<br>- Create symlink for flatcar-install (https://github.com/flatcar/init/pull/14)<br><br>## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2345.2.0):<br><br>Security fixes:<br>- Fix systemd use-after-free upon receiving crafted D-Bus message from local unprivileged attacker ([CVE-2020-1712](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1712))<br><br>Changes:<br>- Enable `qede` kernel module<br><br>Updates:<br>- Linux [4.19.102](https://lwn.net/Articles/811638/)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.102<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2020-02-10T11:11:29+00:00 @@ -542,7 +550,7 @@ https://github.com/flatcar/manifest/releases/tag/v2345.1.0 2345.1.0 - 2023-10-25T10:20:35.731073+00:00 + 2023-11-22T09:59:25.444299+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2345.1.0):<br><br>Security fixes:<br><br>- Fix multiple Git [vulnerabilities](https://marc.info/?l=git&m=157600115215285&w=2) ([CVE-2019-1348](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1348), [CVE-2019-1349](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1349), [CVE-2019-1350](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1350), [CVE-2019-1351](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1351), [CVE-2019-1352](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1352), [CVE-2019-1353](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1353), [CVE-2019-1354](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1354), [CVE-2019-1387](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1387), [CVE-2019-19604](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19604))<br><br>Updates:<br><br>- Git [2.24.1](https://github.com/git/git/blob/master/Documentation/RelNotes/2.24.1.txt)<br>- Linux [4.19.95](https://lwn.net/Articles/809258/)<br><br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.95<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2020-01-17T13:33:11+00:00 @@ -550,7 +558,7 @@ https://github.com/flatcar/manifest/releases/tag/v2331.1.1 2331.1.1 - 2023-10-25T10:20:35.726225+00:00 + 2023-11-22T09:59:25.439436+00:00 ## Flatcar updates<br><br>Bug fixes:<br><br>- Fix a bug when creating RAID0 arrays by setting the default layout (https://github.com/flatcar/baselayout/pull/2)<br>- Fix bug of unpacking tarballs failing when xattr is not supported (https://github.com/flatcar/torcx/pull/2)<br><br>Updates:<br><br>- ldb [1.3.6](https://gitlab.com/samba-team/samba/-/tags/ldb-1.3.6)<br>- samba [4.8.6](https://gitlab.com/samba-team/samba/-/tags/samba-4.8.6)<br>- talloc [2.1.11](https://gitlab.com/samba-team/samba/-/tags/talloc-2.1.11)<br>- tdb [1.3.15](https://gitlab.com/samba-team/samba/-/tags/tdb-1.3.15)<br>- tevent [0.9.37](https://gitlab.com/samba-team/samba/-/tags/tevent-0.9.37)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.87<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-12-18T09:49:53+00:00 @@ -558,7 +566,7 @@ https://github.com/flatcar/manifest/releases/tag/v2331.1.0 2331.1.0 - 2023-10-25T10:20:35.721560+00:00 + 2023-11-22T09:59:25.434710+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2331.1.0):<br><br>Updates:<br> - Linux [4.19.87](https://lwn.net/Articles/805923/)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.87<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-12-05T06:34:11+00:00 @@ -566,7 +574,7 @@ https://github.com/flatcar/manifest/releases/tag/v2303.2.0 2303.2.0 - 2023-10-25T10:20:35.717190+00:00 + 2023-11-22T09:59:25.430384+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2303.2.0):<br><br>Security fixes:<br><br>- Fix Intel CPU disclosure of memory to user process. Complete mitigation requires [manually disabling TSX or SMT](https://docs.flatcar-linux.org/os/disabling-smt/) on affected processors. ([CVE-2019-11135](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11135), [TAA](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00270.html))<br>- Fix Intel CPU denial of service by a malicious guest VM ([CVE-2018-12207](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12207))<br><br>Bug fixes:<br><br>- Fix CFS scheduler throttling highly-threaded I/O-bound applications ([#2623](https://github.com/coreos/bugs/issues/2623))<br><br>Updates:<br><br>- intel-microcode [20191115](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/blob/microcode-20191115/releasenote)<br>- Linux [4.19.84](https://lwn.net/Articles/804465/)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.84<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-11-21T09:28:13+00:00 @@ -574,7 +582,7 @@ https://github.com/flatcar/manifest/releases/tag/v2303.1.1 2303.1.1 - 2023-10-25T10:20:35.712320+00:00 + 2023-11-22T09:59:25.425438+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2303.1.1):<br><br>Bug fixes:<br><br>- Fix time zone for Brazil ([#2627](https://github.com/coreos/bugs/issues/2627))<br><br>Updates:<br><br>- Linux [4.19.81](https://lwn.net/Articles/803384/)<br>- timezone-data [2019c](http://mm.icann.org/pipermail/tz-announce/2019-September/000057.html)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.81<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-11-11T14:13:02+00:00 @@ -582,7 +590,7 @@ https://github.com/flatcar/manifest/releases/tag/v2275.2.0 2275.2.0 - 2023-10-25T10:20:35.707806+00:00 + 2023-11-22T09:59:25.420957+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2275.2.0):<br><br>Updates:<br>- Linux [4.19.79](https://lwn.net/Articles/802169/)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.79<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-10-17T18:54:07+00:00 @@ -590,7 +598,7 @@ https://github.com/flatcar/manifest/releases/tag/v2247.4.0 2247.4.0 - 2023-10-25T10:20:35.703492+00:00 + 2023-11-22T09:59:25.416652+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2247.4.0):<br><br>Bug fixes:<br>- Fix kernel crash with CephFS mounts, introduced in 2247.3.0 ([#2616](https://github.com/coreos/bugs/issues/2616))<br><br>Updates:<br>- Linux [4.19.78](https://lwn.net/Articles/801700/)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.78<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-10-16T15:09:03+00:00 @@ -598,7 +606,7 @@ https://github.com/flatcar/manifest/releases/tag/v2247.3.0 2247.3.0 - 2023-10-25T10:20:35.699100+00:00 + 2023-11-22T09:59:25.412184+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2247.3.0):<br><br>Security fixes:<br><br>- Fix kernel KVM guest escape ([CVE-2019-14835](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14835))<br>- Fix race condition in Intel microprocessors ([CVE-2019-11184](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11184))<br><br>Updates:<br><br>- intel-microcode [20190918](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/blob/microcode-20190918/releasenote)<br>- Linux [4.19.75](https://lwn.net/Articles/800247/)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.75<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-09-25T09:32:22+00:00 @@ -606,7 +614,7 @@ https://github.com/flatcar/manifest/releases/tag/v2247.2.0 2247.2.0 - 2023-10-25T10:20:35.694567+00:00 + 2023-11-22T09:59:25.407519+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2247.2.0):<br><br>Updates:<br><br>- Linux [4.19.71](https://lwn.net/Articles/798627/)<br><br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.71<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-09-13T10:53:37+00:00 @@ -614,7 +622,7 @@ https://github.com/flatcar/manifest/releases/tag/v2219.3.0 2219.3.0 - 2023-10-25T10:20:35.690261+00:00 + 2023-11-22T09:59:25.403007+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2219.3.0):<br><br>Security fixes:<br><br>- Fix pam_systemd bug allowing authenticated remote users to perform polkit actions as if locally logged in ([CVE-2019-3842](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3842))<br>- Fix systemd-resolved bug allowing unprivileged users to change DNS settings ([CVE-2019-15718](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15718))<br><br>Bug fixes:<br><br>- Fix GCE agent crash loop in new installs ([#2608](https://github.com/coreos/bugs/issues/2608))<br><br>Updates:<br><br>- Linux [4.19.69](https://lwn.net/Articles/797815/)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.69<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-09-05T08:53:14+00:00 @@ -622,7 +630,7 @@ https://github.com/flatcar/manifest/releases/tag/v2219.2.1 2219.2.1 - 2023-10-25T10:20:35.685538+00:00 + 2023-11-22T09:59:25.398231+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2219.2.1):<br><br>Security fixes:<br>- Fix wget buffer overflow allowing arbitrary code execution ([CVE-2019-5953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5953))<br><br>Updates:<br>- Linux [4.19.68](https://lwn.net/Articles/797250/)<br>- wget [1.20.3](http://git.savannah.gnu.org/cgit/wget.git/tree/NEWS?h=v1.20.3&id=a220ead43505bc3e0ea8efb1572919111dbbf6dc#n8)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.68<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-08-30T07:37:15+00:00 @@ -630,7 +638,7 @@ https://github.com/flatcar/manifest/releases/tag/v2219.2.0 2219.2.0 - 2023-10-25T10:20:35.681078+00:00 + 2023-11-22T09:59:25.393696+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2219.2.0):<br><br>Security fixes:<br>- Use secure_getenv to fix a vulnerability around XDG_SEAT in pam_systemd (https://github.com/coreos/systemd/pull/118) ([CVE-2019-3842](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3842))<br><br>Updates:<br>- Linux [4.19.65](https://lwn.net/Articles/795525/)<br><br>## Flatcar updates<br><br>Bug fixes:<br>- Fix wrong key name for fw_cfg in ignition with QEMU (https://github.com/flatcar/ignition/issues/2)<br>- Get SELinux context included in torcx tarballs (https://github.com/flatcar/scripts/pull/16)<br>- Enable XattrPrivileged for untar to fix SELinux issue (https://github.com/flatcar/torcx/pull/1)<br><br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.65<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-08-16T09:44:16+00:00 @@ -638,7 +646,7 @@ https://github.com/flatcar/manifest/releases/tag/v2191.3.0 2191.3.0 - 2023-10-25T10:20:35.676319+00:00 + 2023-11-22T09:59:25.388896+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2191.3.0):<br><br>Security fixes:<br>- Fix Linux information leak attack vector via speculative side channel ([CVE-2019-1125](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1125))<br><br>Updates:<br>- Linux [4.19.65](https://lwn.net/Articles/795525/)<br><br>## Flatcar updates<br><br>Changes:<br>- Add "-s" flag in flatcar-install to install to smallest disk (https://github.com/flatcar/init/pull/7)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.65<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-08-08T08:18:09+00:00 @@ -646,7 +654,7 @@ https://github.com/flatcar/manifest/releases/tag/v2191.2.0 2191.2.0 - 2023-10-25T10:20:35.671737+00:00 + 2023-11-22T09:59:25.384281+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2191.2.0):<br>- Linux [4.19.62](https://lwn.net/Articles/794807/)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.62<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-08-01T09:15:48+00:00 @@ -654,7 +662,7 @@ https://github.com/flatcar/manifest/releases/tag/v2191.1.0 2191.1.0 - 2023-10-25T10:20:35.667492+00:00 + 2023-11-22T09:59:25.379978+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2191.1.0):<br><br>No changes for beta promotion<br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.56<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-07-17T13:51:51+00:00 @@ -662,7 +670,7 @@ https://github.com/flatcar/manifest/releases/tag/v2163.4.0 2163.4.0 - 2023-10-25T10:20:35.663179+00:00 + 2023-11-22T09:59:25.375584+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2163.4.0):<br><br>Bug fixes:<br><br> * Fix Ignition panic when no `guestinfo.(coreos|ignition).config` parameters are specified on VMware (coreos/ignition#821)<br><br>Updates:<br><br> * Ignition [0.33.0](https://github.com/coreos/ignition/releases/tag/v0.33.0)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.55<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-07-03T08:02:30+00:00 @@ -670,7 +678,7 @@ https://github.com/flatcar/manifest/releases/tag/v2163.3.0 2163.3.0 - 2023-10-25T10:20:35.658726+00:00 + 2023-11-22T09:59:25.371118+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2163.3.0):<br><br>Updates:<br><br>- Linux [4.19.53](https://lwn.net/Articles/791468/)<br><br>Packages:<br>- docker 18.06.3<br>- ignition 0.32.0<br>- kernel 4.19.55<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-07-01T10:45:57+00:00 @@ -678,7 +686,7 @@ https://github.com/flatcar/manifest/releases/tag/v2135.3.1 2135.3.1 - 2023-10-25T10:20:35.654434+00:00 + 2023-11-22T09:59:25.366831+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2135.3.1):<br><br>Security fixes:<br><br>- Fix Linux TCP remotely-triggerable kernel panic and excessive resource consumption ([CVE-2019-11477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11477), [CVE-2019-11478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11478), [CVE-2019-11479](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11479))<br><br>Bug fixes:<br><br>- Fix invalid bzip2 compression of Container Linux release images ([#2589](https://github.com/coreos/bugs/issues/2589))<br><br>Updates:<br><br>- Linux [4.19.50](https://lwn.net/Articles/790878/)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.32.0<br>- kernel 4.19.50<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-06-19T08:16:10+00:00 @@ -686,7 +694,7 @@ https://github.com/flatcar/manifest/releases/tag/v2135.2.0 2135.2.0 - 2023-10-25T10:20:35.649765+00:00 + 2023-11-22T09:59:25.362129+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2135.2.0):<br><br>Updates:<br>- Linux [4.19.44](https://lwn.net/Articles/788778/)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.32.0<br>- kernel 4.19.44<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-05-21T20:28:25+00:00 @@ -694,7 +702,7 @@ https://github.com/flatcar/manifest/releases/tag/v2107.3.0 2107.3.0 - 2023-10-25T10:20:35.645473+00:00 + 2023-11-22T09:59:25.357765+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2107.3.0):<br><br>Security fixes:<br>- Fix Intel CPU disclosure of memory to user process. Complete mitigation requires [manually disabling SMT](https://docs.flatcar-linux.org/os/disabling-smt/) on affected processors. ([CVE-2019-11091](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11091), [CVE-2018-12126](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12126), [CVE-2018-12127](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12127), [CVE-2018-12130](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12130), [MDS](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html))<br><br>Updates:<br>- intel-microcode [20190514](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/blob/microcode-20190514/releasenote)<br>- Linux [4.19.43](https://lwn.net/Articles/788388/)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.31.0<br>- kernel 4.19.43<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-05-16T10:57:15+00:00 @@ -702,7 +710,7 @@ https://github.com/flatcar/manifest/releases/tag/v2107.2.0 2107.2.0 - 2023-10-25T10:20:35.640708+00:00 + 2023-11-22T09:59:25.352937+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2107.2.0):<br><br>Bug fixes:<br><br>- Fix systemd `MountFlags=shared` option ([#2579](https://github.com/coreos/bugs/issues/2579))<br><br>Changes:<br><br>- Pin network interface naming to systemd v238 scheme ([#2578](https://github.com/coreos/bugs/issues/2578))<br>Packages:<br>- docker 18.06.3<br>- ignition 0.31.0<br>- kernel 4.19.36<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-05-08T07:07:32+00:00 @@ -710,7 +718,7 @@ https://github.com/flatcar/manifest/releases/tag/v2107.1.0 2107.1.0 - 2023-10-25T10:20:35.636220+00:00 + 2023-11-22T09:59:25.348416+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2107.1.0):<br><br>Bug fixes:<br> - Disable new sticky directory protections for backward compatibility ([#2577](https://github.com/coreos/bugs/issues/2577))<br><br>Changes:<br> - Enable `atlantic` kernel module ([#2576](https://github.com/coreos/bugs/issues/2576))<br><br>Updates:<br> - Linux [4.19.36](https://lwn.net/Articles/786361/)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.31.0<br>- kernel 4.19.36<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-04-24T10:01:19+00:00 @@ -718,7 +726,7 @@ https://github.com/flatcar/manifest/releases/tag/v2079.2.0 2079.2.0 - 2023-10-25T10:20:35.631702+00:00 + 2023-11-22T09:59:25.343855+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2079.2.0):<br><br>Bug fixes:<br>- Disable new sticky directory protections for backwards compatibility ([#2577](https://github.com/coreos/bugs/issues/2577))<br><br>Changes:<br>- Enable `atlantic` kernel module ([#2576](https://github.com/coreos/bugs/issues/2576))<br><br>Updates:<br>- Linux [4.19.34](https://lwn.net/Articles/786050/)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.31.0<br>- kernel 4.19.34<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-04-17T07:53:14+00:00 @@ -726,7 +734,7 @@ https://github.com/flatcar/manifest/releases/tag/v2079.1.0 2079.1.0 - 2023-10-25T10:20:35.627164+00:00 + 2023-11-22T09:59:25.339297+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2079.1.0):<br><br>Bug fixes:<br>- Fix systemd presets incorrectly handling escaped unit names ([#2569](https://github.com/coreos/bugs/issues/2569))<br><br>Updates:<br>- Linux [4.19.31](https://lwn.net/Articles/783858/)<br><br>Packages:<br>- docker 18.06.3<br>- ignition 0.31.0<br>- kernel 4.19.31<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-03-26T13:08:57+00:00 @@ -734,7 +742,7 @@ https://github.com/flatcar/manifest/releases/tag/v2051.2.0 2051.2.0 - 2023-10-25T10:20:35.622722+00:00 + 2023-11-22T09:59:25.334859+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2051.2.0):<br><br>Bug fixes:<br>- Fix systemd-journald memory leak ([#2564](https://github.com/coreos/bugs/issues/2564))<br><br>Updates:<br>- Linux [4.19.28](https://lwn.net/Articles/782719/)<br>Packages:<br>- docker 18.06.1<br>- ignition 0.30.0<br>- kernel 4.19.28<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2019-03-12T14:37:08+00:00 @@ -742,7 +750,7 @@ https://github.com/flatcar/manifest/releases/tag/v2051.1.0 2051.1.0 - 2023-10-25T10:20:35.618338+00:00 + 2023-11-22T09:59:25.330448+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2051.1.0):<br><br>Security fixes:<br>- Fix Linux use-after-free in `sockfs_setattr` ([CVE-2019-8912](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8912))<br>- Fix systemd crash from a specially-crafted D-Bus message ([CVE-2019-6454](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6454))<br><br>Updates:<br>- Linux [4.19.25](https://lwn.net/Articles/780611/)<br>Packages:<br>- docker 18.06.1<br>- ignition 0.30.0<br>- kernel 4.19.25<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2019-02-27T08:53:46+00:00 @@ -750,7 +758,7 @@ https://github.com/flatcar/manifest/releases/tag/v2023.3.0 2023.3.0 - 2023-10-25T10:20:35.613779+00:00 + 2023-11-22T09:59:25.325845+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2023.3.0):<br><br>Updates:<br>- Linux [4.19.23](https://lwn.net/Articles/779940/)<br>Packages:<br>- docker 18.06.1<br>- ignition 0.30.0<br>- kernel 4.19.23<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2019-02-21T08:41:36+00:00 @@ -758,7 +766,7 @@ https://github.com/flatcar/manifest/releases/tag/v2023.2.0 2023.2.0 - 2023-10-25T10:20:35.609459+00:00 + 2023-11-22T09:59:25.321544+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2023.2.0):<br>Security fixes:<br> - Fix runc container breakout ([CVE-2019-5736](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5736))<br><br>Changes:<br> - Revert `/sys/bus/rbd/add` to Linux 4.14 behavior ([#2544](https://github.com/coreos/bugs/issues/2544))<br><br>Updates:<br> - etcd [3.3.12](https://github.com/etcd-io/etcd/releases/tag/v3.3.12)<br> - etcdctl [3.3.12](https://github.com/etcd-io/etcd/releases/tag/v3.3.12)<br> - Linux [4.19.20](https://lwn.net/Articles/779132/)<br><br>Packages:<br>- docker 18.06.1<br>- ignition 0.30.0<br>- kernel 4.19.20<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2019-02-14T10:31:00+00:00 @@ -766,7 +774,7 @@ https://github.com/flatcar/manifest/releases/tag/v2023.1.0 2023.1.0 - 2023-10-25T10:20:35.604892+00:00 + 2023-11-22T09:59:25.316974+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2023.1.0):<br><br>Security fixes:<br>- Fix Go CPU denial of service in ECC ([CVE-2019-6486](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6486))<br><br>Updates:<br>- Go [1.10.8](https://golang.org/doc/devel/release.html#go1.10.minor)<br>- Go [1.11.5](https://golang.org/doc/devel/release.html#go1.11.minor)<br>- Linux [4.19.18](https://lwn.net/Articles/777580/)<br>Packages:<br>- docker 18.06.1<br>- ignition 0.30.0<br>- kernel 4.19.18<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2019-01-30T13:45:28+00:00 @@ -774,7 +782,7 @@ https://github.com/flatcar/manifest/releases/tag/v1995.1.0 1995.1.0 - 2023-10-25T10:20:35.600349+00:00 + 2023-11-22T09:59:25.312438+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1995.1.0):<br><br>Updates:<br>- Linux [4.19.13](https://lwn.net/Articles/775720/)<br>Packages:<br>- docker 18.06.1<br>- ignition 0.29.1<br>- kernel 4.19.13<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2019-01-18T09:10:26+00:00 @@ -782,7 +790,7 @@ https://github.com/flatcar/manifest/releases/tag/v1967.2.0 1967.2.0 - 2023-10-25T10:20:35.595823+00:00 + 2023-11-22T09:59:25.308099+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1967.2.0):<br><br>Security fixes:<br>- Fix Go CPU denial of service in X.509 verification ([CVE-2018-16875](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16875))<br>- Fix PolicyKit always authorizing UIDs greater than `INT_MAX` ([CVE-2018-19788](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19788))<br><br>Updates:<br>- Go [1.10.6](https://golang.org/doc/devel/release.html#go1.10.minor)<br>- Go [1.11.3](https://golang.org/doc/devel/release.html#go1.11.minor)<br>- Linux [4.14.88](https://lwn.net/Articles/774848/)<br>Packages:<br>- docker 18.06.1<br>- ignition 0.28.0<br>- kernel 4.14.88<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-12-21T09:08:43+00:00 @@ -790,7 +798,7 @@ https://github.com/flatcar/manifest/releases/tag/v1967.1.0 1967.1.0 - 2023-10-25T10:20:35.590688+00:00 + 2023-11-22T09:59:25.303445+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1967.1.0):<br><br>Changes:<br> - Switch to the LTS Linux version [4.14.84](https://lwn.net/Articles/773114/) for the beta channel<br>Packages:<br>- docker 18.06.1<br>- ignition 0.28.0<br>- kernel 4.14.84<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-12-06T09:43:43+00:00 @@ -798,7 +806,7 @@ https://github.com/flatcar/manifest/releases/tag/v1939.2.1 1939.2.1 - 2023-10-25T10:20:35.586131+00:00 + 2023-11-22T09:59:25.299059+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1939.2.1):<br><br>Security fixes:<br>- Disable containerd CRI plugin to stop it from listening on a TCP port ([#2524](https://github.com/coreos/bugs/issues/2524))<br><br>Updates:<br>- Linux [4.14.81](https://lwn.net/Articles/771885/)<br>Packages:<br>- docker 18.06.1<br>- ignition 0.28.0<br>- kernel 4.14.81<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-11-21T10:57:13+00:00 @@ -806,7 +814,7 @@ https://github.com/flatcar/manifest/releases/tag/v1939.1.0 1939.1.0 - 2023-10-25T10:20:35.581657+00:00 + 2023-11-22T09:59:25.294540+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1939.1.0):<br><br>Security fixes:<br>- Fix systemd re-executing with arbitrary supplied state ([CVE-2018-15686](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15686))<br>- Fix systemd race allowing changing file permissions ([CVE-2018-15687](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15687))<br>- Fix systemd-networkd buffer overflow in the dhcp6 client ([CVE-2018-15688](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15688))<br><br>Changes:<br>- Switch to the LTS Linux version [4.14.79](https://lwn.net/Articles/770749/) for the beta channel<br>Packages:<br>- docker 18.06.1<br>- ignition 0.28.0<br>- kernel 4.14.79<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-11-08T16:14:38+00:00 @@ -814,7 +822,7 @@ https://github.com/flatcar/manifest/releases/tag/v1911.2.0 1911.2.0 - 2023-10-25T10:20:35.576874+00:00 + 2023-11-22T09:59:25.289885+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1911.2.0):<br><br>Security fixes:<br>- Fix Git remote code execution during recursive clone ([CVE-2018-17456](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17456))<br><br>Bug fixes:<br>- Fix missing kernel headers ([#2505](https://github.com/coreos/bugs/issues/2505))<br><br>Updates:<br>- Git [2.16.5](https://raw.githubusercontent.com/git/git/v2.16.5/Documentation/RelNotes/2.16.5.txt)<br>- Linux [4.14.78](https://lwn.net/Articles/769051/)<br>Packages:<br>- docker 18.06.1<br>- ignition 0.28.0<br>- kernel 4.14.78<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-10-26T10:14:36+00:00 @@ -822,7 +830,7 @@ https://github.com/flatcar/manifest/releases/tag/v1911.1.1 1911.1.1 - 2023-10-25T10:20:35.572272+00:00 + 2023-11-22T09:59:25.285271+00:00 ## Flatcar updates<br><br>Changes:<br><br>* Add new image signing subkey to `flatcar-install` ([flatcar-linux/init#4](https://github.com/flatcar/init/pull/4))<br><br>Bug fixes:<br><br>* Fix `/usr/lib/coreos` symlink for Container Linux compatibility ([flatcar-linux/coreos-overlay#8](https://github.com/flatcar/coreos-overlay/pull/8))<br><br>## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1911.1.1):<br><br>Changes:<br>- Switch to the LTS Linux version [4.14.74](https://lwn.net/Articles/767628/) for the beta channel<br><br>Packages:<br>- docker 18.06.1<br>- ignition 0.28.0<br>- kernel 4.14.74<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-10-11T13:18:49+00:00 @@ -830,7 +838,7 @@ https://github.com/flatcar/manifest/releases/tag/v1883.1.0 1883.1.0 - 2023-10-25T10:20:35.567700+00:00 + 2023-11-22T09:59:25.280657+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1883.1.0):<br><br>Bug fixes:<br>- Fix Docker mounting named volumes ([#2497](https://github.com/coreos/bugs/issues/2497))<br><br>Changes:<br>- Switch to the LTS Linux version [4.14.69](https://lwn.net/Articles/764513/) for the beta channel<br><br>Updates:<br>- intel-microcode [20180807a](https://downloadcenter.intel.com/download/28087)<br>Packages:<br>- docker 18.06.1<br>- ignition 0.28.0<br>- kernel 4.14.69<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-09-14T09:59:48+00:00 @@ -838,7 +846,7 @@ https://github.com/flatcar/manifest/releases/tag/v1855.3.0 1855.3.0 - 2023-10-25T10:20:35.563182+00:00 + 2023-11-22T09:59:25.276122+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1855.3.0):<br><br>Changes:<br>- Drop AWS PV images from regions which do not support PV<br><br>Updates:<br>- containerd [1.1.2](https://github.com/containerd/containerd/releases/tag/v1.1.2)<br>- Docker [18.06.1-ce](https://github.com/docker/docker-ce/releases/tag/v18.06.1-ce)<br>- intel-microcode [20180807a](https://downloadcenter.intel.com/download/28087/Linux-Processor-Microcode-Data-File)<br>- Linux [4.14.67](https://lwn.net/Articles/763433/)<br>Packages:<br>- docker 18.06.1<br>- ignition 0.26.0<br>- kernel 4.14.67<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-09-05T08:43:19+00:00 @@ -846,7 +854,7 @@ https://github.com/flatcar/manifest/releases/tag/v1855.2.0 1855.2.0 - 2023-10-25T10:20:35.558609+00:00 + 2023-11-22T09:59:25.271526+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1855.2.0):<br><br>Security fixes:<br>- Fix Linux remote denial of service ([FragmentSmack](https://access.redhat.com/security/cve/cve-2018-5391), [CVE-2018-5391](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5391))<br>- Fix Linux privileged memory access via speculative execution ([L1TF/Foreshadow](https://foreshadowattack.eu/), [CVE-2018-3620](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3620), [CVE-2018-3646](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3646))<br><br>Bug fixes:<br>- Fix PXE systems attempting to mount an ESP ([#2491](https://github.com/coreos/bugs/issues/2491))<br><br>Changes:<br>- Switch to the LTS Linux version [4.14.63](https://lwn.net/Articles/762808/) for the beta channel<br>Packages:<br>- docker 18.06.0<br>- ignition 0.26.0<br>- kernel 4.14.63<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-08-17T12:09:29+00:00 @@ -854,7 +862,7 @@ https://github.com/flatcar/manifest/releases/tag/v1828.3.0 1828.3.0 - 2023-10-25T10:20:35.553751+00:00 + 2023-11-22T09:59:25.266733+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1828.3.0):<br><br>Security fixes:<br>- Fix Linux local denial of service as Xen PV guest ([CVE-2018-14678](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14678))<br><br>Bug fixes:<br>- Fix failure to mount large ext4 filesystems ([#2485](https://github.com/coreos/bugs/issues/2485))<br><br>Updates:<br>- Linux [4.14.60](https://lwn.net/Articles/761767/)<br>Packages:<br>- docker 18.03.1<br>- ignition 0.26.0<br>- kernel 4.14.60<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-08-08T10:49:50+00:00 @@ -862,7 +870,7 @@ https://github.com/flatcar/manifest/releases/tag/v1828.2.0 1828.2.0 - 2023-10-25T10:20:35.549239+00:00 + 2023-11-22T09:59:25.262166+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1828.2.0):<br><br>Bug fixes:<br>- Fix kernel CIFS client ([#2480](https://github.com/coreos/bugs/issues/2480))<br><br>Updates:<br>- Linux [4.14.59](https://lwn.net/Articles/761180/)<br>Packages:<br>- docker 18.03.1<br>- ignition 0.26.0<br>- kernel 4.14.59<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-07-31T09:16:00+00:00 @@ -870,7 +878,7 @@ https://github.com/flatcar/manifest/releases/tag/v1828.1.0 1828.1.0 - 2023-10-25T10:20:35.544854+00:00 + 2023-11-22T09:59:25.257785+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1828.1.0):<br><br>Changes:<br>- Switch to the LTS Docker version [18.03.1-ce](https://github.com/docker/docker-ce/releases/tag/v18.03.1-ce) for the beta channel<br>- Switch to the LTS Linux version [4.14.57](https://lwn.net/Articles/760500/) for the beta channel<br><br>Packages:<br>- docker 18.03.1<br>- ignition 0.26.0<br>- kernel 4.14.57<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-07-26T09:40:11+00:00 @@ -878,7 +886,7 @@ https://github.com/flatcar/manifest/releases/tag/v1800.3.0 1800.3.0 - 2023-10-25T10:20:35.540294+00:00 + 2023-11-22T09:59:25.253277+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1800.3.0):<br><br>Updates:<br>- Linux [4.14.55](https://lwn.net/Articles/759535/)<br>Packages:<br>- docker 18.03.1<br>- ignition 0.25.1<br>- kernel 4.14.55<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-07-13T15:43:19+00:00 @@ -886,7 +894,7 @@ https://github.com/flatcar/manifest/releases/tag/v1800.2.0 1800.2.0 - 2023-10-25T10:20:35.535915+00:00 + 2023-11-22T09:59:25.248894+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1800.2.0):<br><br>Changes:<br>- Switch to the LTS Docker version [18.03.1-ce](https://github.com/docker/docker-ce/releases/tag/v18.03.1-ce) for the beta channel<br>- Switch to the LTS Linux version [4.14.50](https://lwn.net/Articles/757680/) for the beta channel<br>Packages:<br>- docker 18.03.1<br>- ignition 0.25.1<br>- kernel 4.14.50<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-06-22T10:17:31+00:00 @@ -894,7 +902,7 @@ https://github.com/flatcar/manifest/releases/tag/v1772.4.0 1772.4.0 - 2023-10-25T10:20:35.531376+00:00 + 2023-11-22T09:59:25.244344+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1772.4.0):<br><br>Bug fixes:<br>- Fix TCP connection stalls ([#2457](https://github.com/coreos/bugs/issues/2457))<br><br>Updates:<br>- Linux [4.14.49](https://lwn.net/Articles/757308/)<br>Packages:<br>- docker 18.03.1<br>- ignition 0.24.1<br>- kernel 4.14.49<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-06-15T14:51:22+00:00 @@ -902,7 +910,7 @@ https://github.com/flatcar/manifest/releases/tag/v1772.3.0 1772.3.0 - 2023-10-25T10:20:35.526860+00:00 + 2023-11-22T09:59:25.239923+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1772.3.0):<br><br>Bug fixes:<br>- Fix Hyper-V network driver regression ([#2454](https://github.com/coreos/bugs/issues/2454))<br><br>Updates:<br>- Linux [4.14.48](https://lwn.net/Articles/756652/)<br>Packages:<br>- docker 18.03.1<br>- ignition 0.24.1<br>- kernel 4.14.48<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-06-13T13:22:40+00:00 @@ -910,7 +918,7 @@ https://github.com/flatcar/manifest/releases/tag/v1772.2.0 1772.2.0 - 2023-10-25T10:20:35.522409+00:00 + 2023-11-22T09:59:25.235434+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1772.2.0):<br><br>Security fixes:<br>- Fix Git arbitrary code execution when cloning untrusted repositories ([CVE-2018-11235](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11235))<br><br>Bug fixes:<br>- Fix inadvertent change of network interface names ([#2437](https://github.com/coreos/bugs/issues/2437))<br>- Fix failure to set network interface MTU ([#2443](https://github.com/coreos/bugs/issues/2443))<br><br>Updates:<br>- Git [2.16.4](https://raw.githubusercontent.com/git/git/v2.16.4/Documentation/RelNotes/2.16.4.txt)<br>- Linux [4.14.47](https://lwn.net/Articles/756055/)<br>Packages:<br>- docker 18.03.1<br>- ignition 0.24.1<br>- kernel 4.14.47<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-06-01T13:23:43+00:00 @@ -918,7 +926,7 @@ https://github.com/flatcar/manifest/releases/tag/v1772.1.1 1772.1.1 - 2023-10-25T10:20:35.517683+00:00 + 2023-11-22T09:59:25.230680+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1772.1.1):<br><br>Changes:<br>- Switch to the LTS Docker version [18.03.1-ce](https://github.com/docker/docker-ce/releases/tag/v18.03.1-ce) for the beta channel<br>- Switch to the LTS Linux version [4.14.42](https://lwn.net/Articles/754972/) for the beta channel<br><br>Updates:<br>- Ignition [0.24.1](https://github.com/coreos/ignition/releases/tag/v0.24.1)<br>Packages:<br>- docker 18.03.1<br>- ignition 0.24.1<br>- kernel 4.14.42<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-05-26T15:29:49+00:00 @@ -926,7 +934,7 @@ https://github.com/flatcar/manifest/releases/tag/v1745.2.0 1745.2.0 - 2023-10-25T10:20:35.513051+00:00 + 2023-11-22T09:59:25.226053+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1745.2.0):<br><br>Security fixes:<br> - Fix ntp clock manipulation from ephemeral connections ([CVE-2016-1549](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549), [CVE-2018-7170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7170))<br> - Fix ntp denial of service from out of bounds read ([CVE-2018-7182](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7182)) <br> - Fix ntp denial of service from packets with timestamp 0 ([CVE-2018-7184](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7184), [CVE-2018-7185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7185))<br> - Fix ntp remote code execution ([CVE-2018-7183](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7183))<br><br>Updates:<br> - containerd [1.0.3](https://github.com/containerd/containerd/releases/tag/v1.0.3)<br> - Docker [18.03.1-ce](https://github.com/docker/docker-ce/releases/tag/v18.03.1-ce)<br> - Linux [4.14.39](https://lwn.net/Articles/753349/)<br> - ntp [4.2.8p11](https://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ChangeLog-stable)<br><br>Packages:<br>- docker 18.03.1<br>- ignition 0.24.0<br>- kernel 4.14.39<br>- rkt 1.29.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-05-11T11:40:35+00:00 @@ -934,7 +942,7 @@ https://github.com/flatcar/manifest/releases/tag/v1745.1.0 1745.1.0 - 2023-10-25T10:20:35.507863+00:00 + 2023-11-22T09:59:25.220907+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1745.1.0):<br><br>Bug fixes:<br> - Fix docker2aci tar conversion ([#2402](https://github.com/coreos/bugs/issues/2402))<br><br>Changes:<br> - Switch to the LTS Linux version [4.14.35](https://lwn.net/Articles/752328/) for the beta channel<br>Packages:<br>- docker 18.03.0<br>- ignition 0.24.0<br>- kernel 4.14.35<br>- rkt 1.29.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-04-26T09:58:55+00:00 @@ -942,7 +950,7 @@ https://github.com/flatcar/manifest/releases/tag/v1722.2.0 1722.2.0 - 2023-10-25T10:20:35.503172+00:00 + 2023-11-22T09:59:25.216237+00:00 ## Flatcar updates<br><br>Initial Flatcar release.<br><br>Bug fixes:<br>- Fix GRUB crash at boot ([#2284](https://github.com/coreos/bugs/issues/2284))<br>- Fix [poweroff problems](https://groups.google.com/forum/#!topic/coreos-user/YcGkRHU9SvQ) ([#8080](https://github.com/systemd/systemd/pull/8080))<br><br>Notes:<br>- Previous test images have been removed from the release servers. This is due to a new update key being generated using our updated security policy which we [included](https://github.com/flatcar/coreos-overlay/pull/6) in the first public image.<br><br>## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1722.2.0):<br><br>Bug fixes:<br>- Fix kernel panic with vxlan ([#2382](https://github.com/coreos/bugs/issues/2382))<br>Packages:<br>- docker 17.12.1<br>- ignition 0.23.0<br>- kernel 4.14.30<br>- rkt 1.29.0<br>- systemd 237<br><br>Architectures:<br>- amd64<br> 2018-04-25T14:36:40+00:00 diff --git a/static/releases-feed/releases-lts-2022.xml b/static/releases-feed/releases-lts-2022.xml index e5f9607f..1c7f8e37 100644 --- a/static/releases-feed/releases-lts-2022.xml +++ b/static/releases-feed/releases-lts-2022.xml @@ -2,7 +2,7 @@ https://www.flatcar.org/ Flatcar :: lts - 2023-10-25T10:20:37.350267+00:00 + 2023-11-22T09:59:27.065306+00:00 Flatcar Container Linux hello@kinvolk.io @@ -14,7 +14,7 @@ https://github.com/flatcar/scripts/releases/tag/lts-3033.3.9 3033.3.9 - 2023-10-25T10:20:37.479688+00:00 + 2023-11-22T09:59:27.195565+00:00 _Changes since **LTS 3033.3.8**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-3424](https://nvd.nist.gov/vuln/detail/CVE-2022-3424), [CVE-2022-3534](https://nvd.nist.gov/vuln/detail/CVE-2022-3534), [CVE-2022-3545](https://nvd.nist.gov/vuln/detail/CVE-2022-3545), [CVE-2022-3623](https://nvd.nist.gov/vuln/detail/CVE-2022-3623), [CVE-2022-36280](https://nvd.nist.gov/vuln/detail/CVE-2022-36280), [CVE-2022-3643](https://nvd.nist.gov/vuln/detail/CVE-2022-3643), [CVE-2022-41218](https://nvd.nist.gov/vuln/detail/CVE-2022-41218), [CVE-2022-4378](https://nvd.nist.gov/vuln/detail/CVE-2022-4378), [CVE-2022-45934](https://nvd.nist.gov/vuln/detail/CVE-2022-45934), [CVE-2022-47929](https://nvd.nist.gov/vuln/detail/CVE-2022-47929), [CVE-2023-0266](https://nvd.nist.gov/vuln/detail/CVE-2023-0266), [CVE-2023-0394](https://nvd.nist.gov/vuln/detail/CVE-2023-0394), [CVE-2023-23454](https://nvd.nist.gov/vuln/detail/CVE-2023-23454), [CVE-2023-23455](https://nvd.nist.gov/vuln/detail/CVE-2023-23455))<br><br>#### Bug fixes:<br><br><br>#### Changes:<br><br><br>#### Updates:<br><br>- Linux ([5.10.164](https://lwn.net/Articles/920322) (includes [5.10.163](https://lwn.net/Articles/920013), [5.10.162](https://lwn.net/Articles/919055), [5.10.161](https://lwn.net/Articles/918330), [5.10.160](https://lwn.net/Articles/918207), [5.10.159](https://lwn.net/Articles/917899), [5.10.158](https://lwn.net/Articles/917402)))<br>- ca-certificates ([3.87](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_87.html) (includes [3.86](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_86.html)))<br><br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.10.164<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-01-24T13:14:09+00:00 @@ -22,7 +22,7 @@ https://github.com/flatcar/scripts/releases/tag/lts-3033.3.8 3033.3.8 - 2023-10-25T10:20:37.474490+00:00 + 2023-11-22T09:59:27.190367+00:00 _Changes since **LTS 3033.3.7**_<br> <br>#### Security fixes:<br> <br>- Linux ([CVE-2022-3169](https://nvd.nist.gov/vuln/detail/CVE-2022-3169), [CVE-2022-3521](https://nvd.nist.gov/vuln/detail/CVE-2022-3521))<br><br>#### Updates:<br> <br>- Linux ([5.10.157](https://lwn.net/Articles/916764) (includes [5.10.156](https://lwn.net/Articles/915992), [5.10.155](https://lwn.net/Articles/915101)))<br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.10.157<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-12-09T09:46:54+00:00 @@ -30,7 +30,7 @@ https://github.com/flatcar/scripts/releases/tag/lts-3033.3.7 3033.3.7 - 2023-10-25T10:20:37.469932+00:00 + 2023-11-22T09:59:27.185873+00:00 _Changes since **LTS 3033.3.6**_<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2021-4037](https://nvd.nist.gov/vuln/detail/CVE-2021-4037), [CVE-2022-0171](https://nvd.nist.gov/vuln/detail/CVE-2022-0171), [CVE-2022-2602](https://nvd.nist.gov/vuln/detail/CVE-2022-2602), [CVE-2022-2663](https://nvd.nist.gov/vuln/detail/CVE-2022-2663), [CVE-2022-3061](https://nvd.nist.gov/vuln/detail/CVE-2022-3061), [CVE-2022-3303](https://nvd.nist.gov/vuln/detail/CVE-2022-3303), [CVE-2022-3535](https://nvd.nist.gov/vuln/detail/CVE-2022-3535), [CVE-2022-3542](https://nvd.nist.gov/vuln/detail/CVE-2022-3542), [CVE-2022-3565](https://nvd.nist.gov/vuln/detail/CVE-2022-3565), [CVE-2022-3586](https://nvd.nist.gov/vuln/detail/CVE-2022-3586), [CVE-2022-3594](https://nvd.nist.gov/vuln/detail/CVE-2022-3594), [CVE-2022-3621](https://nvd.nist.gov/vuln/detail/CVE-2022-3621), [CVE-2022-3646](https://nvd.nist.gov/vuln/detail/CVE-2022-3646), [CVE-2022-3649](https://nvd.nist.gov/vuln/detail/CVE-2022-3649), [CVE-2022-39842](https://nvd.nist.gov/vuln/detail/CVE-2022-39842), [CVE-2022-40307](https://nvd.nist.gov/vuln/detail/CVE-2022-40307), [CVE-2022-40768](https://nvd.nist.gov/vuln/detail/CVE-2022-40768), [CVE-2022-41674](https://nvd.nist.gov/vuln/detail/CVE-2022-41674), [CVE-2022-42719](https://nvd.nist.gov/vuln/detail/CVE-2022-42719), [CVE-2022-42720](https://nvd.nist.gov/vuln/detail/CVE-2022-42720), [CVE-2022-42721](https://nvd.nist.gov/vuln/detail/CVE-2022-42721), [CVE-2022-42722](https://nvd.nist.gov/vuln/detail/CVE-2022-42722), [CVE-2022-43750](https://nvd.nist.gov/vuln/detail/CVE-2022-43750))<br> <br> #### Updates:<br> <br> - Linux ([5.10.154](https://lwn.net/Articles/914423) (includes [5.10.153](https://lwn.net/Articles/913682) [5.10.152](https://lwn.net/Articles/913110), [5.10.151](https://lwn.net/Articles/912993), [5.10.150](https://lwn.net/Articles/912501), [5.10.149](https://lwn.net/Articles/911488), [5.10.148](https://lwn.net/Articles/911276), [5.10.147](https://lwn.net/Articles/910399), [5.10.146](https://lwn.net/Articles/909680), [5.10.145](https://lwn.net/Articles/909213), [5.10.144](https://lwn.net/Articles/908783), [5.10.143](https://lwn.net/Articles/908141)))<br> - ca-certificates ([3.84](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_84.html))<br><br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.10.154<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-11-17T12:03:56+00:00 @@ -38,7 +38,7 @@ https://github.com/flatcar/scripts/releases/tag/lts-3033.3.6 3033.3.6 - 2023-10-25T10:20:37.464359+00:00 + 2023-11-22T09:59:27.180334+00:00 _Changes since **LTS 3033.3.5**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-2905](https://nvd.nist.gov/vuln/detail/CVE-2022-2905), [CVE-2022-3028](https://nvd.nist.gov/vuln/detail/CVE-2022-3028), [CVE-2022-39190](https://nvd.nist.gov/vuln/detail/CVE-2022-39190))<br>- torcx ([CVE-2021-38561](https://nvd.nist.gov/vuln/detail/CVE-2021-38561), [CVE-2021-43565](https://nvd.nist.gov/vuln/detail/CVE-2021-43565), [CVE-2022-27191](https://nvd.nist.gov/vuln/detail/CVE-2022-27191))<br><br>#### Bug fixes:<br><br>- Equinix Metal: Fixed serial console settings for the `m3.small.x86` instance by expanding the GRUB check for `i386` to `x86_64` [coreos-overlay#2122](https://github.com/flatcar-linux/coreos-overlay/pull/2122)<br><br>#### Changes:<br><br>- emerge-gitclone: Migrate emerge-gitclone to use scripts repo tags and submodule refs<br><br>#### Updates:<br><br>- Linux ([5.10.142](https://lwn.net/Articles/907525) (includes [5.10.141](https://lwn.net/Articles/907205), [5.10.140](https://lwn.net/Articles/906628), [5.10.139](https://lwn.net/Articles/906359), [5.10.138](https://lwn.net/Articles/906062)))<br>- ca-certificates ([3.83](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_83.html))<br>- locksmith([0.7.0](https://github.com/flatcar/locksmith/blob/v0.7.0/CHANGELOG.md#v070--30112021))<br><br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.10.142<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-10-17T14:39:29+00:00 @@ -46,7 +46,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3033.3.5 3033.3.5 - 2023-10-25T10:20:37.459232+00:00 + 2023-11-22T09:59:27.175140+00:00 _Changes since **LTS 3033.3.4**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-1679](https://nvd.nist.gov/vuln/detail/CVE-2022-1679), [CVE-2022-2153](https://nvd.nist.gov/vuln/detail/CVE-2022-2153), [CVE-2022-2585](https://nvd.nist.gov/vuln/detail/CVE-2022-2585), [CVE-2022-2586](https://nvd.nist.gov/vuln/detail/CVE-2022-2586), [CVE-2022-2588](https://nvd.nist.gov/vuln/detail/CVE-2022-2588), [CVE-2022-26373](https://nvd.nist.gov/vuln/detail/CVE-2022-26373), [CVE-2022-36946](https://nvd.nist.gov/vuln/detail/CVE-2022-36946))<br><br>#### Changes:<br><br>- The new image signing subkey was added to the public key embedded into `flatcar-install` (the old expired on 10th August 2022), only an updated `flatcar-install` script can verify releases signed with the new key ([init#79](https://github.com/flatcar/init/pull/79))<br><br>#### Updates:<br><br>- Linux ([5.10.137](https://lwn.net/Articles/905534) (includes [5.10.136](https://lwn.net/Articles/904462), [5.10.135](https://lwn.net/Articles/903689)))<br>- ca-certificates ([3.82](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_82.html))<br><br><br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.10.137<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-09-01T12:58:14+00:00 @@ -54,7 +54,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3033.3.4 3033.3.4 - 2023-10-25T10:20:37.454206+00:00 + 2023-11-22T09:59:27.170096+00:00 New LTS-2022 Release 3033.3.4<br><br>Changes since LTS-2022 3033.3.3<br><br>## Security fixes:<br><br>- Linux ([CVE-2022-23816](https://nvd.nist.gov/vuln/detail/CVE-2022-23816), [CVE-2022-23825](https://nvd.nist.gov/vuln/detail/CVE-2022-23825), [CVE-2022-29900](https://nvd.nist.gov/vuln/detail/CVE-2022-29900), [CVE-2022-29901](https://nvd.nist.gov/vuln/detail/CVE-2022-29901))<br><br>## Bug fixes:<br><br><br>## Changes:<br><br><br>## Updates:<br><br>- Linux ([5.10.134](https://lwn.net/Articles/902918) (includes [5.10.133](https://lwn.net/Articles/902372), [5.10.132](https://lwn.net/Articles/902102)))<br>- ca-certificates ([3.81](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_81.html))<br><br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.10.134<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-08-04T12:04:45+00:00 @@ -62,7 +62,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3033.3.3 3033.3.3 - 2023-10-25T10:20:37.449492+00:00 + 2023-11-22T09:59:27.165333+00:00 New **LTS-2022** Release **3033.3.3**<br><br>_Changes since **LTS 3033.3.2**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2021-33655](https://nvd.nist.gov/vuln/detail/CVE-2021-33655), [CVE-2021-33656](https://nvd.nist.gov/vuln/detail/CVE-2021-33656), [CVE-2022-2318](https://nvd.nist.gov/vuln/detail/CVE-2022-2318), [CVE-2022-26365](https://nvd.nist.gov/vuln/detail/CVE-2022-26365), [CVE-2022-32296](https://nvd.nist.gov/vuln/detail/CVE-2022-32296), [CVE-2022-33740](https://nvd.nist.gov/vuln/detail/CVE-2022-33740), [CVE-2022-33741](https://nvd.nist.gov/vuln/detail/CVE-2022-33741), [CVE-2022-33742](https://nvd.nist.gov/vuln/detail/CVE-2022-33742), [CVE-2022-33743](https://nvd.nist.gov/vuln/detail/CVE-2022-33743), [CVE-2022-33744](https://nvd.nist.gov/vuln/detail/CVE-2022-33744), [CVE-2022-34918](https://nvd.nist.gov/vuln/detail/CVE-2022-34918))<br>- containerd ([CVE-2022-31030](https://nvd.nist.gov/vuln/detail/CVE-2022-31030))<br><br>#### Bug fixes:<br><br>- Removed outdated LTS channel information printed on login ([init#75](https://github.com/flatcar/init/pull/75))<br><br>#### Changes:<br><br>- Enabled `containerd.service` unit, `br_netfilter` and `overlay` modules by default to follow Kubernetes requirements ([coreos-overlay#1944](https://github.com/flatcar/coreos-overlay/pull/1944), [init#72](https://github.com/flatcar/init/pull/72))<br>- DigitalOcean: In addition to the `bz2` image, a `gz` compressed image is published. This helps against hitting the compression timeout that sometimes lets the image import fail.<br>- OpenStack: In addition to the `bz2` image, a `gz` compressed image is published. This allows Glance to directly consume the images by simply passing in the URL of the image.<br>- SDK: The image compression format is now configurable. Supported formats are: `bz2`, `gz`, `zip`, `none`, `zst`. Selecting the image format can now be done by passing the `--image_compression_formats` option. This flag gets a comma separated list of formats.<br><br>#### Updates:<br><br>- Linux ([5.10.131](https://lwn.net/Articles/901381/) (includes [5.10.130](https://lwn.net/Articles/900910), [5.10.129](https://lwn.net/Articles/900322), [5.10.128](https://lwn.net/Articles/899789), [5.10.127](https://lwn.net/Articles/899371), [5.10.126](https://lwn.net/Articles/899121), [5.10.125](https://lwn.net/Articles/899090), [5.10.124](https://lwn.net/Articles/898623)))<br>- ca-certificates ([3.80](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_80.html))<br>- containerd ([1.5.13](https://github.com/containerd/containerd/releases/tag/v1.5.13))<br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.10.131<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-07-21T15:46:59+00:00 @@ -70,7 +70,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3033.3.2 3033.3.2 - 2023-10-25T10:20:37.443366+00:00 + 2023-11-22T09:59:27.159227+00:00 New **LTS-2022** Release **3033.3.2**<br><br>Changes since **LTS 3033.3.1**<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-1012](https://nvd.nist.gov/vuln/detail/CVE-2022-1012), [CVE-2022-1789](https://nvd.nist.gov/vuln/detail/CVE-2022-1789), [CVE-2022-1852](https://nvd.nist.gov/vuln/detail/CVE-2022-1852), [CVE-2022-1972](https://nvd.nist.gov/vuln/detail/CVE-2022-1972), [CVE-2022-2078](https://nvd.nist.gov/vuln/detail/CVE-2022-2078), [CVE-2022-21499](https://nvd.nist.gov/vuln/detail/CVE-2022-21499), [CVE-2022-32250](https://nvd.nist.gov/vuln/detail/CVE-2022-32250), [CVE-2022-32981](https://nvd.nist.gov/vuln/detail/CVE-2022-32981))<br>- libpcre2 ([CVE-2022-1586](https://nvd.nist.gov/vuln/detail/CVE-2022-1586), [CVE-2022-1587](https://nvd.nist.gov/vuln/detail/CVE-2022-1587))<br><br>#### Updates:<br><br>- Linux ([5.10.123](https://lwn.net/Articles/898125) (includes [5.10.122](https://lwn.net/Articles/897903), [5.10.121](https://lwn.net/Articles/897378), [5.10.120](https://lwn.net/Articles/897168), [5.10.119](https://lwn.net/Articles/896648))<br>- ca-certificates ([3.79](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_79.html))<br>- libpcre2 ([10.40](https://github.com/PCRE2Project/pcre2/blob/pcre2-10.40/NEWS))<br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.10.123<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-06-23T11:49:00+00:00 @@ -78,7 +78,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3033.3.1 3033.3.1 - 2023-10-25T10:20:37.438347+00:00 + 2023-11-22T09:59:27.154243+00:00 New **LTS-2022** Release **3033.3.1**<br><br>_Changes since **LTS-2022 3033.3.0**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-28390](https://nvd.nist.gov/vuln/detail/CVE-2022-28390), [CVE-2022-0168](https://nvd.nist.gov/vuln/detail/CVE-2022-0168), [CVE-2022-1158](https://nvd.nist.gov/vuln/detail/CVE-2022-1158), [CVE-2022-1353](https://nvd.nist.gov/vuln/detail/CVE-2022-1353), [CVE-2022-30594](https://nvd.nist.gov/vuln/detail/CVE-2022-30594), [CVE-2022-1198](https://nvd.nist.gov/vuln/detail/CVE-2022-1198), [CVE-2022-28389](https://nvd.nist.gov/vuln/detail/CVE-2022-28389), [CVE-2022-28388](https://nvd.nist.gov/vuln/detail/CVE-2022-28388), [CVE-2022-1516](https://nvd.nist.gov/vuln/detail/CVE-2022-1516), [CVE-2022-29582](https://nvd.nist.gov/vuln/detail/CVE-2022-29582), [CVE-2021-4197](https://nvd.nist.gov/vuln/detail/CVE-2021-4197), [CVE-2022-1204](https://nvd.nist.gov/vuln/detail/CVE-2022-1204), [CVE-2022-1205](https://nvd.nist.gov/vuln/detail/CVE-2022-1205), [CVE-2022-29581](https://nvd.nist.gov/vuln/detail/CVE-2022-29581), [CVE-2022-1836](https://nvd.nist.gov/vuln/detail/CVE-2022-1836), [CVE-2022-1734](https://nvd.nist.gov/vuln/detail/CVE-2022-1734), [CVE-2022-0494](https://nvd.nist.gov/vuln/detail/CVE-2022-0494), [CVE-2022-28893](https://nvd.nist.gov/vuln/detail/CVE-2022-28893), [CVE-2022-1729](https://nvd.nist.gov/vuln/detail/CVE-2022-1729), [CVE-2022-0854](https://nvd.nist.gov/vuln/detail/CVE-2022-0854))<br><br>#### Bug fixes:<br><br>- Ensured `/etc/flatcar/update.conf` exists because it happens to be used as flag file for Ansible ([init#71](https://github.com/flatcar/init/pull/71))<br><br>#### Updates:<br><br>- Linux ([5.10.118](https://lwn.net/Articles/896225/) (includes [5.10.117](https://lwn.net/Articles/895646), [5.10.116](https://lwn.net/Articles/895319), [5.10.115](https://lwn.net/Articles/895071), [5.10.114](https://lwn.net/Articles/894358), [5.10.113](https://lwn.net/Articles/892813), [5.10.112](https://lwn.net/Articles/891997), [5.10.111](https://lwn.net/Articles/891252), [5.10.110](https://lwn.net/Articles/890723)))<br>- ca-certificates ([3.78](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_78.html))<br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.10.118<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-06-02T15:10:04+00:00 @@ -86,7 +86,7 @@ https://github.com/flatcar/scripts/releases/tag/lts-3033.3.18 3033.3.18 - 2023-10-25T10:20:37.432789+00:00 + 2023-11-22T09:59:27.148647+00:00 _Changes since **LTS 3033.3.17**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2023-31085](https://nvd.nist.gov/vuln/detail/CVE-2023-31085), [CVE-2023-34324](https://nvd.nist.gov/vuln/detail/CVE-2023-34324), [CVE-2023-39189](https://nvd.nist.gov/vuln/detail/CVE-2023-39189), [CVE-2023-39192](https://nvd.nist.gov/vuln/detail/CVE-2023-39192), [CVE-2023-39193](https://nvd.nist.gov/vuln/detail/CVE-2023-39193), [CVE-2023-4244](https://nvd.nist.gov/vuln/detail/CVE-2023-4244), [CVE-2023-42752](https://nvd.nist.gov/vuln/detail/CVE-2023-42752), [CVE-2023-42753](https://nvd.nist.gov/vuln/detail/CVE-2023-42753), [CVE-2023-42754](https://nvd.nist.gov/vuln/detail/CVE-2023-42754), [CVE-2023-42755](https://nvd.nist.gov/vuln/detail/CVE-2023-42755), [CVE-2023-45871](https://nvd.nist.gov/vuln/detail/CVE-2023-45871), [CVE-2023-4623](https://nvd.nist.gov/vuln/detail/CVE-2023-4623), [CVE-2023-4921](https://nvd.nist.gov/vuln/detail/CVE-2023-4921), [CVE-2023-5197](https://nvd.nist.gov/vuln/detail/CVE-2023-5197))<br>- curl ([CVE-2023-38545](https://nvd.nist.gov/vuln/detail/CVE-2023-38545), [CVE-2023-38546](https://nvd.nist.gov/vuln/detail/CVE-2023-38546))<br><br>#### Bug fixes:<br><br><br>#### Changes:<br><br>- Add support for Microsoft Azure Network Adapter (MANA) NICs on Azure ([scripts#1131](https://github.com/flatcar/scripts/pull/1131))<br><br>#### Updates:<br><br>- ca-certificates ([3.94](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_94.html))<br>- Linux ([5.10.198](https://lwn.net/Articles/947300) (includes [5.10.197](https://lwn.net/Articles/945381), [5.10.196](https://lwn.net/Articles/945131), [5.10.195](https://lwn.net/Articles/944878), [5.10.194](https://lwn.net/Articles/943405)))<br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.10.198<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-10-25T08:40:29+00:00 @@ -94,7 +94,7 @@ https://github.com/flatcar/scripts/releases/tag/lts-3033.3.17 3033.3.17 - 2023-10-25T10:20:37.427561+00:00 + 2023-11-22T09:59:27.143417+00:00 _Changes since **LTS 3033.3.16**_<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2022-40982](https://nvd.nist.gov/vuln/detail/CVE-2022-40982), [CVE-2022-41804](https://nvd.nist.gov/vuln/detail/CVE-2022-41804), [CVE-2023-20569](https://nvd.nist.gov/vuln/detail/CVE-2023-20569), [CVE-2023-23908](https://nvd.nist.gov/vuln/detail/CVE-2023-23908), [CVE-2023-1206](https://nvd.nist.gov/vuln/detail/CVE-2023-1206), [CVE-2023-20588](https://nvd.nist.gov/vuln/detail/CVE-2023-20588), [CVE-2023-40283](https://nvd.nist.gov/vuln/detail/CVE-2023-40283), [CVE-2023-4128](https://nvd.nist.gov/vuln/detail/CVE-2023-4128), [CVE-2023-4147](https://nvd.nist.gov/vuln/detail/CVE-2023-4147), [CVE-2023-4273](https://nvd.nist.gov/vuln/detail/CVE-2023-4273))<br> <br> #### Updates:<br> <br> - Linux ([5.10.193](https://lwn.net/Articles/943114) (includes [5.10.192](https://lwn.net/Articles/942867), [5.10.191](https://lwn.net/Articles/941777),[5.10.190](https://lwn.net/Articles/941276), [5.10.189](https://lwn.net/Articles/940802)))<br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.10.193<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-09-06T13:19:04+00:00 @@ -102,7 +102,7 @@ https://github.com/flatcar/scripts/releases/tag/lts-3033.3.16 3033.3.16 - 2023-10-25T10:20:37.422627+00:00 + 2023-11-22T09:59:27.138477+00:00 _Changes since **LTS 3033.3.15**_<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2023-20593](https://nvd.nist.gov/vuln/detail/CVE-2023-20593), [CVE-2023-2898](https://nvd.nist.gov/vuln/detail/CVE-2023-2898), [CVE-2023-31248](https://nvd.nist.gov/vuln/detail/CVE-2023-31248), [CVE-2023-3390](https://nvd.nist.gov/vuln/detail/CVE-2023-3390), [CVE-2023-35001](https://nvd.nist.gov/vuln/detail/CVE-2023-35001), [CVE-2023-3610](https://nvd.nist.gov/vuln/detail/CVE-2023-3610), [CVE-2023-3611](https://nvd.nist.gov/vuln/detail/CVE-2023-3611), [CVE-2023-3776](https://nvd.nist.gov/vuln/detail/CVE-2023-3776), [CVE-2023-3863](https://nvd.nist.gov/vuln/detail/CVE-2023-3863))<br> - linux-firmware ([CVE-2023-20593](https://nvd.nist.gov/vuln/detail/CVE-2023-20593))<br> <br> #### Updates:<br> <br> - Linux ([5.10.188](https://lwn.net/Articles/939425) (includes [5.10.187](https://lwn.net/Articles/939105)))<br> - ca-certificates ([3.92](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_92.html))<br> - linux-firmware ([20230625](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20230625))<br><br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.10.188<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-08-09T11:41:25+00:00 @@ -110,7 +110,7 @@ https://github.com/flatcar/scripts/releases/tag/lts-3033.3.15 3033.3.15 - 2023-10-25T10:20:37.417653+00:00 + 2023-11-22T09:59:27.133514+00:00 _Changes since **LTS 3033.3.14**_<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2023-3338](https://nvd.nist.gov/vuln/detail/CVE-2023-3338))<br> <br> #### Bug fixes:<br> <br> <br> #### Changes:<br> <br> - Changed ext4 inode size of root partition to 256 bytes. This improves compatibility with applications and is necessary for 2038 readiness ([Flatcar#1082](https://github.com/flatcar/Flatcar/issues/1082))<br> <br> #### Updates:<br> <br> - Linux ([5.10.186](https://lwn.net/Articles/936676) (includes [5.10.185](https://lwn.net/Articles/935583)))<br> - ca-certificates ([3.91](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_91.html))<br><br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.10.186<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-07-18T09:01:17+00:00 @@ -118,7 +118,7 @@ https://github.com/flatcar/scripts/releases/tag/lts-3033.3.14 3033.3.14 - 2023-10-25T10:20:37.412827+00:00 + 2023-11-22T09:59:27.128608+00:00 _Changes since **LTS 3033.3.13**_<br> <br>#### Security fixes:<br> <br>- Linux ([CVE-2022-4269](https://nvd.nist.gov/vuln/detail/CVE-2022-4269))<br> <br>#### Updates:<br> <br>- Linux ([5.10.184](https://lwn.net/Articles/934624) (includes [5.10.183](https://lwn.net/Articles/934321), [5.10.182](https://lwn.net/Articles/933910), [5.10.181](https://lwn.net/Articles/933279)))<br>- ca-certificates ([3.90](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_90.html))<br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.10.184<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-06-21T12:18:59+00:00 @@ -126,7 +126,7 @@ https://github.com/flatcar/scripts/releases/tag/lts-3033.3.13 3033.3.13 - 2023-10-25T10:20:37.408217+00:00 + 2023-11-22T09:59:27.124001+00:00 _Changes since **LTS 3033.3.12**_<br> <br>#### Security fixes:<br> <br> - Linux ([CVE-2022-39189](https://nvd.nist.gov/vuln/detail/CVE-2022-39189), [CVE-2023-1380](https://nvd.nist.gov/vuln/detail/CVE-2023-1380), [CVE-2023-2002](https://nvd.nist.gov/vuln/detail/CVE-2023-2002), [CVE-2023-2269](https://nvd.nist.gov/vuln/detail/CVE-2023-2269), [CVE-2023-2513](https://nvd.nist.gov/vuln/detail/CVE-2023-2513), [CVE-2023-31436](https://nvd.nist.gov/vuln/detail/CVE-2023-31436), [CVE-2023-32233](https://nvd.nist.gov/vuln/detail/CVE-2023-32233))<br> <br>#### Bug fixes:<br> <br> <br>#### Changes:<br> <br> <br>#### Updates:<br> <br> - Linux ([5.10.180](https://lwn.net/Articles/932135) (includes [5.10.179](https://lwn.net/Articles/930264)))<br> - ca-certificates ([3.89.1](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_89_1.html))<br><br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.10.180<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-06-01T11:48:40+00:00 @@ -134,7 +134,7 @@ https://github.com/flatcar/scripts/releases/tag/lts-3033.3.12 3033.3.12 - 2023-10-25T10:20:37.403348+00:00 + 2023-11-22T09:59:27.119051+00:00 _Changes since **LTS 3033.3.11**_<br><br>#### Security fixes:<br><br>- nvidia-drivers ([CVE-2022-31607](https://nvd.nist.gov/vuln/detail/CVE-2022-31607), [CVE-2022-31608](https://nvd.nist.gov/vuln/detail/CVE-2022-31608), [CVE-2022-31615](https://nvd.nist.gov/vuln/detail/CVE-2022-31615), [CVE-2022-34665](https://nvd.nist.gov/vuln/detail/CVE-2022-34665), [CVE-2022-34666](https://nvd.nist.gov/vuln/detail/CVE-2022-34666), [CVE-2022-34670](https://nvd.nist.gov/vuln/detail/CVE-2022-34670), [CVE-2022-34673](https://nvd.nist.gov/vuln/detail/CVE-2022-34673), [CVE-2022-34674](https://nvd.nist.gov/vuln/detail/CVE-2022-34674), [CVE-2022-34676](https://nvd.nist.gov/vuln/detail/CVE-2022-34676), [CVE-2022-34677](https://nvd.nist.gov/vuln/detail/CVE-2022-34677), [CVE-2022-34678](https://nvd.nist.gov/vuln/detail/CVE-2022-34678), [CVE-2022-34679](https://nvd.nist.gov/vuln/detail/CVE-2022-34679), [CVE-2022-34680](https://nvd.nist.gov/vuln/detail/CVE-2022-34680), [CVE-2022-34682](https://nvd.nist.gov/vuln/detail/CVE-2022-34682), [CVE-2022-34684](https://nvd.nist.gov/vuln/detail/CVE-2022-34684), [CVE-2022-42254](https://nvd.nist.gov/vuln/detail/CVE-2022-42254), [CVE-2022-42255](https://nvd.nist.gov/vuln/detail/CVE-2022-42255), [CVE-2022-42256](https://nvd.nist.gov/vuln/detail/CVE-2022-42256), [CVE-2022-42257](https://nvd.nist.gov/vuln/detail/CVE-2022-42257), [CVE-2022-42258](https://nvd.nist.gov/vuln/detail/CVE-2022-42258), [CVE-2022-42259](https://nvd.nist.gov/vuln/detail/CVE-2022-42259), [CVE-2022-42260](https://nvd.nist.gov/vuln/detail/CVE-2022-42260), [CVE-2022-42261](https://nvd.nist.gov/vuln/detail/CVE-2022-42261), [CVE-2022-42263](https://nvd.nist.gov/vuln/detail/CVE-2022-42263), [CVE-2022-42264](https://nvd.nist.gov/vuln/detail/CVE-2022-42264), [CVE-2022-42265](https://nvd.nist.gov/vuln/detail/CVE-2022-42265))<br><br>#### Bug fixes:<br>- Fix the broken emerge-gitclone in the dev-container owing to the missing migration action around the unification of the Flatcar core repositories<br><br>#### Changes:<br>- The package upgrade for nvidia-drivers might result in not supporting a few of the older NVIDIA Tesla GPUs. If you are facing issues, set `NVIDIA_DRIVER_VERSION=460.106.00` in `/etc/flatcar/nvidia-metadata`<br><br>#### Updates:<br><br>- Linux ([5.10.178](https://lwn.net/Articles/929680/))<br>- nvidia-drivers ([525.105.17](https://docs.nvidia.com/datacenter/tesla/tesla-release-notes-525-105-17/index.html))<br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.10.178<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-04-25T13:46:55+00:00 @@ -142,7 +142,7 @@ https://github.com/flatcar/scripts/releases/tag/lts-3033.3.11 3033.3.11 - 2023-10-25T10:20:37.397385+00:00 + 2023-11-22T09:59:27.113150+00:00 _Changes since **LTS 3033.3.10**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-4379](https://nvd.nist.gov/vuln/detail/CVE-2022-4379), [CVE-2023-1076](https://nvd.nist.gov/vuln/detail/CVE-2023-1076), [CVE-2023-1077](https://nvd.nist.gov/vuln/detail/CVE-2023-1077), [CVE-2023-1079](https://nvd.nist.gov/vuln/detail/CVE-2023-1079), [CVE-2023-1118](https://nvd.nist.gov/vuln/detail/CVE-2023-1118), [CVE-2023-1611](https://nvd.nist.gov/vuln/detail/CVE-2023-1611), [CVE-2023-1670](https://nvd.nist.gov/vuln/detail/CVE-2023-1670), [CVE-2023-1829](https://nvd.nist.gov/vuln/detail/CVE-2023-1829), [CVE-2023-1855](https://nvd.nist.gov/vuln/detail/CVE-2023-1855), [CVE-2023-1989](https://nvd.nist.gov/vuln/detail/CVE-2023-1989), [CVE-2023-1990](https://nvd.nist.gov/vuln/detail/CVE-2023-1990), [CVE-2023-23004](https://nvd.nist.gov/vuln/detail/CVE-2023-23004), [CVE-2023-25012](https://nvd.nist.gov/vuln/detail/CVE-2023-25012), [CVE-2023-28466](https://nvd.nist.gov/vuln/detail/CVE-2023-28466), [CVE-2023-30456](https://nvd.nist.gov/vuln/detail/CVE-2023-30456), [CVE-2023-30772](https://nvd.nist.gov/vuln/detail/CVE-2023-30772))<br><br>#### Bug fixes:<br><br><br>#### Changes:<br><br>- Added new image signing pub key to `flatcar-install`, needed for download verification of releases built from July 2023 onwards, if you have copies of `flatcar-install` or the image signing pub key, you need to update them as well ([init#92](https://github.com/flatcar/init/pull/92))<br><br>#### Updates:<br><br>- ca-certificates ([3.89](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_89.html))<br>- Linux ([5.10.177](https://lwn.net/Articles/928342) (includes [5.10.176](https://lwn.net/Articles/926874), [5.10.175](https://lwn.net/Articles/926416), [5.10.174](https://lwn.net/Articles/925992), [5.10.173](https://lwn.net/Articles/925935)))<br><br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.10.177<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-04-17T13:20:00+00:00 @@ -150,7 +150,7 @@ https://github.com/flatcar/scripts/releases/tag/lts-3033.3.10 3033.3.10 - 2023-10-25T10:20:37.391839+00:00 + 2023-11-22T09:59:27.107558+00:00 _Changes since **LTS 3033.3.9**_<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2022-2196](https://nvd.nist.gov/vuln/detail/CVE-2022-2196), [CVE-2022-3707](https://nvd.nist.gov/vuln/detail/CVE-2022-3707), [CVE-2022-4129](https://nvd.nist.gov/vuln/detail/CVE-2022-4129), [CVE-2022-4382](https://nvd.nist.gov/vuln/detail/CVE-2022-4382), [CVE-2023-1073](https://nvd.nist.gov/vuln/detail/CVE-2023-1073), [CVE-2023-1074](https://nvd.nist.gov/vuln/detail/CVE-2023-1074), [CVE-2023-1078](https://nvd.nist.gov/vuln/detail/CVE-2023-1078), [CVE-2023-22998](https://nvd.nist.gov/vuln/detail/CVE-2023-22998), [CVE-2023-23559](https://nvd.nist.gov/vuln/detail/CVE-2023-23559), [CVE-2023-26545](https://nvd.nist.gov/vuln/detail/CVE-2023-26545))<br> <br> #### Updates:<br> <br> - Linux ([5.10.172](https://lwn.net/Articles/925079) (includes [5.10.171](https://lwn.net/Articles/925065), [5.10.170](https://lwn.net/Articles/924440), [5.10.169](https://lwn.net/Articles/924074), [5.10.168](https://lwn.net/Articles/923395), [5.10.167](https://lwn.net/Articles/922341), [5.10.166](https://lwn.net/Articles/921852), [5.10.165](https://lwn.net/Articles/921030)))<br> - ca-certificates ([3.88.1](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_88_1.html))<br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.10.172<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-03-07T15:25:03+00:00 @@ -158,7 +158,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3033.3.0 3033.3.0 - 2023-10-25T10:20:37.386336+00:00 + 2023-11-22T09:59:27.102048+00:00 New **LTS-2022** Release **3033.3.0**<br><br>_Changes since **LTS-2021 2605.27.1**_<br><br>Update to CGroupsV2: Flatcar Container Linux migrates to the unified cgroup hierarchy (aka cgroups v2)! New nodes will utilize cgroups v2 by default. Existing nodes remain on cgroups v1 and need to be manually migrated to cgroups v2. To learn more about the cgroups v2 on Flatcar Container Linux and the migration guide, please refer to https://flatcar-linux.org/docs/latest/container-runtimes/switching-to-unified-cgroups/<br><br>Other notable changes: cri-tools and lbzip2 got added, PAM tally2 got replaced by PAM faillock, only a single Docker version is now shipped (20.10), and rkt, kubelet-wapper, dhcpcd, and containerd-stress got removed.<br><br>### Security fixes:<br><br>(Note: Not all fixed issues may have been present in the old versions)<br>- Linux ([CVE-2020-27170](https://nvd.nist.gov/vuln/detail/CVE-2020-27170), [CVE-2020-25220](https://nvd.nist.gov/vuln/detail/CVE-2020-25220), [CVE-2020-27171](https://nvd.nist.gov/vuln/detail/CVE-2020-27171), [CVE-2020-35499](https://nvd.nist.gov/vuln/detail/CVE-2020-35499), [CVE-2022-0286](https://nvd.nist.gov/vuln/detail/CVE-2022-0286), [CVE-2022-0516](https://nvd.nist.gov/vuln/detail/CVE-2022-0516), [CVE-2021-3411](https://nvd.nist.gov/vuln/detail/CVE-2021-3411), [CVE-2021-3489](https://nvd.nist.gov/vuln/detail/CVE-2021-3489), [CVE-2021-3490](https://nvd.nist.gov/vuln/detail/CVE-2021-3490), [CVE-2021-3491](https://nvd.nist.gov/vuln/detail/CVE-2021-3491), [CVE-2021-3501](https://nvd.nist.gov/vuln/detail/CVE-2021-3501), [CVE-2021-3543](https://nvd.nist.gov/vuln/detail/CVE-2021-3543), [CVE-2021-4001](https://nvd.nist.gov/vuln/detail/CVE-2021-4001), [CVE-2021-4028](https://nvd.nist.gov/vuln/detail/CVE-2021-4028), [CVE-2021-4204](https://nvd.nist.gov/vuln/detail/CVE-2021-4204), [CVE-2021-20268](https://nvd.nist.gov/vuln/detail/CVE-2021-20268), [CVE-2021-22600](https://nvd.nist.gov/vuln/detail/CVE-2021-22600), [CVE-2021-26708](https://nvd.nist.gov/vuln/detail/CVE-2021-26708), [CVE-2021-28039](https://nvd.nist.gov/vuln/detail/CVE-2021-28039), [CVE-2021-28691](https://nvd.nist.gov/vuln/detail/CVE-2021-28691), [CVE-2021-28952](https://nvd.nist.gov/vuln/detail/CVE-2021-28952), [CVE-2021-29266](https://nvd.nist.gov/vuln/detail/CVE-2021-29266), [CVE-2021-29646](https://nvd.nist.gov/vuln/detail/CVE-2021-29646), [CVE-2021-29649](https://nvd.nist.gov/vuln/detail/CVE-2021-29649), [CVE-2021-29657](https://nvd.nist.gov/vuln/detail/CVE-2021-29657), [CVE-2021-34866](https://nvd.nist.gov/vuln/detail/CVE-2021-34866), [CVE-2021-38166](https://nvd.nist.gov/vuln/detail/CVE-2021-38166), [CVE-2021-38206](https://nvd.nist.gov/vuln/detail/CVE-2021-38206), [CVE-2021-38207](https://nvd.nist.gov/vuln/detail/CVE-2021-38207), [CVE-2021-38209](https://nvd.nist.gov/vuln/detail/CVE-2021-38209), [CVE-2021-31440](https://nvd.nist.gov/vuln/detail/CVE-2021-31440), [CVE-2021-41073](https://nvd.nist.gov/vuln/detail/CVE-2021-41073), [CVE-2021-42327](https://nvd.nist.gov/vuln/detail/CVE-2021-42327), [CVE-2021-45402](https://nvd.nist.gov/vuln/detail/CVE-2021-45402), [CVE-2021-43267](https://nvd.nist.gov/vuln/detail/CVE-2021-43267), [CVE-2021-46283](https://nvd.nist.gov/vuln/detail/CVE-2021-46283), [CVE-2022-0847](https://nvd.nist.gov/vuln/detail/CVE-2022-0847))<br>- systemd ([CVE-2020-13529](https://nvd.nist.gov/vuln/detail/CVE-2020-13529), [CVE-2021-3997](https://nvd.nist.gov/vuln/detail/CVE-2021-3997), [CVE-2021-33910](https://nvd.nist.gov/vuln/detail/CVE-2021-33910))<br>- Docker ([CVE-2021-21284](https://nvd.nist.gov/vuln/detail/CVE-2021-21284), [CVE-2021-21285](https://nvd.nist.gov/vuln/detail/CVE-2021-21285), [CVE-2021-41089](https://nvd.nist.gov/vuln/detail/CVE-2021-41089), [CVE-2021-41091](https://nvd.nist.gov/vuln/detail/CVE-2021-41091), [CVE-2021-41092](https://nvd.nist.gov/vuln/detail/CVE-2021-41092))<br>- containerd ([CVE-2020-15257](https://nvd.nist.gov/vuln/detail/CVE-2020-15257), [CVE-2021-21334](https://nvd.nist.gov/vuln/detail/CVE-2021-21334), [CVE-2021-32760](https://nvd.nist.gov/vuln/detail/CVE-2021-32760), [CVE-2021-41103](https://nvd.nist.gov/vuln/detail/CVE-2021-41103), [CVE-2021-43816](https://nvd.nist.gov/vuln/detail/CVE-2021-43816), [CVE-2022-23648](https://nvd.nist.gov/vuln/detail/CVE-2022-23648), [CVE-2022-24769](https://nvd.nist.gov/vuln/detail/CVE-2022-24769))<br>- Docker, containerd ([CVE-2021-41190](https://nvd.nist.gov/vuln/detail/CVE-2021-41190))<br>- glibc ([CVE-2019-25013](https://nvd.nist.gov/vuln/detail/CVE-2019-25013), [CVE-2020-27618](https://nvd.nist.gov/vuln/detail/CVE-2020-27618), [CVE-2020-29562](https://nvd.nist.gov/vuln/detail/CVE-2020-29562), [CVE-2021-3998](https://nvd.nist.gov/vuln/detail/CVE-2021-3998), [CVE-2021-3999](https://nvd.nist.gov/vuln/detail/CVE-2021-3999), [CVE-2021-27645](https://nvd.nist.gov/vuln/detail/CVE-2021-27645), [CVE-2021-33574](https://nvd.nist.gov/vuln/detail/CVE-2021-33574), [CVE-2021-35942](https://nvd.nist.gov/vuln/detail/CVE-2021-35942), [CVE-2021-38604](https://nvd.nist.gov/vuln/detail/CVE-2021-38604), [CVE-2022-23218](https://nvd.nist.gov/vuln/detail/CVE-2022-23218), [CVE-2022-23219](https://nvd.nist.gov/vuln/detail/CVE-2022-23219))<br>- Go ([CVE-2020-28362](https://nvd.nist.gov/vuln/detail/CVE-2020-28362), [CVE-2020-28366](https://nvd.nist.gov/vuln/detail/CVE-2020-28366), [CVE-2020-28367](https://nvd.nist.gov/vuln/detail/CVE-2020-28367), [CVE-2021-27918](https://nvd.nist.gov/vuln/detail/CVE-2021-27918), [CVE-2021-27919](https://nvd.nist.gov/vuln/detail/CVE-2021-27919), [CVE-2021-29923](https://nvd.nist.gov/vuln/detail/CVE-2021-29923), [CVE-2021-31525](https://nvd.nist.gov/vuln/detail/CVE-2021-31525), [CVE-2021-33195](https://nvd.nist.gov/vuln/detail/CVE-2021-33195),[CVE-2021-33196](https://nvd.nist.gov/vuln/detail/CVE-2021-33196),[CVE-2021-33197](https://nvd.nist.gov/vuln/detail/CVE-2021-33197),[CVE-2021-33198](https://nvd.nist.gov/vuln/detail/CVE-2021-33198), [CVE-2021-34558](https://nvd.nist.gov/vuln/detail/CVE-2021-34558), [CVE-2021-36221](https://nvd.nist.gov/vuln/detail/CVE-2021-36221), [CVE-2021-38297](https://nvd.nist.gov/vuln/detail/CVE-2021-38297), [CVE-2021-39293](https://nvd.nist.gov/vuln/detail/CVE-2021-39293), [CVE-2021-44716](https://nvd.nist.gov/vuln/detail/CVE-2021-44716), [CVE-2021-44717](https://nvd.nist.gov/vuln/detail/CVE-2021-44717), [CVE-2021-41771](https://nvd.nist.gov/vuln/detail/CVE-2021-41771), [CVE-2021-41772](https://nvd.nist.gov/vuln/detail/CVE-2021-41772), [CVE-2022-23772](https://nvd.nist.gov/vuln/detail/CVE-2022-23772), [CVE-2022-23773](https://nvd.nist.gov/vuln/detail/CVE-2022-23773), [CVE-2022-23806](https://nvd.nist.gov/vuln/detail/CVE-2022-23806), [CVE-2022-24921](https://nvd.nist.gov/vuln/detail/CVE-2022-24921))<br>- bash ([CVE-2019-9924](https://nvd.nist.gov/vuln/detail/CVE-2019-9924), [CVE-2019-18276](https://nvd.nist.gov/vuln/detail/CVE-2019-18276))<br>- binutils ([CVE-2021-20197](https://nvd.nist.gov/vuln/detail/CVE-2021-20197), [CVE-2021-3487](https://nvd.nist.gov/vuln/detail/CVE-2021-3487), [CVE-2021-3530](https://nvd.nist.gov/vuln/detail/CVE-2021-3530), [CVE-2021-3549](https://nvd.nist.gov/vuln/detail/CVE-2021-3549))<br>- boost ([CVE-2012-2677](https://nvd.nist.gov/vuln/detail/CVE-2012-2677))<br>- bsdiff [CVE-2014-9862](https://nvd.nist.gov/vuln/detail/CVE-2014-9862)<br>- bzip2 ([CVE-2019-12900](https://nvd.nist.gov/vuln/detail/CVE-2019-12900))<br>- curl ([CVE-2021-22876](https://nvd.nist.gov/vuln/detail/CVE-2021-22876), [CVE-2021-22890](https://nvd.nist.gov/vuln/detail/CVE-2021-22890), [CVE-2021-22898](https://nvd.nist.gov/vuln/detail/CVE-2021-22898), [CVE-2021-22901](https://nvd.nist.gov/vuln/detail/CVE-2021-22901), [CVE-2021-22945](https://nvd.nist.gov/vuln/detail/CVE-2021-22945), [CVE-2021-22946](https://nvd.nist.gov/vuln/detail/CVE-2021-22946), [CVE-2021-22947](https://nvd.nist.gov/vuln/detail/CVE-2021-22947), [CVE-2021-22922](https://nvd.nist.gov/vuln/detail/CVE-2021-22922), [CVE-2021-22923](https://nvd.nist.gov/vuln/detail/CVE-2021-22923), [CVE-2021-22924](https://nvd.nist.gov/vuln/detail/CVE-2021-22924), [CVE-2021-22925](https://nvd.nist.gov/vuln/detail/CVE-2021-22925), [CVE-2021-22926](https://nvd.nist.gov/vuln/detail/CVE-2021-22926))<br>- c-ares ([CVE-2020-8277](https://nvd.nist.gov/vuln/detail/CVE-2020-8277), [CVE-2021-3672](https://nvd.nist.gov/vuln/detail/CVE-2021-3672))<br>- ca-certificates ([CVE-2021-43527](https://nvd.nist.gov/vuln/detail/CVE-2021-43527))<br>- cifs-utils ([CVE-2020-14342](https://nvd.nist.gov/vuln/detail/CVE-2020-14342))<br>- coreutils ([CVE-2017-7476](https://nvd.nist.gov/vuln/detail/CVE-2017-7476))<br>- dbus ([CVE-2020-35512](https://nvd.nist.gov/vuln/detail/CVE-2020-35512))<br>- expat ([CVE-2013-0340](https://nvd.nist.gov/vuln/detail/CVE-2013-0340), [CVE-2021-45960](https://nvd.nist.gov/vuln/detail/CVE-2021-45960), [CVE-2021-46143](https://nvd.nist.gov/vuln/detail/CVE-2021-46143), [CVE-2022-22822](https://nvd.nist.gov/vuln/detail/CVE-2022-22822), [CVE-2022-22823](https://nvd.nist.gov/vuln/detail/CVE-2022-22823), [CVE-2022-22824](https://nvd.nist.gov/vuln/detail/CVE-2022-22824), [CVE-2022-22825](https://nvd.nist.gov/vuln/detail/CVE-2022-22825), [CVE-2022-22826](https://nvd.nist.gov/vuln/detail/CVE-2022-22826), [CVE-2022-22827](https://nvd.nist.gov/vuln/detail/CVE-2022-22827), [CVE-2022-23852](https://nvd.nist.gov/vuln/detail/CVE-2022-23852), [CVE-2022-23990](https://nvd.nist.gov/vuln/detail/CVE-2022-23990), [CVE-2022-25235](https://nvd.nist.gov/vuln/detail/CVE-2022-25235), [CVE-2022-25236](https://nvd.nist.gov/vuln/detail/CVE-2022-25236), [CVE-2022-25313](https://nvd.nist.gov/vuln/detail/CVE-2022-25313), [CVE-2022-25314](https://nvd.nist.gov/vuln/detail/CVE-2022-25314), [CVE-2022-25315](https://nvd.nist.gov/vuln/detail/CVE-2022-25315))<br>- gettext ([CVE-2020-12825](https://nvd.nist.gov/vuln/detail/CVE-2020-12825))<br>- git ([CVE-2021-21300](https://nvd.nist.gov/vuln/detail/CVE-2021-21300), [CVE-2021-40330](https://nvd.nist.gov/vuln/detail/CVE-2021-40330))<br>- glib ([CVE-2019-12450](https://nvd.nist.gov/vuln/detail/CVE-2019-12450), [CVE-2021-28153](https://nvd.nist.gov/vuln/detail/CVE-2021-28153), [CVE-2021-27218](https://nvd.nist.gov/vuln/detail/CVE-2021-27218), [CVE-2021-27219](https://nvd.nist.gov/vuln/detail/CVE-2021-27219))<br>- gnupg ([CVE-2020-25125](https://nvd.nist.gov/vuln/detail/CVE-2020-25125))<br>- gnutls ([CVE-2021-20231](https://nvd.nist.gov/vuln/detail/CVE-2021-20231), [CVE-2021-20232](https://nvd.nist.gov/vuln/detail/CVE-2021-20232))<br>- gptfdisk ([CVE-2021-0308](https://nvd.nist.gov/vuln/detail/CVE-2021-0308))<br>- ignition ([CVE-2020-14040](https://nvd.nist.gov/vuln/detail/CVE-2020-14040))<br>- intel-microcode ([CVE-2020-8694](https://nvd.nist.gov/vuln/detail/CVE-2020-8694), [CVE-2020-8695](https://nvd.nist.gov/vuln/detail/CVE-2020-8695), [CVE-2020-8696](https://nvd.nist.gov/vuln/detail/CVE-2020-8696), [CVE-2020-8698](https://nvd.nist.gov/vuln/detail/CVE-2020-8698), [CVE-2020-24489](https://nvd.nist.gov/vuln/detail/CVE-2020-24489), [CVE-2020-24511](https://nvd.nist.gov/vuln/detail/CVE-2020-24511), [CVE-2020-24513](https://nvd.nist.gov/vuln/detail/CVE-2020-24513))<br>- libgcrypt ([CVE-2021-33560](https://nvd.nist.gov/vuln/detail/CVE-2021-33560), [CVE-2021-40528](https://nvd.nist.gov/vuln/detail/CVE-2021-40528))<br>- libpcre ([CVE-2019-20838](https://nvd.nist.gov/vuln/detail/CVE-2019-20838), [CVE-2020-14155](https://nvd.nist.gov/vuln/detail/CVE-2020-14155))<br>- libuv ([CVE-2021-22918](https://nvd.nist.gov/vuln/detail/CVE-2021-22918))<br>- libxml2 ([CVE-2020-24977](https://nvd.nist.gov/vuln/detail/CVE-2020-24977), [CVE-2021-3516](https://nvd.nist.gov/vuln/detail/CVE-2021-3516), [CVE-2021-3517](https://nvd.nist.gov/vuln/detail/CVE-2021-3517), [CVE-2021-3518](https://nvd.nist.gov/vuln/detail/CVE-2021-3518), [CVE-2021-3541](https://nvd.nist.gov/vuln/detail/CVE-2021-3541))<br>- lz4 ([CVE-2021-3520](https://nvd.nist.gov/vuln/detail/CVE-2021-3520))<br>- mit-krb5 ([CVE-2021-36222](https://nvd.nist.gov/vuln/detail/CVE-2021-36222))<br>- ncurses ([CVE-2019-17594](https://nvd.nist.gov/vuln/detail/CVE-2019-17594), [CVE-2019-17595](https://nvd.nist.gov/vuln/detail/CVE-2019-17595))<br>- nettle ([CVE-2021-20305](https://nvd.nist.gov/vuln/detail/CVE-2021-20305), [CVE-2021-3580](https://nvd.nist.gov/vuln/detail/CVE-2021-3580))<br>- ntp ([CVE-2018-8956](https://nvd.nist.gov/vuln/detail/CVE-2018-8956), [CVE-2020-11868](https://nvd.nist.gov/vuln/detail/CVE-2020-11868), [CVE-2020-13817](https://nvd.nist.gov/vuln/detail/CVE-2020-13817), [CVE-2020-15025](https://nvd.nist.gov/vuln/detail/CVE-2020-15025))<br>- nvidia-drivers ([CVE-2022-21813](https://nvd.nist.gov/vuln/detail/CVE-2022-21813), [CVE-2022-21814](https://nvd.nist.gov/vuln/detail/CVE-2022-21814))<br>- open-iscsi ([CVE-2017-17840](https://nvd.nist.gov/vuln/detail/CVE-2017-17840))<br>- openssl ([CVE-2021-3449](https://nvd.nist.gov/vuln/detail/CVE-2021-3449), [CVE-2021-3450](https://nvd.nist.gov/vuln/detail/CVE-2021-3450), [CVE-2022-0778](https://nvd.nist.gov/vuln/detail/CVE-2022-0778))<br>- openldap ([CVE-2020-36221](https://nvd.nist.gov/vuln/detail/CVE-2020-36221), [CVE-2020-36222](https://nvd.nist.gov/vuln/detail/CVE-2020-36222), [CVE-2020-36223](https://nvd.nist.gov/vuln/detail/CVE-2020-36223), [CVE-2020-36224](https://nvd.nist.gov/vuln/detail/CVE-2020-36224), [CVE-2020-36225](https://nvd.nist.gov/vuln/detail/CVE-2020-36225), [CVE-2020-36226](https://nvd.nist.gov/vuln/detail/CVE-2020-36226), [CVE-2020-36227](https://nvd.nist.gov/vuln/detail/CVE-2020-36227), [CVE-2020-36228](https://nvd.nist.gov/vuln/detail/CVE-2020-36228), [CVE-2020-36229](https://nvd.nist.gov/vuln/detail/CVE-2020-36229), [CVE-2020-36230](https://nvd.nist.gov/vuln/detail/CVE-2020-36230), [CVE-2021-27212](https://nvd.nist.gov/vuln/detail/CVE-2021-27212))<br>- pam [CVE-2020-27780](https://nvd.nist.gov/vuln/detail/CVE-2020-27780)<br>- polkit ([CVE-2021-3560](https://nvd.nist.gov/vuln/detail/CVE-2021-3560), [CVE-2021-4034](https://nvd.nist.gov/vuln/detail/CVE-2021-4034))<br>- runc ([CVE-2021-30465](https://nvd.nist.gov/vuln/detail/CVE-2021-30465))<br>- samba ([CVE-2019-3880](https://nvd.nist.gov/vuln/detail/CVE-2019-3880), [CVE-2019-10197](https://nvd.nist.gov/vuln/detail/CVE-2019-10197), [CVE-2019-10218](https://nvd.nist.gov/vuln/detail/CVE-2019-10218), [CVE-2020-10704](https://nvd.nist.gov/vuln/detail/CVE-2020-10704), [CVE-2020-10745](https://nvd.nist.gov/vuln/detail/CVE-2020-10745), [CVE-2020-14318](https://nvd.nist.gov/vuln/detail/CVE-2020-14318), [CVE-2020-14323](https://nvd.nist.gov/vuln/detail/CVE-2020-14323), [CVE-2020-14383](https://nvd.nist.gov/vuln/detail/CVE-2020-14383))<br>- shadow ([CVE-2019-19882](https://nvd.nist.gov/vuln/detail/CVE-2019-19882))<br>- sqlite ([CVE-2021-20227](https://nvd.nist.gov/vuln/detail/CVE-2021-20227))<br>- sssd ([CVE-2018-16838](https://nvd.nist.gov/vuln/detail/CVE-2018-16838), [CVE-2018-16883](https://nvd.nist.gov/vuln/detail/CVE-2018-16883), [CVE-2019-3811](https://nvd.nist.gov/vuln/detail/CVE-2019-3811), [CVE-2021-3621](https://nvd.nist.gov/vuln/detail/CVE-2021-3621))<br>- tar ([CVE-2021-20193](https://nvd.nist.gov/vuln/detail/CVE-2021-20193))<br>- trousers ([CVE-2020-24330](https://nvd.nist.gov/vuln/detail/CVE-2020-24330), [CVE-2020-24331](https://nvd.nist.gov/vuln/detail/CVE-2020-24331))<br>- util-linux ([CVE-2021-37600](https://nvd.nist.gov/vuln/detail/CVE-2021-37600))<br>- vim ([CVE-2021-3770](https://nvd.nist.gov/vuln/detail/CVE-2021-3770), [CVE-2021-3778](https://nvd.nist.gov/vuln/detail/CVE-2021-3778), [CVE-2021-3796](https://nvd.nist.gov/vuln/detail/CVE-2021-3796))<br>- zstd ([CVE-2021-24032](https://nvd.nist.gov/vuln/detail/CVE-2021-24032))<br>- SDK: bison ([CVE-2020-14150](https://nvd.nist.gov/vuln/detail/CVE-2020-14150), [CVE-2020-24240](https://nvd.nist.gov/vuln/detail/CVE-2020-24240))<br>- SDK: dnsmasq ([CVE-2021-3448](https://nvd.nist.gov/vuln/detail/CVE-2021-3448), [CVE-2020-25681](https://nvd.nist.gov/vuln/detail/CVE-2020-25681), [CVE-2020-25682](https://nvd.nist.gov/vuln/detail/CVE-2020-25682), [CVE-2020-25683](https://nvd.nist.gov/vuln/detail/CVE-2020-25683), [CVE-2020-25684](https://nvd.nist.gov/vuln/detail/CVE-2020-25684), [CVE-2020-25685](https://nvd.nist.gov/vuln/detail/CVE-2020-25685), [CVE-2020-25686](https://nvd.nist.gov/vuln/detail/CVE-2020-25686), [CVE-2020-25687](https://nvd.nist.gov/vuln/detail/CVE-2020-25687))<br>- SDK: perl ([CVE-2020-10878](https://nvd.nist.gov/vuln/detail/CVE-2020-10878))<br>- SDK: qemu ([CVE-2020-10717](https://nvd.nist.gov/vuln/detail/CVE-2020-10717), [CVE-2020-13754](https://nvd.nist.gov/vuln/detail/CVE-2020-13754), [CVE-2020-15859](https://nvd.nist.gov/vuln/detail/CVE-2020-15859), [CVE-2020-15863](https://nvd.nist.gov/vuln/detail/CVE-2020-15863), [CVE-2020-16092](https://nvd.nist.gov/vuln/detail/CVE-2020-16092), [CVE-2020-25741](https://nvd.nist.gov/vuln/detail/CVE-2020-25741), [CVE-2020-25742](https://nvd.nist.gov/vuln/detail/CVE-2020-25742), [CVE-2020-25743](https://nvd.nist.gov/vuln/detail/CVE-2020-25743))<br>- SDK: Rust ([CVE-2020-36323](https://nvd.nist.gov/vuln/detail/CVE-2020-36323), [CVE-2021-28876](https://nvd.nist.gov/vuln/detail/CVE-2021-28876), [CVE-2021-28877](https://nvd.nist.gov/vuln/detail/CVE-2021-28877), [CVE-2021-28878](https://nvd.nist.gov/vuln/detail/CVE-2021-28878), [CVE-2021-28879](https://nvd.nist.gov/vuln/detail/CVE-2021-28879), [CVE-2021-31162](https://nvd.nist.gov/vuln/detail/CVE-2021-31162))<br><br><br>### Bug fixes:<br><br>- The Torcx profile `docker-1.12-no` got fixed to reference the current Docker version instead of 19.03 which wasn't found on the image, causing Torcx to fail to provide Docker ([coreos-overlay#1456](https://github.com/flatcar/coreos-overlay/pull/1456))<br>- Ensured that the `/run/xtables.lock` coordination file exists for modifications of the xtables backend from containers (must be bind-mounted) or the `iptables-legacy` binaries on the host ([init#57](https://github.com/flatcar/init/pull/57))<br>- SDK: Fixed build error popping up in the new SDK Container because `policycoreutils` used the wrong ROOT to update the SELinux store ([coreos-overlay#1502](https://github.com/flatcar/coreos-overlay/pull/1502))<br>- Fixed leak of SELinux policy store to the root filesystem top directory due to wrong store path in `policycoreutils` instead of `/var/lib/selinux` ([flatcar-linux/Flatcar#596](https://github.com/flatcar/Flatcar/issues/596))<br>- Disabled the systemd-networkd settings `ManageForeignRoutes` and `ManageForeignRoutingPolicyRules` by default to ensure that CNIs like Cilium don't get their routes or routing policy rules discarded on network reconfiguration events ([Flatcar#620](https://github.com/flatcar/Flatcar/issues/620)).<br>- AWS: specify correct console (ttyS0) on kernel command line for ARM64 instances ([coreos-overlay#1628](https://github.com/flatcar/coreos-overlay/pull/1628))<br>- Prevented hitting races when creating filesystems in Ignition, these races caused boot failures like `fsck[1343]: Failed to stat /dev/disk/by-label/ROOT: No such file or directory` when creating a btrfs root filesystem ([ignition#35](https://github.com/flatcar/ignition/pull/35))<br>- Reverted the Linux kernel change to forbid xfrm id 0 for IPSec state because it broke Cilium ([Flatcar#626](https://github.com/flatcar/Flatcar/issues/626), [coreos-overlay#1682](https://github.com/flatcar/coreos-overlay/pull/1682))<br>- Reverted the Linux kernel commit which broke networking on AWS instances which use Intel 82559 NIC (c4/m4) ([Flatcar#665](https://github.com/flatcar/Flatcar/issues/665), [coreos-overlay#1720](https://github.com/flatcar/coreos-overlay/pull/1720))<br>- Added pahole to developer container, without it kernel modules built against /usr/src/linux may fail to probe with an 'invalid relocation target' error ([coreos-overlay#1839](https://github.com/flatcar/coreos-overlay/pull/1839))<br>- vim with USE=minimal was fixed to run without warning in the beginning [portage-stable#260](https://github.com/flatcar/portage-stable/pull/260)<br>- dev container: Fix github URL for coreos-overlay and portage-stable to use repos from flatcar-linux org directly instead of relying on redirects from the kinvolk org. This fixes checkouts with emerge-gitclone inside dev-container. [scripts#194](https://github.com/flatcar/scripts/pull/194)<br>- Added missing SELinux rule as initial step to resolve Torcx unpacking issue ([coreos-overlay#1426](https://github.com/flatcar/coreos-overlay/pull/1426))<br>- Randomize OEM filesystem UUID if mounting fails ([init#47](https://github.com/flatcar/init/pull/47))<br>- Run emergency.target on ignition/torcx service unit failure in dracut ([bootengine#28](https://github.com/flatcar/bootengine/pull/28))<br>- Re-enabled kernel config FS_ENCRYPTION ([coreos-overlay#1212](https://github.com/flatcar/coreos-overlay/pull/1212/))<br>- Fixed Perl in dev-container ([coreos-overlay#1238](https://github.com/flatcar/coreos-overlay/pull/1238/))<br>- Fixed containerd config after introduction of CGroupsV2 ([coreos-overlay#1214](https://github.com/flatcar/coreos-overlay/pull/1214))<br>- Fixed path for amazon-ssm-agent in base-ec2.ign ([coreos-overlay#1228](https://github.com/flatcar/coreos-overlay/pull/1228))<br>- flatcar-install: randomized OEM filesystem UUID if mounting fails ([init#47](https://github.com/flatcar/init/pull/47))<br>- Fixed null-pointer deref crash in Ignition when specifying the OEM filesystem without a label ([ignition#25](https://github.com/flatcar/ignition/pull/25))<br>- Fixed locksmith adhering to reboot window when getting the etcd lock ([locksmith#10](https://github.com/flatcar/locksmith/pull/10))<br>- Fixed pam.d sssd LDAP auth with sudo ([coreos-overlay#1170](https://github.com/flatcar/coreos-overlay/pull/1170))<br>- Let network-cleanup.service finish before entering rootfs ([coreos-overlay#1182](https://github.com/flatcar/coreos-overlay/pull/1182))<br>- Fixed SELinux policy for Flannel CNI ([coreos-overlay#1181](https://github.com/flatcar/coreos-overlay/pull/1181))<br>- Set the cilium_vxlan interface to be not managed by networkd’s default setup with DHCP as it’s managed by Cilium. ([init#43](https://github.com/flatcar/init/pull/43))<br>- Disabled SELinux by default on dockerd wrapper script ([coreos-overlay#1149](https://github.com/flatcar/coreos-overlay/pull/1149))<br>- Fixed the network-cleanup service race in the initramfs which resulted in a failure being reported<br>- GCE: Granted CAP_NET_ADMIN to set routes for the TCP LB when starting oem-gce.service ([coreos-overlay#1146](https://github.com/flatcar/coreos-overlay/pull/1146))<br>- Add the systemd tag in udev for Azure storage devices, to fix /boot automount ([init#41](https://github.com/flatcar/init/pull/41))<br>- Update-engine sent empty requests when restarted before a pending reboot ([Flatcar#388](https://github.com/flatcar/Flatcar/issues/388))<br>- systemd-networkd: Do not manage loopback network interface ([bootengine#24](https://github.com/flatcar/bootengine/pull/24) [init#40](https://github.com/flatcar/init/pull/40))<br>- flatcar-install: Detect device mapper (e.g., LVM/LUKS) usage when searching for free drives with the -s flag ([Flatcar#332](https://github.com/flatcar/Flatcar/issues/332))<br>- GCE: The old interface name ens4v1 which was replaced by eth0 due to a broken udev rule was restored, but now as alternative interface name, and eth0 will stay the primary name for consistency across cloud environments. ([init#38](https://github.com/flatcar/init/pull/38))<br>- Include firmware files for all modules shipped in our image ([Issue #359](https://github.com/flatcar/Flatcar/issues/359), [coreos-overlay#887](https://github.com/flatcar/coreos-overlay/pull/887))<br>- Add explicit path to the binary call in the coreos-metadata unit file ([Issue #360](https://github.com/flatcar/Flatcar/issues/360))<br>- sys-apps/systemd: Fix unit installation ([coreos-overlay#810](https://github.com/flatcar/coreos-overlay/pull/810))<br>- passwd: use correct GID for tss ([baselayout#15](https://github.com/flatcar/baselayout/pull/15))<br>- coreos-base/gmerge: Stop installing gmerge script ([coreos-overlay#828](https://github.com/flatcar/coreos-overlay/pull/828))<br>- Update sys-apps/coreutils and make sure they have split-usr disabled for generic images ([coreos-overlay#829](https://github.com/flatcar/coreos-overlay/pull/829))<br>- afterburn (coreos-metadata): Restart on failure and keep coreos-metadata unit active ([coreos-overlay#768](https://github.com/flatcar/coreos-overlay/pull/768))<br>- network: Accept ICMPv6 Router Advertisements to fix IPv6 address assignment in the default DHCP setting ([flatcar-linux/init#51](https://github.com/flatcar/init/pull/51), [flatcar-linux/cloudinit#12](https://github.com/flatcar/coreos-cloudinit/pull/12), [flatcar-linux/bootengine#30](https://github.com/flatcar/bootengine/pull/30))<br>- Added a new flatcar-update tool to the image to ease manual updates, rollbacks, channel/release jumping, and airgapped updates ([flatcar-linux/init#53](https://github.com/flatcar/init/pull/53))<br>- Default again to disable SELinux permissions checks in systemd which was missing in the initial systemd 246 update<br>- Default again to set DefaultTasksMax=100% in systemd which was missing in the initial systemd 246 update<br>- Make systemd detect updates again when the /usr partition changes which was missing in the initial systemd 246 update<br>- Default again to disabling IP Forwarding in systemd which was missing in the initial systemd 246 update<br>- Default again to waiting only for one network interface to be ready with systemd-networkd-wait-online which was missing in the initial systemd 246 update<br><br>### Changes:<br><br>- Backported `elf` support for `iproute2` ([coreos-overlay#1256](https://github.com/flatcar/coreos-overlay/pull/1526))<br>- Enabled the FIPS support for the Linux kernel, which users can now choose through a kernel parameter in `grub.cfg` (check it taking effect with `cat /proc/sys/crypto/fips_enabled`) ([coreos-overlay#1602](https://github.com/flatcar/coreos-overlay/pull/1602))<br>- Merge the Flatcar Pro features into the regular Flatcar images ([coreos-overlay#1679](https://github.com/flatcar/coreos-overlay/pull/1679)) <br>- Added support for switching back to CGroupsV1 without requiring a reboot. Create `/etc/flatcar-cgroupv1` through ignition. ([coreos-overlay#1666](https://github.com/flatcar/coreos-overlay/pull/1666))<br>- Enabled FIPS mode for cryptsetup ([coreos-overlay#1747](https://github.com/flatcar/coreos-overlay/pull/1747))<br>- GCE: Enabled GVE kernel driver, which adds support for Google Virtual NIC on GCP ([coreos-overlay#1802](https://github.com/flatcar/coreos-overlay/pull/1802))<br>- Enabled FIPS mode for cryptsetup ([portage-stable#312](https://github.com/flatcar/portage-stable/pull/312))<br>- Added GPIO support ([coreos-overlay#1236](https://github.com/flatcar/coreos-overlay/pull/1236))<br>- Added Azure Generation 2 VM support ([coreos-overlay#1198](https://github.com/flatcar/coreos-overlay/pull/1198))<br>- Switched Docker ecosystem packages to go1.16 ([coreos-overlay#1217](https://github.com/flatcar/coreos-overlay/pull/1217))<br>- Added lbzip2 binary to the image ([coreos-overlay#1221](https://github.com/flatcar/coreos-overlay/pull/1221))<br>- flatcar-install uses lbzip2 if present, falls back on bzip2 if not ([init#46](https://github.com/flatcar/init/pull/46))<br>- Added Intel E800 series network adapter driver ([coreos-overlay#1237](https://github.com/flatcar/coreos-overlay/pull/1237))<br>- Enabled ‘audit’ use flag for sys-libs/pam ([coreos-overlay#1233](https://github.com/flatcar/coreos-overlay/pull/1233))<br>- Bumped etcd and flannel to respectively 3.5.0, 0.14.0 to get multiarch images for arm64 support. Note for users of the old etcd v2 support: ETCDCTL_API=2 must be set to use v2 store as well as ETCD_ENABLE_V2=true in the etcd-member.service - this support will be removed in 3.6.0 ([coreos-overlay#1179](https://github.com/flatcar/coreos-overlay/pull/1179))<br>- cgroups v2 by default for new nodes ([coreos-overlay#931](https://github.com/flatcar/coreos-overlay/pull/931))<br>- Upgrade Docker to 20.10 ([coreos-overlay#931](https://github.com/flatcar/coreos-overlay/pull/931))<br>- update_engine: add postinstall hook to stay on cgroupv1 ([update_engine#13](https://github.com/flatcar/update_engine/pull/13))<br>- Switched to zstd compression for the initramfs ([coreos-overlay#1136](https://github.com/flatcar/coreos-overlay/pull/1136))<br>- Embedded new subkey in flatcar-install ([coreos-overlay#1180](https://github.com/flatcar/coreos-overlay/pull/1180))<br>- Azure: Compile OEM contents for all architectures ([coreos-overlay#1196](https://github.com/flatcar/coreos-overlay/pull/1196))<br>- AWS: Added amazon-ssm-agent ([coreos-overlay#1162](https://github.com/flatcar/coreos-overlay/pull/1162))<br>- Switched dm-verity corruption detection to issue a kernel panic (a panic results in a reboot after 1 minute, this was the case before already) instead of merely failing certain syscalls that try to use the corrupted data<br>- Support BTRFS in OEM and /usr partitions, but only used it for the OEM partition for now. Ignition configurations that refer to the OEM partition will work with any filesystem format specified, a mismatch is not resulting in a boot error. ([coreos-overlay#1106](https://github.com/flatcar/coreos-overlay/pull/1106))<br>- Enabled zstd compression for the initramfs and for amd64 also for the kernel because we hit the vmlinuz size limit on the /boot partition<br>- Deleted the unused kernel+initramfs vmlinuz file from the /usr partition<br>- devcontainer: added support to run on arm64 by switching to an architecture-agnostic partition UUID<br>- Enabled ARM64 SDK bootstrap ([scripts#134](https://github.com/flatcar/scripts/pull/134))<br>- Enable telnet support for curl ([coreos-overlay#1099](https://github.com/flatcar/coreos-overlay/pull/1099))<br>- Enable MDIO_BCM_UNIMAC for arm64 ([coreos-overlay#929](https://github.com/flatcar/coreos-overlay/pull/929))<br>- Disabled SELinux for Docker ([coreos-overlay#1055](https://github.com/flatcar/coreos-overlay/pull/1055))<br>- flatcar-install: Add -D flag to only download the image file ([Flatcar#248](https://github.com/flatcar/Flatcar/issues/248))<br>- Make the hostname setting units optional. Having the hostname units as required by the initrd.target meant that if the unit failed the machine wouldn’t start, disrupting the whole boot. ([bootengine#23](https://github.com/flatcar/bootengine/pull/23))<br>- Enable using iSCSI netroot devices on Flatcar ([bootengine#22](https://github.com/flatcar/bootengine/pull/22))<br>- The virtio network interfaces got predictable interface names as alternative interface names, and thus these names can also be used to match for a specific interface in case there is more than one and the eth0 and eth1 name assignment is not stable. ([init#38](https://github.com/flatcar/init/pull/38))<br>- The pam_faillock PAM module was enabled as replacement for the removed pam_tally2 module and will temporarily lock an account if there were login attempts with a wrong password. The faillock command can be used to show the current state. With pam_tally2 there was no limit for wrong password login attempts but with faillock the default is already restricting the attempts. The default behavior was relaxed to allow 5 wrong passwords per two minutes, and a one minute account lock time. This does not apply to logins with an SSH key. ([baselayout#17](https://github.com/flatcar/baselayout/pull/17))<br>- The etcd and flannel services are now run with Docker and any rkt-based customizations of the etcd-member and flanneld services not supported anymore. Also, because the flanneld service relies on Docker and will restart Docker after applying the new configuration, it is not possible anymore to set Requires=flanneld.service for docker.service and instead it’s enough to have flanneld.service enabled. ([coreos-overlay#857](https://github.com/flatcar/coreos-overlay/pull/857))<br>- sshd: use secure crypto algos only ([coreos-overlay#852](https://github.com/flatcar/coreos-overlay/pull/852))<br>- samba: Update to EAPI=7, add new USE flags and remove deps on icu ([coreos-overlay#864](https://github.com/flatcar/coreos-overlay/pull/864))<br>- kernel: enable kernel config CONFIG_BPF_LSM ([coreos-overlay#846](https://github.com/flatcar/coreos-overlay/pull/846))<br>- bootengine: set hostname for EC2 and OpenStack from metadata ([coreos-overlay#848](https://github.com/flatcar/coreos-overlay/pull/848))<br>- sys-block/open-iscsi: Command substitution in iscsi-init system service ([coreos-overlay#801](https://github.com/flatcar/coreos-overlay/pull/801))<br>- scripts/motdgen: Add OEM information to motd output ([init#34](https://github.com/flatcar/init/pull/34))<br>- torcx: delete Docker 1.12 ([coreos-overlay#826](https://github.com/flatcar/coreos-overlay/pull/826))<br>- portage update: update portage and related packages to newer versions ([coreos-overlay#840](https://github.com/flatcar/coreos-overlay/pull/840))<br>- bin/flatcar-install: add parameters to make wget more resilient ([init#35](https://github.com/flatcar/init/pull/35))<br>- With the open-iscsi update to 2.1.2, the service unit name changed from iscsid to iscsi ([coreos-overlay#682](https://github.com/flatcar/coreos-overlay/pull/682))<br>- Updated nsswitch.conf to use systemd-resolved ([baselayout#10](https://github.com/flatcar/baselayout/pull/10))<br>- Enabled systemd-resolved stub listeners ([baselayout#11](https://github.com/flatcar/baselayout/pull/11))<br>- systemd-resolved: Disabled DNSSEC for the mean time ([baselayout#14](https://github.com/flatcar/baselayout/pull/14))<br>- kernel: enabled CONFIG_DEBUG_INFO_BTF ([coreos-overlay#753](https://github.com/flatcar/coreos-overlay/pull/753))<br>- containerd: Disabled shim debug logs ([coreos-overlay#766](https://github.com/flatcar/coreos-overlay/pull/766))<br>- Enable BCMGENET as a module on arm64_defconfig-5.9 ([coreos-overlay#717](https://github.com/flatcar/coreos-overlay/pull/717))<br>- Enable BCM7XXX_PHY as a module on arm64_defconfig-5.9 for Raspberry Pi 4 ([coreos-overlay#716](https://github.com/flatcar/coreos-overlay/pull/716))<br>- flatcar_production_qemu.sh: Use more CPUs for ARM if available ([scripts#91](https://github.com/flatcar/flatcar-scripts/pull/91))<br>- Enabled the kernel config HOTPLUG_PCI_ACPI for arm64 to support attaching EC2 volumes ([coreos-overlay#705](https://github.com/flatcar/coreos-overlay/pull/705))<br>- Support the lockdown kernel command line parameter ([coreos-overlay#533](https://github.com/flatcar/coreos-overlay/pull/553))<br>- AWS arm64: Enable elastic network adapter module ([coreos-overlay#631](https://github.com/flatcar/coreos-overlay/pull/631))<br>- rkt and kubelet-wrapper are deprecated and removed from Alpha, also from subsequent channels in the future. Please read the [removal announcement](https://groups.google.com/g/flatcar-linux-user/c/MeinndLqJO4) to know more.<br><br><br>### Updates:<br><br>- Linux ([5.10.109](https://lwn.net/Articles/889439)) (from 5.4.188)<br>- Linux Firmware ([20211216](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20211216))<br>- systemd ([249.10](https://github.com/systemd/systemd-stable/releases/tag/v249.10))<br>- glibc ([2.33](https://sourceware.org/glibc/wiki/Release/2.33))<br>- Go ([1.17.8](https://go.googlesource.com/go/+/refs/tags/go1.17.8))<br>- Docker ([20.10.12](https://docs.docker.com/engine/release-notes/#201012))<br>- bash ([5.1](https://lists.gnu.org/archive/html/info-gnu/2020-12/msg00003.html))<br>- c-ares ([1.17.2](https://github.com/c-ares/c-ares/releases/tag/cares-1_17_2))<br>- ca-certificates ([3.73](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_73.html))<br>- containerd ([1.5.11](https://github.com/containerd/containerd/releases/tag/v1.5.11))<br>- coreutils ([8.32](http://savannah.gnu.org/forum/forum.php?forum_id=9693))<br>- cryptsetup ([2.3.6](https://gitlab.com/cryptsetup/cryptsetup/-/blob/v2.3.6/docs/v2.3.6-ReleaseNotes))<br>- curl ([7.79.1](https://curl.se/mail/lib-2021-09/0079.html))<br>- dbus ([1.12.20](https://gitlab.freedesktop.org/dbus/dbus/-/blob/dbus-1.12.20/NEWS))<br>- ebtables ([2.0.11](https://lwn.net/Articles/806179/))<br>- etcd-wrapper ([3.5.0](https://github.com/etcd-io/etcd/releases/tag/v3.5.0))<br>- etcdctl ([3.5.0](https://github.com/etcd-io/etcd/releases/tag/v3.5.0))<br>- expat ([2.4.6](https://github.com/libexpat/libexpat/blob/R_2_4_6/expat/Changes))<br>- flannel-wrapper ([0.14](https://github.com/flannel-io/flannel/releases/tag/v0.14.0))<br>- gawk ([5.1.0](https://lists.gnu.org/archive/html/info-gnu/2020-04/msg00007.html))<br>- gettext ([0.21](https://lists.gnu.org/archive/html/info-gnu/2020-07/msg00009.html))<br>- git ([2.32.0](https://github.com/git/git/blob/master/Documentation/RelNotes/2.32.0.txt))<br>- glib ([2.66.8](https://gitlab.gnome.org/GNOME/glib/-/releases/2.66.8))<br>- gnupg ([2.2.29](https://lists.gnupg.org/pipermail/gnupg-announce/2021q3/000461.html))<br>- gnutls ([3.7.1](https://github.com/gnutls/gnutls/blob/3.7.1/NEWS))<br>- gptfdisk ([1.0.7](http://www.rodsbooks.com/gdisk/))<br>- ignition ([0.36.1](https://github.com/flatcar/ignition/releases/tag/v0.36.1))<br>- intel-microcode ([20210608_p20210608](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20210608))<br>- iptables ([1.8.7](https://lwn.net/Articles/843069/))<br>- keyutils ([1.6.1](https://lwn.net/Articles/771934/))<br>- ldb ([2.3.0](https://gitlab.com/samba-team/samba/-/blob/ldb-2.3.0/WHATSNEW.txt))<br>- libarchive ([3.5.1](https://github.com/libarchive/libarchive/releases/tag/v3.5.1))<br>- libev ([4.33](http://dist.schmorp.de/libev/))<br>- libgcrypt ([1.9.4](https://dev.gnupg.org/T5402))<br>- libmnl ([1.0.4](https://marc.info/?l=netfilter-devel&m=146745072727070&w=2))<br>- libnftnl ([1.2.0](https://lwn.net/Articles/857198/))<br>- libpcre ([8.44](http://www.rexegg.com/pcre-doc/ChangeLog))<br>- libselinux ([3.1](https://github.com/SELinuxProject/selinux/releases/tag/libselinux-3.1))<br>- libsemanage ([3.1](https://github.com/SELinuxProject/selinux/releases/tag/libsemanage-3.1))<br>- libsepol ([3.1](https://github.com/SELinuxProject/selinux/releases/tag/libsepol-3.1))<br>- libtirpc ([1.3.2](https://www.spinics.net/lists/linux-nfs/msg84129.html))<br>- libuv ([1.41.1](https://github.com/libuv/libuv/releases/tag/v1.41.1))<br>- libverto ([0.3.1](https://github.com/latchset/libverto/releases/tag/0.3.1))<br>- libxml2 ([2.9.12](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.9.12))<br>- lvm2 ([2.02.188](https://github.com/lvmteam/lvm2/blob/v2_02_188/WHATS_NEW))<br>- lz4 ([1.9.3](https://github.com/lz4/lz4/releases/tag/v1.9.3))<br>- mit-krb5 ([1.19.2](https://web.mit.edu/kerberos/krb5-1.19/README-1.19.2.txt))<br>- multipath-tools ([0.8.5](https://github.com/opensvc/multipath-tools/releases/tag/0.8.5))<br>- ncurses ([6.2](https://lists.gnu.org/archive/html/info-gnu/2020-02/msg00010.html))<br>- net-tools ([2.10](https://sourceforge.net/p/net-tools/mailman/message/37192002/))<br>- nettle ([3.7.3](https://lists.gnu.org/archive/html/info-gnu/2021-06/msg00002.html))<br>- nftables ([0.9.9](https://lwn.net/Articles/857369/))<br>- nvidia-drivers ([510.47.03](https://docs.nvidia.com/datacenter/tesla/tesla-release-notes-510-47-03/index.html)) <br>- openldap ([2.4.58](https://lists.openldap.org/hyperkitty/list/openldap-announce@openldap.org/thread/GK4OGTM6VMIAJCAZSG66VXRRN2LVQDVF/))<br>- openssh ([8.7](https://www.openssh.com/txt/release-8.7))<br>- openssl ([1.1.1n](https://www.openssl.org/news/changelog.html#openssl-111))<br>- pam ([1.5.1](https://github.com/linux-pam/linux-pam/releases/tag/v1.5.1))<br>- pambase 20200817<br>- pax-utils ([1.3.1](https://gitweb.gentoo.org/proj/pax-utils.git/tag/?h=v1.3.1))<br>- policycoreutils ([3.1](https://github.com/SELinuxProject/selinux/tree/policycoreutils-3.1))<br>- polkit ([0.119](https://gitlab.freedesktop.org/polkit/polkit/-/blob/0.119/NEWS))<br>- readline ([8.1](https://lwn.net/Articles/839213/))<br>- realmd ([0.17.0](https://gitlab.freedesktop.org/realmd/realmd/-/blob/0.17.0/NEWS))<br>- runc ([1.0.3](https://github.com/opencontainers/runc/releases/tag/v1.0.3))<br>- samba ([4.12.9](https://www.samba.org/samba/history/samba-4.12.9.html))<br>- selinux-base ([2.20200818](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20200818))<br>- selinux-base-policy ([2.20200818](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20200818))<br>- selinux-unconfined ([2.20200818](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20200818))<br>- selinux-virt ([2.20200818](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20200818))<br>- sssd ([2.3.1](https://sssd.io/release-notes/sssd-2.3.1.html))<br>- strace ([5.12](https://lists.strace.io/pipermail/strace-devel/2021-April/010516.html))<br>- talloc ([2.3.2](https://gitlab.com/samba-team/samba/-/tags/talloc-2.3.2))<br>- tar ([1.34](https://lists.gnu.org/archive/html/info-gnu/2021-02/msg00006.html))<br>- util-linux ([2.37.2](https://www.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.2-ChangeLog))<br>- vim ([8.2.3428](https://github.com/vim/vim/releases/tag/v8.2.3428))<br>- xenstore ([4.14](https://wiki.xenproject.org/wiki/Xen_Project_4.14_Release_Notes))<br>- xz-utils ([5.2.5](https://git.tukaani.org/?p=xz.git;a=blob;f=NEWS;h=d3f7d602343b4885e2c5653fefcc86fc2c14a06b;hb=v5.2.5))<br>- zstd ([1.4.9](https://github.com/facebook/zstd/releases/tag/v1.4.9))<br>- Azure: WALinuxAgent ([2.6.0.2](https://github.com/Azure/WALinuxAgent/releases/tag/v2.6.0.2))<br><br>_Changes since **Stable 3033.2.4**_<br><br><br>### Security fixes:<br><br>- nvidia-drivers ([CVE-2022-21814](https://nvd.nist.gov/vuln/detail/CVE-2022-21814), [CVE-2022-21813](https://nvd.nist.gov/vuln/detail/CVE-2022-21813))<br>- containerd ([CVE-2022-24769](https://nvd.nist.gov/vuln/detail/CVE-2022-24769))<br><br>### Bug fixes:<br><br>- AWS: specify correct console (ttyS0) on kernel command line for ARM64 instances ([coreos-overlay#1628](https://github.com/flatcar/coreos-overlay/pull/1628))<br>- Added pahole to developer container, without it kernel modules built against /usr/src/linux may fail to probe with an 'invalid relocation target' error ([coreos-overlay#1839](https://github.com/flatcar/coreos-overlay/pull/1839))<br>- network: Accept ICMPv6 Router Advertisements to fix IPv6 address assignment in the default DHCP setting ([flatcar-linux/init#51](https://github.com/flatcar/init/pull/51), [flatcar-linux/cloudinit#12](https://github.com/flatcar/coreos-cloudinit/pull/12), [flatcar-linux/bootengine#30](https://github.com/flatcar/bootengine/pull/30))<br><br>### Changes:<br><br>- The systemd-networkd `ManageForeignRoutes` and `ManageForeignRoutingPolicyRules` settings are now disabled through a drop-in file and thus can only be enabled again by a drop-in file under `/etc/systemd/networkd.conf.d/` because drop-in files take precedence over `/etc/systemd/networkd.conf` ([init#61](https://github.com/flatcar/init/pull/61))<br>- Excluded special network interface devices like bridge, tunnel, vxlan, and veth devices from the default DHCP configuration to prevent networkd interference ([init#56](https://github.com/flatcar/init/pull/56))<br>- Added a new flatcar-update tool to the image to ease manual updates, rollbacks, channel/release jumping, and airgapped updates ([flatcar-linux/init#53](https://github.com/flatcar/init/pull/53))<br>- Merge the Flatcar Pro features into the regular Flatcar images ([coreos-overlay#1679](https://github.com/flatcar/coreos-overlay/pull/1679))<br>- Enabled the FIPS support for the Linux kernel, which users can now choose through a kernel parameter in `grub.cfg` (check it taking effect with `cat /proc/sys/crypto/fips_enabled`) ([coreos-overlay#1602](https://github.com/flatcar/coreos-overlay/pull/1602))<br>- Merge the Flatcar Pro features into the regular Flatcar images ([coreos-overlay#1679](https://github.com/flatcar/coreos-overlay/pull/1679)) <br>- Enabled FIPS mode for cryptsetup ([flatcar-linux/coreos-overlay#1747](https://github.com/flatcar/coreos-overlay/pull/1747), [portage-stable#312](https://github.com/flatcar/portage-stable/pull/312))<br>- GCE: Enabled GVE kernel driver, which adds support for Google Virtual NIC on GCP ([coreos-overlay#1802](https://github.com/flatcar/coreos-overlay/pull/1802))<br>- SDK: Dropped the mantle binaries (kola, ore, etc.) from the SDK, they are now provided by the `ghcr.io/flatcar/mantle` image ([coreos-overlay#1827](https://github.com/flatcar/coreos-overlay/pull/1827), [scripts#275](https://github.com/flatcar/scripts/pull/275))<br><br>### Updates:<br><br>- Linux ([5.10.109](https://lwn.net/Articles/889439) with [5.10.108](https://lwn.net/Articles/889002))<br>- ca-certificates ([3.77](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_77.html))<br>- containerd ([1.5.11](https://github.com/containerd/containerd/releases/tag/v1.5.11))<br>- nvidia-drivers ([510.47.03](https://docs.nvidia.com/datacenter/tesla/tesla-release-notes-510-47-03/index.html)) <br>- Azure: WALinuxAgent ([2.6.0.2](https://github.com/Azure/WALinuxAgent/releases/tag/v2.6.0.2))<br><br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.10.109<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-05-05T08:46:50+00:00 diff --git a/static/releases-feed/releases-lts-2023.xml b/static/releases-feed/releases-lts-2023.xml index afe34576..f59f672f 100644 --- a/static/releases-feed/releases-lts-2023.xml +++ b/static/releases-feed/releases-lts-2023.xml @@ -2,7 +2,7 @@ https://www.flatcar.org/ Flatcar :: lts - 2023-10-25T10:20:37.726738+00:00 + 2023-11-22T09:59:27.443761+00:00 Flatcar Container Linux hello@kinvolk.io @@ -14,7 +14,7 @@ https://github.com/flatcar/scripts/releases/tag/lts-3510.3.1 3510.3.1 - 2023-10-25T10:20:37.798941+00:00 + 2023-11-22T09:59:27.515982+00:00 _Changes since **LTS 3510.3.0**_<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2023-31085](https://nvd.nist.gov/vuln/detail/CVE-2023-31085), [CVE-2023-34324](https://nvd.nist.gov/vuln/detail/CVE-2023-34324), [CVE-2023-4244](https://nvd.nist.gov/vuln/detail/CVE-2023-4244), [CVE-2023-42754](https://nvd.nist.gov/vuln/detail/CVE-2023-42754), [CVE-2023-42755](https://nvd.nist.gov/vuln/detail/CVE-2023-42755), [CVE-2023-5197](https://nvd.nist.gov/vuln/detail/CVE-2023-5197))<br> - curl ([CVE-2023-38545](https://nvd.nist.gov/vuln/detail/CVE-2023-38545), [CVE-2023-38546](https://nvd.nist.gov/vuln/detail/CVE-2023-38546)) <br> <br> #### Bug fixes:<br> <br> - Disabled systemd-networkd's RoutesToDNS setting by default to fix provisioning failures observed in VMs with multiple network interfaces on Azure ([scripts#1206](https://github.com/flatcar/scripts/pull/1206))<br> - Triggered re-reading of partition table to fix adding partitions to the boot disk ([scripts#1202](https://github.com/flatcar/scripts/pull/1202))<br> <br> #### Changes:<br> <br> - To make Kubernetes work by default, `/usr/libexec/kubernetes/kubelet-plugins/volume/exec` is now a symlink to the writable folder `/var/kubernetes/kubelet-plugins/volume/exec` ([Flatcar#1193](https://github.com/flatcar/Flatcar/issues/1193))<br> <br> #### Updates:<br> <br> - Linux ([5.15.136](https://lwn.net/Articles/948297) (includes [5.15.135](https://lwn.net/Articles/947299), [5.15.134](https://lwn.net/Articles/946855), [5.15.133](https://lwn.net/Articles/945380)))<br> - ca-certificates ([3.94](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_94.html))<br>Packages:<br>- containerd 1.6.16<br>- docker 20.10.23<br>- ignition 2.14.0<br>- kernel 5.15.136<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-10-25T08:41:08+00:00 @@ -22,7 +22,7 @@ https://github.com/flatcar/scripts/releases/tag/lts-3510.3.0 3510.3.0 - 2023-10-25T10:20:37.793052+00:00 + 2023-11-22T09:59:27.510014+00:00 _Changes since **Stable 3510.2.8**_<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2023-42752](https://nvd.nist.gov/vuln/detail/CVE-2023-42752), [CVE-2023-42753](https://nvd.nist.gov/vuln/detail/CVE-2023-42753), [CVE-2023-4623](https://nvd.nist.gov/vuln/detail/CVE-2023-4623), [CVE-2023-4921](https://nvd.nist.gov/vuln/detail/CVE-2023-4921))<br> <br> #### Bug fixes:<br> <br> <br> #### Changes:<br> <br> - Use qcow2 compressed format instead of additional compression layer in Qemu images ([Flatcar#1135](https://github.com/flatcar/Flatcar/issues/1135), [scripts#1132](https://github.com/flatcar/scripts/pull/1132))<br> <br> #### Updates:<br> <br> - Linux ([5.15.132](https://lwn.net/Articles/944877) (includes [5.15.131](https://lwn.net/Articles/943755), [5.15.130](https://lwn.net/Articles/943404)))<br><br><br>**Changes compared to LTS-2022 3033.3.17**<br><br> #### Security fixes:<br> <br> - Linux ([CVE-2019-15794](https://nvd.nist.gov/vuln/detail/CVE-2019-15794),[CVE-2020-16119](https://nvd.nist.gov/vuln/detail/CVE-2020-16119),[CVE-2020-24586](https://nvd.nist.gov/vuln/detail/CVE-2020-24586),[CVE-2020-24587](https://nvd.nist.gov/vuln/detail/CVE-2020-24587),[CVE-2020-24588](https://nvd.nist.gov/vuln/detail/CVE-2020-24588),[CVE-2020-25639](https://nvd.nist.gov/vuln/detail/CVE-2020-25639),[CVE-2020-25670](https://nvd.nist.gov/vuln/detail/CVE-2020-25670),[CVE-2020-25671](https://nvd.nist.gov/vuln/detail/CVE-2020-25671),[CVE-2020-25672](https://nvd.nist.gov/vuln/detail/CVE-2020-25672),[CVE-2020-25673](https://nvd.nist.gov/vuln/detail/CVE-2020-25673),[CVE-2020-26139](https://nvd.nist.gov/vuln/detail/CVE-2020-26139),[CVE-2020-26141](https://nvd.nist.gov/vuln/detail/CVE-2020-26141),[CVE-2020-26145](https://nvd.nist.gov/vuln/detail/CVE-2020-26145),[CVE-2020-26147](https://nvd.nist.gov/vuln/detail/CVE-2020-26147),[CVE-2020-26541](https://nvd.nist.gov/vuln/detail/CVE-2020-26541),[CVE-2020-26555](https://nvd.nist.gov/vuln/detail/CVE-2020-26555),[CVE-2020-26558](https://nvd.nist.gov/vuln/detail/CVE-2020-26558),[CVE-2020-27170](https://nvd.nist.gov/vuln/detail/CVE-2020-27170),[CVE-2020-27171](https://nvd.nist.gov/vuln/detail/CVE-2020-27171),[CVE-2020-27820](https://nvd.nist.gov/vuln/detail/CVE-2020-27820),[CVE-2020-36516](https://nvd.nist.gov/vuln/detail/CVE-2020-36516),[CVE-2021-0129](https://nvd.nist.gov/vuln/detail/CVE-2021-0129),[CVE-2021-0512](https://nvd.nist.gov/vuln/detail/CVE-2021-0512),[CVE-2021-0920](https://nvd.nist.gov/vuln/detail/CVE-2021-0920),[CVE-2021-0937](https://nvd.nist.gov/vuln/detail/CVE-2021-0937),[CVE-2021-0941](https://nvd.nist.gov/vuln/detail/CVE-2021-0941),[CVE-2021-20320](https://nvd.nist.gov/vuln/detail/CVE-2021-20320),[CVE-2021-20321](https://nvd.nist.gov/vuln/detail/CVE-2021-20321),[CVE-2021-20322](https://nvd.nist.gov/vuln/detail/CVE-2021-20322),[CVE-2021-22543](https://nvd.nist.gov/vuln/detail/CVE-2021-22543),[CVE-2021-22555](https://nvd.nist.gov/vuln/detail/CVE-2021-22555),[CVE-2021-22600](https://nvd.nist.gov/vuln/detail/CVE-2021-22600),[CVE-2021-23133](https://nvd.nist.gov/vuln/detail/CVE-2021-23133),[CVE-2021-23134](https://nvd.nist.gov/vuln/detail/CVE-2021-23134),[CVE-2021-26401](https://nvd.nist.gov/vuln/detail/CVE-2021-26401),[CVE-2021-26930](https://nvd.nist.gov/vuln/detail/CVE-2021-26930),[CVE-2021-26931](https://nvd.nist.gov/vuln/detail/CVE-2021-26931),[CVE-2021-26932](https://nvd.nist.gov/vuln/detail/CVE-2021-26932),[CVE-2021-27363](https://nvd.nist.gov/vuln/detail/CVE-2021-27363),[CVE-2021-27364](https://nvd.nist.gov/vuln/detail/CVE-2021-27364),[CVE-2021-27365](https://nvd.nist.gov/vuln/detail/CVE-2021-27365),[CVE-2021-28038](https://nvd.nist.gov/vuln/detail/CVE-2021-28038),[CVE-2021-28039](https://nvd.nist.gov/vuln/detail/CVE-2021-28039),[CVE-2021-28375](https://nvd.nist.gov/vuln/detail/CVE-2021-28375),[CVE-2021-28660](https://nvd.nist.gov/vuln/detail/CVE-2021-28660),[CVE-2021-28688](https://nvd.nist.gov/vuln/detail/CVE-2021-28688),[CVE-2021-28691](https://nvd.nist.gov/vuln/detail/CVE-2021-28691),[CVE-2021-28711](https://nvd.nist.gov/vuln/detail/CVE-2021-28711),[CVE-2021-28712](https://nvd.nist.gov/vuln/detail/CVE-2021-28712),[CVE-2021-28713](https://nvd.nist.gov/vuln/detail/CVE-2021-28713),[CVE-2021-28714](https://nvd.nist.gov/vuln/detail/CVE-2021-28714),[CVE-2021-28715](https://nvd.nist.gov/vuln/detail/CVE-2021-28715),[CVE-2021-28950](https://nvd.nist.gov/vuln/detail/CVE-2021-28950),[CVE-2021-28951](https://nvd.nist.gov/vuln/detail/CVE-2021-28951),[CVE-2021-28952](https://nvd.nist.gov/vuln/detail/CVE-2021-28952),[CVE-2021-28964](https://nvd.nist.gov/vuln/detail/CVE-2021-28964),[CVE-2021-28971](https://nvd.nist.gov/vuln/detail/CVE-2021-28971),[CVE-2021-28972](https://nvd.nist.gov/vuln/detail/CVE-2021-28972),[CVE-2021-29154](https://nvd.nist.gov/vuln/detail/CVE-2021-29154),[CVE-2021-29155](https://nvd.nist.gov/vuln/detail/CVE-2021-29155),[CVE-2021-29264](https://nvd.nist.gov/vuln/detail/CVE-2021-29264),[CVE-2021-29265](https://nvd.nist.gov/vuln/detail/CVE-2021-29265),[CVE-2021-29266](https://nvd.nist.gov/vuln/detail/CVE-2021-29266),[CVE-2021-29646](https://nvd.nist.gov/vuln/detail/CVE-2021-29646),[CVE-2021-29647](https://nvd.nist.gov/vuln/detail/CVE-2021-29647),[CVE-2021-29648](https://nvd.nist.gov/vuln/detail/CVE-2021-29648),[CVE-2021-29649](https://nvd.nist.gov/vuln/detail/CVE-2021-29649),[CVE-2021-29650](https://nvd.nist.gov/vuln/detail/CVE-2021-29650),[CVE-2021-29657](https://nvd.nist.gov/vuln/detail/CVE-2021-29657),[CVE-2021-30002](https://nvd.nist.gov/vuln/detail/CVE-2021-30002),[CVE-2021-31440](https://nvd.nist.gov/vuln/detail/CVE-2021-31440),[CVE-2021-31829](https://nvd.nist.gov/vuln/detail/CVE-2021-31829),[CVE-2021-31916](https://nvd.nist.gov/vuln/detail/CVE-2021-31916),[CVE-2021-32399](https://nvd.nist.gov/vuln/detail/CVE-2021-32399),[CVE-2021-32606](https://nvd.nist.gov/vuln/detail/CVE-2021-32606),[CVE-2021-33033](https://nvd.nist.gov/vuln/detail/CVE-2021-33033),[CVE-2021-33034](https://nvd.nist.gov/vuln/detail/CVE-2021-33034),[CVE-2021-33098](https://nvd.nist.gov/vuln/detail/CVE-2021-33098),[CVE-2021-33135](https://nvd.nist.gov/vuln/detail/CVE-2021-33135),[CVE-2021-33200](https://nvd.nist.gov/vuln/detail/CVE-2021-33200),[CVE-2021-33624](https://nvd.nist.gov/vuln/detail/CVE-2021-33624),[CVE-2021-33655](https://nvd.nist.gov/vuln/detail/CVE-2021-33655),[CVE-2021-33909](https://nvd.nist.gov/vuln/detail/CVE-2021-33909),[CVE-2021-3444](https://nvd.nist.gov/vuln/detail/CVE-2021-3444),[CVE-2021-34556](https://nvd.nist.gov/vuln/detail/CVE-2021-34556),[CVE-2021-34693](https://nvd.nist.gov/vuln/detail/CVE-2021-34693),[CVE-2021-3483](https://nvd.nist.gov/vuln/detail/CVE-2021-3483),[CVE-2021-34866](https://nvd.nist.gov/vuln/detail/CVE-2021-34866),[CVE-2021-3489](https://nvd.nist.gov/vuln/detail/CVE-2021-3489),[CVE-2021-3490](https://nvd.nist.gov/vuln/detail/CVE-2021-3490),[CVE-2021-3491](https://nvd.nist.gov/vuln/detail/CVE-2021-3491),[CVE-2021-34981](https://nvd.nist.gov/vuln/detail/CVE-2021-34981),[CVE-2021-3501](https://nvd.nist.gov/vuln/detail/CVE-2021-3501),[CVE-2021-35039](https://nvd.nist.gov/vuln/detail/CVE-2021-35039),[CVE-2021-3506](https://nvd.nist.gov/vuln/detail/CVE-2021-3506),[CVE-2021-3543](https://nvd.nist.gov/vuln/detail/CVE-2021-3543),[CVE-2021-35477](https://nvd.nist.gov/vuln/detail/CVE-2021-35477),[CVE-2021-3564](https://nvd.nist.gov/vuln/detail/CVE-2021-3564),[CVE-2021-3573](https://nvd.nist.gov/vuln/detail/CVE-2021-3573),[CVE-2021-3600](https://nvd.nist.gov/vuln/detail/CVE-2021-3600),[CVE-2021-3609](https://nvd.nist.gov/vuln/detail/CVE-2021-3609),[CVE-2021-3612](https://nvd.nist.gov/vuln/detail/CVE-2021-3612),[CVE-2021-3640](https://nvd.nist.gov/vuln/detail/CVE-2021-3640),[CVE-2021-3653](https://nvd.nist.gov/vuln/detail/CVE-2021-3653),[CVE-2021-3655](https://nvd.nist.gov/vuln/detail/CVE-2021-3655),[CVE-2021-3656](https://nvd.nist.gov/vuln/detail/CVE-2021-3656),[CVE-2021-3659](https://nvd.nist.gov/vuln/detail/CVE-2021-3659),[CVE-2021-3679](https://nvd.nist.gov/vuln/detail/CVE-2021-3679),[CVE-2021-37159](https://nvd.nist.gov/vuln/detail/CVE-2021-37159),[CVE-2021-3732](https://nvd.nist.gov/vuln/detail/CVE-2021-3732),[CVE-2021-3736](https://nvd.nist.gov/vuln/detail/CVE-2021-3736),[CVE-2021-3739](https://nvd.nist.gov/vuln/detail/CVE-2021-3739),[CVE-2021-3743](https://nvd.nist.gov/vuln/detail/CVE-2021-3743),[CVE-2021-3744](https://nvd.nist.gov/vuln/detail/CVE-2021-3744),[CVE-2021-3752](https://nvd.nist.gov/vuln/detail/CVE-2021-3752),[CVE-2021-3753](https://nvd.nist.gov/vuln/detail/CVE-2021-3753),[CVE-2021-37576](https://nvd.nist.gov/vuln/detail/CVE-2021-37576),[CVE-2021-3760](https://nvd.nist.gov/vuln/detail/CVE-2021-3760),[CVE-2021-3764](https://nvd.nist.gov/vuln/detail/CVE-2021-3764),[CVE-2021-3772](https://nvd.nist.gov/vuln/detail/CVE-2021-3772),[CVE-2021-38166](https://nvd.nist.gov/vuln/detail/CVE-2021-38166),[CVE-2021-38198](https://nvd.nist.gov/vuln/detail/CVE-2021-38198),[CVE-2021-38199](https://nvd.nist.gov/vuln/detail/CVE-2021-38199),[CVE-2021-38200](https://nvd.nist.gov/vuln/detail/CVE-2021-38200),[CVE-2021-38201](https://nvd.nist.gov/vuln/detail/CVE-2021-38201),[CVE-2021-38202](https://nvd.nist.gov/vuln/detail/CVE-2021-38202),[CVE-2021-38203](https://nvd.nist.gov/vuln/detail/CVE-2021-38203),[CVE-2021-38204](https://nvd.nist.gov/vuln/detail/CVE-2021-38204),[CVE-2021-38205](https://nvd.nist.gov/vuln/detail/CVE-2021-38205),[CVE-2021-38206](https://nvd.nist.gov/vuln/detail/CVE-2021-38206),[CVE-2021-38207](https://nvd.nist.gov/vuln/detail/CVE-2021-38207),[CVE-2021-38208](https://nvd.nist.gov/vuln/detail/CVE-2021-38208),[CVE-2021-38209](https://nvd.nist.gov/vuln/detail/CVE-2021-38209),[CVE-2021-38300](https://nvd.nist.gov/vuln/detail/CVE-2021-38300),[CVE-2021-3923](https://nvd.nist.gov/vuln/detail/CVE-2021-3923),[CVE-2021-39633](https://nvd.nist.gov/vuln/detail/CVE-2021-39633),[CVE-2021-39656](https://nvd.nist.gov/vuln/detail/CVE-2021-39656),[CVE-2021-39685](https://nvd.nist.gov/vuln/detail/CVE-2021-39685),[CVE-2021-39686](https://nvd.nist.gov/vuln/detail/CVE-2021-39686),[CVE-2021-39698](https://nvd.nist.gov/vuln/detail/CVE-2021-39698),[CVE-2021-4001](https://nvd.nist.gov/vuln/detail/CVE-2021-4001),[CVE-2021-4002](https://nvd.nist.gov/vuln/detail/CVE-2021-4002),[CVE-2021-4028](https://nvd.nist.gov/vuln/detail/CVE-2021-4028),[CVE-2021-40490](https://nvd.nist.gov/vuln/detail/CVE-2021-40490),[CVE-2021-4083](https://nvd.nist.gov/vuln/detail/CVE-2021-4083),[CVE-2021-4090](https://nvd.nist.gov/vuln/detail/CVE-2021-4090),[CVE-2021-4093](https://nvd.nist.gov/vuln/detail/CVE-2021-4093),[CVE-2021-41073](https://nvd.nist.gov/vuln/detail/CVE-2021-41073),[CVE-2021-4135](https://nvd.nist.gov/vuln/detail/CVE-2021-4135),[CVE-2021-4148](https://nvd.nist.gov/vuln/detail/CVE-2021-4148),[CVE-2021-4149](https://nvd.nist.gov/vuln/detail/CVE-2021-4149),[CVE-2021-4154](https://nvd.nist.gov/vuln/detail/CVE-2021-4154),[CVE-2021-4155](https://nvd.nist.gov/vuln/detail/CVE-2021-4155),[CVE-2021-4157](https://nvd.nist.gov/vuln/detail/CVE-2021-4157),[CVE-2021-41864](https://nvd.nist.gov/vuln/detail/CVE-2021-41864),[CVE-2021-4197](https://nvd.nist.gov/vuln/detail/CVE-2021-4197),[CVE-2021-42008](https://nvd.nist.gov/vuln/detail/CVE-2021-42008),[CVE-2021-4202](https://nvd.nist.gov/vuln/detail/CVE-2021-4202),[CVE-2021-4203](https://nvd.nist.gov/vuln/detail/CVE-2021-4203),[CVE-2021-42252](https://nvd.nist.gov/vuln/detail/CVE-2021-42252),[CVE-2021-42327](https://nvd.nist.gov/vuln/detail/CVE-2021-42327),[CVE-2021-42739](https://nvd.nist.gov/vuln/detail/CVE-2021-42739),[CVE-2021-43056](https://nvd.nist.gov/vuln/detail/CVE-2021-43056),[CVE-2021-43057](https://nvd.nist.gov/vuln/detail/CVE-2021-43057),[CVE-2021-43267](https://nvd.nist.gov/vuln/detail/CVE-2021-43267),[CVE-2021-43389](https://nvd.nist.gov/vuln/detail/CVE-2021-43389),[CVE-2021-43975](https://nvd.nist.gov/vuln/detail/CVE-2021-43975),[CVE-2021-43976](https://nvd.nist.gov/vuln/detail/CVE-2021-43976),[CVE-2021-44733](https://nvd.nist.gov/vuln/detail/CVE-2021-44733),[CVE-2021-44879](https://nvd.nist.gov/vuln/detail/CVE-2021-44879),[CVE-2021-45095](https://nvd.nist.gov/vuln/detail/CVE-2021-45095),[CVE-2021-45100](https://nvd.nist.gov/vuln/detail/CVE-2021-45100),[CVE-2021-45402](https://nvd.nist.gov/vuln/detail/CVE-2021-45402),[CVE-2021-45469](https://nvd.nist.gov/vuln/detail/CVE-2021-45469),[CVE-2021-45480](https://nvd.nist.gov/vuln/detail/CVE-2021-45480),[CVE-2021-45485](https://nvd.nist.gov/vuln/detail/CVE-2021-45485),[CVE-2021-45486](https://nvd.nist.gov/vuln/detail/CVE-2021-45486),[CVE-2021-45868](https://nvd.nist.gov/vuln/detail/CVE-2021-45868),[CVE-2021-46283](https://nvd.nist.gov/vuln/detail/CVE-2021-46283),[CVE-2022-0001](https://nvd.nist.gov/vuln/detail/CVE-2022-0001),[CVE-2022-0002](https://nvd.nist.gov/vuln/detail/CVE-2022-0002),[CVE-2022-0168](https://nvd.nist.gov/vuln/detail/CVE-2022-0168),[CVE-2022-0171](https://nvd.nist.gov/vuln/detail/CVE-2022-0171),[CVE-2022-0185](https://nvd.nist.gov/vuln/detail/CVE-2022-0185),[CVE-2022-0264](https://nvd.nist.gov/vuln/detail/CVE-2022-0264),[CVE-2022-0286](https://nvd.nist.gov/vuln/detail/CVE-2022-0286),[CVE-2022-0322](https://nvd.nist.gov/vuln/detail/CVE-2022-0322),[CVE-2022-0330](https://nvd.nist.gov/vuln/detail/CVE-2022-0330),[CVE-2022-0382](https://nvd.nist.gov/vuln/detail/CVE-2022-0382),[CVE-2022-0435](https://nvd.nist.gov/vuln/detail/CVE-2022-0435),[CVE-2022-0487](https://nvd.nist.gov/vuln/detail/CVE-2022-0487),[CVE-2022-0492](https://nvd.nist.gov/vuln/detail/CVE-2022-0492),[CVE-2022-0494](https://nvd.nist.gov/vuln/detail/CVE-2022-0494),[CVE-2022-0500](https://nvd.nist.gov/vuln/detail/CVE-2022-0500),[CVE-2022-0516](https://nvd.nist.gov/vuln/detail/CVE-2022-0516),[CVE-2022-0617](https://nvd.nist.gov/vuln/detail/CVE-2022-0617),[CVE-2022-0742](https://nvd.nist.gov/vuln/detail/CVE-2022-0742),[CVE-2022-0847](https://nvd.nist.gov/vuln/detail/CVE-2022-0847),[CVE-2022-0850](https://nvd.nist.gov/vuln/detail/CVE-2022-0850),[CVE-2022-0995](https://nvd.nist.gov/vuln/detail/CVE-2022-0995),[CVE-2022-1011](https://nvd.nist.gov/vuln/detail/CVE-2022-1011),[CVE-2022-1012](https://nvd.nist.gov/vuln/detail/CVE-2022-1012),[CVE-2022-1015](https://nvd.nist.gov/vuln/detail/CVE-2022-1015),[CVE-2022-1016](https://nvd.nist.gov/vuln/detail/CVE-2022-1016),[CVE-2022-1043](https://nvd.nist.gov/vuln/detail/CVE-2022-1043),[CVE-2022-1048](https://nvd.nist.gov/vuln/detail/CVE-2022-1048),[CVE-2022-1055](https://nvd.nist.gov/vuln/detail/CVE-2022-1055),[CVE-2022-1158](https://nvd.nist.gov/vuln/detail/CVE-2022-1158),[CVE-2022-1184](https://nvd.nist.gov/vuln/detail/CVE-2022-1184),[CVE-2022-1195](https://nvd.nist.gov/vuln/detail/CVE-2022-1195),[CVE-2022-1198](https://nvd.nist.gov/vuln/detail/CVE-2022-1198),[CVE-2022-1199](https://nvd.nist.gov/vuln/detail/CVE-2022-1199),[CVE-2022-1204](https://nvd.nist.gov/vuln/detail/CVE-2022-1204),[CVE-2022-1263](https://nvd.nist.gov/vuln/detail/CVE-2022-1263),[CVE-2022-1353](https://nvd.nist.gov/vuln/detail/CVE-2022-1353),[CVE-2022-1462](https://nvd.nist.gov/vuln/detail/CVE-2022-1462),[CVE-2022-1516](https://nvd.nist.gov/vuln/detail/CVE-2022-1516),[CVE-2022-1651](https://nvd.nist.gov/vuln/detail/CVE-2022-1651),[CVE-2022-1652](https://nvd.nist.gov/vuln/detail/CVE-2022-1652),[CVE-2022-1671](https://nvd.nist.gov/vuln/detail/CVE-2022-1671),[CVE-2022-1679](https://nvd.nist.gov/vuln/detail/CVE-2022-1679),[CVE-2022-1729](https://nvd.nist.gov/vuln/detail/CVE-2022-1729),[CVE-2022-1734](https://nvd.nist.gov/vuln/detail/CVE-2022-1734),[CVE-2022-1789](https://nvd.nist.gov/vuln/detail/CVE-2022-1789),[CVE-2022-1852](https://nvd.nist.gov/vuln/detail/CVE-2022-1852),[CVE-2022-1943](https://nvd.nist.gov/vuln/detail/CVE-2022-1943),[CVE-2022-1973](https://nvd.nist.gov/vuln/detail/CVE-2022-1973),[CVE-2022-1974](https://nvd.nist.gov/vuln/detail/CVE-2022-1974),[CVE-2022-1975](https://nvd.nist.gov/vuln/detail/CVE-2022-1975),[CVE-2022-1998](https://nvd.nist.gov/vuln/detail/CVE-2022-1998),[CVE-2022-20008](https://nvd.nist.gov/vuln/detail/CVE-2022-20008),[CVE-2022-20132](https://nvd.nist.gov/vuln/detail/CVE-2022-20132),[CVE-2022-20141](https://nvd.nist.gov/vuln/detail/CVE-2022-20141),[CVE-2022-20148](https://nvd.nist.gov/vuln/detail/CVE-2022-20148),[CVE-2022-20154](https://nvd.nist.gov/vuln/detail/CVE-2022-20154),[CVE-2022-20158](https://nvd.nist.gov/vuln/detail/CVE-2022-20158),[CVE-2022-20368](https://nvd.nist.gov/vuln/detail/CVE-2022-20368),[CVE-2022-20369](https://nvd.nist.gov/vuln/detail/CVE-2022-20369),[CVE-2022-20421](https://nvd.nist.gov/vuln/detail/CVE-2022-20421),[CVE-2022-20422](https://nvd.nist.gov/vuln/detail/CVE-2022-20422),[CVE-2022-20566](https://nvd.nist.gov/vuln/detail/CVE-2022-20566),[CVE-2022-20572](https://nvd.nist.gov/vuln/detail/CVE-2022-20572),[CVE-2022-2078](https://nvd.nist.gov/vuln/detail/CVE-2022-2078),[CVE-2022-21123](https://nvd.nist.gov/vuln/detail/CVE-2022-21123),[CVE-2022-21125](https://nvd.nist.gov/vuln/detail/CVE-2022-21125),[CVE-2022-21166](https://nvd.nist.gov/vuln/detail/CVE-2022-21166),[CVE-2022-21499](https://nvd.nist.gov/vuln/detail/CVE-2022-21499),[CVE-2022-21505](https://nvd.nist.gov/vuln/detail/CVE-2022-21505),[CVE-2022-2153](https://nvd.nist.gov/vuln/detail/CVE-2022-2153),[CVE-2022-2196](https://nvd.nist.gov/vuln/detail/CVE-2022-2196),[CVE-2022-22942](https://nvd.nist.gov/vuln/detail/CVE-2022-22942),[CVE-2022-23036](https://nvd.nist.gov/vuln/detail/CVE-2022-23036),[CVE-2022-23037](https://nvd.nist.gov/vuln/detail/CVE-2022-23037),[CVE-2022-23038](https://nvd.nist.gov/vuln/detail/CVE-2022-23038),[CVE-2022-23039](https://nvd.nist.gov/vuln/detail/CVE-2022-23039),[CVE-2022-23040](https://nvd.nist.gov/vuln/detail/CVE-2022-23040),[CVE-2022-23041](https://nvd.nist.gov/vuln/detail/CVE-2022-23041),[CVE-2022-23042](https://nvd.nist.gov/vuln/detail/CVE-2022-23042),[CVE-2022-2308](https://nvd.nist.gov/vuln/detail/CVE-2022-2308),[CVE-2022-2318](https://nvd.nist.gov/vuln/detail/CVE-2022-2318),[CVE-2022-23222](https://nvd.nist.gov/vuln/detail/CVE-2022-23222),[CVE-2022-2380](https://nvd.nist.gov/vuln/detail/CVE-2022-2380),[CVE-2022-23960](https://nvd.nist.gov/vuln/detail/CVE-2022-23960),[CVE-2022-24122](https://nvd.nist.gov/vuln/detail/CVE-2022-24122),[CVE-2022-24448](https://nvd.nist.gov/vuln/detail/CVE-2022-24448),[CVE-2022-24958](https://nvd.nist.gov/vuln/detail/CVE-2022-24958),[CVE-2022-24959](https://nvd.nist.gov/vuln/detail/CVE-2022-24959),[CVE-2022-2503](https://nvd.nist.gov/vuln/detail/CVE-2022-2503),[CVE-2022-25258](https://nvd.nist.gov/vuln/detail/CVE-2022-25258),[CVE-2022-25375](https://nvd.nist.gov/vuln/detail/CVE-2022-25375),[CVE-2022-25636](https://nvd.nist.gov/vuln/detail/CVE-2022-25636),[CVE-2022-2585](https://nvd.nist.gov/vuln/detail/CVE-2022-2585),[CVE-2022-2586](https://nvd.nist.gov/vuln/detail/CVE-2022-2586),[CVE-2022-2588](https://nvd.nist.gov/vuln/detail/CVE-2022-2588),[CVE-2022-2602](https://nvd.nist.gov/vuln/detail/CVE-2022-2602),[CVE-2022-26365](https://nvd.nist.gov/vuln/detail/CVE-2022-26365),[CVE-2022-26373](https://nvd.nist.gov/vuln/detail/CVE-2022-26373),[CVE-2022-2639](https://nvd.nist.gov/vuln/detail/CVE-2022-2639),[CVE-2022-26490](https://nvd.nist.gov/vuln/detail/CVE-2022-26490),[CVE-2022-2663](https://nvd.nist.gov/vuln/detail/CVE-2022-2663),[CVE-2022-26966](https://nvd.nist.gov/vuln/detail/CVE-2022-26966),[CVE-2022-27223](https://nvd.nist.gov/vuln/detail/CVE-2022-27223),[CVE-2022-27666](https://nvd.nist.gov/vuln/detail/CVE-2022-27666),[CVE-2022-27672](https://nvd.nist.gov/vuln/detail/CVE-2022-27672),[CVE-2022-27950](https://nvd.nist.gov/vuln/detail/CVE-2022-27950),[CVE-2022-28356](https://nvd.nist.gov/vuln/detail/CVE-2022-28356),[CVE-2022-28388](https://nvd.nist.gov/vuln/detail/CVE-2022-28388),[CVE-2022-28389](https://nvd.nist.gov/vuln/detail/CVE-2022-28389),[CVE-2022-28390](https://nvd.nist.gov/vuln/detail/CVE-2022-28390),[CVE-2022-2873](https://nvd.nist.gov/vuln/detail/CVE-2022-2873),[CVE-2022-28893](https://nvd.nist.gov/vuln/detail/CVE-2022-28893),[CVE-2022-2905](https://nvd.nist.gov/vuln/detail/CVE-2022-2905),[CVE-2022-29156](https://nvd.nist.gov/vuln/detail/CVE-2022-29156),[CVE-2022-2938](https://nvd.nist.gov/vuln/detail/CVE-2022-2938),[CVE-2022-29581](https://nvd.nist.gov/vuln/detail/CVE-2022-29581),[CVE-2022-29582](https://nvd.nist.gov/vuln/detail/CVE-2022-29582),[CVE-2022-2959](https://nvd.nist.gov/vuln/detail/CVE-2022-2959),[CVE-2022-2964](https://nvd.nist.gov/vuln/detail/CVE-2022-2964),[CVE-2022-2977](https://nvd.nist.gov/vuln/detail/CVE-2022-2977),[CVE-2022-2978](https://nvd.nist.gov/vuln/detail/CVE-2022-2978),[CVE-2022-29900](https://nvd.nist.gov/vuln/detail/CVE-2022-29900),[CVE-2022-29901](https://nvd.nist.gov/vuln/detail/CVE-2022-29901),[CVE-2022-3028](https://nvd.nist.gov/vuln/detail/CVE-2022-3028),[CVE-2022-30594](https://nvd.nist.gov/vuln/detail/CVE-2022-30594),[CVE-2022-3061](https://nvd.nist.gov/vuln/detail/CVE-2022-3061),[CVE-2022-3077](https://nvd.nist.gov/vuln/detail/CVE-2022-3077),[CVE-2022-3078](https://nvd.nist.gov/vuln/detail/CVE-2022-3078),[CVE-2022-3104](https://nvd.nist.gov/vuln/detail/CVE-2022-3104),[CVE-2022-3105](https://nvd.nist.gov/vuln/detail/CVE-2022-3105),[CVE-2022-3106](https://nvd.nist.gov/vuln/detail/CVE-2022-3106),[CVE-2022-3107](https://nvd.nist.gov/vuln/detail/CVE-2022-3107),[CVE-2022-3108](https://nvd.nist.gov/vuln/detail/CVE-2022-3108),[CVE-2022-3110](https://nvd.nist.gov/vuln/detail/CVE-2022-3110),[CVE-2022-3111](https://nvd.nist.gov/vuln/detail/CVE-2022-3111),[CVE-2022-3112](https://nvd.nist.gov/vuln/detail/CVE-2022-3112),[CVE-2022-3113](https://nvd.nist.gov/vuln/detail/CVE-2022-3113),[CVE-2022-3115](https://nvd.nist.gov/vuln/detail/CVE-2022-3115),[CVE-2022-3169](https://nvd.nist.gov/vuln/detail/CVE-2022-3169),[CVE-2022-3176](https://nvd.nist.gov/vuln/detail/CVE-2022-3176),[CVE-2022-3202](https://nvd.nist.gov/vuln/detail/CVE-2022-3202),[CVE-2022-32250](https://nvd.nist.gov/vuln/detail/CVE-2022-32250),[CVE-2022-32296](https://nvd.nist.gov/vuln/detail/CVE-2022-32296),[CVE-2022-3239](https://nvd.nist.gov/vuln/detail/CVE-2022-3239),[CVE-2022-32981](https://nvd.nist.gov/vuln/detail/CVE-2022-32981),[CVE-2022-3303](https://nvd.nist.gov/vuln/detail/CVE-2022-3303),[CVE-2022-3344](https://nvd.nist.gov/vuln/detail/CVE-2022-3344),[CVE-2022-33740](https://nvd.nist.gov/vuln/detail/CVE-2022-33740),[CVE-2022-33741](https://nvd.nist.gov/vuln/detail/CVE-2022-33741),[CVE-2022-33742](https://nvd.nist.gov/vuln/detail/CVE-2022-33742),[CVE-2022-33743](https://nvd.nist.gov/vuln/detail/CVE-2022-33743),[CVE-2022-33744](https://nvd.nist.gov/vuln/detail/CVE-2022-33744),[CVE-2022-33981](https://nvd.nist.gov/vuln/detail/CVE-2022-33981),[CVE-2022-3424](https://nvd.nist.gov/vuln/detail/CVE-2022-3424),[CVE-2022-34494](https://nvd.nist.gov/vuln/detail/CVE-2022-34494),[CVE-2022-34495](https://nvd.nist.gov/vuln/detail/CVE-2022-34495),[CVE-2022-34918](https://nvd.nist.gov/vuln/detail/CVE-2022-34918),[CVE-2022-3521](https://nvd.nist.gov/vuln/detail/CVE-2022-3521),[CVE-2022-3524](https://nvd.nist.gov/vuln/detail/CVE-2022-3524),[CVE-2022-3526](https://nvd.nist.gov/vuln/detail/CVE-2022-3526),[CVE-2022-3534](https://nvd.nist.gov/vuln/detail/CVE-2022-3534),[CVE-2022-3543](https://nvd.nist.gov/vuln/detail/CVE-2022-3543),[CVE-2022-3545](https://nvd.nist.gov/vuln/detail/CVE-2022-3545),[CVE-2022-3564](https://nvd.nist.gov/vuln/detail/CVE-2022-3564),[CVE-2022-3565](https://nvd.nist.gov/vuln/detail/CVE-2022-3565),[CVE-2022-3577](https://nvd.nist.gov/vuln/detail/CVE-2022-3577),[CVE-2022-3586](https://nvd.nist.gov/vuln/detail/CVE-2022-3586),[CVE-2022-3594](https://nvd.nist.gov/vuln/detail/CVE-2022-3594),[CVE-2022-36123](https://nvd.nist.gov/vuln/detail/CVE-2022-36123),[CVE-2022-3619](https://nvd.nist.gov/vuln/detail/CVE-2022-3619),[CVE-2022-3621](https://nvd.nist.gov/vuln/detail/CVE-2022-3621),[CVE-2022-3623](https://nvd.nist.gov/vuln/detail/CVE-2022-3623),[CVE-2022-3625](https://nvd.nist.gov/vuln/detail/CVE-2022-3625),[CVE-2022-3628](https://nvd.nist.gov/vuln/detail/CVE-2022-3628),[CVE-2022-36280](https://nvd.nist.gov/vuln/detail/CVE-2022-36280),[CVE-2022-3629](https://nvd.nist.gov/vuln/detail/CVE-2022-3629),[CVE-2022-3633](https://nvd.nist.gov/vuln/detail/CVE-2022-3633),[CVE-2022-3635](https://nvd.nist.gov/vuln/detail/CVE-2022-3635),[CVE-2022-3643](https://nvd.nist.gov/vuln/detail/CVE-2022-3643),[CVE-2022-3646](https://nvd.nist.gov/vuln/detail/CVE-2022-3646),[CVE-2022-3649](https://nvd.nist.gov/vuln/detail/CVE-2022-3649),[CVE-2022-36879](https://nvd.nist.gov/vuln/detail/CVE-2022-36879),[CVE-2022-36946](https://nvd.nist.gov/vuln/detail/CVE-2022-36946),[CVE-2022-3707](https://nvd.nist.gov/vuln/detail/CVE-2022-3707),[CVE-2022-39189](https://nvd.nist.gov/vuln/detail/CVE-2022-39189),[CVE-2022-39190](https://nvd.nist.gov/vuln/detail/CVE-2022-39190),[CVE-2022-40307](https://nvd.nist.gov/vuln/detail/CVE-2022-40307),[CVE-2022-40768](https://nvd.nist.gov/vuln/detail/CVE-2022-40768),[CVE-2022-4095](https://nvd.nist.gov/vuln/detail/CVE-2022-4095),[CVE-2022-40982](https://nvd.nist.gov/vuln/detail/CVE-2022-40982),[CVE-2022-41218](https://nvd.nist.gov/vuln/detail/CVE-2022-41218),[CVE-2022-41222](https://nvd.nist.gov/vuln/detail/CVE-2022-41222),[CVE-2022-4129](https://nvd.nist.gov/vuln/detail/CVE-2022-4129),[CVE-2022-41674](https://nvd.nist.gov/vuln/detail/CVE-2022-41674),[CVE-2022-41849](https://nvd.nist.gov/vuln/detail/CVE-2022-41849),[CVE-2022-41850](https://nvd.nist.gov/vuln/detail/CVE-2022-41850),[CVE-2022-41858](https://nvd.nist.gov/vuln/detail/CVE-2022-41858),[CVE-2022-42432](https://nvd.nist.gov/vuln/detail/CVE-2022-42432),[CVE-2022-4269](https://nvd.nist.gov/vuln/detail/CVE-2022-4269),[CVE-2022-42703](https://nvd.nist.gov/vuln/detail/CVE-2022-42703),[CVE-2022-42719](https://nvd.nist.gov/vuln/detail/CVE-2022-42719),[CVE-2022-42720](https://nvd.nist.gov/vuln/detail/CVE-2022-42720),[CVE-2022-42721](https://nvd.nist.gov/vuln/detail/CVE-2022-42721),[CVE-2022-42722](https://nvd.nist.gov/vuln/detail/CVE-2022-42722),[CVE-2022-42895](https://nvd.nist.gov/vuln/detail/CVE-2022-42895),[CVE-2022-42896](https://nvd.nist.gov/vuln/detail/CVE-2022-42896),[CVE-2022-43750](https://nvd.nist.gov/vuln/detail/CVE-2022-43750),[CVE-2022-4378](https://nvd.nist.gov/vuln/detail/CVE-2022-4378),[CVE-2022-4379](https://nvd.nist.gov/vuln/detail/CVE-2022-4379),[CVE-2022-4382](https://nvd.nist.gov/vuln/detail/CVE-2022-4382),[CVE-2022-43945](https://nvd.nist.gov/vuln/detail/CVE-2022-43945),[CVE-2022-45869](https://nvd.nist.gov/vuln/detail/CVE-2022-45869),[CVE-2022-45886](https://nvd.nist.gov/vuln/detail/CVE-2022-45886),[CVE-2022-45887](https://nvd.nist.gov/vuln/detail/CVE-2022-45887),[CVE-2022-45919](https://nvd.nist.gov/vuln/detail/CVE-2022-45919),[CVE-2022-45934](https://nvd.nist.gov/vuln/detail/CVE-2022-45934),[CVE-2022-4662](https://nvd.nist.gov/vuln/detail/CVE-2022-4662),[CVE-2022-4744](https://nvd.nist.gov/vuln/detail/CVE-2022-4744),[CVE-2022-47518](https://nvd.nist.gov/vuln/detail/CVE-2022-47518),[CVE-2022-47519](https://nvd.nist.gov/vuln/detail/CVE-2022-47519),[CVE-2022-47520](https://nvd.nist.gov/vuln/detail/CVE-2022-47520),[CVE-2022-47521](https://nvd.nist.gov/vuln/detail/CVE-2022-47521),[CVE-2022-47929](https://nvd.nist.gov/vuln/detail/CVE-2022-47929),[CVE-2022-47938](https://nvd.nist.gov/vuln/detail/CVE-2022-47938),[CVE-2022-47939](https://nvd.nist.gov/vuln/detail/CVE-2022-47939),[CVE-2022-47941](https://nvd.nist.gov/vuln/detail/CVE-2022-47941),[CVE-2022-47942](https://nvd.nist.gov/vuln/detail/CVE-2022-47942),[CVE-2022-47943](https://nvd.nist.gov/vuln/detail/CVE-2022-47943),[CVE-2022-4842](https://nvd.nist.gov/vuln/detail/CVE-2022-4842),[CVE-2022-48423](https://nvd.nist.gov/vuln/detail/CVE-2022-48423),[CVE-2022-48424](https://nvd.nist.gov/vuln/detail/CVE-2022-48424),[CVE-2022-48425](https://nvd.nist.gov/vuln/detail/CVE-2022-48425),[CVE-2022-48502](https://nvd.nist.gov/vuln/detail/CVE-2022-48502),[CVE-2023-0045](https://nvd.nist.gov/vuln/detail/CVE-2023-0045),[CVE-2023-0160](https://nvd.nist.gov/vuln/detail/CVE-2023-0160),[CVE-2023-0179](https://nvd.nist.gov/vuln/detail/CVE-2023-0179),[CVE-2023-0210](https://nvd.nist.gov/vuln/detail/CVE-2023-0210),[CVE-2023-0266](https://nvd.nist.gov/vuln/detail/CVE-2023-0266),[CVE-2023-0386](https://nvd.nist.gov/vuln/detail/CVE-2023-0386),[CVE-2023-0394](https://nvd.nist.gov/vuln/detail/CVE-2023-0394),[CVE-2023-0458](https://nvd.nist.gov/vuln/detail/CVE-2023-0458),[CVE-2023-0459](https://nvd.nist.gov/vuln/detail/CVE-2023-0459),[CVE-2023-0461](https://nvd.nist.gov/vuln/detail/CVE-2023-0461),[CVE-2023-0590](https://nvd.nist.gov/vuln/detail/CVE-2023-0590),[CVE-2023-0615](https://nvd.nist.gov/vuln/detail/CVE-2023-0615),[CVE-2023-1073](https://nvd.nist.gov/vuln/detail/CVE-2023-1073),[CVE-2023-1074](https://nvd.nist.gov/vuln/detail/CVE-2023-1074),[CVE-2023-1076](https://nvd.nist.gov/vuln/detail/CVE-2023-1076),[CVE-2023-1077](https://nvd.nist.gov/vuln/detail/CVE-2023-1077),[CVE-2023-1078](https://nvd.nist.gov/vuln/detail/CVE-2023-1078),[CVE-2023-1079](https://nvd.nist.gov/vuln/detail/CVE-2023-1079),[CVE-2023-1095](https://nvd.nist.gov/vuln/detail/CVE-2023-1095),[CVE-2023-1118](https://nvd.nist.gov/vuln/detail/CVE-2023-1118),[CVE-2023-1192](https://nvd.nist.gov/vuln/detail/CVE-2023-1192),[CVE-2023-1206](https://nvd.nist.gov/vuln/detail/CVE-2023-1206),[CVE-2023-1249](https://nvd.nist.gov/vuln/detail/CVE-2023-1249),[CVE-2023-1252](https://nvd.nist.gov/vuln/detail/CVE-2023-1252),[CVE-2023-1281](https://nvd.nist.gov/vuln/detail/CVE-2023-1281),[CVE-2023-1295](https://nvd.nist.gov/vuln/detail/CVE-2023-1295),[CVE-2023-1380](https://nvd.nist.gov/vuln/detail/CVE-2023-1380),[CVE-2023-1382](https://nvd.nist.gov/vuln/detail/CVE-2023-1382),[CVE-2023-1513](https://nvd.nist.gov/vuln/detail/CVE-2023-1513),[CVE-2023-1582](https://nvd.nist.gov/vuln/detail/CVE-2023-1582),[CVE-2023-1611](https://nvd.nist.gov/vuln/detail/CVE-2023-1611),[CVE-2023-1637](https://nvd.nist.gov/vuln/detail/CVE-2023-1637),[CVE-2023-1652](https://nvd.nist.gov/vuln/detail/CVE-2023-1652),[CVE-2023-1670](https://nvd.nist.gov/vuln/detail/CVE-2023-1670),[CVE-2023-1829](https://nvd.nist.gov/vuln/detail/CVE-2023-1829),[CVE-2023-1838](https://nvd.nist.gov/vuln/detail/CVE-2023-1838),[CVE-2023-1855](https://nvd.nist.gov/vuln/detail/CVE-2023-1855),[CVE-2023-1859](https://nvd.nist.gov/vuln/detail/CVE-2023-1859),[CVE-2023-1989](https://nvd.nist.gov/vuln/detail/CVE-2023-1989),[CVE-2023-1990](https://nvd.nist.gov/vuln/detail/CVE-2023-1990),[CVE-2023-2002](https://nvd.nist.gov/vuln/detail/CVE-2023-2002),[CVE-2023-2006](https://nvd.nist.gov/vuln/detail/CVE-2023-2006),[CVE-2023-2008](https://nvd.nist.gov/vuln/detail/CVE-2023-2008),[CVE-2023-2019](https://nvd.nist.gov/vuln/detail/CVE-2023-2019),[CVE-2023-20569](https://nvd.nist.gov/vuln/detail/CVE-2023-20569),[CVE-2023-20588](https://nvd.nist.gov/vuln/detail/CVE-2023-20588),[CVE-2023-20593](https://nvd.nist.gov/vuln/detail/CVE-2023-20593),[CVE-2023-20928](https://nvd.nist.gov/vuln/detail/CVE-2023-20928),[CVE-2023-21102](https://nvd.nist.gov/vuln/detail/CVE-2023-21102),[CVE-2023-2124](https://nvd.nist.gov/vuln/detail/CVE-2023-2124),[CVE-2023-2156](https://nvd.nist.gov/vuln/detail/CVE-2023-2156),[CVE-2023-2162](https://nvd.nist.gov/vuln/detail/CVE-2023-2162),[CVE-2023-2163](https://nvd.nist.gov/vuln/detail/CVE-2023-2163),[CVE-2023-2166](https://nvd.nist.gov/vuln/detail/CVE-2023-2166),[CVE-2023-2177](https://nvd.nist.gov/vuln/detail/CVE-2023-2177),[CVE-2023-2194](https://nvd.nist.gov/vuln/detail/CVE-2023-2194),[CVE-2023-2235](https://nvd.nist.gov/vuln/detail/CVE-2023-2235),[CVE-2023-2269](https://nvd.nist.gov/vuln/detail/CVE-2023-2269),[CVE-2023-22998](https://nvd.nist.gov/vuln/detail/CVE-2023-22998),[CVE-2023-22999](https://nvd.nist.gov/vuln/detail/CVE-2023-22999),[CVE-2023-23001](https://nvd.nist.gov/vuln/detail/CVE-2023-23001),[CVE-2023-23002](https://nvd.nist.gov/vuln/detail/CVE-2023-23002),[CVE-2023-23004](https://nvd.nist.gov/vuln/detail/CVE-2023-23004),[CVE-2023-23006](https://nvd.nist.gov/vuln/detail/CVE-2023-23006),[CVE-2023-23454](https://nvd.nist.gov/vuln/detail/CVE-2023-23454),[CVE-2023-23455](https://nvd.nist.gov/vuln/detail/CVE-2023-23455),[CVE-2023-23559](https://nvd.nist.gov/vuln/detail/CVE-2023-23559),[CVE-2023-25012](https://nvd.nist.gov/vuln/detail/CVE-2023-25012),[CVE-2023-2513](https://nvd.nist.gov/vuln/detail/CVE-2023-2513),[CVE-2023-26544](https://nvd.nist.gov/vuln/detail/CVE-2023-26544),[CVE-2023-26545](https://nvd.nist.gov/vuln/detail/CVE-2023-26545),[CVE-2023-26606](https://nvd.nist.gov/vuln/detail/CVE-2023-26606),[CVE-2023-26607](https://nvd.nist.gov/vuln/detail/CVE-2023-26607),[CVE-2023-28327](https://nvd.nist.gov/vuln/detail/CVE-2023-28327),[CVE-2023-28328](https://nvd.nist.gov/vuln/detail/CVE-2023-28328),[CVE-2023-28410](https://nvd.nist.gov/vuln/detail/CVE-2023-28410),[CVE-2023-28466](https://nvd.nist.gov/vuln/detail/CVE-2023-28466),[CVE-2023-2860](https://nvd.nist.gov/vuln/detail/CVE-2023-2860),[CVE-2023-28772](https://nvd.nist.gov/vuln/detail/CVE-2023-28772),[CVE-2023-2898](https://nvd.nist.gov/vuln/detail/CVE-2023-2898),[CVE-2023-2985](https://nvd.nist.gov/vuln/detail/CVE-2023-2985),[CVE-2023-3006](https://nvd.nist.gov/vuln/detail/CVE-2023-3006),[CVE-2023-30456](https://nvd.nist.gov/vuln/detail/CVE-2023-30456),[CVE-2023-30772](https://nvd.nist.gov/vuln/detail/CVE-2023-30772),[CVE-2023-3090](https://nvd.nist.gov/vuln/detail/CVE-2023-3090),[CVE-2023-3111](https://nvd.nist.gov/vuln/detail/CVE-2023-3111),[CVE-2023-31248](https://nvd.nist.gov/vuln/detail/CVE-2023-31248),[CVE-2023-3141](https://nvd.nist.gov/vuln/detail/CVE-2023-3141),[CVE-2023-31436](https://nvd.nist.gov/vuln/detail/CVE-2023-31436),[CVE-2023-3159](https://nvd.nist.gov/vuln/detail/CVE-2023-3159),[CVE-2023-3161](https://nvd.nist.gov/vuln/detail/CVE-2023-3161),[CVE-2023-3212](https://nvd.nist.gov/vuln/detail/CVE-2023-3212),[CVE-2023-3220](https://nvd.nist.gov/vuln/detail/CVE-2023-3220),[CVE-2023-32233](https://nvd.nist.gov/vuln/detail/CVE-2023-32233),[CVE-2023-32248](https://nvd.nist.gov/vuln/detail/CVE-2023-32248),[CVE-2023-32269](https://nvd.nist.gov/vuln/detail/CVE-2023-32269),[CVE-2023-3268](https://nvd.nist.gov/vuln/detail/CVE-2023-3268),[CVE-2023-33203](https://nvd.nist.gov/vuln/detail/CVE-2023-33203),[CVE-2023-33288](https://nvd.nist.gov/vuln/detail/CVE-2023-33288),[CVE-2023-3338](https://nvd.nist.gov/vuln/detail/CVE-2023-3338),[CVE-2023-3355](https://nvd.nist.gov/vuln/detail/CVE-2023-3355),[CVE-2023-3357](https://nvd.nist.gov/vuln/detail/CVE-2023-3357),[CVE-2023-3358](https://nvd.nist.gov/vuln/detail/CVE-2023-3358),[CVE-2023-3390](https://nvd.nist.gov/vuln/detail/CVE-2023-3390),[CVE-2023-35001](https://nvd.nist.gov/vuln/detail/CVE-2023-35001),[CVE-2023-3567](https://nvd.nist.gov/vuln/detail/CVE-2023-3567),[CVE-2023-35788](https://nvd.nist.gov/vuln/detail/CVE-2023-35788),[CVE-2023-35823](https://nvd.nist.gov/vuln/detail/CVE-2023-35823),[CVE-2023-35824](https://nvd.nist.gov/vuln/detail/CVE-2023-35824),[CVE-2023-35828](https://nvd.nist.gov/vuln/detail/CVE-2023-35828),[CVE-2023-35829](https://nvd.nist.gov/vuln/detail/CVE-2023-35829),[CVE-2023-3609](https://nvd.nist.gov/vuln/detail/CVE-2023-3609),[CVE-2023-3610](https://nvd.nist.gov/vuln/detail/CVE-2023-3610),[CVE-2023-3611](https://nvd.nist.gov/vuln/detail/CVE-2023-3611),[CVE-2023-3772](https://nvd.nist.gov/vuln/detail/CVE-2023-3772),[CVE-2023-3776](https://nvd.nist.gov/vuln/detail/CVE-2023-3776),[CVE-2023-3777](https://nvd.nist.gov/vuln/detail/CVE-2023-3777),[CVE-2023-3812](https://nvd.nist.gov/vuln/detail/CVE-2023-3812),[CVE-2023-38426](https://nvd.nist.gov/vuln/detail/CVE-2023-38426),[CVE-2023-38428](https://nvd.nist.gov/vuln/detail/CVE-2023-38428),[CVE-2023-38429](https://nvd.nist.gov/vuln/detail/CVE-2023-38429),[CVE-2023-38432](https://nvd.nist.gov/vuln/detail/CVE-2023-38432),[CVE-2023-3863](https://nvd.nist.gov/vuln/detail/CVE-2023-3863),[CVE-2023-3865](https://nvd.nist.gov/vuln/detail/CVE-2023-3865),[CVE-2023-3866](https://nvd.nist.gov/vuln/detail/CVE-2023-3866),[CVE-2023-4004](https://nvd.nist.gov/vuln/detail/CVE-2023-4004),[CVE-2023-4015](https://nvd.nist.gov/vuln/detail/CVE-2023-4015),[CVE-2023-40283](https://nvd.nist.gov/vuln/detail/CVE-2023-40283),[CVE-2023-4128](https://nvd.nist.gov/vuln/detail/CVE-2023-4128),[CVE-2023-4132](https://nvd.nist.gov/vuln/detail/CVE-2023-4132),[CVE-2023-4147](https://nvd.nist.gov/vuln/detail/CVE-2023-4147),[CVE-2023-4206](https://nvd.nist.gov/vuln/detail/CVE-2023-4206),[CVE-2023-4207](https://nvd.nist.gov/vuln/detail/CVE-2023-4207),[CVE-2023-4208](https://nvd.nist.gov/vuln/detail/CVE-2023-4208),[CVE-2023-4273](https://nvd.nist.gov/vuln/detail/CVE-2023-4273),[CVE-2023-42752](https://nvd.nist.gov/vuln/detail/CVE-2023-42752),[CVE-2023-42753](https://nvd.nist.gov/vuln/detail/CVE-2023-42753),[CVE-2023-42755](https://nvd.nist.gov/vuln/detail/CVE-2023-42755),[CVE-2023-4385](https://nvd.nist.gov/vuln/detail/CVE-2023-4385),[CVE-2023-4387](https://nvd.nist.gov/vuln/detail/CVE-2023-4387),[CVE-2023-4389](https://nvd.nist.gov/vuln/detail/CVE-2023-4389),[CVE-2023-4459](https://nvd.nist.gov/vuln/detail/CVE-2023-4459),[CVE-2023-4569](https://nvd.nist.gov/vuln/detail/CVE-2023-4569),[CVE-2023-4623](https://nvd.nist.gov/vuln/detail/CVE-2023-4623), [CVE-2023-4921](https://nvd.nist.gov/vuln/detail/CVE-2023-4921), [CVE-2022-40982](https://nvd.nist.gov/vuln/detail/CVE-2022-40982), [CVE-2022-41804](https://nvd.nist.gov/vuln/detail/CVE-2022-41804), [CVE-2023-20569](https://nvd.nist.gov/vuln/detail/CVE-2023-20569), [CVE-2023-23908](https://nvd.nist.gov/vuln/detail/CVE-2023-23908))<br> - Docker ([CVE-2022-36109](https://nvd.nist.gov/vuln/detail/CVE-2022-36109), [CVE-2022-29526](https://nvd.nist.gov/vuln/detail/CVE-2022-29526))<br> - Go ([CVE-2021-44716](https://nvd.nist.gov/vuln/detail/CVE-2021-44716), [CVE-2021-44717](https://nvd.nist.gov/vuln/detail/CVE-2021-44717), [CVE-2022-1705](https://nvd.nist.gov/vuln/detail/CVE-2022-1705), [CVE-2022-1962](https://nvd.nist.gov/vuln/detail/CVE-2022-1962), [CVE-2022-2879](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879), [CVE-2022-2880](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880), [CVE-2022-24675](https://nvd.nist.gov/vuln/detail/CVE-2022-24675), [CVE-2022-27664](https://nvd.nist.gov/vuln/detail/CVE-2022-27664), [CVE-2022-28131](https://nvd.nist.gov/vuln/detail/CVE-2022-28131), [CVE-2022-29526](https://nvd.nist.gov/vuln/detail/CVE-2022-29526), [CVE-2022-30630](https://nvd.nist.gov/vuln/detail/CVE-2022-30630), [CVE-2022-30631](https://nvd.nist.gov/vuln/detail/CVE-2022-30631), [CVE-2022-30632](https://nvd.nist.gov/vuln/detail/CVE-2022-30632), [CVE-2022-30633](https://nvd.nist.gov/vuln/detail/CVE-2022-30633), [CVE-2022-30635](https://nvd.nist.gov/vuln/detail/CVE-2022-30635), [CVE-2022-32148](https://nvd.nist.gov/vuln/detail/CVE-2022-32148), [CVE-2022-32189](https://nvd.nist.gov/vuln/detail/CVE-2022-32189), [CVE-2022-32190](https://nvd.nist.gov/vuln/detail/CVE-2022-32190), [CVE-2022-41715](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41715), [CVE-2022-41717](https://nvd.nist.gov/vuln/detail/CVE-2022-41717))<br> - bind tools ([CVE-2022-2795](https://nvd.nist.gov/vuln/detail/CVE-2022-2795), [CVE-2022-2881](https://nvd.nist.gov/vuln/detail/CVE-2022-2881), [CVE-2022-2906](https://nvd.nist.gov/vuln/detail/CVE-2022-2906), [CVE-2022-3080](https://nvd.nist.gov/vuln/detail/CVE-2022-3080), [CVE-2022-38177](https://nvd.nist.gov/vuln/detail/CVE-2022-38177), [CVE-2022-38178](https://nvd.nist.gov/vuln/detail/CVE-2022-38178))<br> - binutils ([CVE-2021-45078](https://nvd.nist.gov/vuln/detail/CVE-2021-45078))<br> - cifs-utils ([CVE-2021-20208](https://nvd.nist.gov/vuln/detail/CVE-2021-20208), [CVE-2022-27239](https://nvd.nist.gov/vuln/detail/CVE-2022-27239), [CVE-2022-29869](https://nvd.nist.gov/vuln/detail/CVE-2022-29869))<br> - containerd ([CVE-2021-43816](https://nvd.nist.gov/vuln/detail/CVE-2021-43816), [CVE-2022-23471](https://nvd.nist.gov/vuln/detail/CVE-2022-23471), [CVE-2022-23648](https://nvd.nist.gov/vuln/detail/CVE-2022-23648), [CVE-2022-24769](https://nvd.nist.gov/vuln/detail/CVE-2022-24769), [CVE-2022-31030](https://nvd.nist.gov/vuln/detail/CVE-2022-31030))<br> - cpio ([CVE-2021-38185](https://nvd.nist.gov/vuln/detail/CVE-2021-38185))<br> - cryptsetup ([CVE-2021-4122](https://nvd.nist.gov/vuln/detail/CVE-2021-4122)) <br> - curl ([CVE-2022-22576](https://nvd.nist.gov/vuln/detail/CVE-2022-22576), [CVE-2022-27774](https://nvd.nist.gov/vuln/detail/CVE-2022-27774), [CVE-2022-27775](https://nvd.nist.gov/vuln/detail/CVE-2022-27775), [CVE-2022-27776](https://nvd.nist.gov/vuln/detail/CVE-2022-27776), [CVE-2022-27778](https://nvd.nist.gov/vuln/detail/CVE-2022-27778), [CVE-2022-27779](https://nvd.nist.gov/vuln/detail/CVE-2022-27779), [CVE-2022-27780](https://nvd.nist.gov/vuln/detail/CVE-2022-27780), [CVE-2022-27781](https://nvd.nist.gov/vuln/detail/CVE-2022-27781), [CVE-2022-27782](https://nvd.nist.gov/vuln/detail/CVE-2022-27782), [CVE-2022-30115](https://nvd.nist.gov/vuln/detail/CVE-2022-30115), [CVE-2022-32205](https://nvd.nist.gov/vuln/detail/CVE-2022-32205), [CVE-2022-32206](https://nvd.nist.gov/vuln/detail/CVE-2022-32206), [CVE-2022-32207](https://nvd.nist.gov/vuln/detail/CVE-2022-32207), [CVE-2022-32208](https://nvd.nist.gov/vuln/detail/CVE-2022-32208), [CVE-2022-32221](https://nvd.nist.gov/vuln/detail/CVE-2022-32221), [CVE-2022-35260](https://nvd.nist.gov/vuln/detail/CVE-2022-32221), [CVE-2022-42915](https://nvd.nist.gov/vuln/detail/CVE-2022-32221), [CVE-2022-42916](https://nvd.nist.gov/vuln/detail/CVE-2022-32221), [CVE-2022-35252](https://nvd.nist.gov/vuln/detail/CVE-2022-35252), [CVE-2022-43551](https://nvd.nist.gov/vuln/detail/CVE-2022-43551), [CVE-2022-43552](https://nvd.nist.gov/vuln/detail/CVE-2022-43552))<br> - dbus ([CVE-2022-42010](https://nvd.nist.gov/vuln/detail/CVE-2022-42010), [CVE-2022-42011](https://nvd.nist.gov/vuln/detail/CVE-2022-42011), [CVE-2022-42012](https://nvd.nist.gov/vuln/detail/CVE-2022-42012))<br> - duktape ([CVE-2021-46322](https://nvd.nist.gov/vuln/detail/CVE-2021-46322))<br> - expat ([CVE-2022-40674](https://nvd.nist.gov/vuln/detail/CVE-2022-40674), [CVE-2022-43680](https://nvd.nist.gov/vuln/detail/CVE-2022-43680))<br> - gcc ([CVE-2020-13844](https://nvd.nist.gov/vuln/detail/CVE-2020-13844))<br> - git ([CVE-2022-23521](https://nvd.nist.gov/vuln/detail/CVE-2022-23521), [CVE-2022-24765](https://nvd.nist.gov/vuln/detail/CVE-2022-24765), [CVE-2022-29187](https://nvd.nist.gov/vuln/detail/CVE-2022-29187), [CVE-2022-39253](https://nvd.nist.gov/vuln/detail/CVE-2022-39253), [CVE-2022-39260](https://nvd.nist.gov/vuln/detail/CVE-2022-39260), [CVE-2022-41903](https://nvd.nist.gov/vuln/detail/CVE-2022-41903))<br> - glib ([fixes to normal form handling in GVariant](https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835))<br> - gnupg ([CVE-2022-34903](https://nvd.nist.gov/vuln/detail/CVE-2022-34903))<br> - gnutls ([CVE-2021-4209](https://nvd.nist.gov/vuln/detail/CVE-2021-4209), [GNUTLS-SA-2022-01-17](https://gitlab.com/gnutls/gnutls/-/issues/1277), [CVE-2022-2509](https://nvd.nist.gov/vuln/detail/CVE-2022-2509))<br> - gzip,xz-utils ([CVE-2022-1271](https://nvd.nist.gov/vuln/detail/CVE-2022-1271))<br> - ignition ([CVE-2020-14040](https://nvd.nist.gov/vuln/detail/CVE-2020-14040), [CVE-2021-38561](https://nvd.nist.gov/vuln/detail/CVE-2021-38561), [CVE-2022-1706](https://nvd.nist.gov/vuln/detail/CVE-2022-1706))<br> - intel-microcode ([CVE-2021-0127](https://nvd.nist.gov/vuln/detail/CVE-2021-0127), [CVE-2021-0146](https://nvd.nist.gov/vuln/detail/CVE-2021-0146), [CVE-2022-21151](https://nvd.nist.gov/vuln/detail/CVE-2022-21151), [CVE-2022-21233](https://nvd.nist.gov/vuln/detail/CVE-2022-21233))<br> - krb5 ([CVE-2021-37750](https://nvd.nist.gov/vuln/detail/CVE-2021-37750))<br> - libarchive ([CVE-2021-31566](https://nvd.nist.gov/vuln/detail/CVE-2021-31566), [CVE-2021-36976](https://nvd.nist.gov/vuln/detail/CVE-2021-36976), [CVE-2022-26280](https://nvd.nist.gov/vuln/detail/CVE-2022-26280), [CVE-2022-36227](https://nvd.nist.gov/vuln/detail/CVE-2022-36227), [libarchive-1565](https://github.com/libarchive/libarchive/issues/1565), [libarchive-1566](https://github.com/libarchive/libarchive/issues/1566))<br> - libksba ([CVE-2022-3515](https://nvd.nist.gov/vuln/detail/CVE-2022-3515), [CVE-2022-47629](https://nvd.nist.gov/vuln/detail/CVE-2022-47629))<br> - GNU Libtasn1 ([Gentoo#866237](https://bugs.gentoo.org/866237))<br> - libtirpc ([CVE-2021-46828](https://nvd.nist.gov/vuln/detail/CVE-2021-46828))<br> - libxml2 ([CVE-2016-3709](https://nvd.nist.gov/vuln/detail/CVE-2016-3709), [CVE-2022-2309](https://nvd.nist.gov/vuln/detail/CVE-2022-2309), [CVE-2022-23308](https://nvd.nist.gov/vuln/detail/CVE-2022-23308), [CVE-2022-29824](https://nvd.nist.gov/vuln/detail/CVE-2022-29824), [CVE-2022-40303](https://nvd.nist.gov/vuln/detail/CVE-2022-40303), [CVE-2022-40304](https://nvd.nist.gov/vuln/detail/CVE-2022-40304))<br> - logrotate ([CVE-2022-1348](https://nvd.nist.gov/vuln/detail/CVE-2022-1348))<br> - multipath-tools ([CVE-2022-41973](https://nvd.nist.gov/vuln/detail/CVE-2022-41973), [CVE-2022-41974](https://nvd.nist.gov/vuln/detail/CVE-2022-41974))<br> - ncurses ([CVE-2022-29458](https://nvd.nist.gov/vuln/detail/CVE-2022-29458))<br> - nvidia-drivers ([CVE-2022-28181](https://nvd.nist.gov/vuln/detail/CVE-2022-28181), [CVE-2022-28183](https://nvd.nist.gov/vuln/detail/CVE-2022-28183), [CVE-2022-28184](https://nvd.nist.gov/vuln/detail/CVE-2022-28184), [CVE-2022-28185](https://nvd.nist.gov/vuln/detail/CVE-2022-28185))<br> - oniguruma ([oniguruma-20220430](https://bugs.gentoo.org/841893))<br> - OpenSSH ([CVE-2021-41617](https://nvd.nist.gov/vuln/detail/CVE-2021-41617))<br> - OpenSSL ([CVE-2021-4044](https://nvd.nist.gov/vuln/detail/CVE-2021-4044), [CVE-2022-1292](https://nvd.nist.gov/vuln/detail/CVE-2022-1292), [CVE-2022-1343](https://nvd.nist.gov/vuln/detail/CVE-2022-1343), [CVE-2022-1434](https://nvd.nist.gov/vuln/detail/CVE-2022-1434), [CVE-2022-1473](https://nvd.nist.gov/vuln/detail/CVE-2022-1473), [CVE-2022-3602](https://nvd.nist.gov/vuln/detail/CVE-2022-3602), [CVE-2022-3786](https://nvd.nist.gov/vuln/detail/CVE-2022-3786))<br> - polkit ([CVE-2021-4115](https://nvd.nist.gov/vuln/detail/CVE-2021-4115))<br> - rsync ([CVE-2018-25032](https://nvd.nist.gov/vuln/detail/CVE-2018-25032), [CVE-2022-29154](https://nvd.nist.gov/vuln/detail/CVE-2022-29154))<br> - runc ([CVE-2022-29162](https://nvd.nist.gov/vuln/detail/CVE-2022-29162))<br> - shadow ([CVE-2013-4235](https://nvd.nist.gov/vuln/detail/CVE-2013-4235))<br> - sudo ([CVE-2022-43995](https://nvd.nist.gov/vuln/detail/CVE-2022-43995), [CVE-2023-22809](https://nvd.nist.gov/vuln/detail/CVE-2023-22809))<br> - systemd ([CVE-2021-3997](https://nvd.nist.gov/vuln/detail/CVE-2021-3997), [CVE-2022-3821](https://nvd.nist.gov/vuln/detail/CVE-2022-3821), [CVE-2022-4415](https://nvd.nist.gov/vuln/detail/CVE-2022-4415))<br> - unzip ([CVE-2022-0529](https://nvd.nist.gov/vuln/detail/CVE-2022-0529), [CVE-2022-0530](https://nvd.nist.gov/vuln/detail/CVE-2022-0530), [CVE-2021-4217](https://nvd.nist.gov/vuln/detail/CVE-2021-4217))<br> - util-linux ([CVE-2021-3995](https://nvd.nist.gov/vuln/detail/CVE-2021-3995), [CVE-2021-3996](https://nvd.nist.gov/vuln/detail/CVE-2021-3996), [CVE-2022-0563](https://nvd.nist.gov/vuln/detail/CVE-2022-0563))<br> - vim ([CVE-2021-3872](https://nvd.nist.gov/vuln/detail/CVE-2021-3872), [CVE-2021-3875](https://nvd.nist.gov/vuln/detail/CVE-2021-3875), [CVE-2021-3903](https://nvd.nist.gov/vuln/detail/CVE-2021-3903), [CVE-2021-3927](https://nvd.nist.gov/vuln/detail/CVE-2021-3927), [CVE-2021-3928](https://nvd.nist.gov/vuln/detail/CVE-2021-3928), [CVE-2021-3968](https://nvd.nist.gov/vuln/detail/CVE-2021-3968), [CVE-2021-3973](https://nvd.nist.gov/vuln/detail/CVE-2021-3973), [CVE-2021-3974](https://nvd.nist.gov/vuln/detail/CVE-2021-3974), [CVE-2021-3984](https://nvd.nist.gov/vuln/detail/CVE-2021-3984), [CVE-2021-4019](https://nvd.nist.gov/vuln/detail/CVE-2021-4019), [CVE-2021-4069](https://nvd.nist.gov/vuln/detail/CVE-2021-4069), [CVE-2021-4136](https://nvd.nist.gov/vuln/detail/CVE-2021-4136), [CVE-2021-4173](https://nvd.nist.gov/vuln/detail/CVE-2021-4173),[ CVE-2021-4166](https://nvd.nist.gov/vuln/detail/CVE-2021-4166), [CVE-2021-4187](https://nvd.nist.gov/vuln/detail/CVE-2021-4187), [CVE-2021-4192](https://nvd.nist.gov/vuln/detail/CVE-2021-4192), [CVE-2021-4193](https://nvd.nist.gov/vuln/detail/CVE-2021-4193), [CVE-2022-0128](https://nvd.nist.gov/vuln/detail/CVE-2022-0128), [CVE-2022-0156](https://nvd.nist.gov/vuln/detail/CVE-2022-0156), [CVE-2022-0158](https://nvd.nist.gov/vuln/detail/CVE-2022-0158), [CVE-2022-0213](https://nvd.nist.gov/vuln/detail/CVE-2022-0213), [CVE-2022-0261](https://nvd.nist.gov/vuln/detail/CVE-2022-0261), [CVE-2022-0318](https://nvd.nist.gov/vuln/detail/CVE-2022-0318), [CVE-2022-0319](https://nvd.nist.gov/vuln/detail/CVE-2022-0319), [CVE-2022-0351](https://nvd.nist.gov/vuln/detail/CVE-2022-0351), [CVE-2022-0359](https://nvd.nist.gov/vuln/detail/CVE-2022-0359), [CVE-2022-0361](https://nvd.nist.gov/vuln/detail/CVE-2022-0361), [CVE-2022-0368](https://nvd.nist.gov/vuln/detail/CVE-2022-0368), [CVE-2022-0392](https://nvd.nist.gov/vuln/detail/CVE-2022-0392), [CVE-2022-0393](https://nvd.nist.gov/vuln/detail/CVE-2022-0393), [CVE-2022-0407](https://nvd.nist.gov/vuln/detail/CVE-2022-0407), [CVE-2022-0408](https://nvd.nist.gov/vuln/detail/CVE-2022-0408), [CVE-2022-0413](https://nvd.nist.gov/vuln/detail/CVE-2022-0413), [CVE-2022-0417](https://nvd.nist.gov/vuln/detail/CVE-2022-0417), [CVE-2022-0443](https://nvd.nist.gov/vuln/detail/CVE-2022-0443), [CVE-2022-0629](https://nvd.nist.gov/vuln/detail/CVE-2022-0629), [CVE-2022-0685](https://nvd.nist.gov/vuln/detail/CVE-2022-0685), [CVE-2022-0714](https://nvd.nist.gov/vuln/detail/CVE-2022-0714), [CVE-2022-0729](https://nvd.nist.gov/vuln/detail/CVE-2022-0729), [CVE-2022-0943](https://nvd.nist.gov/vuln/detail/CVE-2022-0943), [CVE-2022-1154](https://nvd.nist.gov/vuln/detail/CVE-2022-1154), [CVE-2022-1160](https://nvd.nist.gov/vuln/detail/CVE-2022-1160), [CVE-2022-1381](https://nvd.nist.gov/vuln/detail/CVE-2022-1381), [CVE-2022-1420](https://nvd.nist.gov/vuln/detail/CVE-2022-1420), [CVE-2022-1616](https://nvd.nist.gov/vuln/detail/CVE-2022-1616), [CVE-2022-1619](https://nvd.nist.gov/vuln/detail/CVE-2022-1619), [CVE-2022-1620](https://nvd.nist.gov/vuln/detail/CVE-2022-1620), [CVE-2022-1621](https://nvd.nist.gov/vuln/detail/CVE-2022-1621), [CVE-2022-1629](https://nvd.nist.gov/vuln/detail/CVE-2022-1629), [CVE-2022-1674](https://nvd.nist.gov/vuln/detail/CVE-2022-1674), [CVE-2022-1725](https://nvd.nist.gov/vuln/detail/CVE-2022-1725), [CVE-2022-1733](https://nvd.nist.gov/vuln/detail/CVE-2022-1733), [CVE-2022-1735](https://nvd.nist.gov/vuln/detail/CVE-2022-1735), [CVE-2022-1769](https://nvd.nist.gov/vuln/detail/CVE-2022-1769), [CVE-2022-1771](https://nvd.nist.gov/vuln/detail/CVE-2022-1771), [CVE-2022-1785](https://nvd.nist.gov/vuln/detail/CVE-2022-1785), [CVE-2022-1796](https://nvd.nist.gov/vuln/detail/CVE-2022-1796), [CVE-2022-1897](https://nvd.nist.gov/vuln/detail/CVE-2022-1897), [CVE-2022-1898](https://nvd.nist.gov/vuln/detail/CVE-2022-1898), [CVE-2022-1886](https://nvd.nist.gov/vuln/detail/CVE-2022-1886), [CVE-2022-1851](https://nvd.nist.gov/vuln/detail/CVE-2022-1851), [CVE-2022-1927](https://nvd.nist.gov/vuln/detail/CVE-2022-1927), [CVE-2022-1942](https://nvd.nist.gov/vuln/detail/CVE-2022-1942), [CVE-2022-1968](https://nvd.nist.gov/vuln/detail/CVE-2022-1968), [CVE-2022-2000](https://nvd.nist.gov/vuln/detail/CVE-2022-2000), [CVE-2022-2042](https://nvd.nist.gov/vuln/detail/CVE-2022-2042), [CVE-2022-2124](https://nvd.nist.gov/vuln/detail/CVE-2022-2124), [CVE-2022-2125](https://nvd.nist.gov/vuln/detail/CVE-2022-2125), [CVE-2022-2126](https://nvd.nist.gov/vuln/detail/CVE-2022-2126), [CVE-2022-2129](https://nvd.nist.gov/vuln/detail/CVE-2022-2129), [CVE-2022-2175](https://nvd.nist.gov/vuln/detail/CVE-2022-2175), [CVE-2022-2182](https://nvd.nist.gov/vuln/detail/CVE-2022-2182), [CVE-2022-2183](https://nvd.nist.gov/vuln/detail/CVE-2022-2183), [CVE-2022-2206](https://nvd.nist.gov/vuln/detail/CVE-2022-2206), [CVE-2022-2207](https://nvd.nist.gov/vuln/detail/CVE-2022-2207), [CVE-2022-2208](https://nvd.nist.gov/vuln/detail/CVE-2022-2208), [CVE-2022-2210](https://nvd.nist.gov/vuln/detail/CVE-2022-2210), [CVE-2022-2231](https://nvd.nist.gov/vuln/detail/CVE-2022-2231), [CVE-2022-2257](https://nvd.nist.gov/vuln/detail/CVE-2022-2257), [CVE-2022-2264](https://nvd.nist.gov/vuln/detail/CVE-2022-2264), [CVE-2022-2284](https://nvd.nist.gov/vuln/detail/CVE-2022-2284), [CVE-2022-2285](https://nvd.nist.gov/vuln/detail/CVE-2022-2285), [CVE-2022-2286](https://nvd.nist.gov/vuln/detail/CVE-2022-2286), [CVE-2022-2287](https://nvd.nist.gov/vuln/detail/CVE-2022-2287), [CVE-2022-2288](https://nvd.nist.gov/vuln/detail/CVE-2022-2288), [CVE-2022-2289](https://nvd.nist.gov/vuln/detail/CVE-2022-2289), [CVE-2022-2304](https://nvd.nist.gov/vuln/detail/CVE-2022-2304), [CVE-2022-2343](https://nvd.nist.gov/vuln/detail/CVE-2022-2343), [CVE-2022-2344](https://nvd.nist.gov/vuln/detail/CVE-2022-2344), [CVE-2022-2345](https://nvd.nist.gov/vuln/detail/CVE-2022-2345), [CVE-2022-2522](https://nvd.nist.gov/vuln/detail/CVE-2022-2522), [CVE-2022-2816](https://nvd.nist.gov/vuln/detail/CVE-2022-2816), [CVE-2022-2817](https://nvd.nist.gov/vuln/detail/CVE-2022-2817), [CVE-2022-2819](https://nvd.nist.gov/vuln/detail/CVE-2022-2819), [CVE-2022-2845](https://nvd.nist.gov/vuln/detail/CVE-2022-2845), [CVE-2022-2849](https://nvd.nist.gov/vuln/detail/CVE-2022-2849), [CVE-2022-2862](https://nvd.nist.gov/vuln/detail/CVE-2022-2862), [CVE-2022-2874](https://nvd.nist.gov/vuln/detail/CVE-2022-2874), [CVE-2022-2889](https://nvd.nist.gov/vuln/detail/CVE-2022-2889), [CVE-2022-2923](https://nvd.nist.gov/vuln/detail/CVE-2022-2923), [CVE-2022-2946](https://nvd.nist.gov/vuln/detail/CVE-2022-2946), [CVE-2022-2980](https://nvd.nist.gov/vuln/detail/CVE-2022-2980), [CVE-2022-2982](https://nvd.nist.gov/vuln/detail/CVE-2022-2982), [CVE-2022-3016](https://nvd.nist.gov/vuln/detail/CVE-2022-3016), [CVE-2022-3099](https://nvd.nist.gov/vuln/detail/CVE-2022-3099), [CVE-2022-3134](https://nvd.nist.gov/vuln/detail/CVE-2022-3134), [CVE-2022-3153](https://nvd.nist.gov/vuln/detail/CVE-2022-3153), [CVE-2022-3234](https://nvd.nist.gov/vuln/detail/CVE-2022-3234), [CVE-2022-3235](https://nvd.nist.gov/vuln/detail/CVE-2022-3235), [CVE-2022-3278](https://nvd.nist.gov/vuln/detail/CVE-2022-3278), [CVE-2022-3256](https://nvd.nist.gov/vuln/detail/CVE-2022-3256), [CVE-2022-3296](https://nvd.nist.gov/vuln/detail/CVE-2022-3296), [CVE-2022-3297](https://nvd.nist.gov/vuln/detail/CVE-2022-3297), [CVE-2022-3324](https://nvd.nist.gov/vuln/detail/CVE-2022-3324), [CVE-2022-3352](https://nvd.nist.gov/vuln/detail/CVE-2022-3352), [CVE-2022-3491](https://nvd.nist.gov/vuln/detail/CVE-2022-3491), [CVE-2022-3520](https://nvd.nist.gov/vuln/detail/CVE-2022-3520), [CVE-2022-3591](https://nvd.nist.gov/vuln/detail/CVE-2022-3591), [CVE-2022-3705](https://nvd.nist.gov/vuln/detail/CVE-2022-3705), [CVE-2022-4141](https://nvd.nist.gov/vuln/detail/CVE-2022-4141), [CVE-2022-4292](https://nvd.nist.gov/vuln/detail/CVE-2022-4292), [CVE-2022-4293](https://nvd.nist.gov/vuln/detail/CVE-2022-4293), [CVE-2023-0049](https://nvd.nist.gov/vuln/detail/CVE-2023-0049), [CVE-2023-0051](https://nvd.nist.gov/vuln/detail/CVE-2023-0051), [CVE-2023-0054](https://nvd.nist.gov/vuln/detail/CVE-2023-0054))<br> - zlib ([CVE-2018-25032](https://nvd.nist.gov/vuln/detail/CVE-2018-25032), [CVE-2022-37434](https://nvd.nist.gov/vuln/detail/CVE-2022-37434))<br> - SDK: edk2-ovmf ([CVE-2019-14584](https://nvd.nist.gov/vuln/detail/CVE-2019-14584), [CVE-2021-28210](https://nvd.nist.gov/vuln/detail/CVE-2021-28210), [CVE-2021-28211](https://nvd.nist.gov/vuln/detail/CVE-2021-28211), [CVE-2021-28213](https://nvd.nist.gov/vuln/detail/CVE-2021-28213))<br> - SDK: libxslt ([CVE-2021-30560](https://nvd.nist.gov/vuln/detail/CVE-2021-30560))<br> - SDK: mantle ([CVE-2021-3121](https://nvd.nist.gov/vuln/detail/CVE-2021-3121), [CVE-2021-38561](https://nvd.nist.gov/vuln/detail/CVE-2021-38561), [CVE-2021-43565](https://nvd.nist.gov/vuln/detail/CVE-2021-43565))<br> - SDK: Python ([CVE-2015-20107](https://nvd.nist.gov/vuln/detail/CVE-2015-20107), [CVE-2020-10735](https://nvd.nist.gov/vuln/detail/CVE-2020-10735), [CVE-2021-3654](https://nvd.nist.gov/vuln/detail/CVE-2021-3654), [CVE-2022-37454](https://nvd.nist.gov/vuln/detail/CVE-2022-37454), [CVE-2022-42919](https://nvd.nist.gov/vuln/detail/CVE-2022-42919), [CVE-2022-45061](https://nvd.nist.gov/vuln/detail/CVE-2022-45061))<br> - SDK: QEMU ([CVE-2020-14394](https://nvd.nist.gov/vuln/detail/CVE-2020-14394), [CVE-2020-35504](https://nvd.nist.gov/vuln/detail/CVE-2020-35504), [CVE-2020-35505](https://nvd.nist.gov/vuln/detail/CVE-2020-35505), [CVE-2020-35506](https://nvd.nist.gov/vuln/detail/CVE-2020-35506), [CVE-2020-35517](https://nvd.nist.gov/vuln/detail/CVE-2020-35517), [CVE-2021-20203](https://nvd.nist.gov/vuln/detail/CVE-2021-20203), [CVE-2021-20255](https://nvd.nist.gov/vuln/detail/CVE-2021-20255), [CVE-2021-20257](https://nvd.nist.gov/vuln/detail/CVE-2021-20257), [CVE-2021-20263](https://nvd.nist.gov/vuln/detail/CVE-2021-20263), [CVE-2021-3409](https://nvd.nist.gov/vuln/detail/CVE-2021-3409), [CVE-2021-3416](https://nvd.nist.gov/vuln/detail/CVE-2021-3416), [CVE-2021-3527](https://nvd.nist.gov/vuln/detail/CVE-2021-3527), [CVE-2021-3544](https://nvd.nist.gov/vuln/detail/CVE-2021-3544), [CVE-2021-3545](https://nvd.nist.gov/vuln/detail/CVE-2021-3545), [CVE-2021-3546](https://nvd.nist.gov/vuln/detail/CVE-2021-3546), [CVE-2021-3582](https://nvd.nist.gov/vuln/detail/CVE-2021-3582), [CVE-2021-3607](https://nvd.nist.gov/vuln/detail/CVE-2021-3607), [CVE-2021-3608](https://nvd.nist.gov/vuln/detail/CVE-2021-3608), [CVE-2021-3682](https://nvd.nist.gov/vuln/detail/CVE-2021-3682), [CVE-2021-20203](https://nvd.nist.gov/vuln/detail/CVE-2021-20203), [CVE-2021-3713](https://nvd.nist.gov/vuln/detail/CVE-2021-3713), [CVE-2021-3930](https://nvd.nist.gov/vuln/detail/CVE-2021-3930), [CVE-2021-3947](https://nvd.nist.gov/vuln/detail/CVE-2021-3947), [CVE-2021-4145](https://nvd.nist.gov/vuln/detail/CVE-2021-4145), [CVE-2022-0216](https://nvd.nist.gov/vuln/detail/CVE-2022-0216), [CVE-2022-26353](https://nvd.nist.gov/vuln/detail/CVE-2022-26353), [CVE-2022-26354](https://nvd.nist.gov/vuln/detail/CVE-2022-26354), [CVE-2022-3872](https://nvd.nist.gov/vuln/detail/CVE-2022-3872), [CVE-2022-4172](https://nvd.nist.gov/vuln/detail/CVE-2022-4172))<br> - SDK: Rust ([CVE-2022-21658](https://nvd.nist.gov/vuln/detail/CVE-2022-21658), [CVE-2022-36113](https://nvd.nist.gov/vuln/detail/CVE-2022-36113), [CVE-2022-36114](https://nvd.nist.gov/vuln/detail/CVE-2022-36114), [CVE-2022-46176](https://nvd.nist.gov/vuln/detail/CVE-2022-46176))<br> - SDK: squashfs-tools ([CVE-2021-40153](https://nvd.nist.gov/vuln/detail/CVE-2021-40153), [CVE-2021-41072](https://nvd.nist.gov/vuln/detail/CVE-2021-41072))<br> - VMware: open-vm-tools ([CVE-2022-31676](https://nvd.nist.gov/vuln/detail/CVE-2022-31676))<br><br> <br> #### Bug fixes:<br> <br> - Added `networkd` translation to `files` section when converting from Ignition 2.x to Ignition 3.x ([coreos-overlay#1910](https://github.com/flatcar-linux/coreos-overlay/pull/1910), [flatcar#741](https://github.com/flatcar-linux/Flatcar/issues/741))<br> - Added a remount action as `systemd-sysext.service` drop-in unit to restore the OEM partition mount after the overlay mounts in `/usr` are done ([init#69](https://github.com/flatcar-linux/init/pull/69))<br> - Added back Ignition support for Vagrant ([coreos-overlay#2351](https://github.com/flatcar/coreos-overlay/pull/2351))<br> - Added back `gettext` to the OS ([Flatcar#849](https://github.com/flatcar-linux/Flatcar/issues/849))<br> - Added merging of Ignition systemd duplicated units when auto-translating from Ignition 2 to Ignition 3. ([coreos-overlay#2187](https://github.com/flatcar/coreos-overlay/pull/2187))<br> - Added support for Openstack for cloud-init activation ([flatcar-linux/init#76](https://github.com/flatcar-linux/init/pull/76))<br> - Added support for hardware security keys in update-ssh-keys ([update-ssh-keys#7](https://github.com/flatcar/update-ssh-keys/pull/7))<br> - Enabled IOMMU on arm64 kernels, the lack of which prevented some systems from booting ([coreos-overlay#2235](https://github.com/flatcar/coreos-overlay/pull/2235))<br> - Excluded Wireguard interface from `systemd-networkd` default management ([Flatcar#808](https://github.com/flatcar-linux/Flatcar/issues/808))<br> - Excluded the Kubenet cbr0 interface from networkd's DHCP config and set it to Unmanaged to prevent interference and ensure that it is not part of the network online check ([init#55](https://github.com/flatcar-linux/init/pull/55))<br> - Excluded the special Kubernetes network interfaces `nodelocaldns` and `kube-ipvs0` from being managed with systemd-networkd which interfered with the setup ([init#89](https://github.com/flatcar/init/pull/89)).<br> - Fix "ext4 deadlock under heavy I/O load" kernel issue. The patch for this is included provisionally while we wait for it to be merged upstream ([Flatcar#847](https://github.com/flatcar/Flatcar/issues/847), [coreos-overlay#2315](https://github.com/flatcar/coreos-overlay/pull/2315))<br> - Fixed Ignition btrfs forced formatting for OEM partition ([coreos-overlay#2277](https://github.com/flatcar/coreos-overlay/pull/2277))<br> - Fixed Ignition's OEM ID to be `metal` to follow the Ignition upstream change which otherwise resulted in a broken boot when the Flatcar OEM ID `pxe` was used ([bootengine#45](https://github.com/flatcar-linux/bootengine/pull/45))<br> - Fixed `/etc/resolv.conf` symlink by pointing it at `resolv.conf` instead of `stub-resolv.conf`. This bug was present since the update to systemd v250 ([coreos-overlay#2057](https://github.com/flatcar-linux/coreos-overlay/pull/2057))<br> - Fixed a regression (in Alpha/Beta) where machines failed to boot if they didn't have the `core` user or group in `/etc/passwd` or `/etc/group` ([baselayout#26](https://github.com/flatcar/baselayout/pull/26))<br> - Fixed excluded interface type from default systemd-networkd configuration ([flatcar-linux/init#78](https://github.com/flatcar-linux/init/pull/78))<br> - Fixed space escaping in the `networkd` Ignition translation ([Flatcar#812](https://github.com/flatcar-linux/Flatcar/issues/812))<br> - Fixed the dracut emergency Ignition log printing that had a scripting error causing the cat command to fail ([bootengine#33](https://github.com/flatcar-linux/bootengine/pull/33))<br> - Made Ignition write the SSH keys into a file under `authorized_keys.d/ignition` again and added a call to `update-ssh-keys` after Ignition ran to create the merged `authorized_keys` file, which fixes the problem that keys added by Ignition get lost when `update-ssh-keys` runs ([init#66](https://github.com/flatcar-linux/init/pull/66))<br> - Re-added the `brd drbd nbd rbd xen-blkfront zram libarc4 lru_cache zsmalloc` kernel modules to the initramfs since they were missing compared to the Flatcar 3033.2.x releases where the 5.10 kernel is used ([bootengine#40](https://github.com/flatcar-linux/bootengine/pull/40))<br> - Restored the support to specify OEM partition files in Ignition when `/usr/share/oem` is given as initrd mount point ([bootengine#58](https://github.com/flatcar/bootengine/pull/58))<br> - Reverted the Linux kernel commit which broke networking on AWS instances which use Intel 82559 NIC (c4/m4) ([Flatcar#665](https://github.com/flatcar-linux/Flatcar/issues/665), [coreos-overlay#1723](https://github.com/flatcar-linux/coreos-overlay/pull/1723))<br> - Skipped starting `ensure-sysext.service` if `systemd-sysext.service` won't be started, to prevent reporting a dependency failure ([Flatcar#710](https://github.com/flatcar-linux/Flatcar/issues/710))<br> - The Ignition v3 kargs directive failed before when used with the generic image where no `grub.cfg` exists, this was fixed by creating it first ([bootengine#47](https://github.com/flatcar-linux/bootengine/pull/47))<br> - The rootfs setup in the initrd now runs systemd-tmpfiles on every boot, not only when Ignition runs, to fix a dbus failure due to missing files ([Flatcar#944](https://github.com/flatcar/Flatcar/issues/944))<br> - flatcar-update: Stopped checking for the `USER` environment variable which may not be set in all environments, causing the script to fail unless a workaround was used like prepending an additional `sudo` invocation ([init#58](https://github.com/flatcar-linux/init/pull/58))<br> - network: Accept ICMPv6 Router Advertisements to fix IPv6 address assignment in the default DHCP setting ([init#51](https://github.com/flatcar-linux/init/pull/51), [coreos-cloudinit#12](https://github.com/flatcar-linux/coreos-cloudinit/pull/12), [bootengine#30](https://github.com/flatcar-linux/bootengine/pull/30))<br> - Fixed the restart of Systemd services when the main process is being killed by a SIGHUP signal ([flatcar#1157](https://github.com/flatcar/Flatcar/issues/1157))<br> - Resolved the conflicting FD usage of libselinux and systemd which caused, e.g., a systemd crash on certain watchdog interaction during shutdown (patch in systemd 252.11)<br> - AWS: added EKS support for version 1.22 and 1.23. ([coreos-overlay#2110](https://github.com/flatcar-linux/coreos-overlay/pull/2110), [Flatcar#829](https://github.com/flatcar-linux/Flatcar/issues/829))- VMWare: excluded `wireguard` (and others) from `systemd-networkd` management. ([init#80](https://github.com/flatcar-linux/init/pull/80))<br> - GCP: Restored oem-gce.service functionality on GCP ([coreos-overlay#1813](https://github.com/flatcar-linux/coreos-overlay/pull/1813))<br> - GCP: Fixed shutdown script execution ([coreos-overlay#1912](https://github.com/flatcar-linux/coreos-overlay/pull/1912), [flatcar#743](https://github.com/flatcar-linux/Flatcar/issues/743))<br><br> <br> #### Changes:<br> <br> - ARM64: Added [cifs-utils](https://wiki.samba.org/index.php/LinuxCIFS_utils) for ARM64<br> - ARM64: Added [sssd](https://sssd.io/), [adcli](https://www.freedesktop.org/software/realmd/adcli/adcli.html) and realmd for ARM64<br> - Added CONFIG_NF_CT_NETLINK_HELPER (for libnetfilter_cthelper), CONFIG_NET_VRF (for virtual routing and forwarding) and CONFIG_KEY_DH_OPERATIONS (for keyutils) to the kernel config ([coreos-overlay#1524](https://github.com/flatcar-linux/coreos-overlay/pull/1524))<br> - Added VMware networking configuration in the initramfs via guestinfo settings ([bootengine#44](https://github.com/flatcar-linux/bootengine/pull/44), [flatcar#717](https://github.com/flatcar-linux/Flatcar/issues/717))<br> - Added `CONFIG_NF_CONNTRACK_BRIDGE` (for nf_conntrack_bridge) and `CONFIG_NFT_BRIDGE_META` (for nft_meta_bridge) to the kernel config to allow using conntrack rules for bridges in nftables and to match on bridge interface names ([coreos-overlay#2207](https://github.com/flatcar/coreos-overlay/pull/2207))<br> - Added `auditd.service` but left it disabled by default, a custom configuration can be created by removing `/etc/audit/auditd.conf` and replacing it with an own file ([coreos-overlay#1636](https://github.com/flatcar-linux/coreos-overlay/pull/1636))<br> - Added `cryptsetup` to the initramfs for the Ignition `luks` directive ([flatcar-linux/coreos-overlay#1760](https://github.com/flatcar-linux/coreos-overlay/pull/1760))<br> - Added a new flatcar-update tool to the image to ease manual updates, rollbacks, channel/release jumping, and airgapped updates ([init#53](https://github.com/flatcar-linux/init/pull/53))<br> - Added efibootmgr binary to the image ([coreos-overlay#1955](https://github.com/flatcar-linux/coreos-overlay/pull/1955))<br> - Added symlink from `nc` to `ncat`. `-q` option is [not yet supported](https://github.com/nmap/nmap/issues/2422) ([flatcar#545](https://github.com/flatcar-linux/Flatcar/issues/545))<br> - Besides Ignition v1 and v2 configurations, Ignition configurations with specification v3 (up to 3.3.0) are now supported, see the [docs section for details](https://www.flatcar.org/docs/latest/provisioning/ignition/specification/#ignition-v3)<br> - Bring in dependencies for NFS4 with Kerberos both in kernel and userspace. Tested against NFS4.1 server. ([coreos-overlay#1664](https://github.com/flatcar-linux/coreos-overlay/pull/1664))<br> - Change CONFIG_WIREGUARD kernel option to module to save space on boot partition ([coreos-overlay#2239](https://github.com/flatcar/coreos-overlay/pull/2239))<br> - Disable several arch specific arm64 kernel config options for unsupported platforms to save space on boot partition ([coreos-overlay#2239](https://github.com/flatcar/coreos-overlay/pull/2239))<br> - Enabled `CONFIG_INTEL_RAPL` on AMD64 Kernel config to compile `intel_rapl_common` module in order to allow power monitoring on modern Intel processors ([coreos-overlay#1801](https://github.com/flatcar-linux/coreos-overlay/pull/1801))<br> - Enabled `systemd-sysext.service` to activate systemd-sysext images on boot, to disable you will need to mask it. Also added a helper service `ensure-sysext.service` which reloads the systemd units to reevaluate the `sockets`, `timers`, and `multi-user` targets when `systemd-sysext.service` is (re)started, making it possible to enable units that are part of a sysext image ([init#65](https://github.com/flatcar-linux/init/pull/65))<br> - Excluded special network interface devices like bridge, tunnel, vxlan, and veth devices from the default DHCP configuration to prevent networkd interference ([init#56](https://github.com/flatcar-linux/init/pull/56))<br> - For amd64 `/usr/lib` used to be a symlink to `/usr/lib64` but now they became two separate folders as common in other distributions (and was the case for arm64 already). Compatibility symlinks exist in case `/usr/lib64` was used to access, e.g., the `modules` folder or the `systemd` folder ([coreos-overlay#1713](https://github.com/flatcar-linux/coreos-overlay/pull/1713), [scripts#255](https://github.com/flatcar-linux/scripts/pull/255))<br> - Made SELinux enabled by default in default containerd configuration file. ([coreos-overlay#1699](https://github.com/flatcar-linux/coreos-overlay/pull/1699))<br> - Removed rngd.service because it is not essential anymore for the kernel to boot fast in VM environments ([coreos-overlay#1700](https://github.com/flatcar-linux/coreos-overlay/pull/1700))<br> - Specifying the OEM filesystem in Ignition to write files to `/usr/share/oem` is not needed anymore ([bootengine#58](https://github.com/flatcar/bootengine/pull/58))<br> - Switched from `--strip-unneeded` to `--strip-debug` when installing kernel modules, which makes kernel stacktraces more accurate and makes debugging issues easier ([coreos-overlay#2196](https://github.com/flatcar/coreos-overlay/pull/2196))<br> - The flatcar-update tool got two new flags to customize ports used on the host while updating flatcar ([init#81](https://github.com/flatcar/init/pull/81))<br> - Toolbox now uses containerd to download and mount the image ([toolbox#7](https://github.com/flatcar/toolbox/pull/7))<br> - Update-engine now creates the `/run/reboot-required` flag file for [kured](https://github.com/weaveworks/kured) ([update_engine#15](https://github.com/flatcar-linux/update_engine/pull/15))<br> - flatcar-install: Added option to create UEFI boot entry ([init#74](https://github.com/flatcar-linux/init/pull/74))<br> - Add qemu-guest-agent to all amd64 images, it will be automatically enabled when qemu-ga virtio-port is detected ([coreos-overlay#2240](https://github.com/flatcar/coreos-overlay/pull/2240), [portage-stable#373](https://github.com/flatcar/portage-stable/pull/373))<br> - Add a way to remove packages that are hard-blockers for update. A hard-blocker means that the package needs to be removed (for example with `emerge -C`) before an update can happen.<br> - Add support for Microsoft Azure Network Adapter (MANA) NICs on Azure ([scripts#1131](https://github.com/flatcar/scripts/pull/1131))<br> - Defined a systemd-sysext level that sysext images can match for instead of the OS version when they don't have a strong coupling, meaning the only metadata required is `SYSEXT_LEVEL=1.0` and `ID=flatcar` ([Flatcar#643](https://github.com/flatcar-linux/Flatcar/issues/643))<br> - Removed the pre-shipped `/etc/flatcar/update.conf` file, leaving it totally to the user to define the contents as it was unnecessarily overwriting the `/use/share/flatcar/update.conf` ([scripts#212](https://github.com/flatcar-linux/scripts/pull/212))<br> - Rework the way we set up the default python intepreter in SDK - it is now without specifying a version. This should work fine as long as we keep having one version of python in SDK.<br> - Use qcow2 compressed format instead of additional compression layer in Qemu images ([Flatcar#1135](https://github.com/flatcar/Flatcar/issues/1135), [scripts#1132](https://github.com/flatcar/scripts/pull/1132))<br> - AWS: Added AWS IMDSv2 support to coreos-cloudinit ([flatcar-linux/coreos-cloudinit#13](https://github.com/flatcar-linux/coreos-cloudinit/pull/13))<br> - AWS EC2: Removed the setup of `/etc/hostname` from the instance metadata because it used a long FQDN but we can just use use the hostname set via DHCP ([Flatcar#707](https://github.com/flatcar-linux/Flatcar/issues/707))<br> - Azure: Azure VHD disks are now created using subformat=fixed, which makes them suitable for immediate upload to Azure using any tool.<br> - Azure: Set up `/etc/hostname` from instance metadata with Afterburn<br> - OpenStack: enabled `coreos-metadata-sshkeys@.service` to provision SSH keys from metadata. ([Flatcar#817](https://github.com/flatcar/Flatcar/issues/817), [coreos-overlay#2246](https://github.com/flatcar/coreos-overlay/pull/2246))<br> - VMWare: Added `ignition-delete-config.service` to remove Ignition config from VM metadata, see also [here](https://coreos.github.io/ignition/operator-notes/#automatic-config-deletion) ([coreos-overlay#1948](https://github.com/flatcar-linux/coreos-overlay/pull/1948))<br> - SDK / ARM64: Added [go-tspi](https://pkg.go.dev/github.com/coreos/go-tspi) bindings for ARM64<br><br> <br> #### Updates:<br> <br>- Linux ([5.15.132](https://lwn.net/Articles/944877) (includes [5.15.131](https://lwn.net/Articles/943755), [5.15.130](https://lwn.net/Articles/943404), [5.15.129](https://lwn.net/Articles/943113), [5.15.128](https://lwn.net/Articles/942866), [5.15.127](https://lwn.net/Articles/941775), [5.15.126](https://lwn.net/Articles/941296), [5.15.125](https://lwn.net/Articles/940798), [5.15.124](https://lwn.net/Articles/940339), [5.15.123](https://lwn.net/Articles/939424), [5.15.122](https://lwn.net/Articles/939104), [5.15.121](https://lwn.net/Articles/939016), [5.15.120](https://lwn.net/Articles/937404), [5.15.119](https://lwn.net/Articles/936675), [5.15.118](https://lwn.net/Articles/935584), [5.15.117](https://lwn.net/Articles/934622), [5.15.116](https://lwn.net/Articles/934320), [5.15.115](https://lwn.net/Articles/933909), [5.15.114](https://lwn.net/Articles/933280), [5.15.113](https://lwn.net/Articles/932883), [5.15.112](https://lwn.net/Articles/932134), [5.15.111](https://lwn.net/Articles/931680), [5.15.110](https://lwn.net/Articles/930600), [5.15.109](https://lwn.net/Articles/930263), [5.15.108](https://lwn.net/Articles/929679), [5.15.107](https://lwn.net/Articles/929015), [5.15.106](https://lwn.net/Articles/928343), [5.15.105](https://lwn.net/Articles/927860), [5.15.104](https://lwn.net/Articles/926873), [5.15.103](https://lwn.net/Articles/926415), [5.15.102](https://lwn.net/Articles/925991), [5.15.101](https://lwn.net/Articles/925939), [5.15.100](https://lwn.net/Articles/925913), [5.15.99](https://lwn.net/Articles/925844), [5.15.98](https://lwn.net/Articles/925080), [5.15.97](https://lwn.net/Articles/925064), [5.15.96](https://lwn.net/Articles/924441), [5.15.95](https://lwn.net/Articles/924073), [5.15.94](https://lwn.net/Articles/923308), [5.15.93](https://lwn.net/Articles/922814), [5.15.92](https://lwn.net/Articles/922340), [5.15.91](https://lwn.net/Articles/921851), [5.15.90](https://lwn.net/Articles/921029), [5.15.89](https://lwn.net/Articles/920321), [5.15.88](https://lwn.net/Articles/920012), [5.15.87](https://lwn.net/Articles/919793), [5.15.86](https://lwn.net/Articles/918808), [5.15.85](https://lwn.net/Articles/918329), [5.15.84](https://lwn.net/Articles/918206), [5.15.83](https://lwn.net/Articles/917896), [5.15.82](https://lwn.net/Articles/917400), [5.15.81](https://lwn.net/Articles/916763), [5.15.80](https://lwn.net/Articles/916003), [5.15.79](https://lwn.net/Articles/915100), [5.15.78](https://lwn.net/Articles/914423), [5.15.77](https://lwn.net/Articles/913681), [5.15.76](https://lwn.net/Articles/912997), [5.15.75](https://lwn.net/Articles/912500), [5.15.74](https://lwn.net/Articles/911275), [5.15.73](https://lwn.net/Articles/910957), [5.15.72](https://lwn.net/Articles/910398), [5.15.71](https://lwn.net/Articles/909679), [5.15.70](https://lwn.net/Articles/909212), [5.15.69](https://lwn.net/Articles/908782), [5.15.68](https://lwn.net/Articles/908140), [5.15.67](https://lwn.net/Articles/907526), [5.15.66](https://lwn.net/Articles/907524), [5.15.65](https://lwn.net/Articles/907204), [5.15.64](https://lwn.net/Articles/906630), [5.15.63](https://lwn.net/Articles/906059), [5.15.62](https://lwn.net/Articles/905533), [5.15.61](https://lwn.net/Articles/904959), [5.15.60](https://lwn.net/Articles/904461), [5.15.59](https://lwn.net/Articles/903688), [5.15.58](https://lwn.net/Articles/902917), [5.15.57](https://lwn.net/Articles/902317), [5.15.56](https://lwn.net/Articles/902101), [5.15.55](https://lwn.net/Articles/901380), [5.15.54](https://lwn.net/Articles/900911), [5.15.53](https://lwn.net/Articles/900321), [5.15.52](https://lwn.net/Articles/899788), [5.15.51](https://lwn.net/Articles/899370), [5.15.50](https://lwn.net/Articles/899091), [5.15.49](https://lwn.net/Articles/898622), [5.15.48](https://lwn.net/Articles/898124), [5.15.47](https://lwn.net/Articles/897904), [5.15.46](https://lwn.net/Articles/897377), [5.15.45](https://lwn.net/Articles/897167), [5.15.44](https://lwn.net/Articles/896647), [5.15.43](https://lwn.net/Articles/896220), [5.15.42](https://lwn.net/Articles/896226), [5.15.41](https://lwn.net/Articles/895645), [5.15.40](https://lwn.net/Articles/895318), [5.15.39](https://lwn.net/Articles/895070), [5.15.38](https://lwn.net/Articles/894357), [5.15.37](https://lwn.net/Articles/893264), [5.15.36](https://lwn.net/Articles/892812), [5.15.35](https://lwn.net/Articles/892002), [5.15.34](https://lwn.net/Articles/891251), [5.15.33](https://lwn.net/Articles/890722), [5.15.32](https://lwn.net/Articles/889438), [5.15.31](https://lwn.net/Articles/889001), [5.15.30](https://lwn.net/Articles/888521), [5.15.29](https://lwn.net/Articles/888116), [5.15.28](https://lwn.net/Articles/887638), [5.15.27](https://lwn.net/Articles/887219), [5.15.26](https://lwn.net/Articles/886569), [5.15.25](https://lwn.net/Articles/885895), [5.15.24](https://lwn.net/Articles/884973), [5.15.23](https://lwn.net/Articles/884527), [5.15.22](https://lwn.net/Articles/884107), [5.15.21](https://lwn.net/Articles/883958), [5.15.20](https://lwn.net/Articles/883951), [5.15.19](https://lwn.net/Articles/883441), [5.15.18](https://lwn.net/Articles/883326), [5.15.17](https://lwn.net/Articles/882911), [5.15.16](https://lwn.net/Articles/881963), [5.15.15](https://lwn.net/Articles/881548), [5.15.14](https://lwn.net/Articles/881018), [5.15.13](https://lwn.net/Articles/880469), [5.15.12](https://lwn.net/Articles/879997), [5.15.11](https://lwn.net/Articles/879496), [5.15.10](https://lwn.net/Articles/879023), [5.15.9](https://lwn.net/Articles/878898), [5.15.8](https://lwn.net/Articles/878631), [5.15.7](https://lwn.net/Articles/878040), [5.15.6](https://lwn.net/Articles/877286), [5.15.5](https://lwn.net/Articles/876860), [5.15.4](https://lwn.net/Articles/876611)))<br>- Linux Firmware ([20230117](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20230117) (includes [20221214](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20221214), [20221109](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20221109), [20221012](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20221012), [20220913](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20220913), [20220815](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20220815), [20220708](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20220708), [20220610](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20220610), [20220509](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20220509), [20220411](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20220411), [20220310](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20220310), [20220209](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20220209)))<br>- Linux Headers ([5.15](https://lwn.net/Articles/876611/))<br>- Go ([1.19.5](https://go.dev/doc/devel/release#go1.19.5) (includes [1.19.4](https://go.dev/doc/devel/release#go1.19.4), [1.19.3](https://go.dev/doc/devel/release#go1.19.3), [1.18.10](https://go.dev/doc/devel/release#go1.18.10), [1.18.9](https://go.dev/doc/devel/release#go1.18.9), [1.18.7](https://go.dev/doc/devel/release#1.18.7), [1.18.6](https://go.dev/doc/devel/release#go1.18.6), [1.18.4](https://go.dev/doc/devel/release#go1.18.4), [1.18.2](https://go.googlesource.com/go/+/refs/tags/go1.18.2), [1.17.9](https://go.googlesource.com/go/+/refs/tags/go1.17.9)))<br>- Docker ([20.10.23](https://docs.docker.com/engine/release-notes/#201023) (includes [20.10.22](https://docs.docker.com/engine/release-notes/#201022), [20.10.21](https://docs.docker.com/engine/release-notes/#201021), [20.10.20](https://docs.docker.com/engine/release-notes/#201020), [20.10.18](https://docs.docker.com/engine/release-notes/#201018), [20.10.17](https://docs.docker.com/engine/release-notes/#201017), [20.10.16](https://docs.docker.com/engine/release-notes/#201016), [20.10.15](https://docs.docker.com/engine/release-notes/#201015), [20.10.14](https://docs.docker.com/engine/release-notes/#201014), [20.10.13](https://docs.docker.com/engine/release-notes/#201013)))<br>- acl ([2.3.1](https://git.savannah.nongnu.org/cgit/acl.git/log/?h=v2.3.1))<br>- new: acpid ([2.0.33](https://sourceforge.net/p/acpid2/code/ci/2.0.33/tree/Changelog)) <br>- adcli ([0.9.2](https://gitlab.freedesktop.org/realmd/adcli/-/releases#0.9.2) (includes [0.9.1](https://gitlab.freedesktop.org/realmd/adcli/-/releases#0.9.1)))<br>- afterburn ([5.2.0](https://github.com/coreos/afterburn/releases/tag/v5.2.0))<br>- attr ([2.5.1](https://git.savannah.nongnu.org/cgit/attr.git/log/?h=v2.5.1))<br>- audit ([3.0.6](https://listman.redhat.com/archives/linux-audit/2021-October/msg00000.html))<br>- automake ([1.16.5](https://savannah.gnu.org/forum/forum.php?forum_id=10055))<br>- bind tools ([9.16.36](https://bind9.readthedocs.io/en/v9_16_36/notes.html#notes-for-bind-9-16-36) (includes [9.16.35](https://bind9.readthedocs.io/en/v9_16_34/notes.html#notes-for-bind-9-16-35), [9.16.34](https://bind9.readthedocs.io/en/v9_16_35/notes.html#notes-for-bind-9-16-34), [9.16.33](https://gitlab.isc.org/isc-projects/bind9/-/raw/v9_16_33/CHANGES), [9.16.27](https://gitlab.isc.org/isc-projects/bind9/-/blob/v9_16_27/CHANGES)))<br>- binutils ([2.39](https://sourceware.org/pipermail/binutils/2022-August/122246.html) (includes [2.38](https://lwn.net/Articles/884264)))<br>- boost ([1.79](https://www.boost.org/users/history/version_1_79_0.html) (includes [1.76.0](https://www.boost.org/users/history/version_1_76_0.html)))<br>- bpftool ([5.19.12](https://lwn.net/Articles/909678/) (includes [5.19.8](https://lwn.net/Articles/907523/), [5.19.2](https://lwn.net/Articles/904957/), [5.18.11](https://lwn.net/Articles/900912/), [5.15.8](https://lwn.net/Articles/878631/)))<br>- bridge-utils ([1.7.1](https://git.kernel.org/pub/scm/network/bridge/bridge-utils.git/log/?h=v1.7.1))<br>- btrfs-progs ([5.15.1](https://btrfs.wiki.kernel.org/index.php/Changelog#btrfs-progs_v5.15_.28Nov_2021.29))<br>- ca-certificates ([3.93](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_93.html) (includes [3.90](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_90.html), [3.78](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_78.html)))<br>- cifs-utils ([6.15](https://lists.samba.org/archive/samba-technical/2022-April/137335.html) (includes [6.13](https://lkml.kernel.org/linux-cifs/CAKywueSqRGSFmeDHQacyu831BNUeGFxGg3vgBmozzhkGBCjyXQ@mail.gmail.com/T/)))<br>- conntrack-tools ([1.4.6](https://lists.netfilter.org/pipermail/netfilter-announce/2020/000240.html))<br>- containerd ([1.6.16](https://github.com/containerd/containerd/releases/tag/v1.6.16) (includes [1.6.15](https://github.com/containerd/containerd/releases/tag/v1.6.15), [1.6.14](https://github.com/containerd/containerd/releases/tag/v1.6.14), [1.6.13](https://github.com/containerd/containerd/releases/tag/v1.6.13), [1.6.12](https://github.com/containerd/containerd/releases/tag/v1.6.12), [1.6.10](https://github.com/containerd/containerd/releases/tag/v1.6.10), [1.6.9](https://github.com/containerd/containerd/releases/tag/v1.6.9), [1.6.8](https://github.com/containerd/containerd/releases/tag/v1.6.8), [1.6.7](https://github.com/containerd/containerd/releases/tag/v1.6.7), [1.6.6](https://github.com/containerd/containerd/releases/tag/v1.6.6), [1.6.4](https://github.com/containerd/containerd/releases/tag/v1.6.4), [1.6.3](https://github.com/containerd/containerd/releases/tag/v1.6.3), [1.6.2](https://github.com/containerd/containerd/releases/tag/v1.6.2), [1.6.1](https://github.com/containerd/containerd/releases/tag/v1.6.1), [1.6.0](https://github.com/containerd/containerd/releases/tag/v1.6.0)))<br>- coreutils ([8.32](https://lists.gnu.org/archive/html/coreutils-announce/2020-03/msg00000.html))<br>- cpio ([2.13](https://lists.gnu.org/archive/html/bug-cpio/2019-11/msg00000.html))<br>- cri-tools ([1.24.2](https://github.com/kubernetes-sigs/cri-tools/releases/tag/v1.24.2))<br>- cryptsetup ([2.4.3](https://lore.kernel.org/all/572c18a7bf60cb1b0f67c3a03c531d7e7ed31832.camel@scientia.net/T/))<br>- curl ([7.87.0](https://curl.se/changes.html#7_87_0) (includes [7.86](https://curl.se/changes.html#7_86_0), [7.85](https://curl.se/mail/archive-2022-08/0012.html), [7.84.0](https://github.com/curl/curl/releases/tag/curl-7_84_0), [7.83.1](https://curl.se/mail/lib-2022-05/0010.html)))<br>- Cyrus SASL ([2.1.28](https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28))<br>- dbus ([1.14.4](https://gitlab.freedesktop.org/dbus/dbus/-/raw/dbus-1.14.4/NEWS) (includes [1.12.22](https://gitlab.freedesktop.org/dbus/dbus/-/blob/177ab044bc87cbc4ded75d21b900795a6fefef76/NEWS)))<br>- diffutils ([3.8](https://lists.gnu.org/archive/html/info-gnu/2021-08/msg00000.html))<br>- dosfstools ([4.2](https://github.com/dosfstools/dosfstools/releases/tag/v4.2))<br>- duktape ([2.7.0](https://github.com/svaarala/duktape/releases/tag/v2.7.0))<br>- e2fsprogs ([1.46.5](http://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.46.5) (includes [1.46.4](http://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.46.4)))<br>- elfutils ([0.188](https://sourceware.org/pipermail/elfutils-devel/2022q4/005561.html) (includes [0.187](https://sourceware.org/pipermail/elfutils-devel/2022q2/004978.html), [0.186](https://sourceware.org/git/?p=elfutils.git;a=blob;f=NEWS;h=490932ae4ef9b5a3af01d2c8c616f14d57586046;hb=983e86fd89e8bf02f2d27ba5dce5bf078af4ceda)))<br>- ethtool ([5.10](https://git.kernel.org/pub/scm/network/ethtool/ethtool.git/tree/NEWS?h=v5.10))<br>- expat ([2.5.0](https://github.com/libexpat/libexpat/blob/R_2_5_0/expat/Changes) (includes [2.4.9](https://github.com/libexpat/libexpat/blob/R_2_4_9/expat/Changes)))<br>- findutils ([4.8.0](https://savannah.gnu.org/forum/forum.php?forum_id=9914))<br>- gawk ([5.2.1](https://lists.gnu.org/archive/html/help-gawk/2022-11/msg00008.html) (contains [5.2.0](https://lists.gnu.org/archive/html/help-gawk/2022-09/msg00000.html)))<br>- gcc ([11.3.0](https://gcc.gnu.org/gcc-11/changes.html) (includes [10.3.0](https://gcc.gnu.org/gcc-10/changes.html), [9.4.0](https://lists.gnu.org/archive/html/info-gnu/2021-06/msg00000.html)))<br>- gdb ([11.2](https://lists.gnu.org/archive/html/info-gnu/2022-01/msg00009.html))<br>- gdbm ([1.22](https://lists.gnu.org/archive/html/info-gnu/2021-10/msg00006.html))<br>- gettext ([0.21.1](https://git.savannah.gnu.org/gitweb/?p=gettext.git;a=blob;f=NEWS;h=cdbb16746c23555e70bb1e16917f5c349ce92d9e;hb=8b38ee827251cadbb90cb6cb576ae98702566288) (includes [0.21](https://www.gnu.org/software/gettext/)))<br>- git ([2.39.1](https://github.com/git/git/blob/v2.39.1/Documentation/RelNotes/2.39.1.txt) (includes [2.39.0](https://github.com/git/git/blob/v2.39.0/Documentation/RelNotes/2.39.0.txt), [2.38.3](https://github.com/git/git/blob/v2.38.3/Documentation/RelNotes/2.38.3.txt), [2.37.4](https://github.com/git/git/blob/master/Documentation/RelNotes/2.37.4.txt), [2.37.3](https://github.com/git/git/blob/v2.37.3/Documentation/RelNotes/2.37.3.txt), [2.37.1](https://github.com/git/git/blob/v2.37.1/Documentation/RelNotes/2.37.1.txt), [2.35.3](https://github.com/git/git/blob/v2.35.3/Documentation/RelNotes/2.35.3.txt)))<br>- glib ([2.74.4](https://gitlab.gnome.org/GNOME/glib/-/tags/2.74.4) (includes [2.74.1](https://gitlab.gnome.org/GNOME/glib/-/tags/2.74.1), [2.72.3](https://gitlab.gnome.org/GNOME/glib/-/tags/2.73.3), [2.68.4](https://gitlab.gnome.org/GNOME/glib/-/releases/2.68.4)))<br>- glibc ([2.36](https://sourceware.org/pipermail/libc-alpha/2022-August/141193.html) (includes [2.35](https://savannah.gnu.org/forum/forum.php?forum_id=10111), [2.34](https://sourceware.org/pipermail/libc-alpha/2021-August/129718.html)))<br>- gnupg ([2.2.35](https://dev.gnupg.org/T5928))<br>- gnutls ([3.7.8](https://lists.gnupg.org/pipermail/gnutls-help/2022-September/004765.html) (includes [3.7.7](https://gitlab.com/gnutls/gnutls/-/tags/3.7.7), [3.7.3](https://gitlab.com/gnutls/gnutls/-/merge_requests/1517)))<br>- grep ([3.7](https://savannah.gnu.org/forum/forum.php?forum_id=10037))<br>- gzip ([1.12](https://savannah.gnu.org/forum/forum.php?forum_id=10157) (includes [1.11](https://lists.gnu.org/archive/html/info-gnu/2021-09/msg00002.html)))<br>- i2c-tools ([4.3](https://git.kernel.org/pub/scm/utils/i2c-tools/i2c-tools.git/tree/CHANGES?id=d8bc1f1ff4b00a6bd988aa114100ae9b787f50d8) (includes [4.2](https://git.kernel.org/pub/scm/utils/i2c-tools/i2c-tools.git/log/?h=v4.2)))<br>- ignition ([2.14.0](https://github.com/coreos/ignition/releases/tag/v2.14.0) (includes [2.13.0](https://github.com/coreos/ignition/releases/tag/v2.13.0)))<br>- intel-microcode ([20220809](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20220809) (includes [20220510](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20220510), [20220207_p20220207](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20220207), [20221108](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20221108)))<br>- iperf ([3.10.1](https://github.com/esnet/iperf/blob/master/RELNOTES.md#iperf-3101-2021-06-03))<br>- iproute2 ([5.15](https://lwn.net/ml/linux-kernel/20211101164705.6f4f2e41%40hermes.local/))<br>- ipset ([7.11](https://ipset.netfilter.org/changelog.html))<br>- iptables ([1.8.8](https://www.netfilter.org/projects/iptables/files/changes-iptables-1.8.8.txt))<br>- iputils ([20211215](https://github.com/iputils/iputils/releases/tag/20211215) (includes [20210722](https://github.com/iputils/iputils/releases/tag/20210722)))<br>- ipvsadm ([1.27](http://archive.linuxvirtualserver.org/html/lvs-devel/2013-09/msg00011.html))<br>- jansson ([2.14](https://github.com/akheron/jansson/blob/v2.14/CHANGES))<br>- kmod ([29](https://git.kernel.org/pub/scm/utils/kernel/kmod/kmod.git/commit/?id=b6ecfc916a17eab8f93be5b09f4e4f845aabd3d1))<br>- ldb ([2.4.1](https://gitlab.com/samba-team/samba/-/commit/a795e0c84597aa045d011e663dbad3cdabf0f1e6))<br>- less ([590](https://www.greenwoodsoftware.com/less/news.590.html))<br>- libarchive ([3.6.1](https://github.com/libarchive/libarchive/releases/tag/v3.6.1) (includes [3.5.3](https://github.com/libarchive/libarchive/releases/tag/v3.5.3), [3.5.2](https://github.com/libarchive/libarchive/releases/tag/v3.5.2)))<br>- libbsd ([0.11.3](https://gitlab.freedesktop.org/libbsd/libbsd/-/commits/0.11.3/))<br>- libcap ([2.66](https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.d9ygdose5kw) (includes [2.65](https://sites.google.com/site/fullycapable/release-notes-for-libcap?authuser=0#h.wfblevfzkj0)))<br>- libcap-ng ([0.8.3](https://people.redhat.com/sgrubb/libcap-ng/ChangeLog) (includes [0.8.2](https://github.com/stevegrubb/libcap-ng/releases/tag/v0.8.2)))<br>- libksba ([1.6.3](https://dev.gnupg.org/T6304) (includes [1.6.2](https://dev.gnupg.org/T6230)))<br>- libnetfilter_queue ([1.0.5](https://git.netfilter.org/libnetfilter_queue/log/?h=libnetfilter_queue-1.0.5))<br>- libpcap ([1.10.1](https://git.tcpdump.org/libpcap/blob/c7642e2cc0c5bd65754685b160d25dc23c76c6bd:/CHANGES))<br>- libseccomp ([2.5.4](https://github.com/seccomp/libseccomp/releases/tag/v2.5.4) (contains [2.5.3](https://github.com/seccomp/libseccomp/releases/tag/v2.5.3), [2.5.2](https://github.com/seccomp/libseccomp/releases/tag/v2.5.2), [2.5.1](https://github.com/seccomp/libseccomp/releases/tag/v2.5.1)))<br>- libtasn1 ([4.19.0](https://lists.gnu.org/archive/html/help-libtasn1/2022-08/msg00001.html) (includes [4.17.0](https://gitlab.com/gnutls/libtasn1/-/blob/v4.17.0/NEWS)))<br>- liburing ([2.1](https://github.com/axboe/liburing/commits/liburing-2.1))<br>- libxml2 ([2.10.3](https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3) (includes [2.10.2](https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.2), [2.9.14](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.9.14), [2.9.13](http://www.xmlsoft.org/news.html)))<br>- logrotate ([3.20.1](https://github.com/logrotate/logrotate/releases/tag/3.20.1))<br>- lshw ([02.19.2b_p20210121](https://www.ezix.org/project/wiki/HardwareLiSter#Changes))<br>- lsof ([4.94.0](https://github.com/lsof-org/lsof/releases/tag/4.94.0))<br>- lsscsi ([0.32](https://sg.danny.cz/scsi/lsscsi.ChangeLog))<br>- mantle ([0.18.0](https://github.com/flatcar-linux/mantle/releases/tag/v0.18.0) (includes [0.17.0](https://github.com/flatcar-linux/mantle/releases/tag/v0.17.0)))<br>- mdadm ([4.2](https://lore.kernel.org/all/28fdbc45-96ca-7cdb-3ced-a5f65d978048@trained-monkey.org/T/))<br>- MIT Kerberos V ([1.20.1](https://web.mit.edu/kerberos/krb5-1.20/krb5-1.20.1.html))<br>- multipath-tools ([0.9.3](https://github.com/opensvc/multipath-tools/releases/tag/0.9.3) (includes [0.8.7](https://github.com/opensvc/multipath-tools/commits/0.8.7)))<br>- ncurses ([6.3_p20220423](https://lists.gnu.org/archive/html/info-gnu/2021-11/msg00001.html))<br>- nettle ([3.8.1](https://git.lysator.liu.se/nettle/nettle/-/blob/990abad16ceacd070747dcc76ed16a39c129321e/ChangeLog))<br>- nfs-utils ([2.5.4](https://lore.kernel.org/linux-fsdevel/c8795653-7728-18a4-93dc-58943ad0fe09@redhat.com/))<br>- nghttp2 ([1.45.1](https://github.com/nghttp2/nghttp2/releases/tag/v1.45.1))<br>- nmap ([7.93](https://nmap.org/changelog.html#7.93))<br>- nvidia-drivers ([510.73.05](https://docs.nvidia.com/datacenter/tesla/tesla-release-notes-510-73-05/index.html))<br>- nvme-cli ([1.16](https://github.com/linux-nvme/nvme-cli/commits/deee9cae1ac94760deebd71f8e5449061338666c))<br>- oniguruma ([6.9.8](https://github.com/kkos/oniguruma/releases/tag/v6.9.8) (includes [6.9.7.1](https://github.com/kkos/oniguruma/releases/tag/v6.9.7.1)))<br>- open-isns ([0.101](https://github.com/open-iscsi/open-isns/blob/v0.101/ChangeLog))<br>- openssh ([9.1](http://www.openssh.com/releasenotes.html#9.1) (includes [8.8](http://www.openssh.com/txt/release-8.8)))<br>- openssl ([3.0.7](https://www.openssl.org/news/openssl-3.0-notes.html) (includes [3.0.3](https://www.openssl.org/news/changelog.html#openssl-30), [3.0.2](https://www.openssl.org/news/changelog.html#openssl-30), [3.0.1](https://www.openssl.org/news/changelog.html#openssl-30)))<br>- pam ([1.5.1_p20210622](https://github.com/linux-pam/linux-pam/commit/fe1307512fb8892b5ceb3d884c793af8dbd4c16a))<br>- pambase (20220214)<br>- parted ([3.4](https://savannah.gnu.org/forum/forum.php?forum_id=9924) (includes [3.3](https://savannah.gnu.org/forum/forum.php?forum_id=9569)))<br>- pciutils ([3.7.0](https://github.com/pciutils/pciutils/commit/864aecdea9c7db626856d8d452f6c784316a878c))<br>- pcre2 ([10.39](https://github.com/PhilipHazel/pcre2/blob/pcre2-10.39/NEWS))<br>- pinentry ([1.2.0](https://dev.gnupg.org/T5566))<br>- polkit ([121](https://gitlab.freedesktop.org/polkit/polkit/-/commit/827b0ddac5b1ef00a47fca4526fcf057bee5f1db) (includes [0.120](https://gitlab.freedesktop.org/polkit/polkit/-/blob/0.120/NEWS)))<br>- quota ([4.06](https://sourceforge.net/p/linuxquota/code/ci/0acd4cc6275122fd9864cb7b5d349e65a2622920/))<br>- rpcbind ([1.2.6](https://git.linux-nfs.org/?p=steved/rpcbind.git;a=shortlog;h=refs/tags/rpcbind-1_2_6))<br>- rsync ([3.2.7](https://download.samba.org/pub/rsync/NEWS#3.2.7) (includes [3.2.6](https://github.com/WayneD/rsync/releases/tag/v3.2.6), [3.2.4](https://download.samba.org/pub/rsync/NEWS.html#3.2.4)))<br>- runc ([1.1.4](https://github.com/opencontainers/runc/releases/tag/v1.1.4) (includes [1.1.3](https://github.com/opencontainers/runc/releases/tag/v1.1.3), [1.1.2](https://github.com/opencontainers/runc/releases/tag/v1.1.2), [1.1.1](https://github.com/opencontainers/runc/releases/tag/v1.1.1), [1.1.0](https://github.com/opencontainers/runc/releases/tag/v1.1.0)))<br>- samba ([4.15.4](https://www.samba.org/samba/history/samba-4.15.4.html))<br>- sed ([4.8](https://savannah.gnu.org/forum/forum.php?forum_id=9647))<br>- shadow ([4.13](https://github.com/shadow-maint/shadow/releases/tag/4.13) (includes [4.12.3](https://github.com/shadow-maint/shadow/releases/tag/4.12.3), [4.11.1](https://github.com/shadow-maint/shadow/releases/tag/v4.11.1)))<br>- socat ([1.7.4.3](https://repo.or.cz/socat.git/blob/refs/tags/tag-1.7.4.3:/CHANGES))<br>- sqlite ([3.40.1](https://www.sqlite.org/releaselog/3_40_1.html) (contains [3.40.0](https://www.sqlite.org/releaselog/3_40_0.html), [3.39.4](https://sqlite.org/releaselog/3_39_4.html), [3.38.1](https://www.sqlite.org/releaselog/3_38_1.html)))<br>- strace ([5.19](https://github.com/strace/strace/releases/tag/v5.19))<br>- sudo ([1.9.12_p2](https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_12p2) (includes [1.9.12_p1](https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_12p1), [1.9.10](https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_10)))<br>- systemd ([252.11](https://github.com/systemd/systemd-stable/releases/tag/v252.11) (includes [252.5](https://github.com/systemd/systemd-stable/releases/tag/v252.5), [252](https://github.com/systemd/systemd/releases/tag/v252), [251.10](https://github.com/systemd/systemd-stable/commits/v251.10), [251](https://github.com/systemd/systemd/releases/tag/v251), [250.7](https://github.com/systemd/systemd-stable/releases/tag/v250.7), [250.3](https://github.com/systemd/systemd-stable/releases/tag/v250.3), [249.7](https://github.com/systemd/systemd-stable/blob/v249.7/NEWS)))<br>- talloc ([2.3.3](https://gitlab.com/samba-team/samba/-/commit/bc1ee7ca0640f0136e5af7dcc4ca8ed0a5893053))<br>- tcpdump ([4.99.1](https://git.tcpdump.org/tcpdump/blob/5f552b5e6e9fe05f7ad9681d51d0303233daba6a:/CHANGES))<br>- tevent ([0.11.0](https://gitlab.com/samba-team/samba/-/commit/de4e8a1af9564f6056f9af90867c2f013449051c))<br>- thin-provisioning-tools ([0.9.0](https://github.com/jthornber/thin-provisioning-tools/blob/d6d93c3157631b242a13a81d30f75453e576c55a/CHANGES#L1-L9))<br>- timezone-data ([2021a](https://mm.icann.org/pipermail/tz-announce/2021-January/000065.html))<br>- unzip ([6.0_p27](https://metadata.ftp-master.debian.org/changelogs//main/u/unzip/unzip_6.0-27_changelog) (includes [6.0_p26](https://metadata.ftp-master.debian.org/changelogs//main/u/unzip/unzip_6.0-26_changelog)))<br>- usbutils ([014](https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usbutils.git/commit/?id=57fb18e59cce31a50a1ca62d1e192512c905ba00))<br>- util-linux ([2.37.4](https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.4-ChangeLog))<br>- vim ([9.0.1157](https://github.com/vim/vim/releases/tag/v9.0.1157) (includes [9.0.1000](https://github.com/vim/vim/releases/tag/v9.0.1000), [9.0.0828](https://github.com/vim/vim/releases/tag/v9.0.0828), [9.0.0655](https://github.com/vim/vim/releases/tag/v9.0.0655), [9.0.0469](https://github.com/vim/vim/releases/tag/v9.0.0469), [8.2.5066](https://github.com/vim/vim/releases/tag/v8.2.5066), [8.2.4328](https://github.com/vim/vim/releases/tag/v8.2.4328), [8.2.3582](https://github.com/vim/vim/releases/tag/v8.2.3582)))<br>- wget ([1.21.3](https://lists.gnu.org/archive/html/info-gnu/2022-02/msg00017.html))<br>- whois ([5.5.14](https://github.com/rfc1036/whois/commit/ab10466cf2e1ec4887f6a44375c3e29c1720157f) (includes [5.5.13](https://github.com/rfc1036/whois/blob/v5.5.13/debian/changelog), [5.5.11](https://github.com/rfc1036/whois/commit/5f5ba8312c04a759dad05723c035549273d07461)))<br>- wireguard-tools ([1.0.20210914](https://github.com/WireGuard/wireguard-tools/releases/tag/v1.0.20210914))<br>- xfsprogs ([5.14.2](https://marc.info/?l=linux-xfs&m=163883318025390&w=2))<br>- xz-utils ([5.4.1](https://github.com/tukaani-project/xz/releases/tag/v5.4.1) (includes [5.4.0](https://github.com/tukaani-project/xz/releases/tag/v5.4.0), [5.2.10](https://git.tukaani.org/?p=xz.git;a=blob;f=NEWS;h=d92fa88a835180af5d6ff22ad0e240d6468f81af;hb=f7c2cc55618b9af3318f0c908cf8db0df1e28e7c), [5.2.9](https://git.tukaani.org/?p=xz.git;a=blob;f=NEWS;h=ebb303084403445088ec97dfedf0461a6e5b5077;hb=d8a898eb9974683bc725c49ec76722f9a8758f48), [5.2.8](https://git.tukaani.org/?p=xz.git;a=blob;f=NEWS;h=c244b42a6771a6e8af206318dfc500d78929fd6f;hb=5476089d9c42b9b04e92b80e1800b384a98265cb), [5.2.7](https://git.tukaani.org/?p=xz.git;a=blob;f=NEWS;h=0205423e79ce8297102096b0fc8b030ddf5b2023;hb=d24a57b7fc7e5e9267b84367cb0788d3acf7f569), [5.2.6](https://git.tukaani.org/?p=xz.git;a=blob;f=NEWS;h=4c79b18ff26a1c479a920b21f07d050599c04c9e;hb=8dfed05bdaa4873833ba24279f02ad2db25effea)))<br>- zlib ([1.2.13](https://github.com/madler/zlib/releases/tag/v1.2.13) (includes [1.2.12](https://github.com/madler/zlib/blob/21767c654d31d2dccdde4330529775c6c5fd5389/ChangeLog#L4)))<br>- GCE: google-compute-image-packages ([20190124](https://github.com/GoogleCloudPlatform/compute-image-packages/releases/tag/20190124))<br>- OEM: distro ([1.7.0](https://github.com/python-distro/distro/releases/tag/v1.7.0))<br>- OEM: libmspack ([0.10.1_alpha](https://github.com/kyz/libmspack/blob/v0.10.1alpha/libmspack/ChangeLog))<br>- OEM: python ([3.9.16](https://www.python.org/downloads/release/python-3916/) (includes [3.9.12](https://www.python.org/downloads/release/python-3912/), [3.9.8](https://www.python.org/downloads/release/python-398/)))<br>- SDK: bison ([3.8.2](https://lists.gnu.org/archive/html/bug-bison/2021-09/msg00056.html))<br>- SDK: boost ([1.81.0](https://www.boost.org/users/history/version_1_81_0.html))<br>- SDK: catalyst ([3.0.21](https://gitweb.gentoo.org/proj/catalyst.git/log/?h=3.0.21))<br>- SDK: cmake ([3.23.3](https://cmake.org/cmake/help/v3.23/release/3.23.html))<br>- SDK: edk2-ovmf ([202105](https://github.com/tianocore/edk2/releases/tag/edk2-stable202105))<br>- SDK: file ([5.44](https://github.com/file/file/blob/FILE5_44/ChangeLog) (includes [5.43](https://mailman.astron.com/pipermail/file/2022-September/000857.html), [5.40](https://mailman.astron.com/pipermail/file/2021-March/000478.html)))<br>- SDK: gcc-config ([2.5](https://gitweb.gentoo.org/proj/gcc-config.git/tag/?h=v2.5))<br>- SDK: iasl ([20200717](https://www.acpica.org/node/183))<br>- SDK: ipxe ([1.21.1](https://github.com/ipxe/ipxe/releases/tag/v1.21.1))<br>- SDK: kexec-tools ([2.0.22](https://www.spinics.net/lists/kexec/msg26864.html))<br>- SDK: libpng ([1.6.39](http://www.libpng.org/pub/png/src/libpng-1.6.39-README.txt) (includes [1.6.38](http://www.libpng.org/pub/png/src/libpng-1.6.38-README.txt)))<br>- SDK: libtool ([2.4.7](https://savannah.gnu.org/forum/forum.php?forum_id=10139))<br>- SDK: libxslt ([1.1.37](https://gitlab.gnome.org/GNOME/libxslt/-/tags/v1.1.37) (includes [1.1.35](https://gitlab.gnome.org/GNOME/libxslt/-/tags/v1.1.35)))<br>- SDK: man-db ([2.9.4](https://gitlab.com/cjwatson/man-db/-/tags/2.9.4))<br>- SDK: man-pages ([5.12-r2](https://man7.org/linux/man-pages/changelog.html#release_5.12))<br>- SDK: meson ([0.62.2](https://mesonbuild.com/Release-notes-for-0-62-0.html))<br>- SDK: netperf ([2.7.0](https://github.com/HewlettPackard/netperf/blob/netperf-2.7.0/Release_Notes))<br>- SDK: ninja ([1.11.0](https://groups.google.com/g/ninja-build/c/R2oCyDctDf8/m/-U94Y5I8AgAJ?pli=1))<br>- SDK: pahole ([1.23](https://git.kernel.org/pub/scm/devel/pahole/pahole.git/tag/?h=v1.23))<br>- SDK: perl ([5.36.0](https://perldoc.perl.org/5.36.0/perldelta) (includes [5.34.1](https://perldoc.perl.org/5.34.1/perldelta), [5.15](https://kernelnewbies.org/LinuxChanges#Linux_5.15.Tracing.2C_perf_and_BPF)))<br>- SDK: pkgconf ([1.8.0](https://gitea.treehouse.systems/ariadne/pkgconf/src/tag/pkgconf-1.8.0/NEWS))<br>- SDK: portage ([3.0.43](https://github.com/gentoo/portage/blob/portage-3.0.43/NEWS) (includes [3.0.42](https://github.com/gentoo/portage/blob/portage-3.0.42/NEWS), [3.0.41](https://gitweb.gentoo.org/proj/portage.git/tree/NEWS?h=portage-3.0.41)))<br>- SDK: Python ([3.9.12](https://www.python.org/downloads/release/python-3912/) (includes [3.9.8](https://www.python.org/downloads/release/python-398/)))<br>- SDK: qemu ([7.2.0](https://wiki.qemu.org/ChangeLog/7.2) (includes [7.1.0](https://wiki.qemu.org/ChangeLog/7.1), [7.0.0](https://wiki.qemu.org/ChangeLog/7.0), [6.1.0](https://wiki.qemu.org/ChangeLog/6.1)))<br>- SDK: Rust ([1.67.0](https://github.com/rust-lang/rust/releases/tag/1.67.0) (includes [1.66.1](https://github.com/rust-lang/rust/releases/tag/1.66.1), [1.66.0](https://github.com/rust-lang/rust/releases/tag/1.66.0), [1.65.0](https://github.com/rust-lang/rust/releases/tag/1.65.0), [1.64.0](https://github.com/rust-lang/rust/releases/tag/1.64.0), [1.63.0](https://github.com/rust-lang/rust/releases/tag/1.63.0), [1.62.1](https://github.com/rust-lang/rust/releases/tag/1.62.1), [1.62.0](https://github.com/rust-lang/rust/releases/tag/1.62.0), [1.61.0](https://github.com/rust-lang/rust/releases/tag/1.61.0), [1.60.0](https://github.com/rust-lang/rust/releases/tag/1.60.0), [1.59.0](https://github.com/rust-lang/rust/releases/tag/1.59.0), [1.58.1](https://github.com/rust-lang/rust/releases/tag/1.58.1), [1.57.0](https://github.com/rust-lang/rust/releases/tag/1.57.0)))<br>- SDK: sbsigntools ([0.9.4](https://git.kernel.org/pub/scm/linux/kernel/git/jejb/sbsigntools.git/tag/?h=v0.9.4))<br>- SDK: seabios ([1.14.0](https://seabios.org/Releases#SeaBIOS_1.14.0))<br>- SDK: sgabios ([0.1_pre10](https://git.qemu.org/?p=sgabios.git;a=tree;h=a85446adb0e0))<br>- SDK: squashfs-tools ([4.5_p20210914](https://lore.kernel.org/lkml/CAB3woddJss+ziGp-RjJ-yiax6pc_HLMdxk3Qk5nJdRgjpEYWBg@mail.gmail.com/))<br>- VMware: open-vm-tools ([12.1.5](https://github.com/vmware/open-vm-tools/releases/tag/stable-12.1.5) (includes [12.1.0](https://github.com/vmware/open-vm-tools/releases/tag/stable-12.1.0), [12.0.5](https://github.com/vmware/open-vm-tools/releases/tag/stable-12.0.5), [12.0.0](https://github.com/vmware/open-vm-tools/releases/tag/stable-12.0.0)))<br>Packages:<br>- containerd 1.6.16<br>- docker 20.10.23<br>- ignition 2.14.0<br>- kernel 5.15.132<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-10-05T10:09:06+00:00 diff --git a/static/releases-feed/releases-lts.xml b/static/releases-feed/releases-lts.xml index f4ae9fc0..0a15b865 100644 --- a/static/releases-feed/releases-lts.xml +++ b/static/releases-feed/releases-lts.xml @@ -2,7 +2,7 @@ https://www.flatcar.org/ Flatcar :: lts - 2023-10-25T10:20:36.720372+00:00 + 2023-11-22T09:59:26.408816+00:00 Flatcar Container Linux hello@kinvolk.io @@ -14,7 +14,7 @@ https://github.com/flatcar/scripts/releases/tag/lts-3510.3.1 3510.3.1 - 2023-10-25T10:20:37.024661+00:00 + 2023-11-22T09:59:26.745990+00:00 _Changes since **LTS 3510.3.0**_<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2023-31085](https://nvd.nist.gov/vuln/detail/CVE-2023-31085), [CVE-2023-34324](https://nvd.nist.gov/vuln/detail/CVE-2023-34324), [CVE-2023-4244](https://nvd.nist.gov/vuln/detail/CVE-2023-4244), [CVE-2023-42754](https://nvd.nist.gov/vuln/detail/CVE-2023-42754), [CVE-2023-42755](https://nvd.nist.gov/vuln/detail/CVE-2023-42755), [CVE-2023-5197](https://nvd.nist.gov/vuln/detail/CVE-2023-5197))<br> - curl ([CVE-2023-38545](https://nvd.nist.gov/vuln/detail/CVE-2023-38545), [CVE-2023-38546](https://nvd.nist.gov/vuln/detail/CVE-2023-38546)) <br> <br> #### Bug fixes:<br> <br> - Disabled systemd-networkd's RoutesToDNS setting by default to fix provisioning failures observed in VMs with multiple network interfaces on Azure ([scripts#1206](https://github.com/flatcar/scripts/pull/1206))<br> - Triggered re-reading of partition table to fix adding partitions to the boot disk ([scripts#1202](https://github.com/flatcar/scripts/pull/1202))<br> <br> #### Changes:<br> <br> - To make Kubernetes work by default, `/usr/libexec/kubernetes/kubelet-plugins/volume/exec` is now a symlink to the writable folder `/var/kubernetes/kubelet-plugins/volume/exec` ([Flatcar#1193](https://github.com/flatcar/Flatcar/issues/1193))<br> <br> #### Updates:<br> <br> - Linux ([5.15.136](https://lwn.net/Articles/948297) (includes [5.15.135](https://lwn.net/Articles/947299), [5.15.134](https://lwn.net/Articles/946855), [5.15.133](https://lwn.net/Articles/945380)))<br> - ca-certificates ([3.94](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_94.html))<br>Packages:<br>- containerd 1.6.16<br>- docker 20.10.23<br>- ignition 2.14.0<br>- kernel 5.15.136<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-10-25T08:41:08+00:00 @@ -22,7 +22,7 @@ https://github.com/flatcar/scripts/releases/tag/lts-3510.3.0 3510.3.0 - 2023-10-25T10:20:37.018787+00:00 + 2023-11-22T09:59:26.740150+00:00 _Changes since **Stable 3510.2.8**_<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2023-42752](https://nvd.nist.gov/vuln/detail/CVE-2023-42752), [CVE-2023-42753](https://nvd.nist.gov/vuln/detail/CVE-2023-42753), [CVE-2023-4623](https://nvd.nist.gov/vuln/detail/CVE-2023-4623), [CVE-2023-4921](https://nvd.nist.gov/vuln/detail/CVE-2023-4921))<br> <br> #### Bug fixes:<br> <br> <br> #### Changes:<br> <br> - Use qcow2 compressed format instead of additional compression layer in Qemu images ([Flatcar#1135](https://github.com/flatcar/Flatcar/issues/1135), [scripts#1132](https://github.com/flatcar/scripts/pull/1132))<br> <br> #### Updates:<br> <br> - Linux ([5.15.132](https://lwn.net/Articles/944877) (includes [5.15.131](https://lwn.net/Articles/943755), [5.15.130](https://lwn.net/Articles/943404)))<br><br><br>**Changes compared to LTS-2022 3033.3.17**<br><br> #### Security fixes:<br> <br> - Linux ([CVE-2019-15794](https://nvd.nist.gov/vuln/detail/CVE-2019-15794),[CVE-2020-16119](https://nvd.nist.gov/vuln/detail/CVE-2020-16119),[CVE-2020-24586](https://nvd.nist.gov/vuln/detail/CVE-2020-24586),[CVE-2020-24587](https://nvd.nist.gov/vuln/detail/CVE-2020-24587),[CVE-2020-24588](https://nvd.nist.gov/vuln/detail/CVE-2020-24588),[CVE-2020-25639](https://nvd.nist.gov/vuln/detail/CVE-2020-25639),[CVE-2020-25670](https://nvd.nist.gov/vuln/detail/CVE-2020-25670),[CVE-2020-25671](https://nvd.nist.gov/vuln/detail/CVE-2020-25671),[CVE-2020-25672](https://nvd.nist.gov/vuln/detail/CVE-2020-25672),[CVE-2020-25673](https://nvd.nist.gov/vuln/detail/CVE-2020-25673),[CVE-2020-26139](https://nvd.nist.gov/vuln/detail/CVE-2020-26139),[CVE-2020-26141](https://nvd.nist.gov/vuln/detail/CVE-2020-26141),[CVE-2020-26145](https://nvd.nist.gov/vuln/detail/CVE-2020-26145),[CVE-2020-26147](https://nvd.nist.gov/vuln/detail/CVE-2020-26147),[CVE-2020-26541](https://nvd.nist.gov/vuln/detail/CVE-2020-26541),[CVE-2020-26555](https://nvd.nist.gov/vuln/detail/CVE-2020-26555),[CVE-2020-26558](https://nvd.nist.gov/vuln/detail/CVE-2020-26558),[CVE-2020-27170](https://nvd.nist.gov/vuln/detail/CVE-2020-27170),[CVE-2020-27171](https://nvd.nist.gov/vuln/detail/CVE-2020-27171),[CVE-2020-27820](https://nvd.nist.gov/vuln/detail/CVE-2020-27820),[CVE-2020-36516](https://nvd.nist.gov/vuln/detail/CVE-2020-36516),[CVE-2021-0129](https://nvd.nist.gov/vuln/detail/CVE-2021-0129),[CVE-2021-0512](https://nvd.nist.gov/vuln/detail/CVE-2021-0512),[CVE-2021-0920](https://nvd.nist.gov/vuln/detail/CVE-2021-0920),[CVE-2021-0937](https://nvd.nist.gov/vuln/detail/CVE-2021-0937),[CVE-2021-0941](https://nvd.nist.gov/vuln/detail/CVE-2021-0941),[CVE-2021-20320](https://nvd.nist.gov/vuln/detail/CVE-2021-20320),[CVE-2021-20321](https://nvd.nist.gov/vuln/detail/CVE-2021-20321),[CVE-2021-20322](https://nvd.nist.gov/vuln/detail/CVE-2021-20322),[CVE-2021-22543](https://nvd.nist.gov/vuln/detail/CVE-2021-22543),[CVE-2021-22555](https://nvd.nist.gov/vuln/detail/CVE-2021-22555),[CVE-2021-22600](https://nvd.nist.gov/vuln/detail/CVE-2021-22600),[CVE-2021-23133](https://nvd.nist.gov/vuln/detail/CVE-2021-23133),[CVE-2021-23134](https://nvd.nist.gov/vuln/detail/CVE-2021-23134),[CVE-2021-26401](https://nvd.nist.gov/vuln/detail/CVE-2021-26401),[CVE-2021-26930](https://nvd.nist.gov/vuln/detail/CVE-2021-26930),[CVE-2021-26931](https://nvd.nist.gov/vuln/detail/CVE-2021-26931),[CVE-2021-26932](https://nvd.nist.gov/vuln/detail/CVE-2021-26932),[CVE-2021-27363](https://nvd.nist.gov/vuln/detail/CVE-2021-27363),[CVE-2021-27364](https://nvd.nist.gov/vuln/detail/CVE-2021-27364),[CVE-2021-27365](https://nvd.nist.gov/vuln/detail/CVE-2021-27365),[CVE-2021-28038](https://nvd.nist.gov/vuln/detail/CVE-2021-28038),[CVE-2021-28039](https://nvd.nist.gov/vuln/detail/CVE-2021-28039),[CVE-2021-28375](https://nvd.nist.gov/vuln/detail/CVE-2021-28375),[CVE-2021-28660](https://nvd.nist.gov/vuln/detail/CVE-2021-28660),[CVE-2021-28688](https://nvd.nist.gov/vuln/detail/CVE-2021-28688),[CVE-2021-28691](https://nvd.nist.gov/vuln/detail/CVE-2021-28691),[CVE-2021-28711](https://nvd.nist.gov/vuln/detail/CVE-2021-28711),[CVE-2021-28712](https://nvd.nist.gov/vuln/detail/CVE-2021-28712),[CVE-2021-28713](https://nvd.nist.gov/vuln/detail/CVE-2021-28713),[CVE-2021-28714](https://nvd.nist.gov/vuln/detail/CVE-2021-28714),[CVE-2021-28715](https://nvd.nist.gov/vuln/detail/CVE-2021-28715),[CVE-2021-28950](https://nvd.nist.gov/vuln/detail/CVE-2021-28950),[CVE-2021-28951](https://nvd.nist.gov/vuln/detail/CVE-2021-28951),[CVE-2021-28952](https://nvd.nist.gov/vuln/detail/CVE-2021-28952),[CVE-2021-28964](https://nvd.nist.gov/vuln/detail/CVE-2021-28964),[CVE-2021-28971](https://nvd.nist.gov/vuln/detail/CVE-2021-28971),[CVE-2021-28972](https://nvd.nist.gov/vuln/detail/CVE-2021-28972),[CVE-2021-29154](https://nvd.nist.gov/vuln/detail/CVE-2021-29154),[CVE-2021-29155](https://nvd.nist.gov/vuln/detail/CVE-2021-29155),[CVE-2021-29264](https://nvd.nist.gov/vuln/detail/CVE-2021-29264),[CVE-2021-29265](https://nvd.nist.gov/vuln/detail/CVE-2021-29265),[CVE-2021-29266](https://nvd.nist.gov/vuln/detail/CVE-2021-29266),[CVE-2021-29646](https://nvd.nist.gov/vuln/detail/CVE-2021-29646),[CVE-2021-29647](https://nvd.nist.gov/vuln/detail/CVE-2021-29647),[CVE-2021-29648](https://nvd.nist.gov/vuln/detail/CVE-2021-29648),[CVE-2021-29649](https://nvd.nist.gov/vuln/detail/CVE-2021-29649),[CVE-2021-29650](https://nvd.nist.gov/vuln/detail/CVE-2021-29650),[CVE-2021-29657](https://nvd.nist.gov/vuln/detail/CVE-2021-29657),[CVE-2021-30002](https://nvd.nist.gov/vuln/detail/CVE-2021-30002),[CVE-2021-31440](https://nvd.nist.gov/vuln/detail/CVE-2021-31440),[CVE-2021-31829](https://nvd.nist.gov/vuln/detail/CVE-2021-31829),[CVE-2021-31916](https://nvd.nist.gov/vuln/detail/CVE-2021-31916),[CVE-2021-32399](https://nvd.nist.gov/vuln/detail/CVE-2021-32399),[CVE-2021-32606](https://nvd.nist.gov/vuln/detail/CVE-2021-32606),[CVE-2021-33033](https://nvd.nist.gov/vuln/detail/CVE-2021-33033),[CVE-2021-33034](https://nvd.nist.gov/vuln/detail/CVE-2021-33034),[CVE-2021-33098](https://nvd.nist.gov/vuln/detail/CVE-2021-33098),[CVE-2021-33135](https://nvd.nist.gov/vuln/detail/CVE-2021-33135),[CVE-2021-33200](https://nvd.nist.gov/vuln/detail/CVE-2021-33200),[CVE-2021-33624](https://nvd.nist.gov/vuln/detail/CVE-2021-33624),[CVE-2021-33655](https://nvd.nist.gov/vuln/detail/CVE-2021-33655),[CVE-2021-33909](https://nvd.nist.gov/vuln/detail/CVE-2021-33909),[CVE-2021-3444](https://nvd.nist.gov/vuln/detail/CVE-2021-3444),[CVE-2021-34556](https://nvd.nist.gov/vuln/detail/CVE-2021-34556),[CVE-2021-34693](https://nvd.nist.gov/vuln/detail/CVE-2021-34693),[CVE-2021-3483](https://nvd.nist.gov/vuln/detail/CVE-2021-3483),[CVE-2021-34866](https://nvd.nist.gov/vuln/detail/CVE-2021-34866),[CVE-2021-3489](https://nvd.nist.gov/vuln/detail/CVE-2021-3489),[CVE-2021-3490](https://nvd.nist.gov/vuln/detail/CVE-2021-3490),[CVE-2021-3491](https://nvd.nist.gov/vuln/detail/CVE-2021-3491),[CVE-2021-34981](https://nvd.nist.gov/vuln/detail/CVE-2021-34981),[CVE-2021-3501](https://nvd.nist.gov/vuln/detail/CVE-2021-3501),[CVE-2021-35039](https://nvd.nist.gov/vuln/detail/CVE-2021-35039),[CVE-2021-3506](https://nvd.nist.gov/vuln/detail/CVE-2021-3506),[CVE-2021-3543](https://nvd.nist.gov/vuln/detail/CVE-2021-3543),[CVE-2021-35477](https://nvd.nist.gov/vuln/detail/CVE-2021-35477),[CVE-2021-3564](https://nvd.nist.gov/vuln/detail/CVE-2021-3564),[CVE-2021-3573](https://nvd.nist.gov/vuln/detail/CVE-2021-3573),[CVE-2021-3600](https://nvd.nist.gov/vuln/detail/CVE-2021-3600),[CVE-2021-3609](https://nvd.nist.gov/vuln/detail/CVE-2021-3609),[CVE-2021-3612](https://nvd.nist.gov/vuln/detail/CVE-2021-3612),[CVE-2021-3640](https://nvd.nist.gov/vuln/detail/CVE-2021-3640),[CVE-2021-3653](https://nvd.nist.gov/vuln/detail/CVE-2021-3653),[CVE-2021-3655](https://nvd.nist.gov/vuln/detail/CVE-2021-3655),[CVE-2021-3656](https://nvd.nist.gov/vuln/detail/CVE-2021-3656),[CVE-2021-3659](https://nvd.nist.gov/vuln/detail/CVE-2021-3659),[CVE-2021-3679](https://nvd.nist.gov/vuln/detail/CVE-2021-3679),[CVE-2021-37159](https://nvd.nist.gov/vuln/detail/CVE-2021-37159),[CVE-2021-3732](https://nvd.nist.gov/vuln/detail/CVE-2021-3732),[CVE-2021-3736](https://nvd.nist.gov/vuln/detail/CVE-2021-3736),[CVE-2021-3739](https://nvd.nist.gov/vuln/detail/CVE-2021-3739),[CVE-2021-3743](https://nvd.nist.gov/vuln/detail/CVE-2021-3743),[CVE-2021-3744](https://nvd.nist.gov/vuln/detail/CVE-2021-3744),[CVE-2021-3752](https://nvd.nist.gov/vuln/detail/CVE-2021-3752),[CVE-2021-3753](https://nvd.nist.gov/vuln/detail/CVE-2021-3753),[CVE-2021-37576](https://nvd.nist.gov/vuln/detail/CVE-2021-37576),[CVE-2021-3760](https://nvd.nist.gov/vuln/detail/CVE-2021-3760),[CVE-2021-3764](https://nvd.nist.gov/vuln/detail/CVE-2021-3764),[CVE-2021-3772](https://nvd.nist.gov/vuln/detail/CVE-2021-3772),[CVE-2021-38166](https://nvd.nist.gov/vuln/detail/CVE-2021-38166),[CVE-2021-38198](https://nvd.nist.gov/vuln/detail/CVE-2021-38198),[CVE-2021-38199](https://nvd.nist.gov/vuln/detail/CVE-2021-38199),[CVE-2021-38200](https://nvd.nist.gov/vuln/detail/CVE-2021-38200),[CVE-2021-38201](https://nvd.nist.gov/vuln/detail/CVE-2021-38201),[CVE-2021-38202](https://nvd.nist.gov/vuln/detail/CVE-2021-38202),[CVE-2021-38203](https://nvd.nist.gov/vuln/detail/CVE-2021-38203),[CVE-2021-38204](https://nvd.nist.gov/vuln/detail/CVE-2021-38204),[CVE-2021-38205](https://nvd.nist.gov/vuln/detail/CVE-2021-38205),[CVE-2021-38206](https://nvd.nist.gov/vuln/detail/CVE-2021-38206),[CVE-2021-38207](https://nvd.nist.gov/vuln/detail/CVE-2021-38207),[CVE-2021-38208](https://nvd.nist.gov/vuln/detail/CVE-2021-38208),[CVE-2021-38209](https://nvd.nist.gov/vuln/detail/CVE-2021-38209),[CVE-2021-38300](https://nvd.nist.gov/vuln/detail/CVE-2021-38300),[CVE-2021-3923](https://nvd.nist.gov/vuln/detail/CVE-2021-3923),[CVE-2021-39633](https://nvd.nist.gov/vuln/detail/CVE-2021-39633),[CVE-2021-39656](https://nvd.nist.gov/vuln/detail/CVE-2021-39656),[CVE-2021-39685](https://nvd.nist.gov/vuln/detail/CVE-2021-39685),[CVE-2021-39686](https://nvd.nist.gov/vuln/detail/CVE-2021-39686),[CVE-2021-39698](https://nvd.nist.gov/vuln/detail/CVE-2021-39698),[CVE-2021-4001](https://nvd.nist.gov/vuln/detail/CVE-2021-4001),[CVE-2021-4002](https://nvd.nist.gov/vuln/detail/CVE-2021-4002),[CVE-2021-4028](https://nvd.nist.gov/vuln/detail/CVE-2021-4028),[CVE-2021-40490](https://nvd.nist.gov/vuln/detail/CVE-2021-40490),[CVE-2021-4083](https://nvd.nist.gov/vuln/detail/CVE-2021-4083),[CVE-2021-4090](https://nvd.nist.gov/vuln/detail/CVE-2021-4090),[CVE-2021-4093](https://nvd.nist.gov/vuln/detail/CVE-2021-4093),[CVE-2021-41073](https://nvd.nist.gov/vuln/detail/CVE-2021-41073),[CVE-2021-4135](https://nvd.nist.gov/vuln/detail/CVE-2021-4135),[CVE-2021-4148](https://nvd.nist.gov/vuln/detail/CVE-2021-4148),[CVE-2021-4149](https://nvd.nist.gov/vuln/detail/CVE-2021-4149),[CVE-2021-4154](https://nvd.nist.gov/vuln/detail/CVE-2021-4154),[CVE-2021-4155](https://nvd.nist.gov/vuln/detail/CVE-2021-4155),[CVE-2021-4157](https://nvd.nist.gov/vuln/detail/CVE-2021-4157),[CVE-2021-41864](https://nvd.nist.gov/vuln/detail/CVE-2021-41864),[CVE-2021-4197](https://nvd.nist.gov/vuln/detail/CVE-2021-4197),[CVE-2021-42008](https://nvd.nist.gov/vuln/detail/CVE-2021-42008),[CVE-2021-4202](https://nvd.nist.gov/vuln/detail/CVE-2021-4202),[CVE-2021-4203](https://nvd.nist.gov/vuln/detail/CVE-2021-4203),[CVE-2021-42252](https://nvd.nist.gov/vuln/detail/CVE-2021-42252),[CVE-2021-42327](https://nvd.nist.gov/vuln/detail/CVE-2021-42327),[CVE-2021-42739](https://nvd.nist.gov/vuln/detail/CVE-2021-42739),[CVE-2021-43056](https://nvd.nist.gov/vuln/detail/CVE-2021-43056),[CVE-2021-43057](https://nvd.nist.gov/vuln/detail/CVE-2021-43057),[CVE-2021-43267](https://nvd.nist.gov/vuln/detail/CVE-2021-43267),[CVE-2021-43389](https://nvd.nist.gov/vuln/detail/CVE-2021-43389),[CVE-2021-43975](https://nvd.nist.gov/vuln/detail/CVE-2021-43975),[CVE-2021-43976](https://nvd.nist.gov/vuln/detail/CVE-2021-43976),[CVE-2021-44733](https://nvd.nist.gov/vuln/detail/CVE-2021-44733),[CVE-2021-44879](https://nvd.nist.gov/vuln/detail/CVE-2021-44879),[CVE-2021-45095](https://nvd.nist.gov/vuln/detail/CVE-2021-45095),[CVE-2021-45100](https://nvd.nist.gov/vuln/detail/CVE-2021-45100),[CVE-2021-45402](https://nvd.nist.gov/vuln/detail/CVE-2021-45402),[CVE-2021-45469](https://nvd.nist.gov/vuln/detail/CVE-2021-45469),[CVE-2021-45480](https://nvd.nist.gov/vuln/detail/CVE-2021-45480),[CVE-2021-45485](https://nvd.nist.gov/vuln/detail/CVE-2021-45485),[CVE-2021-45486](https://nvd.nist.gov/vuln/detail/CVE-2021-45486),[CVE-2021-45868](https://nvd.nist.gov/vuln/detail/CVE-2021-45868),[CVE-2021-46283](https://nvd.nist.gov/vuln/detail/CVE-2021-46283),[CVE-2022-0001](https://nvd.nist.gov/vuln/detail/CVE-2022-0001),[CVE-2022-0002](https://nvd.nist.gov/vuln/detail/CVE-2022-0002),[CVE-2022-0168](https://nvd.nist.gov/vuln/detail/CVE-2022-0168),[CVE-2022-0171](https://nvd.nist.gov/vuln/detail/CVE-2022-0171),[CVE-2022-0185](https://nvd.nist.gov/vuln/detail/CVE-2022-0185),[CVE-2022-0264](https://nvd.nist.gov/vuln/detail/CVE-2022-0264),[CVE-2022-0286](https://nvd.nist.gov/vuln/detail/CVE-2022-0286),[CVE-2022-0322](https://nvd.nist.gov/vuln/detail/CVE-2022-0322),[CVE-2022-0330](https://nvd.nist.gov/vuln/detail/CVE-2022-0330),[CVE-2022-0382](https://nvd.nist.gov/vuln/detail/CVE-2022-0382),[CVE-2022-0435](https://nvd.nist.gov/vuln/detail/CVE-2022-0435),[CVE-2022-0487](https://nvd.nist.gov/vuln/detail/CVE-2022-0487),[CVE-2022-0492](https://nvd.nist.gov/vuln/detail/CVE-2022-0492),[CVE-2022-0494](https://nvd.nist.gov/vuln/detail/CVE-2022-0494),[CVE-2022-0500](https://nvd.nist.gov/vuln/detail/CVE-2022-0500),[CVE-2022-0516](https://nvd.nist.gov/vuln/detail/CVE-2022-0516),[CVE-2022-0617](https://nvd.nist.gov/vuln/detail/CVE-2022-0617),[CVE-2022-0742](https://nvd.nist.gov/vuln/detail/CVE-2022-0742),[CVE-2022-0847](https://nvd.nist.gov/vuln/detail/CVE-2022-0847),[CVE-2022-0850](https://nvd.nist.gov/vuln/detail/CVE-2022-0850),[CVE-2022-0995](https://nvd.nist.gov/vuln/detail/CVE-2022-0995),[CVE-2022-1011](https://nvd.nist.gov/vuln/detail/CVE-2022-1011),[CVE-2022-1012](https://nvd.nist.gov/vuln/detail/CVE-2022-1012),[CVE-2022-1015](https://nvd.nist.gov/vuln/detail/CVE-2022-1015),[CVE-2022-1016](https://nvd.nist.gov/vuln/detail/CVE-2022-1016),[CVE-2022-1043](https://nvd.nist.gov/vuln/detail/CVE-2022-1043),[CVE-2022-1048](https://nvd.nist.gov/vuln/detail/CVE-2022-1048),[CVE-2022-1055](https://nvd.nist.gov/vuln/detail/CVE-2022-1055),[CVE-2022-1158](https://nvd.nist.gov/vuln/detail/CVE-2022-1158),[CVE-2022-1184](https://nvd.nist.gov/vuln/detail/CVE-2022-1184),[CVE-2022-1195](https://nvd.nist.gov/vuln/detail/CVE-2022-1195),[CVE-2022-1198](https://nvd.nist.gov/vuln/detail/CVE-2022-1198),[CVE-2022-1199](https://nvd.nist.gov/vuln/detail/CVE-2022-1199),[CVE-2022-1204](https://nvd.nist.gov/vuln/detail/CVE-2022-1204),[CVE-2022-1263](https://nvd.nist.gov/vuln/detail/CVE-2022-1263),[CVE-2022-1353](https://nvd.nist.gov/vuln/detail/CVE-2022-1353),[CVE-2022-1462](https://nvd.nist.gov/vuln/detail/CVE-2022-1462),[CVE-2022-1516](https://nvd.nist.gov/vuln/detail/CVE-2022-1516),[CVE-2022-1651](https://nvd.nist.gov/vuln/detail/CVE-2022-1651),[CVE-2022-1652](https://nvd.nist.gov/vuln/detail/CVE-2022-1652),[CVE-2022-1671](https://nvd.nist.gov/vuln/detail/CVE-2022-1671),[CVE-2022-1679](https://nvd.nist.gov/vuln/detail/CVE-2022-1679),[CVE-2022-1729](https://nvd.nist.gov/vuln/detail/CVE-2022-1729),[CVE-2022-1734](https://nvd.nist.gov/vuln/detail/CVE-2022-1734),[CVE-2022-1789](https://nvd.nist.gov/vuln/detail/CVE-2022-1789),[CVE-2022-1852](https://nvd.nist.gov/vuln/detail/CVE-2022-1852),[CVE-2022-1943](https://nvd.nist.gov/vuln/detail/CVE-2022-1943),[CVE-2022-1973](https://nvd.nist.gov/vuln/detail/CVE-2022-1973),[CVE-2022-1974](https://nvd.nist.gov/vuln/detail/CVE-2022-1974),[CVE-2022-1975](https://nvd.nist.gov/vuln/detail/CVE-2022-1975),[CVE-2022-1998](https://nvd.nist.gov/vuln/detail/CVE-2022-1998),[CVE-2022-20008](https://nvd.nist.gov/vuln/detail/CVE-2022-20008),[CVE-2022-20132](https://nvd.nist.gov/vuln/detail/CVE-2022-20132),[CVE-2022-20141](https://nvd.nist.gov/vuln/detail/CVE-2022-20141),[CVE-2022-20148](https://nvd.nist.gov/vuln/detail/CVE-2022-20148),[CVE-2022-20154](https://nvd.nist.gov/vuln/detail/CVE-2022-20154),[CVE-2022-20158](https://nvd.nist.gov/vuln/detail/CVE-2022-20158),[CVE-2022-20368](https://nvd.nist.gov/vuln/detail/CVE-2022-20368),[CVE-2022-20369](https://nvd.nist.gov/vuln/detail/CVE-2022-20369),[CVE-2022-20421](https://nvd.nist.gov/vuln/detail/CVE-2022-20421),[CVE-2022-20422](https://nvd.nist.gov/vuln/detail/CVE-2022-20422),[CVE-2022-20566](https://nvd.nist.gov/vuln/detail/CVE-2022-20566),[CVE-2022-20572](https://nvd.nist.gov/vuln/detail/CVE-2022-20572),[CVE-2022-2078](https://nvd.nist.gov/vuln/detail/CVE-2022-2078),[CVE-2022-21123](https://nvd.nist.gov/vuln/detail/CVE-2022-21123),[CVE-2022-21125](https://nvd.nist.gov/vuln/detail/CVE-2022-21125),[CVE-2022-21166](https://nvd.nist.gov/vuln/detail/CVE-2022-21166),[CVE-2022-21499](https://nvd.nist.gov/vuln/detail/CVE-2022-21499),[CVE-2022-21505](https://nvd.nist.gov/vuln/detail/CVE-2022-21505),[CVE-2022-2153](https://nvd.nist.gov/vuln/detail/CVE-2022-2153),[CVE-2022-2196](https://nvd.nist.gov/vuln/detail/CVE-2022-2196),[CVE-2022-22942](https://nvd.nist.gov/vuln/detail/CVE-2022-22942),[CVE-2022-23036](https://nvd.nist.gov/vuln/detail/CVE-2022-23036),[CVE-2022-23037](https://nvd.nist.gov/vuln/detail/CVE-2022-23037),[CVE-2022-23038](https://nvd.nist.gov/vuln/detail/CVE-2022-23038),[CVE-2022-23039](https://nvd.nist.gov/vuln/detail/CVE-2022-23039),[CVE-2022-23040](https://nvd.nist.gov/vuln/detail/CVE-2022-23040),[CVE-2022-23041](https://nvd.nist.gov/vuln/detail/CVE-2022-23041),[CVE-2022-23042](https://nvd.nist.gov/vuln/detail/CVE-2022-23042),[CVE-2022-2308](https://nvd.nist.gov/vuln/detail/CVE-2022-2308),[CVE-2022-2318](https://nvd.nist.gov/vuln/detail/CVE-2022-2318),[CVE-2022-23222](https://nvd.nist.gov/vuln/detail/CVE-2022-23222),[CVE-2022-2380](https://nvd.nist.gov/vuln/detail/CVE-2022-2380),[CVE-2022-23960](https://nvd.nist.gov/vuln/detail/CVE-2022-23960),[CVE-2022-24122](https://nvd.nist.gov/vuln/detail/CVE-2022-24122),[CVE-2022-24448](https://nvd.nist.gov/vuln/detail/CVE-2022-24448),[CVE-2022-24958](https://nvd.nist.gov/vuln/detail/CVE-2022-24958),[CVE-2022-24959](https://nvd.nist.gov/vuln/detail/CVE-2022-24959),[CVE-2022-2503](https://nvd.nist.gov/vuln/detail/CVE-2022-2503),[CVE-2022-25258](https://nvd.nist.gov/vuln/detail/CVE-2022-25258),[CVE-2022-25375](https://nvd.nist.gov/vuln/detail/CVE-2022-25375),[CVE-2022-25636](https://nvd.nist.gov/vuln/detail/CVE-2022-25636),[CVE-2022-2585](https://nvd.nist.gov/vuln/detail/CVE-2022-2585),[CVE-2022-2586](https://nvd.nist.gov/vuln/detail/CVE-2022-2586),[CVE-2022-2588](https://nvd.nist.gov/vuln/detail/CVE-2022-2588),[CVE-2022-2602](https://nvd.nist.gov/vuln/detail/CVE-2022-2602),[CVE-2022-26365](https://nvd.nist.gov/vuln/detail/CVE-2022-26365),[CVE-2022-26373](https://nvd.nist.gov/vuln/detail/CVE-2022-26373),[CVE-2022-2639](https://nvd.nist.gov/vuln/detail/CVE-2022-2639),[CVE-2022-26490](https://nvd.nist.gov/vuln/detail/CVE-2022-26490),[CVE-2022-2663](https://nvd.nist.gov/vuln/detail/CVE-2022-2663),[CVE-2022-26966](https://nvd.nist.gov/vuln/detail/CVE-2022-26966),[CVE-2022-27223](https://nvd.nist.gov/vuln/detail/CVE-2022-27223),[CVE-2022-27666](https://nvd.nist.gov/vuln/detail/CVE-2022-27666),[CVE-2022-27672](https://nvd.nist.gov/vuln/detail/CVE-2022-27672),[CVE-2022-27950](https://nvd.nist.gov/vuln/detail/CVE-2022-27950),[CVE-2022-28356](https://nvd.nist.gov/vuln/detail/CVE-2022-28356),[CVE-2022-28388](https://nvd.nist.gov/vuln/detail/CVE-2022-28388),[CVE-2022-28389](https://nvd.nist.gov/vuln/detail/CVE-2022-28389),[CVE-2022-28390](https://nvd.nist.gov/vuln/detail/CVE-2022-28390),[CVE-2022-2873](https://nvd.nist.gov/vuln/detail/CVE-2022-2873),[CVE-2022-28893](https://nvd.nist.gov/vuln/detail/CVE-2022-28893),[CVE-2022-2905](https://nvd.nist.gov/vuln/detail/CVE-2022-2905),[CVE-2022-29156](https://nvd.nist.gov/vuln/detail/CVE-2022-29156),[CVE-2022-2938](https://nvd.nist.gov/vuln/detail/CVE-2022-2938),[CVE-2022-29581](https://nvd.nist.gov/vuln/detail/CVE-2022-29581),[CVE-2022-29582](https://nvd.nist.gov/vuln/detail/CVE-2022-29582),[CVE-2022-2959](https://nvd.nist.gov/vuln/detail/CVE-2022-2959),[CVE-2022-2964](https://nvd.nist.gov/vuln/detail/CVE-2022-2964),[CVE-2022-2977](https://nvd.nist.gov/vuln/detail/CVE-2022-2977),[CVE-2022-2978](https://nvd.nist.gov/vuln/detail/CVE-2022-2978),[CVE-2022-29900](https://nvd.nist.gov/vuln/detail/CVE-2022-29900),[CVE-2022-29901](https://nvd.nist.gov/vuln/detail/CVE-2022-29901),[CVE-2022-3028](https://nvd.nist.gov/vuln/detail/CVE-2022-3028),[CVE-2022-30594](https://nvd.nist.gov/vuln/detail/CVE-2022-30594),[CVE-2022-3061](https://nvd.nist.gov/vuln/detail/CVE-2022-3061),[CVE-2022-3077](https://nvd.nist.gov/vuln/detail/CVE-2022-3077),[CVE-2022-3078](https://nvd.nist.gov/vuln/detail/CVE-2022-3078),[CVE-2022-3104](https://nvd.nist.gov/vuln/detail/CVE-2022-3104),[CVE-2022-3105](https://nvd.nist.gov/vuln/detail/CVE-2022-3105),[CVE-2022-3106](https://nvd.nist.gov/vuln/detail/CVE-2022-3106),[CVE-2022-3107](https://nvd.nist.gov/vuln/detail/CVE-2022-3107),[CVE-2022-3108](https://nvd.nist.gov/vuln/detail/CVE-2022-3108),[CVE-2022-3110](https://nvd.nist.gov/vuln/detail/CVE-2022-3110),[CVE-2022-3111](https://nvd.nist.gov/vuln/detail/CVE-2022-3111),[CVE-2022-3112](https://nvd.nist.gov/vuln/detail/CVE-2022-3112),[CVE-2022-3113](https://nvd.nist.gov/vuln/detail/CVE-2022-3113),[CVE-2022-3115](https://nvd.nist.gov/vuln/detail/CVE-2022-3115),[CVE-2022-3169](https://nvd.nist.gov/vuln/detail/CVE-2022-3169),[CVE-2022-3176](https://nvd.nist.gov/vuln/detail/CVE-2022-3176),[CVE-2022-3202](https://nvd.nist.gov/vuln/detail/CVE-2022-3202),[CVE-2022-32250](https://nvd.nist.gov/vuln/detail/CVE-2022-32250),[CVE-2022-32296](https://nvd.nist.gov/vuln/detail/CVE-2022-32296),[CVE-2022-3239](https://nvd.nist.gov/vuln/detail/CVE-2022-3239),[CVE-2022-32981](https://nvd.nist.gov/vuln/detail/CVE-2022-32981),[CVE-2022-3303](https://nvd.nist.gov/vuln/detail/CVE-2022-3303),[CVE-2022-3344](https://nvd.nist.gov/vuln/detail/CVE-2022-3344),[CVE-2022-33740](https://nvd.nist.gov/vuln/detail/CVE-2022-33740),[CVE-2022-33741](https://nvd.nist.gov/vuln/detail/CVE-2022-33741),[CVE-2022-33742](https://nvd.nist.gov/vuln/detail/CVE-2022-33742),[CVE-2022-33743](https://nvd.nist.gov/vuln/detail/CVE-2022-33743),[CVE-2022-33744](https://nvd.nist.gov/vuln/detail/CVE-2022-33744),[CVE-2022-33981](https://nvd.nist.gov/vuln/detail/CVE-2022-33981),[CVE-2022-3424](https://nvd.nist.gov/vuln/detail/CVE-2022-3424),[CVE-2022-34494](https://nvd.nist.gov/vuln/detail/CVE-2022-34494),[CVE-2022-34495](https://nvd.nist.gov/vuln/detail/CVE-2022-34495),[CVE-2022-34918](https://nvd.nist.gov/vuln/detail/CVE-2022-34918),[CVE-2022-3521](https://nvd.nist.gov/vuln/detail/CVE-2022-3521),[CVE-2022-3524](https://nvd.nist.gov/vuln/detail/CVE-2022-3524),[CVE-2022-3526](https://nvd.nist.gov/vuln/detail/CVE-2022-3526),[CVE-2022-3534](https://nvd.nist.gov/vuln/detail/CVE-2022-3534),[CVE-2022-3543](https://nvd.nist.gov/vuln/detail/CVE-2022-3543),[CVE-2022-3545](https://nvd.nist.gov/vuln/detail/CVE-2022-3545),[CVE-2022-3564](https://nvd.nist.gov/vuln/detail/CVE-2022-3564),[CVE-2022-3565](https://nvd.nist.gov/vuln/detail/CVE-2022-3565),[CVE-2022-3577](https://nvd.nist.gov/vuln/detail/CVE-2022-3577),[CVE-2022-3586](https://nvd.nist.gov/vuln/detail/CVE-2022-3586),[CVE-2022-3594](https://nvd.nist.gov/vuln/detail/CVE-2022-3594),[CVE-2022-36123](https://nvd.nist.gov/vuln/detail/CVE-2022-36123),[CVE-2022-3619](https://nvd.nist.gov/vuln/detail/CVE-2022-3619),[CVE-2022-3621](https://nvd.nist.gov/vuln/detail/CVE-2022-3621),[CVE-2022-3623](https://nvd.nist.gov/vuln/detail/CVE-2022-3623),[CVE-2022-3625](https://nvd.nist.gov/vuln/detail/CVE-2022-3625),[CVE-2022-3628](https://nvd.nist.gov/vuln/detail/CVE-2022-3628),[CVE-2022-36280](https://nvd.nist.gov/vuln/detail/CVE-2022-36280),[CVE-2022-3629](https://nvd.nist.gov/vuln/detail/CVE-2022-3629),[CVE-2022-3633](https://nvd.nist.gov/vuln/detail/CVE-2022-3633),[CVE-2022-3635](https://nvd.nist.gov/vuln/detail/CVE-2022-3635),[CVE-2022-3643](https://nvd.nist.gov/vuln/detail/CVE-2022-3643),[CVE-2022-3646](https://nvd.nist.gov/vuln/detail/CVE-2022-3646),[CVE-2022-3649](https://nvd.nist.gov/vuln/detail/CVE-2022-3649),[CVE-2022-36879](https://nvd.nist.gov/vuln/detail/CVE-2022-36879),[CVE-2022-36946](https://nvd.nist.gov/vuln/detail/CVE-2022-36946),[CVE-2022-3707](https://nvd.nist.gov/vuln/detail/CVE-2022-3707),[CVE-2022-39189](https://nvd.nist.gov/vuln/detail/CVE-2022-39189),[CVE-2022-39190](https://nvd.nist.gov/vuln/detail/CVE-2022-39190),[CVE-2022-40307](https://nvd.nist.gov/vuln/detail/CVE-2022-40307),[CVE-2022-40768](https://nvd.nist.gov/vuln/detail/CVE-2022-40768),[CVE-2022-4095](https://nvd.nist.gov/vuln/detail/CVE-2022-4095),[CVE-2022-40982](https://nvd.nist.gov/vuln/detail/CVE-2022-40982),[CVE-2022-41218](https://nvd.nist.gov/vuln/detail/CVE-2022-41218),[CVE-2022-41222](https://nvd.nist.gov/vuln/detail/CVE-2022-41222),[CVE-2022-4129](https://nvd.nist.gov/vuln/detail/CVE-2022-4129),[CVE-2022-41674](https://nvd.nist.gov/vuln/detail/CVE-2022-41674),[CVE-2022-41849](https://nvd.nist.gov/vuln/detail/CVE-2022-41849),[CVE-2022-41850](https://nvd.nist.gov/vuln/detail/CVE-2022-41850),[CVE-2022-41858](https://nvd.nist.gov/vuln/detail/CVE-2022-41858),[CVE-2022-42432](https://nvd.nist.gov/vuln/detail/CVE-2022-42432),[CVE-2022-4269](https://nvd.nist.gov/vuln/detail/CVE-2022-4269),[CVE-2022-42703](https://nvd.nist.gov/vuln/detail/CVE-2022-42703),[CVE-2022-42719](https://nvd.nist.gov/vuln/detail/CVE-2022-42719),[CVE-2022-42720](https://nvd.nist.gov/vuln/detail/CVE-2022-42720),[CVE-2022-42721](https://nvd.nist.gov/vuln/detail/CVE-2022-42721),[CVE-2022-42722](https://nvd.nist.gov/vuln/detail/CVE-2022-42722),[CVE-2022-42895](https://nvd.nist.gov/vuln/detail/CVE-2022-42895),[CVE-2022-42896](https://nvd.nist.gov/vuln/detail/CVE-2022-42896),[CVE-2022-43750](https://nvd.nist.gov/vuln/detail/CVE-2022-43750),[CVE-2022-4378](https://nvd.nist.gov/vuln/detail/CVE-2022-4378),[CVE-2022-4379](https://nvd.nist.gov/vuln/detail/CVE-2022-4379),[CVE-2022-4382](https://nvd.nist.gov/vuln/detail/CVE-2022-4382),[CVE-2022-43945](https://nvd.nist.gov/vuln/detail/CVE-2022-43945),[CVE-2022-45869](https://nvd.nist.gov/vuln/detail/CVE-2022-45869),[CVE-2022-45886](https://nvd.nist.gov/vuln/detail/CVE-2022-45886),[CVE-2022-45887](https://nvd.nist.gov/vuln/detail/CVE-2022-45887),[CVE-2022-45919](https://nvd.nist.gov/vuln/detail/CVE-2022-45919),[CVE-2022-45934](https://nvd.nist.gov/vuln/detail/CVE-2022-45934),[CVE-2022-4662](https://nvd.nist.gov/vuln/detail/CVE-2022-4662),[CVE-2022-4744](https://nvd.nist.gov/vuln/detail/CVE-2022-4744),[CVE-2022-47518](https://nvd.nist.gov/vuln/detail/CVE-2022-47518),[CVE-2022-47519](https://nvd.nist.gov/vuln/detail/CVE-2022-47519),[CVE-2022-47520](https://nvd.nist.gov/vuln/detail/CVE-2022-47520),[CVE-2022-47521](https://nvd.nist.gov/vuln/detail/CVE-2022-47521),[CVE-2022-47929](https://nvd.nist.gov/vuln/detail/CVE-2022-47929),[CVE-2022-47938](https://nvd.nist.gov/vuln/detail/CVE-2022-47938),[CVE-2022-47939](https://nvd.nist.gov/vuln/detail/CVE-2022-47939),[CVE-2022-47941](https://nvd.nist.gov/vuln/detail/CVE-2022-47941),[CVE-2022-47942](https://nvd.nist.gov/vuln/detail/CVE-2022-47942),[CVE-2022-47943](https://nvd.nist.gov/vuln/detail/CVE-2022-47943),[CVE-2022-4842](https://nvd.nist.gov/vuln/detail/CVE-2022-4842),[CVE-2022-48423](https://nvd.nist.gov/vuln/detail/CVE-2022-48423),[CVE-2022-48424](https://nvd.nist.gov/vuln/detail/CVE-2022-48424),[CVE-2022-48425](https://nvd.nist.gov/vuln/detail/CVE-2022-48425),[CVE-2022-48502](https://nvd.nist.gov/vuln/detail/CVE-2022-48502),[CVE-2023-0045](https://nvd.nist.gov/vuln/detail/CVE-2023-0045),[CVE-2023-0160](https://nvd.nist.gov/vuln/detail/CVE-2023-0160),[CVE-2023-0179](https://nvd.nist.gov/vuln/detail/CVE-2023-0179),[CVE-2023-0210](https://nvd.nist.gov/vuln/detail/CVE-2023-0210),[CVE-2023-0266](https://nvd.nist.gov/vuln/detail/CVE-2023-0266),[CVE-2023-0386](https://nvd.nist.gov/vuln/detail/CVE-2023-0386),[CVE-2023-0394](https://nvd.nist.gov/vuln/detail/CVE-2023-0394),[CVE-2023-0458](https://nvd.nist.gov/vuln/detail/CVE-2023-0458),[CVE-2023-0459](https://nvd.nist.gov/vuln/detail/CVE-2023-0459),[CVE-2023-0461](https://nvd.nist.gov/vuln/detail/CVE-2023-0461),[CVE-2023-0590](https://nvd.nist.gov/vuln/detail/CVE-2023-0590),[CVE-2023-0615](https://nvd.nist.gov/vuln/detail/CVE-2023-0615),[CVE-2023-1073](https://nvd.nist.gov/vuln/detail/CVE-2023-1073),[CVE-2023-1074](https://nvd.nist.gov/vuln/detail/CVE-2023-1074),[CVE-2023-1076](https://nvd.nist.gov/vuln/detail/CVE-2023-1076),[CVE-2023-1077](https://nvd.nist.gov/vuln/detail/CVE-2023-1077),[CVE-2023-1078](https://nvd.nist.gov/vuln/detail/CVE-2023-1078),[CVE-2023-1079](https://nvd.nist.gov/vuln/detail/CVE-2023-1079),[CVE-2023-1095](https://nvd.nist.gov/vuln/detail/CVE-2023-1095),[CVE-2023-1118](https://nvd.nist.gov/vuln/detail/CVE-2023-1118),[CVE-2023-1192](https://nvd.nist.gov/vuln/detail/CVE-2023-1192),[CVE-2023-1206](https://nvd.nist.gov/vuln/detail/CVE-2023-1206),[CVE-2023-1249](https://nvd.nist.gov/vuln/detail/CVE-2023-1249),[CVE-2023-1252](https://nvd.nist.gov/vuln/detail/CVE-2023-1252),[CVE-2023-1281](https://nvd.nist.gov/vuln/detail/CVE-2023-1281),[CVE-2023-1295](https://nvd.nist.gov/vuln/detail/CVE-2023-1295),[CVE-2023-1380](https://nvd.nist.gov/vuln/detail/CVE-2023-1380),[CVE-2023-1382](https://nvd.nist.gov/vuln/detail/CVE-2023-1382),[CVE-2023-1513](https://nvd.nist.gov/vuln/detail/CVE-2023-1513),[CVE-2023-1582](https://nvd.nist.gov/vuln/detail/CVE-2023-1582),[CVE-2023-1611](https://nvd.nist.gov/vuln/detail/CVE-2023-1611),[CVE-2023-1637](https://nvd.nist.gov/vuln/detail/CVE-2023-1637),[CVE-2023-1652](https://nvd.nist.gov/vuln/detail/CVE-2023-1652),[CVE-2023-1670](https://nvd.nist.gov/vuln/detail/CVE-2023-1670),[CVE-2023-1829](https://nvd.nist.gov/vuln/detail/CVE-2023-1829),[CVE-2023-1838](https://nvd.nist.gov/vuln/detail/CVE-2023-1838),[CVE-2023-1855](https://nvd.nist.gov/vuln/detail/CVE-2023-1855),[CVE-2023-1859](https://nvd.nist.gov/vuln/detail/CVE-2023-1859),[CVE-2023-1989](https://nvd.nist.gov/vuln/detail/CVE-2023-1989),[CVE-2023-1990](https://nvd.nist.gov/vuln/detail/CVE-2023-1990),[CVE-2023-2002](https://nvd.nist.gov/vuln/detail/CVE-2023-2002),[CVE-2023-2006](https://nvd.nist.gov/vuln/detail/CVE-2023-2006),[CVE-2023-2008](https://nvd.nist.gov/vuln/detail/CVE-2023-2008),[CVE-2023-2019](https://nvd.nist.gov/vuln/detail/CVE-2023-2019),[CVE-2023-20569](https://nvd.nist.gov/vuln/detail/CVE-2023-20569),[CVE-2023-20588](https://nvd.nist.gov/vuln/detail/CVE-2023-20588),[CVE-2023-20593](https://nvd.nist.gov/vuln/detail/CVE-2023-20593),[CVE-2023-20928](https://nvd.nist.gov/vuln/detail/CVE-2023-20928),[CVE-2023-21102](https://nvd.nist.gov/vuln/detail/CVE-2023-21102),[CVE-2023-2124](https://nvd.nist.gov/vuln/detail/CVE-2023-2124),[CVE-2023-2156](https://nvd.nist.gov/vuln/detail/CVE-2023-2156),[CVE-2023-2162](https://nvd.nist.gov/vuln/detail/CVE-2023-2162),[CVE-2023-2163](https://nvd.nist.gov/vuln/detail/CVE-2023-2163),[CVE-2023-2166](https://nvd.nist.gov/vuln/detail/CVE-2023-2166),[CVE-2023-2177](https://nvd.nist.gov/vuln/detail/CVE-2023-2177),[CVE-2023-2194](https://nvd.nist.gov/vuln/detail/CVE-2023-2194),[CVE-2023-2235](https://nvd.nist.gov/vuln/detail/CVE-2023-2235),[CVE-2023-2269](https://nvd.nist.gov/vuln/detail/CVE-2023-2269),[CVE-2023-22998](https://nvd.nist.gov/vuln/detail/CVE-2023-22998),[CVE-2023-22999](https://nvd.nist.gov/vuln/detail/CVE-2023-22999),[CVE-2023-23001](https://nvd.nist.gov/vuln/detail/CVE-2023-23001),[CVE-2023-23002](https://nvd.nist.gov/vuln/detail/CVE-2023-23002),[CVE-2023-23004](https://nvd.nist.gov/vuln/detail/CVE-2023-23004),[CVE-2023-23006](https://nvd.nist.gov/vuln/detail/CVE-2023-23006),[CVE-2023-23454](https://nvd.nist.gov/vuln/detail/CVE-2023-23454),[CVE-2023-23455](https://nvd.nist.gov/vuln/detail/CVE-2023-23455),[CVE-2023-23559](https://nvd.nist.gov/vuln/detail/CVE-2023-23559),[CVE-2023-25012](https://nvd.nist.gov/vuln/detail/CVE-2023-25012),[CVE-2023-2513](https://nvd.nist.gov/vuln/detail/CVE-2023-2513),[CVE-2023-26544](https://nvd.nist.gov/vuln/detail/CVE-2023-26544),[CVE-2023-26545](https://nvd.nist.gov/vuln/detail/CVE-2023-26545),[CVE-2023-26606](https://nvd.nist.gov/vuln/detail/CVE-2023-26606),[CVE-2023-26607](https://nvd.nist.gov/vuln/detail/CVE-2023-26607),[CVE-2023-28327](https://nvd.nist.gov/vuln/detail/CVE-2023-28327),[CVE-2023-28328](https://nvd.nist.gov/vuln/detail/CVE-2023-28328),[CVE-2023-28410](https://nvd.nist.gov/vuln/detail/CVE-2023-28410),[CVE-2023-28466](https://nvd.nist.gov/vuln/detail/CVE-2023-28466),[CVE-2023-2860](https://nvd.nist.gov/vuln/detail/CVE-2023-2860),[CVE-2023-28772](https://nvd.nist.gov/vuln/detail/CVE-2023-28772),[CVE-2023-2898](https://nvd.nist.gov/vuln/detail/CVE-2023-2898),[CVE-2023-2985](https://nvd.nist.gov/vuln/detail/CVE-2023-2985),[CVE-2023-3006](https://nvd.nist.gov/vuln/detail/CVE-2023-3006),[CVE-2023-30456](https://nvd.nist.gov/vuln/detail/CVE-2023-30456),[CVE-2023-30772](https://nvd.nist.gov/vuln/detail/CVE-2023-30772),[CVE-2023-3090](https://nvd.nist.gov/vuln/detail/CVE-2023-3090),[CVE-2023-3111](https://nvd.nist.gov/vuln/detail/CVE-2023-3111),[CVE-2023-31248](https://nvd.nist.gov/vuln/detail/CVE-2023-31248),[CVE-2023-3141](https://nvd.nist.gov/vuln/detail/CVE-2023-3141),[CVE-2023-31436](https://nvd.nist.gov/vuln/detail/CVE-2023-31436),[CVE-2023-3159](https://nvd.nist.gov/vuln/detail/CVE-2023-3159),[CVE-2023-3161](https://nvd.nist.gov/vuln/detail/CVE-2023-3161),[CVE-2023-3212](https://nvd.nist.gov/vuln/detail/CVE-2023-3212),[CVE-2023-3220](https://nvd.nist.gov/vuln/detail/CVE-2023-3220),[CVE-2023-32233](https://nvd.nist.gov/vuln/detail/CVE-2023-32233),[CVE-2023-32248](https://nvd.nist.gov/vuln/detail/CVE-2023-32248),[CVE-2023-32269](https://nvd.nist.gov/vuln/detail/CVE-2023-32269),[CVE-2023-3268](https://nvd.nist.gov/vuln/detail/CVE-2023-3268),[CVE-2023-33203](https://nvd.nist.gov/vuln/detail/CVE-2023-33203),[CVE-2023-33288](https://nvd.nist.gov/vuln/detail/CVE-2023-33288),[CVE-2023-3338](https://nvd.nist.gov/vuln/detail/CVE-2023-3338),[CVE-2023-3355](https://nvd.nist.gov/vuln/detail/CVE-2023-3355),[CVE-2023-3357](https://nvd.nist.gov/vuln/detail/CVE-2023-3357),[CVE-2023-3358](https://nvd.nist.gov/vuln/detail/CVE-2023-3358),[CVE-2023-3390](https://nvd.nist.gov/vuln/detail/CVE-2023-3390),[CVE-2023-35001](https://nvd.nist.gov/vuln/detail/CVE-2023-35001),[CVE-2023-3567](https://nvd.nist.gov/vuln/detail/CVE-2023-3567),[CVE-2023-35788](https://nvd.nist.gov/vuln/detail/CVE-2023-35788),[CVE-2023-35823](https://nvd.nist.gov/vuln/detail/CVE-2023-35823),[CVE-2023-35824](https://nvd.nist.gov/vuln/detail/CVE-2023-35824),[CVE-2023-35828](https://nvd.nist.gov/vuln/detail/CVE-2023-35828),[CVE-2023-35829](https://nvd.nist.gov/vuln/detail/CVE-2023-35829),[CVE-2023-3609](https://nvd.nist.gov/vuln/detail/CVE-2023-3609),[CVE-2023-3610](https://nvd.nist.gov/vuln/detail/CVE-2023-3610),[CVE-2023-3611](https://nvd.nist.gov/vuln/detail/CVE-2023-3611),[CVE-2023-3772](https://nvd.nist.gov/vuln/detail/CVE-2023-3772),[CVE-2023-3776](https://nvd.nist.gov/vuln/detail/CVE-2023-3776),[CVE-2023-3777](https://nvd.nist.gov/vuln/detail/CVE-2023-3777),[CVE-2023-3812](https://nvd.nist.gov/vuln/detail/CVE-2023-3812),[CVE-2023-38426](https://nvd.nist.gov/vuln/detail/CVE-2023-38426),[CVE-2023-38428](https://nvd.nist.gov/vuln/detail/CVE-2023-38428),[CVE-2023-38429](https://nvd.nist.gov/vuln/detail/CVE-2023-38429),[CVE-2023-38432](https://nvd.nist.gov/vuln/detail/CVE-2023-38432),[CVE-2023-3863](https://nvd.nist.gov/vuln/detail/CVE-2023-3863),[CVE-2023-3865](https://nvd.nist.gov/vuln/detail/CVE-2023-3865),[CVE-2023-3866](https://nvd.nist.gov/vuln/detail/CVE-2023-3866),[CVE-2023-4004](https://nvd.nist.gov/vuln/detail/CVE-2023-4004),[CVE-2023-4015](https://nvd.nist.gov/vuln/detail/CVE-2023-4015),[CVE-2023-40283](https://nvd.nist.gov/vuln/detail/CVE-2023-40283),[CVE-2023-4128](https://nvd.nist.gov/vuln/detail/CVE-2023-4128),[CVE-2023-4132](https://nvd.nist.gov/vuln/detail/CVE-2023-4132),[CVE-2023-4147](https://nvd.nist.gov/vuln/detail/CVE-2023-4147),[CVE-2023-4206](https://nvd.nist.gov/vuln/detail/CVE-2023-4206),[CVE-2023-4207](https://nvd.nist.gov/vuln/detail/CVE-2023-4207),[CVE-2023-4208](https://nvd.nist.gov/vuln/detail/CVE-2023-4208),[CVE-2023-4273](https://nvd.nist.gov/vuln/detail/CVE-2023-4273),[CVE-2023-42752](https://nvd.nist.gov/vuln/detail/CVE-2023-42752),[CVE-2023-42753](https://nvd.nist.gov/vuln/detail/CVE-2023-42753),[CVE-2023-42755](https://nvd.nist.gov/vuln/detail/CVE-2023-42755),[CVE-2023-4385](https://nvd.nist.gov/vuln/detail/CVE-2023-4385),[CVE-2023-4387](https://nvd.nist.gov/vuln/detail/CVE-2023-4387),[CVE-2023-4389](https://nvd.nist.gov/vuln/detail/CVE-2023-4389),[CVE-2023-4459](https://nvd.nist.gov/vuln/detail/CVE-2023-4459),[CVE-2023-4569](https://nvd.nist.gov/vuln/detail/CVE-2023-4569),[CVE-2023-4623](https://nvd.nist.gov/vuln/detail/CVE-2023-4623), [CVE-2023-4921](https://nvd.nist.gov/vuln/detail/CVE-2023-4921), [CVE-2022-40982](https://nvd.nist.gov/vuln/detail/CVE-2022-40982), [CVE-2022-41804](https://nvd.nist.gov/vuln/detail/CVE-2022-41804), [CVE-2023-20569](https://nvd.nist.gov/vuln/detail/CVE-2023-20569), [CVE-2023-23908](https://nvd.nist.gov/vuln/detail/CVE-2023-23908))<br> - Docker ([CVE-2022-36109](https://nvd.nist.gov/vuln/detail/CVE-2022-36109), [CVE-2022-29526](https://nvd.nist.gov/vuln/detail/CVE-2022-29526))<br> - Go ([CVE-2021-44716](https://nvd.nist.gov/vuln/detail/CVE-2021-44716), [CVE-2021-44717](https://nvd.nist.gov/vuln/detail/CVE-2021-44717), [CVE-2022-1705](https://nvd.nist.gov/vuln/detail/CVE-2022-1705), [CVE-2022-1962](https://nvd.nist.gov/vuln/detail/CVE-2022-1962), [CVE-2022-2879](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879), [CVE-2022-2880](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880), [CVE-2022-24675](https://nvd.nist.gov/vuln/detail/CVE-2022-24675), [CVE-2022-27664](https://nvd.nist.gov/vuln/detail/CVE-2022-27664), [CVE-2022-28131](https://nvd.nist.gov/vuln/detail/CVE-2022-28131), [CVE-2022-29526](https://nvd.nist.gov/vuln/detail/CVE-2022-29526), [CVE-2022-30630](https://nvd.nist.gov/vuln/detail/CVE-2022-30630), [CVE-2022-30631](https://nvd.nist.gov/vuln/detail/CVE-2022-30631), [CVE-2022-30632](https://nvd.nist.gov/vuln/detail/CVE-2022-30632), [CVE-2022-30633](https://nvd.nist.gov/vuln/detail/CVE-2022-30633), [CVE-2022-30635](https://nvd.nist.gov/vuln/detail/CVE-2022-30635), [CVE-2022-32148](https://nvd.nist.gov/vuln/detail/CVE-2022-32148), [CVE-2022-32189](https://nvd.nist.gov/vuln/detail/CVE-2022-32189), [CVE-2022-32190](https://nvd.nist.gov/vuln/detail/CVE-2022-32190), [CVE-2022-41715](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41715), [CVE-2022-41717](https://nvd.nist.gov/vuln/detail/CVE-2022-41717))<br> - bind tools ([CVE-2022-2795](https://nvd.nist.gov/vuln/detail/CVE-2022-2795), [CVE-2022-2881](https://nvd.nist.gov/vuln/detail/CVE-2022-2881), [CVE-2022-2906](https://nvd.nist.gov/vuln/detail/CVE-2022-2906), [CVE-2022-3080](https://nvd.nist.gov/vuln/detail/CVE-2022-3080), [CVE-2022-38177](https://nvd.nist.gov/vuln/detail/CVE-2022-38177), [CVE-2022-38178](https://nvd.nist.gov/vuln/detail/CVE-2022-38178))<br> - binutils ([CVE-2021-45078](https://nvd.nist.gov/vuln/detail/CVE-2021-45078))<br> - cifs-utils ([CVE-2021-20208](https://nvd.nist.gov/vuln/detail/CVE-2021-20208), [CVE-2022-27239](https://nvd.nist.gov/vuln/detail/CVE-2022-27239), [CVE-2022-29869](https://nvd.nist.gov/vuln/detail/CVE-2022-29869))<br> - containerd ([CVE-2021-43816](https://nvd.nist.gov/vuln/detail/CVE-2021-43816), [CVE-2022-23471](https://nvd.nist.gov/vuln/detail/CVE-2022-23471), [CVE-2022-23648](https://nvd.nist.gov/vuln/detail/CVE-2022-23648), [CVE-2022-24769](https://nvd.nist.gov/vuln/detail/CVE-2022-24769), [CVE-2022-31030](https://nvd.nist.gov/vuln/detail/CVE-2022-31030))<br> - cpio ([CVE-2021-38185](https://nvd.nist.gov/vuln/detail/CVE-2021-38185))<br> - cryptsetup ([CVE-2021-4122](https://nvd.nist.gov/vuln/detail/CVE-2021-4122)) <br> - curl ([CVE-2022-22576](https://nvd.nist.gov/vuln/detail/CVE-2022-22576), [CVE-2022-27774](https://nvd.nist.gov/vuln/detail/CVE-2022-27774), [CVE-2022-27775](https://nvd.nist.gov/vuln/detail/CVE-2022-27775), [CVE-2022-27776](https://nvd.nist.gov/vuln/detail/CVE-2022-27776), [CVE-2022-27778](https://nvd.nist.gov/vuln/detail/CVE-2022-27778), [CVE-2022-27779](https://nvd.nist.gov/vuln/detail/CVE-2022-27779), [CVE-2022-27780](https://nvd.nist.gov/vuln/detail/CVE-2022-27780), [CVE-2022-27781](https://nvd.nist.gov/vuln/detail/CVE-2022-27781), [CVE-2022-27782](https://nvd.nist.gov/vuln/detail/CVE-2022-27782), [CVE-2022-30115](https://nvd.nist.gov/vuln/detail/CVE-2022-30115), [CVE-2022-32205](https://nvd.nist.gov/vuln/detail/CVE-2022-32205), [CVE-2022-32206](https://nvd.nist.gov/vuln/detail/CVE-2022-32206), [CVE-2022-32207](https://nvd.nist.gov/vuln/detail/CVE-2022-32207), [CVE-2022-32208](https://nvd.nist.gov/vuln/detail/CVE-2022-32208), [CVE-2022-32221](https://nvd.nist.gov/vuln/detail/CVE-2022-32221), [CVE-2022-35260](https://nvd.nist.gov/vuln/detail/CVE-2022-32221), [CVE-2022-42915](https://nvd.nist.gov/vuln/detail/CVE-2022-32221), [CVE-2022-42916](https://nvd.nist.gov/vuln/detail/CVE-2022-32221), [CVE-2022-35252](https://nvd.nist.gov/vuln/detail/CVE-2022-35252), [CVE-2022-43551](https://nvd.nist.gov/vuln/detail/CVE-2022-43551), [CVE-2022-43552](https://nvd.nist.gov/vuln/detail/CVE-2022-43552))<br> - dbus ([CVE-2022-42010](https://nvd.nist.gov/vuln/detail/CVE-2022-42010), [CVE-2022-42011](https://nvd.nist.gov/vuln/detail/CVE-2022-42011), [CVE-2022-42012](https://nvd.nist.gov/vuln/detail/CVE-2022-42012))<br> - duktape ([CVE-2021-46322](https://nvd.nist.gov/vuln/detail/CVE-2021-46322))<br> - expat ([CVE-2022-40674](https://nvd.nist.gov/vuln/detail/CVE-2022-40674), [CVE-2022-43680](https://nvd.nist.gov/vuln/detail/CVE-2022-43680))<br> - gcc ([CVE-2020-13844](https://nvd.nist.gov/vuln/detail/CVE-2020-13844))<br> - git ([CVE-2022-23521](https://nvd.nist.gov/vuln/detail/CVE-2022-23521), [CVE-2022-24765](https://nvd.nist.gov/vuln/detail/CVE-2022-24765), [CVE-2022-29187](https://nvd.nist.gov/vuln/detail/CVE-2022-29187), [CVE-2022-39253](https://nvd.nist.gov/vuln/detail/CVE-2022-39253), [CVE-2022-39260](https://nvd.nist.gov/vuln/detail/CVE-2022-39260), [CVE-2022-41903](https://nvd.nist.gov/vuln/detail/CVE-2022-41903))<br> - glib ([fixes to normal form handling in GVariant](https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835))<br> - gnupg ([CVE-2022-34903](https://nvd.nist.gov/vuln/detail/CVE-2022-34903))<br> - gnutls ([CVE-2021-4209](https://nvd.nist.gov/vuln/detail/CVE-2021-4209), [GNUTLS-SA-2022-01-17](https://gitlab.com/gnutls/gnutls/-/issues/1277), [CVE-2022-2509](https://nvd.nist.gov/vuln/detail/CVE-2022-2509))<br> - gzip,xz-utils ([CVE-2022-1271](https://nvd.nist.gov/vuln/detail/CVE-2022-1271))<br> - ignition ([CVE-2020-14040](https://nvd.nist.gov/vuln/detail/CVE-2020-14040), [CVE-2021-38561](https://nvd.nist.gov/vuln/detail/CVE-2021-38561), [CVE-2022-1706](https://nvd.nist.gov/vuln/detail/CVE-2022-1706))<br> - intel-microcode ([CVE-2021-0127](https://nvd.nist.gov/vuln/detail/CVE-2021-0127), [CVE-2021-0146](https://nvd.nist.gov/vuln/detail/CVE-2021-0146), [CVE-2022-21151](https://nvd.nist.gov/vuln/detail/CVE-2022-21151), [CVE-2022-21233](https://nvd.nist.gov/vuln/detail/CVE-2022-21233))<br> - krb5 ([CVE-2021-37750](https://nvd.nist.gov/vuln/detail/CVE-2021-37750))<br> - libarchive ([CVE-2021-31566](https://nvd.nist.gov/vuln/detail/CVE-2021-31566), [CVE-2021-36976](https://nvd.nist.gov/vuln/detail/CVE-2021-36976), [CVE-2022-26280](https://nvd.nist.gov/vuln/detail/CVE-2022-26280), [CVE-2022-36227](https://nvd.nist.gov/vuln/detail/CVE-2022-36227), [libarchive-1565](https://github.com/libarchive/libarchive/issues/1565), [libarchive-1566](https://github.com/libarchive/libarchive/issues/1566))<br> - libksba ([CVE-2022-3515](https://nvd.nist.gov/vuln/detail/CVE-2022-3515), [CVE-2022-47629](https://nvd.nist.gov/vuln/detail/CVE-2022-47629))<br> - GNU Libtasn1 ([Gentoo#866237](https://bugs.gentoo.org/866237))<br> - libtirpc ([CVE-2021-46828](https://nvd.nist.gov/vuln/detail/CVE-2021-46828))<br> - libxml2 ([CVE-2016-3709](https://nvd.nist.gov/vuln/detail/CVE-2016-3709), [CVE-2022-2309](https://nvd.nist.gov/vuln/detail/CVE-2022-2309), [CVE-2022-23308](https://nvd.nist.gov/vuln/detail/CVE-2022-23308), [CVE-2022-29824](https://nvd.nist.gov/vuln/detail/CVE-2022-29824), [CVE-2022-40303](https://nvd.nist.gov/vuln/detail/CVE-2022-40303), [CVE-2022-40304](https://nvd.nist.gov/vuln/detail/CVE-2022-40304))<br> - logrotate ([CVE-2022-1348](https://nvd.nist.gov/vuln/detail/CVE-2022-1348))<br> - multipath-tools ([CVE-2022-41973](https://nvd.nist.gov/vuln/detail/CVE-2022-41973), [CVE-2022-41974](https://nvd.nist.gov/vuln/detail/CVE-2022-41974))<br> - ncurses ([CVE-2022-29458](https://nvd.nist.gov/vuln/detail/CVE-2022-29458))<br> - nvidia-drivers ([CVE-2022-28181](https://nvd.nist.gov/vuln/detail/CVE-2022-28181), [CVE-2022-28183](https://nvd.nist.gov/vuln/detail/CVE-2022-28183), [CVE-2022-28184](https://nvd.nist.gov/vuln/detail/CVE-2022-28184), [CVE-2022-28185](https://nvd.nist.gov/vuln/detail/CVE-2022-28185))<br> - oniguruma ([oniguruma-20220430](https://bugs.gentoo.org/841893))<br> - OpenSSH ([CVE-2021-41617](https://nvd.nist.gov/vuln/detail/CVE-2021-41617))<br> - OpenSSL ([CVE-2021-4044](https://nvd.nist.gov/vuln/detail/CVE-2021-4044), [CVE-2022-1292](https://nvd.nist.gov/vuln/detail/CVE-2022-1292), [CVE-2022-1343](https://nvd.nist.gov/vuln/detail/CVE-2022-1343), [CVE-2022-1434](https://nvd.nist.gov/vuln/detail/CVE-2022-1434), [CVE-2022-1473](https://nvd.nist.gov/vuln/detail/CVE-2022-1473), [CVE-2022-3602](https://nvd.nist.gov/vuln/detail/CVE-2022-3602), [CVE-2022-3786](https://nvd.nist.gov/vuln/detail/CVE-2022-3786))<br> - polkit ([CVE-2021-4115](https://nvd.nist.gov/vuln/detail/CVE-2021-4115))<br> - rsync ([CVE-2018-25032](https://nvd.nist.gov/vuln/detail/CVE-2018-25032), [CVE-2022-29154](https://nvd.nist.gov/vuln/detail/CVE-2022-29154))<br> - runc ([CVE-2022-29162](https://nvd.nist.gov/vuln/detail/CVE-2022-29162))<br> - shadow ([CVE-2013-4235](https://nvd.nist.gov/vuln/detail/CVE-2013-4235))<br> - sudo ([CVE-2022-43995](https://nvd.nist.gov/vuln/detail/CVE-2022-43995), [CVE-2023-22809](https://nvd.nist.gov/vuln/detail/CVE-2023-22809))<br> - systemd ([CVE-2021-3997](https://nvd.nist.gov/vuln/detail/CVE-2021-3997), [CVE-2022-3821](https://nvd.nist.gov/vuln/detail/CVE-2022-3821), [CVE-2022-4415](https://nvd.nist.gov/vuln/detail/CVE-2022-4415))<br> - unzip ([CVE-2022-0529](https://nvd.nist.gov/vuln/detail/CVE-2022-0529), [CVE-2022-0530](https://nvd.nist.gov/vuln/detail/CVE-2022-0530), [CVE-2021-4217](https://nvd.nist.gov/vuln/detail/CVE-2021-4217))<br> - util-linux ([CVE-2021-3995](https://nvd.nist.gov/vuln/detail/CVE-2021-3995), [CVE-2021-3996](https://nvd.nist.gov/vuln/detail/CVE-2021-3996), [CVE-2022-0563](https://nvd.nist.gov/vuln/detail/CVE-2022-0563))<br> - vim ([CVE-2021-3872](https://nvd.nist.gov/vuln/detail/CVE-2021-3872), [CVE-2021-3875](https://nvd.nist.gov/vuln/detail/CVE-2021-3875), [CVE-2021-3903](https://nvd.nist.gov/vuln/detail/CVE-2021-3903), [CVE-2021-3927](https://nvd.nist.gov/vuln/detail/CVE-2021-3927), [CVE-2021-3928](https://nvd.nist.gov/vuln/detail/CVE-2021-3928), [CVE-2021-3968](https://nvd.nist.gov/vuln/detail/CVE-2021-3968), [CVE-2021-3973](https://nvd.nist.gov/vuln/detail/CVE-2021-3973), [CVE-2021-3974](https://nvd.nist.gov/vuln/detail/CVE-2021-3974), [CVE-2021-3984](https://nvd.nist.gov/vuln/detail/CVE-2021-3984), [CVE-2021-4019](https://nvd.nist.gov/vuln/detail/CVE-2021-4019), [CVE-2021-4069](https://nvd.nist.gov/vuln/detail/CVE-2021-4069), [CVE-2021-4136](https://nvd.nist.gov/vuln/detail/CVE-2021-4136), [CVE-2021-4173](https://nvd.nist.gov/vuln/detail/CVE-2021-4173),[ CVE-2021-4166](https://nvd.nist.gov/vuln/detail/CVE-2021-4166), [CVE-2021-4187](https://nvd.nist.gov/vuln/detail/CVE-2021-4187), [CVE-2021-4192](https://nvd.nist.gov/vuln/detail/CVE-2021-4192), [CVE-2021-4193](https://nvd.nist.gov/vuln/detail/CVE-2021-4193), [CVE-2022-0128](https://nvd.nist.gov/vuln/detail/CVE-2022-0128), [CVE-2022-0156](https://nvd.nist.gov/vuln/detail/CVE-2022-0156), [CVE-2022-0158](https://nvd.nist.gov/vuln/detail/CVE-2022-0158), [CVE-2022-0213](https://nvd.nist.gov/vuln/detail/CVE-2022-0213), [CVE-2022-0261](https://nvd.nist.gov/vuln/detail/CVE-2022-0261), [CVE-2022-0318](https://nvd.nist.gov/vuln/detail/CVE-2022-0318), [CVE-2022-0319](https://nvd.nist.gov/vuln/detail/CVE-2022-0319), [CVE-2022-0351](https://nvd.nist.gov/vuln/detail/CVE-2022-0351), [CVE-2022-0359](https://nvd.nist.gov/vuln/detail/CVE-2022-0359), [CVE-2022-0361](https://nvd.nist.gov/vuln/detail/CVE-2022-0361), [CVE-2022-0368](https://nvd.nist.gov/vuln/detail/CVE-2022-0368), [CVE-2022-0392](https://nvd.nist.gov/vuln/detail/CVE-2022-0392), [CVE-2022-0393](https://nvd.nist.gov/vuln/detail/CVE-2022-0393), [CVE-2022-0407](https://nvd.nist.gov/vuln/detail/CVE-2022-0407), [CVE-2022-0408](https://nvd.nist.gov/vuln/detail/CVE-2022-0408), [CVE-2022-0413](https://nvd.nist.gov/vuln/detail/CVE-2022-0413), [CVE-2022-0417](https://nvd.nist.gov/vuln/detail/CVE-2022-0417), [CVE-2022-0443](https://nvd.nist.gov/vuln/detail/CVE-2022-0443), [CVE-2022-0629](https://nvd.nist.gov/vuln/detail/CVE-2022-0629), [CVE-2022-0685](https://nvd.nist.gov/vuln/detail/CVE-2022-0685), [CVE-2022-0714](https://nvd.nist.gov/vuln/detail/CVE-2022-0714), [CVE-2022-0729](https://nvd.nist.gov/vuln/detail/CVE-2022-0729), [CVE-2022-0943](https://nvd.nist.gov/vuln/detail/CVE-2022-0943), [CVE-2022-1154](https://nvd.nist.gov/vuln/detail/CVE-2022-1154), [CVE-2022-1160](https://nvd.nist.gov/vuln/detail/CVE-2022-1160), [CVE-2022-1381](https://nvd.nist.gov/vuln/detail/CVE-2022-1381), [CVE-2022-1420](https://nvd.nist.gov/vuln/detail/CVE-2022-1420), [CVE-2022-1616](https://nvd.nist.gov/vuln/detail/CVE-2022-1616), [CVE-2022-1619](https://nvd.nist.gov/vuln/detail/CVE-2022-1619), [CVE-2022-1620](https://nvd.nist.gov/vuln/detail/CVE-2022-1620), [CVE-2022-1621](https://nvd.nist.gov/vuln/detail/CVE-2022-1621), [CVE-2022-1629](https://nvd.nist.gov/vuln/detail/CVE-2022-1629), [CVE-2022-1674](https://nvd.nist.gov/vuln/detail/CVE-2022-1674), [CVE-2022-1725](https://nvd.nist.gov/vuln/detail/CVE-2022-1725), [CVE-2022-1733](https://nvd.nist.gov/vuln/detail/CVE-2022-1733), [CVE-2022-1735](https://nvd.nist.gov/vuln/detail/CVE-2022-1735), [CVE-2022-1769](https://nvd.nist.gov/vuln/detail/CVE-2022-1769), [CVE-2022-1771](https://nvd.nist.gov/vuln/detail/CVE-2022-1771), [CVE-2022-1785](https://nvd.nist.gov/vuln/detail/CVE-2022-1785), [CVE-2022-1796](https://nvd.nist.gov/vuln/detail/CVE-2022-1796), [CVE-2022-1897](https://nvd.nist.gov/vuln/detail/CVE-2022-1897), [CVE-2022-1898](https://nvd.nist.gov/vuln/detail/CVE-2022-1898), [CVE-2022-1886](https://nvd.nist.gov/vuln/detail/CVE-2022-1886), [CVE-2022-1851](https://nvd.nist.gov/vuln/detail/CVE-2022-1851), [CVE-2022-1927](https://nvd.nist.gov/vuln/detail/CVE-2022-1927), [CVE-2022-1942](https://nvd.nist.gov/vuln/detail/CVE-2022-1942), [CVE-2022-1968](https://nvd.nist.gov/vuln/detail/CVE-2022-1968), [CVE-2022-2000](https://nvd.nist.gov/vuln/detail/CVE-2022-2000), [CVE-2022-2042](https://nvd.nist.gov/vuln/detail/CVE-2022-2042), [CVE-2022-2124](https://nvd.nist.gov/vuln/detail/CVE-2022-2124), [CVE-2022-2125](https://nvd.nist.gov/vuln/detail/CVE-2022-2125), [CVE-2022-2126](https://nvd.nist.gov/vuln/detail/CVE-2022-2126), [CVE-2022-2129](https://nvd.nist.gov/vuln/detail/CVE-2022-2129), [CVE-2022-2175](https://nvd.nist.gov/vuln/detail/CVE-2022-2175), [CVE-2022-2182](https://nvd.nist.gov/vuln/detail/CVE-2022-2182), [CVE-2022-2183](https://nvd.nist.gov/vuln/detail/CVE-2022-2183), [CVE-2022-2206](https://nvd.nist.gov/vuln/detail/CVE-2022-2206), [CVE-2022-2207](https://nvd.nist.gov/vuln/detail/CVE-2022-2207), [CVE-2022-2208](https://nvd.nist.gov/vuln/detail/CVE-2022-2208), [CVE-2022-2210](https://nvd.nist.gov/vuln/detail/CVE-2022-2210), [CVE-2022-2231](https://nvd.nist.gov/vuln/detail/CVE-2022-2231), [CVE-2022-2257](https://nvd.nist.gov/vuln/detail/CVE-2022-2257), [CVE-2022-2264](https://nvd.nist.gov/vuln/detail/CVE-2022-2264), [CVE-2022-2284](https://nvd.nist.gov/vuln/detail/CVE-2022-2284), [CVE-2022-2285](https://nvd.nist.gov/vuln/detail/CVE-2022-2285), [CVE-2022-2286](https://nvd.nist.gov/vuln/detail/CVE-2022-2286), [CVE-2022-2287](https://nvd.nist.gov/vuln/detail/CVE-2022-2287), [CVE-2022-2288](https://nvd.nist.gov/vuln/detail/CVE-2022-2288), [CVE-2022-2289](https://nvd.nist.gov/vuln/detail/CVE-2022-2289), [CVE-2022-2304](https://nvd.nist.gov/vuln/detail/CVE-2022-2304), [CVE-2022-2343](https://nvd.nist.gov/vuln/detail/CVE-2022-2343), [CVE-2022-2344](https://nvd.nist.gov/vuln/detail/CVE-2022-2344), [CVE-2022-2345](https://nvd.nist.gov/vuln/detail/CVE-2022-2345), [CVE-2022-2522](https://nvd.nist.gov/vuln/detail/CVE-2022-2522), [CVE-2022-2816](https://nvd.nist.gov/vuln/detail/CVE-2022-2816), [CVE-2022-2817](https://nvd.nist.gov/vuln/detail/CVE-2022-2817), [CVE-2022-2819](https://nvd.nist.gov/vuln/detail/CVE-2022-2819), [CVE-2022-2845](https://nvd.nist.gov/vuln/detail/CVE-2022-2845), [CVE-2022-2849](https://nvd.nist.gov/vuln/detail/CVE-2022-2849), [CVE-2022-2862](https://nvd.nist.gov/vuln/detail/CVE-2022-2862), [CVE-2022-2874](https://nvd.nist.gov/vuln/detail/CVE-2022-2874), [CVE-2022-2889](https://nvd.nist.gov/vuln/detail/CVE-2022-2889), [CVE-2022-2923](https://nvd.nist.gov/vuln/detail/CVE-2022-2923), [CVE-2022-2946](https://nvd.nist.gov/vuln/detail/CVE-2022-2946), [CVE-2022-2980](https://nvd.nist.gov/vuln/detail/CVE-2022-2980), [CVE-2022-2982](https://nvd.nist.gov/vuln/detail/CVE-2022-2982), [CVE-2022-3016](https://nvd.nist.gov/vuln/detail/CVE-2022-3016), [CVE-2022-3099](https://nvd.nist.gov/vuln/detail/CVE-2022-3099), [CVE-2022-3134](https://nvd.nist.gov/vuln/detail/CVE-2022-3134), [CVE-2022-3153](https://nvd.nist.gov/vuln/detail/CVE-2022-3153), [CVE-2022-3234](https://nvd.nist.gov/vuln/detail/CVE-2022-3234), [CVE-2022-3235](https://nvd.nist.gov/vuln/detail/CVE-2022-3235), [CVE-2022-3278](https://nvd.nist.gov/vuln/detail/CVE-2022-3278), [CVE-2022-3256](https://nvd.nist.gov/vuln/detail/CVE-2022-3256), [CVE-2022-3296](https://nvd.nist.gov/vuln/detail/CVE-2022-3296), [CVE-2022-3297](https://nvd.nist.gov/vuln/detail/CVE-2022-3297), [CVE-2022-3324](https://nvd.nist.gov/vuln/detail/CVE-2022-3324), [CVE-2022-3352](https://nvd.nist.gov/vuln/detail/CVE-2022-3352), [CVE-2022-3491](https://nvd.nist.gov/vuln/detail/CVE-2022-3491), [CVE-2022-3520](https://nvd.nist.gov/vuln/detail/CVE-2022-3520), [CVE-2022-3591](https://nvd.nist.gov/vuln/detail/CVE-2022-3591), [CVE-2022-3705](https://nvd.nist.gov/vuln/detail/CVE-2022-3705), [CVE-2022-4141](https://nvd.nist.gov/vuln/detail/CVE-2022-4141), [CVE-2022-4292](https://nvd.nist.gov/vuln/detail/CVE-2022-4292), [CVE-2022-4293](https://nvd.nist.gov/vuln/detail/CVE-2022-4293), [CVE-2023-0049](https://nvd.nist.gov/vuln/detail/CVE-2023-0049), [CVE-2023-0051](https://nvd.nist.gov/vuln/detail/CVE-2023-0051), [CVE-2023-0054](https://nvd.nist.gov/vuln/detail/CVE-2023-0054))<br> - zlib ([CVE-2018-25032](https://nvd.nist.gov/vuln/detail/CVE-2018-25032), [CVE-2022-37434](https://nvd.nist.gov/vuln/detail/CVE-2022-37434))<br> - SDK: edk2-ovmf ([CVE-2019-14584](https://nvd.nist.gov/vuln/detail/CVE-2019-14584), [CVE-2021-28210](https://nvd.nist.gov/vuln/detail/CVE-2021-28210), [CVE-2021-28211](https://nvd.nist.gov/vuln/detail/CVE-2021-28211), [CVE-2021-28213](https://nvd.nist.gov/vuln/detail/CVE-2021-28213))<br> - SDK: libxslt ([CVE-2021-30560](https://nvd.nist.gov/vuln/detail/CVE-2021-30560))<br> - SDK: mantle ([CVE-2021-3121](https://nvd.nist.gov/vuln/detail/CVE-2021-3121), [CVE-2021-38561](https://nvd.nist.gov/vuln/detail/CVE-2021-38561), [CVE-2021-43565](https://nvd.nist.gov/vuln/detail/CVE-2021-43565))<br> - SDK: Python ([CVE-2015-20107](https://nvd.nist.gov/vuln/detail/CVE-2015-20107), [CVE-2020-10735](https://nvd.nist.gov/vuln/detail/CVE-2020-10735), [CVE-2021-3654](https://nvd.nist.gov/vuln/detail/CVE-2021-3654), [CVE-2022-37454](https://nvd.nist.gov/vuln/detail/CVE-2022-37454), [CVE-2022-42919](https://nvd.nist.gov/vuln/detail/CVE-2022-42919), [CVE-2022-45061](https://nvd.nist.gov/vuln/detail/CVE-2022-45061))<br> - SDK: QEMU ([CVE-2020-14394](https://nvd.nist.gov/vuln/detail/CVE-2020-14394), [CVE-2020-35504](https://nvd.nist.gov/vuln/detail/CVE-2020-35504), [CVE-2020-35505](https://nvd.nist.gov/vuln/detail/CVE-2020-35505), [CVE-2020-35506](https://nvd.nist.gov/vuln/detail/CVE-2020-35506), [CVE-2020-35517](https://nvd.nist.gov/vuln/detail/CVE-2020-35517), [CVE-2021-20203](https://nvd.nist.gov/vuln/detail/CVE-2021-20203), [CVE-2021-20255](https://nvd.nist.gov/vuln/detail/CVE-2021-20255), [CVE-2021-20257](https://nvd.nist.gov/vuln/detail/CVE-2021-20257), [CVE-2021-20263](https://nvd.nist.gov/vuln/detail/CVE-2021-20263), [CVE-2021-3409](https://nvd.nist.gov/vuln/detail/CVE-2021-3409), [CVE-2021-3416](https://nvd.nist.gov/vuln/detail/CVE-2021-3416), [CVE-2021-3527](https://nvd.nist.gov/vuln/detail/CVE-2021-3527), [CVE-2021-3544](https://nvd.nist.gov/vuln/detail/CVE-2021-3544), [CVE-2021-3545](https://nvd.nist.gov/vuln/detail/CVE-2021-3545), [CVE-2021-3546](https://nvd.nist.gov/vuln/detail/CVE-2021-3546), [CVE-2021-3582](https://nvd.nist.gov/vuln/detail/CVE-2021-3582), [CVE-2021-3607](https://nvd.nist.gov/vuln/detail/CVE-2021-3607), [CVE-2021-3608](https://nvd.nist.gov/vuln/detail/CVE-2021-3608), [CVE-2021-3682](https://nvd.nist.gov/vuln/detail/CVE-2021-3682), [CVE-2021-20203](https://nvd.nist.gov/vuln/detail/CVE-2021-20203), [CVE-2021-3713](https://nvd.nist.gov/vuln/detail/CVE-2021-3713), [CVE-2021-3930](https://nvd.nist.gov/vuln/detail/CVE-2021-3930), [CVE-2021-3947](https://nvd.nist.gov/vuln/detail/CVE-2021-3947), [CVE-2021-4145](https://nvd.nist.gov/vuln/detail/CVE-2021-4145), [CVE-2022-0216](https://nvd.nist.gov/vuln/detail/CVE-2022-0216), [CVE-2022-26353](https://nvd.nist.gov/vuln/detail/CVE-2022-26353), [CVE-2022-26354](https://nvd.nist.gov/vuln/detail/CVE-2022-26354), [CVE-2022-3872](https://nvd.nist.gov/vuln/detail/CVE-2022-3872), [CVE-2022-4172](https://nvd.nist.gov/vuln/detail/CVE-2022-4172))<br> - SDK: Rust ([CVE-2022-21658](https://nvd.nist.gov/vuln/detail/CVE-2022-21658), [CVE-2022-36113](https://nvd.nist.gov/vuln/detail/CVE-2022-36113), [CVE-2022-36114](https://nvd.nist.gov/vuln/detail/CVE-2022-36114), [CVE-2022-46176](https://nvd.nist.gov/vuln/detail/CVE-2022-46176))<br> - SDK: squashfs-tools ([CVE-2021-40153](https://nvd.nist.gov/vuln/detail/CVE-2021-40153), [CVE-2021-41072](https://nvd.nist.gov/vuln/detail/CVE-2021-41072))<br> - VMware: open-vm-tools ([CVE-2022-31676](https://nvd.nist.gov/vuln/detail/CVE-2022-31676))<br><br> <br> #### Bug fixes:<br> <br> - Added `networkd` translation to `files` section when converting from Ignition 2.x to Ignition 3.x ([coreos-overlay#1910](https://github.com/flatcar-linux/coreos-overlay/pull/1910), [flatcar#741](https://github.com/flatcar-linux/Flatcar/issues/741))<br> - Added a remount action as `systemd-sysext.service` drop-in unit to restore the OEM partition mount after the overlay mounts in `/usr` are done ([init#69](https://github.com/flatcar-linux/init/pull/69))<br> - Added back Ignition support for Vagrant ([coreos-overlay#2351](https://github.com/flatcar/coreos-overlay/pull/2351))<br> - Added back `gettext` to the OS ([Flatcar#849](https://github.com/flatcar-linux/Flatcar/issues/849))<br> - Added merging of Ignition systemd duplicated units when auto-translating from Ignition 2 to Ignition 3. ([coreos-overlay#2187](https://github.com/flatcar/coreos-overlay/pull/2187))<br> - Added support for Openstack for cloud-init activation ([flatcar-linux/init#76](https://github.com/flatcar-linux/init/pull/76))<br> - Added support for hardware security keys in update-ssh-keys ([update-ssh-keys#7](https://github.com/flatcar/update-ssh-keys/pull/7))<br> - Enabled IOMMU on arm64 kernels, the lack of which prevented some systems from booting ([coreos-overlay#2235](https://github.com/flatcar/coreos-overlay/pull/2235))<br> - Excluded Wireguard interface from `systemd-networkd` default management ([Flatcar#808](https://github.com/flatcar-linux/Flatcar/issues/808))<br> - Excluded the Kubenet cbr0 interface from networkd's DHCP config and set it to Unmanaged to prevent interference and ensure that it is not part of the network online check ([init#55](https://github.com/flatcar-linux/init/pull/55))<br> - Excluded the special Kubernetes network interfaces `nodelocaldns` and `kube-ipvs0` from being managed with systemd-networkd which interfered with the setup ([init#89](https://github.com/flatcar/init/pull/89)).<br> - Fix "ext4 deadlock under heavy I/O load" kernel issue. The patch for this is included provisionally while we wait for it to be merged upstream ([Flatcar#847](https://github.com/flatcar/Flatcar/issues/847), [coreos-overlay#2315](https://github.com/flatcar/coreos-overlay/pull/2315))<br> - Fixed Ignition btrfs forced formatting for OEM partition ([coreos-overlay#2277](https://github.com/flatcar/coreos-overlay/pull/2277))<br> - Fixed Ignition's OEM ID to be `metal` to follow the Ignition upstream change which otherwise resulted in a broken boot when the Flatcar OEM ID `pxe` was used ([bootengine#45](https://github.com/flatcar-linux/bootengine/pull/45))<br> - Fixed `/etc/resolv.conf` symlink by pointing it at `resolv.conf` instead of `stub-resolv.conf`. This bug was present since the update to systemd v250 ([coreos-overlay#2057](https://github.com/flatcar-linux/coreos-overlay/pull/2057))<br> - Fixed a regression (in Alpha/Beta) where machines failed to boot if they didn't have the `core` user or group in `/etc/passwd` or `/etc/group` ([baselayout#26](https://github.com/flatcar/baselayout/pull/26))<br> - Fixed excluded interface type from default systemd-networkd configuration ([flatcar-linux/init#78](https://github.com/flatcar-linux/init/pull/78))<br> - Fixed space escaping in the `networkd` Ignition translation ([Flatcar#812](https://github.com/flatcar-linux/Flatcar/issues/812))<br> - Fixed the dracut emergency Ignition log printing that had a scripting error causing the cat command to fail ([bootengine#33](https://github.com/flatcar-linux/bootengine/pull/33))<br> - Made Ignition write the SSH keys into a file under `authorized_keys.d/ignition` again and added a call to `update-ssh-keys` after Ignition ran to create the merged `authorized_keys` file, which fixes the problem that keys added by Ignition get lost when `update-ssh-keys` runs ([init#66](https://github.com/flatcar-linux/init/pull/66))<br> - Re-added the `brd drbd nbd rbd xen-blkfront zram libarc4 lru_cache zsmalloc` kernel modules to the initramfs since they were missing compared to the Flatcar 3033.2.x releases where the 5.10 kernel is used ([bootengine#40](https://github.com/flatcar-linux/bootengine/pull/40))<br> - Restored the support to specify OEM partition files in Ignition when `/usr/share/oem` is given as initrd mount point ([bootengine#58](https://github.com/flatcar/bootengine/pull/58))<br> - Reverted the Linux kernel commit which broke networking on AWS instances which use Intel 82559 NIC (c4/m4) ([Flatcar#665](https://github.com/flatcar-linux/Flatcar/issues/665), [coreos-overlay#1723](https://github.com/flatcar-linux/coreos-overlay/pull/1723))<br> - Skipped starting `ensure-sysext.service` if `systemd-sysext.service` won't be started, to prevent reporting a dependency failure ([Flatcar#710](https://github.com/flatcar-linux/Flatcar/issues/710))<br> - The Ignition v3 kargs directive failed before when used with the generic image where no `grub.cfg` exists, this was fixed by creating it first ([bootengine#47](https://github.com/flatcar-linux/bootengine/pull/47))<br> - The rootfs setup in the initrd now runs systemd-tmpfiles on every boot, not only when Ignition runs, to fix a dbus failure due to missing files ([Flatcar#944](https://github.com/flatcar/Flatcar/issues/944))<br> - flatcar-update: Stopped checking for the `USER` environment variable which may not be set in all environments, causing the script to fail unless a workaround was used like prepending an additional `sudo` invocation ([init#58](https://github.com/flatcar-linux/init/pull/58))<br> - network: Accept ICMPv6 Router Advertisements to fix IPv6 address assignment in the default DHCP setting ([init#51](https://github.com/flatcar-linux/init/pull/51), [coreos-cloudinit#12](https://github.com/flatcar-linux/coreos-cloudinit/pull/12), [bootengine#30](https://github.com/flatcar-linux/bootengine/pull/30))<br> - Fixed the restart of Systemd services when the main process is being killed by a SIGHUP signal ([flatcar#1157](https://github.com/flatcar/Flatcar/issues/1157))<br> - Resolved the conflicting FD usage of libselinux and systemd which caused, e.g., a systemd crash on certain watchdog interaction during shutdown (patch in systemd 252.11)<br> - AWS: added EKS support for version 1.22 and 1.23. ([coreos-overlay#2110](https://github.com/flatcar-linux/coreos-overlay/pull/2110), [Flatcar#829](https://github.com/flatcar-linux/Flatcar/issues/829))- VMWare: excluded `wireguard` (and others) from `systemd-networkd` management. ([init#80](https://github.com/flatcar-linux/init/pull/80))<br> - GCP: Restored oem-gce.service functionality on GCP ([coreos-overlay#1813](https://github.com/flatcar-linux/coreos-overlay/pull/1813))<br> - GCP: Fixed shutdown script execution ([coreos-overlay#1912](https://github.com/flatcar-linux/coreos-overlay/pull/1912), [flatcar#743](https://github.com/flatcar-linux/Flatcar/issues/743))<br><br> <br> #### Changes:<br> <br> - ARM64: Added [cifs-utils](https://wiki.samba.org/index.php/LinuxCIFS_utils) for ARM64<br> - ARM64: Added [sssd](https://sssd.io/), [adcli](https://www.freedesktop.org/software/realmd/adcli/adcli.html) and realmd for ARM64<br> - Added CONFIG_NF_CT_NETLINK_HELPER (for libnetfilter_cthelper), CONFIG_NET_VRF (for virtual routing and forwarding) and CONFIG_KEY_DH_OPERATIONS (for keyutils) to the kernel config ([coreos-overlay#1524](https://github.com/flatcar-linux/coreos-overlay/pull/1524))<br> - Added VMware networking configuration in the initramfs via guestinfo settings ([bootengine#44](https://github.com/flatcar-linux/bootengine/pull/44), [flatcar#717](https://github.com/flatcar-linux/Flatcar/issues/717))<br> - Added `CONFIG_NF_CONNTRACK_BRIDGE` (for nf_conntrack_bridge) and `CONFIG_NFT_BRIDGE_META` (for nft_meta_bridge) to the kernel config to allow using conntrack rules for bridges in nftables and to match on bridge interface names ([coreos-overlay#2207](https://github.com/flatcar/coreos-overlay/pull/2207))<br> - Added `auditd.service` but left it disabled by default, a custom configuration can be created by removing `/etc/audit/auditd.conf` and replacing it with an own file ([coreos-overlay#1636](https://github.com/flatcar-linux/coreos-overlay/pull/1636))<br> - Added `cryptsetup` to the initramfs for the Ignition `luks` directive ([flatcar-linux/coreos-overlay#1760](https://github.com/flatcar-linux/coreos-overlay/pull/1760))<br> - Added a new flatcar-update tool to the image to ease manual updates, rollbacks, channel/release jumping, and airgapped updates ([init#53](https://github.com/flatcar-linux/init/pull/53))<br> - Added efibootmgr binary to the image ([coreos-overlay#1955](https://github.com/flatcar-linux/coreos-overlay/pull/1955))<br> - Added symlink from `nc` to `ncat`. `-q` option is [not yet supported](https://github.com/nmap/nmap/issues/2422) ([flatcar#545](https://github.com/flatcar-linux/Flatcar/issues/545))<br> - Besides Ignition v1 and v2 configurations, Ignition configurations with specification v3 (up to 3.3.0) are now supported, see the [docs section for details](https://www.flatcar.org/docs/latest/provisioning/ignition/specification/#ignition-v3)<br> - Bring in dependencies for NFS4 with Kerberos both in kernel and userspace. Tested against NFS4.1 server. ([coreos-overlay#1664](https://github.com/flatcar-linux/coreos-overlay/pull/1664))<br> - Change CONFIG_WIREGUARD kernel option to module to save space on boot partition ([coreos-overlay#2239](https://github.com/flatcar/coreos-overlay/pull/2239))<br> - Disable several arch specific arm64 kernel config options for unsupported platforms to save space on boot partition ([coreos-overlay#2239](https://github.com/flatcar/coreos-overlay/pull/2239))<br> - Enabled `CONFIG_INTEL_RAPL` on AMD64 Kernel config to compile `intel_rapl_common` module in order to allow power monitoring on modern Intel processors ([coreos-overlay#1801](https://github.com/flatcar-linux/coreos-overlay/pull/1801))<br> - Enabled `systemd-sysext.service` to activate systemd-sysext images on boot, to disable you will need to mask it. Also added a helper service `ensure-sysext.service` which reloads the systemd units to reevaluate the `sockets`, `timers`, and `multi-user` targets when `systemd-sysext.service` is (re)started, making it possible to enable units that are part of a sysext image ([init#65](https://github.com/flatcar-linux/init/pull/65))<br> - Excluded special network interface devices like bridge, tunnel, vxlan, and veth devices from the default DHCP configuration to prevent networkd interference ([init#56](https://github.com/flatcar-linux/init/pull/56))<br> - For amd64 `/usr/lib` used to be a symlink to `/usr/lib64` but now they became two separate folders as common in other distributions (and was the case for arm64 already). Compatibility symlinks exist in case `/usr/lib64` was used to access, e.g., the `modules` folder or the `systemd` folder ([coreos-overlay#1713](https://github.com/flatcar-linux/coreos-overlay/pull/1713), [scripts#255](https://github.com/flatcar-linux/scripts/pull/255))<br> - Made SELinux enabled by default in default containerd configuration file. ([coreos-overlay#1699](https://github.com/flatcar-linux/coreos-overlay/pull/1699))<br> - Removed rngd.service because it is not essential anymore for the kernel to boot fast in VM environments ([coreos-overlay#1700](https://github.com/flatcar-linux/coreos-overlay/pull/1700))<br> - Specifying the OEM filesystem in Ignition to write files to `/usr/share/oem` is not needed anymore ([bootengine#58](https://github.com/flatcar/bootengine/pull/58))<br> - Switched from `--strip-unneeded` to `--strip-debug` when installing kernel modules, which makes kernel stacktraces more accurate and makes debugging issues easier ([coreos-overlay#2196](https://github.com/flatcar/coreos-overlay/pull/2196))<br> - The flatcar-update tool got two new flags to customize ports used on the host while updating flatcar ([init#81](https://github.com/flatcar/init/pull/81))<br> - Toolbox now uses containerd to download and mount the image ([toolbox#7](https://github.com/flatcar/toolbox/pull/7))<br> - Update-engine now creates the `/run/reboot-required` flag file for [kured](https://github.com/weaveworks/kured) ([update_engine#15](https://github.com/flatcar-linux/update_engine/pull/15))<br> - flatcar-install: Added option to create UEFI boot entry ([init#74](https://github.com/flatcar-linux/init/pull/74))<br> - Add qemu-guest-agent to all amd64 images, it will be automatically enabled when qemu-ga virtio-port is detected ([coreos-overlay#2240](https://github.com/flatcar/coreos-overlay/pull/2240), [portage-stable#373](https://github.com/flatcar/portage-stable/pull/373))<br> - Add a way to remove packages that are hard-blockers for update. A hard-blocker means that the package needs to be removed (for example with `emerge -C`) before an update can happen.<br> - Add support for Microsoft Azure Network Adapter (MANA) NICs on Azure ([scripts#1131](https://github.com/flatcar/scripts/pull/1131))<br> - Defined a systemd-sysext level that sysext images can match for instead of the OS version when they don't have a strong coupling, meaning the only metadata required is `SYSEXT_LEVEL=1.0` and `ID=flatcar` ([Flatcar#643](https://github.com/flatcar-linux/Flatcar/issues/643))<br> - Removed the pre-shipped `/etc/flatcar/update.conf` file, leaving it totally to the user to define the contents as it was unnecessarily overwriting the `/use/share/flatcar/update.conf` ([scripts#212](https://github.com/flatcar-linux/scripts/pull/212))<br> - Rework the way we set up the default python intepreter in SDK - it is now without specifying a version. This should work fine as long as we keep having one version of python in SDK.<br> - Use qcow2 compressed format instead of additional compression layer in Qemu images ([Flatcar#1135](https://github.com/flatcar/Flatcar/issues/1135), [scripts#1132](https://github.com/flatcar/scripts/pull/1132))<br> - AWS: Added AWS IMDSv2 support to coreos-cloudinit ([flatcar-linux/coreos-cloudinit#13](https://github.com/flatcar-linux/coreos-cloudinit/pull/13))<br> - AWS EC2: Removed the setup of `/etc/hostname` from the instance metadata because it used a long FQDN but we can just use use the hostname set via DHCP ([Flatcar#707](https://github.com/flatcar-linux/Flatcar/issues/707))<br> - Azure: Azure VHD disks are now created using subformat=fixed, which makes them suitable for immediate upload to Azure using any tool.<br> - Azure: Set up `/etc/hostname` from instance metadata with Afterburn<br> - OpenStack: enabled `coreos-metadata-sshkeys@.service` to provision SSH keys from metadata. ([Flatcar#817](https://github.com/flatcar/Flatcar/issues/817), [coreos-overlay#2246](https://github.com/flatcar/coreos-overlay/pull/2246))<br> - VMWare: Added `ignition-delete-config.service` to remove Ignition config from VM metadata, see also [here](https://coreos.github.io/ignition/operator-notes/#automatic-config-deletion) ([coreos-overlay#1948](https://github.com/flatcar-linux/coreos-overlay/pull/1948))<br> - SDK / ARM64: Added [go-tspi](https://pkg.go.dev/github.com/coreos/go-tspi) bindings for ARM64<br><br> <br> #### Updates:<br> <br>- Linux ([5.15.132](https://lwn.net/Articles/944877) (includes [5.15.131](https://lwn.net/Articles/943755), [5.15.130](https://lwn.net/Articles/943404), [5.15.129](https://lwn.net/Articles/943113), [5.15.128](https://lwn.net/Articles/942866), [5.15.127](https://lwn.net/Articles/941775), [5.15.126](https://lwn.net/Articles/941296), [5.15.125](https://lwn.net/Articles/940798), [5.15.124](https://lwn.net/Articles/940339), [5.15.123](https://lwn.net/Articles/939424), [5.15.122](https://lwn.net/Articles/939104), [5.15.121](https://lwn.net/Articles/939016), [5.15.120](https://lwn.net/Articles/937404), [5.15.119](https://lwn.net/Articles/936675), [5.15.118](https://lwn.net/Articles/935584), [5.15.117](https://lwn.net/Articles/934622), [5.15.116](https://lwn.net/Articles/934320), [5.15.115](https://lwn.net/Articles/933909), [5.15.114](https://lwn.net/Articles/933280), [5.15.113](https://lwn.net/Articles/932883), [5.15.112](https://lwn.net/Articles/932134), [5.15.111](https://lwn.net/Articles/931680), [5.15.110](https://lwn.net/Articles/930600), [5.15.109](https://lwn.net/Articles/930263), [5.15.108](https://lwn.net/Articles/929679), [5.15.107](https://lwn.net/Articles/929015), [5.15.106](https://lwn.net/Articles/928343), [5.15.105](https://lwn.net/Articles/927860), [5.15.104](https://lwn.net/Articles/926873), [5.15.103](https://lwn.net/Articles/926415), [5.15.102](https://lwn.net/Articles/925991), [5.15.101](https://lwn.net/Articles/925939), [5.15.100](https://lwn.net/Articles/925913), [5.15.99](https://lwn.net/Articles/925844), [5.15.98](https://lwn.net/Articles/925080), [5.15.97](https://lwn.net/Articles/925064), [5.15.96](https://lwn.net/Articles/924441), [5.15.95](https://lwn.net/Articles/924073), [5.15.94](https://lwn.net/Articles/923308), [5.15.93](https://lwn.net/Articles/922814), [5.15.92](https://lwn.net/Articles/922340), [5.15.91](https://lwn.net/Articles/921851), [5.15.90](https://lwn.net/Articles/921029), [5.15.89](https://lwn.net/Articles/920321), [5.15.88](https://lwn.net/Articles/920012), [5.15.87](https://lwn.net/Articles/919793), [5.15.86](https://lwn.net/Articles/918808), [5.15.85](https://lwn.net/Articles/918329), [5.15.84](https://lwn.net/Articles/918206), [5.15.83](https://lwn.net/Articles/917896), [5.15.82](https://lwn.net/Articles/917400), [5.15.81](https://lwn.net/Articles/916763), [5.15.80](https://lwn.net/Articles/916003), [5.15.79](https://lwn.net/Articles/915100), [5.15.78](https://lwn.net/Articles/914423), [5.15.77](https://lwn.net/Articles/913681), [5.15.76](https://lwn.net/Articles/912997), [5.15.75](https://lwn.net/Articles/912500), [5.15.74](https://lwn.net/Articles/911275), [5.15.73](https://lwn.net/Articles/910957), [5.15.72](https://lwn.net/Articles/910398), [5.15.71](https://lwn.net/Articles/909679), [5.15.70](https://lwn.net/Articles/909212), [5.15.69](https://lwn.net/Articles/908782), [5.15.68](https://lwn.net/Articles/908140), [5.15.67](https://lwn.net/Articles/907526), [5.15.66](https://lwn.net/Articles/907524), [5.15.65](https://lwn.net/Articles/907204), [5.15.64](https://lwn.net/Articles/906630), [5.15.63](https://lwn.net/Articles/906059), [5.15.62](https://lwn.net/Articles/905533), [5.15.61](https://lwn.net/Articles/904959), [5.15.60](https://lwn.net/Articles/904461), [5.15.59](https://lwn.net/Articles/903688), [5.15.58](https://lwn.net/Articles/902917), [5.15.57](https://lwn.net/Articles/902317), [5.15.56](https://lwn.net/Articles/902101), [5.15.55](https://lwn.net/Articles/901380), [5.15.54](https://lwn.net/Articles/900911), [5.15.53](https://lwn.net/Articles/900321), [5.15.52](https://lwn.net/Articles/899788), [5.15.51](https://lwn.net/Articles/899370), [5.15.50](https://lwn.net/Articles/899091), [5.15.49](https://lwn.net/Articles/898622), [5.15.48](https://lwn.net/Articles/898124), [5.15.47](https://lwn.net/Articles/897904), [5.15.46](https://lwn.net/Articles/897377), [5.15.45](https://lwn.net/Articles/897167), [5.15.44](https://lwn.net/Articles/896647), [5.15.43](https://lwn.net/Articles/896220), [5.15.42](https://lwn.net/Articles/896226), [5.15.41](https://lwn.net/Articles/895645), [5.15.40](https://lwn.net/Articles/895318), [5.15.39](https://lwn.net/Articles/895070), [5.15.38](https://lwn.net/Articles/894357), [5.15.37](https://lwn.net/Articles/893264), [5.15.36](https://lwn.net/Articles/892812), [5.15.35](https://lwn.net/Articles/892002), [5.15.34](https://lwn.net/Articles/891251), [5.15.33](https://lwn.net/Articles/890722), [5.15.32](https://lwn.net/Articles/889438), [5.15.31](https://lwn.net/Articles/889001), [5.15.30](https://lwn.net/Articles/888521), [5.15.29](https://lwn.net/Articles/888116), [5.15.28](https://lwn.net/Articles/887638), [5.15.27](https://lwn.net/Articles/887219), [5.15.26](https://lwn.net/Articles/886569), [5.15.25](https://lwn.net/Articles/885895), [5.15.24](https://lwn.net/Articles/884973), [5.15.23](https://lwn.net/Articles/884527), [5.15.22](https://lwn.net/Articles/884107), [5.15.21](https://lwn.net/Articles/883958), [5.15.20](https://lwn.net/Articles/883951), [5.15.19](https://lwn.net/Articles/883441), [5.15.18](https://lwn.net/Articles/883326), [5.15.17](https://lwn.net/Articles/882911), [5.15.16](https://lwn.net/Articles/881963), [5.15.15](https://lwn.net/Articles/881548), [5.15.14](https://lwn.net/Articles/881018), [5.15.13](https://lwn.net/Articles/880469), [5.15.12](https://lwn.net/Articles/879997), [5.15.11](https://lwn.net/Articles/879496), [5.15.10](https://lwn.net/Articles/879023), [5.15.9](https://lwn.net/Articles/878898), [5.15.8](https://lwn.net/Articles/878631), [5.15.7](https://lwn.net/Articles/878040), [5.15.6](https://lwn.net/Articles/877286), [5.15.5](https://lwn.net/Articles/876860), [5.15.4](https://lwn.net/Articles/876611)))<br>- Linux Firmware ([20230117](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20230117) (includes [20221214](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20221214), [20221109](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20221109), [20221012](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20221012), [20220913](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20220913), [20220815](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20220815), [20220708](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20220708), [20220610](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20220610), [20220509](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20220509), [20220411](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20220411), [20220310](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20220310), [20220209](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20220209)))<br>- Linux Headers ([5.15](https://lwn.net/Articles/876611/))<br>- Go ([1.19.5](https://go.dev/doc/devel/release#go1.19.5) (includes [1.19.4](https://go.dev/doc/devel/release#go1.19.4), [1.19.3](https://go.dev/doc/devel/release#go1.19.3), [1.18.10](https://go.dev/doc/devel/release#go1.18.10), [1.18.9](https://go.dev/doc/devel/release#go1.18.9), [1.18.7](https://go.dev/doc/devel/release#1.18.7), [1.18.6](https://go.dev/doc/devel/release#go1.18.6), [1.18.4](https://go.dev/doc/devel/release#go1.18.4), [1.18.2](https://go.googlesource.com/go/+/refs/tags/go1.18.2), [1.17.9](https://go.googlesource.com/go/+/refs/tags/go1.17.9)))<br>- Docker ([20.10.23](https://docs.docker.com/engine/release-notes/#201023) (includes [20.10.22](https://docs.docker.com/engine/release-notes/#201022), [20.10.21](https://docs.docker.com/engine/release-notes/#201021), [20.10.20](https://docs.docker.com/engine/release-notes/#201020), [20.10.18](https://docs.docker.com/engine/release-notes/#201018), [20.10.17](https://docs.docker.com/engine/release-notes/#201017), [20.10.16](https://docs.docker.com/engine/release-notes/#201016), [20.10.15](https://docs.docker.com/engine/release-notes/#201015), [20.10.14](https://docs.docker.com/engine/release-notes/#201014), [20.10.13](https://docs.docker.com/engine/release-notes/#201013)))<br>- acl ([2.3.1](https://git.savannah.nongnu.org/cgit/acl.git/log/?h=v2.3.1))<br>- new: acpid ([2.0.33](https://sourceforge.net/p/acpid2/code/ci/2.0.33/tree/Changelog)) <br>- adcli ([0.9.2](https://gitlab.freedesktop.org/realmd/adcli/-/releases#0.9.2) (includes [0.9.1](https://gitlab.freedesktop.org/realmd/adcli/-/releases#0.9.1)))<br>- afterburn ([5.2.0](https://github.com/coreos/afterburn/releases/tag/v5.2.0))<br>- attr ([2.5.1](https://git.savannah.nongnu.org/cgit/attr.git/log/?h=v2.5.1))<br>- audit ([3.0.6](https://listman.redhat.com/archives/linux-audit/2021-October/msg00000.html))<br>- automake ([1.16.5](https://savannah.gnu.org/forum/forum.php?forum_id=10055))<br>- bind tools ([9.16.36](https://bind9.readthedocs.io/en/v9_16_36/notes.html#notes-for-bind-9-16-36) (includes [9.16.35](https://bind9.readthedocs.io/en/v9_16_34/notes.html#notes-for-bind-9-16-35), [9.16.34](https://bind9.readthedocs.io/en/v9_16_35/notes.html#notes-for-bind-9-16-34), [9.16.33](https://gitlab.isc.org/isc-projects/bind9/-/raw/v9_16_33/CHANGES), [9.16.27](https://gitlab.isc.org/isc-projects/bind9/-/blob/v9_16_27/CHANGES)))<br>- binutils ([2.39](https://sourceware.org/pipermail/binutils/2022-August/122246.html) (includes [2.38](https://lwn.net/Articles/884264)))<br>- boost ([1.79](https://www.boost.org/users/history/version_1_79_0.html) (includes [1.76.0](https://www.boost.org/users/history/version_1_76_0.html)))<br>- bpftool ([5.19.12](https://lwn.net/Articles/909678/) (includes [5.19.8](https://lwn.net/Articles/907523/), [5.19.2](https://lwn.net/Articles/904957/), [5.18.11](https://lwn.net/Articles/900912/), [5.15.8](https://lwn.net/Articles/878631/)))<br>- bridge-utils ([1.7.1](https://git.kernel.org/pub/scm/network/bridge/bridge-utils.git/log/?h=v1.7.1))<br>- btrfs-progs ([5.15.1](https://btrfs.wiki.kernel.org/index.php/Changelog#btrfs-progs_v5.15_.28Nov_2021.29))<br>- ca-certificates ([3.93](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_93.html) (includes [3.90](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_90.html), [3.78](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_78.html)))<br>- cifs-utils ([6.15](https://lists.samba.org/archive/samba-technical/2022-April/137335.html) (includes [6.13](https://lkml.kernel.org/linux-cifs/CAKywueSqRGSFmeDHQacyu831BNUeGFxGg3vgBmozzhkGBCjyXQ@mail.gmail.com/T/)))<br>- conntrack-tools ([1.4.6](https://lists.netfilter.org/pipermail/netfilter-announce/2020/000240.html))<br>- containerd ([1.6.16](https://github.com/containerd/containerd/releases/tag/v1.6.16) (includes [1.6.15](https://github.com/containerd/containerd/releases/tag/v1.6.15), [1.6.14](https://github.com/containerd/containerd/releases/tag/v1.6.14), [1.6.13](https://github.com/containerd/containerd/releases/tag/v1.6.13), [1.6.12](https://github.com/containerd/containerd/releases/tag/v1.6.12), [1.6.10](https://github.com/containerd/containerd/releases/tag/v1.6.10), [1.6.9](https://github.com/containerd/containerd/releases/tag/v1.6.9), [1.6.8](https://github.com/containerd/containerd/releases/tag/v1.6.8), [1.6.7](https://github.com/containerd/containerd/releases/tag/v1.6.7), [1.6.6](https://github.com/containerd/containerd/releases/tag/v1.6.6), [1.6.4](https://github.com/containerd/containerd/releases/tag/v1.6.4), [1.6.3](https://github.com/containerd/containerd/releases/tag/v1.6.3), [1.6.2](https://github.com/containerd/containerd/releases/tag/v1.6.2), [1.6.1](https://github.com/containerd/containerd/releases/tag/v1.6.1), [1.6.0](https://github.com/containerd/containerd/releases/tag/v1.6.0)))<br>- coreutils ([8.32](https://lists.gnu.org/archive/html/coreutils-announce/2020-03/msg00000.html))<br>- cpio ([2.13](https://lists.gnu.org/archive/html/bug-cpio/2019-11/msg00000.html))<br>- cri-tools ([1.24.2](https://github.com/kubernetes-sigs/cri-tools/releases/tag/v1.24.2))<br>- cryptsetup ([2.4.3](https://lore.kernel.org/all/572c18a7bf60cb1b0f67c3a03c531d7e7ed31832.camel@scientia.net/T/))<br>- curl ([7.87.0](https://curl.se/changes.html#7_87_0) (includes [7.86](https://curl.se/changes.html#7_86_0), [7.85](https://curl.se/mail/archive-2022-08/0012.html), [7.84.0](https://github.com/curl/curl/releases/tag/curl-7_84_0), [7.83.1](https://curl.se/mail/lib-2022-05/0010.html)))<br>- Cyrus SASL ([2.1.28](https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28))<br>- dbus ([1.14.4](https://gitlab.freedesktop.org/dbus/dbus/-/raw/dbus-1.14.4/NEWS) (includes [1.12.22](https://gitlab.freedesktop.org/dbus/dbus/-/blob/177ab044bc87cbc4ded75d21b900795a6fefef76/NEWS)))<br>- diffutils ([3.8](https://lists.gnu.org/archive/html/info-gnu/2021-08/msg00000.html))<br>- dosfstools ([4.2](https://github.com/dosfstools/dosfstools/releases/tag/v4.2))<br>- duktape ([2.7.0](https://github.com/svaarala/duktape/releases/tag/v2.7.0))<br>- e2fsprogs ([1.46.5](http://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.46.5) (includes [1.46.4](http://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.46.4)))<br>- elfutils ([0.188](https://sourceware.org/pipermail/elfutils-devel/2022q4/005561.html) (includes [0.187](https://sourceware.org/pipermail/elfutils-devel/2022q2/004978.html), [0.186](https://sourceware.org/git/?p=elfutils.git;a=blob;f=NEWS;h=490932ae4ef9b5a3af01d2c8c616f14d57586046;hb=983e86fd89e8bf02f2d27ba5dce5bf078af4ceda)))<br>- ethtool ([5.10](https://git.kernel.org/pub/scm/network/ethtool/ethtool.git/tree/NEWS?h=v5.10))<br>- expat ([2.5.0](https://github.com/libexpat/libexpat/blob/R_2_5_0/expat/Changes) (includes [2.4.9](https://github.com/libexpat/libexpat/blob/R_2_4_9/expat/Changes)))<br>- findutils ([4.8.0](https://savannah.gnu.org/forum/forum.php?forum_id=9914))<br>- gawk ([5.2.1](https://lists.gnu.org/archive/html/help-gawk/2022-11/msg00008.html) (contains [5.2.0](https://lists.gnu.org/archive/html/help-gawk/2022-09/msg00000.html)))<br>- gcc ([11.3.0](https://gcc.gnu.org/gcc-11/changes.html) (includes [10.3.0](https://gcc.gnu.org/gcc-10/changes.html), [9.4.0](https://lists.gnu.org/archive/html/info-gnu/2021-06/msg00000.html)))<br>- gdb ([11.2](https://lists.gnu.org/archive/html/info-gnu/2022-01/msg00009.html))<br>- gdbm ([1.22](https://lists.gnu.org/archive/html/info-gnu/2021-10/msg00006.html))<br>- gettext ([0.21.1](https://git.savannah.gnu.org/gitweb/?p=gettext.git;a=blob;f=NEWS;h=cdbb16746c23555e70bb1e16917f5c349ce92d9e;hb=8b38ee827251cadbb90cb6cb576ae98702566288) (includes [0.21](https://www.gnu.org/software/gettext/)))<br>- git ([2.39.1](https://github.com/git/git/blob/v2.39.1/Documentation/RelNotes/2.39.1.txt) (includes [2.39.0](https://github.com/git/git/blob/v2.39.0/Documentation/RelNotes/2.39.0.txt), [2.38.3](https://github.com/git/git/blob/v2.38.3/Documentation/RelNotes/2.38.3.txt), [2.37.4](https://github.com/git/git/blob/master/Documentation/RelNotes/2.37.4.txt), [2.37.3](https://github.com/git/git/blob/v2.37.3/Documentation/RelNotes/2.37.3.txt), [2.37.1](https://github.com/git/git/blob/v2.37.1/Documentation/RelNotes/2.37.1.txt), [2.35.3](https://github.com/git/git/blob/v2.35.3/Documentation/RelNotes/2.35.3.txt)))<br>- glib ([2.74.4](https://gitlab.gnome.org/GNOME/glib/-/tags/2.74.4) (includes [2.74.1](https://gitlab.gnome.org/GNOME/glib/-/tags/2.74.1), [2.72.3](https://gitlab.gnome.org/GNOME/glib/-/tags/2.73.3), [2.68.4](https://gitlab.gnome.org/GNOME/glib/-/releases/2.68.4)))<br>- glibc ([2.36](https://sourceware.org/pipermail/libc-alpha/2022-August/141193.html) (includes [2.35](https://savannah.gnu.org/forum/forum.php?forum_id=10111), [2.34](https://sourceware.org/pipermail/libc-alpha/2021-August/129718.html)))<br>- gnupg ([2.2.35](https://dev.gnupg.org/T5928))<br>- gnutls ([3.7.8](https://lists.gnupg.org/pipermail/gnutls-help/2022-September/004765.html) (includes [3.7.7](https://gitlab.com/gnutls/gnutls/-/tags/3.7.7), [3.7.3](https://gitlab.com/gnutls/gnutls/-/merge_requests/1517)))<br>- grep ([3.7](https://savannah.gnu.org/forum/forum.php?forum_id=10037))<br>- gzip ([1.12](https://savannah.gnu.org/forum/forum.php?forum_id=10157) (includes [1.11](https://lists.gnu.org/archive/html/info-gnu/2021-09/msg00002.html)))<br>- i2c-tools ([4.3](https://git.kernel.org/pub/scm/utils/i2c-tools/i2c-tools.git/tree/CHANGES?id=d8bc1f1ff4b00a6bd988aa114100ae9b787f50d8) (includes [4.2](https://git.kernel.org/pub/scm/utils/i2c-tools/i2c-tools.git/log/?h=v4.2)))<br>- ignition ([2.14.0](https://github.com/coreos/ignition/releases/tag/v2.14.0) (includes [2.13.0](https://github.com/coreos/ignition/releases/tag/v2.13.0)))<br>- intel-microcode ([20220809](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20220809) (includes [20220510](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20220510), [20220207_p20220207](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20220207), [20221108](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20221108)))<br>- iperf ([3.10.1](https://github.com/esnet/iperf/blob/master/RELNOTES.md#iperf-3101-2021-06-03))<br>- iproute2 ([5.15](https://lwn.net/ml/linux-kernel/20211101164705.6f4f2e41%40hermes.local/))<br>- ipset ([7.11](https://ipset.netfilter.org/changelog.html))<br>- iptables ([1.8.8](https://www.netfilter.org/projects/iptables/files/changes-iptables-1.8.8.txt))<br>- iputils ([20211215](https://github.com/iputils/iputils/releases/tag/20211215) (includes [20210722](https://github.com/iputils/iputils/releases/tag/20210722)))<br>- ipvsadm ([1.27](http://archive.linuxvirtualserver.org/html/lvs-devel/2013-09/msg00011.html))<br>- jansson ([2.14](https://github.com/akheron/jansson/blob/v2.14/CHANGES))<br>- kmod ([29](https://git.kernel.org/pub/scm/utils/kernel/kmod/kmod.git/commit/?id=b6ecfc916a17eab8f93be5b09f4e4f845aabd3d1))<br>- ldb ([2.4.1](https://gitlab.com/samba-team/samba/-/commit/a795e0c84597aa045d011e663dbad3cdabf0f1e6))<br>- less ([590](https://www.greenwoodsoftware.com/less/news.590.html))<br>- libarchive ([3.6.1](https://github.com/libarchive/libarchive/releases/tag/v3.6.1) (includes [3.5.3](https://github.com/libarchive/libarchive/releases/tag/v3.5.3), [3.5.2](https://github.com/libarchive/libarchive/releases/tag/v3.5.2)))<br>- libbsd ([0.11.3](https://gitlab.freedesktop.org/libbsd/libbsd/-/commits/0.11.3/))<br>- libcap ([2.66](https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.d9ygdose5kw) (includes [2.65](https://sites.google.com/site/fullycapable/release-notes-for-libcap?authuser=0#h.wfblevfzkj0)))<br>- libcap-ng ([0.8.3](https://people.redhat.com/sgrubb/libcap-ng/ChangeLog) (includes [0.8.2](https://github.com/stevegrubb/libcap-ng/releases/tag/v0.8.2)))<br>- libksba ([1.6.3](https://dev.gnupg.org/T6304) (includes [1.6.2](https://dev.gnupg.org/T6230)))<br>- libnetfilter_queue ([1.0.5](https://git.netfilter.org/libnetfilter_queue/log/?h=libnetfilter_queue-1.0.5))<br>- libpcap ([1.10.1](https://git.tcpdump.org/libpcap/blob/c7642e2cc0c5bd65754685b160d25dc23c76c6bd:/CHANGES))<br>- libseccomp ([2.5.4](https://github.com/seccomp/libseccomp/releases/tag/v2.5.4) (contains [2.5.3](https://github.com/seccomp/libseccomp/releases/tag/v2.5.3), [2.5.2](https://github.com/seccomp/libseccomp/releases/tag/v2.5.2), [2.5.1](https://github.com/seccomp/libseccomp/releases/tag/v2.5.1)))<br>- libtasn1 ([4.19.0](https://lists.gnu.org/archive/html/help-libtasn1/2022-08/msg00001.html) (includes [4.17.0](https://gitlab.com/gnutls/libtasn1/-/blob/v4.17.0/NEWS)))<br>- liburing ([2.1](https://github.com/axboe/liburing/commits/liburing-2.1))<br>- libxml2 ([2.10.3](https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3) (includes [2.10.2](https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.2), [2.9.14](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.9.14), [2.9.13](http://www.xmlsoft.org/news.html)))<br>- logrotate ([3.20.1](https://github.com/logrotate/logrotate/releases/tag/3.20.1))<br>- lshw ([02.19.2b_p20210121](https://www.ezix.org/project/wiki/HardwareLiSter#Changes))<br>- lsof ([4.94.0](https://github.com/lsof-org/lsof/releases/tag/4.94.0))<br>- lsscsi ([0.32](https://sg.danny.cz/scsi/lsscsi.ChangeLog))<br>- mantle ([0.18.0](https://github.com/flatcar-linux/mantle/releases/tag/v0.18.0) (includes [0.17.0](https://github.com/flatcar-linux/mantle/releases/tag/v0.17.0)))<br>- mdadm ([4.2](https://lore.kernel.org/all/28fdbc45-96ca-7cdb-3ced-a5f65d978048@trained-monkey.org/T/))<br>- MIT Kerberos V ([1.20.1](https://web.mit.edu/kerberos/krb5-1.20/krb5-1.20.1.html))<br>- multipath-tools ([0.9.3](https://github.com/opensvc/multipath-tools/releases/tag/0.9.3) (includes [0.8.7](https://github.com/opensvc/multipath-tools/commits/0.8.7)))<br>- ncurses ([6.3_p20220423](https://lists.gnu.org/archive/html/info-gnu/2021-11/msg00001.html))<br>- nettle ([3.8.1](https://git.lysator.liu.se/nettle/nettle/-/blob/990abad16ceacd070747dcc76ed16a39c129321e/ChangeLog))<br>- nfs-utils ([2.5.4](https://lore.kernel.org/linux-fsdevel/c8795653-7728-18a4-93dc-58943ad0fe09@redhat.com/))<br>- nghttp2 ([1.45.1](https://github.com/nghttp2/nghttp2/releases/tag/v1.45.1))<br>- nmap ([7.93](https://nmap.org/changelog.html#7.93))<br>- nvidia-drivers ([510.73.05](https://docs.nvidia.com/datacenter/tesla/tesla-release-notes-510-73-05/index.html))<br>- nvme-cli ([1.16](https://github.com/linux-nvme/nvme-cli/commits/deee9cae1ac94760deebd71f8e5449061338666c))<br>- oniguruma ([6.9.8](https://github.com/kkos/oniguruma/releases/tag/v6.9.8) (includes [6.9.7.1](https://github.com/kkos/oniguruma/releases/tag/v6.9.7.1)))<br>- open-isns ([0.101](https://github.com/open-iscsi/open-isns/blob/v0.101/ChangeLog))<br>- openssh ([9.1](http://www.openssh.com/releasenotes.html#9.1) (includes [8.8](http://www.openssh.com/txt/release-8.8)))<br>- openssl ([3.0.7](https://www.openssl.org/news/openssl-3.0-notes.html) (includes [3.0.3](https://www.openssl.org/news/changelog.html#openssl-30), [3.0.2](https://www.openssl.org/news/changelog.html#openssl-30), [3.0.1](https://www.openssl.org/news/changelog.html#openssl-30)))<br>- pam ([1.5.1_p20210622](https://github.com/linux-pam/linux-pam/commit/fe1307512fb8892b5ceb3d884c793af8dbd4c16a))<br>- pambase (20220214)<br>- parted ([3.4](https://savannah.gnu.org/forum/forum.php?forum_id=9924) (includes [3.3](https://savannah.gnu.org/forum/forum.php?forum_id=9569)))<br>- pciutils ([3.7.0](https://github.com/pciutils/pciutils/commit/864aecdea9c7db626856d8d452f6c784316a878c))<br>- pcre2 ([10.39](https://github.com/PhilipHazel/pcre2/blob/pcre2-10.39/NEWS))<br>- pinentry ([1.2.0](https://dev.gnupg.org/T5566))<br>- polkit ([121](https://gitlab.freedesktop.org/polkit/polkit/-/commit/827b0ddac5b1ef00a47fca4526fcf057bee5f1db) (includes [0.120](https://gitlab.freedesktop.org/polkit/polkit/-/blob/0.120/NEWS)))<br>- quota ([4.06](https://sourceforge.net/p/linuxquota/code/ci/0acd4cc6275122fd9864cb7b5d349e65a2622920/))<br>- rpcbind ([1.2.6](https://git.linux-nfs.org/?p=steved/rpcbind.git;a=shortlog;h=refs/tags/rpcbind-1_2_6))<br>- rsync ([3.2.7](https://download.samba.org/pub/rsync/NEWS#3.2.7) (includes [3.2.6](https://github.com/WayneD/rsync/releases/tag/v3.2.6), [3.2.4](https://download.samba.org/pub/rsync/NEWS.html#3.2.4)))<br>- runc ([1.1.4](https://github.com/opencontainers/runc/releases/tag/v1.1.4) (includes [1.1.3](https://github.com/opencontainers/runc/releases/tag/v1.1.3), [1.1.2](https://github.com/opencontainers/runc/releases/tag/v1.1.2), [1.1.1](https://github.com/opencontainers/runc/releases/tag/v1.1.1), [1.1.0](https://github.com/opencontainers/runc/releases/tag/v1.1.0)))<br>- samba ([4.15.4](https://www.samba.org/samba/history/samba-4.15.4.html))<br>- sed ([4.8](https://savannah.gnu.org/forum/forum.php?forum_id=9647))<br>- shadow ([4.13](https://github.com/shadow-maint/shadow/releases/tag/4.13) (includes [4.12.3](https://github.com/shadow-maint/shadow/releases/tag/4.12.3), [4.11.1](https://github.com/shadow-maint/shadow/releases/tag/v4.11.1)))<br>- socat ([1.7.4.3](https://repo.or.cz/socat.git/blob/refs/tags/tag-1.7.4.3:/CHANGES))<br>- sqlite ([3.40.1](https://www.sqlite.org/releaselog/3_40_1.html) (contains [3.40.0](https://www.sqlite.org/releaselog/3_40_0.html), [3.39.4](https://sqlite.org/releaselog/3_39_4.html), [3.38.1](https://www.sqlite.org/releaselog/3_38_1.html)))<br>- strace ([5.19](https://github.com/strace/strace/releases/tag/v5.19))<br>- sudo ([1.9.12_p2](https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_12p2) (includes [1.9.12_p1](https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_12p1), [1.9.10](https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_10)))<br>- systemd ([252.11](https://github.com/systemd/systemd-stable/releases/tag/v252.11) (includes [252.5](https://github.com/systemd/systemd-stable/releases/tag/v252.5), [252](https://github.com/systemd/systemd/releases/tag/v252), [251.10](https://github.com/systemd/systemd-stable/commits/v251.10), [251](https://github.com/systemd/systemd/releases/tag/v251), [250.7](https://github.com/systemd/systemd-stable/releases/tag/v250.7), [250.3](https://github.com/systemd/systemd-stable/releases/tag/v250.3), [249.7](https://github.com/systemd/systemd-stable/blob/v249.7/NEWS)))<br>- talloc ([2.3.3](https://gitlab.com/samba-team/samba/-/commit/bc1ee7ca0640f0136e5af7dcc4ca8ed0a5893053))<br>- tcpdump ([4.99.1](https://git.tcpdump.org/tcpdump/blob/5f552b5e6e9fe05f7ad9681d51d0303233daba6a:/CHANGES))<br>- tevent ([0.11.0](https://gitlab.com/samba-team/samba/-/commit/de4e8a1af9564f6056f9af90867c2f013449051c))<br>- thin-provisioning-tools ([0.9.0](https://github.com/jthornber/thin-provisioning-tools/blob/d6d93c3157631b242a13a81d30f75453e576c55a/CHANGES#L1-L9))<br>- timezone-data ([2021a](https://mm.icann.org/pipermail/tz-announce/2021-January/000065.html))<br>- unzip ([6.0_p27](https://metadata.ftp-master.debian.org/changelogs//main/u/unzip/unzip_6.0-27_changelog) (includes [6.0_p26](https://metadata.ftp-master.debian.org/changelogs//main/u/unzip/unzip_6.0-26_changelog)))<br>- usbutils ([014](https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usbutils.git/commit/?id=57fb18e59cce31a50a1ca62d1e192512c905ba00))<br>- util-linux ([2.37.4](https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.4-ChangeLog))<br>- vim ([9.0.1157](https://github.com/vim/vim/releases/tag/v9.0.1157) (includes [9.0.1000](https://github.com/vim/vim/releases/tag/v9.0.1000), [9.0.0828](https://github.com/vim/vim/releases/tag/v9.0.0828), [9.0.0655](https://github.com/vim/vim/releases/tag/v9.0.0655), [9.0.0469](https://github.com/vim/vim/releases/tag/v9.0.0469), [8.2.5066](https://github.com/vim/vim/releases/tag/v8.2.5066), [8.2.4328](https://github.com/vim/vim/releases/tag/v8.2.4328), [8.2.3582](https://github.com/vim/vim/releases/tag/v8.2.3582)))<br>- wget ([1.21.3](https://lists.gnu.org/archive/html/info-gnu/2022-02/msg00017.html))<br>- whois ([5.5.14](https://github.com/rfc1036/whois/commit/ab10466cf2e1ec4887f6a44375c3e29c1720157f) (includes [5.5.13](https://github.com/rfc1036/whois/blob/v5.5.13/debian/changelog), [5.5.11](https://github.com/rfc1036/whois/commit/5f5ba8312c04a759dad05723c035549273d07461)))<br>- wireguard-tools ([1.0.20210914](https://github.com/WireGuard/wireguard-tools/releases/tag/v1.0.20210914))<br>- xfsprogs ([5.14.2](https://marc.info/?l=linux-xfs&m=163883318025390&w=2))<br>- xz-utils ([5.4.1](https://github.com/tukaani-project/xz/releases/tag/v5.4.1) (includes [5.4.0](https://github.com/tukaani-project/xz/releases/tag/v5.4.0), [5.2.10](https://git.tukaani.org/?p=xz.git;a=blob;f=NEWS;h=d92fa88a835180af5d6ff22ad0e240d6468f81af;hb=f7c2cc55618b9af3318f0c908cf8db0df1e28e7c), [5.2.9](https://git.tukaani.org/?p=xz.git;a=blob;f=NEWS;h=ebb303084403445088ec97dfedf0461a6e5b5077;hb=d8a898eb9974683bc725c49ec76722f9a8758f48), [5.2.8](https://git.tukaani.org/?p=xz.git;a=blob;f=NEWS;h=c244b42a6771a6e8af206318dfc500d78929fd6f;hb=5476089d9c42b9b04e92b80e1800b384a98265cb), [5.2.7](https://git.tukaani.org/?p=xz.git;a=blob;f=NEWS;h=0205423e79ce8297102096b0fc8b030ddf5b2023;hb=d24a57b7fc7e5e9267b84367cb0788d3acf7f569), [5.2.6](https://git.tukaani.org/?p=xz.git;a=blob;f=NEWS;h=4c79b18ff26a1c479a920b21f07d050599c04c9e;hb=8dfed05bdaa4873833ba24279f02ad2db25effea)))<br>- zlib ([1.2.13](https://github.com/madler/zlib/releases/tag/v1.2.13) (includes [1.2.12](https://github.com/madler/zlib/blob/21767c654d31d2dccdde4330529775c6c5fd5389/ChangeLog#L4)))<br>- GCE: google-compute-image-packages ([20190124](https://github.com/GoogleCloudPlatform/compute-image-packages/releases/tag/20190124))<br>- OEM: distro ([1.7.0](https://github.com/python-distro/distro/releases/tag/v1.7.0))<br>- OEM: libmspack ([0.10.1_alpha](https://github.com/kyz/libmspack/blob/v0.10.1alpha/libmspack/ChangeLog))<br>- OEM: python ([3.9.16](https://www.python.org/downloads/release/python-3916/) (includes [3.9.12](https://www.python.org/downloads/release/python-3912/), [3.9.8](https://www.python.org/downloads/release/python-398/)))<br>- SDK: bison ([3.8.2](https://lists.gnu.org/archive/html/bug-bison/2021-09/msg00056.html))<br>- SDK: boost ([1.81.0](https://www.boost.org/users/history/version_1_81_0.html))<br>- SDK: catalyst ([3.0.21](https://gitweb.gentoo.org/proj/catalyst.git/log/?h=3.0.21))<br>- SDK: cmake ([3.23.3](https://cmake.org/cmake/help/v3.23/release/3.23.html))<br>- SDK: edk2-ovmf ([202105](https://github.com/tianocore/edk2/releases/tag/edk2-stable202105))<br>- SDK: file ([5.44](https://github.com/file/file/blob/FILE5_44/ChangeLog) (includes [5.43](https://mailman.astron.com/pipermail/file/2022-September/000857.html), [5.40](https://mailman.astron.com/pipermail/file/2021-March/000478.html)))<br>- SDK: gcc-config ([2.5](https://gitweb.gentoo.org/proj/gcc-config.git/tag/?h=v2.5))<br>- SDK: iasl ([20200717](https://www.acpica.org/node/183))<br>- SDK: ipxe ([1.21.1](https://github.com/ipxe/ipxe/releases/tag/v1.21.1))<br>- SDK: kexec-tools ([2.0.22](https://www.spinics.net/lists/kexec/msg26864.html))<br>- SDK: libpng ([1.6.39](http://www.libpng.org/pub/png/src/libpng-1.6.39-README.txt) (includes [1.6.38](http://www.libpng.org/pub/png/src/libpng-1.6.38-README.txt)))<br>- SDK: libtool ([2.4.7](https://savannah.gnu.org/forum/forum.php?forum_id=10139))<br>- SDK: libxslt ([1.1.37](https://gitlab.gnome.org/GNOME/libxslt/-/tags/v1.1.37) (includes [1.1.35](https://gitlab.gnome.org/GNOME/libxslt/-/tags/v1.1.35)))<br>- SDK: man-db ([2.9.4](https://gitlab.com/cjwatson/man-db/-/tags/2.9.4))<br>- SDK: man-pages ([5.12-r2](https://man7.org/linux/man-pages/changelog.html#release_5.12))<br>- SDK: meson ([0.62.2](https://mesonbuild.com/Release-notes-for-0-62-0.html))<br>- SDK: netperf ([2.7.0](https://github.com/HewlettPackard/netperf/blob/netperf-2.7.0/Release_Notes))<br>- SDK: ninja ([1.11.0](https://groups.google.com/g/ninja-build/c/R2oCyDctDf8/m/-U94Y5I8AgAJ?pli=1))<br>- SDK: pahole ([1.23](https://git.kernel.org/pub/scm/devel/pahole/pahole.git/tag/?h=v1.23))<br>- SDK: perl ([5.36.0](https://perldoc.perl.org/5.36.0/perldelta) (includes [5.34.1](https://perldoc.perl.org/5.34.1/perldelta), [5.15](https://kernelnewbies.org/LinuxChanges#Linux_5.15.Tracing.2C_perf_and_BPF)))<br>- SDK: pkgconf ([1.8.0](https://gitea.treehouse.systems/ariadne/pkgconf/src/tag/pkgconf-1.8.0/NEWS))<br>- SDK: portage ([3.0.43](https://github.com/gentoo/portage/blob/portage-3.0.43/NEWS) (includes [3.0.42](https://github.com/gentoo/portage/blob/portage-3.0.42/NEWS), [3.0.41](https://gitweb.gentoo.org/proj/portage.git/tree/NEWS?h=portage-3.0.41)))<br>- SDK: Python ([3.9.12](https://www.python.org/downloads/release/python-3912/) (includes [3.9.8](https://www.python.org/downloads/release/python-398/)))<br>- SDK: qemu ([7.2.0](https://wiki.qemu.org/ChangeLog/7.2) (includes [7.1.0](https://wiki.qemu.org/ChangeLog/7.1), [7.0.0](https://wiki.qemu.org/ChangeLog/7.0), [6.1.0](https://wiki.qemu.org/ChangeLog/6.1)))<br>- SDK: Rust ([1.67.0](https://github.com/rust-lang/rust/releases/tag/1.67.0) (includes [1.66.1](https://github.com/rust-lang/rust/releases/tag/1.66.1), [1.66.0](https://github.com/rust-lang/rust/releases/tag/1.66.0), [1.65.0](https://github.com/rust-lang/rust/releases/tag/1.65.0), [1.64.0](https://github.com/rust-lang/rust/releases/tag/1.64.0), [1.63.0](https://github.com/rust-lang/rust/releases/tag/1.63.0), [1.62.1](https://github.com/rust-lang/rust/releases/tag/1.62.1), [1.62.0](https://github.com/rust-lang/rust/releases/tag/1.62.0), [1.61.0](https://github.com/rust-lang/rust/releases/tag/1.61.0), [1.60.0](https://github.com/rust-lang/rust/releases/tag/1.60.0), [1.59.0](https://github.com/rust-lang/rust/releases/tag/1.59.0), [1.58.1](https://github.com/rust-lang/rust/releases/tag/1.58.1), [1.57.0](https://github.com/rust-lang/rust/releases/tag/1.57.0)))<br>- SDK: sbsigntools ([0.9.4](https://git.kernel.org/pub/scm/linux/kernel/git/jejb/sbsigntools.git/tag/?h=v0.9.4))<br>- SDK: seabios ([1.14.0](https://seabios.org/Releases#SeaBIOS_1.14.0))<br>- SDK: sgabios ([0.1_pre10](https://git.qemu.org/?p=sgabios.git;a=tree;h=a85446adb0e0))<br>- SDK: squashfs-tools ([4.5_p20210914](https://lore.kernel.org/lkml/CAB3woddJss+ziGp-RjJ-yiax6pc_HLMdxk3Qk5nJdRgjpEYWBg@mail.gmail.com/))<br>- VMware: open-vm-tools ([12.1.5](https://github.com/vmware/open-vm-tools/releases/tag/stable-12.1.5) (includes [12.1.0](https://github.com/vmware/open-vm-tools/releases/tag/stable-12.1.0), [12.0.5](https://github.com/vmware/open-vm-tools/releases/tag/stable-12.0.5), [12.0.0](https://github.com/vmware/open-vm-tools/releases/tag/stable-12.0.0)))<br>Packages:<br>- containerd 1.6.16<br>- docker 20.10.23<br>- ignition 2.14.0<br>- kernel 5.15.132<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-10-05T10:09:06+00:00 @@ -30,7 +30,7 @@ https://github.com/flatcar/scripts/releases/tag/lts-3033.3.9 3033.3.9 - 2023-10-25T10:20:36.953578+00:00 + 2023-11-22T09:59:26.674281+00:00 _Changes since **LTS 3033.3.8**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-3424](https://nvd.nist.gov/vuln/detail/CVE-2022-3424), [CVE-2022-3534](https://nvd.nist.gov/vuln/detail/CVE-2022-3534), [CVE-2022-3545](https://nvd.nist.gov/vuln/detail/CVE-2022-3545), [CVE-2022-3623](https://nvd.nist.gov/vuln/detail/CVE-2022-3623), [CVE-2022-36280](https://nvd.nist.gov/vuln/detail/CVE-2022-36280), [CVE-2022-3643](https://nvd.nist.gov/vuln/detail/CVE-2022-3643), [CVE-2022-41218](https://nvd.nist.gov/vuln/detail/CVE-2022-41218), [CVE-2022-4378](https://nvd.nist.gov/vuln/detail/CVE-2022-4378), [CVE-2022-45934](https://nvd.nist.gov/vuln/detail/CVE-2022-45934), [CVE-2022-47929](https://nvd.nist.gov/vuln/detail/CVE-2022-47929), [CVE-2023-0266](https://nvd.nist.gov/vuln/detail/CVE-2023-0266), [CVE-2023-0394](https://nvd.nist.gov/vuln/detail/CVE-2023-0394), [CVE-2023-23454](https://nvd.nist.gov/vuln/detail/CVE-2023-23454), [CVE-2023-23455](https://nvd.nist.gov/vuln/detail/CVE-2023-23455))<br><br>#### Bug fixes:<br><br><br>#### Changes:<br><br><br>#### Updates:<br><br>- Linux ([5.10.164](https://lwn.net/Articles/920322) (includes [5.10.163](https://lwn.net/Articles/920013), [5.10.162](https://lwn.net/Articles/919055), [5.10.161](https://lwn.net/Articles/918330), [5.10.160](https://lwn.net/Articles/918207), [5.10.159](https://lwn.net/Articles/917899), [5.10.158](https://lwn.net/Articles/917402)))<br>- ca-certificates ([3.87](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_87.html) (includes [3.86](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_86.html)))<br><br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.10.164<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-01-24T13:14:09+00:00 @@ -38,7 +38,7 @@ https://github.com/flatcar/scripts/releases/tag/lts-3033.3.8 3033.3.8 - 2023-10-25T10:20:36.948469+00:00 + 2023-11-22T09:59:26.669119+00:00 _Changes since **LTS 3033.3.7**_<br> <br>#### Security fixes:<br> <br>- Linux ([CVE-2022-3169](https://nvd.nist.gov/vuln/detail/CVE-2022-3169), [CVE-2022-3521](https://nvd.nist.gov/vuln/detail/CVE-2022-3521))<br><br>#### Updates:<br> <br>- Linux ([5.10.157](https://lwn.net/Articles/916764) (includes [5.10.156](https://lwn.net/Articles/915992), [5.10.155](https://lwn.net/Articles/915101)))<br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.10.157<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-12-09T09:46:54+00:00 @@ -46,7 +46,7 @@ https://github.com/flatcar/scripts/releases/tag/lts-3033.3.7 3033.3.7 - 2023-10-25T10:20:36.944012+00:00 + 2023-11-22T09:59:26.664638+00:00 _Changes since **LTS 3033.3.6**_<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2021-4037](https://nvd.nist.gov/vuln/detail/CVE-2021-4037), [CVE-2022-0171](https://nvd.nist.gov/vuln/detail/CVE-2022-0171), [CVE-2022-2602](https://nvd.nist.gov/vuln/detail/CVE-2022-2602), [CVE-2022-2663](https://nvd.nist.gov/vuln/detail/CVE-2022-2663), [CVE-2022-3061](https://nvd.nist.gov/vuln/detail/CVE-2022-3061), [CVE-2022-3303](https://nvd.nist.gov/vuln/detail/CVE-2022-3303), [CVE-2022-3535](https://nvd.nist.gov/vuln/detail/CVE-2022-3535), [CVE-2022-3542](https://nvd.nist.gov/vuln/detail/CVE-2022-3542), [CVE-2022-3565](https://nvd.nist.gov/vuln/detail/CVE-2022-3565), [CVE-2022-3586](https://nvd.nist.gov/vuln/detail/CVE-2022-3586), [CVE-2022-3594](https://nvd.nist.gov/vuln/detail/CVE-2022-3594), [CVE-2022-3621](https://nvd.nist.gov/vuln/detail/CVE-2022-3621), [CVE-2022-3646](https://nvd.nist.gov/vuln/detail/CVE-2022-3646), [CVE-2022-3649](https://nvd.nist.gov/vuln/detail/CVE-2022-3649), [CVE-2022-39842](https://nvd.nist.gov/vuln/detail/CVE-2022-39842), [CVE-2022-40307](https://nvd.nist.gov/vuln/detail/CVE-2022-40307), [CVE-2022-40768](https://nvd.nist.gov/vuln/detail/CVE-2022-40768), [CVE-2022-41674](https://nvd.nist.gov/vuln/detail/CVE-2022-41674), [CVE-2022-42719](https://nvd.nist.gov/vuln/detail/CVE-2022-42719), [CVE-2022-42720](https://nvd.nist.gov/vuln/detail/CVE-2022-42720), [CVE-2022-42721](https://nvd.nist.gov/vuln/detail/CVE-2022-42721), [CVE-2022-42722](https://nvd.nist.gov/vuln/detail/CVE-2022-42722), [CVE-2022-43750](https://nvd.nist.gov/vuln/detail/CVE-2022-43750))<br> <br> #### Updates:<br> <br> - Linux ([5.10.154](https://lwn.net/Articles/914423) (includes [5.10.153](https://lwn.net/Articles/913682) [5.10.152](https://lwn.net/Articles/913110), [5.10.151](https://lwn.net/Articles/912993), [5.10.150](https://lwn.net/Articles/912501), [5.10.149](https://lwn.net/Articles/911488), [5.10.148](https://lwn.net/Articles/911276), [5.10.147](https://lwn.net/Articles/910399), [5.10.146](https://lwn.net/Articles/909680), [5.10.145](https://lwn.net/Articles/909213), [5.10.144](https://lwn.net/Articles/908783), [5.10.143](https://lwn.net/Articles/908141)))<br> - ca-certificates ([3.84](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_84.html))<br><br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.10.154<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-11-17T12:03:56+00:00 @@ -54,7 +54,7 @@ https://github.com/flatcar/scripts/releases/tag/lts-3033.3.6 3033.3.6 - 2023-10-25T10:20:36.938488+00:00 + 2023-11-22T09:59:26.659073+00:00 _Changes since **LTS 3033.3.5**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-2905](https://nvd.nist.gov/vuln/detail/CVE-2022-2905), [CVE-2022-3028](https://nvd.nist.gov/vuln/detail/CVE-2022-3028), [CVE-2022-39190](https://nvd.nist.gov/vuln/detail/CVE-2022-39190))<br>- torcx ([CVE-2021-38561](https://nvd.nist.gov/vuln/detail/CVE-2021-38561), [CVE-2021-43565](https://nvd.nist.gov/vuln/detail/CVE-2021-43565), [CVE-2022-27191](https://nvd.nist.gov/vuln/detail/CVE-2022-27191))<br><br>#### Bug fixes:<br><br>- Equinix Metal: Fixed serial console settings for the `m3.small.x86` instance by expanding the GRUB check for `i386` to `x86_64` [coreos-overlay#2122](https://github.com/flatcar-linux/coreos-overlay/pull/2122)<br><br>#### Changes:<br><br>- emerge-gitclone: Migrate emerge-gitclone to use scripts repo tags and submodule refs<br><br>#### Updates:<br><br>- Linux ([5.10.142](https://lwn.net/Articles/907525) (includes [5.10.141](https://lwn.net/Articles/907205), [5.10.140](https://lwn.net/Articles/906628), [5.10.139](https://lwn.net/Articles/906359), [5.10.138](https://lwn.net/Articles/906062)))<br>- ca-certificates ([3.83](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_83.html))<br>- locksmith([0.7.0](https://github.com/flatcar/locksmith/blob/v0.7.0/CHANGELOG.md#v070--30112021))<br><br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.10.142<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-10-17T14:39:29+00:00 @@ -62,7 +62,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3033.3.5 3033.3.5 - 2023-10-25T10:20:36.933418+00:00 + 2023-11-22T09:59:26.653955+00:00 _Changes since **LTS 3033.3.4**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-1679](https://nvd.nist.gov/vuln/detail/CVE-2022-1679), [CVE-2022-2153](https://nvd.nist.gov/vuln/detail/CVE-2022-2153), [CVE-2022-2585](https://nvd.nist.gov/vuln/detail/CVE-2022-2585), [CVE-2022-2586](https://nvd.nist.gov/vuln/detail/CVE-2022-2586), [CVE-2022-2588](https://nvd.nist.gov/vuln/detail/CVE-2022-2588), [CVE-2022-26373](https://nvd.nist.gov/vuln/detail/CVE-2022-26373), [CVE-2022-36946](https://nvd.nist.gov/vuln/detail/CVE-2022-36946))<br><br>#### Changes:<br><br>- The new image signing subkey was added to the public key embedded into `flatcar-install` (the old expired on 10th August 2022), only an updated `flatcar-install` script can verify releases signed with the new key ([init#79](https://github.com/flatcar/init/pull/79))<br><br>#### Updates:<br><br>- Linux ([5.10.137](https://lwn.net/Articles/905534) (includes [5.10.136](https://lwn.net/Articles/904462), [5.10.135](https://lwn.net/Articles/903689)))<br>- ca-certificates ([3.82](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_82.html))<br><br><br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.10.137<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-09-01T12:58:14+00:00 @@ -70,7 +70,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3033.3.4 3033.3.4 - 2023-10-25T10:20:36.928485+00:00 + 2023-11-22T09:59:26.648892+00:00 New LTS-2022 Release 3033.3.4<br><br>Changes since LTS-2022 3033.3.3<br><br>## Security fixes:<br><br>- Linux ([CVE-2022-23816](https://nvd.nist.gov/vuln/detail/CVE-2022-23816), [CVE-2022-23825](https://nvd.nist.gov/vuln/detail/CVE-2022-23825), [CVE-2022-29900](https://nvd.nist.gov/vuln/detail/CVE-2022-29900), [CVE-2022-29901](https://nvd.nist.gov/vuln/detail/CVE-2022-29901))<br><br>## Bug fixes:<br><br><br>## Changes:<br><br><br>## Updates:<br><br>- Linux ([5.10.134](https://lwn.net/Articles/902918) (includes [5.10.133](https://lwn.net/Articles/902372), [5.10.132](https://lwn.net/Articles/902102)))<br>- ca-certificates ([3.81](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_81.html))<br><br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.10.134<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-08-04T12:04:45+00:00 @@ -78,7 +78,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3033.3.3 3033.3.3 - 2023-10-25T10:20:36.923708+00:00 + 2023-11-22T09:59:26.644172+00:00 New **LTS-2022** Release **3033.3.3**<br><br>_Changes since **LTS 3033.3.2**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2021-33655](https://nvd.nist.gov/vuln/detail/CVE-2021-33655), [CVE-2021-33656](https://nvd.nist.gov/vuln/detail/CVE-2021-33656), [CVE-2022-2318](https://nvd.nist.gov/vuln/detail/CVE-2022-2318), [CVE-2022-26365](https://nvd.nist.gov/vuln/detail/CVE-2022-26365), [CVE-2022-32296](https://nvd.nist.gov/vuln/detail/CVE-2022-32296), [CVE-2022-33740](https://nvd.nist.gov/vuln/detail/CVE-2022-33740), [CVE-2022-33741](https://nvd.nist.gov/vuln/detail/CVE-2022-33741), [CVE-2022-33742](https://nvd.nist.gov/vuln/detail/CVE-2022-33742), [CVE-2022-33743](https://nvd.nist.gov/vuln/detail/CVE-2022-33743), [CVE-2022-33744](https://nvd.nist.gov/vuln/detail/CVE-2022-33744), [CVE-2022-34918](https://nvd.nist.gov/vuln/detail/CVE-2022-34918))<br>- containerd ([CVE-2022-31030](https://nvd.nist.gov/vuln/detail/CVE-2022-31030))<br><br>#### Bug fixes:<br><br>- Removed outdated LTS channel information printed on login ([init#75](https://github.com/flatcar/init/pull/75))<br><br>#### Changes:<br><br>- Enabled `containerd.service` unit, `br_netfilter` and `overlay` modules by default to follow Kubernetes requirements ([coreos-overlay#1944](https://github.com/flatcar/coreos-overlay/pull/1944), [init#72](https://github.com/flatcar/init/pull/72))<br>- DigitalOcean: In addition to the `bz2` image, a `gz` compressed image is published. This helps against hitting the compression timeout that sometimes lets the image import fail.<br>- OpenStack: In addition to the `bz2` image, a `gz` compressed image is published. This allows Glance to directly consume the images by simply passing in the URL of the image.<br>- SDK: The image compression format is now configurable. Supported formats are: `bz2`, `gz`, `zip`, `none`, `zst`. Selecting the image format can now be done by passing the `--image_compression_formats` option. This flag gets a comma separated list of formats.<br><br>#### Updates:<br><br>- Linux ([5.10.131](https://lwn.net/Articles/901381/) (includes [5.10.130](https://lwn.net/Articles/900910), [5.10.129](https://lwn.net/Articles/900322), [5.10.128](https://lwn.net/Articles/899789), [5.10.127](https://lwn.net/Articles/899371), [5.10.126](https://lwn.net/Articles/899121), [5.10.125](https://lwn.net/Articles/899090), [5.10.124](https://lwn.net/Articles/898623)))<br>- ca-certificates ([3.80](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_80.html))<br>- containerd ([1.5.13](https://github.com/containerd/containerd/releases/tag/v1.5.13))<br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.10.131<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-07-21T15:46:59+00:00 @@ -86,7 +86,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3033.3.2 3033.3.2 - 2023-10-25T10:20:36.917726+00:00 + 2023-11-22T09:59:26.638083+00:00 New **LTS-2022** Release **3033.3.2**<br><br>Changes since **LTS 3033.3.1**<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-1012](https://nvd.nist.gov/vuln/detail/CVE-2022-1012), [CVE-2022-1789](https://nvd.nist.gov/vuln/detail/CVE-2022-1789), [CVE-2022-1852](https://nvd.nist.gov/vuln/detail/CVE-2022-1852), [CVE-2022-1972](https://nvd.nist.gov/vuln/detail/CVE-2022-1972), [CVE-2022-2078](https://nvd.nist.gov/vuln/detail/CVE-2022-2078), [CVE-2022-21499](https://nvd.nist.gov/vuln/detail/CVE-2022-21499), [CVE-2022-32250](https://nvd.nist.gov/vuln/detail/CVE-2022-32250), [CVE-2022-32981](https://nvd.nist.gov/vuln/detail/CVE-2022-32981))<br>- libpcre2 ([CVE-2022-1586](https://nvd.nist.gov/vuln/detail/CVE-2022-1586), [CVE-2022-1587](https://nvd.nist.gov/vuln/detail/CVE-2022-1587))<br><br>#### Updates:<br><br>- Linux ([5.10.123](https://lwn.net/Articles/898125) (includes [5.10.122](https://lwn.net/Articles/897903), [5.10.121](https://lwn.net/Articles/897378), [5.10.120](https://lwn.net/Articles/897168), [5.10.119](https://lwn.net/Articles/896648))<br>- ca-certificates ([3.79](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_79.html))<br>- libpcre2 ([10.40](https://github.com/PCRE2Project/pcre2/blob/pcre2-10.40/NEWS))<br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.10.123<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-06-23T11:49:00+00:00 @@ -94,7 +94,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3033.3.1 3033.3.1 - 2023-10-25T10:20:36.912778+00:00 + 2023-11-22T09:59:26.633124+00:00 New **LTS-2022** Release **3033.3.1**<br><br>_Changes since **LTS-2022 3033.3.0**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-28390](https://nvd.nist.gov/vuln/detail/CVE-2022-28390), [CVE-2022-0168](https://nvd.nist.gov/vuln/detail/CVE-2022-0168), [CVE-2022-1158](https://nvd.nist.gov/vuln/detail/CVE-2022-1158), [CVE-2022-1353](https://nvd.nist.gov/vuln/detail/CVE-2022-1353), [CVE-2022-30594](https://nvd.nist.gov/vuln/detail/CVE-2022-30594), [CVE-2022-1198](https://nvd.nist.gov/vuln/detail/CVE-2022-1198), [CVE-2022-28389](https://nvd.nist.gov/vuln/detail/CVE-2022-28389), [CVE-2022-28388](https://nvd.nist.gov/vuln/detail/CVE-2022-28388), [CVE-2022-1516](https://nvd.nist.gov/vuln/detail/CVE-2022-1516), [CVE-2022-29582](https://nvd.nist.gov/vuln/detail/CVE-2022-29582), [CVE-2021-4197](https://nvd.nist.gov/vuln/detail/CVE-2021-4197), [CVE-2022-1204](https://nvd.nist.gov/vuln/detail/CVE-2022-1204), [CVE-2022-1205](https://nvd.nist.gov/vuln/detail/CVE-2022-1205), [CVE-2022-29581](https://nvd.nist.gov/vuln/detail/CVE-2022-29581), [CVE-2022-1836](https://nvd.nist.gov/vuln/detail/CVE-2022-1836), [CVE-2022-1734](https://nvd.nist.gov/vuln/detail/CVE-2022-1734), [CVE-2022-0494](https://nvd.nist.gov/vuln/detail/CVE-2022-0494), [CVE-2022-28893](https://nvd.nist.gov/vuln/detail/CVE-2022-28893), [CVE-2022-1729](https://nvd.nist.gov/vuln/detail/CVE-2022-1729), [CVE-2022-0854](https://nvd.nist.gov/vuln/detail/CVE-2022-0854))<br><br>#### Bug fixes:<br><br>- Ensured `/etc/flatcar/update.conf` exists because it happens to be used as flag file for Ansible ([init#71](https://github.com/flatcar/init/pull/71))<br><br>#### Updates:<br><br>- Linux ([5.10.118](https://lwn.net/Articles/896225/) (includes [5.10.117](https://lwn.net/Articles/895646), [5.10.116](https://lwn.net/Articles/895319), [5.10.115](https://lwn.net/Articles/895071), [5.10.114](https://lwn.net/Articles/894358), [5.10.113](https://lwn.net/Articles/892813), [5.10.112](https://lwn.net/Articles/891997), [5.10.111](https://lwn.net/Articles/891252), [5.10.110](https://lwn.net/Articles/890723)))<br>- ca-certificates ([3.78](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_78.html))<br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.10.118<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-06-02T15:10:04+00:00 @@ -102,7 +102,7 @@ https://github.com/flatcar/scripts/releases/tag/lts-3033.3.18 3033.3.18 - 2023-10-25T10:20:36.907260+00:00 + 2023-11-22T09:59:26.627543+00:00 _Changes since **LTS 3033.3.17**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2023-31085](https://nvd.nist.gov/vuln/detail/CVE-2023-31085), [CVE-2023-34324](https://nvd.nist.gov/vuln/detail/CVE-2023-34324), [CVE-2023-39189](https://nvd.nist.gov/vuln/detail/CVE-2023-39189), [CVE-2023-39192](https://nvd.nist.gov/vuln/detail/CVE-2023-39192), [CVE-2023-39193](https://nvd.nist.gov/vuln/detail/CVE-2023-39193), [CVE-2023-4244](https://nvd.nist.gov/vuln/detail/CVE-2023-4244), [CVE-2023-42752](https://nvd.nist.gov/vuln/detail/CVE-2023-42752), [CVE-2023-42753](https://nvd.nist.gov/vuln/detail/CVE-2023-42753), [CVE-2023-42754](https://nvd.nist.gov/vuln/detail/CVE-2023-42754), [CVE-2023-42755](https://nvd.nist.gov/vuln/detail/CVE-2023-42755), [CVE-2023-45871](https://nvd.nist.gov/vuln/detail/CVE-2023-45871), [CVE-2023-4623](https://nvd.nist.gov/vuln/detail/CVE-2023-4623), [CVE-2023-4921](https://nvd.nist.gov/vuln/detail/CVE-2023-4921), [CVE-2023-5197](https://nvd.nist.gov/vuln/detail/CVE-2023-5197))<br>- curl ([CVE-2023-38545](https://nvd.nist.gov/vuln/detail/CVE-2023-38545), [CVE-2023-38546](https://nvd.nist.gov/vuln/detail/CVE-2023-38546))<br><br>#### Bug fixes:<br><br><br>#### Changes:<br><br>- Add support for Microsoft Azure Network Adapter (MANA) NICs on Azure ([scripts#1131](https://github.com/flatcar/scripts/pull/1131))<br><br>#### Updates:<br><br>- ca-certificates ([3.94](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_94.html))<br>- Linux ([5.10.198](https://lwn.net/Articles/947300) (includes [5.10.197](https://lwn.net/Articles/945381), [5.10.196](https://lwn.net/Articles/945131), [5.10.195](https://lwn.net/Articles/944878), [5.10.194](https://lwn.net/Articles/943405)))<br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.10.198<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-10-25T08:40:29+00:00 @@ -110,7 +110,7 @@ https://github.com/flatcar/scripts/releases/tag/lts-3033.3.17 3033.3.17 - 2023-10-25T10:20:36.902103+00:00 + 2023-11-22T09:59:26.622227+00:00 _Changes since **LTS 3033.3.16**_<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2022-40982](https://nvd.nist.gov/vuln/detail/CVE-2022-40982), [CVE-2022-41804](https://nvd.nist.gov/vuln/detail/CVE-2022-41804), [CVE-2023-20569](https://nvd.nist.gov/vuln/detail/CVE-2023-20569), [CVE-2023-23908](https://nvd.nist.gov/vuln/detail/CVE-2023-23908), [CVE-2023-1206](https://nvd.nist.gov/vuln/detail/CVE-2023-1206), [CVE-2023-20588](https://nvd.nist.gov/vuln/detail/CVE-2023-20588), [CVE-2023-40283](https://nvd.nist.gov/vuln/detail/CVE-2023-40283), [CVE-2023-4128](https://nvd.nist.gov/vuln/detail/CVE-2023-4128), [CVE-2023-4147](https://nvd.nist.gov/vuln/detail/CVE-2023-4147), [CVE-2023-4273](https://nvd.nist.gov/vuln/detail/CVE-2023-4273))<br> <br> #### Updates:<br> <br> - Linux ([5.10.193](https://lwn.net/Articles/943114) (includes [5.10.192](https://lwn.net/Articles/942867), [5.10.191](https://lwn.net/Articles/941777),[5.10.190](https://lwn.net/Articles/941276), [5.10.189](https://lwn.net/Articles/940802)))<br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.10.193<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-09-06T13:19:04+00:00 @@ -118,7 +118,7 @@ https://github.com/flatcar/scripts/releases/tag/lts-3033.3.16 3033.3.16 - 2023-10-25T10:20:36.897303+00:00 + 2023-11-22T09:59:26.617400+00:00 _Changes since **LTS 3033.3.15**_<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2023-20593](https://nvd.nist.gov/vuln/detail/CVE-2023-20593), [CVE-2023-2898](https://nvd.nist.gov/vuln/detail/CVE-2023-2898), [CVE-2023-31248](https://nvd.nist.gov/vuln/detail/CVE-2023-31248), [CVE-2023-3390](https://nvd.nist.gov/vuln/detail/CVE-2023-3390), [CVE-2023-35001](https://nvd.nist.gov/vuln/detail/CVE-2023-35001), [CVE-2023-3610](https://nvd.nist.gov/vuln/detail/CVE-2023-3610), [CVE-2023-3611](https://nvd.nist.gov/vuln/detail/CVE-2023-3611), [CVE-2023-3776](https://nvd.nist.gov/vuln/detail/CVE-2023-3776), [CVE-2023-3863](https://nvd.nist.gov/vuln/detail/CVE-2023-3863))<br> - linux-firmware ([CVE-2023-20593](https://nvd.nist.gov/vuln/detail/CVE-2023-20593))<br> <br> #### Updates:<br> <br> - Linux ([5.10.188](https://lwn.net/Articles/939425) (includes [5.10.187](https://lwn.net/Articles/939105)))<br> - ca-certificates ([3.92](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_92.html))<br> - linux-firmware ([20230625](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20230625))<br><br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.10.188<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-08-09T11:41:25+00:00 @@ -126,7 +126,7 @@ https://github.com/flatcar/scripts/releases/tag/lts-3033.3.15 3033.3.15 - 2023-10-25T10:20:36.892378+00:00 + 2023-11-22T09:59:26.612437+00:00 _Changes since **LTS 3033.3.14**_<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2023-3338](https://nvd.nist.gov/vuln/detail/CVE-2023-3338))<br> <br> #### Bug fixes:<br> <br> <br> #### Changes:<br> <br> - Changed ext4 inode size of root partition to 256 bytes. This improves compatibility with applications and is necessary for 2038 readiness ([Flatcar#1082](https://github.com/flatcar/Flatcar/issues/1082))<br> <br> #### Updates:<br> <br> - Linux ([5.10.186](https://lwn.net/Articles/936676) (includes [5.10.185](https://lwn.net/Articles/935583)))<br> - ca-certificates ([3.91](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_91.html))<br><br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.10.186<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-07-18T09:01:17+00:00 @@ -134,7 +134,7 @@ https://github.com/flatcar/scripts/releases/tag/lts-3033.3.14 3033.3.14 - 2023-10-25T10:20:36.887667+00:00 + 2023-11-22T09:59:26.607635+00:00 _Changes since **LTS 3033.3.13**_<br> <br>#### Security fixes:<br> <br>- Linux ([CVE-2022-4269](https://nvd.nist.gov/vuln/detail/CVE-2022-4269))<br> <br>#### Updates:<br> <br>- Linux ([5.10.184](https://lwn.net/Articles/934624) (includes [5.10.183](https://lwn.net/Articles/934321), [5.10.182](https://lwn.net/Articles/933910), [5.10.181](https://lwn.net/Articles/933279)))<br>- ca-certificates ([3.90](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_90.html))<br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.10.184<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-06-21T12:18:59+00:00 @@ -142,7 +142,7 @@ https://github.com/flatcar/scripts/releases/tag/lts-3033.3.13 3033.3.13 - 2023-10-25T10:20:36.883159+00:00 + 2023-11-22T09:59:26.602917+00:00 _Changes since **LTS 3033.3.12**_<br> <br>#### Security fixes:<br> <br> - Linux ([CVE-2022-39189](https://nvd.nist.gov/vuln/detail/CVE-2022-39189), [CVE-2023-1380](https://nvd.nist.gov/vuln/detail/CVE-2023-1380), [CVE-2023-2002](https://nvd.nist.gov/vuln/detail/CVE-2023-2002), [CVE-2023-2269](https://nvd.nist.gov/vuln/detail/CVE-2023-2269), [CVE-2023-2513](https://nvd.nist.gov/vuln/detail/CVE-2023-2513), [CVE-2023-31436](https://nvd.nist.gov/vuln/detail/CVE-2023-31436), [CVE-2023-32233](https://nvd.nist.gov/vuln/detail/CVE-2023-32233))<br> <br>#### Bug fixes:<br> <br> <br>#### Changes:<br> <br> <br>#### Updates:<br> <br> - Linux ([5.10.180](https://lwn.net/Articles/932135) (includes [5.10.179](https://lwn.net/Articles/930264)))<br> - ca-certificates ([3.89.1](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_89_1.html))<br><br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.10.180<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-06-01T11:48:40+00:00 @@ -150,7 +150,7 @@ https://github.com/flatcar/scripts/releases/tag/lts-3033.3.12 3033.3.12 - 2023-10-25T10:20:36.878443+00:00 + 2023-11-22T09:59:26.598089+00:00 _Changes since **LTS 3033.3.11**_<br><br>#### Security fixes:<br><br>- nvidia-drivers ([CVE-2022-31607](https://nvd.nist.gov/vuln/detail/CVE-2022-31607), [CVE-2022-31608](https://nvd.nist.gov/vuln/detail/CVE-2022-31608), [CVE-2022-31615](https://nvd.nist.gov/vuln/detail/CVE-2022-31615), [CVE-2022-34665](https://nvd.nist.gov/vuln/detail/CVE-2022-34665), [CVE-2022-34666](https://nvd.nist.gov/vuln/detail/CVE-2022-34666), [CVE-2022-34670](https://nvd.nist.gov/vuln/detail/CVE-2022-34670), [CVE-2022-34673](https://nvd.nist.gov/vuln/detail/CVE-2022-34673), [CVE-2022-34674](https://nvd.nist.gov/vuln/detail/CVE-2022-34674), [CVE-2022-34676](https://nvd.nist.gov/vuln/detail/CVE-2022-34676), [CVE-2022-34677](https://nvd.nist.gov/vuln/detail/CVE-2022-34677), [CVE-2022-34678](https://nvd.nist.gov/vuln/detail/CVE-2022-34678), [CVE-2022-34679](https://nvd.nist.gov/vuln/detail/CVE-2022-34679), [CVE-2022-34680](https://nvd.nist.gov/vuln/detail/CVE-2022-34680), [CVE-2022-34682](https://nvd.nist.gov/vuln/detail/CVE-2022-34682), [CVE-2022-34684](https://nvd.nist.gov/vuln/detail/CVE-2022-34684), [CVE-2022-42254](https://nvd.nist.gov/vuln/detail/CVE-2022-42254), [CVE-2022-42255](https://nvd.nist.gov/vuln/detail/CVE-2022-42255), [CVE-2022-42256](https://nvd.nist.gov/vuln/detail/CVE-2022-42256), [CVE-2022-42257](https://nvd.nist.gov/vuln/detail/CVE-2022-42257), [CVE-2022-42258](https://nvd.nist.gov/vuln/detail/CVE-2022-42258), [CVE-2022-42259](https://nvd.nist.gov/vuln/detail/CVE-2022-42259), [CVE-2022-42260](https://nvd.nist.gov/vuln/detail/CVE-2022-42260), [CVE-2022-42261](https://nvd.nist.gov/vuln/detail/CVE-2022-42261), [CVE-2022-42263](https://nvd.nist.gov/vuln/detail/CVE-2022-42263), [CVE-2022-42264](https://nvd.nist.gov/vuln/detail/CVE-2022-42264), [CVE-2022-42265](https://nvd.nist.gov/vuln/detail/CVE-2022-42265))<br><br>#### Bug fixes:<br>- Fix the broken emerge-gitclone in the dev-container owing to the missing migration action around the unification of the Flatcar core repositories<br><br>#### Changes:<br>- The package upgrade for nvidia-drivers might result in not supporting a few of the older NVIDIA Tesla GPUs. If you are facing issues, set `NVIDIA_DRIVER_VERSION=460.106.00` in `/etc/flatcar/nvidia-metadata`<br><br>#### Updates:<br><br>- Linux ([5.10.178](https://lwn.net/Articles/929680/))<br>- nvidia-drivers ([525.105.17](https://docs.nvidia.com/datacenter/tesla/tesla-release-notes-525-105-17/index.html))<br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.10.178<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-04-25T13:46:55+00:00 @@ -158,7 +158,7 @@ https://github.com/flatcar/scripts/releases/tag/lts-3033.3.11 3033.3.11 - 2023-10-25T10:20:36.872712+00:00 + 2023-11-22T09:59:26.592334+00:00 _Changes since **LTS 3033.3.10**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-4379](https://nvd.nist.gov/vuln/detail/CVE-2022-4379), [CVE-2023-1076](https://nvd.nist.gov/vuln/detail/CVE-2023-1076), [CVE-2023-1077](https://nvd.nist.gov/vuln/detail/CVE-2023-1077), [CVE-2023-1079](https://nvd.nist.gov/vuln/detail/CVE-2023-1079), [CVE-2023-1118](https://nvd.nist.gov/vuln/detail/CVE-2023-1118), [CVE-2023-1611](https://nvd.nist.gov/vuln/detail/CVE-2023-1611), [CVE-2023-1670](https://nvd.nist.gov/vuln/detail/CVE-2023-1670), [CVE-2023-1829](https://nvd.nist.gov/vuln/detail/CVE-2023-1829), [CVE-2023-1855](https://nvd.nist.gov/vuln/detail/CVE-2023-1855), [CVE-2023-1989](https://nvd.nist.gov/vuln/detail/CVE-2023-1989), [CVE-2023-1990](https://nvd.nist.gov/vuln/detail/CVE-2023-1990), [CVE-2023-23004](https://nvd.nist.gov/vuln/detail/CVE-2023-23004), [CVE-2023-25012](https://nvd.nist.gov/vuln/detail/CVE-2023-25012), [CVE-2023-28466](https://nvd.nist.gov/vuln/detail/CVE-2023-28466), [CVE-2023-30456](https://nvd.nist.gov/vuln/detail/CVE-2023-30456), [CVE-2023-30772](https://nvd.nist.gov/vuln/detail/CVE-2023-30772))<br><br>#### Bug fixes:<br><br><br>#### Changes:<br><br>- Added new image signing pub key to `flatcar-install`, needed for download verification of releases built from July 2023 onwards, if you have copies of `flatcar-install` or the image signing pub key, you need to update them as well ([init#92](https://github.com/flatcar/init/pull/92))<br><br>#### Updates:<br><br>- ca-certificates ([3.89](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_89.html))<br>- Linux ([5.10.177](https://lwn.net/Articles/928342) (includes [5.10.176](https://lwn.net/Articles/926874), [5.10.175](https://lwn.net/Articles/926416), [5.10.174](https://lwn.net/Articles/925992), [5.10.173](https://lwn.net/Articles/925935)))<br><br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.10.177<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-04-17T13:20:00+00:00 @@ -166,7 +166,7 @@ https://github.com/flatcar/scripts/releases/tag/lts-3033.3.10 3033.3.10 - 2023-10-25T10:20:36.867366+00:00 + 2023-11-22T09:59:26.586930+00:00 _Changes since **LTS 3033.3.9**_<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2022-2196](https://nvd.nist.gov/vuln/detail/CVE-2022-2196), [CVE-2022-3707](https://nvd.nist.gov/vuln/detail/CVE-2022-3707), [CVE-2022-4129](https://nvd.nist.gov/vuln/detail/CVE-2022-4129), [CVE-2022-4382](https://nvd.nist.gov/vuln/detail/CVE-2022-4382), [CVE-2023-1073](https://nvd.nist.gov/vuln/detail/CVE-2023-1073), [CVE-2023-1074](https://nvd.nist.gov/vuln/detail/CVE-2023-1074), [CVE-2023-1078](https://nvd.nist.gov/vuln/detail/CVE-2023-1078), [CVE-2023-22998](https://nvd.nist.gov/vuln/detail/CVE-2023-22998), [CVE-2023-23559](https://nvd.nist.gov/vuln/detail/CVE-2023-23559), [CVE-2023-26545](https://nvd.nist.gov/vuln/detail/CVE-2023-26545))<br> <br> #### Updates:<br> <br> - Linux ([5.10.172](https://lwn.net/Articles/925079) (includes [5.10.171](https://lwn.net/Articles/925065), [5.10.170](https://lwn.net/Articles/924440), [5.10.169](https://lwn.net/Articles/924074), [5.10.168](https://lwn.net/Articles/923395), [5.10.167](https://lwn.net/Articles/922341), [5.10.166](https://lwn.net/Articles/921852), [5.10.165](https://lwn.net/Articles/921030)))<br> - ca-certificates ([3.88.1](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_88_1.html))<br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.10.172<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-03-07T15:25:03+00:00 @@ -174,7 +174,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3033.3.0 3033.3.0 - 2023-10-25T10:20:36.862091+00:00 + 2023-11-22T09:59:26.581720+00:00 New **LTS-2022** Release **3033.3.0**<br><br>_Changes since **LTS-2021 2605.27.1**_<br><br>Update to CGroupsV2: Flatcar Container Linux migrates to the unified cgroup hierarchy (aka cgroups v2)! New nodes will utilize cgroups v2 by default. Existing nodes remain on cgroups v1 and need to be manually migrated to cgroups v2. To learn more about the cgroups v2 on Flatcar Container Linux and the migration guide, please refer to https://flatcar-linux.org/docs/latest/container-runtimes/switching-to-unified-cgroups/<br><br>Other notable changes: cri-tools and lbzip2 got added, PAM tally2 got replaced by PAM faillock, only a single Docker version is now shipped (20.10), and rkt, kubelet-wapper, dhcpcd, and containerd-stress got removed.<br><br>### Security fixes:<br><br>(Note: Not all fixed issues may have been present in the old versions)<br>- Linux ([CVE-2020-27170](https://nvd.nist.gov/vuln/detail/CVE-2020-27170), [CVE-2020-25220](https://nvd.nist.gov/vuln/detail/CVE-2020-25220), [CVE-2020-27171](https://nvd.nist.gov/vuln/detail/CVE-2020-27171), [CVE-2020-35499](https://nvd.nist.gov/vuln/detail/CVE-2020-35499), [CVE-2022-0286](https://nvd.nist.gov/vuln/detail/CVE-2022-0286), [CVE-2022-0516](https://nvd.nist.gov/vuln/detail/CVE-2022-0516), [CVE-2021-3411](https://nvd.nist.gov/vuln/detail/CVE-2021-3411), [CVE-2021-3489](https://nvd.nist.gov/vuln/detail/CVE-2021-3489), [CVE-2021-3490](https://nvd.nist.gov/vuln/detail/CVE-2021-3490), [CVE-2021-3491](https://nvd.nist.gov/vuln/detail/CVE-2021-3491), [CVE-2021-3501](https://nvd.nist.gov/vuln/detail/CVE-2021-3501), [CVE-2021-3543](https://nvd.nist.gov/vuln/detail/CVE-2021-3543), [CVE-2021-4001](https://nvd.nist.gov/vuln/detail/CVE-2021-4001), [CVE-2021-4028](https://nvd.nist.gov/vuln/detail/CVE-2021-4028), [CVE-2021-4204](https://nvd.nist.gov/vuln/detail/CVE-2021-4204), [CVE-2021-20268](https://nvd.nist.gov/vuln/detail/CVE-2021-20268), [CVE-2021-22600](https://nvd.nist.gov/vuln/detail/CVE-2021-22600), [CVE-2021-26708](https://nvd.nist.gov/vuln/detail/CVE-2021-26708), [CVE-2021-28039](https://nvd.nist.gov/vuln/detail/CVE-2021-28039), [CVE-2021-28691](https://nvd.nist.gov/vuln/detail/CVE-2021-28691), [CVE-2021-28952](https://nvd.nist.gov/vuln/detail/CVE-2021-28952), [CVE-2021-29266](https://nvd.nist.gov/vuln/detail/CVE-2021-29266), [CVE-2021-29646](https://nvd.nist.gov/vuln/detail/CVE-2021-29646), [CVE-2021-29649](https://nvd.nist.gov/vuln/detail/CVE-2021-29649), [CVE-2021-29657](https://nvd.nist.gov/vuln/detail/CVE-2021-29657), [CVE-2021-34866](https://nvd.nist.gov/vuln/detail/CVE-2021-34866), [CVE-2021-38166](https://nvd.nist.gov/vuln/detail/CVE-2021-38166), [CVE-2021-38206](https://nvd.nist.gov/vuln/detail/CVE-2021-38206), [CVE-2021-38207](https://nvd.nist.gov/vuln/detail/CVE-2021-38207), [CVE-2021-38209](https://nvd.nist.gov/vuln/detail/CVE-2021-38209), [CVE-2021-31440](https://nvd.nist.gov/vuln/detail/CVE-2021-31440), [CVE-2021-41073](https://nvd.nist.gov/vuln/detail/CVE-2021-41073), [CVE-2021-42327](https://nvd.nist.gov/vuln/detail/CVE-2021-42327), [CVE-2021-45402](https://nvd.nist.gov/vuln/detail/CVE-2021-45402), [CVE-2021-43267](https://nvd.nist.gov/vuln/detail/CVE-2021-43267), [CVE-2021-46283](https://nvd.nist.gov/vuln/detail/CVE-2021-46283), [CVE-2022-0847](https://nvd.nist.gov/vuln/detail/CVE-2022-0847))<br>- systemd ([CVE-2020-13529](https://nvd.nist.gov/vuln/detail/CVE-2020-13529), [CVE-2021-3997](https://nvd.nist.gov/vuln/detail/CVE-2021-3997), [CVE-2021-33910](https://nvd.nist.gov/vuln/detail/CVE-2021-33910))<br>- Docker ([CVE-2021-21284](https://nvd.nist.gov/vuln/detail/CVE-2021-21284), [CVE-2021-21285](https://nvd.nist.gov/vuln/detail/CVE-2021-21285), [CVE-2021-41089](https://nvd.nist.gov/vuln/detail/CVE-2021-41089), [CVE-2021-41091](https://nvd.nist.gov/vuln/detail/CVE-2021-41091), [CVE-2021-41092](https://nvd.nist.gov/vuln/detail/CVE-2021-41092))<br>- containerd ([CVE-2020-15257](https://nvd.nist.gov/vuln/detail/CVE-2020-15257), [CVE-2021-21334](https://nvd.nist.gov/vuln/detail/CVE-2021-21334), [CVE-2021-32760](https://nvd.nist.gov/vuln/detail/CVE-2021-32760), [CVE-2021-41103](https://nvd.nist.gov/vuln/detail/CVE-2021-41103), [CVE-2021-43816](https://nvd.nist.gov/vuln/detail/CVE-2021-43816), [CVE-2022-23648](https://nvd.nist.gov/vuln/detail/CVE-2022-23648), [CVE-2022-24769](https://nvd.nist.gov/vuln/detail/CVE-2022-24769))<br>- Docker, containerd ([CVE-2021-41190](https://nvd.nist.gov/vuln/detail/CVE-2021-41190))<br>- glibc ([CVE-2019-25013](https://nvd.nist.gov/vuln/detail/CVE-2019-25013), [CVE-2020-27618](https://nvd.nist.gov/vuln/detail/CVE-2020-27618), [CVE-2020-29562](https://nvd.nist.gov/vuln/detail/CVE-2020-29562), [CVE-2021-3998](https://nvd.nist.gov/vuln/detail/CVE-2021-3998), [CVE-2021-3999](https://nvd.nist.gov/vuln/detail/CVE-2021-3999), [CVE-2021-27645](https://nvd.nist.gov/vuln/detail/CVE-2021-27645), [CVE-2021-33574](https://nvd.nist.gov/vuln/detail/CVE-2021-33574), [CVE-2021-35942](https://nvd.nist.gov/vuln/detail/CVE-2021-35942), [CVE-2021-38604](https://nvd.nist.gov/vuln/detail/CVE-2021-38604), [CVE-2022-23218](https://nvd.nist.gov/vuln/detail/CVE-2022-23218), [CVE-2022-23219](https://nvd.nist.gov/vuln/detail/CVE-2022-23219))<br>- Go ([CVE-2020-28362](https://nvd.nist.gov/vuln/detail/CVE-2020-28362), [CVE-2020-28366](https://nvd.nist.gov/vuln/detail/CVE-2020-28366), [CVE-2020-28367](https://nvd.nist.gov/vuln/detail/CVE-2020-28367), [CVE-2021-27918](https://nvd.nist.gov/vuln/detail/CVE-2021-27918), [CVE-2021-27919](https://nvd.nist.gov/vuln/detail/CVE-2021-27919), [CVE-2021-29923](https://nvd.nist.gov/vuln/detail/CVE-2021-29923), [CVE-2021-31525](https://nvd.nist.gov/vuln/detail/CVE-2021-31525), [CVE-2021-33195](https://nvd.nist.gov/vuln/detail/CVE-2021-33195),[CVE-2021-33196](https://nvd.nist.gov/vuln/detail/CVE-2021-33196),[CVE-2021-33197](https://nvd.nist.gov/vuln/detail/CVE-2021-33197),[CVE-2021-33198](https://nvd.nist.gov/vuln/detail/CVE-2021-33198), [CVE-2021-34558](https://nvd.nist.gov/vuln/detail/CVE-2021-34558), [CVE-2021-36221](https://nvd.nist.gov/vuln/detail/CVE-2021-36221), [CVE-2021-38297](https://nvd.nist.gov/vuln/detail/CVE-2021-38297), [CVE-2021-39293](https://nvd.nist.gov/vuln/detail/CVE-2021-39293), [CVE-2021-44716](https://nvd.nist.gov/vuln/detail/CVE-2021-44716), [CVE-2021-44717](https://nvd.nist.gov/vuln/detail/CVE-2021-44717), [CVE-2021-41771](https://nvd.nist.gov/vuln/detail/CVE-2021-41771), [CVE-2021-41772](https://nvd.nist.gov/vuln/detail/CVE-2021-41772), [CVE-2022-23772](https://nvd.nist.gov/vuln/detail/CVE-2022-23772), [CVE-2022-23773](https://nvd.nist.gov/vuln/detail/CVE-2022-23773), [CVE-2022-23806](https://nvd.nist.gov/vuln/detail/CVE-2022-23806), [CVE-2022-24921](https://nvd.nist.gov/vuln/detail/CVE-2022-24921))<br>- bash ([CVE-2019-9924](https://nvd.nist.gov/vuln/detail/CVE-2019-9924), [CVE-2019-18276](https://nvd.nist.gov/vuln/detail/CVE-2019-18276))<br>- binutils ([CVE-2021-20197](https://nvd.nist.gov/vuln/detail/CVE-2021-20197), [CVE-2021-3487](https://nvd.nist.gov/vuln/detail/CVE-2021-3487), [CVE-2021-3530](https://nvd.nist.gov/vuln/detail/CVE-2021-3530), [CVE-2021-3549](https://nvd.nist.gov/vuln/detail/CVE-2021-3549))<br>- boost ([CVE-2012-2677](https://nvd.nist.gov/vuln/detail/CVE-2012-2677))<br>- bsdiff [CVE-2014-9862](https://nvd.nist.gov/vuln/detail/CVE-2014-9862)<br>- bzip2 ([CVE-2019-12900](https://nvd.nist.gov/vuln/detail/CVE-2019-12900))<br>- curl ([CVE-2021-22876](https://nvd.nist.gov/vuln/detail/CVE-2021-22876), [CVE-2021-22890](https://nvd.nist.gov/vuln/detail/CVE-2021-22890), [CVE-2021-22898](https://nvd.nist.gov/vuln/detail/CVE-2021-22898), [CVE-2021-22901](https://nvd.nist.gov/vuln/detail/CVE-2021-22901), [CVE-2021-22945](https://nvd.nist.gov/vuln/detail/CVE-2021-22945), [CVE-2021-22946](https://nvd.nist.gov/vuln/detail/CVE-2021-22946), [CVE-2021-22947](https://nvd.nist.gov/vuln/detail/CVE-2021-22947), [CVE-2021-22922](https://nvd.nist.gov/vuln/detail/CVE-2021-22922), [CVE-2021-22923](https://nvd.nist.gov/vuln/detail/CVE-2021-22923), [CVE-2021-22924](https://nvd.nist.gov/vuln/detail/CVE-2021-22924), [CVE-2021-22925](https://nvd.nist.gov/vuln/detail/CVE-2021-22925), [CVE-2021-22926](https://nvd.nist.gov/vuln/detail/CVE-2021-22926))<br>- c-ares ([CVE-2020-8277](https://nvd.nist.gov/vuln/detail/CVE-2020-8277), [CVE-2021-3672](https://nvd.nist.gov/vuln/detail/CVE-2021-3672))<br>- ca-certificates ([CVE-2021-43527](https://nvd.nist.gov/vuln/detail/CVE-2021-43527))<br>- cifs-utils ([CVE-2020-14342](https://nvd.nist.gov/vuln/detail/CVE-2020-14342))<br>- coreutils ([CVE-2017-7476](https://nvd.nist.gov/vuln/detail/CVE-2017-7476))<br>- dbus ([CVE-2020-35512](https://nvd.nist.gov/vuln/detail/CVE-2020-35512))<br>- expat ([CVE-2013-0340](https://nvd.nist.gov/vuln/detail/CVE-2013-0340), [CVE-2021-45960](https://nvd.nist.gov/vuln/detail/CVE-2021-45960), [CVE-2021-46143](https://nvd.nist.gov/vuln/detail/CVE-2021-46143), [CVE-2022-22822](https://nvd.nist.gov/vuln/detail/CVE-2022-22822), [CVE-2022-22823](https://nvd.nist.gov/vuln/detail/CVE-2022-22823), [CVE-2022-22824](https://nvd.nist.gov/vuln/detail/CVE-2022-22824), [CVE-2022-22825](https://nvd.nist.gov/vuln/detail/CVE-2022-22825), [CVE-2022-22826](https://nvd.nist.gov/vuln/detail/CVE-2022-22826), [CVE-2022-22827](https://nvd.nist.gov/vuln/detail/CVE-2022-22827), [CVE-2022-23852](https://nvd.nist.gov/vuln/detail/CVE-2022-23852), [CVE-2022-23990](https://nvd.nist.gov/vuln/detail/CVE-2022-23990), [CVE-2022-25235](https://nvd.nist.gov/vuln/detail/CVE-2022-25235), [CVE-2022-25236](https://nvd.nist.gov/vuln/detail/CVE-2022-25236), [CVE-2022-25313](https://nvd.nist.gov/vuln/detail/CVE-2022-25313), [CVE-2022-25314](https://nvd.nist.gov/vuln/detail/CVE-2022-25314), [CVE-2022-25315](https://nvd.nist.gov/vuln/detail/CVE-2022-25315))<br>- gettext ([CVE-2020-12825](https://nvd.nist.gov/vuln/detail/CVE-2020-12825))<br>- git ([CVE-2021-21300](https://nvd.nist.gov/vuln/detail/CVE-2021-21300), [CVE-2021-40330](https://nvd.nist.gov/vuln/detail/CVE-2021-40330))<br>- glib ([CVE-2019-12450](https://nvd.nist.gov/vuln/detail/CVE-2019-12450), [CVE-2021-28153](https://nvd.nist.gov/vuln/detail/CVE-2021-28153), [CVE-2021-27218](https://nvd.nist.gov/vuln/detail/CVE-2021-27218), [CVE-2021-27219](https://nvd.nist.gov/vuln/detail/CVE-2021-27219))<br>- gnupg ([CVE-2020-25125](https://nvd.nist.gov/vuln/detail/CVE-2020-25125))<br>- gnutls ([CVE-2021-20231](https://nvd.nist.gov/vuln/detail/CVE-2021-20231), [CVE-2021-20232](https://nvd.nist.gov/vuln/detail/CVE-2021-20232))<br>- gptfdisk ([CVE-2021-0308](https://nvd.nist.gov/vuln/detail/CVE-2021-0308))<br>- ignition ([CVE-2020-14040](https://nvd.nist.gov/vuln/detail/CVE-2020-14040))<br>- intel-microcode ([CVE-2020-8694](https://nvd.nist.gov/vuln/detail/CVE-2020-8694), [CVE-2020-8695](https://nvd.nist.gov/vuln/detail/CVE-2020-8695), [CVE-2020-8696](https://nvd.nist.gov/vuln/detail/CVE-2020-8696), [CVE-2020-8698](https://nvd.nist.gov/vuln/detail/CVE-2020-8698), [CVE-2020-24489](https://nvd.nist.gov/vuln/detail/CVE-2020-24489), [CVE-2020-24511](https://nvd.nist.gov/vuln/detail/CVE-2020-24511), [CVE-2020-24513](https://nvd.nist.gov/vuln/detail/CVE-2020-24513))<br>- libgcrypt ([CVE-2021-33560](https://nvd.nist.gov/vuln/detail/CVE-2021-33560), [CVE-2021-40528](https://nvd.nist.gov/vuln/detail/CVE-2021-40528))<br>- libpcre ([CVE-2019-20838](https://nvd.nist.gov/vuln/detail/CVE-2019-20838), [CVE-2020-14155](https://nvd.nist.gov/vuln/detail/CVE-2020-14155))<br>- libuv ([CVE-2021-22918](https://nvd.nist.gov/vuln/detail/CVE-2021-22918))<br>- libxml2 ([CVE-2020-24977](https://nvd.nist.gov/vuln/detail/CVE-2020-24977), [CVE-2021-3516](https://nvd.nist.gov/vuln/detail/CVE-2021-3516), [CVE-2021-3517](https://nvd.nist.gov/vuln/detail/CVE-2021-3517), [CVE-2021-3518](https://nvd.nist.gov/vuln/detail/CVE-2021-3518), [CVE-2021-3541](https://nvd.nist.gov/vuln/detail/CVE-2021-3541))<br>- lz4 ([CVE-2021-3520](https://nvd.nist.gov/vuln/detail/CVE-2021-3520))<br>- mit-krb5 ([CVE-2021-36222](https://nvd.nist.gov/vuln/detail/CVE-2021-36222))<br>- ncurses ([CVE-2019-17594](https://nvd.nist.gov/vuln/detail/CVE-2019-17594), [CVE-2019-17595](https://nvd.nist.gov/vuln/detail/CVE-2019-17595))<br>- nettle ([CVE-2021-20305](https://nvd.nist.gov/vuln/detail/CVE-2021-20305), [CVE-2021-3580](https://nvd.nist.gov/vuln/detail/CVE-2021-3580))<br>- ntp ([CVE-2018-8956](https://nvd.nist.gov/vuln/detail/CVE-2018-8956), [CVE-2020-11868](https://nvd.nist.gov/vuln/detail/CVE-2020-11868), [CVE-2020-13817](https://nvd.nist.gov/vuln/detail/CVE-2020-13817), [CVE-2020-15025](https://nvd.nist.gov/vuln/detail/CVE-2020-15025))<br>- nvidia-drivers ([CVE-2022-21813](https://nvd.nist.gov/vuln/detail/CVE-2022-21813), [CVE-2022-21814](https://nvd.nist.gov/vuln/detail/CVE-2022-21814))<br>- open-iscsi ([CVE-2017-17840](https://nvd.nist.gov/vuln/detail/CVE-2017-17840))<br>- openssl ([CVE-2021-3449](https://nvd.nist.gov/vuln/detail/CVE-2021-3449), [CVE-2021-3450](https://nvd.nist.gov/vuln/detail/CVE-2021-3450), [CVE-2022-0778](https://nvd.nist.gov/vuln/detail/CVE-2022-0778))<br>- openldap ([CVE-2020-36221](https://nvd.nist.gov/vuln/detail/CVE-2020-36221), [CVE-2020-36222](https://nvd.nist.gov/vuln/detail/CVE-2020-36222), [CVE-2020-36223](https://nvd.nist.gov/vuln/detail/CVE-2020-36223), [CVE-2020-36224](https://nvd.nist.gov/vuln/detail/CVE-2020-36224), [CVE-2020-36225](https://nvd.nist.gov/vuln/detail/CVE-2020-36225), [CVE-2020-36226](https://nvd.nist.gov/vuln/detail/CVE-2020-36226), [CVE-2020-36227](https://nvd.nist.gov/vuln/detail/CVE-2020-36227), [CVE-2020-36228](https://nvd.nist.gov/vuln/detail/CVE-2020-36228), [CVE-2020-36229](https://nvd.nist.gov/vuln/detail/CVE-2020-36229), [CVE-2020-36230](https://nvd.nist.gov/vuln/detail/CVE-2020-36230), [CVE-2021-27212](https://nvd.nist.gov/vuln/detail/CVE-2021-27212))<br>- pam [CVE-2020-27780](https://nvd.nist.gov/vuln/detail/CVE-2020-27780)<br>- polkit ([CVE-2021-3560](https://nvd.nist.gov/vuln/detail/CVE-2021-3560), [CVE-2021-4034](https://nvd.nist.gov/vuln/detail/CVE-2021-4034))<br>- runc ([CVE-2021-30465](https://nvd.nist.gov/vuln/detail/CVE-2021-30465))<br>- samba ([CVE-2019-3880](https://nvd.nist.gov/vuln/detail/CVE-2019-3880), [CVE-2019-10197](https://nvd.nist.gov/vuln/detail/CVE-2019-10197), [CVE-2019-10218](https://nvd.nist.gov/vuln/detail/CVE-2019-10218), [CVE-2020-10704](https://nvd.nist.gov/vuln/detail/CVE-2020-10704), [CVE-2020-10745](https://nvd.nist.gov/vuln/detail/CVE-2020-10745), [CVE-2020-14318](https://nvd.nist.gov/vuln/detail/CVE-2020-14318), [CVE-2020-14323](https://nvd.nist.gov/vuln/detail/CVE-2020-14323), [CVE-2020-14383](https://nvd.nist.gov/vuln/detail/CVE-2020-14383))<br>- shadow ([CVE-2019-19882](https://nvd.nist.gov/vuln/detail/CVE-2019-19882))<br>- sqlite ([CVE-2021-20227](https://nvd.nist.gov/vuln/detail/CVE-2021-20227))<br>- sssd ([CVE-2018-16838](https://nvd.nist.gov/vuln/detail/CVE-2018-16838), [CVE-2018-16883](https://nvd.nist.gov/vuln/detail/CVE-2018-16883), [CVE-2019-3811](https://nvd.nist.gov/vuln/detail/CVE-2019-3811), [CVE-2021-3621](https://nvd.nist.gov/vuln/detail/CVE-2021-3621))<br>- tar ([CVE-2021-20193](https://nvd.nist.gov/vuln/detail/CVE-2021-20193))<br>- trousers ([CVE-2020-24330](https://nvd.nist.gov/vuln/detail/CVE-2020-24330), [CVE-2020-24331](https://nvd.nist.gov/vuln/detail/CVE-2020-24331))<br>- util-linux ([CVE-2021-37600](https://nvd.nist.gov/vuln/detail/CVE-2021-37600))<br>- vim ([CVE-2021-3770](https://nvd.nist.gov/vuln/detail/CVE-2021-3770), [CVE-2021-3778](https://nvd.nist.gov/vuln/detail/CVE-2021-3778), [CVE-2021-3796](https://nvd.nist.gov/vuln/detail/CVE-2021-3796))<br>- zstd ([CVE-2021-24032](https://nvd.nist.gov/vuln/detail/CVE-2021-24032))<br>- SDK: bison ([CVE-2020-14150](https://nvd.nist.gov/vuln/detail/CVE-2020-14150), [CVE-2020-24240](https://nvd.nist.gov/vuln/detail/CVE-2020-24240))<br>- SDK: dnsmasq ([CVE-2021-3448](https://nvd.nist.gov/vuln/detail/CVE-2021-3448), [CVE-2020-25681](https://nvd.nist.gov/vuln/detail/CVE-2020-25681), [CVE-2020-25682](https://nvd.nist.gov/vuln/detail/CVE-2020-25682), [CVE-2020-25683](https://nvd.nist.gov/vuln/detail/CVE-2020-25683), [CVE-2020-25684](https://nvd.nist.gov/vuln/detail/CVE-2020-25684), [CVE-2020-25685](https://nvd.nist.gov/vuln/detail/CVE-2020-25685), [CVE-2020-25686](https://nvd.nist.gov/vuln/detail/CVE-2020-25686), [CVE-2020-25687](https://nvd.nist.gov/vuln/detail/CVE-2020-25687))<br>- SDK: perl ([CVE-2020-10878](https://nvd.nist.gov/vuln/detail/CVE-2020-10878))<br>- SDK: qemu ([CVE-2020-10717](https://nvd.nist.gov/vuln/detail/CVE-2020-10717), [CVE-2020-13754](https://nvd.nist.gov/vuln/detail/CVE-2020-13754), [CVE-2020-15859](https://nvd.nist.gov/vuln/detail/CVE-2020-15859), [CVE-2020-15863](https://nvd.nist.gov/vuln/detail/CVE-2020-15863), [CVE-2020-16092](https://nvd.nist.gov/vuln/detail/CVE-2020-16092), [CVE-2020-25741](https://nvd.nist.gov/vuln/detail/CVE-2020-25741), [CVE-2020-25742](https://nvd.nist.gov/vuln/detail/CVE-2020-25742), [CVE-2020-25743](https://nvd.nist.gov/vuln/detail/CVE-2020-25743))<br>- SDK: Rust ([CVE-2020-36323](https://nvd.nist.gov/vuln/detail/CVE-2020-36323), [CVE-2021-28876](https://nvd.nist.gov/vuln/detail/CVE-2021-28876), [CVE-2021-28877](https://nvd.nist.gov/vuln/detail/CVE-2021-28877), [CVE-2021-28878](https://nvd.nist.gov/vuln/detail/CVE-2021-28878), [CVE-2021-28879](https://nvd.nist.gov/vuln/detail/CVE-2021-28879), [CVE-2021-31162](https://nvd.nist.gov/vuln/detail/CVE-2021-31162))<br><br><br>### Bug fixes:<br><br>- The Torcx profile `docker-1.12-no` got fixed to reference the current Docker version instead of 19.03 which wasn't found on the image, causing Torcx to fail to provide Docker ([coreos-overlay#1456](https://github.com/flatcar/coreos-overlay/pull/1456))<br>- Ensured that the `/run/xtables.lock` coordination file exists for modifications of the xtables backend from containers (must be bind-mounted) or the `iptables-legacy` binaries on the host ([init#57](https://github.com/flatcar/init/pull/57))<br>- SDK: Fixed build error popping up in the new SDK Container because `policycoreutils` used the wrong ROOT to update the SELinux store ([coreos-overlay#1502](https://github.com/flatcar/coreos-overlay/pull/1502))<br>- Fixed leak of SELinux policy store to the root filesystem top directory due to wrong store path in `policycoreutils` instead of `/var/lib/selinux` ([flatcar-linux/Flatcar#596](https://github.com/flatcar/Flatcar/issues/596))<br>- Disabled the systemd-networkd settings `ManageForeignRoutes` and `ManageForeignRoutingPolicyRules` by default to ensure that CNIs like Cilium don't get their routes or routing policy rules discarded on network reconfiguration events ([Flatcar#620](https://github.com/flatcar/Flatcar/issues/620)).<br>- AWS: specify correct console (ttyS0) on kernel command line for ARM64 instances ([coreos-overlay#1628](https://github.com/flatcar/coreos-overlay/pull/1628))<br>- Prevented hitting races when creating filesystems in Ignition, these races caused boot failures like `fsck[1343]: Failed to stat /dev/disk/by-label/ROOT: No such file or directory` when creating a btrfs root filesystem ([ignition#35](https://github.com/flatcar/ignition/pull/35))<br>- Reverted the Linux kernel change to forbid xfrm id 0 for IPSec state because it broke Cilium ([Flatcar#626](https://github.com/flatcar/Flatcar/issues/626), [coreos-overlay#1682](https://github.com/flatcar/coreos-overlay/pull/1682))<br>- Reverted the Linux kernel commit which broke networking on AWS instances which use Intel 82559 NIC (c4/m4) ([Flatcar#665](https://github.com/flatcar/Flatcar/issues/665), [coreos-overlay#1720](https://github.com/flatcar/coreos-overlay/pull/1720))<br>- Added pahole to developer container, without it kernel modules built against /usr/src/linux may fail to probe with an 'invalid relocation target' error ([coreos-overlay#1839](https://github.com/flatcar/coreos-overlay/pull/1839))<br>- vim with USE=minimal was fixed to run without warning in the beginning [portage-stable#260](https://github.com/flatcar/portage-stable/pull/260)<br>- dev container: Fix github URL for coreos-overlay and portage-stable to use repos from flatcar-linux org directly instead of relying on redirects from the kinvolk org. This fixes checkouts with emerge-gitclone inside dev-container. [scripts#194](https://github.com/flatcar/scripts/pull/194)<br>- Added missing SELinux rule as initial step to resolve Torcx unpacking issue ([coreos-overlay#1426](https://github.com/flatcar/coreos-overlay/pull/1426))<br>- Randomize OEM filesystem UUID if mounting fails ([init#47](https://github.com/flatcar/init/pull/47))<br>- Run emergency.target on ignition/torcx service unit failure in dracut ([bootengine#28](https://github.com/flatcar/bootengine/pull/28))<br>- Re-enabled kernel config FS_ENCRYPTION ([coreos-overlay#1212](https://github.com/flatcar/coreos-overlay/pull/1212/))<br>- Fixed Perl in dev-container ([coreos-overlay#1238](https://github.com/flatcar/coreos-overlay/pull/1238/))<br>- Fixed containerd config after introduction of CGroupsV2 ([coreos-overlay#1214](https://github.com/flatcar/coreos-overlay/pull/1214))<br>- Fixed path for amazon-ssm-agent in base-ec2.ign ([coreos-overlay#1228](https://github.com/flatcar/coreos-overlay/pull/1228))<br>- flatcar-install: randomized OEM filesystem UUID if mounting fails ([init#47](https://github.com/flatcar/init/pull/47))<br>- Fixed null-pointer deref crash in Ignition when specifying the OEM filesystem without a label ([ignition#25](https://github.com/flatcar/ignition/pull/25))<br>- Fixed locksmith adhering to reboot window when getting the etcd lock ([locksmith#10](https://github.com/flatcar/locksmith/pull/10))<br>- Fixed pam.d sssd LDAP auth with sudo ([coreos-overlay#1170](https://github.com/flatcar/coreos-overlay/pull/1170))<br>- Let network-cleanup.service finish before entering rootfs ([coreos-overlay#1182](https://github.com/flatcar/coreos-overlay/pull/1182))<br>- Fixed SELinux policy for Flannel CNI ([coreos-overlay#1181](https://github.com/flatcar/coreos-overlay/pull/1181))<br>- Set the cilium_vxlan interface to be not managed by networkd’s default setup with DHCP as it’s managed by Cilium. ([init#43](https://github.com/flatcar/init/pull/43))<br>- Disabled SELinux by default on dockerd wrapper script ([coreos-overlay#1149](https://github.com/flatcar/coreos-overlay/pull/1149))<br>- Fixed the network-cleanup service race in the initramfs which resulted in a failure being reported<br>- GCE: Granted CAP_NET_ADMIN to set routes for the TCP LB when starting oem-gce.service ([coreos-overlay#1146](https://github.com/flatcar/coreos-overlay/pull/1146))<br>- Add the systemd tag in udev for Azure storage devices, to fix /boot automount ([init#41](https://github.com/flatcar/init/pull/41))<br>- Update-engine sent empty requests when restarted before a pending reboot ([Flatcar#388](https://github.com/flatcar/Flatcar/issues/388))<br>- systemd-networkd: Do not manage loopback network interface ([bootengine#24](https://github.com/flatcar/bootengine/pull/24) [init#40](https://github.com/flatcar/init/pull/40))<br>- flatcar-install: Detect device mapper (e.g., LVM/LUKS) usage when searching for free drives with the -s flag ([Flatcar#332](https://github.com/flatcar/Flatcar/issues/332))<br>- GCE: The old interface name ens4v1 which was replaced by eth0 due to a broken udev rule was restored, but now as alternative interface name, and eth0 will stay the primary name for consistency across cloud environments. ([init#38](https://github.com/flatcar/init/pull/38))<br>- Include firmware files for all modules shipped in our image ([Issue #359](https://github.com/flatcar/Flatcar/issues/359), [coreos-overlay#887](https://github.com/flatcar/coreos-overlay/pull/887))<br>- Add explicit path to the binary call in the coreos-metadata unit file ([Issue #360](https://github.com/flatcar/Flatcar/issues/360))<br>- sys-apps/systemd: Fix unit installation ([coreos-overlay#810](https://github.com/flatcar/coreos-overlay/pull/810))<br>- passwd: use correct GID for tss ([baselayout#15](https://github.com/flatcar/baselayout/pull/15))<br>- coreos-base/gmerge: Stop installing gmerge script ([coreos-overlay#828](https://github.com/flatcar/coreos-overlay/pull/828))<br>- Update sys-apps/coreutils and make sure they have split-usr disabled for generic images ([coreos-overlay#829](https://github.com/flatcar/coreos-overlay/pull/829))<br>- afterburn (coreos-metadata): Restart on failure and keep coreos-metadata unit active ([coreos-overlay#768](https://github.com/flatcar/coreos-overlay/pull/768))<br>- network: Accept ICMPv6 Router Advertisements to fix IPv6 address assignment in the default DHCP setting ([flatcar-linux/init#51](https://github.com/flatcar/init/pull/51), [flatcar-linux/cloudinit#12](https://github.com/flatcar/coreos-cloudinit/pull/12), [flatcar-linux/bootengine#30](https://github.com/flatcar/bootengine/pull/30))<br>- Added a new flatcar-update tool to the image to ease manual updates, rollbacks, channel/release jumping, and airgapped updates ([flatcar-linux/init#53](https://github.com/flatcar/init/pull/53))<br>- Default again to disable SELinux permissions checks in systemd which was missing in the initial systemd 246 update<br>- Default again to set DefaultTasksMax=100% in systemd which was missing in the initial systemd 246 update<br>- Make systemd detect updates again when the /usr partition changes which was missing in the initial systemd 246 update<br>- Default again to disabling IP Forwarding in systemd which was missing in the initial systemd 246 update<br>- Default again to waiting only for one network interface to be ready with systemd-networkd-wait-online which was missing in the initial systemd 246 update<br><br>### Changes:<br><br>- Backported `elf` support for `iproute2` ([coreos-overlay#1256](https://github.com/flatcar/coreos-overlay/pull/1526))<br>- Enabled the FIPS support for the Linux kernel, which users can now choose through a kernel parameter in `grub.cfg` (check it taking effect with `cat /proc/sys/crypto/fips_enabled`) ([coreos-overlay#1602](https://github.com/flatcar/coreos-overlay/pull/1602))<br>- Merge the Flatcar Pro features into the regular Flatcar images ([coreos-overlay#1679](https://github.com/flatcar/coreos-overlay/pull/1679)) <br>- Added support for switching back to CGroupsV1 without requiring a reboot. Create `/etc/flatcar-cgroupv1` through ignition. ([coreos-overlay#1666](https://github.com/flatcar/coreos-overlay/pull/1666))<br>- Enabled FIPS mode for cryptsetup ([coreos-overlay#1747](https://github.com/flatcar/coreos-overlay/pull/1747))<br>- GCE: Enabled GVE kernel driver, which adds support for Google Virtual NIC on GCP ([coreos-overlay#1802](https://github.com/flatcar/coreos-overlay/pull/1802))<br>- Enabled FIPS mode for cryptsetup ([portage-stable#312](https://github.com/flatcar/portage-stable/pull/312))<br>- Added GPIO support ([coreos-overlay#1236](https://github.com/flatcar/coreos-overlay/pull/1236))<br>- Added Azure Generation 2 VM support ([coreos-overlay#1198](https://github.com/flatcar/coreos-overlay/pull/1198))<br>- Switched Docker ecosystem packages to go1.16 ([coreos-overlay#1217](https://github.com/flatcar/coreos-overlay/pull/1217))<br>- Added lbzip2 binary to the image ([coreos-overlay#1221](https://github.com/flatcar/coreos-overlay/pull/1221))<br>- flatcar-install uses lbzip2 if present, falls back on bzip2 if not ([init#46](https://github.com/flatcar/init/pull/46))<br>- Added Intel E800 series network adapter driver ([coreos-overlay#1237](https://github.com/flatcar/coreos-overlay/pull/1237))<br>- Enabled ‘audit’ use flag for sys-libs/pam ([coreos-overlay#1233](https://github.com/flatcar/coreos-overlay/pull/1233))<br>- Bumped etcd and flannel to respectively 3.5.0, 0.14.0 to get multiarch images for arm64 support. Note for users of the old etcd v2 support: ETCDCTL_API=2 must be set to use v2 store as well as ETCD_ENABLE_V2=true in the etcd-member.service - this support will be removed in 3.6.0 ([coreos-overlay#1179](https://github.com/flatcar/coreos-overlay/pull/1179))<br>- cgroups v2 by default for new nodes ([coreos-overlay#931](https://github.com/flatcar/coreos-overlay/pull/931))<br>- Upgrade Docker to 20.10 ([coreos-overlay#931](https://github.com/flatcar/coreos-overlay/pull/931))<br>- update_engine: add postinstall hook to stay on cgroupv1 ([update_engine#13](https://github.com/flatcar/update_engine/pull/13))<br>- Switched to zstd compression for the initramfs ([coreos-overlay#1136](https://github.com/flatcar/coreos-overlay/pull/1136))<br>- Embedded new subkey in flatcar-install ([coreos-overlay#1180](https://github.com/flatcar/coreos-overlay/pull/1180))<br>- Azure: Compile OEM contents for all architectures ([coreos-overlay#1196](https://github.com/flatcar/coreos-overlay/pull/1196))<br>- AWS: Added amazon-ssm-agent ([coreos-overlay#1162](https://github.com/flatcar/coreos-overlay/pull/1162))<br>- Switched dm-verity corruption detection to issue a kernel panic (a panic results in a reboot after 1 minute, this was the case before already) instead of merely failing certain syscalls that try to use the corrupted data<br>- Support BTRFS in OEM and /usr partitions, but only used it for the OEM partition for now. Ignition configurations that refer to the OEM partition will work with any filesystem format specified, a mismatch is not resulting in a boot error. ([coreos-overlay#1106](https://github.com/flatcar/coreos-overlay/pull/1106))<br>- Enabled zstd compression for the initramfs and for amd64 also for the kernel because we hit the vmlinuz size limit on the /boot partition<br>- Deleted the unused kernel+initramfs vmlinuz file from the /usr partition<br>- devcontainer: added support to run on arm64 by switching to an architecture-agnostic partition UUID<br>- Enabled ARM64 SDK bootstrap ([scripts#134](https://github.com/flatcar/scripts/pull/134))<br>- Enable telnet support for curl ([coreos-overlay#1099](https://github.com/flatcar/coreos-overlay/pull/1099))<br>- Enable MDIO_BCM_UNIMAC for arm64 ([coreos-overlay#929](https://github.com/flatcar/coreos-overlay/pull/929))<br>- Disabled SELinux for Docker ([coreos-overlay#1055](https://github.com/flatcar/coreos-overlay/pull/1055))<br>- flatcar-install: Add -D flag to only download the image file ([Flatcar#248](https://github.com/flatcar/Flatcar/issues/248))<br>- Make the hostname setting units optional. Having the hostname units as required by the initrd.target meant that if the unit failed the machine wouldn’t start, disrupting the whole boot. ([bootengine#23](https://github.com/flatcar/bootengine/pull/23))<br>- Enable using iSCSI netroot devices on Flatcar ([bootengine#22](https://github.com/flatcar/bootengine/pull/22))<br>- The virtio network interfaces got predictable interface names as alternative interface names, and thus these names can also be used to match for a specific interface in case there is more than one and the eth0 and eth1 name assignment is not stable. ([init#38](https://github.com/flatcar/init/pull/38))<br>- The pam_faillock PAM module was enabled as replacement for the removed pam_tally2 module and will temporarily lock an account if there were login attempts with a wrong password. The faillock command can be used to show the current state. With pam_tally2 there was no limit for wrong password login attempts but with faillock the default is already restricting the attempts. The default behavior was relaxed to allow 5 wrong passwords per two minutes, and a one minute account lock time. This does not apply to logins with an SSH key. ([baselayout#17](https://github.com/flatcar/baselayout/pull/17))<br>- The etcd and flannel services are now run with Docker and any rkt-based customizations of the etcd-member and flanneld services not supported anymore. Also, because the flanneld service relies on Docker and will restart Docker after applying the new configuration, it is not possible anymore to set Requires=flanneld.service for docker.service and instead it’s enough to have flanneld.service enabled. ([coreos-overlay#857](https://github.com/flatcar/coreos-overlay/pull/857))<br>- sshd: use secure crypto algos only ([coreos-overlay#852](https://github.com/flatcar/coreos-overlay/pull/852))<br>- samba: Update to EAPI=7, add new USE flags and remove deps on icu ([coreos-overlay#864](https://github.com/flatcar/coreos-overlay/pull/864))<br>- kernel: enable kernel config CONFIG_BPF_LSM ([coreos-overlay#846](https://github.com/flatcar/coreos-overlay/pull/846))<br>- bootengine: set hostname for EC2 and OpenStack from metadata ([coreos-overlay#848](https://github.com/flatcar/coreos-overlay/pull/848))<br>- sys-block/open-iscsi: Command substitution in iscsi-init system service ([coreos-overlay#801](https://github.com/flatcar/coreos-overlay/pull/801))<br>- scripts/motdgen: Add OEM information to motd output ([init#34](https://github.com/flatcar/init/pull/34))<br>- torcx: delete Docker 1.12 ([coreos-overlay#826](https://github.com/flatcar/coreos-overlay/pull/826))<br>- portage update: update portage and related packages to newer versions ([coreos-overlay#840](https://github.com/flatcar/coreos-overlay/pull/840))<br>- bin/flatcar-install: add parameters to make wget more resilient ([init#35](https://github.com/flatcar/init/pull/35))<br>- With the open-iscsi update to 2.1.2, the service unit name changed from iscsid to iscsi ([coreos-overlay#682](https://github.com/flatcar/coreos-overlay/pull/682))<br>- Updated nsswitch.conf to use systemd-resolved ([baselayout#10](https://github.com/flatcar/baselayout/pull/10))<br>- Enabled systemd-resolved stub listeners ([baselayout#11](https://github.com/flatcar/baselayout/pull/11))<br>- systemd-resolved: Disabled DNSSEC for the mean time ([baselayout#14](https://github.com/flatcar/baselayout/pull/14))<br>- kernel: enabled CONFIG_DEBUG_INFO_BTF ([coreos-overlay#753](https://github.com/flatcar/coreos-overlay/pull/753))<br>- containerd: Disabled shim debug logs ([coreos-overlay#766](https://github.com/flatcar/coreos-overlay/pull/766))<br>- Enable BCMGENET as a module on arm64_defconfig-5.9 ([coreos-overlay#717](https://github.com/flatcar/coreos-overlay/pull/717))<br>- Enable BCM7XXX_PHY as a module on arm64_defconfig-5.9 for Raspberry Pi 4 ([coreos-overlay#716](https://github.com/flatcar/coreos-overlay/pull/716))<br>- flatcar_production_qemu.sh: Use more CPUs for ARM if available ([scripts#91](https://github.com/flatcar/flatcar-scripts/pull/91))<br>- Enabled the kernel config HOTPLUG_PCI_ACPI for arm64 to support attaching EC2 volumes ([coreos-overlay#705](https://github.com/flatcar/coreos-overlay/pull/705))<br>- Support the lockdown kernel command line parameter ([coreos-overlay#533](https://github.com/flatcar/coreos-overlay/pull/553))<br>- AWS arm64: Enable elastic network adapter module ([coreos-overlay#631](https://github.com/flatcar/coreos-overlay/pull/631))<br>- rkt and kubelet-wrapper are deprecated and removed from Alpha, also from subsequent channels in the future. Please read the [removal announcement](https://groups.google.com/g/flatcar-linux-user/c/MeinndLqJO4) to know more.<br><br><br>### Updates:<br><br>- Linux ([5.10.109](https://lwn.net/Articles/889439)) (from 5.4.188)<br>- Linux Firmware ([20211216](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20211216))<br>- systemd ([249.10](https://github.com/systemd/systemd-stable/releases/tag/v249.10))<br>- glibc ([2.33](https://sourceware.org/glibc/wiki/Release/2.33))<br>- Go ([1.17.8](https://go.googlesource.com/go/+/refs/tags/go1.17.8))<br>- Docker ([20.10.12](https://docs.docker.com/engine/release-notes/#201012))<br>- bash ([5.1](https://lists.gnu.org/archive/html/info-gnu/2020-12/msg00003.html))<br>- c-ares ([1.17.2](https://github.com/c-ares/c-ares/releases/tag/cares-1_17_2))<br>- ca-certificates ([3.73](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_73.html))<br>- containerd ([1.5.11](https://github.com/containerd/containerd/releases/tag/v1.5.11))<br>- coreutils ([8.32](http://savannah.gnu.org/forum/forum.php?forum_id=9693))<br>- cryptsetup ([2.3.6](https://gitlab.com/cryptsetup/cryptsetup/-/blob/v2.3.6/docs/v2.3.6-ReleaseNotes))<br>- curl ([7.79.1](https://curl.se/mail/lib-2021-09/0079.html))<br>- dbus ([1.12.20](https://gitlab.freedesktop.org/dbus/dbus/-/blob/dbus-1.12.20/NEWS))<br>- ebtables ([2.0.11](https://lwn.net/Articles/806179/))<br>- etcd-wrapper ([3.5.0](https://github.com/etcd-io/etcd/releases/tag/v3.5.0))<br>- etcdctl ([3.5.0](https://github.com/etcd-io/etcd/releases/tag/v3.5.0))<br>- expat ([2.4.6](https://github.com/libexpat/libexpat/blob/R_2_4_6/expat/Changes))<br>- flannel-wrapper ([0.14](https://github.com/flannel-io/flannel/releases/tag/v0.14.0))<br>- gawk ([5.1.0](https://lists.gnu.org/archive/html/info-gnu/2020-04/msg00007.html))<br>- gettext ([0.21](https://lists.gnu.org/archive/html/info-gnu/2020-07/msg00009.html))<br>- git ([2.32.0](https://github.com/git/git/blob/master/Documentation/RelNotes/2.32.0.txt))<br>- glib ([2.66.8](https://gitlab.gnome.org/GNOME/glib/-/releases/2.66.8))<br>- gnupg ([2.2.29](https://lists.gnupg.org/pipermail/gnupg-announce/2021q3/000461.html))<br>- gnutls ([3.7.1](https://github.com/gnutls/gnutls/blob/3.7.1/NEWS))<br>- gptfdisk ([1.0.7](http://www.rodsbooks.com/gdisk/))<br>- ignition ([0.36.1](https://github.com/flatcar/ignition/releases/tag/v0.36.1))<br>- intel-microcode ([20210608_p20210608](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20210608))<br>- iptables ([1.8.7](https://lwn.net/Articles/843069/))<br>- keyutils ([1.6.1](https://lwn.net/Articles/771934/))<br>- ldb ([2.3.0](https://gitlab.com/samba-team/samba/-/blob/ldb-2.3.0/WHATSNEW.txt))<br>- libarchive ([3.5.1](https://github.com/libarchive/libarchive/releases/tag/v3.5.1))<br>- libev ([4.33](http://dist.schmorp.de/libev/))<br>- libgcrypt ([1.9.4](https://dev.gnupg.org/T5402))<br>- libmnl ([1.0.4](https://marc.info/?l=netfilter-devel&m=146745072727070&w=2))<br>- libnftnl ([1.2.0](https://lwn.net/Articles/857198/))<br>- libpcre ([8.44](http://www.rexegg.com/pcre-doc/ChangeLog))<br>- libselinux ([3.1](https://github.com/SELinuxProject/selinux/releases/tag/libselinux-3.1))<br>- libsemanage ([3.1](https://github.com/SELinuxProject/selinux/releases/tag/libsemanage-3.1))<br>- libsepol ([3.1](https://github.com/SELinuxProject/selinux/releases/tag/libsepol-3.1))<br>- libtirpc ([1.3.2](https://www.spinics.net/lists/linux-nfs/msg84129.html))<br>- libuv ([1.41.1](https://github.com/libuv/libuv/releases/tag/v1.41.1))<br>- libverto ([0.3.1](https://github.com/latchset/libverto/releases/tag/0.3.1))<br>- libxml2 ([2.9.12](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.9.12))<br>- lvm2 ([2.02.188](https://github.com/lvmteam/lvm2/blob/v2_02_188/WHATS_NEW))<br>- lz4 ([1.9.3](https://github.com/lz4/lz4/releases/tag/v1.9.3))<br>- mit-krb5 ([1.19.2](https://web.mit.edu/kerberos/krb5-1.19/README-1.19.2.txt))<br>- multipath-tools ([0.8.5](https://github.com/opensvc/multipath-tools/releases/tag/0.8.5))<br>- ncurses ([6.2](https://lists.gnu.org/archive/html/info-gnu/2020-02/msg00010.html))<br>- net-tools ([2.10](https://sourceforge.net/p/net-tools/mailman/message/37192002/))<br>- nettle ([3.7.3](https://lists.gnu.org/archive/html/info-gnu/2021-06/msg00002.html))<br>- nftables ([0.9.9](https://lwn.net/Articles/857369/))<br>- nvidia-drivers ([510.47.03](https://docs.nvidia.com/datacenter/tesla/tesla-release-notes-510-47-03/index.html)) <br>- openldap ([2.4.58](https://lists.openldap.org/hyperkitty/list/openldap-announce@openldap.org/thread/GK4OGTM6VMIAJCAZSG66VXRRN2LVQDVF/))<br>- openssh ([8.7](https://www.openssh.com/txt/release-8.7))<br>- openssl ([1.1.1n](https://www.openssl.org/news/changelog.html#openssl-111))<br>- pam ([1.5.1](https://github.com/linux-pam/linux-pam/releases/tag/v1.5.1))<br>- pambase 20200817<br>- pax-utils ([1.3.1](https://gitweb.gentoo.org/proj/pax-utils.git/tag/?h=v1.3.1))<br>- policycoreutils ([3.1](https://github.com/SELinuxProject/selinux/tree/policycoreutils-3.1))<br>- polkit ([0.119](https://gitlab.freedesktop.org/polkit/polkit/-/blob/0.119/NEWS))<br>- readline ([8.1](https://lwn.net/Articles/839213/))<br>- realmd ([0.17.0](https://gitlab.freedesktop.org/realmd/realmd/-/blob/0.17.0/NEWS))<br>- runc ([1.0.3](https://github.com/opencontainers/runc/releases/tag/v1.0.3))<br>- samba ([4.12.9](https://www.samba.org/samba/history/samba-4.12.9.html))<br>- selinux-base ([2.20200818](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20200818))<br>- selinux-base-policy ([2.20200818](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20200818))<br>- selinux-unconfined ([2.20200818](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20200818))<br>- selinux-virt ([2.20200818](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20200818))<br>- sssd ([2.3.1](https://sssd.io/release-notes/sssd-2.3.1.html))<br>- strace ([5.12](https://lists.strace.io/pipermail/strace-devel/2021-April/010516.html))<br>- talloc ([2.3.2](https://gitlab.com/samba-team/samba/-/tags/talloc-2.3.2))<br>- tar ([1.34](https://lists.gnu.org/archive/html/info-gnu/2021-02/msg00006.html))<br>- util-linux ([2.37.2](https://www.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.2-ChangeLog))<br>- vim ([8.2.3428](https://github.com/vim/vim/releases/tag/v8.2.3428))<br>- xenstore ([4.14](https://wiki.xenproject.org/wiki/Xen_Project_4.14_Release_Notes))<br>- xz-utils ([5.2.5](https://git.tukaani.org/?p=xz.git;a=blob;f=NEWS;h=d3f7d602343b4885e2c5653fefcc86fc2c14a06b;hb=v5.2.5))<br>- zstd ([1.4.9](https://github.com/facebook/zstd/releases/tag/v1.4.9))<br>- Azure: WALinuxAgent ([2.6.0.2](https://github.com/Azure/WALinuxAgent/releases/tag/v2.6.0.2))<br><br>_Changes since **Stable 3033.2.4**_<br><br><br>### Security fixes:<br><br>- nvidia-drivers ([CVE-2022-21814](https://nvd.nist.gov/vuln/detail/CVE-2022-21814), [CVE-2022-21813](https://nvd.nist.gov/vuln/detail/CVE-2022-21813))<br>- containerd ([CVE-2022-24769](https://nvd.nist.gov/vuln/detail/CVE-2022-24769))<br><br>### Bug fixes:<br><br>- AWS: specify correct console (ttyS0) on kernel command line for ARM64 instances ([coreos-overlay#1628](https://github.com/flatcar/coreos-overlay/pull/1628))<br>- Added pahole to developer container, without it kernel modules built against /usr/src/linux may fail to probe with an 'invalid relocation target' error ([coreos-overlay#1839](https://github.com/flatcar/coreos-overlay/pull/1839))<br>- network: Accept ICMPv6 Router Advertisements to fix IPv6 address assignment in the default DHCP setting ([flatcar-linux/init#51](https://github.com/flatcar/init/pull/51), [flatcar-linux/cloudinit#12](https://github.com/flatcar/coreos-cloudinit/pull/12), [flatcar-linux/bootengine#30](https://github.com/flatcar/bootengine/pull/30))<br><br>### Changes:<br><br>- The systemd-networkd `ManageForeignRoutes` and `ManageForeignRoutingPolicyRules` settings are now disabled through a drop-in file and thus can only be enabled again by a drop-in file under `/etc/systemd/networkd.conf.d/` because drop-in files take precedence over `/etc/systemd/networkd.conf` ([init#61](https://github.com/flatcar/init/pull/61))<br>- Excluded special network interface devices like bridge, tunnel, vxlan, and veth devices from the default DHCP configuration to prevent networkd interference ([init#56](https://github.com/flatcar/init/pull/56))<br>- Added a new flatcar-update tool to the image to ease manual updates, rollbacks, channel/release jumping, and airgapped updates ([flatcar-linux/init#53](https://github.com/flatcar/init/pull/53))<br>- Merge the Flatcar Pro features into the regular Flatcar images ([coreos-overlay#1679](https://github.com/flatcar/coreos-overlay/pull/1679))<br>- Enabled the FIPS support for the Linux kernel, which users can now choose through a kernel parameter in `grub.cfg` (check it taking effect with `cat /proc/sys/crypto/fips_enabled`) ([coreos-overlay#1602](https://github.com/flatcar/coreos-overlay/pull/1602))<br>- Merge the Flatcar Pro features into the regular Flatcar images ([coreos-overlay#1679](https://github.com/flatcar/coreos-overlay/pull/1679)) <br>- Enabled FIPS mode for cryptsetup ([flatcar-linux/coreos-overlay#1747](https://github.com/flatcar/coreos-overlay/pull/1747), [portage-stable#312](https://github.com/flatcar/portage-stable/pull/312))<br>- GCE: Enabled GVE kernel driver, which adds support for Google Virtual NIC on GCP ([coreos-overlay#1802](https://github.com/flatcar/coreos-overlay/pull/1802))<br>- SDK: Dropped the mantle binaries (kola, ore, etc.) from the SDK, they are now provided by the `ghcr.io/flatcar/mantle` image ([coreos-overlay#1827](https://github.com/flatcar/coreos-overlay/pull/1827), [scripts#275](https://github.com/flatcar/scripts/pull/275))<br><br>### Updates:<br><br>- Linux ([5.10.109](https://lwn.net/Articles/889439) with [5.10.108](https://lwn.net/Articles/889002))<br>- ca-certificates ([3.77](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_77.html))<br>- containerd ([1.5.11](https://github.com/containerd/containerd/releases/tag/v1.5.11))<br>- nvidia-drivers ([510.47.03](https://docs.nvidia.com/datacenter/tesla/tesla-release-notes-510-47-03/index.html)) <br>- Azure: WALinuxAgent ([2.6.0.2](https://github.com/Azure/WALinuxAgent/releases/tag/v2.6.0.2))<br><br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.10.109<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-05-05T08:46:50+00:00 @@ -182,7 +182,7 @@ https://github.com/flatcar/scripts/releases/tag/lts-2605.32.1 2605.32.1 - 2023-10-25T10:20:36.827591+00:00 + 2023-11-22T09:59:26.546752+00:00 _Changes since **LTS 2605.31.1**_<br><br>#### Updates:<br><br>- ca-certificates ([3.83](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_83.html))<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.4.210<br>- systemd 246<br><br>Architectures:<br>- amd64<br> 2022-10-17T15:09:11+00:00 @@ -190,7 +190,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2605.31.1 2605.31.1 - 2023-10-25T10:20:36.823357+00:00 + 2023-11-22T09:59:26.542415+00:00 **NOTE** LTS-2021 is near the designated end of its 18 month lifespan and will only receive 1 more update by the end of September. If you use a fixed LTS channel please switch to LTS-2022, the new LTS which has been published in May. After the next update by end of September there will be no more releases for the LTS-2021 channel. Please check your nodes' `GROUP=` setting in `/etc/flatcar/update.conf` to determine if you need to take action. Please refer to the Flatcar documentation on [switching channels](https://flatcar-linux.org/docs/latest/setup/releases/switching-channels/#freezing-an-lts-stream) to switch to LTS-2022.<br><br><br>_Changes since **LTS 2605.30.1**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2021-4159](https://nvd.nist.gov/vuln/detail/CVE-2021-4159), [CVE-2022-1462](https://nvd.nist.gov/vuln/detail/CVE-2022-1462), [CVE-2022-20369](https://nvd.nist.gov/vuln/detail/CVE-2022-20369), [CVE-2022-21505](https://nvd.nist.gov/vuln/detail/CVE-2022-21505), [CVE-2022-26373](https://nvd.nist.gov/vuln/detail/CVE-2022-26373), [CVE-2022-36123](https://nvd.nist.gov/vuln/detail/CVE-2022-36123), [CVE-2022-36879](https://nvd.nist.gov/vuln/detail/CVE-2022-36879), [CVE-2022-36946](https://nvd.nist.gov/vuln/detail/CVE-2022-36946))<br><br>#### Changes:<br><br>- The new image signing subkey was added to the public key embedded into `flatcar-install` (the old expired on 10th August 2022), only an updated `flatcar-install` script can verify releases signed with the new key ([init#79](https://github.com/flatcar/init/pull/79))<br><br>#### Updates:<br><br>- Linux ([5.4.210](https://lwn.net/Articles/904463) (includes [5.4.209](https://lwn.net/Articles/903690), [5.4.208](https://lwn.net/Articles/902919), [5.4.207](https://lwn.net/Articles/902103)))<br>- ca-certificates ([3.82](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_82.html))<br><br>Note: LTS 2605.32.1 i.e the next release to be release in the month of September would be the last release for LTS-2021. Post that there will be no more releases for the channel. Please upgrade your workloads to LTS-2022 as soon as possible.<br><br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.4.210<br>- systemd 246<br><br>Architectures:<br>- amd64<br> 2022-09-01T12:57:10+00:00 @@ -198,7 +198,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2605.30.1 2605.30.1 - 2023-10-25T10:20:36.817542+00:00 + 2023-11-22T09:59:26.536552+00:00 New LTS-2021 Release 2605.30.1<br><br>Changes since LTS-2021 2605.29.1<br><br>## Security fixes:<br><br>- Linux ([CVE-2021-33655](https://nvd.nist.gov/vuln/detail/CVE-2021-33655), [CVE-2021-33656](https://nvd.nist.gov/vuln/detail/CVE-2021-33656), [CVE-2022-2318](https://nvd.nist.gov/vuln/detail/CVE-2022-2318), [CVE-2022-26365](https://nvd.nist.gov/vuln/detail/CVE-2022-26365), [CVE-2022-32296](https://nvd.nist.gov/vuln/detail/CVE-2022-32296), [CVE-2022-33740](https://nvd.nist.gov/vuln/detail/CVE-2022-33740), [CVE-2022-33741](https://nvd.nist.gov/vuln/detail/CVE-2022-33741), [CVE-2022-33742](https://nvd.nist.gov/vuln/detail/CVE-2022-33742), [CVE-2022-33744](https://nvd.nist.gov/vuln/detail/CVE-2022-33744))<br><br>## Bug fixes:<br><br>- Removed outdated LTS channel information printed on login ([init#75](https://github.com/flatcar/init/pull/75))<br><br>## Changes:<br><br><br>## Updates:<br><br>- Linux ([5.4.206](https://lwn.net/Articles/901382) (includes [5.4.205](https://lwn.net/Articles/900908), [5.4.204](https://lwn.net/Articles/900323), [5.4.203](https://lwn.net/Articles/899790), [5.4.202](https://lwn.net/Articles/899372), [5.4.201](https://lwn.net/Articles/899089), [5.4.200](https://lwn.net/Articles/898624)))<br>- ca-certificates ([3.80](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_80.html))<br><br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.4.206<br>- systemd 246<br><br>Architectures:<br>- amd64<br> 2022-08-04T12:03:25+00:00 @@ -206,7 +206,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2605.29.1 2605.29.1 - 2023-10-25T10:20:36.812499+00:00 + 2023-11-22T09:59:26.531464+00:00 New **LTS-2021** Release **2605.29.1**<br><br>Changes since **LTS 2605.28.1**<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-1012](https://nvd.nist.gov/vuln/detail/CVE-2022-1012), [CVE-2022-32250](https://nvd.nist.gov/vuln/detail/CVE-2022-32250), [CVE-2022-21499](https://nvd.nist.gov/vuln/detail/CVE-2022-21499), [CVE-2022-32981](https://nvd.nist.gov/vuln/detail/CVE-2022-32981))<br><br>#### Updates:<br><br>- Linux ([5.4.199](https://lwn.net/Articles/898126) (includes [5.4.198](https://lwn.net/Articles/897902), [5.4.197](https://lwn.net/Articles/897169)))<br>- ca-certificates ([3.79](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_79.html))<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.4.199<br>- systemd 246<br><br>Architectures:<br>- amd64<br> 2022-06-23T11:56:51+00:00 @@ -214,7 +214,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2605.28.1 2605.28.1 - 2023-10-25T10:20:36.807912+00:00 + 2023-11-22T09:59:26.526811+00:00 # New **LTS-2021** Release **2605.28.1**<br><br>_Changes since **LTS-2021 2605.27.1**_<br><br>## Security fixes:<br><br>- Linux ([CVE-2022-28390](https://nvd.nist.gov/vuln/detail/CVE-2022-28390), [CVE-2022-1158](https://nvd.nist.gov/vuln/detail/CVE-2022-1158), [CVE-2022-1353](https://nvd.nist.gov/vuln/detail/CVE-2022-1353), [CVE-2022-30594](https://nvd.nist.gov/vuln/detail/CVE-2022-30594), [CVE-2022-1198](https://nvd.nist.gov/vuln/detail/CVE-2022-1198), [CVE-2021-4197](https://nvd.nist.gov/vuln/detail/CVE-2021-4197), [CVE-2022-28389](https://nvd.nist.gov/vuln/detail/CVE-2022-28389), [CVE-2022-1516](https://nvd.nist.gov/vuln/detail/CVE-2022-1516), [CVE-2022-1204](https://nvd.nist.gov/vuln/detail/CVE-2022-1204), [CVE-2022-1205](https://nvd.nist.gov/vuln/detail/CVE-2022-1205), [CVE-2022-29581](https://nvd.nist.gov/vuln/detail/CVE-2022-29581), [CVE-2022-28388](https://nvd.nist.gov/vuln/detail/CVE-2022-28388), [CVE-2022-1836](https://nvd.nist.gov/vuln/detail/CVE-2022-1836), [CVE-2022-1048](https://nvd.nist.gov/vuln/detail/CVE-2022-1048), [CVE-2022-1734](https://nvd.nist.gov/vuln/detail/CVE-2022-1734), [CVE-2022-0494](https://nvd.nist.gov/vuln/detail/CVE-2022-0494), [CVE-2022-28893](https://nvd.nist.gov/vuln/detail/CVE-2022-28893), [CVE-2022-1729](https://nvd.nist.gov/vuln/detail/CVE-2022-1729), [CVE-2022-0854](https://nvd.nist.gov/vuln/detail/CVE-2022-0854), [CVE-2022-26490](https://nvd.nist.gov/vuln/detail/CVE-2022-26490), [CVE-2022-28356](https://nvd.nist.gov/vuln/detail/CVE-2022-28356), [CVE-2022-1016](https://nvd.nist.gov/vuln/detail/CVE-2022-1016), [CVE-2022-27666](https://nvd.nist.gov/vuln/detail/CVE-2022-27666))<br><br><br>## Updates:<br><br>- Linux ([5.4.196](https://lwn.net/Articles/896224/) from 5.4.188)<br>- ca-certificates ([3.78](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_78.html))<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.4.196<br>- systemd 246<br><br>Architectures:<br>- amd64<br> 2022-06-23T08:51:23+00:00 @@ -222,7 +222,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2605.27.1 2605.27.1 - 2023-10-25T10:20:36.802710+00:00 + 2023-11-22T09:59:26.521530+00:00 <br>New **LTS-2021** Release **2605.27.1**<br><br>_Changes since **LTS 2605.26.1**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-0492](https://nvd.nist.gov/vuln/detail/CVE-2022-0492), [CVE-2022-0001](https://nvd.nist.gov/vuln/detail/CVE-2022-0001), [CVE-2022-0002](https://nvd.nist.gov/vuln/detail/CVE-2022-0002), [CVE-2022-1011](https://nvd.nist.gov/vuln/detail/CVE-2022-1011), [CVE-2022-1016](https://nvd.nist.gov/vuln/detail/CVE-2022-1016), [CVE-2022-23036](https://nvd.nist.gov/vuln/detail/CVE-2022-23036), [CVE-2022-23037](https://nvd.nist.gov/vuln/detail/CVE-2022-23037), [CVE-2022-23038](https://nvd.nist.gov/vuln/detail/CVE-2022-23038), [CVE-2022-23039](https://nvd.nist.gov/vuln/detail/CVE-2022-23039), [CVE-2022-23040](https://nvd.nist.gov/vuln/detail/CVE-2022-23040), [CVE-2022-23041](https://nvd.nist.gov/vuln/detail/CVE-2022-23041), [CVE-2022-23042](https://nvd.nist.gov/vuln/detail/CVE-2022-23042), [CVE-2022-23960](https://nvd.nist.gov/vuln/detail/CVE-2022-23960), [CVE-2022-25636](https://nvd.nist.gov/vuln/detail/CVE-2022-25636), [CVE-2022-27666](https://nvd.nist.gov/vuln/detail/CVE-2022-27666), [CVE-2022-28356](https://nvd.nist.gov/vuln/detail/CVE-2022-28356))<br><br>#### Updates:<br><br>- Linux ([5.4.188](https://lwn.net/Articles/889440)) (from 5.4.181)<br>- ca-certificates ([3.77](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_77.html))<br><br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.4.188<br>- systemd 246<br><br>Architectures:<br>- amd64<br> 2022-04-07T12:12:25+00:00 @@ -230,7 +230,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2605.26.1 2605.26.1 - 2023-10-25T10:20:36.797741+00:00 + 2023-11-22T09:59:26.516469+00:00 New **LTS-2605** Release **2605.26.1**<br><br>_Changes since **LTS 2605.25.1**_<br><br>#### Security fixes<br>- Linux ([CVE-2021-43976](https://nvd.nist.gov/vuln/detail/CVE-2021-43976), [CVE-2022-0330](https://nvd.nist.gov/vuln/detail/CVE-2022-0330), [CVE-2022-22942](https://nvd.nist.gov/vuln/detail/CVE-2022-22942), [CVE-2022-24448](https://nvd.nist.gov/vuln/detail/CVE-2022-24448), [CVE-2022-0617](https://nvd.nist.gov/vuln/detail/CVE-2022-0617), [CVE-2022-24959](https://nvd.nist.gov/vuln/detail/CVE-2022-24959))<br><br><br>#### Updates<br>- Linux ([5.4.176](https://lwn.net/Articles/883443)) (from 5.4.173)<br><br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.4.181<br>- systemd 246<br><br>Architectures:<br>- amd64<br> 2022-03-07T13:10:55+00:00 @@ -238,7 +238,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2605.25.1 2605.25.1 - 2023-10-25T10:20:36.793176+00:00 + 2023-11-22T09:59:26.511868+00:00 New **LTS** release **2605.25.1**<br><br>_Changes since **LTS 2605.24.1**_<br><br>#### Security fixes<br>- Linux ([CVE-2021-4135](https://nvd.nist.gov/vuln/detail/CVE-2021-4135), [CVE-2021-4155](https://nvd.nist.gov/vuln/detail/CVE-2021-4155), [CVE-2021-28711](https://nvd.nist.gov/vuln/detail/CVE-2021-28711), [CVE-2021-28712](https://nvd.nist.gov/vuln/detail/CVE-2021-28712), [CVE-2021-28713](https://nvd.nist.gov/vuln/detail/CVE-2021-28713), [CVE-2021-28714](https://nvd.nist.gov/vuln/detail/CVE-2021-28714), [CVE-2021-28715](https://nvd.nist.gov/vuln/detail/CVE-2021-28715), [CVE-2021-39685](https://nvd.nist.gov/vuln/detail/CVE-2021-39685), [CVE-2021-44733](https://nvd.nist.gov/vuln/detail/CVE-2021-44733), [CVE-2021-45095](https://nvd.nist.gov/vuln/detail/CVE-2021-45095), [CVE-2022-0185](https://nvd.nist.gov/vuln/detail/CVE-2022-0185))<br>- ca-certificates ([CVE-2021-43527](https://nvd.nist.gov/vuln/detail/CVE-2021-43527))<br><br>#### Updates<br>- Linux ([5.4.173](https://lwn.net/Articles/881965)) (includes [5.4.165](https://lwn.net/Articles/878633), [5.4.166](https://lwn.net/Articles/878900), [5.4.167](https://lwn.net/Articles/879025), [5.4.168](https://lwn.net/Articles/879498), [5.4.169](https://lwn.net/Articles/879999), [5.4.170](https://lwn.net/Articles/880467), [5.4.171](https://lwn.net/Articles/881016), [5.4.172](https://lwn.net/Articles/881550))<br>- ca-certificates ([3.74](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_74.html)) (includes [3.73.1](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_73_1.html))<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.4.173<br>- systemd 246<br><br>Architectures:<br>- amd64<br> 2022-01-26T08:39:00+00:00 @@ -246,7 +246,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2605.24.1 2605.24.1 - 2023-10-25T10:20:36.788104+00:00 + 2023-11-22T09:59:26.506730+00:00 <br><br>New **LTS** release **2605.24.1**<br><br>_Changes since **LTS 2605.23.1**_<br><br>**Security Fixes**<br><br><br><br>* Linux ([CVE-2021-42739](https://nvd.nist.gov/vuln/detail/CVE-2021-42739), [CVE-2021-3640](https://nvd.nist.gov/vuln/detail/CVE-2021-3640), [CVE-2021-4002](https://nvd.nist.gov/vuln/detail/CVE-2021-4002), [CVE-2020-27820](https://nvd.nist.gov/vuln/detail/CVE-2020-27820), [CVE-2021-43975](https://nvd.nist.gov/vuln/detail/CVE-2021-43975))<br>* ca-certificates ([CVE-2021-43527](https://nvd.nist.gov/vuln/detail/CVE-2021-43527))<br><br>**Updates**<br><br><br><br>* Linux ([5.4.164](https://lwn.net/Articles/878042))<br>* ca-certificates ([3.73](https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/vy9284s8APM))<br>* repo ([2.8](https://gerrit.googlesource.com/git-repo/+/refs/tags/v2.8))<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.4.164<br>- systemd 246<br><br>Architectures:<br>- amd64<br> 2021-12-15T19:41:33+00:00 @@ -254,7 +254,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2605.23.1 2605.23.1 - 2023-10-25T10:20:36.783432+00:00 + 2023-11-22T09:59:26.501947+00:00 <br>New **LTS** release **2605.23.1**<br><br>_Changes since **LTS 2605.22.1**_<br><br>**Security fixes**<br><br><br><br>* Linux ([CVE-2021-3760](https://nvd.nist.gov/vuln/detail/CVE-2021-3760), [CVE-2021-3772](https://nvd.nist.gov/vuln/detail/CVE-2021-3772), [CVE-2021-43056](https://nvd.nist.gov/vuln/detail/CVE-2021-43056), [CVE-2021-43389](https://nvd.nist.gov/vuln/detail/CVE-2021-43389))<br><br>**Bug fixes**<br><br><br><br>* Use https protocol instead of git for Github URLs ([flatcar-linux/coreos-overlay#1394](https://github.com/flatcar/coreos-overlay/pull/1394))<br><br>**Updates**<br><br><br><br>* Linux ([5.4.157](https://lwn.net/Articles/874853/))<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.4.157<br>- systemd 246<br><br>Architectures:<br>- amd64<br> 2021-11-09T08:12:13+00:00 @@ -262,7 +262,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2605.22.1 2605.22.1 - 2023-10-25T10:20:36.778760+00:00 + 2023-11-22T09:59:26.497250+00:00 <br>New **LTS** release **2605.22.1**<br><br>_Changes since **LTS 2605.21.1**_<br><br>**Security fixes**<br><br><br><br>* Linux ([CVE-2021-42252](https://nvd.nist.gov/vuln/detail/CVE-2021-42252), [CVE-2021-20320](https://nvd.nist.gov/vuln/detail/CVE-2021-20320), [CVE-2020-16119](https://nvd.nist.gov/vuln/detail/CVE-2020-16119), [CVE-2021-37159](https://nvd.nist.gov/vuln/detail/CVE-2021-37159), [CVE-2021-3764](https://nvd.nist.gov/vuln/detail/CVE-2021-3764), [CVE-2021-3744](https://nvd.nist.gov/vuln/detail/CVE-2021-3744), [CVE-2021-38300](https://nvd.nist.gov/vuln/detail/CVE-2021-38300), [CVE-2021-20321](https://nvd.nist.gov/vuln/detail/CVE-2021-20321), [CVE-2021-41864](https://nvd.nist.gov/vuln/detail/CVE-2021-41864))<br><br>**Bux fixes**<br><br><br><br>* The tcsd service for TPM 1 is not started on machines with TPM 2 anymore where it fails and isn’t necessary ([flatcar-linux/coreos-overlay#1364](https://github.com/flatcar/coreos-overlay/pull/1364))<br><br>**Updates**<br><br><br><br>* Linux ([5.4.155](https://lwn.net/Articles/873466/))<br>* ca-certificates ([3.69.1](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_69_1.html#nss-3-69-1-release-notes))<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.4.155<br>- systemd 246<br><br>Architectures:<br>- amd64<br> 2021-10-25T15:57:52+00:00 @@ -270,7 +270,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2605.21.1 2605.21.1 - 2023-10-25T10:20:36.773822+00:00 + 2023-11-22T09:59:26.492249+00:00 New **LTS** release **2605.21.1**<br><br>_Changes since **LTS 2605.20.1**_<br><br>**Security fixes**<br><br><br><br>* Linux ([CVE-2021-3753](https://nvd.nist.gov/vuln/detail/CVE-2021-3753),[ CVE-2021-3739](https://nvd.nist.gov/vuln/detail/CVE-2021-3739), [CVE-2021-40490](https://nvd.nist.gov/vuln/detail/CVE-2021-40490), [CVE-2021-34556](https://nvd.nist.gov/vuln/detail/CVE-2021-34556), [CVE-2021-35477](https://nvd.nist.gov/vuln/detail/CVE-2021-35477))<br><br>**Updates**<br><br><br><br>* Linux ([5.4.147](https://lwn.net/Articles/869407/))<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.4.147<br>- systemd 246<br><br>Architectures:<br>- amd64<br> 2021-09-27T08:32:37+00:00 @@ -278,7 +278,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2605.20.1 2605.20.1 - 2023-10-25T10:20:36.769337+00:00 + 2023-11-22T09:59:26.487682+00:00 New **LTS** release **2605.20.1**<br><br>_Changes since **LTS 2605.19.1**_<br><br>**Security fixes**<br><br><br><br>* Linux ([CVE-2021-3653](https://nvd.nist.gov/vuln/detail/CVE-2021-3653), [CVE-2021-3656](https://nvd.nist.gov/vuln/detail/CVE-2021-3656), [CVE-2021-38166](https://nvd.nist.gov/vuln/detail/CVE-2021-38166)) <br>* openssl ([CVE-2021-3711](https://nvd.nist.gov/vuln/detail/CVE-2021-3711), [CVE-2021-3712](https://nvd.nist.gov/vuln/detail/CVE-2021-3712))<br><br>**Updates**<br><br><br><br>* Linux ([5.4.143](https://lwn.net/Articles/867498/))<br>* openssl ([1.1.1l](https://mta.openssl.org/pipermail/openssl-announce/2021-August/000206.html))<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.4.143<br>- systemd 246<br><br>Architectures:<br>- amd64<br> 2021-09-01T14:16:35+00:00 @@ -286,7 +286,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2605.19.1 2605.19.1 - 2023-10-25T10:20:36.764679+00:00 + 2023-11-22T09:59:26.482935+00:00 <br>_Changes since **LTS 2605.18.1**_<br><br>**Security fixes**<br><br><br><br>* Linux ([CVE-2021-38204](https://nvd.nist.gov/vuln/detail/CVE-2021-38204), [CVE-2021-3679](https://nvd.nist.gov/vuln/detail/CVE-2021-3679), [CVE-2021-37576](https://nvd.nist.gov/vuln/detail/CVE-2021-37576), [CVE-2021-33624](https://nvd.nist.gov/vuln/detail/CVE-2021-33624), [CVE-2021-38198](https://nvd.nist.gov/vuln/detail/CVE-2021-38198), [CVE-2021-38205](https://nvd.nist.gov/vuln/detail/CVE-2021-38205))<br>* Systemd ([CVE-2020-13529](https://nvd.nist.gov/vuln/detail/CVE-2020-13529), [CVE-2021-33910](https://nvd.nist.gov/vuln/detail/CVE-2021-33910))<br><br>**Updates**<br><br><br><br>* Linux ([5.4.141](https://lwn.net/Articles/866303/))<br>* Systemd ([246.15](https://github.com/systemd/systemd-stable/releases/tag/v246.15))<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.4.141<br>- systemd 246<br><br>Architectures:<br>- amd64<br> 2021-08-19T13:37:31+00:00 @@ -294,7 +294,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2605.18.1 2605.18.1 - 2023-10-25T10:20:36.759933+00:00 + 2023-11-22T09:59:26.478142+00:00 **Security Fixes**<br><br><br><br>* Linux ([CVE-2021-34693](https://nvd.nist.gov/vuln/detail/CVE-2021-34693), [CVE-2020-26541](https://nvd.nist.gov/vuln/detail/CVE-2020-26541), [CVE-2021-35039](https://nvd.nist.gov/vuln/detail/CVE-2021-35039), [CVE-2021-22543](https://nvd.nist.gov/vuln/detail/CVE-2021-22543), [CVE-2020-36311](https://nvd.nist.gov/vuln/detail/CVE-2020-36311), [CVE-2021-3609](https://nvd.nist.gov/vuln/detail/CVE-2021-3609), [CVE-2021-3655](https://nvd.nist.gov/vuln/detail/CVE-2021-3655), [CVE-2021-33909](https://nvd.nist.gov/vuln/detail/CVE-2021-33909))<br><br>**Updates**<br><br><br><br>* Linux ([5.4.134](https://lwn.net/Articles/863649/))<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.4.134<br>- systemd 246<br><br>Architectures:<br>- amd64<br> 2021-07-28T08:28:35+00:00 @@ -302,7 +302,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2605.17.1 2605.17.1 - 2023-10-25T10:20:36.755300+00:00 + 2023-11-22T09:59:26.473423+00:00 <br>**Security fixes**<br><br><br><br>* Linux ([CVE-2020-26558](https://nvd.nist.gov/vuln/detail/CVE-2020-26558), [CVE-2021-0129](https://nvd.nist.gov/vuln/detail/CVE-2021-0129), [CVE-2020-24587](https://nvd.nist.gov/vuln/detail/CVE-2020-24587), [CVE-2020-24586](https://nvd.nist.gov/vuln/detail/CVE-2020-24586), [CVE-2020-24588](https://nvd.nist.gov/vuln/detail/CVE-2020-24588), [CVE-2020-26139](https://nvd.nist.gov/vuln/detail/CVE-2020-26139), [CVE-2020-26145](https://nvd.nist.gov/vuln/detail/CVE-2020-26145), [CVE-2020-26141](https://nvd.nist.gov/vuln/detail/CVE-2020-26141), [CVE-2021-3564](https://nvd.nist.gov/vuln/detail/CVE-2021-3564), [CVE-2021-3587](https://nvd.nist.gov/vuln/detail/CVE-2021-3587), [CVE-2021-3573](https://nvd.nist.gov/vuln/detail/CVE-2021-3573))<br><br>**Updates**<br><br><br><br>* Linux ([5.4.125](https://lwn.net/Articles/859023/))<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.4.125<br>- systemd 246<br><br>Architectures:<br>- amd64<br> 2021-06-17T10:32:57+00:00 @@ -310,7 +310,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2605.16.1 2605.16.1 - 2023-10-25T10:20:36.750569+00:00 + 2023-11-22T09:59:26.467981+00:00 **Security fixes**<br><br>* Linux ([CVE-2021-31829](https://nvd.nist.gov/vuln/detail/CVE-2021-31829))<br>* runc ([CVE-2021-30465](https://nvd.nist.gov/vuln/detail/CVE-2021-30465))<br><br>**Updates**<br><br>* Linux ([5.4.119](https://lwn.net/Articles/856270/))<br>* systemd ([246.13](https://github.com/systemd/systemd-stable/releases/tag/v246.13))<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.4.119<br>- systemd 246<br><br>Architectures:<br>- amd64<br> 2021-05-19T11:36:59+00:00 @@ -318,7 +318,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2605.15.1 2605.15.1 - 2023-10-25T10:20:36.746092+00:00 + 2023-11-22T09:59:26.462856+00:00 <br>**Security fixes**<br><br><br><br>* Linux ([CVE-2021-28964](https://nvd.nist.gov/vuln/detail/CVE-2021-28964), [CVE-2021-28972](https://nvd.nist.gov/vuln/detail/CVE-2021-28972), [CVE-2021-28971](https://nvd.nist.gov/vuln/detail/CVE-2021-28971), [CVE-2021-28688](https://nvd.nist.gov/vuln/detail/CVE-2021-28688), [CVE-2021-29264](https://nvd.nist.gov/vuln/detail/CVE-2021-29264),[CVE-2021-29647](https://nvd.nist.gov/vuln/detail/CVE-2021-29647), [CVE-2021-29650](https://nvd.nist.gov/vuln/detail/CVE-2021-29650), [CVE-2021-29154](https://nvd.nist.gov/vuln/detail/CVE-2021-29154), [CVE-2021-23133](https://nvd.nist.gov/vuln/detail/CVE-2021-23133))<br><br>**Bug fixes**<br><br><br><br>* Fix the patch to update DefaultTasksMax in systemd ([coreos-overlay#971](https://github.com/kinvolk/coreos-overlay/pull/971))<br><br>**Updates**<br><br><br><br>* Linux ([5.4.114](https://lwn.net/Articles/853763/))<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.4.114<br>- systemd 246<br><br>Architectures:<br>- amd64<br> 2021-04-28T13:38:02+00:00 @@ -326,7 +326,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2605.14.1 2605.14.1 - 2023-10-25T10:20:36.741305+00:00 + 2023-11-22T09:59:26.454238+00:00 **Security fixes**<br><br><br><br>* Linux ([CVE-2021-28375](https://nvd.nist.gov/vuln/detail/CVE-2021-28375), [CVE-2021-28660](https://nvd.nist.gov/vuln/detail/CVE-2021-28660), [CVE-2021-27363](https://nvd.nist.gov/vuln/detail/CVE-2021-27363), [CVE-2021-27365](https://nvd.nist.gov/vuln/detail/CVE-2021-27365), [CVE-2021-28038](https://nvd.nist.gov/vuln/detail/CVE-2021-28038), [CVE-2021-27364](https://nvd.nist.gov/vuln/detail/CVE-2021-27364), [CVE-2020-25639](https://nvd.nist.gov/vuln/detail/CVE-2020-25639))<br>* openssl ([CVE-2021-23840](https://nvd.nist.gov/vuln/detail/CVE-2021-23840),[ CVE-2021-23841](https://nvd.nist.gov/vuln/detail/CVE-2021-23841), [CVE-2020-1971](https://nvd.nist.gov/vuln/detail/CVE-2020-1971),[ CVE-2021-23840](https://nvd.nist.gov/vuln/detail/CVE-2021-23840),[ CVE-2021-23841](https://nvd.nist.gov/vuln/detail/CVE-2021-23841), [CVE-2021-3449](https://nvd.nist.gov/vuln/detail/CVE-2021-3449),[ CVE-2021-3450](https://nvd.nist.gov/vuln/detail/CVE-2021-3450))<br><br>**Updates**<br><br><br><br>* Linux ([5.4.107](https://lwn.net/Articles/849952/))<br>* openssl ([1.1.1k](https://mta.openssl.org/pipermail/openssl-announce/2021-March/000197.html))<br>* open-iscsi ([2.1.4](https://github.com/open-iscsi/open-iscsi/releases/tag/2.1.4))<br>* containerd ([1.4.4](https://github.com/containerd/containerd/releases/tag/v1.4.4))<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.4.107<br>- systemd 246<br><br>Architectures:<br>- amd64<br> 2021-03-25T15:40:57+00:00 @@ -334,7 +334,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2605.13.1 2605.13.1 - 2023-10-25T10:20:36.736161+00:00 + 2023-11-22T09:59:26.443436+00:00 **Security fixes**<br><br>* Linux - [CVE-2021-20194](https://nvd.nist.gov/vuln/detail/CVE-2021-20194), [CVE-2021-3348](https://nvd.nist.gov/vuln/detail/CVE-2021-3348), [CVE-2020-27825](https://nvd.nist.gov/vuln/detail/CVE-2020-27825), [CVE-2021-3347](https://nvd.nist.gov/vuln/detail/CVE-2021-3347), [CVE-2021-26931](https://nvd.nist.gov/vuln/detail/CVE-2021-26931), [CVE-2021-26930](https://nvd.nist.gov/vuln/detail/CVE-2021-26930), [CVE-2021-26932](https://nvd.nist.gov/vuln/detail/CVE-2021-26932)<br><br>**Bug fixes**<br><br>* login message (motd): filter out bullet point when parsing failed units ([baselayout#16](https://github.com/kinvolk/baselayout/pull/16))<br>* tcsd.service: use correct file permissions ([coreos-overlay#809](https://github.com/kinvolk/coreos-overlay/pull/809))<br>* Use LTS 2021 as OS codename instead of the wrong LTS 2020 name<br>* Flatcar Pro for AWS: flatcar-eks: add missing mkdir and update to latest versions ([coreos-overlay#817](https://github.com/kinvolk/coreos-overlay/pull/817))<br><br>**Updates**<br><br>* Linux [5.4.101](https://lwn.net/Articles/847590/)<br><br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.4.101<br>- systemd 246<br><br>Architectures:<br>- amd64<br> 2021-03-02T12:23:32+00:00 @@ -342,7 +342,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2605.12.1 2605.12.1 - 2023-10-25T10:20:36.731104+00:00 + 2023-11-22T09:59:26.432347+00:00 **Security fixes**<br><br>* Linux [CVE-2020-27815](https://www.openwall.com/lists/oss-security/2020/11/30/5), [CVE-2020-29568](https://nvd.nist.gov/vuln/detail/CVE-2020-29568), [CVE-2020-29569](https://nvd.nist.gov/vuln/detail/CVE-2020-29569), [CVE-2020-28374](https://nvd.nist.gov/vuln/detail/CVE-2020-28374),[ CVE-2020-36158](https://nvd.nist.gov/vuln/detail/CVE-2020-36158)<br>* Go[ CVE-2021-3114](https://github.com/golang/go/issues/43786)<br>* sudo [CVE-2021-3156](https://nvd.nist.gov/vuln/detail/CVE-2021-3156),[ CVE-2021-23239](https://nvd.nist.gov/vuln/detail/CVE-2021-23239)<br><br>**Bug fixes**<br><br>* networkd: avoid managing MAC addresses for veth devices ([kinvolk/init#33](https://github.com/kinvolk/init/pull/33))<br>* `/etc/iscsi/initiatorname.iscsi` is generated by the iscsi-init service ([#321](https://github.com/kinvolk/Flatcar/issues/321))<br>* Prevent iscsiadm buffer overflow ([#318](https://github.com/kinvolk/Flatcar/issues/318))<br>* Revert to building docker and containerd with go1.13 instead of go1.15. This reduces the SIGURG log spam ([#315](https://github.com/kinvolk/Flatcar/issues/315))<br><br>**Changes**<br><br>* The containerd socket is now available in the default location (`/run/containerd/containerd.sock`) and also as a symlink in the previous location (`/run/docker/libcontainerd/docker-containerd.sock`) ([#771](https://github.com/kinvolk/coreos-overlay/pull/771))<br>* With the iscsi update, the service unit has changed from iscsid to iscsi ([#791](https://github.com/kinvolk/coreos-overlay/pull/791))<br>* AWS Pro: include scripts to facilitate setup of EKS workers ([#794](https://github.com/kinvolk/coreos-overlay/pull/794))<br><br>**Updates**<br><br>* Linux ([5.4.92](https://lwn.net/Articles/843687/))<br>* open-iscsi ([2.1.3](https://github.com/open-iscsi/open-iscsi/releases/tag/2.1.3))<br>* Go ([1.15.7](https://go.googlesource.com/go/+/refs/tags/go1.15.7))<br>* sudo ([1.9.5p2](https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_5p2))<br><br>Packages:<br>- docker 19.03.14<br>- ignition 0.34.0<br>- kernel 5.4.92<br>- systemd 246<br><br>Architectures:<br>- amd64<br> 2021-02-02T13:26:13+00:00 @@ -350,7 +350,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2605.10.1 2605.10.1 - 2023-10-25T10:20:36.725317+00:00 + 2023-11-22T09:59:26.419601+00:00 Changes:<br><br>* The Linux kernel is compiled with FIPS support<br>* Containerd CRI plugin got enabled by default, only the containerd socket path needs to be specified as kubelet parameter for Kubernetes 1.20 to use containerd instead of Docker ([Flatcar#283](https://github.com/kinvolk/Flatcar/issues/283))<br><br>Updates:<br><br>* Linux (5.4.83)<br>* Docker (19.03.14)<br>* containerd (1.4.3)<br>* systemd (246.6)<br><br>Packages:<br>- docker 19.03.14<br>- ignition 0.34.0<br>- kernel 5.4.83<br>- systemd 246<br><br>Architectures:<br>- amd64<br> 2020-12-16T12:01:59+00:00 diff --git a/static/releases-feed/releases-stable.xml b/static/releases-feed/releases-stable.xml index 4eec691a..6b153acf 100644 --- a/static/releases-feed/releases-stable.xml +++ b/static/releases-feed/releases-stable.xml @@ -2,7 +2,7 @@ https://www.flatcar.org/ Flatcar :: stable - 2023-10-25T10:20:38.605744+00:00 + 2023-11-22T09:59:28.280994+00:00 Flatcar Container Linux hello@kinvolk.io @@ -11,10 +11,18 @@ python-feedgen https://kinvolk.io/images/flatcar-logo.svg Flatcar Container Linux release feed + + https://github.com/flatcar/scripts/releases/tag/stable-3602.2.2 + 3602.2.2 + 2023-11-22T09:59:28.873729+00:00 + :warning: From Alpha 3794.0.0 Torcx has been removed - please assert that you don't rely on specific Torcx mechanism but now use systemd-sysext. See [here](https://www.flatcar.org/docs/latest/provisioning/sysext/) for more information.<br><br><br> _Changes since **Stable 3602.2.1**_<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2023-46813](https://nvd.nist.gov/vuln/detail/CVE-2023-46813), [CVE-2023-5178](https://nvd.nist.gov/vuln/detail/CVE-2023-5178), [CVE-2023-5717](https://nvd.nist.gov/vuln/detail/CVE-2023-5717))<br> <br><br> #### Changes:<br> <br> - Brightbox: The regular OpenStack image should now be used, it includes Afterburn for instance metadata attributes<br> - OpenStack: An uncompressed image is provided for simpler import (since the images use qcow2 inline compression, there is no benefit in using the `.gz` or `.bz2` images)<br> - linux kernel: added zstd support for squashfs kernel module ([scripts#1297](https://github.com/flatcar/scripts/pull/1297))<br> <br> #### Updates:<br> <br> - Linux ([5.15.138](https://lwn.net/Articles/950714) (includes [5.15.137](https://lwn.net/Articles/948818)))<br>Packages:<br>- containerd 1.6.21<br>- docker 20.10.24<br>- ignition 2.15.0<br>- kernel 5.15.138<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> + + 2023-11-22T07:55:14+00:00 + https://github.com/flatcar/scripts/releases/tag/stable-3602.2.1 3602.2.1 - 2023-10-25T10:20:39.185072+00:00 + 2023-11-22T09:59:28.868502+00:00 _Changes since **Stable 3602.2.0**_<br> <br> #### Security fixes:<br> <br>- Linux ([CVE-2023-31085](https://nvd.nist.gov/vuln/detail/CVE-2023-31085), [CVE-2023-34324](https://nvd.nist.gov/vuln/detail/CVE-2023-34324), [CVE-2023-4244](https://nvd.nist.gov/vuln/detail/CVE-2023-4244), [CVE-2023-42754](https://nvd.nist.gov/vuln/detail/CVE-2023-42754), [CVE-2023-5197](https://nvd.nist.gov/vuln/detail/CVE-2023-5197))<br> - curl ([CVE-2023-38545](https://nvd.nist.gov/vuln/detail/CVE-2023-38545), [CVE-2023-38546](https://nvd.nist.gov/vuln/detail/CVE-2023-38546))<br> <br> #### Bug fixes:<br> <br> - Disabled systemd-networkd's RoutesToDNS setting by default to fix provisioning failures observed in VMs with multiple network interfaces on Azure ([scripts#1206](https://github.com/flatcar/scripts/pull/1206))<br> - Fixed a regression in Docker resulting in file permissions being dropped from exported container images. ([scripts#1231](https://github.com/flatcar/scripts/pull/1231))<br> <br> #### Changes:<br> <br> - To make Kubernetes work by default, `/usr/libexec/kubernetes/kubelet-plugins/volume/exec` is now a symlink to the writable folder `/var/kubernetes/kubelet-plugins/volume/exec` ([Flatcar#1193](https://github.com/flatcar/Flatcar/issues/1193))<br> <br> #### Updates:<br> <br> - Linux ([5.15.136](https://lwn.net/Articles/948297) (includes [5.15.135](https://lwn.net/Articles/947299), [5.15.134](https://lwn.net/Articles/946855)))<br> - ca-certificates ([3.94](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_94.html))<br>Packages:<br>- containerd 1.6.21<br>- docker 20.10.24<br>- ignition 2.15.0<br>- kernel 5.15.136<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-10-25T08:39:23+00:00 @@ -22,7 +30,7 @@ https://github.com/flatcar/scripts/releases/tag/stable-3602.2.0 3602.2.0 - 2023-10-25T10:20:39.179676+00:00 + 2023-11-22T09:59:28.863005+00:00 _Changes since **Beta 3602.1.6**_<br> <br>#### Security fixes:<br> <br> - Linux ([CVE-2023-42755](https://nvd.nist.gov/vuln/detail/CVE-2023-42755))<br> <br> #### Bug fixes:<br> <br> - Triggered re-reading of partition table to fix adding partitions to the boot disk ([scripts#1202](https://github.com/flatcar/scripts/pull/1202))<br> <br> #### Changes:<br> <br> - Use qcow2 compressed format instead of additional compression layer in Qemu images ([Flatcar#1135](https://github.com/flatcar/Flatcar/issues/1135), [scripts#1132](https://github.com/flatcar/scripts/pull/1132))<br> <br> #### Updates:<br> <br> - Linux ([5.15.133](https://lwn.net/Articles/945380))<br><br>_Changes compared to **Stable 3510.2.8**_<br><br>#### Security fixes:<br> <br> - Linux ([CVE-2023-42752](https://nvd.nist.gov/vuln/detail/CVE-2023-42752), [CVE-2023-42753](https://nvd.nist.gov/vuln/detail/CVE-2023-42753), [CVE-2023-42755](https://nvd.nist.gov/vuln/detail/CVE-2023-42755), [CVE-2023-4623](https://nvd.nist.gov/vuln/detail/CVE-2023-4623), [CVE-2023-4921](https://nvd.nist.gov/vuln/detail/CVE-2023-4921))<br> - Go ([CVE-2023-24532](https://nvd.nist.gov/vuln/detail/CVE-2023-24532), [CVE-2023-24534](https://nvd.nist.gov/vuln/detail/CVE-2023-24534), [CVE-2023-24536](https://nvd.nist.gov/vuln/detail/CVE-2023-24536), [CVE-2023-24537](https://nvd.nist.gov/vuln/detail/CVE-2023-24537), [CVE-2023-24538](https://nvd.nist.gov/vuln/detail/CVE-2023-24538), [CVE-2023-24539](https://nvd.nist.gov/vuln/detail/CVE-2023-24539), [CVE-2023-24540](https://nvd.nist.gov/vuln/detail/CVE-2023-24540), [CVE-2023-29400](https://nvd.nist.gov/vuln/detail/CVE-2023-29400), [CVE-2022-41723](https://nvd.nist.gov/vuln/detail/CVE-2022-41723), [CVE-2022-41724](https://nvd.nist.gov/vuln/detail/CVE-2022-41724), [CVE-2022-41725](https://nvd.nist.gov/vuln/detail/CVE-2022-41725))<br> - bash ([CVE-2022-3715](https://nvd.nist.gov/vuln/detail/CVE-2022-3715))<br> - c-ares ([CVE-2022-4904](https://nvd.nist.gov/vuln/detail/CVE-2022-4904))<br> - containerd ([CVE-2023-25153](https://nvd.nist.gov/vuln/detail/CVE-2023-25153), [CVE-2023-25173](https://nvd.nist.gov/vuln/detail/CVE-2023-25173))<br> - curl ([CVE-2023-23914](https://nvd.nist.gov/vuln/detail/CVE-2023-23914), [CVE-2023-23915](https://nvd.nist.gov/vuln/detail/CVE-2023-23915) and [CVE-2023-23916](https://nvd.nist.gov/vuln/detail/CVE-2023-23916), [CVE-2023-27533](https://nvd.nist.gov/vuln/detail/CVE-2023-27533), [CVE-2023-27534](https://nvd.nist.gov/vuln/detail/CVE-2023-27534), [CVE-2023-27535](https://nvd.nist.gov/vuln/detail/CVE-2023-27535), [CVE-2023-27536](https://nvd.nist.gov/vuln/detail/CVE-2023-27536), [CVE-2023-27537](https://nvd.nist.gov/vuln/detail/CVE-2023-27537), [CVE-2023-27538](https://nvd.nist.gov/vuln/detail/CVE-2023-27538))<br> - Docker ([CVE-2023-28840](https://nvd.nist.gov/vuln/detail/CVE-2023-28840), [CVE-2023-28841](https://nvd.nist.gov/vuln/detail/CVE-2023-28841), [CVE-2023-28842](https://nvd.nist.gov/vuln/detail/CVE-2023-28842))<br> - e2fsprogs ([CVE-2022-1304](https://nvd.nist.gov/vuln/detail/CVE-2022-1304))<br> - git ([CVE-2023-22490](https://nvd.nist.gov/vuln/detail/CVE-2023-22490), [CVE-2023-23946](https://nvd.nist.gov/vuln/detail/CVE-2023-23946))<br> - GnuTLS ([CVE-2023-0361](https://nvd.nist.gov/vuln/detail/CVE-2023-0361))<br> - intel-microcode ([CVE-2022-21216](https://nvd.nist.gov/vuln/detail/CVE-2022-21216), [CVE-2022-33196](https://nvd.nist.gov/vuln/detail/CVE-2022-33196), [CVE-2022-38090](https://nvd.nist.gov/vuln/detail/CVE-2022-38090))<br> - less ([CVE-2022-46663](https://nvd.nist.gov/vuln/detail/CVE-2022-46663))<br> - libxml2 ([CVE-2023-28484](https://nvd.nist.gov/vuln/detail/CVE-2023-28484), [CVE-2023-29469](https://nvd.nist.gov/vuln/detail/CVE-2023-29469))<br> - OpenSSH ([CVE-2023-25136](https://nvd.nist.gov/vuln/detail/CVE-2023-25136), [CVE-2023-28531](https://nvd.nist.gov/vuln/detail/CVE-2023-28531), [CVE-2023-38408](https://nvd.nist.gov/vuln/detail/CVE-2023-38408))<br> - OpenSSL ([CVE-2022-4203](https://nvd.nist.gov/vuln/detail/CVE-2022-4203), [CVE-2022-4304](https://nvd.nist.gov/vuln/detail/CVE-2022-4304), [CVE-2022-4450](https://nvd.nist.gov/vuln/detail/CVE-2022-4450), [CVE-2023-0215](https://nvd.nist.gov/vuln/detail/CVE-2023-0215), [CVE-2023-0216](https://nvd.nist.gov/vuln/detail/CVE-2023-0216), [CVE-2023-0217](https://nvd.nist.gov/vuln/detail/CVE-2023-0217), [CVE-2023-0286](https://nvd.nist.gov/vuln/detail/CVE-2023-0286), [CVE-2023-0401](https://nvd.nist.gov/vuln/detail/CVE-2023-0401), [CVE-2023-0464](https://nvd.nist.gov/vuln/detail/CVE-2023-0464), [CVE-2023-0465](https://nvd.nist.gov/vuln/detail/CVE-2023-0465), [CVE-2023-0466](https://nvd.nist.gov/vuln/detail/CVE-2023-0466), [CVE-2023-1255](https://nvd.nist.gov/vuln/detail/CVE-2023-1255))<br> - runc ([CVE-2023-25809](https://nvd.nist.gov/vuln/detail/CVE-2023-25809), [CVE-2023-27561](https://nvd.nist.gov/vuln/detail/CVE-2023-27561), [CVE-2023-28642](https://nvd.nist.gov/vuln/detail/CVE-2023-28642))<br> - tar ([CVE-2022-48303](https://nvd.nist.gov/vuln/detail/CVE-2022-48303))<br> - torcx ([CVE-2022-32149](https://nvd.nist.gov/vuln/detail/CVE-2022-32149))<br> - vim ([CVE-2023-0288](https://nvd.nist.gov/vuln/detail/CVE-2023-0288), [CVE-2023-0433](https://nvd.nist.gov/vuln/detail/CVE-2023-0433), [CVE-2023-1127](https://nvd.nist.gov/vuln/detail/CVE-2023-1127), [CVE-2023-1175](https://nvd.nist.gov/vuln/detail/CVE-2023-1175), [CVE-2023-1170](https://nvd.nist.gov/vuln/detail/CVE-2023-1170))<br> - SDK: dnsmasq ([CVE-2022-0934](https://nvd.nist.gov/vuln/detail/CVE-2022-0934))<br> - SDK: pkgconf ([CVE-2023-24056](https://nvd.nist.gov/vuln/detail/CVE-2023-24056))<br> - SDK: python ([CVE-2023-24329](https://nvd.nist.gov/vuln/detail/CVE-2023-24329))<br> <br> #### Bug fixes:<br> <br> - Ensured that `/var/log/journal/` is created early enough for systemd-journald to persist the logs on first boot ([bootengine#60](https://github.com/flatcar/bootengine/pull/60), [baselayout#29](https://github.com/flatcar/baselayout/pull/29))<br> - Fixed `journalctl --user` permission issue ([Flatcar#989](https://github.com/flatcar/Flatcar/issues/989))<br> - Ensured that the folder `/var/log/sssd` is created if it doesn't exist, required for `sssd.service` ([Flatcar#1096](https://github.com/flatcar/Flatcar/issues/1096))<br> - Fixed a miscompilation of getfacl causing it to dump core when executed ([scripts#809](https://github.com/flatcar/scripts/pull/809))<br> - Restored the reboot warning and delay for non-SSH console sessions ([locksmith#21](https://github.com/flatcar/locksmith/pull/21))<br> - Triggered re-reading of partition table to fix adding partitions to the boot disk ([scripts#1202](https://github.com/flatcar/scripts/pull/1202))<br> - Worked around a bash regression in `flatcar-install` and added error reporting for disk write failures ([Flatcar#1059](https://github.com/flatcar/Flatcar/issues/1059))<br> <br> #### Changes:<br> <br> - Added `pigz` to the image, a parallel gzip implementation, which is useful to speed up the (de)compression for large container image imports/exports ([coreos-overlay#2504](https://github.com/flatcar/coreos-overlay/pull/2504))<br> - Added a new `flatcar-reset` tool and boot logic for selective OS resets to reconfigure the system with Ignition while avoiding config drift ([bootengine#55](https://github.com/flatcar/bootengine/pull/55), [init#91](https://github.com/flatcar/init/pull/91))<br> - Enabled elfutils support in systemd-coredump. A backtrace will now appear in the journal for any program that dumps core ([coreos-overlay#2489](https://github.com/flatcar/coreos-overlay/pull/2489))<br> - Improved the OS reset tool to offer preview, backup and restore ([init#94](https://github.com/flatcar/init/pull/94))<br> - On boot any files in `/etc` that are the same as provided by the booted `/usr/share/flatcar/etc` default for the overlay mount on `/etc` are deleted to ensure that future updates of `/usr/share/flatcar/etc` are propagated - to opt out create `/etc/.no-dup-update` in case you want to keep an unmodified config file as is or because you fear that a future Flatcar version may use the same file as you at which point your copy is cleaned up and any other future Flatcar changes would be applied ([bootengine#54](https://github.com/flatcar/bootengine/pull/54))<br> - Switched systemd log reporting to the combined format of both unit description, as before, and now the unit name to easily find the unit ([coreos-overlay#2436](https://github.com/flatcar/coreos-overlay/pull/2436))<br> - `/etc` is now set up as overlayfs with the original `/etc` folder being the store for changed files/directories and `/usr/share/flatcar/etc` providing the lower default directory tree ([bootengine#53](https://github.com/flatcar/bootengine/pull/53), [scripts#666](https://github.com/flatcar/scripts/pull/666))<br> - Changed coreos-cloudinit to now set the short hostname instead of the FQDN when fetched from the metadata service ([coreos-cloudinit#19](https://github.com/flatcar/coreos-cloudinit/pull/19))<br> - Use qcow2 compressed format instead of additional compression layer in Qemu images ([Flatcar#1135](https://github.com/flatcar/Flatcar/issues/1135), [scripts#1132](https://github.com/flatcar/scripts/pull/1132))<br> <br> #### Updates:<br> <br> - Linux ([5.15.133](https://lwn.net/Articles/945380) (includes [5.15.132](https://lwn.net/Articles/944877), [5.15.131](https://lwn.net/Articles/943755), [5.15.130](https://lwn.net/Articles/943404), [5.15.129](https://lwn.net/Articles/943113), [5.15.128](https://lwn.net/Articles/942866), [5.15.127](https://lwn.net/Articles/941775), [5.15.126](https://lwn.net/Articles/941273), [5.15.125](https://lwn.net/Articles/940798), [5.15.124](https://lwn.net/Articles/940339), [5.15.123](https://lwn.net/Articles/939424), [5.15.122](https://lwn.net/Articles/939104), [5.15.121](https://lwn.net/Articles/939016), [5.15.120](https://lwn.net/Articles/937404), [5.15.119](https://lwn.net/Articles/936675), [5.15.118](https://lwn.net/Articles/935584), [5.15.117](https://lwn.net/Articles/934622), [5.15.116](https://lwn.net/Articles/934320), [5.15.115](https://lwn.net/Articles/933909), [5.15.114](https://lwn.net/Articles/933280), [5.15.113](https://lwn.net/Articles/932883), [5.15.112](https://lwn.net/Articles/932134), [5.15.111](https://lwn.net/Articles/931652), [5.15.110](https://lwn.net/Articles/930600), [5.15.109](https://lwn.net/Articles/930263), [5.15.108](https://lwn.net/Articles/929679), [5.15.107](https://lwn.net/Articles/929015/), [5.15.106](https://lwn.net/Articles/928343), [5.15.105](https://lwn.net/Articles/927860), [5.15.104](https://lwn.net/Articles/926873), [5.15.103](https://lwn.net/Articles/926415), [5.15.102](https://lwn.net/Articles/925991), [5.15.101](https://lwn.net/Articles/925939), [5.15.100](https://lwn.net/Articles/925913), [5.15.99](https://lwn.net/Articles/925844)))<br> - Linux Firmware ([20230404](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20230404) (includes [20230310](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20230310), [20230210](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20230210)))<br> - Go ([1.19.9](https://go.dev/doc/devel/release#go1.19.9) (includes [1.19.8](https://go.dev/doc/devel/release#go1.19.8), [1.19.7](https://go.dev/doc/devel/release#go1.19.7), [1.19.6](https://go.dev/doc/devel/release#go1.19.6)))<br> - bash ([5.2](https://lists.gnu.org/archive/html/bash-announce/2022-09/msg00000.html))<br> - bind tools ([9.16.37](https://bind9.readthedocs.io/en/v9_16_37/notes.html#notes-for-bind-9-16-37))<br> - bpftool ([6.2.1](https://kernelnewbies.org/LinuxChanges#Linux_6.2.Tracing.2C_perf_and_BPF))<br> - btrfs-progs ([6.0.2](https://btrfs.readthedocs.io/en/latest/CHANGES.html#btrfs-progs-6-0-2-2022-11-24), includes [6.0](https://btrfs.readthedocs.io/en/latest/CHANGES.html#btrfs-progs-6-0-2022-10-11))<br> - c-ares ([1.19.0](https://c-ares.org/changelog.html#1_19_0))<br> - containerd ([1.6.21](https://github.com/containerd/containerd/releases/tag/v1.6.21) (includes [1.6.20](https://github.com/containerd/containerd/releases/tag/v1.6.20), [1.6.19](https://github.com/containerd/containerd/releases/tag/v1.6.19) [1.6.18](https://github.com/containerd/containerd/releases/tag/v1.6.18))<br> - curl ([8.0.1](https://curl.se/changes.html#8_0_1) (includes [7.88.1](https://curl.se/changes.html#7_88_1), [7.88.0](https://curl.se/changes.html#7_88_0)))<br> - diffutils ([3.9](https://savannah.gnu.org/forum/forum.php?forum_id=10282))<br> - Docker ([20.10.24](https://docs.docker.com/engine/release-notes/20.10/#201024))<br> - e2fsprogs ([1.47.0](https://e2fsprogs.sourceforge.net/e2fsprogs-release.html##1.47.0) (includes [1.46.6](https://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.46.6)))<br> - findutils ([4.9.0](https://lists.gnu.org/archive/html/info-gnu/2022-02/msg00003.html))<br> - gcc ([12.2.1](https://gcc.gnu.org/gcc-12/changes.html))<br> - gdb ([13.1.90](https://lwn.net/Articles/923819/))<br> - git ([2.39.2](https://github.com/git/git/blob/v2.39.2/Documentation/RelNotes/2.39.2.txt))<br> - GLib ([2.74.6](https://gitlab.gnome.org/GNOME/glib/-/tags/2.74.6) (includes [2.74.5](https://gitlab.gnome.org/GNOME/glib/-/tags/2.74.5)))<br> - GnuTLS ([3.8.0](https://gitlab.com/gnutls/gnutls/-/blob/3.8.0/NEWS))<br> - ignition ([2.15.0](https://coreos.github.io/ignition/release-notes/#ignition-2150-2023-02-21))<br> - intel-microcode ([20230214](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230214))<br> - iperf ([3.13](https://github.com/esnet/iperf/blob/3.13/RELNOTES.md))<br> - iputils ([20221126](https://github.com/iputils/iputils/releases/tag/20221126))<br> - less ([608](http://www.greenwoodsoftware.com/less/news.608.html))<br> - libarchive ([3.6.2](https://github.com/libarchive/libarchive/releases/tag/v3.6.2))<br> - libpcap ([1.10.3](https://git.tcpdump.org/libpcap/blob/refs/tags/libpcap-1.10.3:/CHANGES) (includes [1.10.2](https://git.tcpdump.org/libpcap/blob/refs/tags/libpcap-1.10.2:/CHANGES)))<br> - libpcre2 ([10.42](https://github.com/PCRE2Project/pcre2/blob/pcre2-10.42/NEWS))<br> - libxml2 ([2.10.4](https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.4))<br> - multipath-tools ([0.9.4](https://github.com/opensvc/multipath-tools/commits/0.9.4))<br> - OpenSSH ([9.3](http://www.openssh.com/releasenotes.html#9.3) (includes [9.2](http://www.openssh.com/releasenotes.html#9.2)))<br> - OpenSSL ([3.0.8](https://github.com/openssl/openssl/blob/openssl-3.0.8/NEWS.md#major-changes-between-openssl-307-and-openssl-308-7-feb-2023))<br> - pinentry ([1.2.1](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=pinentry.git;a=blob;f=NEWS;h=c080b34e57d01a6ccca9d2996d7096c42b1a3f84;hb=8ab1682e80a2b4185ee9ef66cbb44340245966fc))<br> - qemu guest agent ([7.1.0](https://wiki.qemu.org/ChangeLog/7.1#Guest_agent))<br> - readline ([8.2](https://lists.gnu.org/archive/html/info-gnu/2022-09/msg00013.html))<br> - runc ([1.1.7](https://github.com/opencontainers/runc/releases/tag/v1.1.7) (includes [1.1.6](https://github.com/opencontainers/runc/releases/tag/v1.1.6), [1.1.5](https://github.com/opencontainers/runc/releases/tag/v1.1.5)))<br> - socat ([1.7.4.4](https://repo.or.cz/socat.git/blob/refs/tags/tag-1.7.4.4:/CHANGES))<br> - sqlite ([3.41.2](https://sqlite.org/releaselog/3_41_2.html))<br> - strace ([6.1](https://github.com/strace/strace/releases/tag/v6.1))<br> - traceroute (2.1.1)<br> - vim ([9.0.1403](https://github.com/vim/vim/releases/tag/v9.0.1403) (includes [9.0.1363](https://github.com/vim/vim/releases/tag/v9.0.1363)))<br> - XZ utils ([5.4.2](https://github.com/tukaani-project/xz/releases/tag/v5.4.2))<br> - Zstandard ([1.5.4](https://github.com/facebook/zstd/releases/tag/v1.5.4) (includes [1.5.2](https://github.com/facebook/zstd/releases/tag/v1.5.2), [1.5.1](https://github.com/facebook/zstd/releases/tag/v1.5.1) and [1.5.0](https://github.com/facebook/zstd/releases/tag/v1.5.0)))<br> - SDK: cmake ([3.25.2](https://cmake.org/cmake/help/v3.25/release/3.25.html))<br> - SDK: dnsmasq ([2.89](https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2023q1/016859.html))<br> - SDK: pahole ([1.24](https://github.com/acmel/dwarves/releases/tag/v1.24))<br> - SDK: portage ([3.0.44](https://gitweb.gentoo.org/proj/portage.git/tree/NEWS?h=portage-3.0.44))<br> - SDK: python ([3.10.10](https://docs.python.org/3.10/whatsnew/changelog.html#python-3-10-10-final) (includes [3.10.9](https://docs.python.org/3.10/whatsnew/changelog.html#python-3-10-9-final), [3.10](https://www.python.org/downloads/release/python-3100/)))<br> - SDK: Rust ([1.68.2](https://github.com/rust-lang/rust/releases/tag/1.68.2) (includes [1.68.0](https://github.com/rust-lang/rust/releases/tag/1.68.0), [1.67.1](https://github.com/rust-lang/rust/releases/tag/1.67.1)))<br> - SDK: nano ([7.2](https://git.savannah.gnu.org/cgit/nano.git/tree/NEWS?h=v7.2))<br> - VMware: open-vm-tools ([12.2.0](https://github.com/vmware/open-vm-tools/releases/tag/stable-12.2.0))<br>Packages:<br>- containerd 1.6.21<br>- docker 20.10.24<br>- ignition 2.15.0<br>- kernel 5.15.133<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-10-05T10:02:27+00:00 @@ -30,7 +38,7 @@ https://github.com/flatcar/scripts/releases/tag/stable-3510.2.8 3510.2.8 - 2023-10-25T10:20:39.164306+00:00 + 2023-11-22T09:59:28.847620+00:00 _Changes since **Stable 3510.2.7**_<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2023-20588](https://nvd.nist.gov/vuln/detail/CVE-2023-20588), [CVE-2023-3772](https://nvd.nist.gov/vuln/detail/CVE-2023-3772), [CVE-2023-40283](https://nvd.nist.gov/vuln/detail/CVE-2023-40283), [CVE-2023-4128](https://nvd.nist.gov/vuln/detail/CVE-2023-4128), [CVE-2023-4206](https://nvd.nist.gov/vuln/detail/CVE-2023-4206), [CVE-2023-4207](https://nvd.nist.gov/vuln/detail/CVE-2023-4207), [CVE-2023-4208](https://nvd.nist.gov/vuln/detail/CVE-2023-4208), [CVE-2023-4273](https://nvd.nist.gov/vuln/detail/CVE-2023-4273), [CVE-2023-4569](https://nvd.nist.gov/vuln/detail/CVE-2023-4569))<br> <br> #### Changes:<br> <br> - Azure: Add support for Microsoft Azure Network Adapter (MANA) NICs on Azure ([scripts#1131](https://github.com/flatcar/scripts/pull/1131))<br> <br> #### Updates:<br> <br> - Linux ([5.15.129](https://lwn.net/Articles/943113) (includes [5.15.128](https://lwn.net/Articles/942866), [5.15.127](https://lwn.net/Articles/941775), [5.15.126](https://lwn.net/Articles/941296)))<br> - ca-certificates ([3.93](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_93.html))<br>Packages:<br>- containerd 1.6.16<br>- docker 20.10.23<br>- ignition 2.14.0<br>- kernel 5.15.129<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-09-21T11:36:30+00:00 @@ -38,7 +46,7 @@ https://github.com/flatcar/scripts/releases/tag/stable-3510.2.7 3510.2.7 - 2023-10-25T10:20:39.159083+00:00 + 2023-11-22T09:59:28.842440+00:00 _Changes since **Stable 3510.2.6**_<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2022-40982](https://nvd.nist.gov/vuln/detail/CVE-2022-40982), [CVE-2022-41804](https://nvd.nist.gov/vuln/detail/CVE-2022-41804), [CVE-2023-1206](https://nvd.nist.gov/vuln/detail/CVE-2023-1206), [CVE-2023-20569](https://nvd.nist.gov/vuln/detail/CVE-2023-20569), [CVE-2023-4004](https://nvd.nist.gov/vuln/detail/CVE-2023-4004), [CVE-2023-4147](https://nvd.nist.gov/vuln/detail/CVE-2023-4147), [CVE-2023-20569](https://nvd.nist.gov/vuln/detail/CVE-2023-20569), [CVE-2023-23908](https://nvd.nist.gov/vuln/detail/CVE-2023-23908))<br> <br> #### Bug fixes:<br> <br> - Fixed the restart of Systemd services when the main process is being killed by a SIGHUP signal ([flatcar#1157](https://github.com/flatcar/Flatcar/issues/1157))<br> <br> #### Updates:<br> <br> - Linux ([5.15.125](https://lwn.net/Articles/940801) (includes [5.15.124](https://lwn.net/Articles/940339), [5.15.123](https://lwn.net/Articles/939424)))<br>Packages:<br>- containerd 1.6.16<br>- docker 20.10.23<br>- ignition 2.14.0<br>- kernel 5.15.125<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-09-06T13:18:41+00:00 @@ -46,7 +54,7 @@ https://github.com/flatcar/scripts/releases/tag/stable-3510.2.6 3510.2.6 - 2023-10-25T10:20:39.154057+00:00 + 2023-11-22T09:59:28.837449+00:00 _Changes since **Stable 3510.2.5**_<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2022-48502](https://nvd.nist.gov/vuln/detail/CVE-2022-48502), [CVE-2023-20593](https://nvd.nist.gov/vuln/detail/CVE-2023-20593), [CVE-2023-2898](https://nvd.nist.gov/vuln/detail/CVE-2023-2898), [CVE-2023-31248](https://nvd.nist.gov/vuln/detail/CVE-2023-31248), [CVE-2023-35001](https://nvd.nist.gov/vuln/detail/CVE-2023-35001), [CVE-2023-3611](https://nvd.nist.gov/vuln/detail/CVE-2023-3611), [CVE-2023-3776](https://nvd.nist.gov/vuln/detail/CVE-2023-3776), [CVE-2023-38432](https://nvd.nist.gov/vuln/detail/CVE-2023-38432), [CVE-2023-3863](https://nvd.nist.gov/vuln/detail/CVE-2023-3863))<br> - linux-firmware ([CVE-2023-20593](https://nvd.nist.gov/vuln/detail/CVE-2023-20593))<br> <br> #### Updates:<br> <br> - Linux ([5.15.122](https://lwn.net/Articles/939104) (includes [5.15.121](https://lwn.net/Articles/939016), [5.15.120](https://lwn.net/Articles/937404)))<br> - ca-certificates ([3.92](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_92.html))<br> - linux-firmware ([20230625](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20230625))<br><br>Packages:<br>- containerd 1.6.16<br>- docker 20.10.23<br>- ignition 2.14.0<br>- kernel 5.15.122<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-08-09T11:42:20+00:00 @@ -54,7 +62,7 @@ https://github.com/flatcar/scripts/releases/tag/stable-3510.2.5 3510.2.5 - 2023-10-25T10:20:39.149075+00:00 + 2023-11-22T09:59:28.832361+00:00 _Changes since **Stable 3510.2.4**_<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2023-3338](https://nvd.nist.gov/vuln/detail/CVE-2023-3338), [CVE-2023-3390](https://nvd.nist.gov/vuln/detail/CVE-2023-3390))<br> <br> #### Bug fixes:<br> <br> - Resolved the conflicting FD usage of libselinux and systemd which caused, e.g., a systemd crash on certain watchdog interaction during shutdown (patch in systemd 252.11)<br> <br> #### Updates:<br> <br> - Linux ([5.15.119](https://lwn.net/Articles/936675) (includes [5.15.118](https://lwn.net/Articles/935584)))<br> - systemd ([252.11](https://github.com/systemd/systemd-stable/releases/tag/v252.11) (from 252.5))<br>Packages:<br>- containerd 1.6.16<br>- docker 20.10.23<br>- ignition 2.14.0<br>- kernel 5.15.119<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-07-18T09:00:12+00:00 @@ -62,7 +70,7 @@ https://github.com/flatcar/scripts/releases/tag/stable-3510.2.4 3510.2.4 - 2023-10-25T10:20:39.144259+00:00 + 2023-11-22T09:59:28.827522+00:00 _Changes since **Stable 3510.2.3**_<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2023-2124](https://nvd.nist.gov/vuln/detail/CVE-2023-2124), [CVE-2023-3212](https://nvd.nist.gov/vuln/detail/CVE-2023-3212), [CVE-2023-35788](https://nvd.nist.gov/vuln/detail/CVE-2023-35788))<br> <br> #### Bug fixes:<br> <br> <br> #### Changes:<br> <br> - Changed ext4 inode size of root partition to 256 bytes. This improves compatibility with applications and is necessary for 2038 readiness ([Flatcar#1082](https://github.com/flatcar/Flatcar/issues/1082))<br> <br> #### Updates:<br> <br> - Linux ([5.15.117](https://lwn.net/Articles/934622) (includes [5.15.116](https://lwn.net/Articles/934320), [5.15.115](https://lwn.net/Articles/933909), [5.15.114](https://lwn.net/Articles/933280)))<br> - ca-certificates ([3.91](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_91.html))<br>Packages:<br>- containerd 1.6.16<br>- docker 20.10.23<br>- ignition 2.14.0<br>- kernel 5.15.117<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-07-06T12:16:13+00:00 @@ -70,7 +78,7 @@ https://github.com/flatcar/scripts/releases/tag/stable-3510.2.3 3510.2.3 - 2023-10-25T10:20:39.139361+00:00 + 2023-11-22T09:59:28.822534+00:00 _Changes since **Stable 3510.2.2**_<br> <br>#### Security fixes:<br> <br>- Linux ([CVE-2022-48425](https://nvd.nist.gov/vuln/detail/CVE-2022-48425))<br> <br>#### Updates:<br> <br>- Linux ([5.15.113](https://lwn.net/Articles/932883) (includes [5.15.112](https://lwn.net/Articles/932134)))<br>- ca-certificates ([3.90](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_90.html))<br>Packages:<br>- containerd 1.6.16<br>- docker 20.10.23<br>- ignition 2.14.0<br>- kernel 5.15.113<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-06-21T12:18:43+00:00 @@ -78,7 +86,7 @@ https://github.com/flatcar/scripts/releases/tag/stable-3510.2.2 3510.2.2 - 2023-10-25T10:20:39.134842+00:00 + 2023-11-22T09:59:28.817904+00:00 _Changes since **Stable 3510.2.1**_<br> <br>#### Security fixes:<br> <br> - Linux ([CVE-2023-1380](https://nvd.nist.gov/vuln/detail/CVE-2023-1380), [CVE-2023-1859](https://nvd.nist.gov/vuln/detail/CVE-2023-1859), [CVE-2023-2002](https://nvd.nist.gov/vuln/detail/CVE-2023-2002), [CVE-2023-2269](https://nvd.nist.gov/vuln/detail/CVE-2023-2269), [CVE-2023-31436](https://nvd.nist.gov/vuln/detail/CVE-2023-31436), [CVE-2023-32233](https://nvd.nist.gov/vuln/detail/CVE-2023-32233))<br> <br>#### Bug fixes:<br> <br> <br>#### Changes:<br> <br> <br>#### Updates:<br> <br> - Linux ([5.15.111](https://lwn.net/Articles/931652) (includes [5.15.110](https://lwn.net/Articles/930600), [5.15.109](https://lwn.net/Articles/930263), [5.15.108](https://lwn.net/Articles/929679), [5.15.107](https://lwn.net/Articles/929015)))<br> - ca-certificates ([3.89.1](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_89_1.html))<br><br>Packages:<br>- containerd 1.6.16<br>- docker 20.10.23<br>- ignition 2.14.0<br>- kernel 5.15.111<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-06-01T11:50:00+00:00 @@ -86,7 +94,7 @@ https://github.com/flatcar/scripts/releases/tag/stable-3510.2.1 3510.2.1 - 2023-10-25T10:20:39.129982+00:00 + 2023-11-22T09:59:28.812954+00:00 _Changes since **Stable 3510.2.0**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-4269](https://nvd.nist.gov/vuln/detail/CVE-2022-4269), [CVE-2022-4379](https://nvd.nist.gov/vuln/detail/CVE-2022-4379), [CVE-2023-1076](https://nvd.nist.gov/vuln/detail/CVE-2023-1076), [CVE-2023-1077](https://nvd.nist.gov/vuln/detail/CVE-2023-1077), [CVE-2023-1079](https://nvd.nist.gov/vuln/detail/CVE-2023-1079), [CVE-2023-1118](https://nvd.nist.gov/vuln/detail/CVE-2023-1118), [CVE-2023-1611](https://nvd.nist.gov/vuln/detail/CVE-2023-1611), [CVE-2023-1670](https://nvd.nist.gov/vuln/detail/CVE-2023-1670), [CVE-2023-1829](https://nvd.nist.gov/vuln/detail/CVE-2023-1829), [CVE-2023-1855](https://nvd.nist.gov/vuln/detail/CVE-2023-1855), [CVE-2023-1989](https://nvd.nist.gov/vuln/detail/CVE-2023-1989), [CVE-2023-1990](https://nvd.nist.gov/vuln/detail/CVE-2023-1990), [CVE-2023-23004](https://nvd.nist.gov/vuln/detail/CVE-2023-23004), [CVE-2023-25012](https://nvd.nist.gov/vuln/detail/CVE-2023-25012), [CVE-2023-28466](https://nvd.nist.gov/vuln/detail/CVE-2023-28466), [CVE-2023-30456](https://nvd.nist.gov/vuln/detail/CVE-2023-30456), [CVE-2023-30772](https://nvd.nist.gov/vuln/detail/CVE-2023-30772))<br>- nvidia-drivers ([CVE-2022-31607](https://nvd.nist.gov/vuln/detail/CVE-2022-31607), [CVE-2022-31608](https://nvd.nist.gov/vuln/detail/CVE-2022-31608), [CVE-2022-31615](https://nvd.nist.gov/vuln/detail/CVE-2022-31615), [CVE-2022-34665](https://nvd.nist.gov/vuln/detail/CVE-2022-34665), [CVE-2022-34666](https://nvd.nist.gov/vuln/detail/CVE-2022-34666), [CVE-2022-34670](https://nvd.nist.gov/vuln/detail/CVE-2022-34670), [CVE-2022-34673](https://nvd.nist.gov/vuln/detail/CVE-2022-34673), [CVE-2022-34674](https://nvd.nist.gov/vuln/detail/CVE-2022-34674), [CVE-2022-34676](https://nvd.nist.gov/vuln/detail/CVE-2022-34676), [CVE-2022-34677](https://nvd.nist.gov/vuln/detail/CVE-2022-34677), [CVE-2022-34678](https://nvd.nist.gov/vuln/detail/CVE-2022-34678), [CVE-2022-34679](https://nvd.nist.gov/vuln/detail/CVE-2022-34679), [CVE-2022-34680](https://nvd.nist.gov/vuln/detail/CVE-2022-34680), [CVE-2022-34682](https://nvd.nist.gov/vuln/detail/CVE-2022-34682), [CVE-2022-34684](https://nvd.nist.gov/vuln/detail/CVE-2022-34684), [CVE-2022-42254](https://nvd.nist.gov/vuln/detail/CVE-2022-42254), [CVE-2022-42255](https://nvd.nist.gov/vuln/detail/CVE-2022-42255), [CVE-2022-42256](https://nvd.nist.gov/vuln/detail/CVE-2022-42256), [CVE-2022-42257](https://nvd.nist.gov/vuln/detail/CVE-2022-42257), [CVE-2022-42258](https://nvd.nist.gov/vuln/detail/CVE-2022-42258), [CVE-2022-42259](https://nvd.nist.gov/vuln/detail/CVE-2022-42259), [CVE-2022-42260](https://nvd.nist.gov/vuln/detail/CVE-2022-42260), [CVE-2022-42261](https://nvd.nist.gov/vuln/detail/CVE-2022-42261), [CVE-2022-42263](https://nvd.nist.gov/vuln/detail/CVE-2022-42263), [CVE-2022-42264](https://nvd.nist.gov/vuln/detail/CVE-2022-42264), [CVE-2022-42265](https://nvd.nist.gov/vuln/detail/CVE-2022-42265))<br><br>#### Bug fixes:<br>- Fixed the broken emerge-gitclone in the dev-container owing to the missing migration action around the unification of the Flatcar core repositories<br><br>#### Changes:<br>- The package upgrade for nvidia-drivers might result in not supporting a few of the older NVIDIA Tesla GPUs. If you are facing issues, set `NVIDIA_DRIVER_VERSION=460.106.00` in `/etc/flatcar/nvidia-metadata`<br><br>#### Updates:<br><br>- Linux ([5.15.106](https://lwn.net/Articles/928343) (includes [5.15.105](https://lwn.net/Articles/927860), [5.15.104](https://lwn.net/Articles/926873), [5.15.103](https://lwn.net/Articles/926415), [5.15.102](https://lwn.net/Articles/925991), [5.15.101](https://lwn.net/Articles/925939), [5.15.100](https://lwn.net/Articles/925913), [5.15.99](https://lwn.net/Articles/925844)))<br>- nvidia-drivers ([525.105.17](https://docs.nvidia.com/datacenter/tesla/tesla-release-notes-525-105-17/index.html))<br><br>Packages:<br>- containerd 1.6.16<br>- docker 20.10.23<br>- ignition 2.14.0<br>- kernel 5.15.106<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-04-25T13:41:09+00:00 @@ -94,7 +102,7 @@ https://github.com/flatcar/scripts/releases/tag/stable-3510.2.0 3510.2.0 - 2023-10-25T10:20:39.123325+00:00 + 2023-11-22T09:59:28.806213+00:00 _Changes since **Stable 3374.2.5**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-2196](https://nvd.nist.gov/vuln/detail/CVE-2022-2196), [CVE-2022-27672](https://nvd.nist.gov/vuln/detail/CVE-2022-27672), [CVE-2022-3707](https://nvd.nist.gov/vuln/detail/CVE-2022-3707), [CVE-2023-1078](https://nvd.nist.gov/vuln/detail/CVE-2023-1078), [CVE-2023-1281](https://nvd.nist.gov/vuln/detail/CVE-2023-1281), [CVE-2023-1513](https://nvd.nist.gov/vuln/detail/CVE-2023-1513), [CVE-2023-26545](https://nvd.nist.gov/vuln/detail/CVE-2023-26545))<br>- bind tools ([CVE-2022-2795](https://nvd.nist.gov/vuln/detail/CVE-2022-2795), [CVE-2022-2881](https://nvd.nist.gov/vuln/detail/CVE-2022-2881), [CVE-2022-2906](https://nvd.nist.gov/vuln/detail/CVE-2022-2906), [CVE-2022-3080](https://nvd.nist.gov/vuln/detail/CVE-2022-3080), [CVE-2022-38177](https://nvd.nist.gov/vuln/detail/CVE-2022-38177), [CVE-2022-38178](https://nvd.nist.gov/vuln/detail/CVE-2022-38178))<br>- binutils ([CVE-2022-38126](https://nvd.nist.gov/vuln/detail/CVE-2022-38126), [CVE-2022-38127](https://nvd.nist.gov/vuln/detail/CVE-2022-38127))<br>- containerd ([CVE-2022-23471](https://nvd.nist.gov/vuln/detail/CVE-2022-23471))<br>- cpio ([CVE-2021-38185](https://nvd.nist.gov/vuln/detail/CVE-2021-38185))<br>- curl ([CVE-2022-35252](https://nvd.nist.gov/vuln/detail/CVE-2022-35252), [CVE-2022-43551](https://nvd.nist.gov/vuln/detail/CVE-2022-43551), [CVE-2022-43552](https://nvd.nist.gov/vuln/detail/CVE-2022-43552),[CVE-2022-32221](https://nvd.nist.gov/vuln/detail/CVE-2022-32221), [CVE-2022-35260](https://nvd.nist.gov/vuln/detail/CVE-2022-32221), [CVE-2022-42915](https://nvd.nist.gov/vuln/detail/CVE-2022-32221), [CVE-2022-42916](https://nvd.nist.gov/vuln/detail/CVE-2022-32221))<br>- dbus ([CVE-2022-42010](https://nvd.nist.gov/vuln/detail/CVE-2022-42010), [CVE-2022-42011](https://nvd.nist.gov/vuln/detail/CVE-2022-42011), [CVE-2022-42012](https://nvd.nist.gov/vuln/detail/CVE-2022-42012))<br>- git ([CVE-2022-39253](https://nvd.nist.gov/vuln/detail/CVE-2022-39253), [CVE-2022-39260](https://nvd.nist.gov/vuln/detail/CVE-2022-39260), [CVE-2022-23521](https://nvd.nist.gov/vuln/detail/CVE-2022-23521), [CVE-2022-41903](https://nvd.nist.gov/vuln/detail/CVE-2022-41903))<br>- glib ([fixes to normal form handling in GVariant](https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835))<br>- Go ([CVE-2022-41717](https://nvd.nist.gov/vuln/detail/CVE-2022-41717))<br>- libarchive ([CVE-2022-36227](https://nvd.nist.gov/vuln/detail/CVE-2022-36227))<br>- libksba ([CVE-2022-47629](https://nvd.nist.gov/vuln/detail/CVE-2022-47629), [CVE-2022-3515](https://nvd.nist.gov/vuln/detail/CVE-2022-3515))<br>- libxml2 ([CVE-2022-40303](https://nvd.nist.gov/vuln/detail/CVE-2022-40303), [CVE-2022-40304](https://nvd.nist.gov/vuln/detail/CVE-2022-40304))<br>- logrotate ([CVE-2022-1348](https://nvd.nist.gov/vuln/detail/CVE-2022-1348))<br>- multipath-tools ([CVE-2022-41973](https://nvd.nist.gov/vuln/detail/CVE-2022-41973), [CVE-2022-41974](https://nvd.nist.gov/vuln/detail/CVE-2022-41974))<br>- sudo ([CVE-2023-22809](https://nvd.nist.gov/vuln/detail/CVE-2023-22809), [CVE-2022-43995](https://nvd.nist.gov/vuln/detail/CVE-2022-43995))<br>- systemd ([CVE-2022-3821](https://nvd.nist.gov/vuln/detail/CVE-2022-3821), [CVE-2022-4415](https://nvd.nist.gov/vuln/detail/CVE-2022-4415))<br>- vim ([CVE-2023-0049](https://nvd.nist.gov/vuln/detail/CVE-2023-0049), [CVE-2023-0051](https://nvd.nist.gov/vuln/detail/CVE-2023-0051), [CVE-2023-0054](https://nvd.nist.gov/vuln/detail/CVE-2023-0054), [CVE-2022-3705](https://nvd.nist.gov/vuln/detail/CVE-2022-3705), [CVE-2022-3491](https://nvd.nist.gov/vuln/detail/CVE-2022-3491), [CVE-2022-3520](https://nvd.nist.gov/vuln/detail/CVE-2022-3520), [CVE-2022-3591](https://nvd.nist.gov/vuln/detail/CVE-2022-3591), [CVE-2022-4141](https://nvd.nist.gov/vuln/detail/CVE-2022-4141), [CVE-2022-4292](https://nvd.nist.gov/vuln/detail/CVE-2022-4292), [CVE-2022-4293](https://nvd.nist.gov/vuln/detail/CVE-2022-4293),[CVE-2022-1725](https://nvd.nist.gov/vuln/detail/CVE-2022-1725), [CVE-2022-3234](https://nvd.nist.gov/vuln/detail/CVE-2022-3234), [CVE-2022-3235](https://nvd.nist.gov/vuln/detail/CVE-2022-3235), [CVE-2022-3278](https://nvd.nist.gov/vuln/detail/CVE-2022-3278), [CVE-2022-3256](https://nvd.nist.gov/vuln/detail/CVE-2022-3256), [CVE-2022-3296](https://nvd.nist.gov/vuln/detail/CVE-2022-3296), [CVE-2022-3297](https://nvd.nist.gov/vuln/detail/CVE-2022-3297), [CVE-2022-3324](https://nvd.nist.gov/vuln/detail/CVE-2022-3324), [CVE-2022-3352](https://nvd.nist.gov/vuln/detail/CVE-2022-3352), [CVE-2022-2042](https://nvd.nist.gov/vuln/detail/CVE-2022-2042), [CVE-2022-2124](https://nvd.nist.gov/vuln/detail/CVE-2022-2124), [CVE-2022-2125](https://nvd.nist.gov/vuln/detail/CVE-2022-2125), [CVE-2022-2126](https://nvd.nist.gov/vuln/detail/CVE-2022-2126), [CVE-2022-2129](https://nvd.nist.gov/vuln/detail/CVE-2022-2129), [CVE-2022-2175](https://nvd.nist.gov/vuln/detail/CVE-2022-2175), [CVE-2022-2182](https://nvd.nist.gov/vuln/detail/CVE-2022-2182), [CVE-2022-2183](https://nvd.nist.gov/vuln/detail/CVE-2022-2183), [CVE-2022-2206](https://nvd.nist.gov/vuln/detail/CVE-2022-2206), [CVE-2022-2207](https://nvd.nist.gov/vuln/detail/CVE-2022-2207), [CVE-2022-2208](https://nvd.nist.gov/vuln/detail/CVE-2022-2208), [CVE-2022-2210](https://nvd.nist.gov/vuln/detail/CVE-2022-2210), [CVE-2022-2231](https://nvd.nist.gov/vuln/detail/CVE-2022-2231), [CVE-2022-2257](https://nvd.nist.gov/vuln/detail/CVE-2022-2257), [CVE-2022-2264](https://nvd.nist.gov/vuln/detail/CVE-2022-2264), [CVE-2022-2284](https://nvd.nist.gov/vuln/detail/CVE-2022-2284), [CVE-2022-2285](https://nvd.nist.gov/vuln/detail/CVE-2022-2285), [CVE-2022-2286](https://nvd.nist.gov/vuln/detail/CVE-2022-2286), [CVE-2022-2287](https://nvd.nist.gov/vuln/detail/CVE-2022-2287), [CVE-2022-2288](https://nvd.nist.gov/vuln/detail/CVE-2022-2288), [CVE-2022-2289](https://nvd.nist.gov/vuln/detail/CVE-2022-2289), [CVE-2022-2304](https://nvd.nist.gov/vuln/detail/CVE-2022-2304), [CVE-2022-2343](https://nvd.nist.gov/vuln/detail/CVE-2022-2343), [CVE-2022-2344](https://nvd.nist.gov/vuln/detail/CVE-2022-2344), [CVE-2022-2345](https://nvd.nist.gov/vuln/detail/CVE-2022-2345), [CVE-2022-2522](https://nvd.nist.gov/vuln/detail/CVE-2022-2522), [CVE-2022-2816](https://nvd.nist.gov/vuln/detail/CVE-2022-2816), [CVE-2022-2817](https://nvd.nist.gov/vuln/detail/CVE-2022-2817), [CVE-2022-2819](https://nvd.nist.gov/vuln/detail/CVE-2022-2819), [CVE-2022-2845](https://nvd.nist.gov/vuln/detail/CVE-2022-2845), [CVE-2022-2849](https://nvd.nist.gov/vuln/detail/CVE-2022-2849), [CVE-2022-2862](https://nvd.nist.gov/vuln/detail/CVE-2022-2862), [CVE-2022-2874](https://nvd.nist.gov/vuln/detail/CVE-2022-2874), [CVE-2022-2889](https://nvd.nist.gov/vuln/detail/CVE-2022-2889), [CVE-2022-2923](https://nvd.nist.gov/vuln/detail/CVE-2022-2923), [CVE-2022-2946](https://nvd.nist.gov/vuln/detail/CVE-2022-2946), [CVE-2022-2980](https://nvd.nist.gov/vuln/detail/CVE-2022-2980), [CVE-2022-2982](https://nvd.nist.gov/vuln/detail/CVE-2022-2982), [CVE-2022-3016](https://nvd.nist.gov/vuln/detail/CVE-2022-3016), [CVE-2022-3099](https://nvd.nist.gov/vuln/detail/CVE-2022-3099), [CVE-2022-3134](https://nvd.nist.gov/vuln/detail/CVE-2022-3134), [CVE-2022-3153](https://nvd.nist.gov/vuln/detail/CVE-2022-3153))<br>- SDK: Python ([CVE-2015-20107](https://nvd.nist.gov/vuln/detail/CVE-2015-20107), [CVE-2020-10735](https://nvd.nist.gov/vuln/detail/CVE-2020-10735), [CVE-2021-3654](https://nvd.nist.gov/vuln/detail/CVE-2021-3654), [CVE-2022-37454](https://nvd.nist.gov/vuln/detail/CVE-2022-37454), [CVE-2022-42919](https://nvd.nist.gov/vuln/detail/CVE-2022-42919), [CVE-2022-45061](https://nvd.nist.gov/vuln/detail/CVE-2022-45061))<br>- SDK: qemu ([CVE-2022-4172](https://nvd.nist.gov/vuln/detail/CVE-2022-4172), [CVE-2020-14394](https://nvd.nist.gov/vuln/detail/CVE-2020-14394), [CVE-2022-0216](https://nvd.nist.gov/vuln/detail/CVE-2022-0216), [CVE-2022-35414](https://nvd.nist.gov/vuln/detail/CVE-2022-35414), [CVE-2022-3872](https://nvd.nist.gov/vuln/detail/CVE-2022-3872))<br>- SDK: rust ([CVE-2022-46176](https://nvd.nist.gov/vuln/detail/CVE-2022-46176), [CVE-2022-36113](https://nvd.nist.gov/vuln/detail/CVE-2022-36113), [CVE-2022-36114](https://nvd.nist.gov/vuln/detail/CVE-2022-36114))<br><br>#### Bug fixes:<br><br>- Added back Ignition support for Vagrant ([coreos-overlay#2351](https://github.com/flatcar/coreos-overlay/pull/2351))<br>- Added support for hardware security keys in update-ssh-keys ([update-ssh-keys#7](https://github.com/flatcar/update-ssh-keys/pull/7))<br>- Enabled IOMMU on arm64 kernels, the lack of which prevented some systems from booting ([coreos-overlay#2235](https://github.com/flatcar/coreos-overlay/pull/2235))<br>- Fixed a regression (in Alpha/Beta) where machines failed to boot if they didn't have the `core` user or group in `/etc/passwd` or `/etc/group` ([baselayout#26](https://github.com/flatcar/baselayout/pull/26))<br>- Fix "ext4 deadlock under heavy I/O load" kernel issue. The patch for this is included provisionally while we wait for it to be merged upstream ([Flatcar#847](https://github.com/flatcar/Flatcar/issues/847), [coreos-overlay#2315](https://github.com/flatcar/coreos-overlay/pull/2315))<br>- Restored the support to specify OEM partition files in Ignition when `/usr/share/oem` is given as initrd mount point ([bootengine#58](https://github.com/flatcar/bootengine/pull/58))<br>- The rootfs setup in the initrd now runs systemd-tmpfiles on every boot, not only when Ignition runs, to fix a dbus failure due to missing files ([Flatcar#944](https://github.com/flatcar/Flatcar/issues/944))<br><br>#### Changes:<br><br>- Added `CONFIG_NF_CONNTRACK_BRIDGE` (for nf_conntrack_bridge) and `CONFIG_NFT_BRIDGE_META` (for nft_meta_bridge) to the kernel config to allow using conntrack rules for bridges in nftables and to match on bridge interface names ([coreos-overlay#2207](https://github.com/flatcar/coreos-overlay/pull/2207))<br>- Added new image signing pub key to `flatcar-install`, needed for download verification of releases built from July 2023 onwards, if you have copies of `flatcar-install` or the image signing pub key, you need to update them as well ([init#92](https://github.com/flatcar/init/pull/92))<br>- Change CONFIG_WIREGUARD kernel option to module to save space on boot partition ([coreos-overlay#2239](https://github.com/flatcar/coreos-overlay/pull/2239))<br>- Disable several arch specific arm64 kernel config options for unsupported platforms to save space on boot partition ([coreos-overlay#2239](https://github.com/flatcar/coreos-overlay/pull/2239))<br>- Specifying the OEM filesystem in Ignition to write files to `/usr/share/oem` is not needed anymore ([bootengine#58](https://github.com/flatcar/bootengine/pull/58))<br>- Switched from `--strip-unneeded` to `--strip-debug` when installing kernel modules, which makes kernel stacktraces more accurate and makes debugging issues easier ([coreos-overlay#2196](https://github.com/flatcar/coreos-overlay/pull/2196))<br>- The flatcar-update tool got two new flags to customize ports used on the host while updating flatcar ([init#81](https://github.com/flatcar/init/pull/81))<br>- Toolbox now uses containerd to download and mount the image ([toolbox#7](https://github.com/flatcar/toolbox/pull/7))<br>- Add qemu-guest-agent to all amd64 images, it will be automatically enabled when qemu-ga virtio-port is detected ([coreos-overlay#2240](https://github.com/flatcar/coreos-overlay/pull/2240), [portage-stable#373](https://github.com/flatcar/portage-stable/pull/373))<br><br>#### Updates:<br><br>- Linux ([5.15.98](https://lwn.net/Articles/925080) (includes [5.15.97](https://lwn.net/Articles/925064), [5.15.96](https://lwn.net/Articles/924441), [5.15.95](https://lwn.net/Articles/924073), [5.15.94](https://lwn.net/Articles/923308), [5.15.93](https://lwn.net/Articles/922814)))<br>- Linux Firmware ([20230117](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20230117))<br>- adcli ([0.9.2](https://gitlab.freedesktop.org/realmd/adcli/-/commits/8e88e3590a19006362ea8b8dfdc18bb88b3cb3b5/))<br>- bind tools ([9.16.36](https://bind9.readthedocs.io/en/v9_16_36/notes.html#notes-for-bind-9-16-36) (includes [9.16.34](https://bind9.readthedocs.io/en/v9_16_35/notes.html#notes-for-bind-9-16-34) and [9.16.35](https://bind9.readthedocs.io/en/v9_16_34/notes.html#notes-for-bind-9-16-35)))<br>- binutils ([2.39](https://sourceware.org/pipermail/binutils/2022-August/122246.html))<br>- bpftool ([5.19.12](https://lwn.net/Articles/909678/))<br>- ca-certificates ([3.89](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_89.html))<br>- containerd ([1.6.16](https://github.com/containerd/containerd/releases/tag/v1.6.16))<br>- cpio ([2.13](https://lists.gnu.org/archive/html/bug-cpio/2019-11/msg00000.html))<br>- curl ([7.87.0](https://curl.se/changes.html#7_87_0) (includes [7.85](https://curl.se/mail/archive-2022-08/0012.html)))<br>- dbus ([1.14.4](https://gitlab.freedesktop.org/dbus/dbus/-/raw/dbus-1.14.4/NEWS))<br>- Docker ([20.10.23](https://docs.docker.com/engine/release-notes/#201023))<br>- elfutils ([0.188](https://sourceware.org/pipermail/elfutils-devel/2022q4/005561.html) (includes [0.187](https://sourceware.org/pipermail/elfutils-devel/2022q2/004978.html)))<br>- Expat ([2.5.0](https://github.com/libexpat/libexpat/blob/R_2_5_0/expat/Changes))<br>- gawk ([5.2.1](https://lists.gnu.org/archive/html/help-gawk/2022-11/msg00008.html) (contains [5.2.0](https://lists.gnu.org/archive/html/help-gawk/2022-09/msg00000.html)))<br>- gettext ([0.21.1](https://git.savannah.gnu.org/gitweb/?p=gettext.git;a=blob;f=NEWS;h=cdbb16746c23555e70bb1e16917f5c349ce92d9e;hb=8b38ee827251cadbb90cb6cb576ae98702566288))<br>- git ([2.39.1](https://github.com/git/git/blob/v2.39.1/Documentation/RelNotes/2.39.1.txt) (includes [2.39.0](https://github.com/git/git/blob/v2.39.0/Documentation/RelNotes/2.39.0.txt)))<br>- glib ([2.74.4](https://gitlab.gnome.org/GNOME/glib/-/tags/2.74.4))<br>- Go ([1.19.5](https://go.dev/doc/devel/release#go1.19.5))<br>- glibc ([2.36](https://sourceware.org/pipermail/libc-alpha/2022-August/141193.html) (includes [2.35](https://savannah.gnu.org/forum/forum.php?forum_id=10111)))<br>- GnuTLS ([3.7.8](https://lists.gnupg.org/pipermail/gnutls-help/2022-September/004765.html))<br>- I2C tools ([4.3](https://git.kernel.org/pub/scm/utils/i2c-tools/i2c-tools.git/tree/CHANGES?id=d8bc1f1ff4b00a6bd988aa114100ae9b787f50d8))<br>- Intel Microcode ([20221108](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20221108))<br>- iptables ([1.8.8](https://www.netfilter.org/projects/iptables/files/changes-iptables-1.8.8.txt))<br>- iputils ([20211215](https://github.com/iputils/iputils/releases/tag/20211215))<br>- libcap ([2.66](https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.d9ygdose5kw))<br>- libcap-ng ([0.8.3](https://people.redhat.com/sgrubb/libcap-ng/ChangeLog))<br>- libksba ([1.6.3](https://dev.gnupg.org/T6304))<br>- libseccomp ([2.5.4](https://github.com/seccomp/libseccomp/releases/tag/v2.5.4) (contains [2.5.2](https://github.com/seccomp/libseccomp/releases/tag/v2.5.2), [2.5.3](https://github.com/seccomp/libseccomp/releases/tag/v2.5.3)))<br>- libxml2 ([2.10.3](https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3))<br>- logrotate ([3.20.1](https://github.com/logrotate/logrotate/releases/tag/3.20.1))<br>- MIT Kerberos V ([1.20.1](https://web.mit.edu/kerberos/krb5-1.20/krb5-1.20.1.html))<br>- multipath-tools ([0.9.3](https://github.com/opensvc/multipath-tools/releases/tag/0.9.3))<br>- nettle ([3.8.1](https://git.lysator.liu.se/nettle/nettle/-/blob/990abad16ceacd070747dcc76ed16a39c129321e/ChangeLog))<br>- nmap ([7.93](https://nmap.org/changelog.html#7.93))<br>- OpenSSH ([9.1](http://www.openssh.com/releasenotes.html#9.1))<br>- rsync ([3.2.7](https://download.samba.org/pub/rsync/NEWS#3.2.7))<br>- shadow ([4.13](https://github.com/shadow-maint/shadow/releases/tag/4.13))<br>- sqlite ([3.40.1](https://www.sqlite.org/releaselog/3_40_1.html) (contains [3.40.0](https://www.sqlite.org/releaselog/3_40_0.html) and [3.39.4](https://sqlite.org/releaselog/3_39_4.html)))<br>- strace ([5.19](https://github.com/strace/strace/releases/tag/v5.19))<br>- sudo ([1.9.12_p2](https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_12p2))<br>- systemd ([252.5](https://github.com/systemd/systemd-stable/releases/tag/v252.5) (includes [252](https://github.com/systemd/systemd/releases/tag/v252)))<br>- vim ([9.0.1157](https://github.com/vim/vim/releases/tag/v9.0.1157) (includes [9.0.0469](https://github.com/vim/vim/releases/tag/v9.0.0469)))<br>- wget ([1.21.3](https://lists.gnu.org/archive/html/info-gnu/2022-02/msg00017.html))<br>- whois ([5.5.14](https://github.com/rfc1036/whois/commit/ab10466cf2e1ec4887f6a44375c3e29c1720157f))<br>- wireguard-tools ([1.0.20210914](https://github.com/WireGuard/wireguard-tools/releases/tag/v1.0.20210914))<br>- XZ utils ([5.4.1](https://github.com/tukaani-project/xz/releases/tag/v5.4.1) (includes [5.4.0](https://github.com/tukaani-project/xz/releases/tag/v5.4.0)))<br>- zlib ([1.2.13](https://github.com/madler/zlib/releases/tag/v1.2.13))<br>- OEM: python-oem ([3.9.16](https://www.python.org/downloads/release/python-3916/))<br>- SDK: boost ([1.81.0](https://www.boost.org/users/history/version_1_81_0.html))<br>- SDK: catalyst ([3.0.21](https://gitweb.gentoo.org/proj/catalyst.git/log/?h=3.0.21))<br>- SDK: cmake ([3.23.3](https://cmake.org/cmake/help/v3.23/release/3.23.html))<br>- SDK: file ([5.43](https://mailman.astron.com/pipermail/file/2022-September/000857.html) (includes [5.44](https://github.com/file/file/blob/FILE5_44/ChangeLog)))<br>- SDK: libpng ([1.6.39](http://www.libpng.org/pub/png/src/libpng-1.6.39-README.txt) (includes [1.6.38](http://www.libpng.org/pub/png/src/libpng-1.6.38-README.txt)))<br>- SDK: libxslt ([1.1.37](https://gitlab.gnome.org/GNOME/libxslt/-/tags/v1.1.37))<br>- SDK: meson ([0.62.2](https://mesonbuild.com/Release-notes-for-0-62-0.html))<br>- SDK: ninja ([1.11.0](https://groups.google.com/g/ninja-build/c/R2oCyDctDf8/m/-U94Y5I8AgAJ?pli=1))<br>- SDK: pahole ([1.23](https://git.kernel.org/pub/scm/devel/pahole/pahole.git/tag/?h=v1.23))<br>- SDK: perl ([5.36.0](https://perldoc.perl.org/5.36.0/perldelta))<br>- SDK: portage ([3.0.43](https://github.com/gentoo/portage/blob/portage-3.0.43/NEWS) (includes [3.0.42](https://github.com/gentoo/portage/blob/portage-3.0.42/NEWS), [3.0.41](https://gitweb.gentoo.org/proj/portage.git/tree/NEWS?h=portage-3.0.41)))<br>- SDK: qemu ([7.2.0](https://wiki.qemu.org/ChangeLog/7.2) (includes [7.1.0](https://wiki.qemu.org/ChangeLog/7.1)))<br>- SDK: Rust ([1.67.0](https://github.com/rust-lang/rust/releases/tag/1.67.0))<br>- VMware: open-vm-tools ([12.1.5](https://github.com/vmware/open-vm-tools/releases/tag/stable-12.1.5))<br><br>_Changes since **Beta 3510.1.0**_<br><br>#### Security fixes:<br><br><br>#### Bug fixes:<br><br>- Restored the support to specify OEM partition files in Ignition when `/usr/share/oem` is given as initrd mount point ([bootengine#58](https://github.com/flatcar/bootengine/pull/58))<br><br>#### Changes:<br><br>- Added new image signing pub key to `flatcar-install`, needed for download verification of releases built from July 2023 onwards, if you have copies of `flatcar-install` or the image signing pub key, you need to update them as well ([init#92](https://github.com/flatcar/init/pull/92))<br>- Specifying the OEM filesystem in Ignition to write files to `/usr/share/oem` is not needed anymore ([bootengine#58](https://github.com/flatcar/bootengine/pull/58))<br><br>#### Updates:<br><br>- ca-certificates ([3.89](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_89.html))<br>Packages:<br>- containerd 1.6.16<br>- docker 20.10.23<br>- ignition 2.14.0<br>- kernel 5.15.98<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-04-17T13:19:22+00:00 @@ -102,7 +110,7 @@ https://github.com/flatcar/scripts/releases/tag/stable-3374.2.5 3374.2.5 - 2023-10-25T10:20:39.106700+00:00 + 2023-11-22T09:59:28.789524+00:00 _Changes since **Stable 3374.2.4**_<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2022-4129](https://nvd.nist.gov/vuln/detail/CVE-2022-4129), [CVE-2022-4382](https://nvd.nist.gov/vuln/detail/CVE-2022-4382), [CVE-2022-4842](https://nvd.nist.gov/vuln/detail/CVE-2022-4842), [CVE-2023-1073](https://nvd.nist.gov/vuln/detail/CVE-2023-1073), [CVE-2023-1074](https://nvd.nist.gov/vuln/detail/CVE-2023-1074), [CVE-2023-23559](https://nvd.nist.gov/vuln/detail/CVE-2023-23559))<br> <br> #### Bug fixes:<br> <br> - Excluded the special Kubernetes network interfaces `nodelocaldns` and `kube-ipvs0` from being managed with systemd-networkd which interfered with the setup ([init#89](https://github.com/flatcar/init/pull/89)).<br> <br> #### Updates:<br> <br> - Linux ([5.15.92](https://lwn.net/Articles/922340) (includes [5.15.91](https://lwn.net/Articles/921851), [5.15.90](https://lwn.net/Articles/921029)))<br><br>Packages:<br>- containerd 1.6.8<br>- docker 20.10.18<br>- ignition 2.14.0<br>- kernel 5.15.92<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-03-07T15:24:37+00:00 @@ -110,7 +118,7 @@ https://github.com/flatcar/scripts/releases/tag/stable-3374.2.4 3374.2.4 - 2023-10-25T10:20:39.101826+00:00 + 2023-11-22T09:59:28.784551+00:00 _Changes since **Stable 3374.2.3**_<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2022-36280](https://nvd.nist.gov/vuln/detail/CVE-2022-36280), [CVE-2022-41218](https://nvd.nist.gov/vuln/detail/CVE-2022-41218), [CVE-2022-47929](https://nvd.nist.gov/vuln/detail/CVE-2022-47929), [CVE-2023-0045](https://nvd.nist.gov/vuln/detail/CVE-2023-0045), [CVE-2023-0179](https://nvd.nist.gov/vuln/detail/CVE-2023-0179), [CVE-2023-0210](https://nvd.nist.gov/vuln/detail/CVE-2023-0210), [CVE-2023-0266](https://nvd.nist.gov/vuln/detail/CVE-2023-0266), [CVE-2023-0394](https://nvd.nist.gov/vuln/detail/CVE-2023-0394), [CVE-2023-23454](https://nvd.nist.gov/vuln/detail/CVE-2023-23454), [CVE-2023-23455](https://nvd.nist.gov/vuln/detail/CVE-2023-23455))<br><br> <br> #### Updates:<br> <br> - Linux ([5.15.89](https://lwn.net/Articles/920321) (includes [5.15.88](https://lwn.net/Articles/920012), [5.15.87](https://lwn.net/Articles/919793)))<br> - ca-certificates ([3.88.1](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_88_1.html))<br> - cri-tools ([1.24.2](https://github.com/kubernetes-sigs/cri-tools/releases/tag/v1.24.2))<br><br>Packages:<br>- containerd 1.6.8<br>- docker 20.10.18<br>- ignition 2.14.0<br>- kernel 5.15.89<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-02-16T13:06:44+00:00 @@ -118,7 +126,7 @@ https://github.com/flatcar/scripts/releases/tag/stable-3374.2.3 3374.2.3 - 2023-10-25T10:20:39.096834+00:00 + 2023-11-22T09:59:28.779510+00:00 _Changes since **Stable 3374.2.2**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-3169](https://nvd.nist.gov/vuln/detail/CVE-2022-3169), [CVE-2022-3344](https://nvd.nist.gov/vuln/detail/CVE-2022-3344), [CVE-2022-3424](https://nvd.nist.gov/vuln/detail/CVE-2022-3424), [CVE-2022-3521](https://nvd.nist.gov/vuln/detail/CVE-2022-3521), [CVE-2022-3534](https://nvd.nist.gov/vuln/detail/CVE-2022-3534), [CVE-2022-3545](https://nvd.nist.gov/vuln/detail/CVE-2022-3545), [CVE-2022-3643](https://nvd.nist.gov/vuln/detail/CVE-2022-3643), [CVE-2022-4378](https://nvd.nist.gov/vuln/detail/CVE-2022-4378), [CVE-2022-45869](https://nvd.nist.gov/vuln/detail/CVE-2022-45869), [CVE-2022-45934](https://nvd.nist.gov/vuln/detail/CVE-2022-45934), [CVE-2022-47518](https://nvd.nist.gov/vuln/detail/CVE-2022-47518), [CVE-2022-47519](https://nvd.nist.gov/vuln/detail/CVE-2022-47519), [CVE-2022-47520](https://nvd.nist.gov/vuln/detail/CVE-2022-47520), [CVE-2022-47521](https://nvd.nist.gov/vuln/detail/CVE-2022-47521))<br>- git ([CVE-2022-23521](https://nvd.nist.gov/vuln/detail/CVE-2022-23521), [CVE-2022-41903](https://nvd.nist.gov/vuln/detail/CVE-2022-41903))<br><br>#### Bug fixes:<br><br>- Fix "ext4 deadlock under heavy I/O load" kernel issue. The patch for this is included provisionally while we stay with Kernel 5.15.86. ([Flatcar#847](https://github.com/flatcar/Flatcar/issues/847), [coreos-overlay#2402](https://github.com/flatcar/coreos-overlay/pull/2402))<br><br>#### Changes:<br><br><br>#### Updates:<br><br>- Linux ([5.15.86](https://lwn.net/Articles/918808) (includes [5.15.85](https://lwn.net/Articles/918329), [5.15.84](https://lwn.net/Articles/918206), [5.15.83](https://lwn.net/Articles/917896), [5.15.82](https://lwn.net/Articles/917400), [5.15.81](https://lwn.net/Articles/916763), [5.15.80](https://lwn.net/Articles/916003)))<br>- git ([2.37.5](https://github.com/git/git/blob/v2.37.5/Documentation/RelNotes/2.37.5.txt))<br><br>Packages:<br>- containerd 1.6.8<br>- docker 20.10.18<br>- ignition 2.14.0<br>- kernel 5.15.86<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-01-24T13:15:20+00:00 @@ -126,7 +134,7 @@ https://github.com/flatcar/scripts/releases/tag/stable-3374.2.2 3374.2.2 - 2023-10-25T10:20:39.091414+00:00 + 2023-11-22T09:59:28.774005+00:00 _Changes since **Stable 3374.2.1**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-3543](https://nvd.nist.gov/vuln/detail/CVE-2022-3543), [CVE-2022-3564](https://nvd.nist.gov/vuln/detail/CVE-2022-3564), [CVE-2022-3619](https://nvd.nist.gov/vuln/detail/CVE-2022-3619), [CVE-2022-3623](https://nvd.nist.gov/vuln/detail/CVE-2022-3623), [CVE-2022-3628](https://nvd.nist.gov/vuln/detail/CVE-2022-3628), [CVE-2022-42895](https://nvd.nist.gov/vuln/detail/CVE-2022-42895), [CVE-2022-42896](https://nvd.nist.gov/vuln/detail/CVE-2022-42896))<br><br>#### Updates:<br><br>- Linux ([5.15.79](https://lwn.net/Articles/915100) (includes [5.15.78](https://lwn.net/Articles/914423), [5.15.77](https://lwn.net/Articles/913681), [5.15.76](https://lwn.net/Articles/912997), [5.15.75](https://lwn.net/Articles/912500)))<br>- ca-certificates ([3.87](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_87.html))<br><br>Packages:<br>- containerd 1.6.8<br>- docker 20.10.18<br>- ignition 2.14.0<br>- kernel 5.15.79<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-01-11T13:31:35+00:00 @@ -134,7 +142,7 @@ https://github.com/flatcar/scripts/releases/tag/stable-3374.2.1 3374.2.1 - 2023-10-25T10:20:39.086604+00:00 + 2023-11-22T09:59:28.769123+00:00 _Changes since **Stable 3374.2.0**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-2602](https://nvd.nist.gov/vuln/detail/CVE-2022-2602), [CVE-2022-3524](https://nvd.nist.gov/vuln/detail/CVE-2022-3524), [CVE-2022-3535](https://nvd.nist.gov/vuln/detail/CVE-2022-3535), [CVE-2022-3542](https://nvd.nist.gov/vuln/detail/CVE-2022-3542), [CVE-2022-3565](https://nvd.nist.gov/vuln/detail/CVE-2022-3565), [CVE-2022-3594](https://nvd.nist.gov/vuln/detail/CVE-2022-3594), [CVE-2022-41849](https://nvd.nist.gov/vuln/detail/CVE-2022-41849), [CVE-2022-41850](https://nvd.nist.gov/vuln/detail/CVE-2022-41850), [CVE-2022-43945](https://nvd.nist.gov/vuln/detail/CVE-2022-43945))<br> <br> #### Updates:<br> <br> - Linux ([5.15.77](https://lwn.net/Articles/913681) (includes [5.15.76](https://lwn.net/Articles/912997), [5.15.75](https://lwn.net/Articles/912500)))<br> - ca-certificates ([3.85](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_85.html))<br>Packages:<br>- containerd 1.6.8<br>- docker 20.10.18<br>- ignition 2.14.0<br>- kernel 5.15.77<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-12-09T09:46:15+00:00 @@ -142,7 +150,7 @@ https://github.com/flatcar/scripts/releases/tag/stable-3374.2.0 3374.2.0 - 2023-10-25T10:20:39.081771+00:00 + 2023-11-22T09:59:28.764179+00:00 _Changes since **Stable 3227.2.4**_<br> <br> #### Security fixes:<br> <br>- Linux ([CVE-2022-2308](https://nvd.nist.gov/vuln/detail/CVE-2022-2308), [CVE-2022-3621](https://nvd.nist.gov/vuln/detail/CVE-2022-3621), [CVE-2022-3646](https://nvd.nist.gov/vuln/detail/CVE-2022-3646), [CVE-2022-3649](https://nvd.nist.gov/vuln/detail/CVE-2022-3649), [CVE-2022-40768](https://nvd.nist.gov/vuln/detail/CVE-2022-40768), [CVE-2022-41674](https://nvd.nist.gov/vuln/detail/CVE-2022-41674), [CVE-2022-42719](https://nvd.nist.gov/vuln/detail/CVE-2022-42719), [CVE-2022-42720](https://nvd.nist.gov/vuln/detail/CVE-2022-42720), [CVE-2022-42721](https://nvd.nist.gov/vuln/detail/CVE-2022-42721), [CVE-2022-42722](https://nvd.nist.gov/vuln/detail/CVE-2022-42722), [CVE-2022-43750](https://nvd.nist.gov/vuln/detail/CVE-2022-43750))<br>- binutils ([CVE-2021-45078](https://nvd.nist.gov/vuln/detail/CVE-2021-45078))<br>- cifs-utils ([CVE-2022-27239](https://nvd.nist.gov/vuln/detail/CVE-2022-27239), [CVE-2022-29869](https://nvd.nist.gov/vuln/detail/CVE-2022-29869))<br>- curl ([CVE-2022-22576](https://nvd.nist.gov/vuln/detail/CVE-2022-22576), [CVE-2022-27774](https://nvd.nist.gov/vuln/detail/CVE-2022-27774), [CVE-2022-27775](https://nvd.nist.gov/vuln/detail/CVE-2022-27775), [CVE-2022-27776](https://nvd.nist.gov/vuln/detail/CVE-2022-27776), [CVE-2022-27778](https://nvd.nist.gov/vuln/detail/CVE-2022-27778), [CVE-2022-27779](https://nvd.nist.gov/vuln/detail/CVE-2022-27779), [CVE-2022-27780](https://nvd.nist.gov/vuln/detail/CVE-2022-27780), [CVE-2022-27781](https://nvd.nist.gov/vuln/detail/CVE-2022-27781), [CVE-2022-27782](https://nvd.nist.gov/vuln/detail/CVE-2022-27782), [CVE-2022-30115](https://nvd.nist.gov/vuln/detail/CVE-2022-30115), [CVE-2022-32205](https://nvd.nist.gov/vuln/detail/CVE-2022-32205), [CVE-2022-32206](https://nvd.nist.gov/vuln/detail/CVE-2022-32206), [CVE-2022-32207](https://nvd.nist.gov/vuln/detail/CVE-2022-32207), [CVE-2022-32208](https://nvd.nist.gov/vuln/detail/CVE-2022-32208))<br>- Docker ([CVE-2022-29526](https://nvd.nist.gov/vuln/detail/CVE-2022-29526), [CVE-2022-36109](https://nvd.nist.gov/vuln/detail/CVE-2022-36109))<br>- git ([CVE-2022-24765](https://nvd.nist.gov/vuln/detail/CVE-2022-24765), [CVE-2022-29187](https://nvd.nist.gov/vuln/detail/CVE-2022-29187))<br>- GNU Libtasn1 ([Gentoo#866237](https://bugs.gentoo.org/866237))<br>- gnupg ([CVE-2022-34903](https://nvd.nist.gov/vuln/detail/CVE-2022-34903))<br>- gnutls ([CVE-2022-2509](https://nvd.nist.gov/vuln/detail/CVE-2022-2509))<br>- Go ([CVE-2022-1705](https://nvd.nist.gov/vuln/detail/CVE-2022-1705), [CVE-2022-1962](https://nvd.nist.gov/vuln/detail/CVE-2022-1962), [CVE-2022-27664](https://nvd.nist.gov/vuln/detail/CVE-2022-27664), [CVE-2022-28131](https://nvd.nist.gov/vuln/detail/CVE-2022-28131), [CVE-2022-29526](https://nvd.nist.gov/vuln/detail/CVE-2022-29526), [CVE-2022-30630](https://nvd.nist.gov/vuln/detail/CVE-2022-30630), [CVE-2022-30631](https://nvd.nist.gov/vuln/detail/CVE-2022-30631), [CVE-2022-30632](https://nvd.nist.gov/vuln/detail/CVE-2022-30632), [CVE-2022-30633](https://nvd.nist.gov/vuln/detail/CVE-2022-30633), [CVE-2022-30635](https://nvd.nist.gov/vuln/detail/CVE-2022-30635), [CVE-2022-32148](https://nvd.nist.gov/vuln/detail/CVE-2022-32148), [CVE-2022-32190](https://nvd.nist.gov/vuln/detail/CVE-2022-32190))<br>- ignition ([CVE-2022-1706](https://nvd.nist.gov/vuln/detail/CVE-2022-1706))<br>- intel-microcode ([CVE-2022-21151](https://nvd.nist.gov/vuln/detail/CVE-2022-21151), [CVE-2022-21233](https://nvd.nist.gov/vuln/detail/CVE-2022-21233))<br>- libtirpc ([CVE-2021-46828](https://nvd.nist.gov/vuln/detail/CVE-2021-46828))<br>- libxml2 ([CVE-2016-3709](https://nvd.nist.gov/vuln/detail/CVE-2016-3709), [CVE-2022-2309](https://nvd.nist.gov/vuln/detail/CVE-2022-2309), [CVE-2022-29824](https://nvd.nist.gov/vuln/detail/CVE-2022-29824))<br>- ncurses ([CVE-2022-29458](https://nvd.nist.gov/vuln/detail/CVE-2022-29458))<br>- oniguruma ([oniguruma-20220430](https://bugs.gentoo.org/841893))<br>- openssl ([CVE-2022-1292](https://nvd.nist.gov/vuln/detail/CVE-2022-1292), [CVE-2022-1343](https://nvd.nist.gov/vuln/detail/CVE-2022-1343), [CVE-2022-1434](https://nvd.nist.gov/vuln/detail/CVE-2022-1434), [CVE-2022-1473](https://nvd.nist.gov/vuln/detail/CVE-2022-1473))<br>- polkit ([CVE-2021-4115](https://nvd.nist.gov/vuln/detail/CVE-2021-4115))<br>- rsync ([CVE-2018-25032](https://nvd.nist.gov/vuln/detail/CVE-2018-25032), [CVE-2022-29154](https://nvd.nist.gov/vuln/detail/CVE-2022-29154))<br>- runc ([CVE-2022-29162](https://nvd.nist.gov/vuln/detail/CVE-2022-29162))<br>- shadow ([CVE-2013-4235](https://nvd.nist.gov/vuln/detail/CVE-2013-4235))<br>- unzip ([CVE-2022-0529](https://nvd.nist.gov/vuln/detail/CVE-2022-0529), [CVE-2022-0530](https://nvd.nist.gov/vuln/detail/CVE-2022-0530), [CVE-2021-4217](https://nvd.nist.gov/vuln/detail/CVE-2021-4217))<br>- vim ([CVE-2022-0629](https://nvd.nist.gov/vuln/detail/CVE-2022-0629), [CVE-2022-0685](https://nvd.nist.gov/vuln/detail/CVE-2022-0685), [CVE-2022-0714](https://nvd.nist.gov/vuln/detail/CVE-2022-0714), [CVE-2022-0729](https://nvd.nist.gov/vuln/detail/CVE-2022-0729), [CVE-2022-0943](https://nvd.nist.gov/vuln/detail/CVE-2022-0943), [CVE-2022-1154](https://nvd.nist.gov/vuln/detail/CVE-2022-1154), [CVE-2022-1160](https://nvd.nist.gov/vuln/detail/CVE-2022-1160), [CVE-2022-1381](https://nvd.nist.gov/vuln/detail/CVE-2022-1381), [CVE-2022-1420](https://nvd.nist.gov/vuln/detail/CVE-2022-1420), [CVE-2022-1616](https://nvd.nist.gov/vuln/detail/CVE-2022-1616), [CVE-2022-1619](https://nvd.nist.gov/vuln/detail/CVE-2022-1619), [CVE-2022-1620](https://nvd.nist.gov/vuln/detail/CVE-2022-1620), [CVE-2022-1621](https://nvd.nist.gov/vuln/detail/CVE-2022-1621), [CVE-2022-1629](https://nvd.nist.gov/vuln/detail/CVE-2022-1629), [CVE-2022-1674](https://nvd.nist.gov/vuln/detail/CVE-2022-1674), [CVE-2022-1733](https://nvd.nist.gov/vuln/detail/CVE-2022-1733), [CVE-2022-1735](https://nvd.nist.gov/vuln/detail/CVE-2022-1735), [CVE-2022-1769](https://nvd.nist.gov/vuln/detail/CVE-2022-1769), [CVE-2022-1771](https://nvd.nist.gov/vuln/detail/CVE-2022-1771), [CVE-2022-1785](https://nvd.nist.gov/vuln/detail/CVE-2022-1785), [CVE-2022-1796](https://nvd.nist.gov/vuln/detail/CVE-2022-1796), [CVE-2022-1897](https://nvd.nist.gov/vuln/detail/CVE-2022-1897), [CVE-2022-1898](https://nvd.nist.gov/vuln/detail/CVE-2022-1898), [CVE-2022-1886](https://nvd.nist.gov/vuln/detail/CVE-2022-1886), [CVE-2022-1851](https://nvd.nist.gov/vuln/detail/CVE-2022-1851), [CVE-2022-1927](https://nvd.nist.gov/vuln/detail/CVE-2022-1927), [CVE-2022-1942](https://nvd.nist.gov/vuln/detail/CVE-2022-1942), [CVE-2022-1968](https://nvd.nist.gov/vuln/detail/CVE-2022-1968), [CVE-2022-2000](https://nvd.nist.gov/vuln/detail/CVE-2022-2000))<br>- zlib ([CVE-2022-37434](https://nvd.nist.gov/vuln/detail/CVE-2022-37434))<br>- VMware: open-vm-tools ([CVE-2022-31676](https://nvd.nist.gov/vuln/detail/CVE-2022-31676))<br>- SDK: qemu ([CVE-2021-20203](https://nvd.nist.gov/vuln/detail/CVE-2021-20203), [CVE-2021-3713](https://nvd.nist.gov/vuln/detail/CVE-2021-3713), [CVE-2021-3930](https://nvd.nist.gov/vuln/detail/CVE-2021-3930), [CVE-2021-3947](https://nvd.nist.gov/vuln/detail/CVE-2021-3947), [CVE-2021-4145](https://nvd.nist.gov/vuln/detail/CVE-2021-4145), [CVE-2022-26353](https://nvd.nist.gov/vuln/detail/CVE-2022-26353), [CVE-2022-26354](https://nvd.nist.gov/vuln/detail/CVE-2022-26354))<br> <br> #### Bug fixes:<br> <br> - Fixed Ignition btrfs forced formatting for OEM partition ([coreos-overlay#2277](https://github.com/flatcar/coreos-overlay/pull/2277))<br> - Removed outdated LTS channel information printed on login ([init#75](https://github.com/flatcar-linux/init/pull/75))<br> <br> #### Changes:<br> <br> - Added efibootmgr binary to the image ([coreos-overlay#1955](https://github.com/flatcar-linux/coreos-overlay/pull/1955))<br> - Added symlink from `nc` to `ncat`. `-q` option is [not yet supported](https://github.com/nmap/nmap/issues/2422) ([flatcar#545](https://github.com/flatcar-linux/Flatcar/issues/545))<br> - flatcar-install: Added option to create UEFI boot entry ([init#74](https://github.com/flatcar-linux/init/pull/74))<br> - AWS: Added AWS IMDSv2 support to coreos-cloudinit ([flatcar-linux/coreos-cloudinit#13](https://github.com/flatcar-linux/coreos-cloudinit/pull/13))<br> - VMware: Added VMware networking configuration in the initramfs via guestinfo settings ([bootengine#44](https://github.com/flatcar-linux/bootengine/pull/44), [flatcar#717](https://github.com/flatcar-linux/Flatcar/issues/717))<br> - VMWare: Added `ignition-delete-config.service` to remove Ignition config from VM metadata, see also [here](https://coreos.github.io/ignition/operator-notes/#automatic-config-deletion) ([coreos-overlay#1948](https://github.com/flatcar-linux/coreos-overlay/pull/1948))<br> <br> #### Updates:<br> <br> <br>- Linux ([5.15.74](https://lwn.net/Articles/911275) (includes ([5.15.73](https://lwn.net/Articles/910957), [5.15.72](https://lwn.net/Articles/910398). [5.15.71](https://lwn.net/Articles/909679)))<br>- Linux Firmware ([20220913](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20220913))<br>- acpid ([2.0.33](https://sourceforge.net/p/acpid2/code/ci/2.0.33/tree/Changelog))<br>- adcli ([0.9.1](https://gitlab.freedesktop.org/realmd/adcli/-/releases#0.9.1))<br>- automake ([1.16.5](https://savannah.gnu.org/forum/forum.php?forum_id=10055))<br>- binutils ([2.38](https://lwn.net/Articles/884264/))<br>- bison ([3.8.2](https://lists.gnu.org/archive/html/bug-bison/2021-09/msg00056.html))<br>- boost ([1.79](https://www.boost.org/users/history/version_1_79_0.html))<br>- cifs-utils ([6.15](https://lists.samba.org/archive/samba-technical/2022-April/137335.html))<br>- containerd ([1.6.8](https://github.com/containerd/containerd/releases/tag/v1.6.8))<br>- curl ([7.84.0](https://github.com/curl/curl/releases/tag/curl-7_84_0))<br>- Cyrus SASL ([2.1.28](https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28))<br>- dbus ([1.12.22](https://gitlab.freedesktop.org/dbus/dbus/-/blob/177ab044bc87cbc4ded75d21b900795a6fefef76/NEWS))<br>- Docker ([20.10.18](https://docs.docker.com/engine/release-notes/#201018))<br>- e2fsprogs ([1.46.5](http://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.46.5))<br>- gcc ([11.3.0](https://gcc.gnu.org/gcc-11/changes.html))<br>- gdb ([11.2](https://lists.gnu.org/archive/html/info-gnu/2022-01/msg00009.html))<br>- gdbm ([1.22](https://lists.gnu.org/archive/html/info-gnu/2021-10/msg00006.html))<br>- git ([2.35.3](https://github.com/git/git/blob/v2.35.3/Documentation/RelNotes/2.35.3.txt))<br>- glib ([2.72.3](https://gitlab.gnome.org/GNOME/glib/-/tags/2.73.3))<br>- GNU Libtasn1 ([4.19.0](https://lists.gnu.org/archive/html/help-libtasn1/2022-08/msg00001.html))<br>- gnupg ([2.2.35](https://dev.gnupg.org/T5928))<br>- gnutls ([3.7.7](https://gitlab.com/gnutls/gnutls/-/tags/3.7.7))<br>- Go ([1.18.6](https://go.dev/doc/devel/release#go1.18.6))<br>- ignition ([2.14.0](https://github.com/coreos/ignition/releases/tag/v2.14.0))<br>- intel-microcode ([20220809](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20220809))<br>- ldb ([2.4.1](https://gitlab.com/samba-team/samba/-/commit/a795e0c84597aa045d011e663dbad3cdabf0f1e6))<br>- libtool ([2.4.7](https://savannah.gnu.org/forum/forum.php?forum_id=10139))<br>- libxml2 ([2.10.2](https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.2))<br>- ncurses ([6.3_p20220423](https://lists.gnu.org/archive/html/info-gnu/2021-11/msg00001.html))<br>- oniguruma ([6.9.8](https://github.com/kkos/oniguruma/releases/tag/v6.9.8))<br>- OpenSSL ([3.0.7](https://www.openssl.org/news/openssl-3.0-notes.html))<br>- perl ([5.34.1](https://perldoc.perl.org/5.34.1/perldelta))<br>- pkgconf ([1.8.0](https://gitea.treehouse.systems/ariadne/pkgconf/src/tag/pkgconf-1.8.0/NEWS))<br>- polkit ([121](https://gitlab.freedesktop.org/polkit/polkit/-/commit/827b0ddac5b1ef00a47fca4526fcf057bee5f1db))<br>- python ([3.9.12](https://www.python.org/downloads/release/python-3912/))<br>- rsync ([3.2.6](https://github.com/WayneD/rsync/releases/tag/v3.2.6))<br>- runc ([1.1.4](https://github.com/opencontainers/runc/releases/tag/v1.1.4))<br>- samba ([4.15.4](https://www.samba.org/samba/history/samba-4.15.4.html))<br>- shadow ([4.12.3](https://github.com/shadow-maint/shadow/releases/tag/4.12.3))<br>- sqlite ([3.38.1](https://www.sqlite.org/releaselog/3_38_1.html))<br>- sudo ([1.9.10](https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_10))<br>- talloc ([2.3.3](https://gitlab.com/samba-team/samba/-/commit/bc1ee7ca0640f0136e5af7dcc4ca8ed0a5893053))<br>- tevent ([0.11.0](https://gitlab.com/samba-team/samba/-/commit/de4e8a1af9564f6056f9af90867c2f013449051c))<br>- unzip ([6.0_p27](https://metadata.ftp-master.debian.org/changelogs//main/u/unzip/unzip_6.0-27_changelog))<br>- vim ([8.2.5066](https://github.com/vim/vim/releases/tag/v8.2.5066))<br>- OEM: distro ([1.7.0](https://github.com/python-distro/distro/releases/tag/v1.7.0))<br>- OEM: python ([3.9.12](https://www.python.org/downloads/release/python-3912/))<br>- VMware: open-vm-tools ([12.1.0](https://github.com/vmware/open-vm-tools/releases/tag/stable-12.1.0))<br>- SDK: libxslt ([1.1.35](https://gitlab.gnome.org/GNOME/libxslt/-/tags/v1.1.35))<br>- SDK: qemu ([7.0.0](https://wiki.qemu.org/ChangeLog/7.0))<br>- SDK: Rust ([1.63.0](https://github.com/rust-lang/rust/releases/tag/1.63.0))<br><br>_Changes since **Beta 3374.1.1**_<br><br>#### Bug fixes:<br><br>- Fixed Ignition btrfs forced formatting for OEM partition ([coreos-overlay#2277](https://github.com/flatcar/coreos-overlay/pull/2277))<br><br>#### Updates:<br><br>- OpenSSL ([3.0.7](https://www.openssl.org/news/openssl-3.0-notes.html))<br><br>Packages:<br>- containerd 1.6.8<br>- docker 20.10.18<br>- ignition 2.14.0<br>- kernel 5.15.74<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-11-17T07:03:54+00:00 @@ -150,7 +158,7 @@ https://github.com/flatcar/scripts/releases/tag/stable-3227.2.4 3227.2.4 - 2023-10-25T10:20:39.069261+00:00 + 2023-11-22T09:59:28.751557+00:00 _Changes since **Stable 3227.2.3**_<br><br>#### Security fixes:<br>- OpenSSL ([CVE-2022-3602](https://nvd.nist.gov/vuln/detail/CVE-2022-3602), [CVE-2022-3786](https://nvd.nist.gov/vuln/detail/CVE-2022-3786))<br> <br>#### Changes:<br>- OpenStack: enabled `coreos-metadata-sshkeys@.service` to provision SSH keys from metadata. ([Flatcar#817](https://github.com/flatcar/Flatcar/issues/817), [coreos-overlay#2246](https://github.com/flatcar/coreos-overlay/pull/2246))<br> <br>#### Updates:<br>- ca-certificates ([3.84](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_84.html))<br><br>Packages:<br>- containerd 1.6.6<br>- docker 20.10.14<br>- ignition 2.13.0<br>- kernel 5.15.70<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-11-09T13:47:07+00:00 @@ -158,7 +166,7 @@ https://github.com/flatcar/scripts/releases/tag/stable-3227.2.3 3227.2.3 - 2023-10-25T10:20:39.064622+00:00 + 2023-11-22T09:59:28.746843+00:00 _Changes since **Stable 3227.2.2**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-0171](https://nvd.nist.gov/vuln/detail/CVE-2022-0171), [CVE-2022-2663](https://nvd.nist.gov/vuln/detail/CVE-2022-2663), [CVE-2022-2905](https://nvd.nist.gov/vuln/detail/CVE-2022-2905), [CVE-2022-3028](https://nvd.nist.gov/vuln/detail/CVE-2022-3028), [CVE-2022-3061](https://nvd.nist.gov/vuln/detail/CVE-2022-3061), [CVE-2022-3176](https://nvd.nist.gov/vuln/detail/CVE-2022-3176), [CVE-2022-3303](https://nvd.nist.gov/vuln/detail/CVE-2022-3303), [CVE-2022-39190](https://nvd.nist.gov/vuln/detail/CVE-2022-39190), [CVE-2022-39842](https://nvd.nist.gov/vuln/detail/CVE-2022-39842), [CVE-2022-40307](https://nvd.nist.gov/vuln/detail/CVE-2022-40307))<br>- Go ([CVE-2022-32189](https://nvd.nist.gov/vuln/detail/CVE-2022-32189))<br>- torcx ([CVE-2022-27191](https://nvd.nist.gov/vuln/detail/CVE-2022-27191))<br>- expat ([CVE-2022-40674](https://nvd.nist.gov/vuln/detail/CVE-2022-40674))<br><br>#### Bug fixes:<br><br>- Added back `gettext` to the OS ([Flatcar#849](https://github.com/flatcar-linux/Flatcar/issues/849))<br>- Added merging of Ignition systemd duplicated units when auto-translating from Ignition 2 to Ignition 3. ([coreos-overlay#2187](https://github.com/flatcar/coreos-overlay/pull/2187))<br>- Equinix Metal: Fixed serial console settings for the `m3.small.x86` instance by expanding the GRUB check for `i386` to `x86_64` [coreos-overlay#2122](https://github.com/flatcar-linux/coreos-overlay/pull/2122)<br><br>#### Changes:<br><br>- emerge-gitclone: Migrate emerge-gitclone to use scripts repo tags and submodule refs<br><br>#### Updates:<br><br>- Linux ([5.15.70](https://lwn.net/Articles/909212) (includes [5.15.69](https://lwn.net/Articles/908782), [5.15.68](https://lwn.net/Articles/908140), [5.15.67](https://lwn.net/Articles/907526), [5.15.66](https://lwn.net/Articles/907524), [5.15.65](https://lwn.net/Articles/907204), [5.15.64](https://lwn.net/Articles/906630)))<br>- ca-certificates ([3.83](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_83.html))<br>- gettext ([0.21](https://www.gnu.org/software/gettext/))<br>- Go ([1.17.13](https://go.dev/doc/devel/release#go1.17.13))<br>- locksmith([0.7.0](https://github.com/flatcar/locksmith/blob/v0.7.0/CHANGELOG.md#v070--30112021))<br>- expat ([2.4.9](https://github.com/libexpat/libexpat/blob/R_2_4_9/expat/Changes))<br><br>Packages:<br>- containerd 1.6.6<br>- docker 20.10.14<br>- ignition 2.13.0<br>- kernel 5.15.70<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-10-17T14:38:46+00:00 @@ -166,7 +174,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3227.2.2 3227.2.2 - 2023-10-25T10:20:39.058766+00:00 + 2023-11-22T09:59:28.740955+00:00 _Note: The ARM64 AWS AMI of the Stable release has an unknown issue of corrupted images which we are still investigating. We will release the AMI as soon as we have resolved the issue. Follow [#840](https://github.com/flatcar/Flatcar/issues/840) for more information_<br><br>_Changes since **Stable 3227.2.1**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-1679](https://nvd.nist.gov/vuln/detail/CVE-2022-1679), [CVE-2022-2585](https://nvd.nist.gov/vuln/detail/CVE-2022-2585), [CVE-2022-2586](https://nvd.nist.gov/vuln/detail/CVE-2022-2586), [CVE-2022-2588](https://nvd.nist.gov/vuln/detail/CVE-2022-2588), [CVE-2022-26373](https://nvd.nist.gov/vuln/detail/CVE-2022-26373), [CVE-2022-36946](https://nvd.nist.gov/vuln/detail/CVE-2022-36946))<br><br>#### Bug fixes:<br><br>- AWS: added EKS support for version 1.22 and 1.23. ([coreos-overlay#2110](https://github.com/flatcar/coreos-overlay/pull/2110), [Flatcar#829](https://github.com/flatcar/Flatcar/issues/829))<br>- VMWare: excluded `wireguard` (and others) from `systemd-networkd` management. ([init#80](https://github.com/flatcar/init/pull/80))<br><br>#### Changes:<br><br>- The new image signing subkey was added to the public key embedded into `flatcar-install` (the old expired on 10th August 2022), only an updated `flatcar-install` script can verify releases signed with the new key ([init#79](https://github.com/flatcar/init/pull/79))<br><br>#### Updates:<br><br>- Linux ([5.15.63](https://lwn.net/Articles/906061) (includes [5.15.62](https://lwn.net/Articles/905533), [5.15.61](https://lwn.net/Articles/904959), [5.15.60](https://lwn.net/Articles/904461), [5.15.59](https://lwn.net/Articles/903688))<br>- ca-certificates ([3.82](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_82.html))<br><br>Packages:<br>- containerd 1.6.6<br>- docker 20.10.14<br>- ignition 2.13.0<br>- kernel 5.15.63<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-09-01T13:00:57+00:00 @@ -174,7 +182,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3227.2.1 3227.2.1 - 2023-10-25T10:20:39.053200+00:00 + 2023-11-22T09:59:28.735324+00:00 New Stable Release 3227.2.1<br><br>Changes since Stable 3227.2.0<br><br>## Security fixes:<br><br>- Linux ([CVE-2022-23816](https://nvd.nist.gov/vuln/detail/CVE-2022-23816), [CVE-2022-23825](https://nvd.nist.gov/vuln/detail/CVE-2022-23825), [CVE-2022-29900](https://nvd.nist.gov/vuln/detail/CVE-2022-29900), [CVE-2022-29901](https://nvd.nist.gov/vuln/detail/CVE-2022-29901))<br><br>## Bug fixes:<br><br>- Added support for Openstack for cloud-init activation ([flatcar-linux/init#76](https://github.com/flatcar/init/pull/76))<br>- Excluded Wireguard interface from `systemd-networkd` default management ([Flatcar#808](https://github.com/flatcar/Flatcar/issues/808))<br>- Fixed `/etc/resolv.conf` symlink by pointing it at `resolv.conf` instead of `stub-resolv.conf`. This bug was present since the update to systemd v250 ([coreos-overlay#2057](https://github.com/flatcar/coreos-overlay/pull/2057))<br>- Fixed excluded interface type from default systemd-networkd configuration ([flatcar-linux/init#78](https://github.com/flatcar/init/pull/78))<br>- Fixed space escaping in the `networkd` Ignition translation ([Flatcar#812](https://github.com/flatcar/Flatcar/issues/812))<br><br>## Changes:<br><br><br>## Updates:<br><br>- Linux ([5.15.58](https://lwn.net/Articles/902917) (includes [5.15.57](https://lwn.net/Articles/902317), [5.15.56](https://lwn.net/Articles/902101)))<br>- ca-certificates ([3.81](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_81.html))<br><br>Packages:<br>- containerd 1.6.6<br>- docker 20.10.14<br>- ignition 2.13.0<br>- kernel 5.15.58<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-08-04T12:07:17+00:00 @@ -182,7 +190,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3227.2.0 3227.2.0 - 2023-10-25T10:20:39.047803+00:00 + 2023-11-22T09:59:28.729912+00:00 New **Stable** Release **3227.2.0**<br><br>_Changes since **Beta 3227.1.1**_<br><br>## Security fixes:<br><br>- Linux ([CVE-2021-33655](https://nvd.nist.gov/vuln/detail/CVE-2021-33655), [CVE-2022-2318](https://nvd.nist.gov/vuln/detail/CVE-2022-2318), [CVE-2022-26365](https://nvd.nist.gov/vuln/detail/CVE-2022-26365), [CVE-2022-33740](https://nvd.nist.gov/vuln/detail/CVE-2022-33740), [CVE-2022-33741](https://nvd.nist.gov/vuln/detail/CVE-2022-33741), [CVE-2022-33742](https://nvd.nist.gov/vuln/detail/CVE-2022-33742), [CVE-2022-33743](https://nvd.nist.gov/vuln/detail/CVE-2022-33743), [CVE-2022-33744](https://nvd.nist.gov/vuln/detail/CVE-2022-33744), [CVE-2022-34918](https://nvd.nist.gov/vuln/detail/CVE-2022-34918))<br>- Go ([CVE-2022-1705](https://nvd.nist.gov/vuln/detail/CVE-2022-1705), [CVE-2022-1962](https://nvd.nist.gov/vuln/detail/CVE-2022-1962), [CVE-2022-28131](https://nvd.nist.gov/vuln/detail/CVE-2022-28131), [CVE-2022-30630](https://nvd.nist.gov/vuln/detail/CVE-2022-30630), [CVE-2022-30631](https://nvd.nist.gov/vuln/detail/CVE-2022-30631), [CVE-2022-30632](https://nvd.nist.gov/vuln/detail/CVE-2022-30632), [CVE-2022-30633](https://nvd.nist.gov/vuln/detail/CVE-2022-30633), [CVE-2022-30635](https://nvd.nist.gov/vuln/detail/CVE-2022-30635), [CVE-2022-32148](https://nvd.nist.gov/vuln/detail/CVE-2022-32148))<br><br>## Bug fixes:<br><br>- The Ignition v3 kargs directive failed before when used with the generic image where no `grub.cfg` exists, this was fixed by creating it first ([bootengine#47](https://github.com/flatcar/bootengine/pull/47))<br><br>## Changes:<br><br>- Enabled `containerd.service` unit, `br_netfilter` and `overlay` modules by default to follow Kubernetes requirements ([coreos-overlay#1944](https://github.com/flatcar/coreos-overlay/pull/1944), [init#72](https://github.com/flatcar/init/pull/72))<br><br>## Updates:<br><br>- Linux ([5.15.55](https://lwn.net/Articles/901380) (includes [5.15.54](https://lwn.net/Articles/900911), [5.15.53](https://lwn.net/Articles/900321), [5.15.52](https://lwn.net/Articles/899788), [5.15.51](https://lwn.net/Articles/899370), [5.15.50](https://lwn.net/Articles/899091), [5.15.49](https://lwn.net/Articles/898622)))<br>- Go ([1.17.12](https://go.dev/doc/devel/release#go1.17.12))<br>- ca-certificates ([3.80](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_80.html))<br><br>_Changes compared to **Stable 3139.2.3**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2021-33655](https://nvd.nist.gov/vuln/detail/CVE-2021-33655), [CVE-2022-2318](https://nvd.nist.gov/vuln/detail/CVE-2022-2318), [CVE-2022-26365](https://nvd.nist.gov/vuln/detail/CVE-2022-26365), [CVE-2022-33740](https://nvd.nist.gov/vuln/detail/CVE-2022-33740), [CVE-2022-33741](https://nvd.nist.gov/vuln/detail/CVE-2022-33741), [CVE-2022-33742](https://nvd.nist.gov/vuln/detail/CVE-2022-33742), [CVE-2022-33743](https://nvd.nist.gov/vuln/detail/CVE-2022-33743), [CVE-2022-33744](https://nvd.nist.gov/vuln/detail/CVE-2022-33744), [CVE-2022-34918](https://nvd.nist.gov/vuln/detail/CVE-2022-34918))<br>- Go ([CVE-2022-1705](https://nvd.nist.gov/vuln/detail/CVE-2022-1705), [CVE-2022-1962](https://nvd.nist.gov/vuln/detail/CVE-2022-1962), [CVE-2022-28131](https://nvd.nist.gov/vuln/detail/CVE-2022-28131), [CVE-2022-30630](https://nvd.nist.gov/vuln/detail/CVE-2022-30630), [CVE-2022-30631](https://nvd.nist.gov/vuln/detail/CVE-2022-30631), [CVE-2022-30632](https://nvd.nist.gov/vuln/detail/CVE-2022-30632), [CVE-2022-30633](https://nvd.nist.gov/vuln/detail/CVE-2022-30633), [CVE-2022-30635](https://nvd.nist.gov/vuln/detail/CVE-2022-30635), [CVE-2022-32148](https://nvd.nist.gov/vuln/detail/CVE-2022-32148))<br>- cifs-utils ([CVE-2021-20208](https://nvd.nist.gov/vuln/detail/CVE-2021-20208))<br>- containerd ([CVE-2022-23648](https://nvd.nist.gov/vuln/detail/CVE-2022-23648), [CVE-2022-24769](https://nvd.nist.gov/vuln/detail/CVE-2022-24769), [CVE-2022-31030](https://nvd.nist.gov/vuln/detail/CVE-2022-31030))<br>- cryptsetup ([CVE-2021-4122](https://nvd.nist.gov/vuln/detail/CVE-2021-4122)) <br>- duktape ([CVE-2021-46322](https://nvd.nist.gov/vuln/detail/CVE-2021-46322))<br>- gnutls ([CVE-2021-4209](https://nvd.nist.gov/vuln/detail/CVE-2021-4209), [GNUTLS-SA-2022-01-17](https://gitlab.com/gnutls/gnutls/-/issues/1277))<br>- gzip,xz-utils ([CVE-2022-1271](https://nvd.nist.gov/vuln/detail/CVE-2022-1271))<br>- intel-microcode ([CVE-2021-0127](https://nvd.nist.gov/vuln/detail/CVE-2021-0127), [CVE-2021-0146](https://nvd.nist.gov/vuln/detail/CVE-2021-0146))<br>- libarchive ([CVE-2021-31566](https://nvd.nist.gov/vuln/detail/CVE-2021-31566), [CVE-2021-36976](https://nvd.nist.gov/vuln/detail/CVE-2021-36976), [CVE-2022-26280](https://nvd.nist.gov/vuln/detail/CVE-2022-26280))<br>- libxml2 ([CVE-2022-23308](https://nvd.nist.gov/vuln/detail/CVE-2022-23308))<br>- nvidia-drivers ([CVE-2022-28181](https://nvd.nist.gov/vuln/detail/CVE-2022-28181), [CVE-2022-28183](https://nvd.nist.gov/vuln/detail/CVE-2022-28183), [CVE-2022-28184](https://nvd.nist.gov/vuln/detail/CVE-2022-28184), [CVE-2022-28185](https://nvd.nist.gov/vuln/detail/CVE-2022-28185))<br>- shadow ([CVE-2013-4235](https://nvd.nist.gov/vuln/detail/CVE-2013-4235))<br>- systemd ([CVE-2021-3997](https://nvd.nist.gov/vuln/detail/CVE-2021-3997))<br>- util-linux ([CVE-2021-3995](https://nvd.nist.gov/vuln/detail/CVE-2021-3995), [CVE-2021-3996](https://nvd.nist.gov/vuln/detail/CVE-2021-3996), [CVE-2022-0563](https://nvd.nist.gov/vuln/detail/CVE-2022-0563))<br>- vim ([CVE-2021-3984](https://nvd.nist.gov/vuln/detail/CVE-2021-3984), [CVE-2021-4019](https://nvd.nist.gov/vuln/detail/CVE-2021-4019), [CVE-2021-4069](https://nvd.nist.gov/vuln/detail/CVE-2021-4069), [CVE-2021-4136](https://nvd.nist.gov/vuln/detail/CVE-2021-4136), [CVE-2021-4173](https://nvd.nist.gov/vuln/detail/CVE-2021-4173),[ CVE-2021-4166](https://nvd.nist.gov/vuln/detail/CVE-2021-4166), [CVE-2021-4187](https://nvd.nist.gov/vuln/detail/CVE-2021-4187), [CVE-2021-4192](https://nvd.nist.gov/vuln/detail/CVE-2021-4192), [CVE-2021-4193](https://nvd.nist.gov/vuln/detail/CVE-2021-4193), [CVE-2022-0128](https://nvd.nist.gov/vuln/detail/CVE-2022-0128), [CVE-2022-0156](https://nvd.nist.gov/vuln/detail/CVE-2022-0156), [CVE-2022-0158](https://nvd.nist.gov/vuln/detail/CVE-2022-0158), [CVE-2022-0213](https://nvd.nist.gov/vuln/detail/CVE-2022-0213), [CVE-2022-0261](https://nvd.nist.gov/vuln/detail/CVE-2022-0261), [CVE-2022-0318](https://nvd.nist.gov/vuln/detail/CVE-2022-0318), [CVE-2022-0319](https://nvd.nist.gov/vuln/detail/CVE-2022-0319), [CVE-2022-0351](https://nvd.nist.gov/vuln/detail/CVE-2022-0351), [CVE-2022-0359](https://nvd.nist.gov/vuln/detail/CVE-2022-0359), [CVE-2022-0361](https://nvd.nist.gov/vuln/detail/CVE-2022-0361), [CVE-2022-0368](https://nvd.nist.gov/vuln/detail/CVE-2022-0368), [CVE-2022-0392](https://nvd.nist.gov/vuln/detail/CVE-2022-0392), [CVE-2022-0393](https://nvd.nist.gov/vuln/detail/CVE-2022-0393), [CVE-2022-0407](https://nvd.nist.gov/vuln/detail/CVE-2022-0407), [CVE-2022-0408](https://nvd.nist.gov/vuln/detail/CVE-2022-0408), [CVE-2022-0413](https://nvd.nist.gov/vuln/detail/CVE-2022-0413), [CVE-2022-0417](https://nvd.nist.gov/vuln/detail/CVE-2022-0417), [CVE-2022-0443](https://nvd.nist.gov/vuln/detail/CVE-2022-0443))<br>- zlib ([CVE-2018-25032](https://nvd.nist.gov/vuln/detail/CVE-2018-25032))<br>- SDK: squashfs-tools ([CVE-2021-40153](https://nvd.nist.gov/vuln/detail/CVE-2021-40153), [CVE-2021-41072](https://nvd.nist.gov/vuln/detail/CVE-2021-41072))<br><br>#### Bug fixes:<br><br>- Added `networkd` translation to `files` section when converting from Ignition 2.x to Ignition 3.x ([coreos-overlay#1910](https://github.com/flatcar/coreos-overlay/pull/1910), [flatcar#741](https://github.com/flatcar/Flatcar/issues/741))<br>- Added a remount action as `systemd-sysext.service` drop-in unit to restore the OEM partition mount after the overlay mounts in `/usr` are done ([init#69](https://github.com/flatcar/init/pull/69))<br>- Fixed Ignition's OEM ID to be `metal` to follow the Ignition upstream change which otherwise resulted in a broken boot when the Flatcar OEM ID `pxe` was used ([bootengine#45](https://github.com/flatcar/bootengine/pull/45))<br>- Made Ignition write the SSH keys into a file under `authorized_keys.d/ignition` again and added a call to `update-ssh-keys` after Ignition ran to create the merged `authorized_keys` file, which fixes the problem that keys added by Ignition get lost when `update-ssh-keys` runs ([init#66](https://github.com/flatcar/init/pull/66))<br>- Skipped starting `ensure-sysext.service` if `systemd-sysext.service` won't be started, to prevent reporting a dependency failure ([Flatcar#710](https://github.com/flatcar/Flatcar/issues/710))<br>- The Ignition v3 kargs directive failed before when used with the generic image where no `grub.cfg` exists, this was fixed by creating it first ([bootengine#47](https://github.com/flatcar/bootengine/pull/47))<br><br>#### Changes:<br><br>- Added `auditd.service` but left it disabled by default, a custom configuration can be created by removing `/etc/audit/auditd.conf` and replacing it with an own file ([coreos-overlay#1636](https://github.com/flatcar/coreos-overlay/pull/1636))<br>- Added `cryptsetup` to the initramfs for the Ignition `luks` directive ([flatcar-linux/coreos-overlay#1760](https://github.com/flatcar/coreos-overlay/pull/1760))<br>- Besides Ignition v1 and v2 configurations, Ignition configurations with specification v3 (up to 3.3.0) are now supported, see the [docs section for details](https://www.flatcar.org/docs/latest/provisioning/ignition/specification/#ignition-v3)<br>- Bring in dependencies for NFS4 with Kerberos both in kernel and userspace. Tested against NFS4.1 server. [coreos-overlay#1664](https://github.com/flatcar/coreos-overlay/pull/1664)<br>- Enabled `CONFIG_INTEL_RAPL` on AMD64 Kernel config to compile `intel_rapl_common` module in order to allow power monitoring on modern Intel processors ([coreos-overlay#1801](https://github.com/flatcar/coreos-overlay/pull/1801))<br>- Enabled `containerd.service` unit, `br_netfilter` and `overlay` modules by default to follow Kubernetes requirements ([coreos-overlay#1944](https://github.com/flatcar/coreos-overlay/pull/1944), [init#72](https://github.com/flatcar/init/pull/72))<br>- Enabled `systemd-sysext.service` to activate systemd-sysext images on boot, to disable you will need to mask it. Also added a helper service `ensure-sysext.service` which reloads the systemd units to reevaluate the `sockets`, `timers`, and `multi-user` targets when `systemd-sysext.service` is (re)started, making it possible to enable units that are part of a sysext image ([init#65](https://github.com/flatcar/init/pull/65))<br>- For amd64 `/usr/lib` used to be a symlink to `/usr/lib64` but now they became two separate folders as common in other distributions (and was the case for arm64 already). Compatibility symlinks exist in case `/usr/lib64` was used to access, e.g., the `modules` folder or the `systemd` folder ([coreos-overlay#1713](https://github.com/flatcar/coreos-overlay/pull/1713), [scripts#255](https://github.com/flatcar/scripts/pull/255))<br>- Made SELinux enabled by default in default containerd configuration file. ([coreos-overlay#1699](https://github.com/flatcar/coreos-overlay/pull/1699))<br>- Removed rngd.service because it is not essential anymore for the kernel to boot fast in VM environments ([coreos-overlay#1700](https://github.com/flatcar/coreos-overlay/pull/1700))<br>- The systemd-networkd `ManageForeignRoutes` and `ManageForeignRoutingPolicyRules` settings are now disabled through a drop-in file and thus can only be enabled again by a drop-in file under `/etc/systemd/networkd.conf.d/` because drop-in files take precedence over `/etc/systemd/networkd.conf` ([init#61](https://github.com/flatcar/init/pull/61))<br>- Azure VHD disks are now created using subformat=fixed, which makes them suitable for immediate upload to Azure using any tool.<br>- Defined a systemd-sysext level that sysext images can match for instead of the OS version when they don't have a strong coupling, meaning the only metadata required is `SYSEXT_LEVEL=1.0` and `ID=flatcar` ([Flatcar#643](https://github.com/flatcar/Flatcar/issues/643))<br>- ARM64: Added [cifs-utils](https://wiki.samba.org/index.php/LinuxCIFS_utils) for ARM64<br>- ARM64: Added [sssd](https://sssd.io/), [adcli](https://www.freedesktop.org/software/realmd/adcli/adcli.html) and realmd for ARM64<br>- AWS EC2: Removed the setup of `/etc/hostname` from the instance metadata because it used a long FQDN but we can just use use the hostname set via DHCP ([Flatcar#707](https://github.com/flatcar/Flatcar/issues/707))<br>- Azure: Set up `/etc/hostname` from instance metadata with Afterburn<br>- DigitalOcean: In addition to the `bz2` image, a `gz` compressed image is published. This helps against hitting the compression timeout that sometimes lets the image import fail.<br>- OpenStack: In addition to the `bz2` image, a `gz` compressed image is published. This allows Glance to directly consume the images by simply passing in the URL of the image.<br>- SDK: The image compression format is now configurable. Supported formats are: `bz2`, `gz`, `zip`, `none`, `zst`. Selecting the image format can now be done by passing the `--image_compression_formats` option. This flag gets a comma separated list of formats.<br>- SDK / ARM64: Added [go-tspi](https://pkg.go.dev/github.com/coreos/go-tspi) bindings for ARM64<br><br>## Updates:<br><br>- Linux ([5.15.55](https://lwn.net/Articles/901380) (includes [5.15.54](https://lwn.net/Articles/900911), [5.15.53](https://lwn.net/Articles/900321), [5.15.52](https://lwn.net/Articles/899788), [5.15.51](https://lwn.net/Articles/899370), [5.15.50](https://lwn.net/Articles/899091), [5.15.49](https://lwn.net/Articles/898622), [5.15.48](https://lwn.net/Articles/898124), [5.15.47](https://lwn.net/Articles/897904), [5.15.46](https://lwn.net/Articles/897377), [5.15.45](https://lwn.net/Articles/897167), [5.15.44](https://lwn.net/Articles/896647), [5.15.43](https://lwn.net/Articles/896231), [5.15.42](https://lwn.net/Articles/896226), [5.15.41](https://lwn.net/Articles/895645), [5.15.40](https://lwn.net/Articles/895318), [5.15.39](https://lwn.net/Articles/895070), [5.15.38](https://lwn.net/Articles/894357), [5.15.37](https://lwn.net/Articles/893264), [5.15.36](https://lwn.net/Articles/892812), [5.15.35](https://lwn.net/Articles/892002)))<br>- Linux Firmware ([20220411](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20220411) (includes [20220310](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20220310), [20220209](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20220209)))<br>- Docker ([20.10.14](https://docs.docker.com/engine/release-notes/#201014) (includes [20.10.13](https://docs.docker.com/engine/release-notes/#201013)))<br>- Go ([1.17.12](https://go.dev/doc/devel/release#go1.17.12))<br>- afterburn ([5.2.0](https://github.com/coreos/afterburn/releases/tag/v5.2.0))<br>- bind-tools ([9.16.27](https://gitlab.isc.org/isc-projects/bind9/-/blob/v9_16_27/CHANGES))<br>- bpftool ([5.15.8](https://lwn.net/Articles/878631/))<br>- bridge-utils ([1.7.1](https://git.kernel.org/pub/scm/network/bridge/bridge-utils.git/log/?h=v1.7.1))<br>- ca-certificates ([3.80](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_80.html) (includes [3.79](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_79.html), [3.78](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_78.html), [3.77](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_77.html), [3.76](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_76.html), [3.75](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_75.html)))<br>- cifs-utils ([6.13](https://lkml.kernel.org/linux-cifs/CAKywueSqRGSFmeDHQacyu831BNUeGFxGg3vgBmozzhkGBCjyXQ@mail.gmail.com/T/))<br>- conntrack-tools ([1.4.6](https://lists.netfilter.org/pipermail/netfilter-announce/2020/000240.html))<br>- containerd ([1.6.6](https://github.com/containerd/containerd/releases/tag/v1.6.6) (includes [1.6.5](https://github.com/containerd/containerd/releases/tag/v1.6.5), [1.6.4](https://github.com/containerd/containerd/releases/tag/v1.6.4), [1.6.3](https://github.com/containerd/containerd/releases/tag/v1.6.3), [1.6.2](https://github.com/containerd/containerd/releases/tag/v1.6.2), [1.6.1](https://github.com/containerd/containerd/releases/tag/v1.6.1), [1.6.0](https://github.com/containerd/containerd/releases/tag/v1.6.0)))<br>- cryptsetup ([2.4.3](https://lore.kernel.org/all/572c18a7bf60cb1b0f67c3a03c531d7e7ed31832.camel@scientia.net/T/))<br>- dosfstools ([4.2](https://github.com/dosfstools/dosfstools/releases/tag/v4.2))<br>- duktape ([2.7.0](https://github.com/svaarala/duktape/releases/tag/v2.7.0))<br>- e2fsprogs ([1.46.4](http://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.46.4))<br>- elfutils ([0.186](https://sourceware.org/git/?p=elfutils.git;a=blob;f=NEWS;h=490932ae4ef9b5a3af01d2c8c616f14d57586046;hb=983e86fd89e8bf02f2d27ba5dce5bf078af4ceda))<br>- gcc ([10.3.0](https://gcc.gnu.org/gcc-10/changes.html))<br>- gnutls ([3.7.3](https://gitlab.com/gnutls/gnutls/-/merge_requests/1517))<br>- grep ([3.7](https://savannah.gnu.org/forum/forum.php?forum_id=10037))<br>- gzip ([1.12](https://savannah.gnu.org/forum/forum.php?forum_id=10157) (includes [1.11](https://lists.gnu.org/archive/html/info-gnu/2021-09/msg00002.html)))<br>- ignition ([2.13.0](https://github.com/coreos/ignition/releases/tag/v2.13.0))<br>- intel-microcode ([20220207_p20220207](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20220207))<br>- iperf ([3.10.1](https://github.com/esnet/iperf/blob/master/RELNOTES.md#iperf-3101-2021-06-03))<br>- jansson ([2.14](https://github.com/akheron/jansson/blob/v2.14/CHANGES))<br>- kexec-tools ([2.0.22](https://www.spinics.net/lists/kexec/msg26864.html))<br>- less ([590](https://www.greenwoodsoftware.com/less/news.590.html))<br>- libarchive ([3.6.1](https://github.com/libarchive/libarchive/releases/tag/v3.6.1) (includes [3.5.3](https://github.com/libarchive/libarchive/releases/tag/v3.5.3)))<br>- libbsd ([0.11.3](https://gitlab.freedesktop.org/libbsd/libbsd/-/commits/0.11.3/))<br>- libmspack ([0.10.1_alpha](https://github.com/kyz/libmspack/blob/v0.10.1alpha/libmspack/ChangeLog))<br>- libnetfilter_queue ([1.0.5](https://git.netfilter.org/libnetfilter_queue/log/?h=libnetfilter_queue-1.0.5))<br>- libpcap ([1.10.1](https://git.tcpdump.org/libpcap/blob/c7642e2cc0c5bd65754685b160d25dc23c76c6bd:/CHANGES))<br>- libtasn1 ([4.17.0](https://gitlab.com/gnutls/libtasn1/-/blob/v4.17.0/NEWS))<br>- liburing ([2.1](https://github.com/axboe/liburing/commits/liburing-2.1))<br>- libxml2 ([2.9.13](http://www.xmlsoft.org/news.html))<br>- lsscsi ([0.32](https://sg.danny.cz/scsi/lsscsi.ChangeLog))<br>- mdadm ([4.2](https://lore.kernel.org/all/28fdbc45-96ca-7cdb-3ced-a5f65d978048@trained-monkey.org/T/))<br>- multipath-tools ([0.8.7](https://github.com/opensvc/multipath-tools/commits/0.8.7))<br>- nfs-utils ([2.5.4](https://lore.kernel.org/linux-fsdevel/c8795653-7728-18a4-93dc-58943ad0fe09@redhat.com/))<br>- nghttp2 ([1.45.1](https://github.com/nghttp2/nghttp2/releases/tag/v1.45.1))<br>- nvidia-drivers ([510.73.05](https://docs.nvidia.com/datacenter/tesla/tesla-release-notes-510-73-05/index.html))<br>- nvme-cli ([1.16](https://github.com/linux-nvme/nvme-cli/commits/deee9cae1ac94760deebd71f8e5449061338666c))<br>- oniguruma ([6.9.7.1](https://github.com/kkos/oniguruma/releases/tag/v6.9.7.1))<br>- open-isns ([0.101](https://github.com/open-iscsi/open-isns/blob/v0.101/ChangeLog))<br>- pam ([1.5.1_p20210622](https://github.com/linux-pam/linux-pam/commit/fe1307512fb8892b5ceb3d884c793af8dbd4c16a))<br>- pambase (20220214)<br>- pcre2 ([10.39](https://github.com/PhilipHazel/pcre2/blob/pcre2-10.39/NEWS))<br>- pinentry ([1.2.0](https://dev.gnupg.org/T5566))<br>- quota ([4.06](https://sourceforge.net/p/linuxquota/code/ci/0acd4cc6275122fd9864cb7b5d349e65a2622920/))<br>- rpcbind ([1.2.6](https://git.linux-nfs.org/?p=steved/rpcbind.git;a=shortlog;h=refs/tags/rpcbind-1_2_6))<br>- runc ([1.1.1](https://github.com/opencontainers/runc/releases/tag/v1.1.1))<br>- socat ([1.7.4.3](https://repo.or.cz/socat.git/blob/refs/tags/tag-1.7.4.3:/CHANGES))<br>- shadow ([4.11.1](https://github.com/shadow-maint/shadow/releases/tag/v4.11.1))<br>- systemd ([250.3](https://github.com/systemd/systemd-stable/releases/tag/v250.3))<br>- timezone-data ([2021a](https://mm.icann.org/pipermail/tz-announce/2021-January/000065.html))<br>- tcpdump ([4.99.1](https://git.tcpdump.org/tcpdump/blob/5f552b5e6e9fe05f7ad9681d51d0303233daba6a:/CHANGES))<br>- thin-provisioning-tools ([0.9.0](https://github.com/jthornber/thin-provisioning-tools/blob/d6d93c3157631b242a13a81d30f75453e576c55a/CHANGES#L1-L9))<br>- unzip ([6.0_p26](https://metadata.ftp-master.debian.org/changelogs//main/u/unzip/unzip_6.0-26_changelog))<br>- util-linux ([2.37.4](https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.4-ChangeLog))<br>- vim ([8.2.4328](https://github.com/vim/vim/releases/tag/v8.2.4328))<br>- whois ([5.5.11](https://github.com/rfc1036/whois/commit/5f5ba8312c04a759dad05723c035549273d07461))<br>- xfsprogs ([5.14.2](https://marc.info/?l=linux-xfs&m=163883318025390&w=2))<br>- zlib ([1.2.12](https://github.com/madler/zlib/blob/21767c654d31d2dccdde4330529775c6c5fd5389/ChangeLog#L4)) <br>- SDK: gcc-config ([2.5](https://gitweb.gentoo.org/proj/gcc-config.git/tag/?h=v2.5))<br>- SDK: iasl ([20200717](https://www.acpica.org/node/183))<br>- SDK: man-db ([2.9.4](https://gitlab.com/cjwatson/man-db/-/tags/2.9.4))<br>- SDK: man-pages ([5.12-r2](https://man7.org/linux/man-pages/changelog.html#release_5.12))<br>- SDK: netperf ([2.7.0](https://github.com/HewlettPackard/netperf/blob/netperf-2.7.0/Release_Notes))<br>- SDK: Rust ([1.60.0](https://github.com/rust-lang/rust/releases/tag/1.60.0) (includes [1.59.0](https://github.com/rust-lang/rust/releases/tag/1.59.0)))<br>- SDK: squashfs-tools ([4.5_p20210914](https://lore.kernel.org/lkml/CAB3woddJss+ziGp-RjJ-yiax6pc_HLMdxk3Qk5nJdRgjpEYWBg@mail.gmail.com/))<br>- VMware: open-vm-tools ([12.0.0](https://github.com/vmware/open-vm-tools/releases/tag/stable-12.0.0))<br><br>Packages:<br>- containerd 1.6.6<br>- docker 20.10.14<br>- ignition 2.13.0<br>- kernel 5.15.55<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-07-21T15:45:09+00:00 @@ -190,7 +198,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3139.2.3 3139.2.3 - 2023-10-25T10:20:39.028975+00:00 + 2023-11-22T09:59:28.711016+00:00 New **Stable** Release **3139.2.3**<br><br>Changes since **Stable 3139.2.2**<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-1789](https://nvd.nist.gov/vuln/detail/CVE-2022-1789), [CVE-2022-1852](https://nvd.nist.gov/vuln/detail/CVE-2022-1852), [CVE-2022-1972](https://nvd.nist.gov/vuln/detail/CVE-2022-1972), [CVE-2022-1973](https://nvd.nist.gov/vuln/detail/CVE-2022-1973), [CVE-2022-2078](https://nvd.nist.gov/vuln/detail/CVE-2022-2078), [CVE-2022-32250](https://nvd.nist.gov/vuln/detail/CVE-2022-32250), [CVE-2022-32981](https://nvd.nist.gov/vuln/detail/CVE-2022-32981))<br>- libpcre2 ([CVE-2022-1586](https://nvd.nist.gov/vuln/detail/CVE-2022-1586), [CVE-2022-1587](https://nvd.nist.gov/vuln/detail/CVE-2022-1587))<br><br>#### Updates:<br><br>- Linux ([5.15.48](https://lwn.net/Articles/898124) (includes [5.15.47](https://lwn.net/Articles/897904), [5.15.46](https://lwn.net/Articles/897377), [5.15.45](https://lwn.net/Articles/897167), [5.15.44](https://lwn.net/Articles/896647)))<br>- ca-certificates ([3.79](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_79.html))<br>- libpcre2 ([10.40](https://github.com/PCRE2Project/pcre2/blob/pcre2-10.40/NEWS))<br>Packages:<br>- containerd 1.5.11<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.15.48<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-06-23T11:47:39+00:00 @@ -198,7 +206,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3139.2.2 3139.2.2 - 2023-10-25T10:20:39.023987+00:00 + 2023-11-22T09:59:28.705950+00:00 New **Stable** Release **3139.2.2**<br><br>_Changes since **Stable 3139.2.1**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-1734](https://nvd.nist.gov/vuln/detail/CVE-2022-1734), [CVE-2022-28893](https://nvd.nist.gov/vuln/detail/CVE-2022-28893), [CVE-2022-1012](https://nvd.nist.gov/vuln/detail/CVE-2022-1012), [CVE-2022-1729](https://nvd.nist.gov/vuln/detail/CVE-2022-1729))<br>- Go ([CVE-2022-29526](https://nvd.nist.gov/vuln/detail/CVE-2022-29526))<br><br>#### Bug fixes:<br><br>- Ensured `/etc/flatcar/update.conf` exists because it happens to be used as flag file for Ansible ([init#71](https://github.com/flatcar/init/pull/71))<br>- GCP: Fixed shutdown script execution ([coreos-overlay#1912](https://github.com/flatcar/coreos-overlay/pull/1912), [flatcar#743](https://github.com/flatcar/Flatcar/issues/743))<br><br><br>#### Updates:<br><br>- Linux ([5.15.43](https://lwn.net/Articles/896231/) (includes [5.15.42](https://lwn.net/Articles/896226), [5.15.41](https://lwn.net/Articles/895645), [5.15.40](https://lwn.net/Articles/895318), [5.15.39](https://lwn.net/Articles/895070), [5.15.38](https://lwn.net/Articles/894357)))<br>- Go ([1.17.10](https://go.googlesource.com/go/+/refs/tags/go1.17.10))<br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.15.43<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-06-02T15:09:15+00:00 @@ -206,7 +214,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3139.2.1 3139.2.1 - 2023-10-25T10:20:39.019013+00:00 + 2023-11-22T09:59:28.700878+00:00 New **Stable** Release **3139.2.1**<br><br>_Changes since **Stable 3139.2.0**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-28390](https://nvd.nist.gov/vuln/detail/CVE-2022-28390), [CVE-2022-0168](https://nvd.nist.gov/vuln/detail/CVE-2022-0168), [CVE-2022-1158](https://nvd.nist.gov/vuln/detail/CVE-2022-1158), [CVE-2022-1353](https://nvd.nist.gov/vuln/detail/CVE-2022-1353), [CVE-2022-1198](https://nvd.nist.gov/vuln/detail/CVE-2022-1198), [CVE-2022-28389](https://nvd.nist.gov/vuln/detail/CVE-2022-28389), [CVE-2022-28388](https://nvd.nist.gov/vuln/detail/CVE-2022-28388), [CVE-2022-1516](https://nvd.nist.gov/vuln/detail/CVE-2022-1516), [CVE-2022-1263](https://nvd.nist.gov/vuln/detail/CVE-2022-1263), [CVE-2022-29582](https://nvd.nist.gov/vuln/detail/CVE-2022-29582), [CVE-2022-1204](https://nvd.nist.gov/vuln/detail/CVE-2022-1204), [CVE-2022-1205](https://nvd.nist.gov/vuln/detail/CVE-2022-1205), [CVE-2022-0500](https://nvd.nist.gov/vuln/detail/CVE-2022-0500), [CVE-2022-23222](https://nvd.nist.gov/vuln/detail/CVE-2022-23222))<br>- nvidia-drivers ([CVE-2022-21814](https://nvd.nist.gov/vuln/detail/CVE-2022-21814), [CVE-2022-21813](https://nvd.nist.gov/vuln/detail/CVE-2022-21813))<br>- Go ([CVE-2022-24675](https://nvd.nist.gov/vuln/detail/CVE-2022-24675))<br><br>#### Bug fixes:<br><br>- AWS: specify correct console (ttyS0) on kernel command line for ARM64 instances ([coreos-overlay#1628](https://github.com/flatcar/coreos-overlay/pull/1628))<br>- GCE: Restored oem-gce.service functionality on GCP ([coreos-overlay#1813](https://github.com/flatcar/coreos-overlay/pull/1813))<br>- Added pahole to developer container, without it kernel modules built against /usr/src/linux may fail to probe with an 'invalid relocation target' error ([coreos-overlay#1839](https://github.com/flatcar/coreos-overlay/pull/1839))<br><br>#### Changes:<br><br>- Merge the Flatcar Pro features into the regular Flatcar images ([coreos-overlay#1679](https://github.com/flatcar/coreos-overlay/pull/1679)) <br>- GCE: Enabled GVE kernel driver, which adds support for Google Virtual NIC on GCP ([coreos-overlay#1802](https://github.com/flatcar/coreos-overlay/pull/1802))<br>- SDK: Dropped the mantle binaries (kola, ore, etc.) from the SDK, they are now provided by the `ghcr.io/flatcar/mantle` image ([coreos-overlay#1827](https://github.com/flatcar/coreos-overlay/pull/1827), [scripts#275](https://github.com/flatcar/scripts/pull/275))<br><br>#### Updates:<br><br>- Linux ([5.15.37](https://lwn.net/Articles/893264) (includes [5.15.36](https://lwn.net/Articles/892812), [5.15.35](https://lwn.net/Articles/892002), [5.15.34](https://lwn.net/Articles/891251), [5.15.33](https://lwn.net/Articles/890722)))<br>- Go ([1.17.9](https://go.googlesource.com/go/+/refs/tags/go1.17.9))<br>- ca-certificates ([3.78](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_78.html))<br>- nvidia-drivers ([510.47.03](https://docs.nvidia.com/datacenter/tesla/tesla-release-notes-510-47-03/index.html)) <br>- GCE: google compute-image-packages ([20190124](https://github.com/GoogleCloudPlatform/compute-image-packages/releases/tag/20190124))<br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.15.37<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-05-09T14:42:58+00:00 @@ -214,7 +222,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3139.2.0 3139.2.0 - 2023-10-25T10:20:39.012685+00:00 + 2023-11-22T09:59:28.694518+00:00 New **Stable** Release **3139.2.0**<br><br>_Changes since **Stable 3033.2.4**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-1015](https://nvd.nist.gov/vuln/detail/CVE-2022-1015), [CVE-2022-1016](https://nvd.nist.gov/vuln/detail/CVE-2022-1016))<br>- Go ([CVE-2021-44716](https://nvd.nist.gov/vuln/detail/CVE-2021-44716), [CVE-2021-44717](https://nvd.nist.gov/vuln/detail/CVE-2021-44717))<br>- containerd ([CVE-2021-43816](https://nvd.nist.gov/vuln/detail/CVE-2021-43816), [CVE-2022-24769](https://nvd.nist.gov/vuln/detail/CVE-2022-24769))<br>- gcc ([CVE-2020-13844](https://nvd.nist.gov/vuln/detail/CVE-2020-13844))<br>- Ignition ([CVE-2020-14040](https://nvd.nist.gov/vuln/detail/CVE-2020-14040), [CVE-2021-38561](https://nvd.nist.gov/vuln/detail/CVE-2021-38561))<br>- krb5 ([CVE-2021-37750](https://nvd.nist.gov/vuln/detail/CVE-2021-37750))<br>- libarchive ([libarchive-1565](https://github.com/libarchive/libarchive/issues/1565), [libarchive-1566](https://github.com/libarchive/libarchive/issues/1566))<br>- OpenSSH ([CVE-2021-41617](https://nvd.nist.gov/vuln/detail/CVE-2021-41617))<br>- openssl ([CVE-2021-4044](https://nvd.nist.gov/vuln/detail/CVE-2021-4044))<br>- torcx ([CVE-2021-38561](https://nvd.nist.gov/vuln/detail/CVE-2021-38561), [CVE-2021-43565](https://nvd.nist.gov/vuln/detail/CVE-2021-43565))<br>- vim ([CVE-2021-3872](https://nvd.nist.gov/vuln/detail/CVE-2021-3872), [CVE-2021-3875](https://nvd.nist.gov/vuln/detail/CVE-2021-3875), [CVE-2021-3903](https://nvd.nist.gov/vuln/detail/CVE-2021-3903), [CVE-2021-3927](https://nvd.nist.gov/vuln/detail/CVE-2021-3927), [CVE-2021-3928](https://nvd.nist.gov/vuln/detail/CVE-2021-3928), [CVE-2021-3968](https://nvd.nist.gov/vuln/detail/CVE-2021-3968), [CVE-2021-3973](https://nvd.nist.gov/vuln/detail/CVE-2021-3973), [CVE-2021-3974](https://nvd.nist.gov/vuln/detail/CVE-2021-3974))<br>- SDK: edk2-ovmf ([CVE-2019-14584](https://nvd.nist.gov/vuln/detail/CVE-2019-14584), [CVE-2021-28210](https://nvd.nist.gov/vuln/detail/CVE-2021-28210), [CVE-2021-28211](https://nvd.nist.gov/vuln/detail/CVE-2021-28211), [CVE-2021-28213](https://nvd.nist.gov/vuln/detail/CVE-2021-28213))<br>- SDK: libxslt ([CVE-2021-30560](https://nvd.nist.gov/vuln/detail/CVE-2021-30560))<br>- SDK: mantle ([CVE-2021-3121](https://nvd.nist.gov/vuln/detail/CVE-2021-3121), [CVE-2021-38561](https://nvd.nist.gov/vuln/detail/CVE-2021-38561), [CVE-2021-43565](https://nvd.nist.gov/vuln/detail/CVE-2021-43565))<br>- SDK: QEMU ([CVE-2020-35504](https://nvd.nist.gov/vuln/detail/CVE-2020-35504), [CVE-2020-35505](https://nvd.nist.gov/vuln/detail/CVE-2020-35505), [CVE-2020-35506](https://nvd.nist.gov/vuln/detail/CVE-2020-35506), [CVE-2020-35517](https://nvd.nist.gov/vuln/detail/CVE-2020-35517), [CVE-2021-20203](https://nvd.nist.gov/vuln/detail/CVE-2021-20203), [CVE-2021-20255](https://nvd.nist.gov/vuln/detail/CVE-2021-20255), [CVE-2021-20257](https://nvd.nist.gov/vuln/detail/CVE-2021-20257), [CVE-2021-20263](https://nvd.nist.gov/vuln/detail/CVE-2021-20263), [CVE-2021-3409](https://nvd.nist.gov/vuln/detail/CVE-2021-3409), [CVE-2021-3416](https://nvd.nist.gov/vuln/detail/CVE-2021-3416), [CVE-2021-3527](https://nvd.nist.gov/vuln/detail/CVE-2021-3527), [CVE-2021-3544](https://nvd.nist.gov/vuln/detail/CVE-2021-3544), [CVE-2021-3545](https://nvd.nist.gov/vuln/detail/CVE-2021-3545), [CVE-2021-3546](https://nvd.nist.gov/vuln/detail/CVE-2021-3546), [CVE-2021-3582](https://nvd.nist.gov/vuln/detail/CVE-2021-3582), [CVE-2021-3607](https://nvd.nist.gov/vuln/detail/CVE-2021-3607), [CVE-2021-3608](https://nvd.nist.gov/vuln/detail/CVE-2021-3608), [CVE-2021-3682](https://nvd.nist.gov/vuln/detail/CVE-2021-3682))<br>- SDK: Rust ([CVE-2022-21658](https://nvd.nist.gov/vuln/detail/CVE-2022-21658))<br><br>#### Bug fixes:<br><br>- Excluded the Kubenet cbr0 interface from networkd's DHCP config and set it to Unmanaged to prevent interference and ensure that it is not part of the network online check ([init#55](https://github.com/flatcar/init/pull/55))<br>- Fixed the dracut emergency Ignition log printing that had a scripting error causing the cat command to fail ([bootengine#33](https://github.com/flatcar/bootengine/pull/33))<br>- network: Accept ICMPv6 Router Advertisements to fix IPv6 address assignment in the default DHCP setting ([init#51](https://github.com/flatcar/init/pull/51), [coreos-cloudinit#12](https://github.com/flatcar/coreos-cloudinit/pull/12), [bootengine#30](https://github.com/flatcar/bootengine/pull/30))<br>- flatcar-update: Stopped checking for the `USER` environment variable which may not be set in all environments, causing the script to fail unless a workaround was used like prepending an additional `sudo` invocation ([init#58](https://github.com/flatcar/init/pull/58))<br>- Reverted the Linux kernel commit which broke networking on AWS instances which use Intel 82559 NIC (c4/m4) ([Flatcar#665](https://github.com/flatcar/Flatcar/issues/665), [coreos-overlay#1723](https://github.com/flatcar/coreos-overlay/pull/1723))<br>- Re-added the `brd drbd nbd rbd xen-blkfront zram libarc4 lru_cache zsmalloc` kernel modules to the initramfs since they were missing compared to the Flatcar 3033.2.x releases where the 5.10 kernel is used ([bootengine#40](https://github.com/flatcar/bootengine/pull/40))<br><br>#### Changes:<br><br>- Added a new flatcar-update tool to the image to ease manual updates, rollbacks, channel/release jumping, and airgapped updates ([init#53](https://github.com/flatcar/init/pull/53))<br>- Update-engine now creates the `/run/reboot-required` flag file for [kured](https://github.com/weaveworks/kured) ([update_engine#15](https://github.com/flatcar/update_engine/pull/15))<br>- Excluded special network interface devices like bridge, tunnel, vxlan, and veth devices from the default DHCP configuration to prevent networkd interference ([init#56](https://github.com/flatcar/init/pull/56))<br>- Added CONFIG_NF_CT_NETLINK_HELPER (for libnetfilter_cthelper), CONFIG_NET_VRF (for virtual routing and forwarding) and CONFIG_KEY_DH_OPERATIONS (for keyutils) to the kernel config ([coreos-overlay#1524](https://github.com/flatcar/coreos-overlay/pull/1524))<br>- Enabled the FIPS support for the Linux kernel, which users can now choose through a kernel parameter in `grub.cfg` (check it taking effect with `cat /proc/sys/crypto/fips_enabled`) ([coreos-overlay#1602](https://github.com/flatcar/coreos-overlay/pull/1602))<br>- Enabled FIPS mode for cryptsetup ([portage-stable#312](https://github.com/flatcar/portage-stable/pull/312))<br>- Rework the way we set up the default python intepreter in SDK - it is now without specifying a version. This should work fine as long as we keep having one version of python in SDK.<br>- Add a way to remove packages that are hard-blockers for update. A hard-blocker means that the package needs to be removed (for example with `emerge -C`) before an update can happen.<br>- Removed the pre-shipped `/etc/flatcar/update.conf` file, leaving it totally to the user to define the contents as it was unnecessarily overwriting the `/use/share/flatcar/update.conf` ([scripts#212](https://github.com/flatcar/scripts/pull/212))<br><br>#### Updates:<br><br>- Linux ([5.15.32](https://lwn.net/Articles/889438)) (from 5.15.30)<br>- Linux headers ([5.15](https://lwn.net/Articles/876611/))<br>- GCC [9.4.0](https://lists.gnu.org/archive/html/info-gnu/2021-06/msg00000.html)<br>- acl ([2.3.1](https://git.savannah.nongnu.org/cgit/acl.git/log/?h=v2.3.1))<br>- attr ([2.5.1](https://git.savannah.nongnu.org/cgit/attr.git/log/?h=v2.5.1))<br>- audit ([3.0.6](https://listman.redhat.com/archives/linux-audit/2021-October/msg00000.html))<br>- boost ([1.76.0](https://www.boost.org/users/history/version_1_76_0.html))<br>- btrfs-progs ([5.15.1](https://btrfs.wiki.kernel.org/index.php/Changelog#btrfs-progs_v5.15_.28Nov_2021.29))<br>- ca-certificates ([3.77](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_77.html))<br>- containerd ([1.5.11](https://github.com/containerd/containerd/releases/tag/v1.5.11))<br>- coreutils ([8.32](https://lists.gnu.org/archive/html/coreutils-announce/2020-03/msg00000.html))<br>- diffutils ([3.8](https://lists.gnu.org/archive/html/info-gnu/2021-08/msg00000.html))<br>- ethtool ([5.10](https://git.kernel.org/pub/scm/network/ethtool/ethtool.git/tree/NEWS?h=v5.10))<br>- findutils ([4.8.0](https://savannah.gnu.org/forum/forum.php?forum_id=9914))<br>- glib ([2.68.4](https://gitlab.gnome.org/GNOME/glib/-/releases/2.68.4))<br>- i2c-tools ([4.2](https://git.kernel.org/pub/scm/utils/i2c-tools/i2c-tools.git/log/?h=v4.2))<br>- iproute2 ([5.15](https://lwn.net/ml/linux-kernel/20211101164705.6f4f2e41%40hermes.local/))<br>- ipset ([7.11](https://ipset.netfilter.org/changelog.html))<br>- iputils ([20210722](https://github.com/iputils/iputils/releases/tag/20210722))<br>- ipvsadm ([1.27](http://archive.linuxvirtualserver.org/html/lvs-devel/2013-09/msg00011.html))<br>- kmod ([29](https://git.kernel.org/pub/scm/utils/kernel/kmod/kmod.git/commit/?id=b6ecfc916a17eab8f93be5b09f4e4f845aabd3d1))<br>- libarchive [3.5.2](https://github.com/libarchive/libarchive/releases/tag/v3.5.2)<br>- libcap-ng ([0.8.2](https://github.com/stevegrubb/libcap-ng/releases/tag/v0.8.2))<br>- libseccomp ([2.5.1](https://github.com/seccomp/libseccomp/releases/tag/v2.5.1))<br>- lshw ([02.19.2b_p20210121](https://www.ezix.org/project/wiki/HardwareLiSter#Changes))<br>- lsof ([4.94.0](https://github.com/lsof-org/lsof/releases/tag/4.94.0))<br>- openssh ([8.8](http://www.openssh.com/txt/release-8.8))<br>- openssl ([3.0.2](https://www.openssl.org/news/changelog.html#openssl-30))<br>- parted ([3.4](https://savannah.gnu.org/forum/forum.php?forum_id=9924) (includes [3.3](https://savannah.gnu.org/forum/forum.php?forum_id=9569)))<br>- pciutils ([3.7.0](https://github.com/pciutils/pciutils/commit/864aecdea9c7db626856d8d452f6c784316a878c))<br>- polkit ([0.120](https://gitlab.freedesktop.org/polkit/polkit/-/blob/0.120/NEWS))<br>- runc ([1.1.0](https://github.com/opencontainers/runc/releases/tag/v1.1.0))<br>- sbsigntools ([0.9.4](https://git.kernel.org/pub/scm/linux/kernel/git/jejb/sbsigntools.git/tag/?h=v0.9.4))<br>- sed ([4.8](https://savannah.gnu.org/forum/forum.php?forum_id=9647))<br>- usbutils ([014](https://github.com/gregkh/usbutils/commit/57fb18e59cce31a50a1ca62d1e192512c905ba00))<br>- vim [8.2.3582](https://github.com/vim/vim/releases/tag/v8.2.3582)<br>- Azure: Python for OEM images ([3.9.8](https://www.python.org/downloads/release/python-398/))<br>- Azure: WALinuxAgent ([2.6.0.2](https://github.com/Azure/WALinuxAgent/releases/tag/v2.6.0.2))<br>- SDK: edk2-ovmf [202105](https://github.com/tianocore/edk2/releases/tag/edk2-stable202105)<br>- SDK: file ([5.40](https://mailman.astron.com/pipermail/file/2021-March/000478.html))<br>- SDK: ipxe [1.21.1](https://github.com/ipxe/ipxe/releases/tag/v1.21.1)<br>- SDK: mantle ([0.18.0](https://github.com/flatcar/mantle/releases/tag/v0.18.0))<br>- SDK: perf ([5.15](https://kernelnewbies.org/LinuxChanges#Linux_5.15.Tracing.2C_perf_and_BPF))<br>- SDK: Python ([3.9.8](https://www.python.org/downloads/release/python-398/))<br>- SDK: qemu ([6.1.0](https://wiki.qemu.org/ChangeLog/6.1)<br>- SDK: Rust ([1.58.1](https://github.com/rust-lang/rust/releases/tag/1.58.1))<br>- SDK: seabios [1.14.0](https://seabios.org/Releases#SeaBIOS_1.14.0)<br>- SDK: sgabios [0.1_pre10](https://git.qemu.org/?p=sgabios.git;a=tree;h=a85446adb0e0)<br><br>_Changes since **Beta 3139.1.1**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-1015](https://nvd.nist.gov/vuln/detail/CVE-2022-1015), [CVE-2022-1016](https://nvd.nist.gov/vuln/detail/CVE-2022-1016))<br>- containerd ([CVE-2022-24769](https://nvd.nist.gov/vuln/detail/CVE-2022-24769))<br><br>#### Changes:<br><br>- Enabled FIPS mode for cryptsetup ([portage-stable#312](https://github.com/flatcar/portage-stable/pull/312))<br><br>#### Updates:<br><br>- Linux ([5.15.32](https://lwn.net/Articles/889438)) (from 5.15.30)<br>- ca-certificates ([3.77](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_77.html))<br>- containerd ([1.5.11](https://github.com/containerd/containerd/releases/tag/v1.5.11))<br>- Azure: WALinuxAgent ([2.6.0.2](https://github.com/Azure/WALinuxAgent/releases/tag/v2.6.0.2))<br><br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.15.32<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-04-07T12:05:52+00:00 @@ -222,7 +230,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3033.2.4 3033.2.4 - 2023-10-25T10:20:39.000281+00:00 + 2023-11-22T09:59:28.682116+00:00 New **Stable** Release **3033.2.4**<br><br>**Changes since Stable-3033.2.3**<br><br>#### Security fixes<br>- Linux ([CVE-2022-25636](https://nvd.nist.gov/vuln/detail/CVE-2022-25636))<br>- Go ([CVE-2022-24921](https://nvd.nist.gov/vuln/detail/CVE-2022-24921))<br>- systemd ([CVE-2021-3997](https://nvd.nist.gov/vuln/detail/CVE-2021-3997))<br>- containerd ([CVE-2022-23648](https://nvd.nist.gov/vuln/detail/CVE-2022-23648))<br>- openssl ([CVE-2022-0778](https://nvd.nist.gov/vuln/detail/CVE-2022-0778))<br><br>#### Bug fixes<br>- Reverted the Linux kernel commit which broke networking on AWS instances which use Intel 82559 NIC (c4/m4) ([Flatcar#665](https://github.com/flatcar/Flatcar/issues/665), [coreos-overlay#1720](https://github.com/flatcar/coreos-overlay/pull/1720))<br><br>#### Changes<br>- Added support for switching back to CGroupsV1 without requiring a reboot. Create `/etc/flatcar-cgroupv1` through ignition. ([coreos-overlay#1666](https://github.com/flatcar/coreos-overlay/pull/1666))<br><br>#### Updates<br>- Linux ([5.10.107](https://lwn.net/Articles/888522) (from 5.10.102, includes [5.10.103](https://lwn.net/Articles/886570), [5.10.104](https://lwn.net/Articles/887220), [5.10.105](https://lwn.net/Articles/887639), [5.10.106](https://lwn.net/Articles/888115)))<br>- Go ([1.17.8](https://go.googlesource.com/go/+/refs/tags/go1.17.8))<br>- systemd ([249.10](https://github.com/systemd/systemd-stable/releases/tag/v249.10))<br>- ca-certificates ([3.76](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_76.html))<br>- containerd ([1.5.10](https://github.com/containerd/containerd/releases/tag/v1.5.10))<br>- openssl ([1.1.1n](https://www.openssl.org/news/changelog.html#openssl-111))<br><br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.10.107<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-03-23T13:33:43+00:00 @@ -230,7 +238,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3033.2.3 3033.2.3 - 2023-10-25T10:20:38.994942+00:00 + 2023-11-22T09:59:28.676714+00:00 New **Stable** Release **3033.2.3**<br><br>_Changes since **Stable 3033.2.2**_<br><br>#### Security fixes<br>- Linux ([CVE-2022-24448](https://nvd.nist.gov/vuln/detail/CVE-2022-24448), [CVE-2022-0617](https://nvd.nist.gov/vuln/detail/CVE-2022-0617), [CVE-2022-24959](https://nvd.nist.gov/vuln/detail/CVE-2022-24959), [CVE-2022-0492](https://nvd.nist.gov/vuln/detail/CVE-2022-0492), [CVE-2022-0516](https://nvd.nist.gov/vuln/detail/CVE-2022-0516), [CVE-2022-0435](https://nvd.nist.gov/vuln/detail/CVE-2022-0435), [CVE-2022-0487](https://nvd.nist.gov/vuln/detail/CVE-2022-0487), [CVE-2022-25375](https://nvd.nist.gov/vuln/detail/CVE-2022-25375), [CVE-2022-25258](https://nvd.nist.gov/vuln/detail/CVE-2022-25258), [CVE-2022-0847](https://nvd.nist.gov/vuln/detail/CVE-2022-0847))<br>- go ([CVE-2022-23806](https://nvd.nist.gov/vuln/detail/CVE-2022-23806), [CVE-2022-23772](https://nvd.nist.gov/vuln/detail/CVE-2022-23772), [CVE-2022-23773](https://nvd.nist.gov/vuln/detail/CVE-2022-23773))<br>- ignition ([CVE-2020-14040](https://nvd.nist.gov/vuln/detail/CVE-2020-14040))<br>- expat ([CVE-2022-25235](https://nvd.nist.gov/vuln/detail/CVE-2022-25235), [CVE-2022-25236](https://nvd.nist.gov/vuln/detail/CVE-2022-25236), [CVE-2022-25313](https://nvd.nist.gov/vuln/detail/CVE-2022-25313), [CVE-2022-25314](https://nvd.nist.gov/vuln/detail/CVE-2022-25314), [CVE-2022-25315](https://nvd.nist.gov/vuln/detail/CVE-2022-25315))<br><br>#### Bug fixes<br>- Disabled the systemd-networkd settings `ManageForeignRoutes` and `ManageForeignRoutingPolicyRules` by default to ensure that CNIs like Cilium don't get their routes or routing policy rules discarded on network reconfiguration events ([Flatcar#620](https://github.com/flatcar/Flatcar/issues/620)).<br>- Prevented hitting races when creating filesystems in Ignition, these races caused boot failures like `fsck[1343]: Failed to stat /dev/disk/by-label/ROOT: No such file or directory` when creating a btrfs root filesystem ([ignition#35](https://github.com/flatcar/ignition/pull/35))<br>- Reverted the Linux kernel change to forbid xfrm id 0 for IPSec state because it broke Cilium ([Flatcar#626](https://github.com/flatcar/Flatcar/issues/626), [coreos-overlay#1682](https://github.com/flatcar/coreos-overlay/pull/1682))<br><br>#### Updates<br>- Linux ([5.10.102](https://lwn.net/Articles/885896)) (from 5.10.96)<br>- Go ([1.17.7](https://go.googlesource.com/go/+/refs/tags/go1.17.7) (includes [1.17.6](https://go.googlesource.com/go/+/refs/tags/go1.17.6)))<br>- expat ([2.4.6](https://github.com/libexpat/libexpat/blob/R_2_4_6/expat/Changes))<br>- ca-certificates ([3.75](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_75.html))<br><br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.10.102<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-03-07T13:12:34+00:00 @@ -238,7 +246,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3033.2.2 3033.2.2 - 2023-10-25T10:20:38.988959+00:00 + 2023-11-22T09:59:28.670688+00:00 New **Stable** Release **3033.2.2**<br><br>_Changes since **Stable 3033.2.1**_<br><br>#### Security fixes<br>- Linux ([CVE-2021-43976](https://nvd.nist.gov/vuln/detail/CVE-2021-43976), [CVE-2022-0330](https://nvd.nist.gov/vuln/detail/CVE-2022-0330), [CVE-2022-22942](https://nvd.nist.gov/vuln/detail/CVE-2022-22942))<br>- expat ([CVE-2022-23852](https://nvd.nist.gov/vuln/detail/CVE-2022-23852), [CVE-2022-23990](https://nvd.nist.gov/vuln/detail/CVE-2022-23990))<br>- glibc ([CVE-2021-3998](https://nvd.nist.gov/vuln/detail/CVE-2021-3998), [CVE-2021-3999](https://nvd.nist.gov/vuln/detail/CVE-2021-3999), [CVE-2022-23218](https://nvd.nist.gov/vuln/detail/CVE-2022-23218), [CVE-2022-23219](https://nvd.nist.gov/vuln/detail/CVE-2022-23219))<br>- polkit ([CVE-2021-4034](https://nvd.nist.gov/vuln/detail/CVE-2021-4034))<br><br><br>#### Bug fixes<br>- SDK: Fixed build error popping up in the new SDK Container because `policycoreutils` used the wrong ROOT to update the SELinux store ([flatcar-linux/coreos-overlay#1502](https://github.com/flatcar/coreos-overlay/pull/1502))<br>- Fixed leak of SELinux policy store to the root filesystem top directory due to wrong store path in `policycoreutils` instead of `/var/lib/selinux` ([flatcar-linux/Flatcar#596](https://github.com/flatcar/Flatcar/issues/596))<br><br>#### Updates<br>- Linux ([5.10.96](https://lwn.net/Articles/883442)) (from 5.10.93)<br>- Linux Firmware ([20211216](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20211216))<br>- expat ([2.4.4](https://github.com/libexpat/libexpat/blob/R_2_4_4/expat/Changes))<br>Packages:<br>- docker 20.10.12<br>- ignition 0.34.0<br>- kernel 5.10.96<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-02-09T10:03:27+00:00 @@ -246,7 +254,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3033.2.1 3033.2.1 - 2023-10-25T10:20:38.983633+00:00 + 2023-11-22T09:59:28.665327+00:00 New **Stable** release **3033.2.1**<br><br>_Changes since **Stable 3033.2.0**_<br><br>#### Known issues:<br>- The SELinux policy store update fix resulted in some files leaked to the root filesystem top directory ([flatcar-linux/Flatcar#596](https://github.com/flatcar/Flatcar/issues/596))<br><br>#### Security fixes:<br><br>- Linux ([CVE-2021-4135](https://nvd.nist.gov/vuln/detail/CVE-2021-4135), [CVE-2021-4155](https://nvd.nist.gov/vuln/detail/CVE-2021-4155), [CVE-2021-28711](https://nvd.nist.gov/vuln/detail/CVE-2021-28711), [CVE-2021-28712](https://nvd.nist.gov/vuln/detail/CVE-2021-28712), [CVE-2021-28713](https://nvd.nist.gov/vuln/detail/CVE-2021-28713), [CVE-2021-28714](https://nvd.nist.gov/vuln/detail/CVE-2021-28714), [CVE-2021-28715](https://nvd.nist.gov/vuln/detail/CVE-2021-28715), [CVE-2021-39685](https://nvd.nist.gov/vuln/detail/CVE-2021-39685), [CVE-2021-44733](https://nvd.nist.gov/vuln/detail/CVE-2021-44733), [CVE-2021-45095](https://nvd.nist.gov/vuln/detail/CVE-2021-45095), [CVE-2022-0185](https://nvd.nist.gov/vuln/detail/CVE-2022-0185))<br>- ca-certificates ([CVE-2021-43527](https://nvd.nist.gov/vuln/detail/CVE-2021-43527))<br>- containerd ([CVE-2021-43816](https://nvd.nist.gov/vuln/detail/CVE-2021-43816))<br>- expat ([CVE-2021-45960](https://nvd.nist.gov/vuln/detail/CVE-2021-45960), [CVE-2021-46143](https://nvd.nist.gov/vuln/detail/CVE-2021-46143), [CVE-2022-22822](https://nvd.nist.gov/vuln/detail/CVE-2022-22822), [CVE-2022-22823](https://nvd.nist.gov/vuln/detail/CVE-2022-22823), [CVE-2022-22824](https://nvd.nist.gov/vuln/detail/CVE-2022-22824), [CVE-2022-22825](https://nvd.nist.gov/vuln/detail/CVE-2022-22825), [CVE-2022-22826](https://nvd.nist.gov/vuln/detail/CVE-2022-22826), [CVE-2022-22827](https://nvd.nist.gov/vuln/detail/CVE-2022-22827))<br><br>#### Bug fixes:<br><br>- Ensured that the `/run/xtables.lock` coordination file exists for modifications of the xtables backend from containers (must be bind-mounted) or the `iptables-legacy` binaries on the host ([flatcar-linux/init#57](https://github.com/flatcar/init/pull/57))<br>- dev container: Fix github URL for coreos-overlay and portage-stable to use repos from flatcar-linux org directly instead of relying on redirects from the kinvolk org. This fixes checkouts with emerge-gitclone inside dev-container. ([flatcar-linux/scripts#194](https://github.com/flatcar/scripts/pull/194))<br>- SDK: Fixed build error popping up in the new SDK Container because `policycoreutils` used the wrong ROOT to update the SELinux store ([flatcar-linux/coreos-overlay#1502](https://github.com/flatcar/coreos-overlay/pull/1502))<br><br>#### Changes:<br><br>- Backported `elf` support for `iproute2` ([flatcar-linux/coreos-overlay#1256](https://github.com/flatcar/coreos-overlay/pull/1526))<br><br>#### Updates:<br><br>- Linux ([5.10.93](https://lwn.net/Articles/881964)) (from 5.10.84)<br>- ca-certificates ([3.74](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_74.html))<br>- Docker ([20.10.12](https://docs.docker.com/engine/release-notes/#201012))<br>- containerd ([1.5.9](https://github.com/containerd/containerd/releases/tag/v1.5.9))<br>- expat ([2.4.3](https://github.com/libexpat/libexpat/blob/R_2_4_3/expat/Changes))<br><br>Packages:<br>- docker 20.10.12<br>- ignition 0.34.0<br>- kernel 5.10.93<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-01-26T08:17:16+00:00 @@ -254,7 +262,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3033.2.0 3033.2.0 - 2023-10-25T10:20:38.977230+00:00 + 2023-11-22T09:59:28.658870+00:00 New **Stable** release **3033.2.0**<br><br>_Changes since **Stable 2983.2.1**_<br><br>**Security fixes**<br><br><br><br>* Linux ([CVE-2021-4002](https://nvd.nist.gov/vuln/detail/CVE-2021-4002), [CVE-2020-27820](https://nvd.nist.gov/vuln/detail/CVE-2020-27820), [CVE-2021-4001](https://nvd.nist.gov/vuln/detail/CVE-2021-4001), [CVE-2021-43975](https://nvd.nist.gov/vuln/detail/CVE-2021-43975))<br>* Go ([CVE-2021-29923](https://nvd.nist.gov/vuln/detail/CVE-2021-29923),[ CVE-2021-39293](https://nvd.nist.gov/vuln/detail/CVE-2021-39293),[ CVE-2021-38297](https://nvd.nist.gov/vuln/detail/CVE-2021-38297),[CVE-2021-39293](https://nvd.nist.gov/vuln/detail/CVE-2021-39293), [CVE-2021-44717](https://nvd.nist.gov/vuln/detail/CVE-2021-44717), [CVE-2021-44716](https://nvd.nist.gov/vuln/detail/CVE-2021-44716))<br>* bash ([CVE-2019-9924](https://nvd.nist.gov/vuln/detail/CVE-2019-9924),[ CVE-2019-18276](https://nvd.nist.gov/vuln/detail/CVE-2019-18276))<br>* binutils ([CVE-2021-3530](https://nvd.nist.gov/vuln/detail/CVE-2021-3530),[ CVE-2021-3549](https://nvd.nist.gov/vuln/detail/CVE-2021-3549))<br>* ca-certificates ([CVE-2021-43527](https://nvd.nist.gov/vuln/detail/CVE-2021-43527))<br>* containerd ([CVE-2021-41103](https://nvd.nist.gov/vuln/detail/CVE-2021-41103))<br>* curl ([CVE-2021-22945](https://nvd.nist.gov/vuln/detail/CVE-2021-22945),[ CVE-2021-22946](https://nvd.nist.gov/vuln/detail/CVE-2021-22946),[ CVE-2021-22947](https://nvd.nist.gov/vuln/detail/CVE-2021-22947))<br>* Docker ([CVE-2021-41092](https://nvd.nist.gov/vuln/detail/CVE-2021-41092),[ CVE-2021-41089](https://nvd.nist.gov/vuln/detail/CVE-2021-41089),[ CVE-2021-41091](https://nvd.nist.gov/vuln/detail/CVE-2021-41091))<br>* git ([CVE-2021-40330](https://nvd.nist.gov/vuln/detail/CVE-2021-40330))<br>* glibc ([CVE-2021-38604](https://nvd.nist.gov/vuln/detail/CVE-2021-38604))<br>* gnupg ([CVE-2020-25125](https://nvd.nist.gov/vuln/detail/CVE-2020-25125))<br>* libgcrypt ([CVE-2021-40528](https://nvd.nist.gov/vuln/detail/CVE-2021-40528))<br>* nettle ([CVE-2021-20305](https://nvd.nist.gov/vuln/detail/CVE-2021-20305),[ CVE-2021-3580](https://nvd.nist.gov/vuln/detail/CVE-2021-3580))<br>* polkit ([CVE-2021-3560](https://nvd.nist.gov/vuln/detail/CVE-2021-3560))<br>* sssd ([CVE-2021-3621](https://nvd.nist.gov/vuln/detail/CVE-2021-3621))<br>* util-linux ([CVE-2021-37600](https://nvd.nist.gov/vuln/detail/CVE-2021-37600))<br>* vim ([CVE-2021-3770](https://nvd.nist.gov/vuln/detail/CVE-2021-3770),[ CVE-2021-3778](https://nvd.nist.gov/vuln/detail/CVE-2021-3778),[ CVE-2021-3796](https://nvd.nist.gov/vuln/detail/CVE-2021-3796))<br>* SDK: bison ([CVE-2020-14150](https://nvd.nist.gov/vuln/detail/CVE-2020-14150),[ CVE-2020-24240](https://nvd.nist.gov/vuln/detail/CVE-2020-24240))<br>* SDK: perl ([CVE-2020-10878](https://nvd.nist.gov/vuln/detail/CVE-2020-10878))<br><br>**Bug fixes**<br><br><br><br>* arm64: the Polkit service does not crash anymore. ([flatcar-linux/Flatcar#156](https://github.com/flatcar/Flatcar/issues/156))<br>* toolbox: fixed support for multi-layered docker images ([toolbox#5](https://github.com/flatcar/toolbox/pull/5))<br>* Run emergency.target on ignition/torcx service unit failure in dracut ([bootengine#28](https://github.com/flatcar/bootengine/pull/28))<br>* Fix vim warnings on missing file, when built with USE=”minimal” ([portage-stable#260](https://github.com/flatcar/portage-stable/pull/260))<br>* The Torcx profile `docker-1.12-no` got fixed to reference the current Docker version instead of 19.03 which wasn't found on the image, causing Torcx to fail to provide Docker ([PR#1456](https://github.com/flatcar/coreos-overlay/pull/1456))<br><br>**Changes**<br><br><br><br>* Added GPIO support ([coreos-overlay#1236](https://github.com/flatcar/coreos-overlay/pull/1236))<br>* Enabled SELinux in permissive mode on ARM64 ([coreos-overlay#1245](https://github.com/flatcar/coreos-overlay/pull/1245))<br>* The `iptables` command uses the nftables kernel backend instead of the iptables backend, you can also migrate to using the `nft` tool instead of `iptables`. Containers with `iptables` binaries that use the iptables backend will result in [mixing both kernel backends](https://wiki.nftables.org/wiki-nftables/index.php/Troubleshooting#Question_4._How_do_nftables_and_iptables_interact_when_used_on_the_same_system.3F) which is supported but you have to look up the rules separately (on the host you can use the `iptables-legacy` and friends).<br><br>**Updates**<br><br><br><br>* Linux ([5.10.84](https://lwn.net/Articles/878041/))<br>* Linux Firmware ([20210919](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20210919))<br>* Docker ([20.10.9](https://docs.docker.com/engine/release-notes/#20109))<br>* Go ([1.17.5](https://go.googlesource.com/go/+/refs/tags/go1.17.5))<br>* containerd ([1.5.8](https://github.com/containerd/containerd/releases/tag/v1.5.8))<br>* systemd ([249.4](https://github.com/systemd/systemd-stable/blob/v249.4/NEWS))<br>* bash ([5.1_p8](https://lists.gnu.org/archive/html/info-gnu/2020-12/msg00003.html))<br>* binutils ([2.37](https://sourceware.org/pipermail/binutils/2021-July/117384.html))<br>* curl ([7.79.1](https://curl.se/changes.html#7_79_1))<br>* ca-certificates ([3.73](https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/vy9284s8APM))<br>* duktape ([2.6.0](https://github.com/svaarala/duktape/blob/master/doc/release-notes-v2-6.rst))<br>* ebtables ([2.0.11](https://lwn.net/Articles/806179/))<br>* git ([2.32.0](https://github.com/git/git/blob/master/Documentation/RelNotes/2.32.0.txt))<br>* gnupg ([2.2.29](https://lists.gnupg.org/pipermail/gnupg-announce/2021q3/000461.html))<br>* iptables ([1.8.7](https://lwn.net/Articles/843069/))<br>* keyutils ([1.6.1](https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/keyutils.git/tag/?h=v1.6.1))<br>* ldb ([2.3.0](https://gitlab.com/samba-team/samba/-/tags/ldb-2.3.0))<br>* libgcrypt ([1.9.4](https://dev.gnupg.org/T5402))<br>* libmnl ([1.0.4](https://marc.info/?l=netfilter-devel&m=146745072727070&w=2))<br>* libnftnl ([1.2.0](https://marc.info/?l=netfilter&m=162194376520385&w=2))<br>* libtirpc ([1.3.2](https://www.spinics.net/lists/linux-nfs/msg84129.html))<br>* lvm2 ([2.02.188](https://github.com/lvmteam/lvm2/releases/tag/v2_02_188))<br>* nettle ([3.7.3](https://lists.gnu.org/archive/html/info-gnu/2021-06/msg00002.html))<br>* nftables ([0.9.9](https://lwn.net/Articles/857369/))<br>* net-tools ([2.10](https://sourceforge.net/p/net-tools/code/ci/v2.10/tree/))<br>* openssh ([8.7_p1-r1](https://www.openssh.com/txt/release-8.7))<br>* open-vm-tools ([11.3.5](https://github.com/vmware/open-vm-tools/releases/tag/stable-11.3.5))<br>* polkit ([0.119](https://gitlab.freedesktop.org/polkit/polkit/-/blob/0.119/NEWS))<br>* realmd ([0.17.0](https://gitlab.freedesktop.org/realmd/realmd/-/tags/0.17.0))<br>* runc ([1.0.3](https://github.com/opencontainers/runc/releases/tag/v1.0.3))<br>* talloc ([2.3.2](https://gitlab.com/samba-team/samba/-/tags/talloc-2.3.2))<br>* util-linux ([2.37.2](https://github.com/karelzak/util-linux/blob/v2.37.2/NEWS))<br>* vim ([8.2.3428](https://github.com/vim/vim/releases/tag/v8.2.3428))<br>* xenstore ([4.14.2](https://xenproject.org/downloads/xen-project-archives/xen-project-4-14-series/xen-project-4-14-2/))<br>* SDK: gnuconfig (20210107)<br>* SDK: google-cloud-sdk ([355.0.0](https://groups.google.com/g/google-cloud-sdk-announce/c/HoJuttxnzNQ))<br>* SDK: meson (0.57.2)<br>* SDK: mtools (4.0.35)<br>* SDK: perl ([5.34.0](https://perldoc.perl.org/perl5340delta))<br>* SDK: Rust ([1.55.0](https://blog.rust-lang.org/2021/09/09/Rust-1.55.0.html))<br>* SDK: texinfo ([6.8](https://github.com/debian-tex/texinfo/releases/tag/upstream%2F6.8))<br><br>_Changes since **Beta 3033.1.1**_<br><br>**Security fixes**<br><br><br><br>* Linux ([CVE-2021-4002](https://nvd.nist.gov/vuln/detail/CVE-2021-4002), [CVE-2020-27820](https://nvd.nist.gov/vuln/detail/CVE-2020-27820), [CVE-2021-4001](https://nvd.nist.gov/vuln/detail/CVE-2021-4001), [CVE-2021-43975](https://nvd.nist.gov/vuln/detail/CVE-2021-43975))<br>* Go ([CVE-2021-29923](https://nvd.nist.gov/vuln/detail/CVE-2021-29923),[ CVE-2021-39293](https://nvd.nist.gov/vuln/detail/CVE-2021-39293),[ CVE-2021-38297](https://nvd.nist.gov/vuln/detail/CVE-2021-38297),[CVE-2021-39293](https://nvd.nist.gov/vuln/detail/CVE-2021-39293), [CVE-2021-44717](https://nvd.nist.gov/vuln/detail/CVE-2021-44717), [CVE-2021-44716](https://nvd.nist.gov/vuln/detail/CVE-2021-44716))<br>* ca-certificates ([CVE-2021-43527](https://nvd.nist.gov/vuln/detail/CVE-2021-43527))<br><br>**Bug fixes**<br><br><br><br>* Fix vim warnings on missing file, when built with USE=”minimal” ([portage-stable#260](https://github.com/flatcar/portage-stable/pull/260))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.84](https://lwn.net/Articles/878041/))<br>* Go ([1.17.5](https://go.googlesource.com/go/+/refs/tags/go1.17.5))<br>* ca-certificates ([3.73](https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/vy9284s8APM))<br>Packages:<br>- docker 20.10.11<br>- ignition 0.34.0<br>- kernel 5.10.84<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2021-12-15T19:36:24+00:00 @@ -262,7 +270,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2983.2.1 2983.2.1 - 2023-10-25T10:20:38.967157+00:00 + 2023-11-22T09:59:28.648795+00:00 New **Stable** Release **2983.2.1**<br><br>_Changes since **Stable 2983.2.0**_<br><br>**Security fixes**<br><br>* Linux ([CVE-2021-42739](https://nvd.nist.gov/vuln/detail/CVE-2021-42739))<br>* Docker, containerd ([CVE-2021-41190](https://nvd.nist.gov/vuln/detail/CVE-2021-41190))<br><br>**Updates**<br><br>* Linux ([5.10.80](https://lwn.net/Articles/876426/))<br>* Docker ([20.10.11](https://docs.docker.com/engine/release-notes/#20111))<br>* containerd ([1.5.8](https://github.com/containerd/containerd/releases/tag/v1.5.8))<br>* ca-certificates ([3.72](https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/7O6a4NlaI2A))<br><br>**Changes**<br><br>* Added missing SELinux rule as initial step to resolve Torcx unpacking issue ([coreos-overlay#1426](https://github.com/flatcar/coreos-overlay/pull/1426))<br>Packages:<br>- docker 20.10.11<br>- ignition 0.34.0<br>- kernel 5.10.80<br>- systemd 247<br><br>Architectures:<br>- amd64<br> 2021-11-25T11:10:38+00:00 @@ -270,7 +278,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2983.2.0 2983.2.0 - 2023-10-25T10:20:38.962372+00:00 + 2023-11-22T09:59:28.643998+00:00 New **Stable** release **2983.2.0**<br><br>Update to CGroupsV2<br><br>CGroups V2 is coming to Stable! Introduced in Alpha 2969.0.0, the feature has been stabilising for almost three months now and will be included in Stable 2983.2.0. \<br>NOTE that only new nodes will utilize CGroupsV2 by default. Existing nodes remain on CGroupsV1 and need to be manually migrated to CGroupsV2. To learn more about CGroupsV2 on Flatcar Container Linux and the migration guide, please refer to[ https://kinvolk.io/docs/flatcar-container-linux/latest/container-runtimes/switching-to-unified-cgroups/](https://kinvolk.io/docs/flatcar-container-linux/latest/container-runtimes/switching-to-unified-cgroups/)<br><br>_Changes since **Beta 2983.1.2**_<br><br>**Security fixes**<br><br><br><br>* Linux ([CVE-2021-3760](https://nvd.nist.gov/vuln/detail/CVE-2021-3760), [CVE-2021-3772](https://nvd.nist.gov/vuln/detail/CVE-2021-3772), [CVE-2021-42327](https://nvd.nist.gov/vuln/detail/CVE-2021-42327), [CVE-2021-43056](https://nvd.nist.gov/vuln/detail/CVE-2021-43056), [CVE-2021-43267](https://nvd.nist.gov/vuln/detail/CVE-2021-43267), [CVE-2021-43389](https://nvd.nist.gov/vuln/detail/CVE-2021-43389))<br>* Go ([CVE-2021-41771](https://nvd.nist.gov/vuln/detail/CVE-2021-41771),[ CVE-2021-41772](https://nvd.nist.gov/vuln/detail/CVE-2021-41772))<br><br>**Bug fixes**<br><br><br><br>* Use https protocol instead of git for Github URLs ([flatcar-linux/coreos-overlay#1394](https://github.com/flatcar/coreos-overlay/pull/1394))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.77](https://lwn.net/Articles/874852/))<br>* Go ([1.16.10](https://go.googlesource.com/go/+/refs/tags/go1.16.10))<br><br>_Changes since **Stable 2905.2.6**_<br><br>**Security fixes**<br><br><br><br>* Linux (CVE-2021-3609, [CVE-2021-3653](https://nvd.nist.gov/vuln/detail/CVE-2021-3653), CVE-2021-3655, [CVE-2021-3656](https://nvd.nist.gov/vuln/detail/CVE-2021-3656), [CVE-2021-3760](https://nvd.nist.gov/vuln/detail/CVE-2021-3760), [CVE-2021-3772](https://nvd.nist.gov/vuln/detail/CVE-2021-3772), [CVE-2020-26541](https://nvd.nist.gov/vuln/detail/CVE-2020-26541), [CVE-2021-35039](https://nvd.nist.gov/vuln/detail/CVE-2021-35039), [CVE-2021-37576](https://nvd.nist.gov/vuln/detail/CVE-2021-37576), [CVE-2021-22543](https://nvd.nist.gov/vuln/detail/CVE-2021-22543), [CVE-2021-33909](https://nvd.nist.gov/vuln/detail/CVE-2021-33909), [CVE-2021-34556](https://nvd.nist.gov/vuln/detail/CVE-2021-34556), [CVE-2021-35477](https://nvd.nist.gov/vuln/detail/CVE-2021-35477), [CVE-2021-38166](https://nvd.nist.gov/vuln/detail/CVE-2021-38166), [CVE-2021-38205](https://nvd.nist.gov/vuln/detail/CVE-2021-38205), [CVE-2021-42327](https://nvd.nist.gov/vuln/detail/CVE-2021-42327), [CVE-2021-43056](https://nvd.nist.gov/vuln/detail/CVE-2021-43056), [CVE-2021-43267](https://nvd.nist.gov/vuln/detail/CVE-2021-43267), [CVE-2021-43389](https://nvd.nist.gov/vuln/detail/CVE-2021-43389))<br>* Go ([CVE-2021-34558](https://nvd.nist.gov/vuln/detail/CVE-2021-34558), [CVE-2021-41771](https://nvd.nist.gov/vuln/detail/CVE-2021-41771),[ CVE-2021-41772](https://nvd.nist.gov/vuln/detail/CVE-2021-41772))<br>* c-ares ([CVE-2021-3672](https://nvd.nist.gov/vuln/detail/CVE-2021-3672))<br>* containerd ([CVE-2021-32760](https://nvd.nist.gov/vuln/detail/CVE-2021-32760))<br>* curl (CVE-2021-22922, CVE-2021-22923, CVE-2021-22924, CVE-2021-22925, CVE-2021-22926)<br>* dnsmasq ([CVE-2021-3448](https://nvd.nist.gov/vuln/detail/CVE-2021-3448))<br>* expat ([CVE-2013-0340](https://nvd.nist.gov/vuln/detail/CVE-2013-0340))<br>* glibc ([CVE-2020-29562](https://nvd.nist.gov/vuln/detail/CVE-2020-29562), [CVE-2019-25013](https://nvd.nist.gov/vuln/detail/CVE-2019-25013), [CVE-2020-27618](https://nvd.nist.gov/vuln/detail/https://cve.circl.lu/cve/CVE-2020-27618), [CVE-2021-27645](https://nvd.nist.gov/vuln/detail/CVE-2021-27645), [CVE-2021-33574](https://nvd.nist.gov/vuln/detail/CVE-2021-33574), [CVE-2021-35942](https://nvd.nist.gov/vuln/detail/CVE-2021-35942))<br>* libgcrypt ([CVE-2021-33560](https://nvd.nist.gov/vuln/detail/CVE-2021-33560))<br>* libpcre ([CVE-2019-20838](https://nvd.nist.gov/vuln/detail/CVE-2019-20838), [CVE-2020-14155](https://nvd.nist.gov/vuln/detail/CVE-2020-14155))<br>* libuv ([CVE-2021-22918](https://nvd.nist.gov/vuln/detail/CVE-2021-22918))<br>* mit-krb5 ([CVE-2021-36222](https://nvd.nist.gov/vuln/detail/CVE-2021-36222))<br>* NVIDIA Drivers ([CVE-2021-1090](https://nvd.nist.gov/vuln/detail/CVE-2021-1090), [CVE-2021-1093](https://nvd.nist.gov/vuln/detail/CVE-2021-1093), [CVE-2021-1094](https://nvd.nist.gov/vuln/detail/CVE-2021-1094), [CVE-2021-1095](https://nvd.nist.gov/vuln/detail/CVE-2021-1095))<br>* systemd ([CVE-2020-13529](https://nvd.nist.gov/vuln/detail/CVE-2020-13529), [CVE-2021-33910](https://nvd.nist.gov/vuln/detail/CVE-2021-33910))<br>* tar ([CVE-2021-20193](https://nvd.nist.gov/vuln/detail/CVE-2021-20193))<br><br>**Bug fixes**<br><br><br><br>* Use https protocol instead of git for Github URLs ([flatcar-linux/coreos-overlay#1394](https://github.com/flatcar/coreos-overlay/pull/1394))<br>* Skip tcsd.service for TPM2 devices to fix failures on c3.small.x86 instances of Equinix Metal ([Flatcar#208](https://github.com/flatcar/Flatcar/issues/208))<br>* Fixed containerd config after introduction of CGroupsV2 ([coreos-overlay#1214](https://github.com/flatcar/coreos-overlay/pull/1214))<br>* Fixed path for amazon-ssm-agent in base-ec2.ign ([coreos-overlay#1228](https://github.com/flatcar/coreos-overlay/pull/1228))<br>* Fixed locksmith adhering to reboot window when getting the etcd lock ([locksmith#10](https://github.com/flatcar/locksmith/pull/10))<br>* Add the systemd tag in udev for Azure storage devices, to fix /boot automount ([init#41](https://github.com/flatcar/init/pull/41))<br><br>**Changes**<br><br><br><br>* Added Azure[ Generation 2 VM](https://docs.microsoft.com/en-us/azure/virtual-machines/generation-2) support ([coreos-overlay#1198](https://github.com/flatcar/coreos-overlay/pull/1198))<br>* cgroups v2 by default for new nodes ([coreos-overlay#931](https://github.com/flatcar/coreos-overlay/pull/931)).<br>* Upgrade Docker to 20.10 ([coreos-overlay#931](https://github.com/flatcar/coreos-overlay/pull/931))<br>* Switched Docker ecosystem packages to go1.16 ([coreos-overlay#1217](https://github.com/flatcar/coreos-overlay/pull/1217))<br>* Added lbzip2 binary to the image ([coreos-overlay#1221](https://github.com/flatcar/coreos-overlay/pull/1221))<br>* flatcar-install uses lbzip2 if present, falls back on bzip2 if not ([init#46](https://github.com/flatcar/init/pull/46))<br>* Added Intel E800 series network adapter driver ([coreos-overlay#1237](https://github.com/flatcar/coreos-overlay/pull/1237))<br>* Enabled ‘audit’ use flag for sys-libs/pam ([coreos-overlay#1233](https://github.com/flatcar/coreos-overlay/pull/1233))<br>* Bumped etcd and flannel to respectively 3.5.0, 0.14.0 to get multiarch images for arm64 support. _Note for users of the old etcd v2 support_: ETCDCTL_API=2 must be set to use v2 store as well as ETCD_ENABLE_V2=true in the etcd-member.service - this support will be removed in 3.6.0 ([coreos-overlay#1179](https://github.com/flatcar/coreos-overlay/pull/1179))<br>* Support BTRFS in OEM and /usr partitions, but only used it for the OEM partition for now. Ignition configurations that refer to the OEM partition will work with any filesystem format specified, a mismatch is not resulting in a boot error. ([coreos-overlay#1106](https://github.com/flatcar/coreos-overlay/pull/1106))<br>* Switched the arm64 kernel to use a 4k page size instead of 64k<br>* Switched dm-verity corruption detection to issue a kernel panic (a panic results in a reboot after 1 minute, this was the case before already) instead of merely failing certain syscalls that try to use the corrupted data<br>* Enabled ARM64 SDK bootstrap ([flatcar-linux/scripts#134](https://github.com/flatcar/scripts/pull/134))<br>* SDK: enabled experimental ARM64 SDK usage ([flatcar-linux/scripts#134](https://github.com/flatcar/scripts/pull/134)) ([flatcar-linux/scripts#141](https://github.com/flatcar/scripts/pull/141))<br>* AWS: Added amazon-ssm-agent ([coreos-overlay#1162](https://github.com/flatcar/coreos-overlay/pull/1162))<br>* Azure: Compile OEM contents for all architectures ([coreos-overlay#1196](https://github.com/flatcar/coreos-overlay/pull/1196))<br>* update_engine: add postinstall hook to stay on cgroupv1 ([update_engine#13](https://github.com/flatcar/update_engine/pull/13))<br>* Enable telnet support for curl ([coreos-overlay#1099](https://github.com/flatcar/coreos-overlay/pull/1099))<br>* Enable ssl USE flag for wget ([coreos-overlay#932](https://github.com/flatcar/coreos-overlay/pull/932))<br>* Enable MDIO_BCM_UNIMAC for arm64 ([coreos-overlay#929](https://github.com/flatcar/coreos-overlay/pull/929))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.77](https://lwn.net/Articles/874852/))<br>* Linux firmware ([20210818](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20210818))<br>* Go ([1.16.10](https://go.googlesource.com/go/+/refs/tags/go1.16.10))<br>* c-ares ([1.17.2](https://c-ares.haxx.se/changelog.html#1_17_2))<br>* containerd ([1.5.7](https://github.com/containerd/containerd/releases/tag/v1.5.7))<br>* cryptsetup ([2.3.6](https://gitlab.com/cryptsetup/cryptsetup/-/tags/v2.3.6))<br>* curl ([7.78](https://curl.se/changes.html#7_78_0))<br>* dbus ([1.12.20](https://github.com/freedesktop/dbus/blob/ab88811768f750777d1a8b9d9ab12f13390bfd3a/NEWS#L1))<br>* docker ([20.10.10](https://docs.docker.com/engine/release-notes/#201010))<br>* docker CLI ([20.10.10](https://github.com/docker/cli/releases/tag/v20.10.10))<br>* docker proxy ([0.8.0_p20210525](https://github.com/moby/libnetwork/commit/64b7a4574d1426139437d20e81c0b6d391130ec8))<br>* dracut ([053](https://github.com/dracutdevs/dracut/releases/tag/053))<br>* etcd ([3.5.0](https://github.com/etcd-io/etcd/releases/tag/v3.5.0))<br>* expat ([2.4.1](https://www.xml.com/news/2021-05-expat-240-and-241/))<br>* gettext ([0.21-r1](https://lists.gnu.org/archive/html/info-gnu/2020-07/msg00009.html))<br>* glibc ([2.33-r5](https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7dfddd056de5f23bc29591d212f4051ed9d0634e))<br>* gptfdisk (1.0.7)<br>* flannel ([0.14.0](https://github.com/flannel-io/flannel/releases/tag/v0.14.0))<br>* intel-microcode ([20210608](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20210608))<br>* libarchive ([3.5.1](https://github.com/libarchive/libarchive/releases/tag/3.5.1))<br>* libev (4.33)<br>* libpcre (8.44)<br>* libuv ([1.41.1](https://github.com/libuv/libuv/releases/tag/v1.41.1))<br>* libverto ([0.3.1](https://github.com/latchset/libverto/releases/tag/0.3.1))<br>* lz4 ([1.9.3-r1](https://github.com/lz4/lz4/releases/tag/v1.9.3))<br>* mit-krb5 ([1.19.2](https://github.com/krb5/krb5/tree/krb5-1.19.2-final))<br>* NVIDIA Drivers ([470.57.02](https://docs.nvidia.com/datacenter/tesla/tesla-release-notes-470-57-02/index.html))<br>* pax-utils (1.3.1)<br>* portage-utils ([0.90](https://github.com/gentoo/portage-utils/releases/tag/v0.90))<br>* readline ([8.1_p1](https://tiswww.case.edu/php/chet/readline/CHANGES))<br>* runc ([1.0.2](https://github.com/opencontainers/runc/releases/tag/v1.0.2))<br>* selinux ([3.1](https://github.com/SELinuxProject/selinux/releases/tag/20200710))<br>* selinux-refpolicy ([2.20200818](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20200818))<br>* strace ([5.12](https://github.com/strace/strace/releases/tag/v5.12))<br>* systemd ([247.9](https://github.com/systemd/systemd-stable/releases/tag/v247.9))<br>* tar ([1.34](https://savannah.gnu.org/forum/forum.php?forum_id=9935))<br>* tini ([0.19](https://github.com/krallin/tini/releases/tag/v0.19.0))<br>* wa-linux-agent ([2.3.1.1](https://github.com/Azure/WALinuxAgent/releases/tag/v2.3.1.1))<br>* xz-utils ([5.2.5](https://git.tukaani.org/?p=xz.git;a=blob;f=NEWS;h=aade49443ad7ddba13bbfd9da188c99664736d80;hb=3247e95115acb95bc27f41e8cf4501db5b0b4309#l16))<br>* SDK: dnsmasq ([2.85](https://thekelleys.org.uk/dnsmasq/CHANGELOG))<br>* SDK: rust ([1.54](https://github.com/rust-lang/rust/releases/tag/1.54.0))<br>* VMWare: open-vm-tools ([11.3.0](https://github.com/vmware/open-vm-tools/releases/tag/stable-11.3.0))<br>Packages:<br>- docker 20.10.10<br>- ignition 0.34.0<br>- kernel 5.10.77<br>- systemd 247<br><br>Architectures:<br>- amd64<br> 2021-11-09T08:18:14+00:00 @@ -278,7 +286,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2905.2.6 2905.2.6 - 2023-10-25T10:20:38.949834+00:00 + 2023-11-22T09:59:28.631580+00:00 New **Stable** release **2905.2.6**<br><br>_Changes since **Stable 2905.2.5**_<br><br>**Security fixes**<br><br><br><br>* Linux ([CVE-2021-3764](https://nvd.nist.gov/vuln/detail/CVE-2021-3764), [CVE-2021-3744](https://nvd.nist.gov/vuln/detail/CVE-2021-3744), [CVE-2021-38300](https://nvd.nist.gov/vuln/detail/CVE-2021-38300), [CVE-2021-20321](https://nvd.nist.gov/vuln/detail/CVE-2021-20321), [CVE-2021-41864](https://nvd.nist.gov/vuln/detail/CVE-2021-41864))<br>* containerd ([CVE-2021-41103](https://nvd.nist.gov/vuln/detail/CVE-2021-41103))<br><br>**Bux fixes**<br><br><br><br>* The tcsd service for TPM 1 is not started on machines with TPM 2 anymore where it fails and isn’t necessary ([flatcar-linux/coreos-overlay#1364](https://github.com/flatcar/coreos-overlay/pull/1364))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.75](https://lwn.net/Articles/873465/))<br>* ca-certificates ([3.69.1](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_69_1.html#nss-3-69-1-release-notes))<br>* containerd ([1.5.7](https://github.com/containerd)<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.10.75<br>- systemd 247<br><br>Architectures:<br>- amd64<br> 2021-10-25T15:56:47+00:00 @@ -286,7 +294,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2905.2.5 2905.2.5 - 2023-10-25T10:20:38.944996+00:00 + 2023-11-22T09:59:28.626604+00:00 New **Stable** release **2905.2.5**<br><br>_Changes since **Stable 2905.2.4**_<br><br>**Security fixes**<br><br>* Linux ([CVE-2021-41073](https://nvd.nist.gov/vuln/detail/CVE-2021-41073), [CVE-2020-16119](https://nvd.nist.gov/vuln/detail/CVE-2020-16119))<br><br>**Bug fixes**<br><br>* The Mellanox NIC Linux driver issue introduced in the previous release was fixed ([Flatcar#520](https://github.com/flatcar/Flatcar/issues/520))<br><br>**Updates**<br><br>* Linux ([5.10.69](https://lwn.net/Articles/870544/))<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.10.69<br>- systemd 247<br><br>Architectures:<br>- amd64<br> 2021-09-30T16:21:29+00:00 @@ -294,7 +302,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2905.2.4 2905.2.4 - 2023-10-25T10:20:38.940482+00:00 + 2023-11-22T09:59:28.622027+00:00 <br>New **Stable** release **2905.2.4**<br><br>_Changes since **Stable 2905.2.3**_<br><br>**Security fixes**<br><br><br><br>* Linux ([CVE-2021-3753](https://nvd.nist.gov/vuln/detail/CVE-2021-3753),[ CVE-2021-3739](https://nvd.nist.gov/vuln/detail/CVE-2021-3739), [CVE-2021-40490](https://nvd.nist.gov/vuln/detail/CVE-2021-40490))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.67](https://lwn.net/Articles/869749/))<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.10.67<br>- systemd 247<br><br>Architectures:<br>- amd64<br> 2021-09-27T08:32:01+00:00 @@ -302,7 +310,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2905.2.3 2905.2.3 - 2023-10-25T10:20:38.936044+00:00 + 2023-11-22T09:59:28.617506+00:00 New **Stable** release **2905.2.3**<br><br>_Changes since **Stable 2905.2.2**_<br><br>**Security fixes**<br><br><br><br>* Linux ([CVE-2021-3653](https://nvd.nist.gov/vuln/detail/CVE-2021-3653), [CVE-2021-3656](https://nvd.nist.gov/vuln/detail/CVE-2021-3656), [CVE-2021-38166](https://nvd.nist.gov/vuln/detail/CVE-2021-38166)) <br>* openssl ([CVE-2021-3711](https://nvd.nist.gov/vuln/detail/CVE-2021-3711), [CVE-2021-3712](https://nvd.nist.gov/vuln/detail/CVE-2021-3712))<br><br>**Bug Fixes**<br><br><br><br>* Re-enabled kernel config FS_ENCRYPTION ([coreos-overlay#1212](https://github.com/kinvolk/coreos-overlay/pull/1212/))<br>* Fixed Perl in dev-container ([coreos-overlay#1238](https://github.com/kinvolk/coreos-overlay/pull/1238))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.61](https://lwn.net/Articles/867497/))<br>* openssl ([1.1.1l](https://mta.openssl.org/pipermail/openssl-announce/2021-August/000206.html))<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.10.61<br>- systemd 247<br><br>Architectures:<br>- amd64<br> 2021-09-01T14:15:46+00:00 @@ -310,7 +318,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2905.2.2 2905.2.2 - 2023-10-25T10:20:38.931289+00:00 + 2023-11-22T09:59:28.612650+00:00 _Changes since **Stable**_ **2905.2.1**<br><br>**Security fixes**<br><br><br><br>* Linux ([CVE-2021-34556](https://nvd.nist.gov/vuln/detail/CVE-2021-34556), [CVE-2021-35477](https://nvd.nist.gov/vuln/detail/CVE-2021-35477), [CVE-2021-38205](https://nvd.nist.gov/vuln/detail/CVE-2021-38205))<br>* Go ([CVE-2021-36221](https://nvd.nist.gov/vuln/detail/CVE-2021-36221))<br>* Systemd ([CVE-2020-13529](https://nvd.nist.gov/vuln/detail/CVE-2020-13529), [CVE-2021-33910](https://nvd.nist.gov/vuln/detail/CVE-2021-33910))<br><br>**Bug Fixes**<br><br><br><br>* Fixed `pam.d` sssd LDAP auth with sudo ([coreos-overlay#1170](https://github.com/kinvolk/coreos-overlay/pull/1170))<br>* Let network-cleanup.service finish before entering rootfs ([coreos-overlay#1182](https://github.com/kinvolk/coreos-overlay/pull/1182))<br><br>**Changes**<br><br><br><br>* Switched to zstd for the initramfs ([coreos-overlay#1136](https://github.com/kinvolk/coreos-overlay/pull/1136))<br>* Embedded new subkey in flatcar-install ([coreos-overlay#1180](https://github.com/kinvolk/coreos-overlay/pull/1180))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.59](https://lwn.net/Articles/866302/))<br>* Systemd ([247.9](https://github.com/systemd/systemd-stable/releases/tag/v247.9))<br>* Go ([1.16.7](https://golang.org/doc/devel/release#go1.16.minor))<br>* portage-utils ([0.90](https://github.com/gentoo/portage-utils/releases/tag/v0.90))<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.10.59<br>- systemd 247<br><br>Architectures:<br>- amd64<br> 2021-08-19T13:36:44+00:00 @@ -318,7 +326,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2905.2.1 2905.2.1 - 2023-10-25T10:20:38.926202+00:00 + 2023-11-22T09:59:28.607509+00:00 **Security fixes**<br><br>* Linux ([CVE-2021-37576](https://nvd.nist.gov/vuln/detail/CVE-2021-37576))<br><br>**Bug fixes**<br><br>* Set the cilium_vxlan interface to be not managed by networkd's default setup with DHCP as it's managed by Cilium. ([init#43](https://github.com/kinvolk/init/pull/43))<br>* Disabled SELinux by default on `dockerd` wrapper script ([coreos-overlay#1149](https://github.com/kinvolk/coreos-overlay/pull/1149))<br>* GCE: Granted CAP_NET_ADMIN to set routes for the TCP LB when starting oem-gce.service ([coreos-overlay#1146](https://github.com/kinvolk/coreos-overlay/pull/1146))<br><br>**Updates**<br><br>* Linux ([5.10.55](https://lwn.net/Articles/864901/))<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.10.55<br>- systemd 247<br><br>Architectures:<br>- amd64<br> 2021-08-04T13:24:56+00:00 @@ -326,7 +334,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2905.2.0 2905.2.0 - 2023-10-25T10:20:38.921493+00:00 + 2023-11-22T09:59:28.602640+00:00 _Changes since **Beta 2905.1.0**_<br><br>**Security Fixes**<br><br><br><br>* containerd ([CVE-2021-32760](https://nvd.nist.gov/vuln/detail/CVE-2021-32760))<br>* curl (CVE-2021-22922, CVE-2021-22923, CVE-2021-22924, CVE-2021-22925, CVE-2021-22926)<br>* linux ([CVE-2020-26541](https://nvd.nist.gov/vuln/detail/CVE-2020-26541), [CVE-2021-35039](https://nvd.nist.gov/vuln/detail/CVE-2021-35039), [CVE-2021-22543](https://nvd.nist.gov/vuln/detail/CVE-2021-22543), CVE-2021-3609, CVE-2021-3655, [CVE-2021-33909](https://nvd.nist.gov/vuln/detail/CVE-2021-33909))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.52](https://lwn.net/Articles/863648/))<br>* curl ([7.78](https://curl.se/changes.html#7_78_0))<br>* containerd ([1.5.4](https://github.com/containerd/containerd/releases/tag/v1.5.4))<br><br>_Changes since **Stable 2765.2.6**_<br><br>**Security Fixes:**<br><br><br><br>* Linux ([CVE-2020-26541](https://nvd.nist.gov/vuln/detail/CVE-2020-26541), [CVE-2021-35039](https://nvd.nist.gov/vuln/detail/CVE-2021-35039), [CVE-2021-22543](https://nvd.nist.gov/vuln/detail/CVE-2021-22543), CVE-2021-3609, CVE-2021-3655, [CVE-2021-33909](https://nvd.nist.gov/vuln/detail/CVE-2021-33909), [CVE-2021-34693](https://nvd.nist.gov/vuln/detail/CVE-2021-34693), [CVE-2021-33624](https://nvd.nist.gov/vuln/detail/CVE-2021-33624))<br>* containerd ([CVE-2021-32760](https://nvd.nist.gov/vuln/detail/CVE-2021-32760))<br>* curl (CVE-2021-22922, CVE-2021-22923, CVE-2021-22924, CVE-2021-22925, CVE-2021-22926)<br>* boost ([CVE-2012-2677](https://nvd.nist.gov/vuln/detail/CVE-2012-2677))<br>* Docker ([CVE-2021-21285](https://nvd.nist.gov/vuln/detail/CVE-2021-21285),[ CVE-2021-21284](https://nvd.nist.gov/vuln/detail/CVE-2021-21284))<br>* c-ares ([CVE-2020-8277](https://nvd.nist.gov/vuln/detail/CVE-2020-8277))<br>* coreutils ([CVE-2017-7476](https://nvd.nist.gov/vuln/detail/CVE-2017-7476))<br>* dbus ([CVE-2020-35512](https://nvd.nist.gov/vuln/detail/CVE-2020-35512))<br>* dnsmasq ([CVE-2020-25681](https://nvd.nist.gov/vuln/detail/CVE-2020-25681),[ CVE-2020-25682](https://nvd.nist.gov/vuln/detail/CVE-2020-25682),[ CVE-2020-25683](https://nvd.nist.gov/vuln/detail/CVE-2020-25683),[ CVE-2020-25684](https://nvd.nist.gov/vuln/detail/CVE-2020-25683),[ CVE-2020-25685](https://nvd.nist.gov/vuln/detail/CVE-2020-25685),[ CVE-2020-25686](https://nvd.nist.gov/vuln/detail/CVE-2020-25686),[ CVE-2020-25687](https://nvd.nist.gov/vuln/detail/CVE-2020-25687))<br>* git ([CVE-2021-21300](https://nvd.nist.gov/vuln/detail/CVE-2021-21300))<br>* glib ([CVE-2021-28153](https://nvd.nist.gov/vuln/detail/CVE-2021-28153),[ CVE-2021-27218](https://nvd.nist.gov/vuln/detail/CVE-2021-27218),[ CVE-2021-27219](https://nvd.nist.gov/vuln/detail/CVE-2021-27219))<br>* gnutls ([CVE-2021-20231](https://nvd.nist.gov/vuln/detail/CVE-2021-20231),[ CVE-2021-20232](https://nvd.nist.gov/vuln/detail/CVE-2021-20232))<br>* intel-microcode ([CVE-2020-8696](https://nvd.nist.gov/vuln/detail/CVE-2020-8696),[ CVE-2020-8698](https://nvd.nist.gov/vuln/detail/CVE-2020-8698))<br>* libxml2 ([CVE-2021-3516](https://nvd.nist.gov/vuln/detail/CVE-2021-3516),[CVE-2021-3517](https://nvd.nist.gov/vuln/detail/CVE-2021-3517),[CVE-2021-3518](https://nvd.nist.gov/vuln/detail/CVE-2021-3518),CVE-2021-3541)<br>* ncurses ([CVE-2019-17594](https://nvd.nist.gov/vuln/detail/CVE-2019-17594),[ CVE-2019-17595](https://nvd.nist.gov/vuln/detail/CVE-2019-17595))<br>* openldap ([CVE-2020-36221](https://nvd.nist.gov/vuln/detail/CVE-2020-36221),[ CVE-2020-36222](https://nvd.nist.gov/vuln/detail/CVE-2020-36222),[ CVE-2020-36223](https://nvd.nist.gov/vuln/detail/CVE-2020-36223),[ CVE-2020-36224](https://nvd.nist.gov/vuln/detail/-2020-36224),[ CVE-2020-36225](https://nvd.nist.gov/vuln/detail/CVE-2020-36225),[ CVE-2020-36226](https://nvd.nist.gov/vuln/detail/CVE-2020-36226),[ CVE-2020-36227](https://nvd.nist.gov/vuln/detail/CVE-2020-36227),[ CVE-2020-36228](https://nvd.nist.gov/vuln/detail/CVE-2020-36228),[ CVE-2020-36229](https://nvd.nist.gov/vuln/detail/CVE-2020-36229),[ CVE-2020-36230](https://nvd.nist.gov/vuln/detail/CVE-2020-36230))<br>* samba ([CVE-2020-14318](https://nvd.nist.gov/vuln/detail/CVE-2020-14318),[ CVE-2020-14323](https://nvd.nist.gov/vuln/detail/CVE-2020-14323),[ CVE-2020-14383](https://nvd.nist.gov/vuln/detail/CVE-2020-14383))<br>* sqlite ([CVE-2021-20227](https://nvd.nist.gov/vuln/detail/CVE-2021-20227))<br>* binutils ([CVE-2021-20197](https://nvd.nist.gov/vuln/detail/CVE-2021-20197),[CVE-2021-3487](https://nvd.nist.gov/vuln/detail/CVE-2021-3487))<br><br>**Bug Fixes:**<br><br><br><br>* passwd: use correct GID for tss ([baselayout#15](https://github.com/kinvolk/baselayout/pull/15))<br>* flatcar-eks: add missing mkdir and update to latest versions ([coreos-overlay#817](https://github.com/kinvolk/coreos-overlay/pull/817))<br>* gmerge: Stop installing gmerge script ([coreos-overlay#828](https://github.com/kinvolk/coreos-overlay/pull/828))<br>* Add explicit path to the binary call in the coreos-metadata unit file ([Issue #360](https://github.com/kinvolk/Flatcar/issues/360))<br>* Fix the patch to update DefaultTasksMax in systemd ([coreos-overlay#971](https://github.com/kinvolk/coreos-overlay/pull/971))<br><br>**Changes**<br><br><br><br>* Docker: disabled SELinux support in the Docker daemon<br>* The pam_faillock PAM module was enabled as replacement for the removed pam_tally2 module and will temporarily lock an account if there were login attempts with a wrong password. The faillock command can be used to show the current state. With pam_tally2 there was no limit for wrong password login attempts but with faillock the default is already restricting the attempts. The default behavior was relaxed to allow 5 wrong passwords per two minutes, and a one minute account lock time. This does not apply to logins with an SSH key. ([baselayout#17](https://github.com/kinvolk/baselayout/pull/17))<br>* The etcd and flannel services are now run with Docker and any rkt-based customizations of the etcd-member and flanneld services not supported anymore. Also, because the flanneld service relies on Docker and will restart Docker after applying the new configuration, it is not possible anymore to set Requires=flanneld.service for docker.service and instead it’s enough to have flanneld.service enabled. ([coreos-overlay#857](https://github.com/kinvolk/coreos-overlay/pull/857))<br>* toolbox: replace rkt with docker ([coreos-overlay#881](https://github.com/kinvolk/coreos-overlay/pull/881))<br>* flatcar-install: add parameters to make wget more resilient ([init#35](https://github.com/kinvolk/init/pull/35))<br>* flatcar-install: Add -D flag to only download the image file ([Flatcar#248](https://github.com/kinvolk/Flatcar/issues/248))<br>* flatcar-install: Detect device mapper (e.g., LVM/LUKS) usage when searching for free drives with the -s flag ([Flatcar#332](https://github.com/kinvolk/Flatcar/issues/332))<br>* motd: Add OEM information to motd output ([init#34](https://github.com/kinvolk/init/pull/34))<br>* open-iscsi: Command substitution in iscsi-init system service ([coreos-overlay#801](https://github.com/kinvolk/coreos-overlay/pull/801))<br>* sshd: use secure crypto algos only ([kinvolk/coreos-overlay#852](https://github.com/kinvolk/coreos-overlay/pull/852))<br>* kernel: enable kernel config CONFIG_BPF_LSM ([kinvolk/coreos-overlay#846](https://github.com/kinvolk/coreos-overlay/pull/846))<br>* bootengine: set hostname for EC2 and OpenStack from metadata ([kinvolk/coreos-overlay#848](https://github.com/kinvolk/coreos-overlay/pull/848))<br>* Make the hostname setting units optional. Having the hostname units as required by the initrd.target meant that if the unit failed the machine wouldn’t start, disrupting the whole boot. ([bootengine#23](https://github.com/kinvolk/bootengine/pull/23))<br>* Enable using iSCSI netroot devices on Flatcar ([bootengine#22](https://github.com/kinvolk/bootengine/pull/22))<br>* systemd-networkd: Do not manage loopback network interface ([bootengine#24 init#40](https://github.com/kinvolk/bootengine/pull/24))<br>* containerd: Removed the containerd-stress binary ([coreos-overlay#858](https://github.com/kinvolk/coreos-overlay/pull/858))<br>* dhcpcd: Removed the dhcpcd binary from the image, systemd-networkd is the only DHCP client ([coreos-overlay#858](https://github.com/kinvolk/coreos-overlay/pull/858))<br>* samba: Update to EAPI=7, add new USE flags and remove deps on icu ([kinvolk/coreos-overlay#864](https://github.com/kinvolk/coreos-overlay/pull/864))<br>* GCE: The oem-gce.service was ported to use systemd-nspawn instead of rkt. A one-time action is required to fetch the new service file because the OEM partition is not updated: sudo curl -s -S -f -L -o /etc/systemd/system/oem-gce.service https://raw.githubusercontent.com/kinvolk/coreos-overlay/fe7b0047ef5b634ebe04c9627bbf1ce3008ee5fa/coreos-base/oem-gce/files/units/oem-gce.service && sudo systemctl daemon-reload && sudo systemctl restart oem-gce.service<br>* SDK: update portage and related packages to newer versions ([coreos-overlay#840](https://github.com/kinvolk/coreos-overlay/pull/840))<br>* SDK: Drop jobs parameter in flatcar-scripts ([flatcar-scripts#121](https://github.com/kinvolk/flatcar-scripts/pull/121))<br>* SDK: delete Go 1.6 ([coreos-overlay#827](https://github.com/kinvolk/coreos-overlay/pull/827))<br>* Update sys-apps/coreutils and make sure they have split-usr disabled for generic images ([coreos-overlay#829](https://github.com/kinvolk/coreos-overlay/pull/829))<br>* systemd: Fix unit installation ([coreos-overlay#810](https://github.com/kinvolk/coreos-overlay/pull/810))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.52](https://lwn.net/Articles/863648/))<br>* Linux firmware ([20210511](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20210511))<br>* boost ([1.75.0](https://www.boost.org/users/history/version_1_75_0.html))<br>* docker ([19.03.15](https://docs.docker.com/engine/release-notes/19.03/#190315))<br>* c-ares ([1.17.1](https://c-ares.haxx.se/changelog.html#1_17_1))<br>* curl ([7.78](https://curl.se/changes.html#7_78_0))<br>* containerd ([1.5.4](https://github.com/containerd/containerd/releases/tag/v1.5.4))<br>* coreutils ([8.32](https://git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?h=v8.32))<br>* cri-tools ([1.19.0](https://github.com/kubernetes-sigs/cri-tools/releases/tag/v1.19.0))<br>* dbus ([1.10.32](https://lists.freedesktop.org/archives/ftp-release/2020-July/000759.html))<br>* dnsmasq ([2.83](https://thekelleys.org.uk/dnsmasq/CHANGELOG))<br>* go ([1.16.5](https://go.googlesource.com/go/+/refs/tags/go1.16.5))<br>* git ([2.26.3](https://raw.githubusercontent.com/git/git/v2.26.3/Documentation/RelNotes/2.26.3.txt))<br>* glib ([2.66.8](https://gitlab.gnome.org/GNOME/glib/-/releases/2.66.8))<br>* gnutls ([3.7.1](https://gitlab.com/gnutls/gnutls/-/tags/3.7.1))<br>* intel-microcode ([20210216](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20210216))<br>* libxml2 ([2.9.12](https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.9.12))<br>* multipath-tools ([0.8.5](https://github.com/opensvc/multipath-tools/releases/tag/0.8.5))<br>* ncurses ([6.2](https://invisible-island.net/ncurses/announce-6.2.html))<br>* open-iscsi ([2.1.4](https://github.com/open-iscsi/open-iscsi/releases/tag/2.1.4))<br>* openldap ([2.4.58](https://www.openldap.org/software/release/announce.html))<br>* openssh ([8.6_p1](https://www.openssh.com/txt/release-8.6))<br>* runc ([1.0.0_rc95](https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc95))<br>* samba ([4.12.9](https://www.samba.org/samba/history/samba-4.12.9.html))<br>* sqlite ([3.34.1](https://www.sqlite.org/releaselog/3_34_1.html))<br>* systemd ([247.6](https://github.com/systemd/systemd-stable/releases/tag/v247.6))<br>* zstd ([1.4.9](https://github.com/facebook/zstd/releases/tag/v1.4.9))<br>* SDK: Rust ([1.52.1](https://blog.rust-lang.org/2021/05/10/Rust-1.52.1.html))<br>* SDK: QEMU ([5.2.0](https://wiki.qemu.org/ChangeLog/5.2))<br>* SDK: cmake ([3.18.5](https://cmake.org/cmake/help/latest/release/3.18.html#id1))<br>* SDK: binutils ([2.36.1](https://sourceware.org/pipermail/binutils/2021-February/115240.html))<br><br>**Deprecation**<br><br><br><br>* docker-1.12, rkt and kubelet-wrapper are deprecated and removed from Stable, also from subsequent channels in the future. Please read the[ removal announcement](https://groups.google.com/g/flatcar-linux-user/c/MeinndLqJO4) to know more<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.10.52<br>- systemd 247<br><br>Architectures:<br>- amd64<br> 2021-07-28T08:25:15+00:00 @@ -334,7 +342,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2765.2.6 2765.2.6 - 2023-10-25T10:20:38.908753+00:00 + 2023-11-22T09:59:28.589910+00:00 <br>**Security fixes**<br><br><br><br>* Linux ([CVE-2020-26558](https://nvd.nist.gov/vuln/detail/CVE-2020-26558), [CVE-2021-0129](https://nvd.nist.gov/vuln/detail/CVE-2021-0129), [CVE-2020-24587](https://nvd.nist.gov/vuln/detail/CVE-2020-24587), [CVE-2020-24586](https://nvd.nist.gov/vuln/detail/CVE-2020-24586), [CVE-2020-24588](https://nvd.nist.gov/vuln/detail/CVE-2020-24588), [CVE-2020-26139](https://nvd.nist.gov/vuln/detail/CVE-2020-26139), [CVE-2020-26145](https://nvd.nist.gov/vuln/detail/CVE-2020-26145), [CVE-2020-26147](https://nvd.nist.gov/vuln/detail/CVE-2020-26147), [CVE-2020-26141](https://nvd.nist.gov/vuln/detail/CVE-2020-26141), [CVE-2021-3564](https://nvd.nist.gov/vuln/detail/CVE-2021-3564), [CVE-2021-28691](https://nvd.nist.gov/vuln/detail/CVE-2021-28691), [CVE-2021-3587](https://nvd.nist.gov/vuln/detail/CVE-2021-3587), [CVE-2021-3573](https://nvd.nist.gov/vuln/detail/CVE-2021-3573))<br><br>**Bug fixes**<br><br><br><br>* Update-engine sent empty requests when restarted before a pending reboot ([Flatcar#388](https://github.com/kinvolk/Flatcar/issues/388))<br>* motd login prompt list of failed services: The output of "systemctl list-units --state=failed --no-legend" contains a bullet point which is not expected and ended up being taken as the unit name of failed units which was previously on the start of the line. Filtered the bullet point out to stay compatible with the old behavior in case upstream would remove the bullet point again. ([coreos-overlay#1042](https://github.com/kinvolk/coreos-overlay/pull/1042))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.43](https://lwn.net/Articles/859022/))<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.10.43<br>- systemd 247<br><br>Architectures:<br>- amd64<br> 2021-06-17T10:32:06+00:00 @@ -342,7 +350,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2765.2.5 2765.2.5 - 2023-10-25T10:20:38.903444+00:00 + 2023-11-22T09:59:28.584375+00:00 **Bug fixes**<br><br>* The Linux kernel IOMMU-related crash introduced in the 5.10.37 update got fixed through the 5.10.38 update ([Flatcar#400](https://github.com/kinvolk/Flatcar/issues/400))<br><br>**Updates**<br><br>* Linux ([5.10.38](https://lwn.net/Articles/856654/))<br><br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.10.38<br>- systemd 247<br><br>Architectures:<br>- amd64<br> 2021-05-21T12:08:45+00:00 @@ -350,7 +358,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2765.2.4 2765.2.4 - 2023-10-25T10:20:38.899119+00:00 + 2023-11-22T09:59:28.579978+00:00 **Security fixes**<br><br>* Linux ([CVE-2021-3491](https://nvd.nist.gov/vuln/detail/CVE-2021-3491), [CVE-2021-31440](https://nvd.nist.gov/vuln/detail/CVE-2021-31440), [CVE-2021-31829](https://nvd.nist.gov/vuln/detail/CVE-2021-31829))<br>* nvidia-drivers ([CVE-2021-1052](https://nvd.nist.gov/vuln/detail/CVE-2021-1052), [CVE-2021-1053](https://nvd.nist.gov/vuln/detail/CVE-2021-1053), [CVE-2021-1056](https://nvd.nist.gov/vuln/detail/CVE-2021-1056), [CVE-2021-1076](https://nvd.nist.gov/vuln/detail/CVE-2021-1076), [CVE-2021-1077](https://nvd.nist.gov/vuln/detail/CVE-2021-1077))<br>* runc ([CVE-2021-30465](https://nvd.nist.gov/vuln/detail/CVE-2021-30465))<br><br>**Updates**<br><br>* Linux ([5.10.37](https://lwn.net/Articles/856269/))<br>* nvidia-drivers ([460.73.01](https://www.nvidia.com/Download/driverResults.aspx/172376/en-us))<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.10.37<br>- systemd 247<br><br>Architectures:<br>- amd64<br> 2021-05-19T11:38:16+00:00 @@ -358,7 +366,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2765.2.3 2765.2.3 - 2023-10-25T10:20:38.894521+00:00 + 2023-11-22T09:59:28.575258+00:00 <br>**Security fixes**<br><br><br><br>* Linux ([CVE-2021-28964](https://nvd.nist.gov/vuln/detail/CVE-2021-28964), [CVE-2021-28972](https://nvd.nist.gov/vuln/detail/CVE-2021-28972), [CVE-2021-28971](https://nvd.nist.gov/vuln/detail/CVE-2021-28971), [CVE-2021-28951](https://nvd.nist.gov/vuln/detail/CVE-2021-28951), [CVE-2021-28952](https://nvd.nist.gov/vuln/detail/CVE-2021-28952), [CVE-2021-29266](https://nvd.nist.gov/vuln/detail/CVE-2021-29266), [CVE-2021-28688](https://nvd.nist.gov/vuln/detail/CVE-2021-28688), [CVE-2021-29264](https://nvd.nist.gov/vuln/detail/CVE-2021-29264), [CVE-2021-29649](https://nvd.nist.gov/vuln/detail/CVE-2021-29649), [CVE-2021-29650](https://nvd.nist.gov/vuln/detail/CVE-2021-29650), [CVE-2021-29646](https://nvd.nist.gov/vuln/detail/CVE-2021-29646), [CVE-2021-29647](https://nvd.nist.gov/vuln/detail/CVE-2021-29647), [CVE-2021-29154](https://nvd.nist.gov/vuln/detail/CVE-2021-29154), [CVE-2021-29155](https://nvd.nist.gov/vuln/detail/CVE-2021-29155), [CVE-2021-23133](https://nvd.nist.gov/vuln/detail/CVE-2021-23133))<br><br>**Bug fixes**<br><br><br><br>* Fix the patch to update DefaultTasksMax in systemd ([coreos-overlay#971](https://github.com/kinvolk/coreos-overlay/pull/971))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.32](https://lwn.net/Articles/853762/))<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.10.32<br>- systemd 247<br><br>Architectures:<br>- amd64<br> 2021-04-28T13:36:47+00:00 @@ -366,7 +374,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2765.2.2 2765.2.2 - 2023-10-25T10:20:38.889573+00:00 + 2023-11-22T09:59:28.570291+00:00 **Security fixes**<br><br><br><br>* Linux ([CVE-2021-27365](https://nvd.nist.gov/vuln/detail/CVE-2021-27365), [CVE-2021-27364](https://nvd.nist.gov/vuln/detail/CVE-2021-27364), [CVE-2021-27363](https://nvd.nist.gov/vuln/detail/CVE-2021-27363), [CVE-2021-28038](https://nvd.nist.gov/vuln/detail/CVE-2021-28038),[CVE-2021-28039](https://nvd.nist.gov/vuln/detail/CVE-2021-28039), [CVE-2021-28375](https://nvd.nist.gov/vuln/detail/CVE-2021-28375), [CVE-2021-28660](https://nvd.nist.gov/vuln/detail/CVE-2021-28660), [CVE-2021-27218](https://nvd.nist.gov/vuln/detail/CVE-2021-27218), [CVE-2021-27219](https://nvd.nist.gov/vuln/detail/CVE-2021-27219))<br>* openssl ([CVE-2021-23840](https://nvd.nist.gov/vuln/detail/CVE-2021-23840),[ CVE-2021-23841](https://nvd.nist.gov/vuln/detail/CVE-2021-23841), [CVE-2020-1971](https://nvd.nist.gov/vuln/detail/CVE-2020-1971),[ CVE-2021-23840](https://nvd.nist.gov/vuln/detail/CVE-2021-23840),[ CVE-2021-23841](https://nvd.nist.gov/vuln/detail/CVE-2021-23841), [CVE-2021-3449](https://nvd.nist.gov/vuln/detail/CVE-2021-3449),[ CVE-2021-3450](https://nvd.nist.gov/vuln/detail/CVE-2021-3450))<br><br>**Bug Fixes**<br><br><br><br>* GCE: The old interface name ens4v1 which was replaced by eth0 due to a broken udev rule was restored, but now as alternative interface name, and eth0 will stay the primary name for consistency across cloud environments. ([init#38](https://github.com/kinvolk/init/pull/38))<br><br>**Changes**<br><br><br><br>* The virtio network interfaces got predictable interface names as alternative interface names, and thus these names can also be used to match for a specific interface in case there is more than one and the eth0 and eth1 name assignment is not stable. ([init#38](https://github.com/kinvolk/init/pull/38))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.25](https://lwn.net/Articles/849951/))<br>* openssl ([1.1.1k](https://mta.openssl.org/pipermail/openssl-announce/2021-March/000197.html))<br>* open-iscsi ([2.1.4](https://github.com/open-iscsi/open-iscsi/releases/tag/2.1.4))<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.10.25<br>- systemd 247<br><br>Architectures:<br>- amd64<br> 2021-03-25T15:39:33+00:00 @@ -374,7 +382,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2765.2.1 2765.2.1 - 2023-10-25T10:20:38.883952+00:00 + 2023-11-22T09:59:28.564648+00:00 **Security fixes**<br><br>* Linux - ([CVE-2020-25639](https://nvd.nist.gov/vuln/detail/CVE-2020-25639), [CVE-2021-27365](https://nvd.nist.gov/vuln/detail/CVE-2021-27365), [CVE-2021-27364](https://nvd.nist.gov/vuln/detail/CVE-2021-27364), [CVE-2021-27363](https://nvd.nist.gov/vuln/detail/CVE-2021-27363), [CVE-2021-28038](https://nvd.nist.gov/vuln/detail/CVE-2021-28038), [CVE-2021-28039](https://nvd.nist.gov/vuln/detail/CVE-2021-28039))<br>* containerd ([GHSA-6g2q-w5j3-fwh4](https://github.com/containerd/containerd/security/advisories/GHSA-6g2q-w5j3-fwh4))<br><br>**Bug fixes**<br><br>* Include firmware files for all modules shipped in our image ([Issue #359](https://github.com/kinvolk/Flatcar/issues/359), [PR #887](https://github.com/kinvolk/coreos-overlay/pull/887))<br>* Add explicit path to the binary call in the coreos-metadata unit file ([Issue #360](https://github.com/kinvolk/Flatcar/issues/360))<br><br>**Updates**<br><br>* Linux ([5.10.21](https://lwn.net/Articles/848617/))<br>* Containerd ([1.4.4](https://github.com/containerd/containerd/releases/tag/v1.4.4))<br><br><br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.10.21<br>- systemd 247<br><br>Architectures:<br>- amd64<br> 2021-03-11T09:19:31+00:00 @@ -382,7 +390,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2765.2.0 2765.2.0 - 2023-10-25T10:20:38.879100+00:00 + 2023-11-22T09:59:28.559734+00:00 **Security fixes**<br><br><br><br>* Linux ([CVE-2021-26931](https://nvd.nist.gov/vuln/detail/CVE-2021-26931), [CVE-2021-26930](https://nvd.nist.gov/vuln/detail/CVE-2021-26930), [CVE-2021-26932](https://nvd.nist.gov/vuln/detail/CVE-2021-26932))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.19](https://lwn.net/Articles/847589/))<br><br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.10.19<br>- systemd 247<br><br>Architectures:<br>- amd64<br> 2021-03-03T14:58:35+00:00 @@ -390,7 +398,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2605.9.0 2605.9.0 - 2023-10-25T10:20:38.874671+00:00 + 2023-11-22T09:59:28.555248+00:00 Security fixes:<br><br>* containerd ([CVE-2020-15257](https://nvd.nist.gov/vuln/detail/CVE-2020-15257))<br>* glibc ([CVE-2019-9169](https://nvd.nist.gov/vuln/detail/CVE-2019-9169),[ CVE-2019-6488](https://nvd.nist.gov/vuln/detail/CVE-2019-6488),[ CVE-2019-7309](https://nvd.nist.gov/vuln/detail/CVE-2019-7309),[ CVE-2020-10029](https://nvd.nist.gov/vuln/detail/CVE-2020-10029),[ CVE-2020-1751](https://nvd.nist.gov/vuln/detail/CVE-2020-1751),[ CVE-2020-6096](https://nvd.nist.gov/vuln/detail/CVE-2020-6096),[ CVE-2018-20796](https://nvd.nist.gov/vuln/detail/CVE-2018-20796))<br>* Linux ([CVE-2020-28941](https://nvd.nist.gov/vuln/detail/CVE-2020-28941), [CVE-2020-4788](https://nvd.nist.gov/vuln/detail/CVE-2020-4788), [CVE-2020-25669](https://nvd.nist.gov/vuln/detail/CVE-2020-25669), [CVE-2020-14351](https://nvd.nist.gov/vuln/detail/CVE-2020-14351))<br>* glib ([CVE-2019-12450](https://nvd.nist.gov/vuln/detail/CVE-2019-12450))<br>* open-iscsi ([CVE-2017-17840](https://nvd.nist.gov/vuln/detail/CVE-2017-17840))<br>* samba ([CVE-2019-10197](https://nvd.nist.gov/vuln/detail/CVE-2019-10197),[ CVE-2020-10704](https://nvd.nist.gov/vuln/detail/CVE-2020-10704),[ CVE-2020-10745](https://nvd.nist.gov/vuln/detail/CVE-2020-10745),[ CVE-2019-3880](https://nvd.nist.gov/vuln/detail/CVE-2019-3880),[ CVE-2019-10218](https://nvd.nist.gov/vuln/detail/CVE-2019-10218))<br>* shadow ([CVE-2019-19882](https://nvd.nist.gov/vuln/detail/CVE-2019-19882))<br>* sssd ([CVE-2018-16883](https://nvd.nist.gov/vuln/detail/CVE-2018-16883),[ CVE-2019-3811](https://nvd.nist.gov/vuln/detail/CVE-2019-3811),[ CVE-2018-16838](https://nvd.nist.gov/vuln/detail/CVE-2018-16838))<br>* trousers ([CVE-2020-24330](https://nvd.nist.gov/vuln/detail/CVE-2020-24330),[ CVE-2020-24331](https://nvd.nist.gov/vuln/detail/CVE-2020-24331))<br>* cifs-utils ([CVE-2020-14342](https://nvd.nist.gov/vuln/detail/CVE-2020-14342))<br>* ntp ([CVE-2020-11868](https://nvd.nist.gov/vuln/detail/CVE-2020-11868),[ CVE-2020-13817](https://nvd.nist.gov/vuln/detail/CVE-2020-13817),[ CVE-2018-8956](https://nvd.nist.gov/vuln/detail/CVE-2018-8956),[ CVE-2020-15025](https://nvd.nist.gov/vuln/detail/CVE-2020-15025))<br>* bzip2 ([CVE-2019-12900](https://nvd.nist.gov/vuln/detail/CVE-2019-12900))<br>* c-ares ([CVE-2017-1000381](https://nvd.nist.gov/vuln/detail/CVE-2017-1000381))<br>* file ([CVE-2019-18218](https://nvd.nist.gov/vuln/detail/CVE-2019-18218))<br>* json-c ([CVE-2020-12762](https://nvd.nist.gov/vuln/detail/CVE-2020-12762))<br>* jq ([CVE-2015-8863](https://nvd.nist.gov/vuln/detail/CVE-2015-8863), [CVE-2016-4074](https://nvd.nist.gov/vuln/detail/CVE-2016-4074))<br>* libuv ([CVE-2020-8252](https://nvd.nist.gov/vuln/detail/CVE-2020-8252))<br>* libxml2 ([CVE-2019-20388](https://nvd.nist.gov/vuln/detail/CVE-2019-20388), [CVE-2020-7595](https://nvd.nist.gov/vuln/detail/CVE-2020-7595))<br>* re2c ([CVE-2020-11958](https://nvd.nist.gov/vuln/detail/CVE-2020-11958))<br>* tar ([CVE-2019-9923](https://nvd.nist.gov/vuln/detail/CVE-2019-9923))<br>* sqlite ([CVE-2020-11656](https://nvd.nist.gov/vuln/detail/CVE-2020-11656), [CVE-2020-9327](https://nvd.nist.gov/vuln/detail/CVE-2020-9327), [CVE-2020-11655](https://nvd.nist.gov/vuln/detail/CVE-2020-11655), [CVE-2020-13630](https://nvd.nist.gov/vuln/detail/CVE-2020-13630), [CVE-2020-13435](https://nvd.nist.gov/vuln/detail/CVE-2020-13435), [CVE-2020-13434](https://nvd.nist.gov/vuln/detail/CVE-2020-13434), [CVE-2020-13631](https://nvd.nist.gov/vuln/detail/CVE-2020-13631), [CVE-2020-13632](https://nvd.nist.gov/vuln/detail/CVE-2020-13632), [CVE-2020-15358](https://nvd.nist.gov/vuln/detail/CVE-2020-15358))<br>* tcpdump and pcap ([CVE-2018-10103](https://nvd.nist.gov/vuln/detail/CVE-2018-10103), [CVE-2018-10105](https://nvd.nist.gov/vuln/detail/CVE-2018-10105), [CVE-2019-15163](https://nvd.nist.gov/vuln/detail/CVE-2019-15163), [CVE-2018-14461](https://nvd.nist.gov/vuln/detail/CVE-2018-14461), [CVE-2018-14462](https://nvd.nist.gov/vuln/detail/CVE-2018-14462), [CVE-2018-14463](https://nvd.nist.gov/vuln/detail/CVE-2018-14463), [CVE-2018-14464](https://nvd.nist.gov/vuln/detail/CVE-2018-14464), [CVE-2018-14465](https://nvd.nist.gov/vuln/detail/CVE-2018-14465), [CVE-2018-14466](https://nvd.nist.gov/vuln/detail/CVE-2018-14466), [CVE-2018-14467](https://nvd.nist.gov/vuln/detail/CVE-2018-14467), [CVE-2018-14468](https://nvd.nist.gov/vuln/detail/CVE-2018-14468), [CVE-2018-14469](https://nvd.nist.gov/vuln/detail/CVE-2018-14469), [CVE-2018-14470](https://nvd.nist.gov/vuln/detail/CVE-2018-14470), [CVE-2018-14880](https://nvd.nist.gov/vuln/detail/CVE-2018-14880), [CVE-2018-14881](https://nvd.nist.gov/vuln/detail/CVE-2018-14881), [CVE-2018-14882](https://nvd.nist.gov/vuln/detail/CVE-2018-14882), [CVE-2018-16227](https://nvd.nist.gov/vuln/detail/CVE-2018-16227), [CVE-2018-16228](https://nvd.nist.gov/vuln/detail/CVE-2018-16228), [CVE-2018-16229](https://nvd.nist.gov/vuln/detail/CVE-2018-16229), [CVE-2018-16230](https://nvd.nist.gov/vuln/detail/CVE-2018-16230), [CVE-2018-16300](https://nvd.nist.gov/vuln/detail/CVE-2018-16300), [CVE-2018-16451](https://nvd.nist.gov/vuln/detail/CVE-2018-16451), [CVE-2018-16452](https://nvd.nist.gov/vuln/detail/CVE-2018-16452), [CVE-2019-15166](https://nvd.nist.gov/vuln/detail/CVE-2019-15166), [CVE-2018-14879](https://nvd.nist.gov/vuln/detail/CVE-2018-14879), [CVE-2017-16808](https://nvd.nist.gov/vuln/detail/CVE-2017-16808), [CVE-2018-19519](https://nvd.nist.gov/vuln/detail/CVE-2018-19519), [CVE-2019-15161](https://nvd.nist.gov/vuln/detail/CVE-2019-15161), [CVE-2019-15165](https://nvd.nist.gov/vuln/detail/CVE-2019-15165), [CVE-2019-15164](https://nvd.nist.gov/vuln/detail/CVE-2019-15164), [CVE-2019-1010220](https://nvd.nist.gov/vuln/detail/CVE-2019-1010220))<br>* libbsd ([CVE-2019-20367](https://nvd.nist.gov/vuln/detail/CVE-2019-20367))<br>* rsync and zlib ([CVE-2016-9840](https://nvd.nist.gov/vuln/detail/CVE-2016-9840), [CVE-2016-9841](https://nvd.nist.gov/vuln/detail/CVE-2016-9841), [CVE-2016-9842](https://nvd.nist.gov/vuln/detail/CVE-2016-9842), [CVE-2016-9843](https://nvd.nist.gov/vuln/detail/CVE-2016-9843))<br><br>Bug fixes<br><br>* Added systemd-tmpfiles directives for /opt and /opt/bin to ensure that the folders have correct permissions even when /opt/ was once created by containerd ([Flatcar#279](https://github.com/kinvolk/Flatcar/issues/279))<br>* Make the automatic filesystem resizing more robust against a race and add more logging ([kinvolk/init#31](https://github.com/kinvolk/init/pull/31))<br>* Allow inactive network interfaces to be bound to a bonding interface, by encoding additional configuration for systemd-networkd-wait-online ([afterburn PR #10](https://github.com/flatcar/afterburn/pull/10))<br>* Do not configure ccache in Jenkins ([scripts PR #100](https://github.com/flatcar/scripts/pull/100))<br>* Azure: Exclude bonded SR-IOV network interfaces with newer drivers from networkd (in addition to the old drivers) to prevent them being configured instead of just the bond interface ([init PR#29](https://github.com/flatcar/init/pull/29),[ bootengine PR#19](https://github.com/flatcar/bootengine/pull/19))<br><br>Changes:<br><br>* Update-engine now detects rollbacks and reports them as errors to the update server ([PR#6](https://github.com/flatcar/update_engine/pull/6))<br>* The zstd tools were added (version 1.4.4)<br>* The kernel config CONFIG_PSI was set to support[ Pressure Stall Information](https://www.kernel.org/doc/html/latest/accounting/psi.html), more information also under[ https://facebookmicrosites.github.io/psi/docs/overview](https://facebookmicrosites.github.io/psi/docs/overview) ([Flatcar#162](https://github.com/flatcar/Flatcar/issues/162))<br>* The kernel config CONFIG_BPF_JIT_ALWAYS_ON was set to use the BPF just-in-time compiler by default for faster execution<br>* The kernel config CONFIG_POWER_SUPPLY was set<br>* The kernel configs CONFIG_OVERLAY_FS_METACOPY and CONFIG_OVERLAY_FS_REDIRECT_DIR were set. With the first overlayfs will only copy up metadata when a metadata-specific operation like chown/chmod is performed. The full file will be copied up later when the file is opened for write operations. With the second, which is equivalent to setting "redirect_dir=on" in the kernel command-line, overlayfs will copy up the directory first before the actual content ([Flatcar#170](https://github.com/kinvolk/Flatcar/issues/170)).<br>* Remove unnecessary kernel module nf-conntrack-ipv4 ([overlay PR#649](https://github.com/flatcar/coreos-overlay/pull/649))<br>* Compress kernel modules with xz ([overlay PR#628](https://github.com/flatcar/coreos-overlay/pull/628))<br>* Add containerd-runc-shim-v* binaries required by kubelet custom CRI endpoints ([overlay PR#623](https://github.com/flatcar/coreos-overlay/pull/623))<br>* Equinix Metal (Packet): Exclude unused network interfaces from networkd, disregard the state of the bonded interfaces for the network-online.target and only require the bond interface itself to have at least one active link instead of routable which requires both links to be active ([afterburn PR#10](https://github.com/flatcar/afterburn/pull/10))<br>* QEMU: Use flatcar.autologin kernel command line parameter for auto login on the console ([Flatcar #71](https://github.com/flatcar/Flatcar/issues/71))<br><br>Updates:<br><br>* Linux ([5.4.81](https://lwn.net/Articles/838790/))<br>* Linux firmware ([20200918](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20200918))<br>* systemd ([246.6](https://github.com/systemd/systemd-stable/releases/tag/v246.6))<br>* glibc ([2.32](https://lwn.net/Articles/828210/))<br>* Docker ([19.03.14](https://github.com/docker/docker-ce/releases/tag/v19.03.14))<br>* containerd ([1.4.3](https://github.com/containerd/containerd/releases/tag/v1.4.3))<br>* tini[ (0.18](https://github.com/krallin/tini/releases/tag/v0.18.0))<br>* libseccomp[ (2.5.0](https://github.com/seccomp/libseccomp/releases/tag/v2.5.0))<br>* audit[ (2.8.5](https://github.com/linux-audit/audit-userspace/releases/tag/v2.8.5))<br>* bzip2 ([1.0.8](https://sourceware.org/git/?p=bzip2.git;a=blob;f=CHANGES;h=30afead2586b6d64f50988a41d394a0131b38949;hb=HEAD#l342))<br>* c-ares[ (1.61.1](https://github.com/c-ares/c-ares/releases/tag/cares-1_16_1))<br>* cryptsetup[ (2.3.2](https://gitlab.com/cryptsetup/cryptsetup/-/tags/v2.3.2))<br>* cifs-utils (6.11)<br>* dbus-glib (0.110)<br>* dracut[ (050](https://github.com/dracutdevs/dracut/releases/tag/050))<br>* elfutils (0.178)<br>* glib (2.64.5)<br>* json-c[ (0.15](https://github.com/json-c/json-c/releases/tag/json-c-0.15-20200726))<br>* jq ([1.6](https://github.com/stedolan/jq/releases/tag/jq-1.6))<br>* libuv[ (1.39.0](https://github.com/libuv/libuv/releases/tag/v1.39.0))<br>* libxml2[ (2.9.10](https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.9.10))<br>* ntp (4.2.8_p15)<br>* open-iscsi (2.1.2)<br>* samba (4.11.13)<br>* shadow (4.8)<br>* sssd (2.3.1)<br>* strace (5.9)<br>* talloc (2.3.1)<br>* tar[ (1.32](https://git.savannah.gnu.org/cgit/tar.git/tag/?h=release_1_32))<br>* tdb (1.4.3)<br>* tevent (0.10.2)<br>* SDK/developer container: GCC (9.3.0), binutils (2.35), gdb (9.2)<br>* Go ([1.15.5](https://go.googlesource.com/go/+/refs/tags/go1.15.5), [1.12.17](https://go.googlesource.com/go/+/refs/tags/go1.12.17)) (only in SDK)<br>* Rust ([1.46.0](https://blog.rust-lang.org/2020/08/27/Rust-1.46.0.html)) (only in SDK)<br>* file ([5.39](https://github.com/file/file/tree/FILE5_39)) (only in SDK)<br>* gdbus-codegen ([2.64.5](https://gitlab.gnome.org/GNOME/glib/-/tags/2.64.5)) (only in SDK)<br>* meson ([0.55.3](https://github.com/mesonbuild/meson/releases/tag/0.55.3)) (only in SDK)<br>* re2c ([2.0.3](https://re2c.org/releases/release_notes.html#release-2-0-3)) (only in SDK)<br>* VMware: open-vm-tools (11.2.0)<br>Packages:<br>- docker 19.03.14<br>- ignition 0.34.0<br>- kernel 5.4.81<br>- systemd 246<br><br>Architectures:<br>- amd64<br> 2020-12-07T14:03:56+00:00 @@ -398,7 +406,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2605.8.0 2605.8.0 - 2023-10-25T10:20:38.862674+00:00 + 2023-11-22T09:59:28.543212+00:00 Security fixes:<br><br>* Linux - [CVE-2020-27673](https://nvd.nist.gov/vuln/detail/CVE-2020-27673), [CVE-2020-27675](https://nvd.nist.gov/vuln/detail/CVE-2020-27675)<br><br>Bug fixes:<br><br>* network: Restore KeepConfiguration=dhcp-on-stop ([kinvolk/init#30](https://github.com/kinvolk/init/pull/30))<br>* systemd-stable-245.8: ingest latest fixes on top of upstream release ([#1](https://github.com/kinvolk/systemd/commit/261680bc0ea61777ac22ea1c42b0d728ec52ae14), [#2](https://github.com/kinvolk/systemd/commit/b2b382820bcfc166d048b85aadd90f5cf71c7a4a), [#3](https://github.com/kinvolk/systemd/commit/711ca814c9f2e81d3d25ebbed0b837b7d4fbbeda))<br><br>Updates:<br><br>* Linux ([5.4.77](https://lwn.net/Articles/836795/))<br>* systemd ([245.8](https://github.com/systemd/systemd-stable/releases/tag/v245.8))<br>Packages:<br>- docker 19.03.12<br>- ignition 0.34.0<br>- kernel 5.4.77<br>- systemd 245<br><br>Architectures:<br>- amd64<br> 2020-11-19T15:40:47+00:00 @@ -406,7 +414,7 @@ https://github.com/flatcar/manifest/releases/tag/v2605.7.0 2605.7.0 - 2023-10-25T10:20:38.858016+00:00 + 2023-11-22T09:59:28.538479+00:00 Security fixes:<br><br>- Linux - [CVE-2020-25645](https://nvd.nist.gov/vuln/detail/CVE-2020-25645), [CVE-2020-25643](https://nvd.nist.gov/vuln/detail/CVE-2020-25643), [CVE-2020-25211](https://nvd.nist.gov/vuln/detail/CVE-2020-25211)<br><br>Bug fixes:<br><br>- Ensured that the `/etc/coreos` to `/etc/flatcar` symlink always exists, relevant for the Container Linux Config transpiler (ct) when specifying directives for `update:` or `locksmith:` while also reformatting the rootfs ([baselayout PR#7](https://github.com/flatcar/baselayout/pull/7))<br><br>Updates:<br><br>- Linux [5.4.72](https://lwn.net/Articles/834537/)<br>Packages:<br>- docker 19.03.12<br>- ignition 0.34.0<br>- kernel 5.4.72<br>- systemd 245<br><br>Architectures:<br>- amd64<br> 2020-10-28T14:35:36+00:00 @@ -414,7 +422,7 @@ https://github.com/flatcar/manifest/releases/tag/v2605.6.0 2605.6.0 - 2023-10-25T10:20:38.853339+00:00 + 2023-11-22T09:59:28.533795+00:00 Bug fixes:<br>- Enabled missing systemd services ([#191](https://github.com/flatcar/Flatcar/issues/191), [PR #612](https://github.com/flatcar/coreos-overlay/pull/612))<br>- Fixed Docker torcx image unpacking error on machines with less than ~600 MB total RAM ([#32](https://github.com/flatcar/Flatcar/issues/32))<br>- Solved adcli Kerberos Active Directory incompatibility ([#194](https://github.com/flatcar/Flatcar/issues/194))<br>- Fixed the makefile path when building kernel modules with the developer container ([#195](https://github.com/flatcar/Flatcar/issues/195))<br>- Removed the `/etc/portage/savedconfig/` folder that contained a dump of the firmware config [flatcar-linux/coreos-overlay#613](https://github.com/flatcar/coreos-overlay/pull/613)<br><br>Changes:<br><br>- GCE: Improved oslogin support and added shell aliases to run a Python Docker image ([PR #592](https://github.com/flatcar/coreos-overlay/pull/592))<br><br>Updates:<br><br>- Linux [5.4.67](https://lwn.net/Articles/832306/)<br>- adcli [0.9.0](https://cgit.freedesktop.org/realmd/adcli/tree/NEWS?h=0.9.0)<br>- GCE: oslogin [20200910.00](https://github.com/GoogleCloudPlatform/guest-oslogin/releases/tag/20200910.00)<br>Packages:<br>- docker 19.03.12<br>- ignition 0.34.0<br>- kernel 5.4.67<br>- systemd 245<br><br>Architectures:<br>- amd64<br> 2020-09-30T12:21:16+00:00 @@ -422,7 +430,7 @@ https://github.com/flatcar/manifest/releases/tag/v2605.5.0 2605.5.0 - 2023-10-25T10:20:38.848298+00:00 + 2023-11-22T09:59:28.528687+00:00 Security fixes:<br>- Linux kernel [CVE-2020-14390](https://www.openwall.com/lists/oss-security/2020/09/15/2) and the unassigned [similar bug](https://www.openwall.com/lists/oss-security/2020/09/16/1)<br>- Linux kernel [CVE-2020-25284](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25284)<br><br><br>Updates:<br><br>- Linux [5.4.66](https://lwn.net/Articles/831752/)<br><br>Packages:<br>- docker 19.03.12<br>- ignition 0.34.0<br>- kernel 5.4.66<br>- rkt 1.30.0<br>- systemd 245<br><br>Architectures:<br>- amd64<br> 2020-09-22T08:20:39+00:00 @@ -430,7 +438,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2605.12.0 2605.12.0 - 2023-10-25T10:20:38.843708+00:00 + 2023-11-22T09:59:28.524035+00:00 **Security fixes**<br><br>* linux - [CVE-2020-28374](https://nvd.nist.gov/vuln/detail/CVE-2020-28374), [CVE-2020-36158](https://nvd.nist.gov/vuln/detail/CVE-2020-36158)<br>* go - [CVE-2021-3114](https://github.com/golang/go/issues/43786)<br>* sudo - [CVE-2021-3156](https://nvd.nist.gov/vuln/detail/CVE-2021-3156), [CVE-2021-23239](https://nvd.nist.gov/vuln/detail/CVE-2021-23239)<br><br>**Bug fixes**<br><br>* `/etc/iscsi/initiatorname.iscsi` is generated by the iscsi-init service ([#321](https://github.com/kinvolk/Flatcar/issues/321))<br>* Prevent iscsiadm buffer overflow ([#318](https://github.com/kinvolk/Flatcar/issues/318))<br><br>**Changes**<br><br>* Revert to building docker and containerd with go1.13 instead of go1.15. This reduces the SIGURG log spam ([Issue #315](https://github.com/kinvolk/Flatcar/issues/315) [PR #774](https://github.com/kinvolk/coreos-overlay/pull/774))<br>* The containerd socket is now available in the default location (`/run/containerd/containerd.sock`) and also as a symlink in the previous location (`/run/docker/libcontainerd/docker-containerd.sock`) ([#771](https://github.com/kinvolk/coreos-overlay/pull/771))<br>* With the iscsi update, the service unit has changed from iscsid to iscsi ([#791](https://github.com/kinvolk/coreos-overlay/pull/791))<br>* AWS Pro: include scripts to facilitate setup of EKS workers ([#794](https://github.com/kinvolk/coreos-overlay/pull/794)).<br>* Missed from earlier notes: with the previous open-iscsi update to 2.1.2, the service unit name changed from iscsid to iscsi ([#682](https://github.com/kinvolk/coreos-overlay/pull/682))<br><br>**Updates**<br><br>* linux ([5.4.92](https://lwn.net/Articles/843687/))<br>* open-iscsi ([2.1.3](https://github.com/open-iscsi/open-iscsi/releases/tag/2.1.3))<br>* go ([1.15.7](https://go.googlesource.com/go/+/refs/tags/go1.15.7))<br>* sudo ([1.9.5p2](https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_5p2))<br>Packages:<br>- docker 19.03.14<br>- ignition 0.34.0<br>- kernel 5.4.92<br>- systemd 246<br><br>Architectures:<br>- amd64<br> 2021-01-28T11:02:10+00:00 @@ -438,7 +446,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2605.11.0 2605.11.0 - 2023-10-25T10:20:38.838128+00:00 + 2023-11-22T09:59:28.518404+00:00 **Security fixes**<br><br> * Linux<br> - [CVE-2020-27815](https://www.openwall.com/lists/oss-security/2020/11/30/5)<br> - [CVE-2020-29568](https://nvd.nist.gov/vuln/detail/CVE-2020-29568)<br> - [CVE-2020-29569](https://nvd.nist.gov/vuln/detail/CVE-2020-29569)<br><br>**Bug fixes**<br><br>* networkd: avoid managing MAC addresses for veth devices ([kinvolk/init#33](https://github.com/kinvolk/init/pull/33))<br><br>**Updates**<br><br>* Linux ([5.4.87](https://lwn.net/Articles/841900/))<br><br>Packages:<br>- docker 19.03.14<br>- ignition 0.34.0<br>- kernel 5.4.87<br>- systemd 246<br><br>Architectures:<br>- amd64<br> 2021-01-12T16:59:40+00:00 @@ -446,7 +454,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2605.10.0 2605.10.0 - 2023-10-25T10:20:38.833595+00:00 + 2023-11-22T09:59:28.513802+00:00 Security fixes:<br><br>* Linux [CVE-2020-29661](https://nvd.nist.gov/vuln/detail/CVE-2020-29661), [CVE-2020-29660](https://nvd.nist.gov/vuln/detail/CVE-2020-29660), [CVE-2020-27830](https://nvd.nist.gov/vuln/detail/CVE-2020-27830), [CVE-2020-28588](https://nvd.nist.gov/vuln/detail/CVE-2020-28588)<br><br>Bug fixes:<br><br>* The sysctl `net.ipv4.conf.*.rp_filter` is set to `0` for the Cilium CNI plugin to work ([Flatcar#181](https://github.com/kinvolk/Flatcar/issues/181))<br>* Package downloads in the developer container now use the correct URL again ([Flatcar#298](https://github.com/kinvolk/Flatcar/issues/298))<br><br>Changes:<br><br>* The sysctl default config file is now applied under the prefix 60 which allows for custom sysctl config files to take effect when they start with a prefix of 70, 80, or 90 ([baselayout#13](https://github.com/kinvolk/baselayout/pull/13))<br>* Containerd CRI plugin got enabled by default, only the containerd socket path needs to be specified as kubelet parameter for Kubernetes 1.20 to use containerd instead of Docker ([Flatcar#283](https://github.com/kinvolk/Flatcar/issues/283))<br>* For users with a custom update server a machine alias setting in update-engine allows to give human-friendly names to client instances ([update-engine#8](https://github.com/kinvolk/update_engine/pull/8))<br><br>Updates:<br><br>* Linux ([5.4.83](https://lwn.net/Articles/839875/))<br><br>Packages:<br>- docker 19.03.14<br>- ignition 0.34.0<br>- kernel 5.4.83<br>- systemd 246<br><br>Architectures:<br>- amd64<br> 2020-12-16T12:01:04+00:00 @@ -454,7 +462,7 @@ https://github.com/flatcar/manifest/releases/tag/v2512.5.0 2512.5.0 - 2023-10-25T10:20:38.828363+00:00 + 2023-11-22T09:59:28.508492+00:00 Changes:<br>- Update public key to include a [new subkey](https://www.flatcar-linux.org/security/image-signing-key/)<br><br>Updates:<br>- Linux [4.19.145](https://lwn.net/Articles/831367/)<br><br>Packages:<br>- docker 18.06.3<br>- ignition 0.34.0<br>- kernel 4.19.145<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2020-09-16T06:12:05+00:00 @@ -462,7 +470,7 @@ https://github.com/flatcar/manifest/releases/tag/v2512.4.0 2512.4.0 - 2023-10-25T10:20:38.823949+00:00 + 2023-11-22T09:59:28.504037+00:00 Security fixes:<br>- Linux kernel: Fix AF_PACKET overflow in tpacket_rcv [CVE-2020-14386](https://seclists.org/oss-sec/2020/q3/146)<br><br>Updates:<br>- Linux [4.19.143](https://lwn.net/Articles/830503/)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.34.0<br>- kernel 4.19.143<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2020-09-07T15:38:48+00:00 @@ -470,7 +478,7 @@ https://github.com/flatcar/manifest/releases/tag/v2512.3.0 2512.3.0 - 2023-10-25T10:20:38.819520+00:00 + 2023-11-22T09:59:28.499578+00:00 Security fixes:<br><br>* Bind: fixes for [CVE-2020-8616](https://nvd.nist.gov/vuln/detail/CVE-2020-8616), [CVE-2020-8617](https://nvd.nist.gov/vuln/detail/CVE-2020-8617), [CVE-2020-8620](https://nvd.nist.gov/vuln/detail/CVE-2020-8620), [CVE-2020-8621](https://nvd.nist.gov/vuln/detail/CVE-2020-8621), [CVE-2020-8622](https://nvd.nist.gov/vuln/detail/CVE-2020-8622), [CVE-2020-8623](https://nvd.nist.gov/vuln/detail/CVE-2020-8623), [CVE-2020-8624](https://nvd.nist.gov/vuln/detail/CVE-2020-8624)<br><br>Bug fixes:<br><br>* The static IP address configuration in the initramfs works again in the format `ip=<ip>::<gateway>:<netmask>:<hostname>:<iface>:none[:<dns1>[:<dns2>]]` ([flatcar-linux/bootengine#15](https://github.com/flatcar/bootengine/pull/15))<br>* app-admin/{kubelet, etcd, flannel}-wrapper: don't overwrite the user supplied –insecure-options argument ([flatcar-linux/coreos-overlay#426](https://github.com/flatcar/coreos-overlay/pull/426))<br>* etcd-wrapper: Adjust data dir permissions ([flatcar-linux/coreos-overlay#536](https://github.com/flatcar/coreos-overlay/pull/536))<br><br>Changes:<br><br>* Vultr support in Ignition ([flatcar-linux/ignition#13](https://github.com/flatcar/ignition/pull/13))<br>* VMware OVF settings default to ESXi 6.5 and Linux 3.x<br><br>Updates:<br><br>* Linux [4.19.140](https://lwn.net/Articles/829107/)<br>* bind-tools [9.11.22](https://ftp.isc.org/isc/bind9/cur/9.11/RELEASE-NOTES-bind-9.11.22.txt)<br>* etcd-wrapper [3.3.24](https://github.com/etcd-io/etcd/releases/tag/v3.3.24)<br>* Git [2.26.2](https://raw.githubusercontent.com/git/git/v2.26.2/Documentation/RelNotes/2.26.2.txt)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.34.0<br>- kernel 4.19.140<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2020-08-20T21:44:54+00:00 @@ -478,7 +486,7 @@ https://github.com/flatcar/manifest/releases/tag/v2512.2.1 2512.2.1 - 2023-10-25T10:20:38.814242+00:00 + 2023-11-22T09:59:28.494195+00:00 ## Flatcar updates<br><br>Security fixes:<br>- Fix the Intel Microcode vulnerabilities ([CVE-2020-0543](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0543))<br><br>Changes:<br>- A source code and licensing overview is available under `/usr/share/licenses/INFO`<br><br>Updates:<br>- Linux [4.19.128](https://lwn.net/Articles/822841/)<br>- intel-microcode [20200609](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20200609)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.34.0<br>- kernel 4.19.128<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2020-06-17T15:45:35+00:00 @@ -486,7 +494,7 @@ https://github.com/flatcar/manifest/releases/tag/v2512.2.0 2512.2.0 - 2023-10-25T10:20:38.809669+00:00 + 2023-11-22T09:59:28.489509+00:00 ## Flatcar updates<br><br>Security fixes:<br>- Fix e2fsprogs arbitrary code execution via crafted filesystem ([CVE-2019-5094](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094))<br>- Fix Git arbitrary path overwrite, credential leak from credential helpers, remote code execution in recursive clones, and arbitrary command execution via submodules ([CVE-2019-1348](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1348), [CVE-2019-1387](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1387), [CVE-2019-19604](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19604), [CVE-2020-11008](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11008), [CVE-2020-5260](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5260))<br>- Fix libarchive crash or use-after-free via crafted RAR file ([CVE-2019-18408](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18408), [CVE-2020-9308](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9308))<br>- Fix libgcrypt ECDSA timing attack ([CVE-2019-13627](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13627))<br>- Fix libidn2 domain impersonation ([CVE-2019-12290](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12290))<br>- Fix NSS crashes and heap corruption ([CVE-2017-11695](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11695), [CVE-2017-11696](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11696), [CVE-2017-11697](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11697), [CVE-2017-11698](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11698), [CVE-2018-18508](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18508), [CVE-2019-11745](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745))<br>- Fix OpenSSL overflow in Montgomery squaring procedure ([CVE-2019-1551](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551))<br>- Fix SQLite crash and heap corruption ([CVE-2019-16168](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16168), [CVE-2019-5827](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5827))<br>- Fix unzip heap overflow or excessive resource consumption via crafted archive ([CVE-2018-1000035](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000035), [CVE-2019-13232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13232))<br>- Fix vim arbitrary command execution via crafted file ([CVE-2019-12735](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12735))<br><br>Bug fixes:<br>- When writing the update kernel, prefer `/boot/coreos` only if `/boot/coreos/vmlinux-*` exists (https://github.com/flatcar/update_engine/pull/5)<br>- Fixed sysroot-boot initramfs service race which resulted in a warning that this service failed<br>- Use the correct `BINHOST` URLs in the development container to download binary packages<br><br>Changes:<br>- Support the CoreOS GRUB `/boot/coreos/first_boot` flag file (https://github.com/flatcar/bootengine/pull/13)<br>- Fetch container images in docker format rather than ACI by default in `etcd-member.service`, `flanneld.service`, and `kubelet-wrapper`<br>- Use `flatcar.autologin` kernel command line parameter on Azure and VMware for auto login on the serial console<br>- Include `conntrack` ([conntrack-tools](http://conntrack-tools.netfilter.org/))<br>- Include `journalctl` output, `pstore` kernel crash logs, and `coredumpctl list` output in the `mayday` report<br>- Update wa-linux-agent to 2.2.46 on Azure<br>- Support both `coreos.config.*` and `flatcar.config.*` guestinfo variables on VMware OEM<br><br>Updates:<br>- e2fsprogs [1.45.5](http://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.45.5)<br>- etcd [3.3.20](https://github.com/etcd-io/etcd/releases/tag/v3.3.20)<br>- etcdctl [3.3.20](https://github.com/etcd-io/etcd/releases/tag/v3.3.20)<br>- Git [2.24.1](https://raw.githubusercontent.com/git/git/v2.24.1/Documentation/RelNotes/2.24.1.txt)<br>- Linux [4.19.124](https://lwn.net/Articles/820974/)<br>- OpenSSL [1.0.2u](https://www.openssl.org/news/openssl-1.0.2-notes.html)<br>- vim [8.2.0360](http://ftp.vim.org/pub/vim/patches/8.2/README)<br><br>Packages:<br>- docker 18.06.3<br>- ignition 0.34.0<br>- kernel 4.19.124<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2020-05-26T16:58:25+00:00 @@ -494,7 +502,7 @@ https://github.com/flatcar/manifest/releases/tag/v2345.3.1 2345.3.1 - 2023-10-25T10:20:38.802548+00:00 + 2023-11-22T09:59:28.482293+00:00 ## Flatcar updates<br><br>Bug fixes:<br><br>- Use newest network interface naming scheme (https://github.com/flatcar/Flatcar/issues/36)<br> - It is a possible breaking change for some persistent network interface names<br>- Fix URL scheme in emerge-gitclone (https://github.com/flatcar/coreos-overlay/issues/223)<br>- Fix coreos-cloudinit variable names (https://github.com/flatcar/coreos-overlay/pull/206)<br>- Prefer /boot/coreos to write updates (https://github.com/flatcar/update_engine/pull/2)<br>- Remove /boot/coreos/first_boot after a Ignition rerun on migration (https://github.com/flatcar/bootengine/pull/10)<br>- Support coreos.config.url as kernel command line parameter for Ignition (https://github.com/flatcar/ignition/pull/10)<br><br>Changes:<br><br>- Add kernel config for QEDE driver (https://github.com/flatcar/coreos-overlay/pull/198)<br>- Add `tracepath` alongside `traceroute6` (https://github.com/flatcar/Flatcar/issues/50)<br><br>Updates:<br><br>- Linux [4.19.107](https://lwn.net/Articles/813602/)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.34.0<br>- kernel 4.19.107<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2020-03-31T16:25:06+00:00 @@ -502,7 +510,7 @@ https://github.com/flatcar/manifest/releases/tag/v2345.3.0 2345.3.0 - 2023-10-25T10:20:38.797560+00:00 + 2023-11-22T09:59:28.477192+00:00 ## Flatcar updates<br>Bug fixes:<br>- Enable persistent network interface names already in the initramfs to fix https://github.com/coreos/bugs/issues/1767<br>- Fix backwards compatibility issues for users to migrate from CoreOS Container Linux. Support the kernel command line parameters `coreos.oem.*`, `coreos.autologin`, `coreos.first_boot`, and the QEMU firmware config path `opt/com.coreos/config` (https://github.com/flatcar/Flatcar/issues/16 https://github.com/flatcar/afterburn/pull/7 https://github.com/flatcar/bootengine/pull/7 https://github.com/flatcar/bootengine/pull/8 https://github.com/flatcar/init/pull/16 https://github.com/flatcar/init/pull/17 https://github.com/flatcar/ignition/pull/8)<br><br>## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2345.3.0)<br>Security fixes:<br>- Fix systemd use-after-free upon receiving crafted D-Bus message from local unprivileged attacker [CVE-2020-1712](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1712)<br>- Fix heap-based buffer over-read in libexpat ([CVE-2019-15903](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903))<br>- Fix multiple Git [vulnerabilities](https://marc.info/?l=git&m=157600115215285&w=2) ([CVE-2019-1348](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1348), [CVE-2019-1349](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1349), [CVE-2019-1350](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1350), [CVE-2019-1351](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1351), [CVE-2019-1352](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1352), [CVE-2019-1353](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1353), [CVE-2019-1354](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1354), [CVE-2019-1387](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1387), [CVE-2019-19604](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19604))<br>- Fix curl Kerberos FTP double free ([CVE-2019-5481](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5481))<br> - Fix curl TFTP buffer overflow with non-default block size ([CVE-2019-5482](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5482))<br> - Fix OpenSSL key extraction attacks under non-default conditions ([CVE-2019-1563](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563), [CVE-2019-1547](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1547))<br><br>Updates:<br><br>- Git [2.24.1](https://github.com/git/git/blob/master/Documentation/RelNotes/2.24.1.txt)<br>- Linux [4.19.106](https://lwn.net/Articles/813157/)<br>- OpenSSL [1.0.2t](https://www.openssl.org/news/cl102.txt)<br>- curl [7.66.0](https://curl.haxx.se/mail/archive-2019-09/0002.html)<br>- etcd [3.3.18](https://github.com/etcd-io/etcd/releases/tag/v3.3.18)<br>- expat [2.2.8](https://github.com/libexpat/libexpat/releases/tag/R_2_2_8)<br><br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.106<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2020-03-02T14:03:06+00:00 @@ -510,7 +518,7 @@ https://github.com/flatcar/manifest/releases/tag/v2303.4.0 2303.4.0 - 2023-10-25T10:20:38.791421+00:00 + 2023-11-22T09:59:28.470994+00:00 ## Flatcar updates<br><br>Bug fixes:<br>- Fix DNS resolution for the GCE metadata server (https://github.com/flatcar/coreos-overlay/pull/160)<br>- Create symlink for /run/metadata/coreos (https://github.com/flatcar/coreos-overlay/pull/166)<br>- Create symlink for flatcar-install (https://github.com/flatcar/init/pull/14)<br><br>## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2303.4.0):<br><br>Updates:<br>- Linux [4.19.95](https://lwn.net/Articles/809258/)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.95<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2020-02-10T11:10:47+00:00 @@ -518,7 +526,7 @@ https://github.com/flatcar/manifest/releases/tag/v2303.3.1 2303.3.1 - 2023-10-25T10:20:38.786812+00:00 + 2023-11-22T09:59:28.466339+00:00 ## Flatcar updates<br><br>Bug fixes:<br><br>- Fix a bug when creating RAID0 arrays by setting the default layout (https://github.com/flatcar/baselayout/pull/2)<br>- Fix bug of unpacking tarballs failing when xattr is not supported (https://github.com/flatcar/torcx/pull/2)<br><br>Updates:<br><br>- ldb [1.3.6](https://gitlab.com/samba-team/samba/-/tags/ldb-1.3.6)<br>- samba [4.8.6](https://gitlab.com/samba-team/samba/-/tags/samba-4.8.6)<br>- talloc [2.1.11](https://gitlab.com/samba-team/samba/-/tags/talloc-2.1.11)<br>- tdb [1.3.15](https://gitlab.com/samba-team/samba/-/tags/tdb-1.3.15)<br>- tevent [0.9.37](https://gitlab.com/samba-team/samba/-/tags/tevent-0.9.37)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.86<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-12-18T09:49:23+00:00 @@ -526,7 +534,7 @@ https://github.com/flatcar/manifest/releases/tag/v2303.3.0 2303.3.0 - 2023-10-25T10:20:38.782138+00:00 + 2023-11-22T09:59:28.461511+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2303.3.0):<br><br>Updates:<br> - Linux [4.19.86](https://lwn.net/Articles/805531/)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.86<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-12-05T06:33:04+00:00 @@ -534,7 +542,7 @@ https://github.com/flatcar/manifest/releases/tag/v2247.7.0 2247.7.0 - 2023-10-25T10:20:38.777820+00:00 + 2023-11-22T09:59:28.457093+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2247.7.0):<br><br>Security fixes:<br><br>- Fix Intel CPU disclosure of memory to user process. Complete mitigation requires [manually disabling TSX or SMT](https://docs.flatcar-linux.org/os/disabling-smt/) on affected processors. ([CVE-2019-11135](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11135), [TAA](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00270.html))<br>- Fix Intel CPU denial of service by a malicious guest VM ([CVE-2018-12207](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12207))<br><br>Bug fixes:<br><br>- Fix CFS scheduler throttling highly-threaded I/O-bound applications ([#2623](https://github.com/coreos/bugs/issues/2623))<br><br>Updates:<br><br>- intel-microcode [20191115](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/blob/microcode-20191115/releasenote)<br>- Linux [4.19.84](https://lwn.net/Articles/804465/)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.84<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-11-21T09:27:14+00:00 @@ -542,7 +550,7 @@ https://github.com/flatcar/manifest/releases/tag/v2247.6.0 2247.6.0 - 2023-10-25T10:20:38.772878+00:00 + 2023-11-22T09:59:28.452078+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2247.6.0):<br><br>Bug fixes:<br><br>- Fix time zone for Brazil ([#2627](https://github.com/coreos/bugs/issues/2627))<br><br>Updates:<br><br>- timezone-data [2019c](http://mm.icann.org/pipermail/tz-announce/2019-September/000057.html)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.78<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-11-11T14:11:52+00:00 @@ -550,7 +558,7 @@ https://github.com/flatcar/manifest/releases/tag/v2247.5.0 2247.5.0 - 2023-10-25T10:20:38.768462+00:00 + 2023-11-22T09:59:28.447445+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2247.5.0):<br><br>No changes for stable promotion<br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.78<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-10-17T18:54:06+00:00 @@ -558,7 +566,7 @@ https://github.com/flatcar/manifest/releases/tag/v2191.5.0 2191.5.0 - 2023-10-25T10:20:38.764176+00:00 + 2023-11-22T09:59:28.442433+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2191.5.0):<br><br>Security fixes:<br><br>- Fix pam_systemd bug allowing authenticated remote users to perform polkit actions as if locally logged in ([CVE-2019-3842](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3842))<br>- Fix systemd-resolved bug allowing unprivileged users to change DNS settings ([CVE-2019-15718](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15718))<br><br>Bug fixes:<br><br>- Fix GCE agent crash loop in new installs ([#2608](https://github.com/coreos/bugs/issues/2608))<br><br>Updates:<br><br>- Linux [4.19.68](https://lwn.net/Articles/797250/)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.68<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-09-05T08:52:34+00:00 @@ -566,7 +574,7 @@ https://github.com/flatcar/manifest/releases/tag/v2191.4.1 2191.4.1 - 2023-10-25T10:20:38.759462+00:00 + 2023-11-22T09:59:28.437630+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2191.4.1):<br><br>Security fixes:<br>- Fix wget buffer overflow allowing arbitrary code execution ([CVE-2019-5953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5953))<br><br>Updates:<br>- Linux [4.19.66](https://lwn.net/Articles/795843/)<br>- wget [1.20.3](http://git.savannah.gnu.org/cgit/wget.git/tree/NEWS?h=v1.20.3&id=a220ead43505bc3e0ea8efb1572919111dbbf6dc#n8)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.66<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-08-30T07:36:13+00:00 @@ -574,7 +582,7 @@ https://github.com/flatcar/manifest/releases/tag/v2191.4.0 2191.4.0 - 2023-10-25T10:20:38.754887+00:00 + 2023-11-22T09:59:28.433022+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2191.4.0):<br><br>Security fixes:<br>- Use secure_getenv to fix a vulnerability around XDG_SEAT in pam_systemd (https://github.com/coreos/systemd/pull/118) ([CVE-2019-3842](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3842))<br><br>Updates:<br>- Linux [4.19.65](https://lwn.net/Articles/795525/)<br><br>## Flatcar updates<br><br>Bug fixes:<br>- Fix wrong key name for fw_cfg in ignition with QEMU (https://github.com/flatcar/ignition/issues/2)<br>- Get SELinux context included in torcx tarballs (https://github.com/flatcar/scripts/pull/16)<br>- Enable XattrPrivileged for untar to fix SELinux issue (https://github.com/flatcar/torcx/pull/1)<br><br>Changes:<br>- Add "-s" flag in flatcar-install to install to smallest disk (https://github.com/flatcar/init/pull/7)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.65<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-08-16T09:42:56+00:00 @@ -582,7 +590,7 @@ https://github.com/flatcar/manifest/releases/tag/v2135.6.0 2135.6.0 - 2023-10-25T10:20:38.750024+00:00 + 2023-11-22T09:59:28.428066+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2135.6.0):<br><br>- intel-microcode [20190618](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/blob/microcode-20190618/releasenote)<br>- Linux [4.19.56](https://lwn.net/Articles/792009/)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.56<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-08-01T09:14:26+00:00 @@ -590,7 +598,7 @@ https://github.com/flatcar/manifest/releases/tag/v2135.5.0 2135.5.0 - 2023-10-25T10:20:38.745644+00:00 + 2023-11-22T09:59:28.423617+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2135.5.0):<br><br>Bug fixes:<br><br> * Fix Ignition panic when no `guestinfo.(coreos|ignition).config` parameters are specified on VMware (coreos/ignition#821)<br><br>Updates:<br><br> * Ignition [0.33.0](https://github.com/coreos/ignition/releases/tag/v0.33.0)<br><br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.50<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-07-03T08:01:54+00:00 @@ -598,7 +606,7 @@ https://github.com/flatcar/manifest/releases/tag/v2135.4.0 2135.4.0 - 2023-10-25T10:20:38.741145+00:00 + 2023-11-22T09:59:28.419063+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2135.4.0):<br><br>No changes for stable promotion<br><br>Packages:<br>- docker 18.06.3<br>- ignition 0.32.0<br>- kernel 4.19.50<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-07-01T10:47:02+00:00 @@ -606,7 +614,7 @@ https://github.com/flatcar/manifest/releases/tag/v2079.6.0 2079.6.0 - 2023-10-25T10:20:38.736853+00:00 + 2023-11-22T09:59:28.414681+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2079.6.0):<br><br>Security fixes:<br><br>- Fix Linux TCP remotely-triggerable kernel panic and excessive resource consumption ([CVE-2019-11477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11477), [CVE-2019-11478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11478), [CVE-2019-11479](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11479))<br><br>Bug fixes:<br><br>- Fix invalid bzip2 compression of Container Linux release images ([#2589](https://github.com/coreos/bugs/issues/2589))<br>Packages:<br>- docker 18.06.3<br>- ignition 0.31.0<br>- kernel 4.19.43<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-06-19T08:15:07+00:00 @@ -614,7 +622,7 @@ https://github.com/flatcar/manifest/releases/tag/v2079.5.0 2079.5.0 - 2023-10-25T10:20:38.732224+00:00 + 2023-11-22T09:59:28.409953+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2079.5.0):<br><br>Bug fixes:<br>- Fix systemd `MountFlags=shared` option ([#2579](https://github.com/coreos/bugs/issues/2579))<br><br>Changes:<br>- Pin network interface naming to systemd v238 scheme ([#2578](https://github.com/coreos/bugs/issues/2578))<br>Packages:<br>- docker 18.06.3<br>- ignition 0.31.0<br>- kernel 4.19.43<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-06-06T08:49:52+00:00 @@ -622,7 +630,7 @@ https://github.com/flatcar/manifest/releases/tag/v2079.4.0 2079.4.0 - 2023-10-25T10:20:38.727781+00:00 + 2023-11-22T09:59:28.405392+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2079.4.0):<br><br>Security fixes:<br>- Fix Intel CPU disclosure of memory to user process. Complete mitigation requires [manually disabling SMT](https://docs.flatcar-linux.org/os/disabling-smt/) on affected processors. ([CVE-2019-11091](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11091), [CVE-2018-12126](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12126), [CVE-2018-12127](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12127), [CVE-2018-12130](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12130), [MDS](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html))<br><br>Updates:<br>- intel-microcode [20190514](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/blob/microcode-20190514/releasenote)<br>- Linux [4.19.43](https://lwn.net/Articles/788388/)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.31.0<br>- kernel 4.19.43<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-05-16T10:57:17+00:00 @@ -630,7 +638,7 @@ https://github.com/flatcar/manifest/releases/tag/v2079.3.2 2079.3.2 - 2023-10-25T10:20:38.722965+00:00 + 2023-11-22T09:59:28.400548+00:00 ## Flatcar updates<br><br>Bug fixes:<br><br>* Fix a regression from the latest hotfix builds, about [CROS_WORKON_COMMIT](https://github.com/flatcar/coreos-overlay/blob/60e44f23a1a5527cfa6bcbc978b1ffdef74e2e3f/coreos-base/coreos-metadata/coreos-metadata-9999.ebuild#L13) in [coreos-overlay](https://github.com/flatcar/coreos-overlay) <br><br>Packages:<br>- docker 18.06.3<br>- ignition 0.31.0<br>- kernel 4.19.34<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-04-26T07:43:52+00:00 @@ -638,7 +646,7 @@ https://github.com/flatcar/manifest/releases/tag/v2079.3.1 2079.3.1 - 2023-10-25T10:20:38.718548+00:00 + 2023-11-22T09:59:28.395995+00:00 ## Flatcar updates<br><br>Bug fixes:<br><br>* Fix a wrong vendor-specific string in [CMDLINE_OEM_FLAG](https://github.com/flatcar/afterburn/blob/f4f0adc6a96a1ba77a0f87b612ecdf21782aa8c6/src/main.rs#L60) in [afterburn](https://github.com/flatcar/afterburn) <br><br><br>Packages:<br>- docker 18.06.3<br>- ignition 0.31.0<br>- kernel 4.19.34<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-04-25T10:05:40+00:00 @@ -646,7 +654,7 @@ https://github.com/flatcar/manifest/releases/tag/v2079.3.0 2079.3.0 - 2023-10-25T10:20:38.714136+00:00 + 2023-11-22T09:59:28.391534+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2079.3.0):<br><br>No changes for stable promotion<br>Packages:<br>- docker 18.06.3<br>- ignition 0.31.0<br>- kernel 4.19.34<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-04-24T10:00:10+00:00 @@ -654,7 +662,7 @@ https://github.com/flatcar/manifest/releases/tag/v2023.5.0 2023.5.0 - 2023-10-25T10:20:38.709796+00:00 + 2023-11-22T09:59:28.387144+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2023.5.0):<br><br>Security fixes:<br>- Fix systemd crash from a specially-crafted D-Bus message ([CVE-2019-6454](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6454))<br><br>Bug fixes:<br>- Fix systemd-journald memory leak ([#2564](https://github.com/coreos/bugs/issues/2564))<br><br>Updates:<br>- Linux [4.19.25](https://lwn.net/Articles/780611/)<br>Packages:<br>- docker 18.06.1<br>- ignition 0.30.0<br>- kernel 4.19.25<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2019-03-12T14:35:58+00:00 @@ -662,7 +670,7 @@ https://github.com/flatcar/manifest/releases/tag/v2023.4.0 2023.4.0 - 2023-10-25T10:20:38.705271+00:00 + 2023-11-22T09:59:28.382444+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2023.4.0):<br><br>Security fixes:<br>- Fix Linux use-after-free in `sockfs_setattr` ([CVE-2019-8912](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8912))<br>Packages:<br>- docker 18.06.1<br>- ignition 0.30.0<br>- kernel 4.19.23<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2019-02-27T08:52:33+00:00 @@ -670,7 +678,7 @@ https://github.com/flatcar/manifest/releases/tag/v1967.6.0 1967.6.0 - 2023-10-25T10:20:38.700915+00:00 + 2023-11-22T09:59:28.377973+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1967.6.0):<br><br>Bug fixes:<br>- Fix kernel POSIX timer rearming ([#2549](https://github.com/coreos/bugs/issues/2549))<br>Packages:<br>- docker 18.06.1<br>- ignition 0.28.0<br>- kernel 4.14.96<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2019-02-21T08:40:53+00:00 @@ -678,7 +686,7 @@ https://github.com/flatcar/manifest/releases/tag/v1967.5.0 1967.5.0 - 2023-10-25T10:20:38.696536+00:00 + 2023-11-22T09:59:28.373512+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1967.5.0):<br>Security fixes:<br> - Fix runc container breakout ([CVE-2019-5736](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5736))<br>Packages:<br>- docker 18.06.1<br>- ignition 0.28.0<br>- kernel 4.14.96<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2019-02-14T10:29:38+00:00 @@ -686,7 +694,7 @@ https://github.com/flatcar/manifest/releases/tag/v1967.4.0 1967.4.0 - 2023-10-25T10:20:38.692193+00:00 + 2023-11-22T09:59:28.369073+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1967.4.0):<br><br>Updates:<br>- Linux [4.14.96](https://lwn.net/Articles/777581/)<br>Packages:<br>- docker 18.06.1<br>- ignition 0.28.0<br>- kernel 4.14.96<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2019-01-30T13:45:29+00:00 @@ -694,7 +702,7 @@ https://github.com/flatcar/manifest/releases/tag/v1967.3.1 1967.3.1 - 2023-10-25T10:20:38.687897+00:00 + 2023-11-22T09:59:28.364544+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1967.3.0):<br><br>No changes for stable promotion<br><br>## Flatcar updates<br><br>Changes:<br>- [Fix the previous update of Flatcar](https://github.com/flatcar/coreos-overlay/blob/build-1967.3.1/coreos-base/coreos-init/coreos-init-9999.ebuild#L13) where instead of https://github.com/flatcar/init the upstream coreos-init package was referenced and used accidentally.<br>Packages:<br>- docker 18.06.1<br>- ignition 0.28.0<br>- kernel 4.14.88<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2019-01-28T10:32:57+00:00 @@ -702,7 +710,7 @@ https://github.com/flatcar/manifest/releases/tag/v1967.3.0 1967.3.0 - 2023-10-25T10:20:38.683340+00:00 + 2023-11-22T09:59:28.359915+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1967.3.0):<br><br>No changes for stable promotion<br>Packages:<br>- docker 18.06.1<br>- ignition 0.28.0<br>- kernel 4.14.88<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2019-01-28T11:05:20+00:00 @@ -710,7 +718,7 @@ https://github.com/flatcar/manifest/releases/tag/v1911.5.0 1911.5.0 - 2023-10-25T10:20:38.679046+00:00 + 2023-11-22T09:59:28.355515+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1911.5.0):<br><br>Security fixes:<br>- Fix Go CPU denial of service in X.509 verification ([CVE-2018-16875](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16875))<br>- Fix PolicyKit always authorizing UIDs greater than `INT_MAX` ([CVE-2018-19788](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19788))<br><br>Updates:<br>- Go [1.10.6](https://golang.org/doc/devel/release.html#go1.10.minor)<br>- Go [1.11.3](https://golang.org/doc/devel/release.html#go1.11.minor)<br>- Linux [4.14.84](https://lwn.net/Articles/773114/)<br>Packages:<br>- docker 18.06.1<br>- ignition 0.28.0<br>- kernel 4.14.84<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-12-21T09:08:00+00:00 @@ -718,7 +726,7 @@ https://github.com/flatcar/manifest/releases/tag/v1911.4.0 1911.4.0 - 2023-10-25T10:20:38.674358+00:00 + 2023-11-22T09:59:28.350812+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1911.4.0):<br><br>Security fixes:<br>- Disable containerd CRI plugin to stop it from listening on a TCP port ([#2524](https://github.com/coreos/bugs/issues/2524))<br><br>Updates:<br>- Linux [4.14.81](https://lwn.net/Articles/771885/)<br>Packages:<br>- docker 18.06.1<br>- ignition 0.28.0<br>- kernel 4.14.81<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-11-27T14:54:50+00:00 @@ -726,7 +734,7 @@ https://github.com/flatcar/manifest/releases/tag/v1911.3.0 1911.3.0 - 2023-10-25T10:20:38.669897+00:00 + 2023-11-22T09:59:28.346271+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1911.3.0):<br><br>Security fixes:<br>- Fix systemd re-executing with arbitrary supplied state ([CVE-2018-15686](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15686))<br>- Fix systemd race allowing changing file permissions ([CVE-2018-15687](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15687))<br>- Fix systemd-networkd buffer overflow in the dhcp6 client ([CVE-2018-15688](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15688))<br>Packages:<br>- docker 18.06.1<br>- ignition 0.28.0<br>- kernel 4.14.78<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-11-08T16:14:37+00:00 @@ -734,7 +742,7 @@ https://github.com/flatcar/manifest/releases/tag/v1855.5.0 1855.5.0 - 2023-10-25T10:20:38.665326+00:00 + 2023-11-22T09:59:28.341567+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1855.5.0):<br><br>Security fixes:<br>- Fix Git remote code execution during recursive clone ([CVE-2018-17456](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17456))<br><br>Updates:<br>- Git [2.16.5](https://raw.githubusercontent.com/git/git/v2.16.5/Documentation/RelNotes/2.16.5.txt)<br>- Linux [4.14.74](https://lwn.net/Articles/767628/)<br>Packages:<br>- docker 18.06.1<br>- ignition 0.26.0<br>- kernel 4.14.74<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-10-26T10:13:33+00:00 @@ -742,7 +750,7 @@ https://github.com/flatcar/manifest/releases/tag/v1855.4.2 1855.4.2 - 2023-10-25T10:20:38.660784+00:00 + 2023-11-22T09:59:28.336980+00:00 ## Flatcar updates<br><br>Changes:<br><br>* Add new image signing subkey to `flatcar-install` ([flatcar-linux/init#4](https://github.com/flatcar/init/pull/4))<br><br>Packages:<br>- docker 18.06.1<br>- ignition 0.26.0<br>- kernel 4.14.67<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-10-11T20:17:03+00:00 @@ -750,7 +758,7 @@ https://github.com/flatcar/manifest/releases/tag/v1855.4.0 1855.4.0 - 2023-10-25T10:20:38.656418+00:00 + 2023-11-22T09:59:28.332492+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1855.4.0):<br><br>Bug fixes:<br>- Fix Docker mounting named volumes ([#2497](https://github.com/coreos/bugs/issues/2497))<br><br>Packages:<br>- docker 18.06.1<br>- ignition 0.26.0<br>- kernel 4.14.67<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-09-14T09:59:47+00:00 @@ -758,7 +766,7 @@ https://github.com/flatcar/manifest/releases/tag/v1800.7.0 1800.7.0 - 2023-10-25T10:20:38.652082+00:00 + 2023-11-22T09:59:28.328004+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1800.7.0):<br><br>Security fixes:<br>- Fix Linux remote denial of service ([FragmentSmack](https://access.redhat.com/security/cve/cve-2018-5391), [CVE-2018-5391](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5391))<br>- Fix Linux privileged memory access via speculative execution ([L1TF/Foreshadow](https://foreshadowattack.eu/), [CVE-2018-3620](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3620), [CVE-2018-3646](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3646))<br><br>Updates:<br>- intel-microcode [20180703](https://downloadcenter.intel.com/download/27945/Linux-Processor-Microcode-Data-File)<br>- Linux [4.14.63](https://lwn.net/Articles/762808/)<br>Packages:<br>- docker 18.03.1<br>- ignition 0.25.1<br>- kernel 4.14.63<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-08-17T12:07:54+00:00 @@ -766,7 +774,7 @@ https://github.com/flatcar/manifest/releases/tag/v1800.6.0 1800.6.0 - 2023-10-25T10:20:38.647331+00:00 + 2023-11-22T09:59:28.323204+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1800.6.0):<br><br>Security fixes:<br>- Fix Linux local denial of service as Xen PV guest ([CVE-2018-14678](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14678))<br><br>Bug fixes:<br>- Fix failure to mount large ext4 filesystems ([#2485](https://github.com/coreos/bugs/issues/2485))<br>Packages:<br>- docker 18.03.1<br>- ignition 0.25.1<br>- kernel 4.14.59<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-08-08T10:49:51+00:00 @@ -774,7 +782,7 @@ https://github.com/flatcar/manifest/releases/tag/v1800.5.0 1800.5.0 - 2023-10-25T10:20:38.642779+00:00 + 2023-11-22T09:59:28.318631+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1800.5.0):<br><br>Bug fixes:<br>- Fix kernel CIFS client ([#2480](https://github.com/coreos/bugs/issues/2480))<br><br>Updates:<br>- Linux [4.14.59](https://lwn.net/Articles/761180/)<br>Packages:<br>- docker 18.03.1<br>- ignition 0.25.1<br>- kernel 4.14.59<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-07-31T09:16:01+00:00 @@ -782,7 +790,7 @@ https://github.com/flatcar/manifest/releases/tag/v1800.4.0 1800.4.0 - 2023-10-25T10:20:38.638332+00:00 + 2023-11-22T09:59:28.314089+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1800.4.0):<br><br>No changes for stable promotion<br>Packages:<br>- docker 18.03.1<br>- ignition 0.25.1<br>- kernel 4.14.55<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-07-26T09:38:46+00:00 @@ -790,7 +798,7 @@ https://github.com/flatcar/manifest/releases/tag/v1745.7.0 1745.7.0 - 2023-10-25T10:20:38.633945+00:00 + 2023-11-22T09:59:28.309659+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1745.7.0):<br><br>Bug fixes:<br>- Fix TCP connection stalls ([#2457](https://github.com/coreos/bugs/issues/2457))<br>Packages:<br>- docker 18.03.1<br>- ignition 0.24.1<br>- kernel 4.14.48<br>- rkt 1.29.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-06-15T14:51:25+00:00 @@ -798,7 +806,7 @@ https://github.com/flatcar/manifest/releases/tag/v1745.6.0 1745.6.0 - 2023-10-25T10:20:38.629550+00:00 + 2023-11-22T09:59:28.305166+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1745.6.0):<br><br>Bug fixes:<br>- Fix Hyper-V network driver regression ([#2454](https://github.com/coreos/bugs/issues/2454))<br><br>Updates:<br>- Linux [4.14.48](https://lwn.net/Articles/756652/)<br>Packages:<br>- docker 18.03.1<br>- ignition 0.24.1<br>- kernel 4.14.48<br>- rkt 1.29.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-06-13T13:21:16+00:00 @@ -806,7 +814,7 @@ https://github.com/flatcar/manifest/releases/tag/v1745.5.0 1745.5.0 - 2023-10-25T10:20:38.625051+00:00 + 2023-11-22T09:59:28.300576+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1745.5.0):<br><br>Security fixes:<br>- Fix Git arbitrary code execution when cloning untrusted repositories ([CVE-2018-11235](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11235))<br><br>Bug fixes:<br>- Fix failure to set network interface MTU ([#2443](https://github.com/coreos/bugs/issues/2443))<br><br>Updates:<br>- Git [2.16.4](https://raw.githubusercontent.com/git/git/v2.16.4/Documentation/RelNotes/2.16.4.txt)<br>- Linux [4.14.44](https://lwn.net/Articles/755717/)<br>Packages:<br>- docker 18.03.1<br>- ignition 0.24.1<br>- kernel 4.14.44<br>- rkt 1.29.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-06-01T13:23:44+00:00 @@ -814,7 +822,7 @@ https://github.com/flatcar/manifest/releases/tag/v1745.4.0 1745.4.0 - 2023-10-25T10:20:38.620242+00:00 + 2023-11-22T09:59:28.295789+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1745.4.0):<br><br>Bug fixes:<br>- Fix inadvertent change of network interface names ([#2437](https://github.com/coreos/bugs/issues/2437))<br>Packages:<br>- docker 18.03.1<br>- ignition 0.24.1<br>- kernel 4.14.42<br>- rkt 1.29.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-05-27T09:02:48+00:00 @@ -822,7 +830,7 @@ https://github.com/flatcar/manifest/releases/tag/v1745.3.1 1745.3.1 - 2023-10-25T10:20:38.615743+00:00 + 2023-11-22T09:59:28.291186+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1745.3.1):<br><br>Updates:<br>- Ignition [0.24.1](https://github.com/coreos/ignition/releases/tag/v0.24.1)<br>- Linux [4.14.42](https://lwn.net/Articles/754972/)<br>Packages:<br>- docker 18.03.1<br>- ignition 0.24.1<br>- kernel 4.14.42<br>- rkt 1.29.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-05-26T15:29:48+00:00 @@ -830,7 +838,7 @@ https://github.com/flatcar/manifest/releases/tag/v1688.5.3 1688.5.3 - 2023-10-25T10:20:38.611126+00:00 + 2023-11-22T09:59:28.286514+00:00 ## Flatcar updates<br><br>Initial Flatcar release.<br><br>Bug fixes:<br>- Fix GRUB crash at boot ([#2284](https://github.com/coreos/bugs/issues/2284))<br>- Fix [poweroff problems](https://groups.google.com/forum/#!topic/coreos-user/YcGkRHU9SvQ) ([#8080](https://github.com/systemd/systemd/pull/8080))<br><br>Notes:<br>- Previous test images have been removed from the release servers. This is due to a new update key being generated using our updated security policy which we [included](https://github.com/flatcar/coreos-overlay/pull/6) in the first public image.<br><br>## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1688.5.3):<br><br>Bug fixes:<br>- ~~Avoid GRUB crash at boot ([#2284](https://github.com/coreos/bugs/issues/2284))~~ We've included the [real fix for this](https://github.com/flatcar/grub/commit/8281b03be34552e744fd08aae78b38704e2562b5).<br>- Fix kernel panic with vxlan ([#2382](https://github.com/coreos/bugs/issues/2382))<br>Packages:<br>- docker 17.12.1<br>- ignition 0.22.0<br>- kernel 4.14.32<br>- rkt 1.29.0<br>- systemd 237<br><br>Architectures:<br>- amd64<br> 2018-04-25T14:36:41+00:00 diff --git a/static/releases-feed/releases.xml b/static/releases-feed/releases.xml index d8ece295..da5b4425 100644 --- a/static/releases-feed/releases.xml +++ b/static/releases-feed/releases.xml @@ -2,7 +2,7 @@ https://www.flatcar.org/ Flatcar - 2023-10-25T10:20:42.306047+00:00 + 2023-11-22T09:59:32.131315+00:00 Flatcar Container Linux hello@kinvolk.io @@ -11,10 +11,18 @@ python-feedgen https://kinvolk.io/images/flatcar-logo.svg Flatcar Container Linux release feed + + https://github.com/flatcar/scripts/releases/tag/stable-3602.2.2 + 3602.2.2 + 2023-11-22T09:59:35.053315+00:00 + :warning: From Alpha 3794.0.0 Torcx has been removed - please assert that you don't rely on specific Torcx mechanism but now use systemd-sysext. See [here](https://www.flatcar.org/docs/latest/provisioning/sysext/) for more information.<br><br><br> _Changes since **Stable 3602.2.1**_<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2023-46813](https://nvd.nist.gov/vuln/detail/CVE-2023-46813), [CVE-2023-5178](https://nvd.nist.gov/vuln/detail/CVE-2023-5178), [CVE-2023-5717](https://nvd.nist.gov/vuln/detail/CVE-2023-5717))<br> <br><br> #### Changes:<br> <br> - Brightbox: The regular OpenStack image should now be used, it includes Afterburn for instance metadata attributes<br> - OpenStack: An uncompressed image is provided for simpler import (since the images use qcow2 inline compression, there is no benefit in using the `.gz` or `.bz2` images)<br> - linux kernel: added zstd support for squashfs kernel module ([scripts#1297](https://github.com/flatcar/scripts/pull/1297))<br> <br> #### Updates:<br> <br> - Linux ([5.15.138](https://lwn.net/Articles/950714) (includes [5.15.137](https://lwn.net/Articles/948818)))<br>Packages:<br>- containerd 1.6.21<br>- docker 20.10.24<br>- ignition 2.15.0<br>- kernel 5.15.138<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> + + 2023-11-22T07:55:14+00:00 + https://github.com/flatcar/scripts/releases/tag/stable-3602.2.1 3602.2.1 - 2023-10-25T10:20:45.123189+00:00 + 2023-11-22T09:59:35.048095+00:00 _Changes since **Stable 3602.2.0**_<br> <br> #### Security fixes:<br> <br>- Linux ([CVE-2023-31085](https://nvd.nist.gov/vuln/detail/CVE-2023-31085), [CVE-2023-34324](https://nvd.nist.gov/vuln/detail/CVE-2023-34324), [CVE-2023-4244](https://nvd.nist.gov/vuln/detail/CVE-2023-4244), [CVE-2023-42754](https://nvd.nist.gov/vuln/detail/CVE-2023-42754), [CVE-2023-5197](https://nvd.nist.gov/vuln/detail/CVE-2023-5197))<br> - curl ([CVE-2023-38545](https://nvd.nist.gov/vuln/detail/CVE-2023-38545), [CVE-2023-38546](https://nvd.nist.gov/vuln/detail/CVE-2023-38546))<br> <br> #### Bug fixes:<br> <br> - Disabled systemd-networkd's RoutesToDNS setting by default to fix provisioning failures observed in VMs with multiple network interfaces on Azure ([scripts#1206](https://github.com/flatcar/scripts/pull/1206))<br> - Fixed a regression in Docker resulting in file permissions being dropped from exported container images. ([scripts#1231](https://github.com/flatcar/scripts/pull/1231))<br> <br> #### Changes:<br> <br> - To make Kubernetes work by default, `/usr/libexec/kubernetes/kubelet-plugins/volume/exec` is now a symlink to the writable folder `/var/kubernetes/kubelet-plugins/volume/exec` ([Flatcar#1193](https://github.com/flatcar/Flatcar/issues/1193))<br> <br> #### Updates:<br> <br> - Linux ([5.15.136](https://lwn.net/Articles/948297) (includes [5.15.135](https://lwn.net/Articles/947299), [5.15.134](https://lwn.net/Articles/946855)))<br> - ca-certificates ([3.94](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_94.html))<br>Packages:<br>- containerd 1.6.21<br>- docker 20.10.24<br>- ignition 2.15.0<br>- kernel 5.15.136<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-10-25T08:39:23+00:00 @@ -22,7 +30,7 @@ https://github.com/flatcar/scripts/releases/tag/stable-3602.2.0 3602.2.0 - 2023-10-25T10:20:45.117808+00:00 + 2023-11-22T09:59:35.042675+00:00 _Changes since **Beta 3602.1.6**_<br> <br>#### Security fixes:<br> <br> - Linux ([CVE-2023-42755](https://nvd.nist.gov/vuln/detail/CVE-2023-42755))<br> <br> #### Bug fixes:<br> <br> - Triggered re-reading of partition table to fix adding partitions to the boot disk ([scripts#1202](https://github.com/flatcar/scripts/pull/1202))<br> <br> #### Changes:<br> <br> - Use qcow2 compressed format instead of additional compression layer in Qemu images ([Flatcar#1135](https://github.com/flatcar/Flatcar/issues/1135), [scripts#1132](https://github.com/flatcar/scripts/pull/1132))<br> <br> #### Updates:<br> <br> - Linux ([5.15.133](https://lwn.net/Articles/945380))<br><br>_Changes compared to **Stable 3510.2.8**_<br><br>#### Security fixes:<br> <br> - Linux ([CVE-2023-42752](https://nvd.nist.gov/vuln/detail/CVE-2023-42752), [CVE-2023-42753](https://nvd.nist.gov/vuln/detail/CVE-2023-42753), [CVE-2023-42755](https://nvd.nist.gov/vuln/detail/CVE-2023-42755), [CVE-2023-4623](https://nvd.nist.gov/vuln/detail/CVE-2023-4623), [CVE-2023-4921](https://nvd.nist.gov/vuln/detail/CVE-2023-4921))<br> - Go ([CVE-2023-24532](https://nvd.nist.gov/vuln/detail/CVE-2023-24532), [CVE-2023-24534](https://nvd.nist.gov/vuln/detail/CVE-2023-24534), [CVE-2023-24536](https://nvd.nist.gov/vuln/detail/CVE-2023-24536), [CVE-2023-24537](https://nvd.nist.gov/vuln/detail/CVE-2023-24537), [CVE-2023-24538](https://nvd.nist.gov/vuln/detail/CVE-2023-24538), [CVE-2023-24539](https://nvd.nist.gov/vuln/detail/CVE-2023-24539), [CVE-2023-24540](https://nvd.nist.gov/vuln/detail/CVE-2023-24540), [CVE-2023-29400](https://nvd.nist.gov/vuln/detail/CVE-2023-29400), [CVE-2022-41723](https://nvd.nist.gov/vuln/detail/CVE-2022-41723), [CVE-2022-41724](https://nvd.nist.gov/vuln/detail/CVE-2022-41724), [CVE-2022-41725](https://nvd.nist.gov/vuln/detail/CVE-2022-41725))<br> - bash ([CVE-2022-3715](https://nvd.nist.gov/vuln/detail/CVE-2022-3715))<br> - c-ares ([CVE-2022-4904](https://nvd.nist.gov/vuln/detail/CVE-2022-4904))<br> - containerd ([CVE-2023-25153](https://nvd.nist.gov/vuln/detail/CVE-2023-25153), [CVE-2023-25173](https://nvd.nist.gov/vuln/detail/CVE-2023-25173))<br> - curl ([CVE-2023-23914](https://nvd.nist.gov/vuln/detail/CVE-2023-23914), [CVE-2023-23915](https://nvd.nist.gov/vuln/detail/CVE-2023-23915) and [CVE-2023-23916](https://nvd.nist.gov/vuln/detail/CVE-2023-23916), [CVE-2023-27533](https://nvd.nist.gov/vuln/detail/CVE-2023-27533), [CVE-2023-27534](https://nvd.nist.gov/vuln/detail/CVE-2023-27534), [CVE-2023-27535](https://nvd.nist.gov/vuln/detail/CVE-2023-27535), [CVE-2023-27536](https://nvd.nist.gov/vuln/detail/CVE-2023-27536), [CVE-2023-27537](https://nvd.nist.gov/vuln/detail/CVE-2023-27537), [CVE-2023-27538](https://nvd.nist.gov/vuln/detail/CVE-2023-27538))<br> - Docker ([CVE-2023-28840](https://nvd.nist.gov/vuln/detail/CVE-2023-28840), [CVE-2023-28841](https://nvd.nist.gov/vuln/detail/CVE-2023-28841), [CVE-2023-28842](https://nvd.nist.gov/vuln/detail/CVE-2023-28842))<br> - e2fsprogs ([CVE-2022-1304](https://nvd.nist.gov/vuln/detail/CVE-2022-1304))<br> - git ([CVE-2023-22490](https://nvd.nist.gov/vuln/detail/CVE-2023-22490), [CVE-2023-23946](https://nvd.nist.gov/vuln/detail/CVE-2023-23946))<br> - GnuTLS ([CVE-2023-0361](https://nvd.nist.gov/vuln/detail/CVE-2023-0361))<br> - intel-microcode ([CVE-2022-21216](https://nvd.nist.gov/vuln/detail/CVE-2022-21216), [CVE-2022-33196](https://nvd.nist.gov/vuln/detail/CVE-2022-33196), [CVE-2022-38090](https://nvd.nist.gov/vuln/detail/CVE-2022-38090))<br> - less ([CVE-2022-46663](https://nvd.nist.gov/vuln/detail/CVE-2022-46663))<br> - libxml2 ([CVE-2023-28484](https://nvd.nist.gov/vuln/detail/CVE-2023-28484), [CVE-2023-29469](https://nvd.nist.gov/vuln/detail/CVE-2023-29469))<br> - OpenSSH ([CVE-2023-25136](https://nvd.nist.gov/vuln/detail/CVE-2023-25136), [CVE-2023-28531](https://nvd.nist.gov/vuln/detail/CVE-2023-28531), [CVE-2023-38408](https://nvd.nist.gov/vuln/detail/CVE-2023-38408))<br> - OpenSSL ([CVE-2022-4203](https://nvd.nist.gov/vuln/detail/CVE-2022-4203), [CVE-2022-4304](https://nvd.nist.gov/vuln/detail/CVE-2022-4304), [CVE-2022-4450](https://nvd.nist.gov/vuln/detail/CVE-2022-4450), [CVE-2023-0215](https://nvd.nist.gov/vuln/detail/CVE-2023-0215), [CVE-2023-0216](https://nvd.nist.gov/vuln/detail/CVE-2023-0216), [CVE-2023-0217](https://nvd.nist.gov/vuln/detail/CVE-2023-0217), [CVE-2023-0286](https://nvd.nist.gov/vuln/detail/CVE-2023-0286), [CVE-2023-0401](https://nvd.nist.gov/vuln/detail/CVE-2023-0401), [CVE-2023-0464](https://nvd.nist.gov/vuln/detail/CVE-2023-0464), [CVE-2023-0465](https://nvd.nist.gov/vuln/detail/CVE-2023-0465), [CVE-2023-0466](https://nvd.nist.gov/vuln/detail/CVE-2023-0466), [CVE-2023-1255](https://nvd.nist.gov/vuln/detail/CVE-2023-1255))<br> - runc ([CVE-2023-25809](https://nvd.nist.gov/vuln/detail/CVE-2023-25809), [CVE-2023-27561](https://nvd.nist.gov/vuln/detail/CVE-2023-27561), [CVE-2023-28642](https://nvd.nist.gov/vuln/detail/CVE-2023-28642))<br> - tar ([CVE-2022-48303](https://nvd.nist.gov/vuln/detail/CVE-2022-48303))<br> - torcx ([CVE-2022-32149](https://nvd.nist.gov/vuln/detail/CVE-2022-32149))<br> - vim ([CVE-2023-0288](https://nvd.nist.gov/vuln/detail/CVE-2023-0288), [CVE-2023-0433](https://nvd.nist.gov/vuln/detail/CVE-2023-0433), [CVE-2023-1127](https://nvd.nist.gov/vuln/detail/CVE-2023-1127), [CVE-2023-1175](https://nvd.nist.gov/vuln/detail/CVE-2023-1175), [CVE-2023-1170](https://nvd.nist.gov/vuln/detail/CVE-2023-1170))<br> - SDK: dnsmasq ([CVE-2022-0934](https://nvd.nist.gov/vuln/detail/CVE-2022-0934))<br> - SDK: pkgconf ([CVE-2023-24056](https://nvd.nist.gov/vuln/detail/CVE-2023-24056))<br> - SDK: python ([CVE-2023-24329](https://nvd.nist.gov/vuln/detail/CVE-2023-24329))<br> <br> #### Bug fixes:<br> <br> - Ensured that `/var/log/journal/` is created early enough for systemd-journald to persist the logs on first boot ([bootengine#60](https://github.com/flatcar/bootengine/pull/60), [baselayout#29](https://github.com/flatcar/baselayout/pull/29))<br> - Fixed `journalctl --user` permission issue ([Flatcar#989](https://github.com/flatcar/Flatcar/issues/989))<br> - Ensured that the folder `/var/log/sssd` is created if it doesn't exist, required for `sssd.service` ([Flatcar#1096](https://github.com/flatcar/Flatcar/issues/1096))<br> - Fixed a miscompilation of getfacl causing it to dump core when executed ([scripts#809](https://github.com/flatcar/scripts/pull/809))<br> - Restored the reboot warning and delay for non-SSH console sessions ([locksmith#21](https://github.com/flatcar/locksmith/pull/21))<br> - Triggered re-reading of partition table to fix adding partitions to the boot disk ([scripts#1202](https://github.com/flatcar/scripts/pull/1202))<br> - Worked around a bash regression in `flatcar-install` and added error reporting for disk write failures ([Flatcar#1059](https://github.com/flatcar/Flatcar/issues/1059))<br> <br> #### Changes:<br> <br> - Added `pigz` to the image, a parallel gzip implementation, which is useful to speed up the (de)compression for large container image imports/exports ([coreos-overlay#2504](https://github.com/flatcar/coreos-overlay/pull/2504))<br> - Added a new `flatcar-reset` tool and boot logic for selective OS resets to reconfigure the system with Ignition while avoiding config drift ([bootengine#55](https://github.com/flatcar/bootengine/pull/55), [init#91](https://github.com/flatcar/init/pull/91))<br> - Enabled elfutils support in systemd-coredump. A backtrace will now appear in the journal for any program that dumps core ([coreos-overlay#2489](https://github.com/flatcar/coreos-overlay/pull/2489))<br> - Improved the OS reset tool to offer preview, backup and restore ([init#94](https://github.com/flatcar/init/pull/94))<br> - On boot any files in `/etc` that are the same as provided by the booted `/usr/share/flatcar/etc` default for the overlay mount on `/etc` are deleted to ensure that future updates of `/usr/share/flatcar/etc` are propagated - to opt out create `/etc/.no-dup-update` in case you want to keep an unmodified config file as is or because you fear that a future Flatcar version may use the same file as you at which point your copy is cleaned up and any other future Flatcar changes would be applied ([bootengine#54](https://github.com/flatcar/bootengine/pull/54))<br> - Switched systemd log reporting to the combined format of both unit description, as before, and now the unit name to easily find the unit ([coreos-overlay#2436](https://github.com/flatcar/coreos-overlay/pull/2436))<br> - `/etc` is now set up as overlayfs with the original `/etc` folder being the store for changed files/directories and `/usr/share/flatcar/etc` providing the lower default directory tree ([bootengine#53](https://github.com/flatcar/bootengine/pull/53), [scripts#666](https://github.com/flatcar/scripts/pull/666))<br> - Changed coreos-cloudinit to now set the short hostname instead of the FQDN when fetched from the metadata service ([coreos-cloudinit#19](https://github.com/flatcar/coreos-cloudinit/pull/19))<br> - Use qcow2 compressed format instead of additional compression layer in Qemu images ([Flatcar#1135](https://github.com/flatcar/Flatcar/issues/1135), [scripts#1132](https://github.com/flatcar/scripts/pull/1132))<br> <br> #### Updates:<br> <br> - Linux ([5.15.133](https://lwn.net/Articles/945380) (includes [5.15.132](https://lwn.net/Articles/944877), [5.15.131](https://lwn.net/Articles/943755), [5.15.130](https://lwn.net/Articles/943404), [5.15.129](https://lwn.net/Articles/943113), [5.15.128](https://lwn.net/Articles/942866), [5.15.127](https://lwn.net/Articles/941775), [5.15.126](https://lwn.net/Articles/941273), [5.15.125](https://lwn.net/Articles/940798), [5.15.124](https://lwn.net/Articles/940339), [5.15.123](https://lwn.net/Articles/939424), [5.15.122](https://lwn.net/Articles/939104), [5.15.121](https://lwn.net/Articles/939016), [5.15.120](https://lwn.net/Articles/937404), [5.15.119](https://lwn.net/Articles/936675), [5.15.118](https://lwn.net/Articles/935584), [5.15.117](https://lwn.net/Articles/934622), [5.15.116](https://lwn.net/Articles/934320), [5.15.115](https://lwn.net/Articles/933909), [5.15.114](https://lwn.net/Articles/933280), [5.15.113](https://lwn.net/Articles/932883), [5.15.112](https://lwn.net/Articles/932134), [5.15.111](https://lwn.net/Articles/931652), [5.15.110](https://lwn.net/Articles/930600), [5.15.109](https://lwn.net/Articles/930263), [5.15.108](https://lwn.net/Articles/929679), [5.15.107](https://lwn.net/Articles/929015/), [5.15.106](https://lwn.net/Articles/928343), [5.15.105](https://lwn.net/Articles/927860), [5.15.104](https://lwn.net/Articles/926873), [5.15.103](https://lwn.net/Articles/926415), [5.15.102](https://lwn.net/Articles/925991), [5.15.101](https://lwn.net/Articles/925939), [5.15.100](https://lwn.net/Articles/925913), [5.15.99](https://lwn.net/Articles/925844)))<br> - Linux Firmware ([20230404](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20230404) (includes [20230310](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20230310), [20230210](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20230210)))<br> - Go ([1.19.9](https://go.dev/doc/devel/release#go1.19.9) (includes [1.19.8](https://go.dev/doc/devel/release#go1.19.8), [1.19.7](https://go.dev/doc/devel/release#go1.19.7), [1.19.6](https://go.dev/doc/devel/release#go1.19.6)))<br> - bash ([5.2](https://lists.gnu.org/archive/html/bash-announce/2022-09/msg00000.html))<br> - bind tools ([9.16.37](https://bind9.readthedocs.io/en/v9_16_37/notes.html#notes-for-bind-9-16-37))<br> - bpftool ([6.2.1](https://kernelnewbies.org/LinuxChanges#Linux_6.2.Tracing.2C_perf_and_BPF))<br> - btrfs-progs ([6.0.2](https://btrfs.readthedocs.io/en/latest/CHANGES.html#btrfs-progs-6-0-2-2022-11-24), includes [6.0](https://btrfs.readthedocs.io/en/latest/CHANGES.html#btrfs-progs-6-0-2022-10-11))<br> - c-ares ([1.19.0](https://c-ares.org/changelog.html#1_19_0))<br> - containerd ([1.6.21](https://github.com/containerd/containerd/releases/tag/v1.6.21) (includes [1.6.20](https://github.com/containerd/containerd/releases/tag/v1.6.20), [1.6.19](https://github.com/containerd/containerd/releases/tag/v1.6.19) [1.6.18](https://github.com/containerd/containerd/releases/tag/v1.6.18))<br> - curl ([8.0.1](https://curl.se/changes.html#8_0_1) (includes [7.88.1](https://curl.se/changes.html#7_88_1), [7.88.0](https://curl.se/changes.html#7_88_0)))<br> - diffutils ([3.9](https://savannah.gnu.org/forum/forum.php?forum_id=10282))<br> - Docker ([20.10.24](https://docs.docker.com/engine/release-notes/20.10/#201024))<br> - e2fsprogs ([1.47.0](https://e2fsprogs.sourceforge.net/e2fsprogs-release.html##1.47.0) (includes [1.46.6](https://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.46.6)))<br> - findutils ([4.9.0](https://lists.gnu.org/archive/html/info-gnu/2022-02/msg00003.html))<br> - gcc ([12.2.1](https://gcc.gnu.org/gcc-12/changes.html))<br> - gdb ([13.1.90](https://lwn.net/Articles/923819/))<br> - git ([2.39.2](https://github.com/git/git/blob/v2.39.2/Documentation/RelNotes/2.39.2.txt))<br> - GLib ([2.74.6](https://gitlab.gnome.org/GNOME/glib/-/tags/2.74.6) (includes [2.74.5](https://gitlab.gnome.org/GNOME/glib/-/tags/2.74.5)))<br> - GnuTLS ([3.8.0](https://gitlab.com/gnutls/gnutls/-/blob/3.8.0/NEWS))<br> - ignition ([2.15.0](https://coreos.github.io/ignition/release-notes/#ignition-2150-2023-02-21))<br> - intel-microcode ([20230214](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230214))<br> - iperf ([3.13](https://github.com/esnet/iperf/blob/3.13/RELNOTES.md))<br> - iputils ([20221126](https://github.com/iputils/iputils/releases/tag/20221126))<br> - less ([608](http://www.greenwoodsoftware.com/less/news.608.html))<br> - libarchive ([3.6.2](https://github.com/libarchive/libarchive/releases/tag/v3.6.2))<br> - libpcap ([1.10.3](https://git.tcpdump.org/libpcap/blob/refs/tags/libpcap-1.10.3:/CHANGES) (includes [1.10.2](https://git.tcpdump.org/libpcap/blob/refs/tags/libpcap-1.10.2:/CHANGES)))<br> - libpcre2 ([10.42](https://github.com/PCRE2Project/pcre2/blob/pcre2-10.42/NEWS))<br> - libxml2 ([2.10.4](https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.4))<br> - multipath-tools ([0.9.4](https://github.com/opensvc/multipath-tools/commits/0.9.4))<br> - OpenSSH ([9.3](http://www.openssh.com/releasenotes.html#9.3) (includes [9.2](http://www.openssh.com/releasenotes.html#9.2)))<br> - OpenSSL ([3.0.8](https://github.com/openssl/openssl/blob/openssl-3.0.8/NEWS.md#major-changes-between-openssl-307-and-openssl-308-7-feb-2023))<br> - pinentry ([1.2.1](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=pinentry.git;a=blob;f=NEWS;h=c080b34e57d01a6ccca9d2996d7096c42b1a3f84;hb=8ab1682e80a2b4185ee9ef66cbb44340245966fc))<br> - qemu guest agent ([7.1.0](https://wiki.qemu.org/ChangeLog/7.1#Guest_agent))<br> - readline ([8.2](https://lists.gnu.org/archive/html/info-gnu/2022-09/msg00013.html))<br> - runc ([1.1.7](https://github.com/opencontainers/runc/releases/tag/v1.1.7) (includes [1.1.6](https://github.com/opencontainers/runc/releases/tag/v1.1.6), [1.1.5](https://github.com/opencontainers/runc/releases/tag/v1.1.5)))<br> - socat ([1.7.4.4](https://repo.or.cz/socat.git/blob/refs/tags/tag-1.7.4.4:/CHANGES))<br> - sqlite ([3.41.2](https://sqlite.org/releaselog/3_41_2.html))<br> - strace ([6.1](https://github.com/strace/strace/releases/tag/v6.1))<br> - traceroute (2.1.1)<br> - vim ([9.0.1403](https://github.com/vim/vim/releases/tag/v9.0.1403) (includes [9.0.1363](https://github.com/vim/vim/releases/tag/v9.0.1363)))<br> - XZ utils ([5.4.2](https://github.com/tukaani-project/xz/releases/tag/v5.4.2))<br> - Zstandard ([1.5.4](https://github.com/facebook/zstd/releases/tag/v1.5.4) (includes [1.5.2](https://github.com/facebook/zstd/releases/tag/v1.5.2), [1.5.1](https://github.com/facebook/zstd/releases/tag/v1.5.1) and [1.5.0](https://github.com/facebook/zstd/releases/tag/v1.5.0)))<br> - SDK: cmake ([3.25.2](https://cmake.org/cmake/help/v3.25/release/3.25.html))<br> - SDK: dnsmasq ([2.89](https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2023q1/016859.html))<br> - SDK: pahole ([1.24](https://github.com/acmel/dwarves/releases/tag/v1.24))<br> - SDK: portage ([3.0.44](https://gitweb.gentoo.org/proj/portage.git/tree/NEWS?h=portage-3.0.44))<br> - SDK: python ([3.10.10](https://docs.python.org/3.10/whatsnew/changelog.html#python-3-10-10-final) (includes [3.10.9](https://docs.python.org/3.10/whatsnew/changelog.html#python-3-10-9-final), [3.10](https://www.python.org/downloads/release/python-3100/)))<br> - SDK: Rust ([1.68.2](https://github.com/rust-lang/rust/releases/tag/1.68.2) (includes [1.68.0](https://github.com/rust-lang/rust/releases/tag/1.68.0), [1.67.1](https://github.com/rust-lang/rust/releases/tag/1.67.1)))<br> - SDK: nano ([7.2](https://git.savannah.gnu.org/cgit/nano.git/tree/NEWS?h=v7.2))<br> - VMware: open-vm-tools ([12.2.0](https://github.com/vmware/open-vm-tools/releases/tag/stable-12.2.0))<br>Packages:<br>- containerd 1.6.21<br>- docker 20.10.24<br>- ignition 2.15.0<br>- kernel 5.15.133<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-10-05T10:02:27+00:00 @@ -30,7 +38,7 @@ https://github.com/flatcar/scripts/releases/tag/stable-3510.2.8 3510.2.8 - 2023-10-25T10:20:45.102403+00:00 + 2023-11-22T09:59:35.027315+00:00 _Changes since **Stable 3510.2.7**_<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2023-20588](https://nvd.nist.gov/vuln/detail/CVE-2023-20588), [CVE-2023-3772](https://nvd.nist.gov/vuln/detail/CVE-2023-3772), [CVE-2023-40283](https://nvd.nist.gov/vuln/detail/CVE-2023-40283), [CVE-2023-4128](https://nvd.nist.gov/vuln/detail/CVE-2023-4128), [CVE-2023-4206](https://nvd.nist.gov/vuln/detail/CVE-2023-4206), [CVE-2023-4207](https://nvd.nist.gov/vuln/detail/CVE-2023-4207), [CVE-2023-4208](https://nvd.nist.gov/vuln/detail/CVE-2023-4208), [CVE-2023-4273](https://nvd.nist.gov/vuln/detail/CVE-2023-4273), [CVE-2023-4569](https://nvd.nist.gov/vuln/detail/CVE-2023-4569))<br> <br> #### Changes:<br> <br> - Azure: Add support for Microsoft Azure Network Adapter (MANA) NICs on Azure ([scripts#1131](https://github.com/flatcar/scripts/pull/1131))<br> <br> #### Updates:<br> <br> - Linux ([5.15.129](https://lwn.net/Articles/943113) (includes [5.15.128](https://lwn.net/Articles/942866), [5.15.127](https://lwn.net/Articles/941775), [5.15.126](https://lwn.net/Articles/941296)))<br> - ca-certificates ([3.93](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_93.html))<br>Packages:<br>- containerd 1.6.16<br>- docker 20.10.23<br>- ignition 2.14.0<br>- kernel 5.15.129<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-09-21T11:36:30+00:00 @@ -38,7 +46,7 @@ https://github.com/flatcar/scripts/releases/tag/stable-3510.2.7 3510.2.7 - 2023-10-25T10:20:45.097367+00:00 + 2023-11-22T09:59:35.022216+00:00 _Changes since **Stable 3510.2.6**_<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2022-40982](https://nvd.nist.gov/vuln/detail/CVE-2022-40982), [CVE-2022-41804](https://nvd.nist.gov/vuln/detail/CVE-2022-41804), [CVE-2023-1206](https://nvd.nist.gov/vuln/detail/CVE-2023-1206), [CVE-2023-20569](https://nvd.nist.gov/vuln/detail/CVE-2023-20569), [CVE-2023-4004](https://nvd.nist.gov/vuln/detail/CVE-2023-4004), [CVE-2023-4147](https://nvd.nist.gov/vuln/detail/CVE-2023-4147), [CVE-2023-20569](https://nvd.nist.gov/vuln/detail/CVE-2023-20569), [CVE-2023-23908](https://nvd.nist.gov/vuln/detail/CVE-2023-23908))<br> <br> #### Bug fixes:<br> <br> - Fixed the restart of Systemd services when the main process is being killed by a SIGHUP signal ([flatcar#1157](https://github.com/flatcar/Flatcar/issues/1157))<br> <br> #### Updates:<br> <br> - Linux ([5.15.125](https://lwn.net/Articles/940801) (includes [5.15.124](https://lwn.net/Articles/940339), [5.15.123](https://lwn.net/Articles/939424)))<br>Packages:<br>- containerd 1.6.16<br>- docker 20.10.23<br>- ignition 2.14.0<br>- kernel 5.15.125<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-09-06T13:18:41+00:00 @@ -46,7 +54,7 @@ https://github.com/flatcar/scripts/releases/tag/stable-3510.2.6 3510.2.6 - 2023-10-25T10:20:45.092418+00:00 + 2023-11-22T09:59:35.017243+00:00 _Changes since **Stable 3510.2.5**_<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2022-48502](https://nvd.nist.gov/vuln/detail/CVE-2022-48502), [CVE-2023-20593](https://nvd.nist.gov/vuln/detail/CVE-2023-20593), [CVE-2023-2898](https://nvd.nist.gov/vuln/detail/CVE-2023-2898), [CVE-2023-31248](https://nvd.nist.gov/vuln/detail/CVE-2023-31248), [CVE-2023-35001](https://nvd.nist.gov/vuln/detail/CVE-2023-35001), [CVE-2023-3611](https://nvd.nist.gov/vuln/detail/CVE-2023-3611), [CVE-2023-3776](https://nvd.nist.gov/vuln/detail/CVE-2023-3776), [CVE-2023-38432](https://nvd.nist.gov/vuln/detail/CVE-2023-38432), [CVE-2023-3863](https://nvd.nist.gov/vuln/detail/CVE-2023-3863))<br> - linux-firmware ([CVE-2023-20593](https://nvd.nist.gov/vuln/detail/CVE-2023-20593))<br> <br> #### Updates:<br> <br> - Linux ([5.15.122](https://lwn.net/Articles/939104) (includes [5.15.121](https://lwn.net/Articles/939016), [5.15.120](https://lwn.net/Articles/937404)))<br> - ca-certificates ([3.92](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_92.html))<br> - linux-firmware ([20230625](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20230625))<br><br>Packages:<br>- containerd 1.6.16<br>- docker 20.10.23<br>- ignition 2.14.0<br>- kernel 5.15.122<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-08-09T11:42:20+00:00 @@ -54,7 +62,7 @@ https://github.com/flatcar/scripts/releases/tag/stable-3510.2.5 3510.2.5 - 2023-10-25T10:20:45.087381+00:00 + 2023-11-22T09:59:35.012201+00:00 _Changes since **Stable 3510.2.4**_<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2023-3338](https://nvd.nist.gov/vuln/detail/CVE-2023-3338), [CVE-2023-3390](https://nvd.nist.gov/vuln/detail/CVE-2023-3390))<br> <br> #### Bug fixes:<br> <br> - Resolved the conflicting FD usage of libselinux and systemd which caused, e.g., a systemd crash on certain watchdog interaction during shutdown (patch in systemd 252.11)<br> <br> #### Updates:<br> <br> - Linux ([5.15.119](https://lwn.net/Articles/936675) (includes [5.15.118](https://lwn.net/Articles/935584)))<br> - systemd ([252.11](https://github.com/systemd/systemd-stable/releases/tag/v252.11) (from 252.5))<br>Packages:<br>- containerd 1.6.16<br>- docker 20.10.23<br>- ignition 2.14.0<br>- kernel 5.15.119<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-07-18T09:00:12+00:00 @@ -62,7 +70,7 @@ https://github.com/flatcar/scripts/releases/tag/stable-3510.2.4 3510.2.4 - 2023-10-25T10:20:45.082594+00:00 + 2023-11-22T09:59:35.007327+00:00 _Changes since **Stable 3510.2.3**_<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2023-2124](https://nvd.nist.gov/vuln/detail/CVE-2023-2124), [CVE-2023-3212](https://nvd.nist.gov/vuln/detail/CVE-2023-3212), [CVE-2023-35788](https://nvd.nist.gov/vuln/detail/CVE-2023-35788))<br> <br> #### Bug fixes:<br> <br> <br> #### Changes:<br> <br> - Changed ext4 inode size of root partition to 256 bytes. This improves compatibility with applications and is necessary for 2038 readiness ([Flatcar#1082](https://github.com/flatcar/Flatcar/issues/1082))<br> <br> #### Updates:<br> <br> - Linux ([5.15.117](https://lwn.net/Articles/934622) (includes [5.15.116](https://lwn.net/Articles/934320), [5.15.115](https://lwn.net/Articles/933909), [5.15.114](https://lwn.net/Articles/933280)))<br> - ca-certificates ([3.91](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_91.html))<br>Packages:<br>- containerd 1.6.16<br>- docker 20.10.23<br>- ignition 2.14.0<br>- kernel 5.15.117<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-07-06T12:16:13+00:00 @@ -70,7 +78,7 @@ https://github.com/flatcar/scripts/releases/tag/stable-3510.2.3 3510.2.3 - 2023-10-25T10:20:45.077670+00:00 + 2023-11-22T09:59:35.002344+00:00 _Changes since **Stable 3510.2.2**_<br> <br>#### Security fixes:<br> <br>- Linux ([CVE-2022-48425](https://nvd.nist.gov/vuln/detail/CVE-2022-48425))<br> <br>#### Updates:<br> <br>- Linux ([5.15.113](https://lwn.net/Articles/932883) (includes [5.15.112](https://lwn.net/Articles/932134)))<br>- ca-certificates ([3.90](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_90.html))<br>Packages:<br>- containerd 1.6.16<br>- docker 20.10.23<br>- ignition 2.14.0<br>- kernel 5.15.113<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-06-21T12:18:43+00:00 @@ -78,7 +86,7 @@ https://github.com/flatcar/scripts/releases/tag/stable-3510.2.2 3510.2.2 - 2023-10-25T10:20:45.073107+00:00 + 2023-11-22T09:59:34.997735+00:00 _Changes since **Stable 3510.2.1**_<br> <br>#### Security fixes:<br> <br> - Linux ([CVE-2023-1380](https://nvd.nist.gov/vuln/detail/CVE-2023-1380), [CVE-2023-1859](https://nvd.nist.gov/vuln/detail/CVE-2023-1859), [CVE-2023-2002](https://nvd.nist.gov/vuln/detail/CVE-2023-2002), [CVE-2023-2269](https://nvd.nist.gov/vuln/detail/CVE-2023-2269), [CVE-2023-31436](https://nvd.nist.gov/vuln/detail/CVE-2023-31436), [CVE-2023-32233](https://nvd.nist.gov/vuln/detail/CVE-2023-32233))<br> <br>#### Bug fixes:<br> <br> <br>#### Changes:<br> <br> <br>#### Updates:<br> <br> - Linux ([5.15.111](https://lwn.net/Articles/931652) (includes [5.15.110](https://lwn.net/Articles/930600), [5.15.109](https://lwn.net/Articles/930263), [5.15.108](https://lwn.net/Articles/929679), [5.15.107](https://lwn.net/Articles/929015)))<br> - ca-certificates ([3.89.1](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_89_1.html))<br><br>Packages:<br>- containerd 1.6.16<br>- docker 20.10.23<br>- ignition 2.14.0<br>- kernel 5.15.111<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-06-01T11:50:00+00:00 @@ -86,7 +94,7 @@ https://github.com/flatcar/scripts/releases/tag/stable-3510.2.1 3510.2.1 - 2023-10-25T10:20:45.068260+00:00 + 2023-11-22T09:59:34.992789+00:00 _Changes since **Stable 3510.2.0**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-4269](https://nvd.nist.gov/vuln/detail/CVE-2022-4269), [CVE-2022-4379](https://nvd.nist.gov/vuln/detail/CVE-2022-4379), [CVE-2023-1076](https://nvd.nist.gov/vuln/detail/CVE-2023-1076), [CVE-2023-1077](https://nvd.nist.gov/vuln/detail/CVE-2023-1077), [CVE-2023-1079](https://nvd.nist.gov/vuln/detail/CVE-2023-1079), [CVE-2023-1118](https://nvd.nist.gov/vuln/detail/CVE-2023-1118), [CVE-2023-1611](https://nvd.nist.gov/vuln/detail/CVE-2023-1611), [CVE-2023-1670](https://nvd.nist.gov/vuln/detail/CVE-2023-1670), [CVE-2023-1829](https://nvd.nist.gov/vuln/detail/CVE-2023-1829), [CVE-2023-1855](https://nvd.nist.gov/vuln/detail/CVE-2023-1855), [CVE-2023-1989](https://nvd.nist.gov/vuln/detail/CVE-2023-1989), [CVE-2023-1990](https://nvd.nist.gov/vuln/detail/CVE-2023-1990), [CVE-2023-23004](https://nvd.nist.gov/vuln/detail/CVE-2023-23004), [CVE-2023-25012](https://nvd.nist.gov/vuln/detail/CVE-2023-25012), [CVE-2023-28466](https://nvd.nist.gov/vuln/detail/CVE-2023-28466), [CVE-2023-30456](https://nvd.nist.gov/vuln/detail/CVE-2023-30456), [CVE-2023-30772](https://nvd.nist.gov/vuln/detail/CVE-2023-30772))<br>- nvidia-drivers ([CVE-2022-31607](https://nvd.nist.gov/vuln/detail/CVE-2022-31607), [CVE-2022-31608](https://nvd.nist.gov/vuln/detail/CVE-2022-31608), [CVE-2022-31615](https://nvd.nist.gov/vuln/detail/CVE-2022-31615), [CVE-2022-34665](https://nvd.nist.gov/vuln/detail/CVE-2022-34665), [CVE-2022-34666](https://nvd.nist.gov/vuln/detail/CVE-2022-34666), [CVE-2022-34670](https://nvd.nist.gov/vuln/detail/CVE-2022-34670), [CVE-2022-34673](https://nvd.nist.gov/vuln/detail/CVE-2022-34673), [CVE-2022-34674](https://nvd.nist.gov/vuln/detail/CVE-2022-34674), [CVE-2022-34676](https://nvd.nist.gov/vuln/detail/CVE-2022-34676), [CVE-2022-34677](https://nvd.nist.gov/vuln/detail/CVE-2022-34677), [CVE-2022-34678](https://nvd.nist.gov/vuln/detail/CVE-2022-34678), [CVE-2022-34679](https://nvd.nist.gov/vuln/detail/CVE-2022-34679), [CVE-2022-34680](https://nvd.nist.gov/vuln/detail/CVE-2022-34680), [CVE-2022-34682](https://nvd.nist.gov/vuln/detail/CVE-2022-34682), [CVE-2022-34684](https://nvd.nist.gov/vuln/detail/CVE-2022-34684), [CVE-2022-42254](https://nvd.nist.gov/vuln/detail/CVE-2022-42254), [CVE-2022-42255](https://nvd.nist.gov/vuln/detail/CVE-2022-42255), [CVE-2022-42256](https://nvd.nist.gov/vuln/detail/CVE-2022-42256), [CVE-2022-42257](https://nvd.nist.gov/vuln/detail/CVE-2022-42257), [CVE-2022-42258](https://nvd.nist.gov/vuln/detail/CVE-2022-42258), [CVE-2022-42259](https://nvd.nist.gov/vuln/detail/CVE-2022-42259), [CVE-2022-42260](https://nvd.nist.gov/vuln/detail/CVE-2022-42260), [CVE-2022-42261](https://nvd.nist.gov/vuln/detail/CVE-2022-42261), [CVE-2022-42263](https://nvd.nist.gov/vuln/detail/CVE-2022-42263), [CVE-2022-42264](https://nvd.nist.gov/vuln/detail/CVE-2022-42264), [CVE-2022-42265](https://nvd.nist.gov/vuln/detail/CVE-2022-42265))<br><br>#### Bug fixes:<br>- Fixed the broken emerge-gitclone in the dev-container owing to the missing migration action around the unification of the Flatcar core repositories<br><br>#### Changes:<br>- The package upgrade for nvidia-drivers might result in not supporting a few of the older NVIDIA Tesla GPUs. If you are facing issues, set `NVIDIA_DRIVER_VERSION=460.106.00` in `/etc/flatcar/nvidia-metadata`<br><br>#### Updates:<br><br>- Linux ([5.15.106](https://lwn.net/Articles/928343) (includes [5.15.105](https://lwn.net/Articles/927860), [5.15.104](https://lwn.net/Articles/926873), [5.15.103](https://lwn.net/Articles/926415), [5.15.102](https://lwn.net/Articles/925991), [5.15.101](https://lwn.net/Articles/925939), [5.15.100](https://lwn.net/Articles/925913), [5.15.99](https://lwn.net/Articles/925844)))<br>- nvidia-drivers ([525.105.17](https://docs.nvidia.com/datacenter/tesla/tesla-release-notes-525-105-17/index.html))<br><br>Packages:<br>- containerd 1.6.16<br>- docker 20.10.23<br>- ignition 2.14.0<br>- kernel 5.15.106<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-04-25T13:41:09+00:00 @@ -94,7 +102,7 @@ https://github.com/flatcar/scripts/releases/tag/stable-3510.2.0 3510.2.0 - 2023-10-25T10:20:45.061597+00:00 + 2023-11-22T09:59:34.986128+00:00 _Changes since **Stable 3374.2.5**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-2196](https://nvd.nist.gov/vuln/detail/CVE-2022-2196), [CVE-2022-27672](https://nvd.nist.gov/vuln/detail/CVE-2022-27672), [CVE-2022-3707](https://nvd.nist.gov/vuln/detail/CVE-2022-3707), [CVE-2023-1078](https://nvd.nist.gov/vuln/detail/CVE-2023-1078), [CVE-2023-1281](https://nvd.nist.gov/vuln/detail/CVE-2023-1281), [CVE-2023-1513](https://nvd.nist.gov/vuln/detail/CVE-2023-1513), [CVE-2023-26545](https://nvd.nist.gov/vuln/detail/CVE-2023-26545))<br>- bind tools ([CVE-2022-2795](https://nvd.nist.gov/vuln/detail/CVE-2022-2795), [CVE-2022-2881](https://nvd.nist.gov/vuln/detail/CVE-2022-2881), [CVE-2022-2906](https://nvd.nist.gov/vuln/detail/CVE-2022-2906), [CVE-2022-3080](https://nvd.nist.gov/vuln/detail/CVE-2022-3080), [CVE-2022-38177](https://nvd.nist.gov/vuln/detail/CVE-2022-38177), [CVE-2022-38178](https://nvd.nist.gov/vuln/detail/CVE-2022-38178))<br>- binutils ([CVE-2022-38126](https://nvd.nist.gov/vuln/detail/CVE-2022-38126), [CVE-2022-38127](https://nvd.nist.gov/vuln/detail/CVE-2022-38127))<br>- containerd ([CVE-2022-23471](https://nvd.nist.gov/vuln/detail/CVE-2022-23471))<br>- cpio ([CVE-2021-38185](https://nvd.nist.gov/vuln/detail/CVE-2021-38185))<br>- curl ([CVE-2022-35252](https://nvd.nist.gov/vuln/detail/CVE-2022-35252), [CVE-2022-43551](https://nvd.nist.gov/vuln/detail/CVE-2022-43551), [CVE-2022-43552](https://nvd.nist.gov/vuln/detail/CVE-2022-43552),[CVE-2022-32221](https://nvd.nist.gov/vuln/detail/CVE-2022-32221), [CVE-2022-35260](https://nvd.nist.gov/vuln/detail/CVE-2022-32221), [CVE-2022-42915](https://nvd.nist.gov/vuln/detail/CVE-2022-32221), [CVE-2022-42916](https://nvd.nist.gov/vuln/detail/CVE-2022-32221))<br>- dbus ([CVE-2022-42010](https://nvd.nist.gov/vuln/detail/CVE-2022-42010), [CVE-2022-42011](https://nvd.nist.gov/vuln/detail/CVE-2022-42011), [CVE-2022-42012](https://nvd.nist.gov/vuln/detail/CVE-2022-42012))<br>- git ([CVE-2022-39253](https://nvd.nist.gov/vuln/detail/CVE-2022-39253), [CVE-2022-39260](https://nvd.nist.gov/vuln/detail/CVE-2022-39260), [CVE-2022-23521](https://nvd.nist.gov/vuln/detail/CVE-2022-23521), [CVE-2022-41903](https://nvd.nist.gov/vuln/detail/CVE-2022-41903))<br>- glib ([fixes to normal form handling in GVariant](https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835))<br>- Go ([CVE-2022-41717](https://nvd.nist.gov/vuln/detail/CVE-2022-41717))<br>- libarchive ([CVE-2022-36227](https://nvd.nist.gov/vuln/detail/CVE-2022-36227))<br>- libksba ([CVE-2022-47629](https://nvd.nist.gov/vuln/detail/CVE-2022-47629), [CVE-2022-3515](https://nvd.nist.gov/vuln/detail/CVE-2022-3515))<br>- libxml2 ([CVE-2022-40303](https://nvd.nist.gov/vuln/detail/CVE-2022-40303), [CVE-2022-40304](https://nvd.nist.gov/vuln/detail/CVE-2022-40304))<br>- logrotate ([CVE-2022-1348](https://nvd.nist.gov/vuln/detail/CVE-2022-1348))<br>- multipath-tools ([CVE-2022-41973](https://nvd.nist.gov/vuln/detail/CVE-2022-41973), [CVE-2022-41974](https://nvd.nist.gov/vuln/detail/CVE-2022-41974))<br>- sudo ([CVE-2023-22809](https://nvd.nist.gov/vuln/detail/CVE-2023-22809), [CVE-2022-43995](https://nvd.nist.gov/vuln/detail/CVE-2022-43995))<br>- systemd ([CVE-2022-3821](https://nvd.nist.gov/vuln/detail/CVE-2022-3821), [CVE-2022-4415](https://nvd.nist.gov/vuln/detail/CVE-2022-4415))<br>- vim ([CVE-2023-0049](https://nvd.nist.gov/vuln/detail/CVE-2023-0049), [CVE-2023-0051](https://nvd.nist.gov/vuln/detail/CVE-2023-0051), [CVE-2023-0054](https://nvd.nist.gov/vuln/detail/CVE-2023-0054), [CVE-2022-3705](https://nvd.nist.gov/vuln/detail/CVE-2022-3705), [CVE-2022-3491](https://nvd.nist.gov/vuln/detail/CVE-2022-3491), [CVE-2022-3520](https://nvd.nist.gov/vuln/detail/CVE-2022-3520), [CVE-2022-3591](https://nvd.nist.gov/vuln/detail/CVE-2022-3591), [CVE-2022-4141](https://nvd.nist.gov/vuln/detail/CVE-2022-4141), [CVE-2022-4292](https://nvd.nist.gov/vuln/detail/CVE-2022-4292), [CVE-2022-4293](https://nvd.nist.gov/vuln/detail/CVE-2022-4293),[CVE-2022-1725](https://nvd.nist.gov/vuln/detail/CVE-2022-1725), [CVE-2022-3234](https://nvd.nist.gov/vuln/detail/CVE-2022-3234), [CVE-2022-3235](https://nvd.nist.gov/vuln/detail/CVE-2022-3235), [CVE-2022-3278](https://nvd.nist.gov/vuln/detail/CVE-2022-3278), [CVE-2022-3256](https://nvd.nist.gov/vuln/detail/CVE-2022-3256), [CVE-2022-3296](https://nvd.nist.gov/vuln/detail/CVE-2022-3296), [CVE-2022-3297](https://nvd.nist.gov/vuln/detail/CVE-2022-3297), [CVE-2022-3324](https://nvd.nist.gov/vuln/detail/CVE-2022-3324), [CVE-2022-3352](https://nvd.nist.gov/vuln/detail/CVE-2022-3352), [CVE-2022-2042](https://nvd.nist.gov/vuln/detail/CVE-2022-2042), [CVE-2022-2124](https://nvd.nist.gov/vuln/detail/CVE-2022-2124), [CVE-2022-2125](https://nvd.nist.gov/vuln/detail/CVE-2022-2125), [CVE-2022-2126](https://nvd.nist.gov/vuln/detail/CVE-2022-2126), [CVE-2022-2129](https://nvd.nist.gov/vuln/detail/CVE-2022-2129), [CVE-2022-2175](https://nvd.nist.gov/vuln/detail/CVE-2022-2175), [CVE-2022-2182](https://nvd.nist.gov/vuln/detail/CVE-2022-2182), [CVE-2022-2183](https://nvd.nist.gov/vuln/detail/CVE-2022-2183), [CVE-2022-2206](https://nvd.nist.gov/vuln/detail/CVE-2022-2206), [CVE-2022-2207](https://nvd.nist.gov/vuln/detail/CVE-2022-2207), [CVE-2022-2208](https://nvd.nist.gov/vuln/detail/CVE-2022-2208), [CVE-2022-2210](https://nvd.nist.gov/vuln/detail/CVE-2022-2210), [CVE-2022-2231](https://nvd.nist.gov/vuln/detail/CVE-2022-2231), [CVE-2022-2257](https://nvd.nist.gov/vuln/detail/CVE-2022-2257), [CVE-2022-2264](https://nvd.nist.gov/vuln/detail/CVE-2022-2264), [CVE-2022-2284](https://nvd.nist.gov/vuln/detail/CVE-2022-2284), [CVE-2022-2285](https://nvd.nist.gov/vuln/detail/CVE-2022-2285), [CVE-2022-2286](https://nvd.nist.gov/vuln/detail/CVE-2022-2286), [CVE-2022-2287](https://nvd.nist.gov/vuln/detail/CVE-2022-2287), [CVE-2022-2288](https://nvd.nist.gov/vuln/detail/CVE-2022-2288), [CVE-2022-2289](https://nvd.nist.gov/vuln/detail/CVE-2022-2289), [CVE-2022-2304](https://nvd.nist.gov/vuln/detail/CVE-2022-2304), [CVE-2022-2343](https://nvd.nist.gov/vuln/detail/CVE-2022-2343), [CVE-2022-2344](https://nvd.nist.gov/vuln/detail/CVE-2022-2344), [CVE-2022-2345](https://nvd.nist.gov/vuln/detail/CVE-2022-2345), [CVE-2022-2522](https://nvd.nist.gov/vuln/detail/CVE-2022-2522), [CVE-2022-2816](https://nvd.nist.gov/vuln/detail/CVE-2022-2816), [CVE-2022-2817](https://nvd.nist.gov/vuln/detail/CVE-2022-2817), [CVE-2022-2819](https://nvd.nist.gov/vuln/detail/CVE-2022-2819), [CVE-2022-2845](https://nvd.nist.gov/vuln/detail/CVE-2022-2845), [CVE-2022-2849](https://nvd.nist.gov/vuln/detail/CVE-2022-2849), [CVE-2022-2862](https://nvd.nist.gov/vuln/detail/CVE-2022-2862), [CVE-2022-2874](https://nvd.nist.gov/vuln/detail/CVE-2022-2874), [CVE-2022-2889](https://nvd.nist.gov/vuln/detail/CVE-2022-2889), [CVE-2022-2923](https://nvd.nist.gov/vuln/detail/CVE-2022-2923), [CVE-2022-2946](https://nvd.nist.gov/vuln/detail/CVE-2022-2946), [CVE-2022-2980](https://nvd.nist.gov/vuln/detail/CVE-2022-2980), [CVE-2022-2982](https://nvd.nist.gov/vuln/detail/CVE-2022-2982), [CVE-2022-3016](https://nvd.nist.gov/vuln/detail/CVE-2022-3016), [CVE-2022-3099](https://nvd.nist.gov/vuln/detail/CVE-2022-3099), [CVE-2022-3134](https://nvd.nist.gov/vuln/detail/CVE-2022-3134), [CVE-2022-3153](https://nvd.nist.gov/vuln/detail/CVE-2022-3153))<br>- SDK: Python ([CVE-2015-20107](https://nvd.nist.gov/vuln/detail/CVE-2015-20107), [CVE-2020-10735](https://nvd.nist.gov/vuln/detail/CVE-2020-10735), [CVE-2021-3654](https://nvd.nist.gov/vuln/detail/CVE-2021-3654), [CVE-2022-37454](https://nvd.nist.gov/vuln/detail/CVE-2022-37454), [CVE-2022-42919](https://nvd.nist.gov/vuln/detail/CVE-2022-42919), [CVE-2022-45061](https://nvd.nist.gov/vuln/detail/CVE-2022-45061))<br>- SDK: qemu ([CVE-2022-4172](https://nvd.nist.gov/vuln/detail/CVE-2022-4172), [CVE-2020-14394](https://nvd.nist.gov/vuln/detail/CVE-2020-14394), [CVE-2022-0216](https://nvd.nist.gov/vuln/detail/CVE-2022-0216), [CVE-2022-35414](https://nvd.nist.gov/vuln/detail/CVE-2022-35414), [CVE-2022-3872](https://nvd.nist.gov/vuln/detail/CVE-2022-3872))<br>- SDK: rust ([CVE-2022-46176](https://nvd.nist.gov/vuln/detail/CVE-2022-46176), [CVE-2022-36113](https://nvd.nist.gov/vuln/detail/CVE-2022-36113), [CVE-2022-36114](https://nvd.nist.gov/vuln/detail/CVE-2022-36114))<br><br>#### Bug fixes:<br><br>- Added back Ignition support for Vagrant ([coreos-overlay#2351](https://github.com/flatcar/coreos-overlay/pull/2351))<br>- Added support for hardware security keys in update-ssh-keys ([update-ssh-keys#7](https://github.com/flatcar/update-ssh-keys/pull/7))<br>- Enabled IOMMU on arm64 kernels, the lack of which prevented some systems from booting ([coreos-overlay#2235](https://github.com/flatcar/coreos-overlay/pull/2235))<br>- Fixed a regression (in Alpha/Beta) where machines failed to boot if they didn't have the `core` user or group in `/etc/passwd` or `/etc/group` ([baselayout#26](https://github.com/flatcar/baselayout/pull/26))<br>- Fix "ext4 deadlock under heavy I/O load" kernel issue. The patch for this is included provisionally while we wait for it to be merged upstream ([Flatcar#847](https://github.com/flatcar/Flatcar/issues/847), [coreos-overlay#2315](https://github.com/flatcar/coreos-overlay/pull/2315))<br>- Restored the support to specify OEM partition files in Ignition when `/usr/share/oem` is given as initrd mount point ([bootengine#58](https://github.com/flatcar/bootengine/pull/58))<br>- The rootfs setup in the initrd now runs systemd-tmpfiles on every boot, not only when Ignition runs, to fix a dbus failure due to missing files ([Flatcar#944](https://github.com/flatcar/Flatcar/issues/944))<br><br>#### Changes:<br><br>- Added `CONFIG_NF_CONNTRACK_BRIDGE` (for nf_conntrack_bridge) and `CONFIG_NFT_BRIDGE_META` (for nft_meta_bridge) to the kernel config to allow using conntrack rules for bridges in nftables and to match on bridge interface names ([coreos-overlay#2207](https://github.com/flatcar/coreos-overlay/pull/2207))<br>- Added new image signing pub key to `flatcar-install`, needed for download verification of releases built from July 2023 onwards, if you have copies of `flatcar-install` or the image signing pub key, you need to update them as well ([init#92](https://github.com/flatcar/init/pull/92))<br>- Change CONFIG_WIREGUARD kernel option to module to save space on boot partition ([coreos-overlay#2239](https://github.com/flatcar/coreos-overlay/pull/2239))<br>- Disable several arch specific arm64 kernel config options for unsupported platforms to save space on boot partition ([coreos-overlay#2239](https://github.com/flatcar/coreos-overlay/pull/2239))<br>- Specifying the OEM filesystem in Ignition to write files to `/usr/share/oem` is not needed anymore ([bootengine#58](https://github.com/flatcar/bootengine/pull/58))<br>- Switched from `--strip-unneeded` to `--strip-debug` when installing kernel modules, which makes kernel stacktraces more accurate and makes debugging issues easier ([coreos-overlay#2196](https://github.com/flatcar/coreos-overlay/pull/2196))<br>- The flatcar-update tool got two new flags to customize ports used on the host while updating flatcar ([init#81](https://github.com/flatcar/init/pull/81))<br>- Toolbox now uses containerd to download and mount the image ([toolbox#7](https://github.com/flatcar/toolbox/pull/7))<br>- Add qemu-guest-agent to all amd64 images, it will be automatically enabled when qemu-ga virtio-port is detected ([coreos-overlay#2240](https://github.com/flatcar/coreos-overlay/pull/2240), [portage-stable#373](https://github.com/flatcar/portage-stable/pull/373))<br><br>#### Updates:<br><br>- Linux ([5.15.98](https://lwn.net/Articles/925080) (includes [5.15.97](https://lwn.net/Articles/925064), [5.15.96](https://lwn.net/Articles/924441), [5.15.95](https://lwn.net/Articles/924073), [5.15.94](https://lwn.net/Articles/923308), [5.15.93](https://lwn.net/Articles/922814)))<br>- Linux Firmware ([20230117](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20230117))<br>- adcli ([0.9.2](https://gitlab.freedesktop.org/realmd/adcli/-/commits/8e88e3590a19006362ea8b8dfdc18bb88b3cb3b5/))<br>- bind tools ([9.16.36](https://bind9.readthedocs.io/en/v9_16_36/notes.html#notes-for-bind-9-16-36) (includes [9.16.34](https://bind9.readthedocs.io/en/v9_16_35/notes.html#notes-for-bind-9-16-34) and [9.16.35](https://bind9.readthedocs.io/en/v9_16_34/notes.html#notes-for-bind-9-16-35)))<br>- binutils ([2.39](https://sourceware.org/pipermail/binutils/2022-August/122246.html))<br>- bpftool ([5.19.12](https://lwn.net/Articles/909678/))<br>- ca-certificates ([3.89](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_89.html))<br>- containerd ([1.6.16](https://github.com/containerd/containerd/releases/tag/v1.6.16))<br>- cpio ([2.13](https://lists.gnu.org/archive/html/bug-cpio/2019-11/msg00000.html))<br>- curl ([7.87.0](https://curl.se/changes.html#7_87_0) (includes [7.85](https://curl.se/mail/archive-2022-08/0012.html)))<br>- dbus ([1.14.4](https://gitlab.freedesktop.org/dbus/dbus/-/raw/dbus-1.14.4/NEWS))<br>- Docker ([20.10.23](https://docs.docker.com/engine/release-notes/#201023))<br>- elfutils ([0.188](https://sourceware.org/pipermail/elfutils-devel/2022q4/005561.html) (includes [0.187](https://sourceware.org/pipermail/elfutils-devel/2022q2/004978.html)))<br>- Expat ([2.5.0](https://github.com/libexpat/libexpat/blob/R_2_5_0/expat/Changes))<br>- gawk ([5.2.1](https://lists.gnu.org/archive/html/help-gawk/2022-11/msg00008.html) (contains [5.2.0](https://lists.gnu.org/archive/html/help-gawk/2022-09/msg00000.html)))<br>- gettext ([0.21.1](https://git.savannah.gnu.org/gitweb/?p=gettext.git;a=blob;f=NEWS;h=cdbb16746c23555e70bb1e16917f5c349ce92d9e;hb=8b38ee827251cadbb90cb6cb576ae98702566288))<br>- git ([2.39.1](https://github.com/git/git/blob/v2.39.1/Documentation/RelNotes/2.39.1.txt) (includes [2.39.0](https://github.com/git/git/blob/v2.39.0/Documentation/RelNotes/2.39.0.txt)))<br>- glib ([2.74.4](https://gitlab.gnome.org/GNOME/glib/-/tags/2.74.4))<br>- Go ([1.19.5](https://go.dev/doc/devel/release#go1.19.5))<br>- glibc ([2.36](https://sourceware.org/pipermail/libc-alpha/2022-August/141193.html) (includes [2.35](https://savannah.gnu.org/forum/forum.php?forum_id=10111)))<br>- GnuTLS ([3.7.8](https://lists.gnupg.org/pipermail/gnutls-help/2022-September/004765.html))<br>- I2C tools ([4.3](https://git.kernel.org/pub/scm/utils/i2c-tools/i2c-tools.git/tree/CHANGES?id=d8bc1f1ff4b00a6bd988aa114100ae9b787f50d8))<br>- Intel Microcode ([20221108](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20221108))<br>- iptables ([1.8.8](https://www.netfilter.org/projects/iptables/files/changes-iptables-1.8.8.txt))<br>- iputils ([20211215](https://github.com/iputils/iputils/releases/tag/20211215))<br>- libcap ([2.66](https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.d9ygdose5kw))<br>- libcap-ng ([0.8.3](https://people.redhat.com/sgrubb/libcap-ng/ChangeLog))<br>- libksba ([1.6.3](https://dev.gnupg.org/T6304))<br>- libseccomp ([2.5.4](https://github.com/seccomp/libseccomp/releases/tag/v2.5.4) (contains [2.5.2](https://github.com/seccomp/libseccomp/releases/tag/v2.5.2), [2.5.3](https://github.com/seccomp/libseccomp/releases/tag/v2.5.3)))<br>- libxml2 ([2.10.3](https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3))<br>- logrotate ([3.20.1](https://github.com/logrotate/logrotate/releases/tag/3.20.1))<br>- MIT Kerberos V ([1.20.1](https://web.mit.edu/kerberos/krb5-1.20/krb5-1.20.1.html))<br>- multipath-tools ([0.9.3](https://github.com/opensvc/multipath-tools/releases/tag/0.9.3))<br>- nettle ([3.8.1](https://git.lysator.liu.se/nettle/nettle/-/blob/990abad16ceacd070747dcc76ed16a39c129321e/ChangeLog))<br>- nmap ([7.93](https://nmap.org/changelog.html#7.93))<br>- OpenSSH ([9.1](http://www.openssh.com/releasenotes.html#9.1))<br>- rsync ([3.2.7](https://download.samba.org/pub/rsync/NEWS#3.2.7))<br>- shadow ([4.13](https://github.com/shadow-maint/shadow/releases/tag/4.13))<br>- sqlite ([3.40.1](https://www.sqlite.org/releaselog/3_40_1.html) (contains [3.40.0](https://www.sqlite.org/releaselog/3_40_0.html) and [3.39.4](https://sqlite.org/releaselog/3_39_4.html)))<br>- strace ([5.19](https://github.com/strace/strace/releases/tag/v5.19))<br>- sudo ([1.9.12_p2](https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_12p2))<br>- systemd ([252.5](https://github.com/systemd/systemd-stable/releases/tag/v252.5) (includes [252](https://github.com/systemd/systemd/releases/tag/v252)))<br>- vim ([9.0.1157](https://github.com/vim/vim/releases/tag/v9.0.1157) (includes [9.0.0469](https://github.com/vim/vim/releases/tag/v9.0.0469)))<br>- wget ([1.21.3](https://lists.gnu.org/archive/html/info-gnu/2022-02/msg00017.html))<br>- whois ([5.5.14](https://github.com/rfc1036/whois/commit/ab10466cf2e1ec4887f6a44375c3e29c1720157f))<br>- wireguard-tools ([1.0.20210914](https://github.com/WireGuard/wireguard-tools/releases/tag/v1.0.20210914))<br>- XZ utils ([5.4.1](https://github.com/tukaani-project/xz/releases/tag/v5.4.1) (includes [5.4.0](https://github.com/tukaani-project/xz/releases/tag/v5.4.0)))<br>- zlib ([1.2.13](https://github.com/madler/zlib/releases/tag/v1.2.13))<br>- OEM: python-oem ([3.9.16](https://www.python.org/downloads/release/python-3916/))<br>- SDK: boost ([1.81.0](https://www.boost.org/users/history/version_1_81_0.html))<br>- SDK: catalyst ([3.0.21](https://gitweb.gentoo.org/proj/catalyst.git/log/?h=3.0.21))<br>- SDK: cmake ([3.23.3](https://cmake.org/cmake/help/v3.23/release/3.23.html))<br>- SDK: file ([5.43](https://mailman.astron.com/pipermail/file/2022-September/000857.html) (includes [5.44](https://github.com/file/file/blob/FILE5_44/ChangeLog)))<br>- SDK: libpng ([1.6.39](http://www.libpng.org/pub/png/src/libpng-1.6.39-README.txt) (includes [1.6.38](http://www.libpng.org/pub/png/src/libpng-1.6.38-README.txt)))<br>- SDK: libxslt ([1.1.37](https://gitlab.gnome.org/GNOME/libxslt/-/tags/v1.1.37))<br>- SDK: meson ([0.62.2](https://mesonbuild.com/Release-notes-for-0-62-0.html))<br>- SDK: ninja ([1.11.0](https://groups.google.com/g/ninja-build/c/R2oCyDctDf8/m/-U94Y5I8AgAJ?pli=1))<br>- SDK: pahole ([1.23](https://git.kernel.org/pub/scm/devel/pahole/pahole.git/tag/?h=v1.23))<br>- SDK: perl ([5.36.0](https://perldoc.perl.org/5.36.0/perldelta))<br>- SDK: portage ([3.0.43](https://github.com/gentoo/portage/blob/portage-3.0.43/NEWS) (includes [3.0.42](https://github.com/gentoo/portage/blob/portage-3.0.42/NEWS), [3.0.41](https://gitweb.gentoo.org/proj/portage.git/tree/NEWS?h=portage-3.0.41)))<br>- SDK: qemu ([7.2.0](https://wiki.qemu.org/ChangeLog/7.2) (includes [7.1.0](https://wiki.qemu.org/ChangeLog/7.1)))<br>- SDK: Rust ([1.67.0](https://github.com/rust-lang/rust/releases/tag/1.67.0))<br>- VMware: open-vm-tools ([12.1.5](https://github.com/vmware/open-vm-tools/releases/tag/stable-12.1.5))<br><br>_Changes since **Beta 3510.1.0**_<br><br>#### Security fixes:<br><br><br>#### Bug fixes:<br><br>- Restored the support to specify OEM partition files in Ignition when `/usr/share/oem` is given as initrd mount point ([bootengine#58](https://github.com/flatcar/bootengine/pull/58))<br><br>#### Changes:<br><br>- Added new image signing pub key to `flatcar-install`, needed for download verification of releases built from July 2023 onwards, if you have copies of `flatcar-install` or the image signing pub key, you need to update them as well ([init#92](https://github.com/flatcar/init/pull/92))<br>- Specifying the OEM filesystem in Ignition to write files to `/usr/share/oem` is not needed anymore ([bootengine#58](https://github.com/flatcar/bootengine/pull/58))<br><br>#### Updates:<br><br>- ca-certificates ([3.89](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_89.html))<br>Packages:<br>- containerd 1.6.16<br>- docker 20.10.23<br>- ignition 2.14.0<br>- kernel 5.15.98<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-04-17T13:19:22+00:00 @@ -102,7 +110,7 @@ https://github.com/flatcar/scripts/releases/tag/stable-3374.2.5 3374.2.5 - 2023-10-25T10:20:45.044867+00:00 + 2023-11-22T09:59:34.969467+00:00 _Changes since **Stable 3374.2.4**_<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2022-4129](https://nvd.nist.gov/vuln/detail/CVE-2022-4129), [CVE-2022-4382](https://nvd.nist.gov/vuln/detail/CVE-2022-4382), [CVE-2022-4842](https://nvd.nist.gov/vuln/detail/CVE-2022-4842), [CVE-2023-1073](https://nvd.nist.gov/vuln/detail/CVE-2023-1073), [CVE-2023-1074](https://nvd.nist.gov/vuln/detail/CVE-2023-1074), [CVE-2023-23559](https://nvd.nist.gov/vuln/detail/CVE-2023-23559))<br> <br> #### Bug fixes:<br> <br> - Excluded the special Kubernetes network interfaces `nodelocaldns` and `kube-ipvs0` from being managed with systemd-networkd which interfered with the setup ([init#89](https://github.com/flatcar/init/pull/89)).<br> <br> #### Updates:<br> <br> - Linux ([5.15.92](https://lwn.net/Articles/922340) (includes [5.15.91](https://lwn.net/Articles/921851), [5.15.90](https://lwn.net/Articles/921029)))<br><br>Packages:<br>- containerd 1.6.8<br>- docker 20.10.18<br>- ignition 2.14.0<br>- kernel 5.15.92<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-03-07T15:24:37+00:00 @@ -110,7 +118,7 @@ https://github.com/flatcar/scripts/releases/tag/stable-3374.2.4 3374.2.4 - 2023-10-25T10:20:45.039956+00:00 + 2023-11-22T09:59:34.964507+00:00 _Changes since **Stable 3374.2.3**_<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2022-36280](https://nvd.nist.gov/vuln/detail/CVE-2022-36280), [CVE-2022-41218](https://nvd.nist.gov/vuln/detail/CVE-2022-41218), [CVE-2022-47929](https://nvd.nist.gov/vuln/detail/CVE-2022-47929), [CVE-2023-0045](https://nvd.nist.gov/vuln/detail/CVE-2023-0045), [CVE-2023-0179](https://nvd.nist.gov/vuln/detail/CVE-2023-0179), [CVE-2023-0210](https://nvd.nist.gov/vuln/detail/CVE-2023-0210), [CVE-2023-0266](https://nvd.nist.gov/vuln/detail/CVE-2023-0266), [CVE-2023-0394](https://nvd.nist.gov/vuln/detail/CVE-2023-0394), [CVE-2023-23454](https://nvd.nist.gov/vuln/detail/CVE-2023-23454), [CVE-2023-23455](https://nvd.nist.gov/vuln/detail/CVE-2023-23455))<br><br> <br> #### Updates:<br> <br> - Linux ([5.15.89](https://lwn.net/Articles/920321) (includes [5.15.88](https://lwn.net/Articles/920012), [5.15.87](https://lwn.net/Articles/919793)))<br> - ca-certificates ([3.88.1](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_88_1.html))<br> - cri-tools ([1.24.2](https://github.com/kubernetes-sigs/cri-tools/releases/tag/v1.24.2))<br><br>Packages:<br>- containerd 1.6.8<br>- docker 20.10.18<br>- ignition 2.14.0<br>- kernel 5.15.89<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-02-16T13:06:44+00:00 @@ -118,7 +126,7 @@ https://github.com/flatcar/scripts/releases/tag/stable-3374.2.3 3374.2.3 - 2023-10-25T10:20:45.034990+00:00 + 2023-11-22T09:59:34.959492+00:00 _Changes since **Stable 3374.2.2**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-3169](https://nvd.nist.gov/vuln/detail/CVE-2022-3169), [CVE-2022-3344](https://nvd.nist.gov/vuln/detail/CVE-2022-3344), [CVE-2022-3424](https://nvd.nist.gov/vuln/detail/CVE-2022-3424), [CVE-2022-3521](https://nvd.nist.gov/vuln/detail/CVE-2022-3521), [CVE-2022-3534](https://nvd.nist.gov/vuln/detail/CVE-2022-3534), [CVE-2022-3545](https://nvd.nist.gov/vuln/detail/CVE-2022-3545), [CVE-2022-3643](https://nvd.nist.gov/vuln/detail/CVE-2022-3643), [CVE-2022-4378](https://nvd.nist.gov/vuln/detail/CVE-2022-4378), [CVE-2022-45869](https://nvd.nist.gov/vuln/detail/CVE-2022-45869), [CVE-2022-45934](https://nvd.nist.gov/vuln/detail/CVE-2022-45934), [CVE-2022-47518](https://nvd.nist.gov/vuln/detail/CVE-2022-47518), [CVE-2022-47519](https://nvd.nist.gov/vuln/detail/CVE-2022-47519), [CVE-2022-47520](https://nvd.nist.gov/vuln/detail/CVE-2022-47520), [CVE-2022-47521](https://nvd.nist.gov/vuln/detail/CVE-2022-47521))<br>- git ([CVE-2022-23521](https://nvd.nist.gov/vuln/detail/CVE-2022-23521), [CVE-2022-41903](https://nvd.nist.gov/vuln/detail/CVE-2022-41903))<br><br>#### Bug fixes:<br><br>- Fix "ext4 deadlock under heavy I/O load" kernel issue. The patch for this is included provisionally while we stay with Kernel 5.15.86. ([Flatcar#847](https://github.com/flatcar/Flatcar/issues/847), [coreos-overlay#2402](https://github.com/flatcar/coreos-overlay/pull/2402))<br><br>#### Changes:<br><br><br>#### Updates:<br><br>- Linux ([5.15.86](https://lwn.net/Articles/918808) (includes [5.15.85](https://lwn.net/Articles/918329), [5.15.84](https://lwn.net/Articles/918206), [5.15.83](https://lwn.net/Articles/917896), [5.15.82](https://lwn.net/Articles/917400), [5.15.81](https://lwn.net/Articles/916763), [5.15.80](https://lwn.net/Articles/916003)))<br>- git ([2.37.5](https://github.com/git/git/blob/v2.37.5/Documentation/RelNotes/2.37.5.txt))<br><br>Packages:<br>- containerd 1.6.8<br>- docker 20.10.18<br>- ignition 2.14.0<br>- kernel 5.15.86<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-01-24T13:15:20+00:00 @@ -126,7 +134,7 @@ https://github.com/flatcar/scripts/releases/tag/stable-3374.2.2 3374.2.2 - 2023-10-25T10:20:45.029492+00:00 + 2023-11-22T09:59:34.953956+00:00 _Changes since **Stable 3374.2.1**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-3543](https://nvd.nist.gov/vuln/detail/CVE-2022-3543), [CVE-2022-3564](https://nvd.nist.gov/vuln/detail/CVE-2022-3564), [CVE-2022-3619](https://nvd.nist.gov/vuln/detail/CVE-2022-3619), [CVE-2022-3623](https://nvd.nist.gov/vuln/detail/CVE-2022-3623), [CVE-2022-3628](https://nvd.nist.gov/vuln/detail/CVE-2022-3628), [CVE-2022-42895](https://nvd.nist.gov/vuln/detail/CVE-2022-42895), [CVE-2022-42896](https://nvd.nist.gov/vuln/detail/CVE-2022-42896))<br><br>#### Updates:<br><br>- Linux ([5.15.79](https://lwn.net/Articles/915100) (includes [5.15.78](https://lwn.net/Articles/914423), [5.15.77](https://lwn.net/Articles/913681), [5.15.76](https://lwn.net/Articles/912997), [5.15.75](https://lwn.net/Articles/912500)))<br>- ca-certificates ([3.87](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_87.html))<br><br>Packages:<br>- containerd 1.6.8<br>- docker 20.10.18<br>- ignition 2.14.0<br>- kernel 5.15.79<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-01-11T13:31:35+00:00 @@ -134,7 +142,7 @@ https://github.com/flatcar/scripts/releases/tag/stable-3374.2.1 3374.2.1 - 2023-10-25T10:20:45.024656+00:00 + 2023-11-22T09:59:34.949083+00:00 _Changes since **Stable 3374.2.0**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-2602](https://nvd.nist.gov/vuln/detail/CVE-2022-2602), [CVE-2022-3524](https://nvd.nist.gov/vuln/detail/CVE-2022-3524), [CVE-2022-3535](https://nvd.nist.gov/vuln/detail/CVE-2022-3535), [CVE-2022-3542](https://nvd.nist.gov/vuln/detail/CVE-2022-3542), [CVE-2022-3565](https://nvd.nist.gov/vuln/detail/CVE-2022-3565), [CVE-2022-3594](https://nvd.nist.gov/vuln/detail/CVE-2022-3594), [CVE-2022-41849](https://nvd.nist.gov/vuln/detail/CVE-2022-41849), [CVE-2022-41850](https://nvd.nist.gov/vuln/detail/CVE-2022-41850), [CVE-2022-43945](https://nvd.nist.gov/vuln/detail/CVE-2022-43945))<br> <br> #### Updates:<br> <br> - Linux ([5.15.77](https://lwn.net/Articles/913681) (includes [5.15.76](https://lwn.net/Articles/912997), [5.15.75](https://lwn.net/Articles/912500)))<br> - ca-certificates ([3.85](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_85.html))<br>Packages:<br>- containerd 1.6.8<br>- docker 20.10.18<br>- ignition 2.14.0<br>- kernel 5.15.77<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-12-09T09:46:15+00:00 @@ -142,7 +150,7 @@ https://github.com/flatcar/scripts/releases/tag/stable-3374.2.0 3374.2.0 - 2023-10-25T10:20:45.019790+00:00 + 2023-11-22T09:59:34.944151+00:00 _Changes since **Stable 3227.2.4**_<br> <br> #### Security fixes:<br> <br>- Linux ([CVE-2022-2308](https://nvd.nist.gov/vuln/detail/CVE-2022-2308), [CVE-2022-3621](https://nvd.nist.gov/vuln/detail/CVE-2022-3621), [CVE-2022-3646](https://nvd.nist.gov/vuln/detail/CVE-2022-3646), [CVE-2022-3649](https://nvd.nist.gov/vuln/detail/CVE-2022-3649), [CVE-2022-40768](https://nvd.nist.gov/vuln/detail/CVE-2022-40768), [CVE-2022-41674](https://nvd.nist.gov/vuln/detail/CVE-2022-41674), [CVE-2022-42719](https://nvd.nist.gov/vuln/detail/CVE-2022-42719), [CVE-2022-42720](https://nvd.nist.gov/vuln/detail/CVE-2022-42720), [CVE-2022-42721](https://nvd.nist.gov/vuln/detail/CVE-2022-42721), [CVE-2022-42722](https://nvd.nist.gov/vuln/detail/CVE-2022-42722), [CVE-2022-43750](https://nvd.nist.gov/vuln/detail/CVE-2022-43750))<br>- binutils ([CVE-2021-45078](https://nvd.nist.gov/vuln/detail/CVE-2021-45078))<br>- cifs-utils ([CVE-2022-27239](https://nvd.nist.gov/vuln/detail/CVE-2022-27239), [CVE-2022-29869](https://nvd.nist.gov/vuln/detail/CVE-2022-29869))<br>- curl ([CVE-2022-22576](https://nvd.nist.gov/vuln/detail/CVE-2022-22576), [CVE-2022-27774](https://nvd.nist.gov/vuln/detail/CVE-2022-27774), [CVE-2022-27775](https://nvd.nist.gov/vuln/detail/CVE-2022-27775), [CVE-2022-27776](https://nvd.nist.gov/vuln/detail/CVE-2022-27776), [CVE-2022-27778](https://nvd.nist.gov/vuln/detail/CVE-2022-27778), [CVE-2022-27779](https://nvd.nist.gov/vuln/detail/CVE-2022-27779), [CVE-2022-27780](https://nvd.nist.gov/vuln/detail/CVE-2022-27780), [CVE-2022-27781](https://nvd.nist.gov/vuln/detail/CVE-2022-27781), [CVE-2022-27782](https://nvd.nist.gov/vuln/detail/CVE-2022-27782), [CVE-2022-30115](https://nvd.nist.gov/vuln/detail/CVE-2022-30115), [CVE-2022-32205](https://nvd.nist.gov/vuln/detail/CVE-2022-32205), [CVE-2022-32206](https://nvd.nist.gov/vuln/detail/CVE-2022-32206), [CVE-2022-32207](https://nvd.nist.gov/vuln/detail/CVE-2022-32207), [CVE-2022-32208](https://nvd.nist.gov/vuln/detail/CVE-2022-32208))<br>- Docker ([CVE-2022-29526](https://nvd.nist.gov/vuln/detail/CVE-2022-29526), [CVE-2022-36109](https://nvd.nist.gov/vuln/detail/CVE-2022-36109))<br>- git ([CVE-2022-24765](https://nvd.nist.gov/vuln/detail/CVE-2022-24765), [CVE-2022-29187](https://nvd.nist.gov/vuln/detail/CVE-2022-29187))<br>- GNU Libtasn1 ([Gentoo#866237](https://bugs.gentoo.org/866237))<br>- gnupg ([CVE-2022-34903](https://nvd.nist.gov/vuln/detail/CVE-2022-34903))<br>- gnutls ([CVE-2022-2509](https://nvd.nist.gov/vuln/detail/CVE-2022-2509))<br>- Go ([CVE-2022-1705](https://nvd.nist.gov/vuln/detail/CVE-2022-1705), [CVE-2022-1962](https://nvd.nist.gov/vuln/detail/CVE-2022-1962), [CVE-2022-27664](https://nvd.nist.gov/vuln/detail/CVE-2022-27664), [CVE-2022-28131](https://nvd.nist.gov/vuln/detail/CVE-2022-28131), [CVE-2022-29526](https://nvd.nist.gov/vuln/detail/CVE-2022-29526), [CVE-2022-30630](https://nvd.nist.gov/vuln/detail/CVE-2022-30630), [CVE-2022-30631](https://nvd.nist.gov/vuln/detail/CVE-2022-30631), [CVE-2022-30632](https://nvd.nist.gov/vuln/detail/CVE-2022-30632), [CVE-2022-30633](https://nvd.nist.gov/vuln/detail/CVE-2022-30633), [CVE-2022-30635](https://nvd.nist.gov/vuln/detail/CVE-2022-30635), [CVE-2022-32148](https://nvd.nist.gov/vuln/detail/CVE-2022-32148), [CVE-2022-32190](https://nvd.nist.gov/vuln/detail/CVE-2022-32190))<br>- ignition ([CVE-2022-1706](https://nvd.nist.gov/vuln/detail/CVE-2022-1706))<br>- intel-microcode ([CVE-2022-21151](https://nvd.nist.gov/vuln/detail/CVE-2022-21151), [CVE-2022-21233](https://nvd.nist.gov/vuln/detail/CVE-2022-21233))<br>- libtirpc ([CVE-2021-46828](https://nvd.nist.gov/vuln/detail/CVE-2021-46828))<br>- libxml2 ([CVE-2016-3709](https://nvd.nist.gov/vuln/detail/CVE-2016-3709), [CVE-2022-2309](https://nvd.nist.gov/vuln/detail/CVE-2022-2309), [CVE-2022-29824](https://nvd.nist.gov/vuln/detail/CVE-2022-29824))<br>- ncurses ([CVE-2022-29458](https://nvd.nist.gov/vuln/detail/CVE-2022-29458))<br>- oniguruma ([oniguruma-20220430](https://bugs.gentoo.org/841893))<br>- openssl ([CVE-2022-1292](https://nvd.nist.gov/vuln/detail/CVE-2022-1292), [CVE-2022-1343](https://nvd.nist.gov/vuln/detail/CVE-2022-1343), [CVE-2022-1434](https://nvd.nist.gov/vuln/detail/CVE-2022-1434), [CVE-2022-1473](https://nvd.nist.gov/vuln/detail/CVE-2022-1473))<br>- polkit ([CVE-2021-4115](https://nvd.nist.gov/vuln/detail/CVE-2021-4115))<br>- rsync ([CVE-2018-25032](https://nvd.nist.gov/vuln/detail/CVE-2018-25032), [CVE-2022-29154](https://nvd.nist.gov/vuln/detail/CVE-2022-29154))<br>- runc ([CVE-2022-29162](https://nvd.nist.gov/vuln/detail/CVE-2022-29162))<br>- shadow ([CVE-2013-4235](https://nvd.nist.gov/vuln/detail/CVE-2013-4235))<br>- unzip ([CVE-2022-0529](https://nvd.nist.gov/vuln/detail/CVE-2022-0529), [CVE-2022-0530](https://nvd.nist.gov/vuln/detail/CVE-2022-0530), [CVE-2021-4217](https://nvd.nist.gov/vuln/detail/CVE-2021-4217))<br>- vim ([CVE-2022-0629](https://nvd.nist.gov/vuln/detail/CVE-2022-0629), [CVE-2022-0685](https://nvd.nist.gov/vuln/detail/CVE-2022-0685), [CVE-2022-0714](https://nvd.nist.gov/vuln/detail/CVE-2022-0714), [CVE-2022-0729](https://nvd.nist.gov/vuln/detail/CVE-2022-0729), [CVE-2022-0943](https://nvd.nist.gov/vuln/detail/CVE-2022-0943), [CVE-2022-1154](https://nvd.nist.gov/vuln/detail/CVE-2022-1154), [CVE-2022-1160](https://nvd.nist.gov/vuln/detail/CVE-2022-1160), [CVE-2022-1381](https://nvd.nist.gov/vuln/detail/CVE-2022-1381), [CVE-2022-1420](https://nvd.nist.gov/vuln/detail/CVE-2022-1420), [CVE-2022-1616](https://nvd.nist.gov/vuln/detail/CVE-2022-1616), [CVE-2022-1619](https://nvd.nist.gov/vuln/detail/CVE-2022-1619), [CVE-2022-1620](https://nvd.nist.gov/vuln/detail/CVE-2022-1620), [CVE-2022-1621](https://nvd.nist.gov/vuln/detail/CVE-2022-1621), [CVE-2022-1629](https://nvd.nist.gov/vuln/detail/CVE-2022-1629), [CVE-2022-1674](https://nvd.nist.gov/vuln/detail/CVE-2022-1674), [CVE-2022-1733](https://nvd.nist.gov/vuln/detail/CVE-2022-1733), [CVE-2022-1735](https://nvd.nist.gov/vuln/detail/CVE-2022-1735), [CVE-2022-1769](https://nvd.nist.gov/vuln/detail/CVE-2022-1769), [CVE-2022-1771](https://nvd.nist.gov/vuln/detail/CVE-2022-1771), [CVE-2022-1785](https://nvd.nist.gov/vuln/detail/CVE-2022-1785), [CVE-2022-1796](https://nvd.nist.gov/vuln/detail/CVE-2022-1796), [CVE-2022-1897](https://nvd.nist.gov/vuln/detail/CVE-2022-1897), [CVE-2022-1898](https://nvd.nist.gov/vuln/detail/CVE-2022-1898), [CVE-2022-1886](https://nvd.nist.gov/vuln/detail/CVE-2022-1886), [CVE-2022-1851](https://nvd.nist.gov/vuln/detail/CVE-2022-1851), [CVE-2022-1927](https://nvd.nist.gov/vuln/detail/CVE-2022-1927), [CVE-2022-1942](https://nvd.nist.gov/vuln/detail/CVE-2022-1942), [CVE-2022-1968](https://nvd.nist.gov/vuln/detail/CVE-2022-1968), [CVE-2022-2000](https://nvd.nist.gov/vuln/detail/CVE-2022-2000))<br>- zlib ([CVE-2022-37434](https://nvd.nist.gov/vuln/detail/CVE-2022-37434))<br>- VMware: open-vm-tools ([CVE-2022-31676](https://nvd.nist.gov/vuln/detail/CVE-2022-31676))<br>- SDK: qemu ([CVE-2021-20203](https://nvd.nist.gov/vuln/detail/CVE-2021-20203), [CVE-2021-3713](https://nvd.nist.gov/vuln/detail/CVE-2021-3713), [CVE-2021-3930](https://nvd.nist.gov/vuln/detail/CVE-2021-3930), [CVE-2021-3947](https://nvd.nist.gov/vuln/detail/CVE-2021-3947), [CVE-2021-4145](https://nvd.nist.gov/vuln/detail/CVE-2021-4145), [CVE-2022-26353](https://nvd.nist.gov/vuln/detail/CVE-2022-26353), [CVE-2022-26354](https://nvd.nist.gov/vuln/detail/CVE-2022-26354))<br> <br> #### Bug fixes:<br> <br> - Fixed Ignition btrfs forced formatting for OEM partition ([coreos-overlay#2277](https://github.com/flatcar/coreos-overlay/pull/2277))<br> - Removed outdated LTS channel information printed on login ([init#75](https://github.com/flatcar-linux/init/pull/75))<br> <br> #### Changes:<br> <br> - Added efibootmgr binary to the image ([coreos-overlay#1955](https://github.com/flatcar-linux/coreos-overlay/pull/1955))<br> - Added symlink from `nc` to `ncat`. `-q` option is [not yet supported](https://github.com/nmap/nmap/issues/2422) ([flatcar#545](https://github.com/flatcar-linux/Flatcar/issues/545))<br> - flatcar-install: Added option to create UEFI boot entry ([init#74](https://github.com/flatcar-linux/init/pull/74))<br> - AWS: Added AWS IMDSv2 support to coreos-cloudinit ([flatcar-linux/coreos-cloudinit#13](https://github.com/flatcar-linux/coreos-cloudinit/pull/13))<br> - VMware: Added VMware networking configuration in the initramfs via guestinfo settings ([bootengine#44](https://github.com/flatcar-linux/bootengine/pull/44), [flatcar#717](https://github.com/flatcar-linux/Flatcar/issues/717))<br> - VMWare: Added `ignition-delete-config.service` to remove Ignition config from VM metadata, see also [here](https://coreos.github.io/ignition/operator-notes/#automatic-config-deletion) ([coreos-overlay#1948](https://github.com/flatcar-linux/coreos-overlay/pull/1948))<br> <br> #### Updates:<br> <br> <br>- Linux ([5.15.74](https://lwn.net/Articles/911275) (includes ([5.15.73](https://lwn.net/Articles/910957), [5.15.72](https://lwn.net/Articles/910398). [5.15.71](https://lwn.net/Articles/909679)))<br>- Linux Firmware ([20220913](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20220913))<br>- acpid ([2.0.33](https://sourceforge.net/p/acpid2/code/ci/2.0.33/tree/Changelog))<br>- adcli ([0.9.1](https://gitlab.freedesktop.org/realmd/adcli/-/releases#0.9.1))<br>- automake ([1.16.5](https://savannah.gnu.org/forum/forum.php?forum_id=10055))<br>- binutils ([2.38](https://lwn.net/Articles/884264/))<br>- bison ([3.8.2](https://lists.gnu.org/archive/html/bug-bison/2021-09/msg00056.html))<br>- boost ([1.79](https://www.boost.org/users/history/version_1_79_0.html))<br>- cifs-utils ([6.15](https://lists.samba.org/archive/samba-technical/2022-April/137335.html))<br>- containerd ([1.6.8](https://github.com/containerd/containerd/releases/tag/v1.6.8))<br>- curl ([7.84.0](https://github.com/curl/curl/releases/tag/curl-7_84_0))<br>- Cyrus SASL ([2.1.28](https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28))<br>- dbus ([1.12.22](https://gitlab.freedesktop.org/dbus/dbus/-/blob/177ab044bc87cbc4ded75d21b900795a6fefef76/NEWS))<br>- Docker ([20.10.18](https://docs.docker.com/engine/release-notes/#201018))<br>- e2fsprogs ([1.46.5](http://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.46.5))<br>- gcc ([11.3.0](https://gcc.gnu.org/gcc-11/changes.html))<br>- gdb ([11.2](https://lists.gnu.org/archive/html/info-gnu/2022-01/msg00009.html))<br>- gdbm ([1.22](https://lists.gnu.org/archive/html/info-gnu/2021-10/msg00006.html))<br>- git ([2.35.3](https://github.com/git/git/blob/v2.35.3/Documentation/RelNotes/2.35.3.txt))<br>- glib ([2.72.3](https://gitlab.gnome.org/GNOME/glib/-/tags/2.73.3))<br>- GNU Libtasn1 ([4.19.0](https://lists.gnu.org/archive/html/help-libtasn1/2022-08/msg00001.html))<br>- gnupg ([2.2.35](https://dev.gnupg.org/T5928))<br>- gnutls ([3.7.7](https://gitlab.com/gnutls/gnutls/-/tags/3.7.7))<br>- Go ([1.18.6](https://go.dev/doc/devel/release#go1.18.6))<br>- ignition ([2.14.0](https://github.com/coreos/ignition/releases/tag/v2.14.0))<br>- intel-microcode ([20220809](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20220809))<br>- ldb ([2.4.1](https://gitlab.com/samba-team/samba/-/commit/a795e0c84597aa045d011e663dbad3cdabf0f1e6))<br>- libtool ([2.4.7](https://savannah.gnu.org/forum/forum.php?forum_id=10139))<br>- libxml2 ([2.10.2](https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.2))<br>- ncurses ([6.3_p20220423](https://lists.gnu.org/archive/html/info-gnu/2021-11/msg00001.html))<br>- oniguruma ([6.9.8](https://github.com/kkos/oniguruma/releases/tag/v6.9.8))<br>- OpenSSL ([3.0.7](https://www.openssl.org/news/openssl-3.0-notes.html))<br>- perl ([5.34.1](https://perldoc.perl.org/5.34.1/perldelta))<br>- pkgconf ([1.8.0](https://gitea.treehouse.systems/ariadne/pkgconf/src/tag/pkgconf-1.8.0/NEWS))<br>- polkit ([121](https://gitlab.freedesktop.org/polkit/polkit/-/commit/827b0ddac5b1ef00a47fca4526fcf057bee5f1db))<br>- python ([3.9.12](https://www.python.org/downloads/release/python-3912/))<br>- rsync ([3.2.6](https://github.com/WayneD/rsync/releases/tag/v3.2.6))<br>- runc ([1.1.4](https://github.com/opencontainers/runc/releases/tag/v1.1.4))<br>- samba ([4.15.4](https://www.samba.org/samba/history/samba-4.15.4.html))<br>- shadow ([4.12.3](https://github.com/shadow-maint/shadow/releases/tag/4.12.3))<br>- sqlite ([3.38.1](https://www.sqlite.org/releaselog/3_38_1.html))<br>- sudo ([1.9.10](https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_10))<br>- talloc ([2.3.3](https://gitlab.com/samba-team/samba/-/commit/bc1ee7ca0640f0136e5af7dcc4ca8ed0a5893053))<br>- tevent ([0.11.0](https://gitlab.com/samba-team/samba/-/commit/de4e8a1af9564f6056f9af90867c2f013449051c))<br>- unzip ([6.0_p27](https://metadata.ftp-master.debian.org/changelogs//main/u/unzip/unzip_6.0-27_changelog))<br>- vim ([8.2.5066](https://github.com/vim/vim/releases/tag/v8.2.5066))<br>- OEM: distro ([1.7.0](https://github.com/python-distro/distro/releases/tag/v1.7.0))<br>- OEM: python ([3.9.12](https://www.python.org/downloads/release/python-3912/))<br>- VMware: open-vm-tools ([12.1.0](https://github.com/vmware/open-vm-tools/releases/tag/stable-12.1.0))<br>- SDK: libxslt ([1.1.35](https://gitlab.gnome.org/GNOME/libxslt/-/tags/v1.1.35))<br>- SDK: qemu ([7.0.0](https://wiki.qemu.org/ChangeLog/7.0))<br>- SDK: Rust ([1.63.0](https://github.com/rust-lang/rust/releases/tag/1.63.0))<br><br>_Changes since **Beta 3374.1.1**_<br><br>#### Bug fixes:<br><br>- Fixed Ignition btrfs forced formatting for OEM partition ([coreos-overlay#2277](https://github.com/flatcar/coreos-overlay/pull/2277))<br><br>#### Updates:<br><br>- OpenSSL ([3.0.7](https://www.openssl.org/news/openssl-3.0-notes.html))<br><br>Packages:<br>- containerd 1.6.8<br>- docker 20.10.18<br>- ignition 2.14.0<br>- kernel 5.15.74<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-11-17T07:03:54+00:00 @@ -150,7 +158,7 @@ https://github.com/flatcar/scripts/releases/tag/stable-3227.2.4 3227.2.4 - 2023-10-25T10:20:45.007053+00:00 + 2023-11-22T09:59:34.931602+00:00 _Changes since **Stable 3227.2.3**_<br><br>#### Security fixes:<br>- OpenSSL ([CVE-2022-3602](https://nvd.nist.gov/vuln/detail/CVE-2022-3602), [CVE-2022-3786](https://nvd.nist.gov/vuln/detail/CVE-2022-3786))<br> <br>#### Changes:<br>- OpenStack: enabled `coreos-metadata-sshkeys@.service` to provision SSH keys from metadata. ([Flatcar#817](https://github.com/flatcar/Flatcar/issues/817), [coreos-overlay#2246](https://github.com/flatcar/coreos-overlay/pull/2246))<br> <br>#### Updates:<br>- ca-certificates ([3.84](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_84.html))<br><br>Packages:<br>- containerd 1.6.6<br>- docker 20.10.14<br>- ignition 2.13.0<br>- kernel 5.15.70<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-11-09T13:47:07+00:00 @@ -158,7 +166,7 @@ https://github.com/flatcar/scripts/releases/tag/stable-3227.2.3 3227.2.3 - 2023-10-25T10:20:45.002448+00:00 + 2023-11-22T09:59:34.926871+00:00 _Changes since **Stable 3227.2.2**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-0171](https://nvd.nist.gov/vuln/detail/CVE-2022-0171), [CVE-2022-2663](https://nvd.nist.gov/vuln/detail/CVE-2022-2663), [CVE-2022-2905](https://nvd.nist.gov/vuln/detail/CVE-2022-2905), [CVE-2022-3028](https://nvd.nist.gov/vuln/detail/CVE-2022-3028), [CVE-2022-3061](https://nvd.nist.gov/vuln/detail/CVE-2022-3061), [CVE-2022-3176](https://nvd.nist.gov/vuln/detail/CVE-2022-3176), [CVE-2022-3303](https://nvd.nist.gov/vuln/detail/CVE-2022-3303), [CVE-2022-39190](https://nvd.nist.gov/vuln/detail/CVE-2022-39190), [CVE-2022-39842](https://nvd.nist.gov/vuln/detail/CVE-2022-39842), [CVE-2022-40307](https://nvd.nist.gov/vuln/detail/CVE-2022-40307))<br>- Go ([CVE-2022-32189](https://nvd.nist.gov/vuln/detail/CVE-2022-32189))<br>- torcx ([CVE-2022-27191](https://nvd.nist.gov/vuln/detail/CVE-2022-27191))<br>- expat ([CVE-2022-40674](https://nvd.nist.gov/vuln/detail/CVE-2022-40674))<br><br>#### Bug fixes:<br><br>- Added back `gettext` to the OS ([Flatcar#849](https://github.com/flatcar-linux/Flatcar/issues/849))<br>- Added merging of Ignition systemd duplicated units when auto-translating from Ignition 2 to Ignition 3. ([coreos-overlay#2187](https://github.com/flatcar/coreos-overlay/pull/2187))<br>- Equinix Metal: Fixed serial console settings for the `m3.small.x86` instance by expanding the GRUB check for `i386` to `x86_64` [coreos-overlay#2122](https://github.com/flatcar-linux/coreos-overlay/pull/2122)<br><br>#### Changes:<br><br>- emerge-gitclone: Migrate emerge-gitclone to use scripts repo tags and submodule refs<br><br>#### Updates:<br><br>- Linux ([5.15.70](https://lwn.net/Articles/909212) (includes [5.15.69](https://lwn.net/Articles/908782), [5.15.68](https://lwn.net/Articles/908140), [5.15.67](https://lwn.net/Articles/907526), [5.15.66](https://lwn.net/Articles/907524), [5.15.65](https://lwn.net/Articles/907204), [5.15.64](https://lwn.net/Articles/906630)))<br>- ca-certificates ([3.83](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_83.html))<br>- gettext ([0.21](https://www.gnu.org/software/gettext/))<br>- Go ([1.17.13](https://go.dev/doc/devel/release#go1.17.13))<br>- locksmith([0.7.0](https://github.com/flatcar/locksmith/blob/v0.7.0/CHANGELOG.md#v070--30112021))<br>- expat ([2.4.9](https://github.com/libexpat/libexpat/blob/R_2_4_9/expat/Changes))<br><br>Packages:<br>- containerd 1.6.6<br>- docker 20.10.14<br>- ignition 2.13.0<br>- kernel 5.15.70<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-10-17T14:38:46+00:00 @@ -166,7 +174,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3227.2.2 3227.2.2 - 2023-10-25T10:20:44.996585+00:00 + 2023-11-22T09:59:34.920998+00:00 _Note: The ARM64 AWS AMI of the Stable release has an unknown issue of corrupted images which we are still investigating. We will release the AMI as soon as we have resolved the issue. Follow [#840](https://github.com/flatcar/Flatcar/issues/840) for more information_<br><br>_Changes since **Stable 3227.2.1**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-1679](https://nvd.nist.gov/vuln/detail/CVE-2022-1679), [CVE-2022-2585](https://nvd.nist.gov/vuln/detail/CVE-2022-2585), [CVE-2022-2586](https://nvd.nist.gov/vuln/detail/CVE-2022-2586), [CVE-2022-2588](https://nvd.nist.gov/vuln/detail/CVE-2022-2588), [CVE-2022-26373](https://nvd.nist.gov/vuln/detail/CVE-2022-26373), [CVE-2022-36946](https://nvd.nist.gov/vuln/detail/CVE-2022-36946))<br><br>#### Bug fixes:<br><br>- AWS: added EKS support for version 1.22 and 1.23. ([coreos-overlay#2110](https://github.com/flatcar/coreos-overlay/pull/2110), [Flatcar#829](https://github.com/flatcar/Flatcar/issues/829))<br>- VMWare: excluded `wireguard` (and others) from `systemd-networkd` management. ([init#80](https://github.com/flatcar/init/pull/80))<br><br>#### Changes:<br><br>- The new image signing subkey was added to the public key embedded into `flatcar-install` (the old expired on 10th August 2022), only an updated `flatcar-install` script can verify releases signed with the new key ([init#79](https://github.com/flatcar/init/pull/79))<br><br>#### Updates:<br><br>- Linux ([5.15.63](https://lwn.net/Articles/906061) (includes [5.15.62](https://lwn.net/Articles/905533), [5.15.61](https://lwn.net/Articles/904959), [5.15.60](https://lwn.net/Articles/904461), [5.15.59](https://lwn.net/Articles/903688))<br>- ca-certificates ([3.82](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_82.html))<br><br>Packages:<br>- containerd 1.6.6<br>- docker 20.10.14<br>- ignition 2.13.0<br>- kernel 5.15.63<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-09-01T13:00:57+00:00 @@ -174,7 +182,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3227.2.1 3227.2.1 - 2023-10-25T10:20:44.991044+00:00 + 2023-11-22T09:59:34.915371+00:00 New Stable Release 3227.2.1<br><br>Changes since Stable 3227.2.0<br><br>## Security fixes:<br><br>- Linux ([CVE-2022-23816](https://nvd.nist.gov/vuln/detail/CVE-2022-23816), [CVE-2022-23825](https://nvd.nist.gov/vuln/detail/CVE-2022-23825), [CVE-2022-29900](https://nvd.nist.gov/vuln/detail/CVE-2022-29900), [CVE-2022-29901](https://nvd.nist.gov/vuln/detail/CVE-2022-29901))<br><br>## Bug fixes:<br><br>- Added support for Openstack for cloud-init activation ([flatcar-linux/init#76](https://github.com/flatcar/init/pull/76))<br>- Excluded Wireguard interface from `systemd-networkd` default management ([Flatcar#808](https://github.com/flatcar/Flatcar/issues/808))<br>- Fixed `/etc/resolv.conf` symlink by pointing it at `resolv.conf` instead of `stub-resolv.conf`. This bug was present since the update to systemd v250 ([coreos-overlay#2057](https://github.com/flatcar/coreos-overlay/pull/2057))<br>- Fixed excluded interface type from default systemd-networkd configuration ([flatcar-linux/init#78](https://github.com/flatcar/init/pull/78))<br>- Fixed space escaping in the `networkd` Ignition translation ([Flatcar#812](https://github.com/flatcar/Flatcar/issues/812))<br><br>## Changes:<br><br><br>## Updates:<br><br>- Linux ([5.15.58](https://lwn.net/Articles/902917) (includes [5.15.57](https://lwn.net/Articles/902317), [5.15.56](https://lwn.net/Articles/902101)))<br>- ca-certificates ([3.81](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_81.html))<br><br>Packages:<br>- containerd 1.6.6<br>- docker 20.10.14<br>- ignition 2.13.0<br>- kernel 5.15.58<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-08-04T12:07:17+00:00 @@ -182,7 +190,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3227.2.0 3227.2.0 - 2023-10-25T10:20:44.985693+00:00 + 2023-11-22T09:59:34.909952+00:00 New **Stable** Release **3227.2.0**<br><br>_Changes since **Beta 3227.1.1**_<br><br>## Security fixes:<br><br>- Linux ([CVE-2021-33655](https://nvd.nist.gov/vuln/detail/CVE-2021-33655), [CVE-2022-2318](https://nvd.nist.gov/vuln/detail/CVE-2022-2318), [CVE-2022-26365](https://nvd.nist.gov/vuln/detail/CVE-2022-26365), [CVE-2022-33740](https://nvd.nist.gov/vuln/detail/CVE-2022-33740), [CVE-2022-33741](https://nvd.nist.gov/vuln/detail/CVE-2022-33741), [CVE-2022-33742](https://nvd.nist.gov/vuln/detail/CVE-2022-33742), [CVE-2022-33743](https://nvd.nist.gov/vuln/detail/CVE-2022-33743), [CVE-2022-33744](https://nvd.nist.gov/vuln/detail/CVE-2022-33744), [CVE-2022-34918](https://nvd.nist.gov/vuln/detail/CVE-2022-34918))<br>- Go ([CVE-2022-1705](https://nvd.nist.gov/vuln/detail/CVE-2022-1705), [CVE-2022-1962](https://nvd.nist.gov/vuln/detail/CVE-2022-1962), [CVE-2022-28131](https://nvd.nist.gov/vuln/detail/CVE-2022-28131), [CVE-2022-30630](https://nvd.nist.gov/vuln/detail/CVE-2022-30630), [CVE-2022-30631](https://nvd.nist.gov/vuln/detail/CVE-2022-30631), [CVE-2022-30632](https://nvd.nist.gov/vuln/detail/CVE-2022-30632), [CVE-2022-30633](https://nvd.nist.gov/vuln/detail/CVE-2022-30633), [CVE-2022-30635](https://nvd.nist.gov/vuln/detail/CVE-2022-30635), [CVE-2022-32148](https://nvd.nist.gov/vuln/detail/CVE-2022-32148))<br><br>## Bug fixes:<br><br>- The Ignition v3 kargs directive failed before when used with the generic image where no `grub.cfg` exists, this was fixed by creating it first ([bootengine#47](https://github.com/flatcar/bootengine/pull/47))<br><br>## Changes:<br><br>- Enabled `containerd.service` unit, `br_netfilter` and `overlay` modules by default to follow Kubernetes requirements ([coreos-overlay#1944](https://github.com/flatcar/coreos-overlay/pull/1944), [init#72](https://github.com/flatcar/init/pull/72))<br><br>## Updates:<br><br>- Linux ([5.15.55](https://lwn.net/Articles/901380) (includes [5.15.54](https://lwn.net/Articles/900911), [5.15.53](https://lwn.net/Articles/900321), [5.15.52](https://lwn.net/Articles/899788), [5.15.51](https://lwn.net/Articles/899370), [5.15.50](https://lwn.net/Articles/899091), [5.15.49](https://lwn.net/Articles/898622)))<br>- Go ([1.17.12](https://go.dev/doc/devel/release#go1.17.12))<br>- ca-certificates ([3.80](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_80.html))<br><br>_Changes compared to **Stable 3139.2.3**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2021-33655](https://nvd.nist.gov/vuln/detail/CVE-2021-33655), [CVE-2022-2318](https://nvd.nist.gov/vuln/detail/CVE-2022-2318), [CVE-2022-26365](https://nvd.nist.gov/vuln/detail/CVE-2022-26365), [CVE-2022-33740](https://nvd.nist.gov/vuln/detail/CVE-2022-33740), [CVE-2022-33741](https://nvd.nist.gov/vuln/detail/CVE-2022-33741), [CVE-2022-33742](https://nvd.nist.gov/vuln/detail/CVE-2022-33742), [CVE-2022-33743](https://nvd.nist.gov/vuln/detail/CVE-2022-33743), [CVE-2022-33744](https://nvd.nist.gov/vuln/detail/CVE-2022-33744), [CVE-2022-34918](https://nvd.nist.gov/vuln/detail/CVE-2022-34918))<br>- Go ([CVE-2022-1705](https://nvd.nist.gov/vuln/detail/CVE-2022-1705), [CVE-2022-1962](https://nvd.nist.gov/vuln/detail/CVE-2022-1962), [CVE-2022-28131](https://nvd.nist.gov/vuln/detail/CVE-2022-28131), [CVE-2022-30630](https://nvd.nist.gov/vuln/detail/CVE-2022-30630), [CVE-2022-30631](https://nvd.nist.gov/vuln/detail/CVE-2022-30631), [CVE-2022-30632](https://nvd.nist.gov/vuln/detail/CVE-2022-30632), [CVE-2022-30633](https://nvd.nist.gov/vuln/detail/CVE-2022-30633), [CVE-2022-30635](https://nvd.nist.gov/vuln/detail/CVE-2022-30635), [CVE-2022-32148](https://nvd.nist.gov/vuln/detail/CVE-2022-32148))<br>- cifs-utils ([CVE-2021-20208](https://nvd.nist.gov/vuln/detail/CVE-2021-20208))<br>- containerd ([CVE-2022-23648](https://nvd.nist.gov/vuln/detail/CVE-2022-23648), [CVE-2022-24769](https://nvd.nist.gov/vuln/detail/CVE-2022-24769), [CVE-2022-31030](https://nvd.nist.gov/vuln/detail/CVE-2022-31030))<br>- cryptsetup ([CVE-2021-4122](https://nvd.nist.gov/vuln/detail/CVE-2021-4122)) <br>- duktape ([CVE-2021-46322](https://nvd.nist.gov/vuln/detail/CVE-2021-46322))<br>- gnutls ([CVE-2021-4209](https://nvd.nist.gov/vuln/detail/CVE-2021-4209), [GNUTLS-SA-2022-01-17](https://gitlab.com/gnutls/gnutls/-/issues/1277))<br>- gzip,xz-utils ([CVE-2022-1271](https://nvd.nist.gov/vuln/detail/CVE-2022-1271))<br>- intel-microcode ([CVE-2021-0127](https://nvd.nist.gov/vuln/detail/CVE-2021-0127), [CVE-2021-0146](https://nvd.nist.gov/vuln/detail/CVE-2021-0146))<br>- libarchive ([CVE-2021-31566](https://nvd.nist.gov/vuln/detail/CVE-2021-31566), [CVE-2021-36976](https://nvd.nist.gov/vuln/detail/CVE-2021-36976), [CVE-2022-26280](https://nvd.nist.gov/vuln/detail/CVE-2022-26280))<br>- libxml2 ([CVE-2022-23308](https://nvd.nist.gov/vuln/detail/CVE-2022-23308))<br>- nvidia-drivers ([CVE-2022-28181](https://nvd.nist.gov/vuln/detail/CVE-2022-28181), [CVE-2022-28183](https://nvd.nist.gov/vuln/detail/CVE-2022-28183), [CVE-2022-28184](https://nvd.nist.gov/vuln/detail/CVE-2022-28184), [CVE-2022-28185](https://nvd.nist.gov/vuln/detail/CVE-2022-28185))<br>- shadow ([CVE-2013-4235](https://nvd.nist.gov/vuln/detail/CVE-2013-4235))<br>- systemd ([CVE-2021-3997](https://nvd.nist.gov/vuln/detail/CVE-2021-3997))<br>- util-linux ([CVE-2021-3995](https://nvd.nist.gov/vuln/detail/CVE-2021-3995), [CVE-2021-3996](https://nvd.nist.gov/vuln/detail/CVE-2021-3996), [CVE-2022-0563](https://nvd.nist.gov/vuln/detail/CVE-2022-0563))<br>- vim ([CVE-2021-3984](https://nvd.nist.gov/vuln/detail/CVE-2021-3984), [CVE-2021-4019](https://nvd.nist.gov/vuln/detail/CVE-2021-4019), [CVE-2021-4069](https://nvd.nist.gov/vuln/detail/CVE-2021-4069), [CVE-2021-4136](https://nvd.nist.gov/vuln/detail/CVE-2021-4136), [CVE-2021-4173](https://nvd.nist.gov/vuln/detail/CVE-2021-4173),[ CVE-2021-4166](https://nvd.nist.gov/vuln/detail/CVE-2021-4166), [CVE-2021-4187](https://nvd.nist.gov/vuln/detail/CVE-2021-4187), [CVE-2021-4192](https://nvd.nist.gov/vuln/detail/CVE-2021-4192), [CVE-2021-4193](https://nvd.nist.gov/vuln/detail/CVE-2021-4193), [CVE-2022-0128](https://nvd.nist.gov/vuln/detail/CVE-2022-0128), [CVE-2022-0156](https://nvd.nist.gov/vuln/detail/CVE-2022-0156), [CVE-2022-0158](https://nvd.nist.gov/vuln/detail/CVE-2022-0158), [CVE-2022-0213](https://nvd.nist.gov/vuln/detail/CVE-2022-0213), [CVE-2022-0261](https://nvd.nist.gov/vuln/detail/CVE-2022-0261), [CVE-2022-0318](https://nvd.nist.gov/vuln/detail/CVE-2022-0318), [CVE-2022-0319](https://nvd.nist.gov/vuln/detail/CVE-2022-0319), [CVE-2022-0351](https://nvd.nist.gov/vuln/detail/CVE-2022-0351), [CVE-2022-0359](https://nvd.nist.gov/vuln/detail/CVE-2022-0359), [CVE-2022-0361](https://nvd.nist.gov/vuln/detail/CVE-2022-0361), [CVE-2022-0368](https://nvd.nist.gov/vuln/detail/CVE-2022-0368), [CVE-2022-0392](https://nvd.nist.gov/vuln/detail/CVE-2022-0392), [CVE-2022-0393](https://nvd.nist.gov/vuln/detail/CVE-2022-0393), [CVE-2022-0407](https://nvd.nist.gov/vuln/detail/CVE-2022-0407), [CVE-2022-0408](https://nvd.nist.gov/vuln/detail/CVE-2022-0408), [CVE-2022-0413](https://nvd.nist.gov/vuln/detail/CVE-2022-0413), [CVE-2022-0417](https://nvd.nist.gov/vuln/detail/CVE-2022-0417), [CVE-2022-0443](https://nvd.nist.gov/vuln/detail/CVE-2022-0443))<br>- zlib ([CVE-2018-25032](https://nvd.nist.gov/vuln/detail/CVE-2018-25032))<br>- SDK: squashfs-tools ([CVE-2021-40153](https://nvd.nist.gov/vuln/detail/CVE-2021-40153), [CVE-2021-41072](https://nvd.nist.gov/vuln/detail/CVE-2021-41072))<br><br>#### Bug fixes:<br><br>- Added `networkd` translation to `files` section when converting from Ignition 2.x to Ignition 3.x ([coreos-overlay#1910](https://github.com/flatcar/coreos-overlay/pull/1910), [flatcar#741](https://github.com/flatcar/Flatcar/issues/741))<br>- Added a remount action as `systemd-sysext.service` drop-in unit to restore the OEM partition mount after the overlay mounts in `/usr` are done ([init#69](https://github.com/flatcar/init/pull/69))<br>- Fixed Ignition's OEM ID to be `metal` to follow the Ignition upstream change which otherwise resulted in a broken boot when the Flatcar OEM ID `pxe` was used ([bootengine#45](https://github.com/flatcar/bootengine/pull/45))<br>- Made Ignition write the SSH keys into a file under `authorized_keys.d/ignition` again and added a call to `update-ssh-keys` after Ignition ran to create the merged `authorized_keys` file, which fixes the problem that keys added by Ignition get lost when `update-ssh-keys` runs ([init#66](https://github.com/flatcar/init/pull/66))<br>- Skipped starting `ensure-sysext.service` if `systemd-sysext.service` won't be started, to prevent reporting a dependency failure ([Flatcar#710](https://github.com/flatcar/Flatcar/issues/710))<br>- The Ignition v3 kargs directive failed before when used with the generic image where no `grub.cfg` exists, this was fixed by creating it first ([bootengine#47](https://github.com/flatcar/bootengine/pull/47))<br><br>#### Changes:<br><br>- Added `auditd.service` but left it disabled by default, a custom configuration can be created by removing `/etc/audit/auditd.conf` and replacing it with an own file ([coreos-overlay#1636](https://github.com/flatcar/coreos-overlay/pull/1636))<br>- Added `cryptsetup` to the initramfs for the Ignition `luks` directive ([flatcar-linux/coreos-overlay#1760](https://github.com/flatcar/coreos-overlay/pull/1760))<br>- Besides Ignition v1 and v2 configurations, Ignition configurations with specification v3 (up to 3.3.0) are now supported, see the [docs section for details](https://www.flatcar.org/docs/latest/provisioning/ignition/specification/#ignition-v3)<br>- Bring in dependencies for NFS4 with Kerberos both in kernel and userspace. Tested against NFS4.1 server. [coreos-overlay#1664](https://github.com/flatcar/coreos-overlay/pull/1664)<br>- Enabled `CONFIG_INTEL_RAPL` on AMD64 Kernel config to compile `intel_rapl_common` module in order to allow power monitoring on modern Intel processors ([coreos-overlay#1801](https://github.com/flatcar/coreos-overlay/pull/1801))<br>- Enabled `containerd.service` unit, `br_netfilter` and `overlay` modules by default to follow Kubernetes requirements ([coreos-overlay#1944](https://github.com/flatcar/coreos-overlay/pull/1944), [init#72](https://github.com/flatcar/init/pull/72))<br>- Enabled `systemd-sysext.service` to activate systemd-sysext images on boot, to disable you will need to mask it. Also added a helper service `ensure-sysext.service` which reloads the systemd units to reevaluate the `sockets`, `timers`, and `multi-user` targets when `systemd-sysext.service` is (re)started, making it possible to enable units that are part of a sysext image ([init#65](https://github.com/flatcar/init/pull/65))<br>- For amd64 `/usr/lib` used to be a symlink to `/usr/lib64` but now they became two separate folders as common in other distributions (and was the case for arm64 already). Compatibility symlinks exist in case `/usr/lib64` was used to access, e.g., the `modules` folder or the `systemd` folder ([coreos-overlay#1713](https://github.com/flatcar/coreos-overlay/pull/1713), [scripts#255](https://github.com/flatcar/scripts/pull/255))<br>- Made SELinux enabled by default in default containerd configuration file. ([coreos-overlay#1699](https://github.com/flatcar/coreos-overlay/pull/1699))<br>- Removed rngd.service because it is not essential anymore for the kernel to boot fast in VM environments ([coreos-overlay#1700](https://github.com/flatcar/coreos-overlay/pull/1700))<br>- The systemd-networkd `ManageForeignRoutes` and `ManageForeignRoutingPolicyRules` settings are now disabled through a drop-in file and thus can only be enabled again by a drop-in file under `/etc/systemd/networkd.conf.d/` because drop-in files take precedence over `/etc/systemd/networkd.conf` ([init#61](https://github.com/flatcar/init/pull/61))<br>- Azure VHD disks are now created using subformat=fixed, which makes them suitable for immediate upload to Azure using any tool.<br>- Defined a systemd-sysext level that sysext images can match for instead of the OS version when they don't have a strong coupling, meaning the only metadata required is `SYSEXT_LEVEL=1.0` and `ID=flatcar` ([Flatcar#643](https://github.com/flatcar/Flatcar/issues/643))<br>- ARM64: Added [cifs-utils](https://wiki.samba.org/index.php/LinuxCIFS_utils) for ARM64<br>- ARM64: Added [sssd](https://sssd.io/), [adcli](https://www.freedesktop.org/software/realmd/adcli/adcli.html) and realmd for ARM64<br>- AWS EC2: Removed the setup of `/etc/hostname` from the instance metadata because it used a long FQDN but we can just use use the hostname set via DHCP ([Flatcar#707](https://github.com/flatcar/Flatcar/issues/707))<br>- Azure: Set up `/etc/hostname` from instance metadata with Afterburn<br>- DigitalOcean: In addition to the `bz2` image, a `gz` compressed image is published. This helps against hitting the compression timeout that sometimes lets the image import fail.<br>- OpenStack: In addition to the `bz2` image, a `gz` compressed image is published. This allows Glance to directly consume the images by simply passing in the URL of the image.<br>- SDK: The image compression format is now configurable. Supported formats are: `bz2`, `gz`, `zip`, `none`, `zst`. Selecting the image format can now be done by passing the `--image_compression_formats` option. This flag gets a comma separated list of formats.<br>- SDK / ARM64: Added [go-tspi](https://pkg.go.dev/github.com/coreos/go-tspi) bindings for ARM64<br><br>## Updates:<br><br>- Linux ([5.15.55](https://lwn.net/Articles/901380) (includes [5.15.54](https://lwn.net/Articles/900911), [5.15.53](https://lwn.net/Articles/900321), [5.15.52](https://lwn.net/Articles/899788), [5.15.51](https://lwn.net/Articles/899370), [5.15.50](https://lwn.net/Articles/899091), [5.15.49](https://lwn.net/Articles/898622), [5.15.48](https://lwn.net/Articles/898124), [5.15.47](https://lwn.net/Articles/897904), [5.15.46](https://lwn.net/Articles/897377), [5.15.45](https://lwn.net/Articles/897167), [5.15.44](https://lwn.net/Articles/896647), [5.15.43](https://lwn.net/Articles/896231), [5.15.42](https://lwn.net/Articles/896226), [5.15.41](https://lwn.net/Articles/895645), [5.15.40](https://lwn.net/Articles/895318), [5.15.39](https://lwn.net/Articles/895070), [5.15.38](https://lwn.net/Articles/894357), [5.15.37](https://lwn.net/Articles/893264), [5.15.36](https://lwn.net/Articles/892812), [5.15.35](https://lwn.net/Articles/892002)))<br>- Linux Firmware ([20220411](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20220411) (includes [20220310](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20220310), [20220209](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20220209)))<br>- Docker ([20.10.14](https://docs.docker.com/engine/release-notes/#201014) (includes [20.10.13](https://docs.docker.com/engine/release-notes/#201013)))<br>- Go ([1.17.12](https://go.dev/doc/devel/release#go1.17.12))<br>- afterburn ([5.2.0](https://github.com/coreos/afterburn/releases/tag/v5.2.0))<br>- bind-tools ([9.16.27](https://gitlab.isc.org/isc-projects/bind9/-/blob/v9_16_27/CHANGES))<br>- bpftool ([5.15.8](https://lwn.net/Articles/878631/))<br>- bridge-utils ([1.7.1](https://git.kernel.org/pub/scm/network/bridge/bridge-utils.git/log/?h=v1.7.1))<br>- ca-certificates ([3.80](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_80.html) (includes [3.79](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_79.html), [3.78](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_78.html), [3.77](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_77.html), [3.76](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_76.html), [3.75](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_75.html)))<br>- cifs-utils ([6.13](https://lkml.kernel.org/linux-cifs/CAKywueSqRGSFmeDHQacyu831BNUeGFxGg3vgBmozzhkGBCjyXQ@mail.gmail.com/T/))<br>- conntrack-tools ([1.4.6](https://lists.netfilter.org/pipermail/netfilter-announce/2020/000240.html))<br>- containerd ([1.6.6](https://github.com/containerd/containerd/releases/tag/v1.6.6) (includes [1.6.5](https://github.com/containerd/containerd/releases/tag/v1.6.5), [1.6.4](https://github.com/containerd/containerd/releases/tag/v1.6.4), [1.6.3](https://github.com/containerd/containerd/releases/tag/v1.6.3), [1.6.2](https://github.com/containerd/containerd/releases/tag/v1.6.2), [1.6.1](https://github.com/containerd/containerd/releases/tag/v1.6.1), [1.6.0](https://github.com/containerd/containerd/releases/tag/v1.6.0)))<br>- cryptsetup ([2.4.3](https://lore.kernel.org/all/572c18a7bf60cb1b0f67c3a03c531d7e7ed31832.camel@scientia.net/T/))<br>- dosfstools ([4.2](https://github.com/dosfstools/dosfstools/releases/tag/v4.2))<br>- duktape ([2.7.0](https://github.com/svaarala/duktape/releases/tag/v2.7.0))<br>- e2fsprogs ([1.46.4](http://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.46.4))<br>- elfutils ([0.186](https://sourceware.org/git/?p=elfutils.git;a=blob;f=NEWS;h=490932ae4ef9b5a3af01d2c8c616f14d57586046;hb=983e86fd89e8bf02f2d27ba5dce5bf078af4ceda))<br>- gcc ([10.3.0](https://gcc.gnu.org/gcc-10/changes.html))<br>- gnutls ([3.7.3](https://gitlab.com/gnutls/gnutls/-/merge_requests/1517))<br>- grep ([3.7](https://savannah.gnu.org/forum/forum.php?forum_id=10037))<br>- gzip ([1.12](https://savannah.gnu.org/forum/forum.php?forum_id=10157) (includes [1.11](https://lists.gnu.org/archive/html/info-gnu/2021-09/msg00002.html)))<br>- ignition ([2.13.0](https://github.com/coreos/ignition/releases/tag/v2.13.0))<br>- intel-microcode ([20220207_p20220207](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20220207))<br>- iperf ([3.10.1](https://github.com/esnet/iperf/blob/master/RELNOTES.md#iperf-3101-2021-06-03))<br>- jansson ([2.14](https://github.com/akheron/jansson/blob/v2.14/CHANGES))<br>- kexec-tools ([2.0.22](https://www.spinics.net/lists/kexec/msg26864.html))<br>- less ([590](https://www.greenwoodsoftware.com/less/news.590.html))<br>- libarchive ([3.6.1](https://github.com/libarchive/libarchive/releases/tag/v3.6.1) (includes [3.5.3](https://github.com/libarchive/libarchive/releases/tag/v3.5.3)))<br>- libbsd ([0.11.3](https://gitlab.freedesktop.org/libbsd/libbsd/-/commits/0.11.3/))<br>- libmspack ([0.10.1_alpha](https://github.com/kyz/libmspack/blob/v0.10.1alpha/libmspack/ChangeLog))<br>- libnetfilter_queue ([1.0.5](https://git.netfilter.org/libnetfilter_queue/log/?h=libnetfilter_queue-1.0.5))<br>- libpcap ([1.10.1](https://git.tcpdump.org/libpcap/blob/c7642e2cc0c5bd65754685b160d25dc23c76c6bd:/CHANGES))<br>- libtasn1 ([4.17.0](https://gitlab.com/gnutls/libtasn1/-/blob/v4.17.0/NEWS))<br>- liburing ([2.1](https://github.com/axboe/liburing/commits/liburing-2.1))<br>- libxml2 ([2.9.13](http://www.xmlsoft.org/news.html))<br>- lsscsi ([0.32](https://sg.danny.cz/scsi/lsscsi.ChangeLog))<br>- mdadm ([4.2](https://lore.kernel.org/all/28fdbc45-96ca-7cdb-3ced-a5f65d978048@trained-monkey.org/T/))<br>- multipath-tools ([0.8.7](https://github.com/opensvc/multipath-tools/commits/0.8.7))<br>- nfs-utils ([2.5.4](https://lore.kernel.org/linux-fsdevel/c8795653-7728-18a4-93dc-58943ad0fe09@redhat.com/))<br>- nghttp2 ([1.45.1](https://github.com/nghttp2/nghttp2/releases/tag/v1.45.1))<br>- nvidia-drivers ([510.73.05](https://docs.nvidia.com/datacenter/tesla/tesla-release-notes-510-73-05/index.html))<br>- nvme-cli ([1.16](https://github.com/linux-nvme/nvme-cli/commits/deee9cae1ac94760deebd71f8e5449061338666c))<br>- oniguruma ([6.9.7.1](https://github.com/kkos/oniguruma/releases/tag/v6.9.7.1))<br>- open-isns ([0.101](https://github.com/open-iscsi/open-isns/blob/v0.101/ChangeLog))<br>- pam ([1.5.1_p20210622](https://github.com/linux-pam/linux-pam/commit/fe1307512fb8892b5ceb3d884c793af8dbd4c16a))<br>- pambase (20220214)<br>- pcre2 ([10.39](https://github.com/PhilipHazel/pcre2/blob/pcre2-10.39/NEWS))<br>- pinentry ([1.2.0](https://dev.gnupg.org/T5566))<br>- quota ([4.06](https://sourceforge.net/p/linuxquota/code/ci/0acd4cc6275122fd9864cb7b5d349e65a2622920/))<br>- rpcbind ([1.2.6](https://git.linux-nfs.org/?p=steved/rpcbind.git;a=shortlog;h=refs/tags/rpcbind-1_2_6))<br>- runc ([1.1.1](https://github.com/opencontainers/runc/releases/tag/v1.1.1))<br>- socat ([1.7.4.3](https://repo.or.cz/socat.git/blob/refs/tags/tag-1.7.4.3:/CHANGES))<br>- shadow ([4.11.1](https://github.com/shadow-maint/shadow/releases/tag/v4.11.1))<br>- systemd ([250.3](https://github.com/systemd/systemd-stable/releases/tag/v250.3))<br>- timezone-data ([2021a](https://mm.icann.org/pipermail/tz-announce/2021-January/000065.html))<br>- tcpdump ([4.99.1](https://git.tcpdump.org/tcpdump/blob/5f552b5e6e9fe05f7ad9681d51d0303233daba6a:/CHANGES))<br>- thin-provisioning-tools ([0.9.0](https://github.com/jthornber/thin-provisioning-tools/blob/d6d93c3157631b242a13a81d30f75453e576c55a/CHANGES#L1-L9))<br>- unzip ([6.0_p26](https://metadata.ftp-master.debian.org/changelogs//main/u/unzip/unzip_6.0-26_changelog))<br>- util-linux ([2.37.4](https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.4-ChangeLog))<br>- vim ([8.2.4328](https://github.com/vim/vim/releases/tag/v8.2.4328))<br>- whois ([5.5.11](https://github.com/rfc1036/whois/commit/5f5ba8312c04a759dad05723c035549273d07461))<br>- xfsprogs ([5.14.2](https://marc.info/?l=linux-xfs&m=163883318025390&w=2))<br>- zlib ([1.2.12](https://github.com/madler/zlib/blob/21767c654d31d2dccdde4330529775c6c5fd5389/ChangeLog#L4)) <br>- SDK: gcc-config ([2.5](https://gitweb.gentoo.org/proj/gcc-config.git/tag/?h=v2.5))<br>- SDK: iasl ([20200717](https://www.acpica.org/node/183))<br>- SDK: man-db ([2.9.4](https://gitlab.com/cjwatson/man-db/-/tags/2.9.4))<br>- SDK: man-pages ([5.12-r2](https://man7.org/linux/man-pages/changelog.html#release_5.12))<br>- SDK: netperf ([2.7.0](https://github.com/HewlettPackard/netperf/blob/netperf-2.7.0/Release_Notes))<br>- SDK: Rust ([1.60.0](https://github.com/rust-lang/rust/releases/tag/1.60.0) (includes [1.59.0](https://github.com/rust-lang/rust/releases/tag/1.59.0)))<br>- SDK: squashfs-tools ([4.5_p20210914](https://lore.kernel.org/lkml/CAB3woddJss+ziGp-RjJ-yiax6pc_HLMdxk3Qk5nJdRgjpEYWBg@mail.gmail.com/))<br>- VMware: open-vm-tools ([12.0.0](https://github.com/vmware/open-vm-tools/releases/tag/stable-12.0.0))<br><br>Packages:<br>- containerd 1.6.6<br>- docker 20.10.14<br>- ignition 2.13.0<br>- kernel 5.15.55<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-07-21T15:45:09+00:00 @@ -190,7 +198,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3139.2.3 3139.2.3 - 2023-10-25T10:20:44.966719+00:00 + 2023-11-22T09:59:34.891060+00:00 New **Stable** Release **3139.2.3**<br><br>Changes since **Stable 3139.2.2**<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-1789](https://nvd.nist.gov/vuln/detail/CVE-2022-1789), [CVE-2022-1852](https://nvd.nist.gov/vuln/detail/CVE-2022-1852), [CVE-2022-1972](https://nvd.nist.gov/vuln/detail/CVE-2022-1972), [CVE-2022-1973](https://nvd.nist.gov/vuln/detail/CVE-2022-1973), [CVE-2022-2078](https://nvd.nist.gov/vuln/detail/CVE-2022-2078), [CVE-2022-32250](https://nvd.nist.gov/vuln/detail/CVE-2022-32250), [CVE-2022-32981](https://nvd.nist.gov/vuln/detail/CVE-2022-32981))<br>- libpcre2 ([CVE-2022-1586](https://nvd.nist.gov/vuln/detail/CVE-2022-1586), [CVE-2022-1587](https://nvd.nist.gov/vuln/detail/CVE-2022-1587))<br><br>#### Updates:<br><br>- Linux ([5.15.48](https://lwn.net/Articles/898124) (includes [5.15.47](https://lwn.net/Articles/897904), [5.15.46](https://lwn.net/Articles/897377), [5.15.45](https://lwn.net/Articles/897167), [5.15.44](https://lwn.net/Articles/896647)))<br>- ca-certificates ([3.79](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_79.html))<br>- libpcre2 ([10.40](https://github.com/PCRE2Project/pcre2/blob/pcre2-10.40/NEWS))<br>Packages:<br>- containerd 1.5.11<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.15.48<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-06-23T11:47:39+00:00 @@ -198,7 +206,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3139.2.2 3139.2.2 - 2023-10-25T10:20:44.961689+00:00 + 2023-11-22T09:59:34.885928+00:00 New **Stable** Release **3139.2.2**<br><br>_Changes since **Stable 3139.2.1**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-1734](https://nvd.nist.gov/vuln/detail/CVE-2022-1734), [CVE-2022-28893](https://nvd.nist.gov/vuln/detail/CVE-2022-28893), [CVE-2022-1012](https://nvd.nist.gov/vuln/detail/CVE-2022-1012), [CVE-2022-1729](https://nvd.nist.gov/vuln/detail/CVE-2022-1729))<br>- Go ([CVE-2022-29526](https://nvd.nist.gov/vuln/detail/CVE-2022-29526))<br><br>#### Bug fixes:<br><br>- Ensured `/etc/flatcar/update.conf` exists because it happens to be used as flag file for Ansible ([init#71](https://github.com/flatcar/init/pull/71))<br>- GCP: Fixed shutdown script execution ([coreos-overlay#1912](https://github.com/flatcar/coreos-overlay/pull/1912), [flatcar#743](https://github.com/flatcar/Flatcar/issues/743))<br><br><br>#### Updates:<br><br>- Linux ([5.15.43](https://lwn.net/Articles/896231/) (includes [5.15.42](https://lwn.net/Articles/896226), [5.15.41](https://lwn.net/Articles/895645), [5.15.40](https://lwn.net/Articles/895318), [5.15.39](https://lwn.net/Articles/895070), [5.15.38](https://lwn.net/Articles/894357)))<br>- Go ([1.17.10](https://go.googlesource.com/go/+/refs/tags/go1.17.10))<br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.15.43<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-06-02T15:09:15+00:00 @@ -206,7 +214,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3139.2.1 3139.2.1 - 2023-10-25T10:20:44.956694+00:00 + 2023-11-22T09:59:34.880867+00:00 New **Stable** Release **3139.2.1**<br><br>_Changes since **Stable 3139.2.0**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-28390](https://nvd.nist.gov/vuln/detail/CVE-2022-28390), [CVE-2022-0168](https://nvd.nist.gov/vuln/detail/CVE-2022-0168), [CVE-2022-1158](https://nvd.nist.gov/vuln/detail/CVE-2022-1158), [CVE-2022-1353](https://nvd.nist.gov/vuln/detail/CVE-2022-1353), [CVE-2022-1198](https://nvd.nist.gov/vuln/detail/CVE-2022-1198), [CVE-2022-28389](https://nvd.nist.gov/vuln/detail/CVE-2022-28389), [CVE-2022-28388](https://nvd.nist.gov/vuln/detail/CVE-2022-28388), [CVE-2022-1516](https://nvd.nist.gov/vuln/detail/CVE-2022-1516), [CVE-2022-1263](https://nvd.nist.gov/vuln/detail/CVE-2022-1263), [CVE-2022-29582](https://nvd.nist.gov/vuln/detail/CVE-2022-29582), [CVE-2022-1204](https://nvd.nist.gov/vuln/detail/CVE-2022-1204), [CVE-2022-1205](https://nvd.nist.gov/vuln/detail/CVE-2022-1205), [CVE-2022-0500](https://nvd.nist.gov/vuln/detail/CVE-2022-0500), [CVE-2022-23222](https://nvd.nist.gov/vuln/detail/CVE-2022-23222))<br>- nvidia-drivers ([CVE-2022-21814](https://nvd.nist.gov/vuln/detail/CVE-2022-21814), [CVE-2022-21813](https://nvd.nist.gov/vuln/detail/CVE-2022-21813))<br>- Go ([CVE-2022-24675](https://nvd.nist.gov/vuln/detail/CVE-2022-24675))<br><br>#### Bug fixes:<br><br>- AWS: specify correct console (ttyS0) on kernel command line for ARM64 instances ([coreos-overlay#1628](https://github.com/flatcar/coreos-overlay/pull/1628))<br>- GCE: Restored oem-gce.service functionality on GCP ([coreos-overlay#1813](https://github.com/flatcar/coreos-overlay/pull/1813))<br>- Added pahole to developer container, without it kernel modules built against /usr/src/linux may fail to probe with an 'invalid relocation target' error ([coreos-overlay#1839](https://github.com/flatcar/coreos-overlay/pull/1839))<br><br>#### Changes:<br><br>- Merge the Flatcar Pro features into the regular Flatcar images ([coreos-overlay#1679](https://github.com/flatcar/coreos-overlay/pull/1679)) <br>- GCE: Enabled GVE kernel driver, which adds support for Google Virtual NIC on GCP ([coreos-overlay#1802](https://github.com/flatcar/coreos-overlay/pull/1802))<br>- SDK: Dropped the mantle binaries (kola, ore, etc.) from the SDK, they are now provided by the `ghcr.io/flatcar/mantle` image ([coreos-overlay#1827](https://github.com/flatcar/coreos-overlay/pull/1827), [scripts#275](https://github.com/flatcar/scripts/pull/275))<br><br>#### Updates:<br><br>- Linux ([5.15.37](https://lwn.net/Articles/893264) (includes [5.15.36](https://lwn.net/Articles/892812), [5.15.35](https://lwn.net/Articles/892002), [5.15.34](https://lwn.net/Articles/891251), [5.15.33](https://lwn.net/Articles/890722)))<br>- Go ([1.17.9](https://go.googlesource.com/go/+/refs/tags/go1.17.9))<br>- ca-certificates ([3.78](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_78.html))<br>- nvidia-drivers ([510.47.03](https://docs.nvidia.com/datacenter/tesla/tesla-release-notes-510-47-03/index.html)) <br>- GCE: google compute-image-packages ([20190124](https://github.com/GoogleCloudPlatform/compute-image-packages/releases/tag/20190124))<br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.15.37<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-05-09T14:42:58+00:00 @@ -214,7 +222,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3139.2.0 3139.2.0 - 2023-10-25T10:20:44.950396+00:00 + 2023-11-22T09:59:34.874496+00:00 New **Stable** Release **3139.2.0**<br><br>_Changes since **Stable 3033.2.4**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-1015](https://nvd.nist.gov/vuln/detail/CVE-2022-1015), [CVE-2022-1016](https://nvd.nist.gov/vuln/detail/CVE-2022-1016))<br>- Go ([CVE-2021-44716](https://nvd.nist.gov/vuln/detail/CVE-2021-44716), [CVE-2021-44717](https://nvd.nist.gov/vuln/detail/CVE-2021-44717))<br>- containerd ([CVE-2021-43816](https://nvd.nist.gov/vuln/detail/CVE-2021-43816), [CVE-2022-24769](https://nvd.nist.gov/vuln/detail/CVE-2022-24769))<br>- gcc ([CVE-2020-13844](https://nvd.nist.gov/vuln/detail/CVE-2020-13844))<br>- Ignition ([CVE-2020-14040](https://nvd.nist.gov/vuln/detail/CVE-2020-14040), [CVE-2021-38561](https://nvd.nist.gov/vuln/detail/CVE-2021-38561))<br>- krb5 ([CVE-2021-37750](https://nvd.nist.gov/vuln/detail/CVE-2021-37750))<br>- libarchive ([libarchive-1565](https://github.com/libarchive/libarchive/issues/1565), [libarchive-1566](https://github.com/libarchive/libarchive/issues/1566))<br>- OpenSSH ([CVE-2021-41617](https://nvd.nist.gov/vuln/detail/CVE-2021-41617))<br>- openssl ([CVE-2021-4044](https://nvd.nist.gov/vuln/detail/CVE-2021-4044))<br>- torcx ([CVE-2021-38561](https://nvd.nist.gov/vuln/detail/CVE-2021-38561), [CVE-2021-43565](https://nvd.nist.gov/vuln/detail/CVE-2021-43565))<br>- vim ([CVE-2021-3872](https://nvd.nist.gov/vuln/detail/CVE-2021-3872), [CVE-2021-3875](https://nvd.nist.gov/vuln/detail/CVE-2021-3875), [CVE-2021-3903](https://nvd.nist.gov/vuln/detail/CVE-2021-3903), [CVE-2021-3927](https://nvd.nist.gov/vuln/detail/CVE-2021-3927), [CVE-2021-3928](https://nvd.nist.gov/vuln/detail/CVE-2021-3928), [CVE-2021-3968](https://nvd.nist.gov/vuln/detail/CVE-2021-3968), [CVE-2021-3973](https://nvd.nist.gov/vuln/detail/CVE-2021-3973), [CVE-2021-3974](https://nvd.nist.gov/vuln/detail/CVE-2021-3974))<br>- SDK: edk2-ovmf ([CVE-2019-14584](https://nvd.nist.gov/vuln/detail/CVE-2019-14584), [CVE-2021-28210](https://nvd.nist.gov/vuln/detail/CVE-2021-28210), [CVE-2021-28211](https://nvd.nist.gov/vuln/detail/CVE-2021-28211), [CVE-2021-28213](https://nvd.nist.gov/vuln/detail/CVE-2021-28213))<br>- SDK: libxslt ([CVE-2021-30560](https://nvd.nist.gov/vuln/detail/CVE-2021-30560))<br>- SDK: mantle ([CVE-2021-3121](https://nvd.nist.gov/vuln/detail/CVE-2021-3121), [CVE-2021-38561](https://nvd.nist.gov/vuln/detail/CVE-2021-38561), [CVE-2021-43565](https://nvd.nist.gov/vuln/detail/CVE-2021-43565))<br>- SDK: QEMU ([CVE-2020-35504](https://nvd.nist.gov/vuln/detail/CVE-2020-35504), [CVE-2020-35505](https://nvd.nist.gov/vuln/detail/CVE-2020-35505), [CVE-2020-35506](https://nvd.nist.gov/vuln/detail/CVE-2020-35506), [CVE-2020-35517](https://nvd.nist.gov/vuln/detail/CVE-2020-35517), [CVE-2021-20203](https://nvd.nist.gov/vuln/detail/CVE-2021-20203), [CVE-2021-20255](https://nvd.nist.gov/vuln/detail/CVE-2021-20255), [CVE-2021-20257](https://nvd.nist.gov/vuln/detail/CVE-2021-20257), [CVE-2021-20263](https://nvd.nist.gov/vuln/detail/CVE-2021-20263), [CVE-2021-3409](https://nvd.nist.gov/vuln/detail/CVE-2021-3409), [CVE-2021-3416](https://nvd.nist.gov/vuln/detail/CVE-2021-3416), [CVE-2021-3527](https://nvd.nist.gov/vuln/detail/CVE-2021-3527), [CVE-2021-3544](https://nvd.nist.gov/vuln/detail/CVE-2021-3544), [CVE-2021-3545](https://nvd.nist.gov/vuln/detail/CVE-2021-3545), [CVE-2021-3546](https://nvd.nist.gov/vuln/detail/CVE-2021-3546), [CVE-2021-3582](https://nvd.nist.gov/vuln/detail/CVE-2021-3582), [CVE-2021-3607](https://nvd.nist.gov/vuln/detail/CVE-2021-3607), [CVE-2021-3608](https://nvd.nist.gov/vuln/detail/CVE-2021-3608), [CVE-2021-3682](https://nvd.nist.gov/vuln/detail/CVE-2021-3682))<br>- SDK: Rust ([CVE-2022-21658](https://nvd.nist.gov/vuln/detail/CVE-2022-21658))<br><br>#### Bug fixes:<br><br>- Excluded the Kubenet cbr0 interface from networkd's DHCP config and set it to Unmanaged to prevent interference and ensure that it is not part of the network online check ([init#55](https://github.com/flatcar/init/pull/55))<br>- Fixed the dracut emergency Ignition log printing that had a scripting error causing the cat command to fail ([bootengine#33](https://github.com/flatcar/bootengine/pull/33))<br>- network: Accept ICMPv6 Router Advertisements to fix IPv6 address assignment in the default DHCP setting ([init#51](https://github.com/flatcar/init/pull/51), [coreos-cloudinit#12](https://github.com/flatcar/coreos-cloudinit/pull/12), [bootengine#30](https://github.com/flatcar/bootengine/pull/30))<br>- flatcar-update: Stopped checking for the `USER` environment variable which may not be set in all environments, causing the script to fail unless a workaround was used like prepending an additional `sudo` invocation ([init#58](https://github.com/flatcar/init/pull/58))<br>- Reverted the Linux kernel commit which broke networking on AWS instances which use Intel 82559 NIC (c4/m4) ([Flatcar#665](https://github.com/flatcar/Flatcar/issues/665), [coreos-overlay#1723](https://github.com/flatcar/coreos-overlay/pull/1723))<br>- Re-added the `brd drbd nbd rbd xen-blkfront zram libarc4 lru_cache zsmalloc` kernel modules to the initramfs since they were missing compared to the Flatcar 3033.2.x releases where the 5.10 kernel is used ([bootengine#40](https://github.com/flatcar/bootengine/pull/40))<br><br>#### Changes:<br><br>- Added a new flatcar-update tool to the image to ease manual updates, rollbacks, channel/release jumping, and airgapped updates ([init#53](https://github.com/flatcar/init/pull/53))<br>- Update-engine now creates the `/run/reboot-required` flag file for [kured](https://github.com/weaveworks/kured) ([update_engine#15](https://github.com/flatcar/update_engine/pull/15))<br>- Excluded special network interface devices like bridge, tunnel, vxlan, and veth devices from the default DHCP configuration to prevent networkd interference ([init#56](https://github.com/flatcar/init/pull/56))<br>- Added CONFIG_NF_CT_NETLINK_HELPER (for libnetfilter_cthelper), CONFIG_NET_VRF (for virtual routing and forwarding) and CONFIG_KEY_DH_OPERATIONS (for keyutils) to the kernel config ([coreos-overlay#1524](https://github.com/flatcar/coreos-overlay/pull/1524))<br>- Enabled the FIPS support for the Linux kernel, which users can now choose through a kernel parameter in `grub.cfg` (check it taking effect with `cat /proc/sys/crypto/fips_enabled`) ([coreos-overlay#1602](https://github.com/flatcar/coreos-overlay/pull/1602))<br>- Enabled FIPS mode for cryptsetup ([portage-stable#312](https://github.com/flatcar/portage-stable/pull/312))<br>- Rework the way we set up the default python intepreter in SDK - it is now without specifying a version. This should work fine as long as we keep having one version of python in SDK.<br>- Add a way to remove packages that are hard-blockers for update. A hard-blocker means that the package needs to be removed (for example with `emerge -C`) before an update can happen.<br>- Removed the pre-shipped `/etc/flatcar/update.conf` file, leaving it totally to the user to define the contents as it was unnecessarily overwriting the `/use/share/flatcar/update.conf` ([scripts#212](https://github.com/flatcar/scripts/pull/212))<br><br>#### Updates:<br><br>- Linux ([5.15.32](https://lwn.net/Articles/889438)) (from 5.15.30)<br>- Linux headers ([5.15](https://lwn.net/Articles/876611/))<br>- GCC [9.4.0](https://lists.gnu.org/archive/html/info-gnu/2021-06/msg00000.html)<br>- acl ([2.3.1](https://git.savannah.nongnu.org/cgit/acl.git/log/?h=v2.3.1))<br>- attr ([2.5.1](https://git.savannah.nongnu.org/cgit/attr.git/log/?h=v2.5.1))<br>- audit ([3.0.6](https://listman.redhat.com/archives/linux-audit/2021-October/msg00000.html))<br>- boost ([1.76.0](https://www.boost.org/users/history/version_1_76_0.html))<br>- btrfs-progs ([5.15.1](https://btrfs.wiki.kernel.org/index.php/Changelog#btrfs-progs_v5.15_.28Nov_2021.29))<br>- ca-certificates ([3.77](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_77.html))<br>- containerd ([1.5.11](https://github.com/containerd/containerd/releases/tag/v1.5.11))<br>- coreutils ([8.32](https://lists.gnu.org/archive/html/coreutils-announce/2020-03/msg00000.html))<br>- diffutils ([3.8](https://lists.gnu.org/archive/html/info-gnu/2021-08/msg00000.html))<br>- ethtool ([5.10](https://git.kernel.org/pub/scm/network/ethtool/ethtool.git/tree/NEWS?h=v5.10))<br>- findutils ([4.8.0](https://savannah.gnu.org/forum/forum.php?forum_id=9914))<br>- glib ([2.68.4](https://gitlab.gnome.org/GNOME/glib/-/releases/2.68.4))<br>- i2c-tools ([4.2](https://git.kernel.org/pub/scm/utils/i2c-tools/i2c-tools.git/log/?h=v4.2))<br>- iproute2 ([5.15](https://lwn.net/ml/linux-kernel/20211101164705.6f4f2e41%40hermes.local/))<br>- ipset ([7.11](https://ipset.netfilter.org/changelog.html))<br>- iputils ([20210722](https://github.com/iputils/iputils/releases/tag/20210722))<br>- ipvsadm ([1.27](http://archive.linuxvirtualserver.org/html/lvs-devel/2013-09/msg00011.html))<br>- kmod ([29](https://git.kernel.org/pub/scm/utils/kernel/kmod/kmod.git/commit/?id=b6ecfc916a17eab8f93be5b09f4e4f845aabd3d1))<br>- libarchive [3.5.2](https://github.com/libarchive/libarchive/releases/tag/v3.5.2)<br>- libcap-ng ([0.8.2](https://github.com/stevegrubb/libcap-ng/releases/tag/v0.8.2))<br>- libseccomp ([2.5.1](https://github.com/seccomp/libseccomp/releases/tag/v2.5.1))<br>- lshw ([02.19.2b_p20210121](https://www.ezix.org/project/wiki/HardwareLiSter#Changes))<br>- lsof ([4.94.0](https://github.com/lsof-org/lsof/releases/tag/4.94.0))<br>- openssh ([8.8](http://www.openssh.com/txt/release-8.8))<br>- openssl ([3.0.2](https://www.openssl.org/news/changelog.html#openssl-30))<br>- parted ([3.4](https://savannah.gnu.org/forum/forum.php?forum_id=9924) (includes [3.3](https://savannah.gnu.org/forum/forum.php?forum_id=9569)))<br>- pciutils ([3.7.0](https://github.com/pciutils/pciutils/commit/864aecdea9c7db626856d8d452f6c784316a878c))<br>- polkit ([0.120](https://gitlab.freedesktop.org/polkit/polkit/-/blob/0.120/NEWS))<br>- runc ([1.1.0](https://github.com/opencontainers/runc/releases/tag/v1.1.0))<br>- sbsigntools ([0.9.4](https://git.kernel.org/pub/scm/linux/kernel/git/jejb/sbsigntools.git/tag/?h=v0.9.4))<br>- sed ([4.8](https://savannah.gnu.org/forum/forum.php?forum_id=9647))<br>- usbutils ([014](https://github.com/gregkh/usbutils/commit/57fb18e59cce31a50a1ca62d1e192512c905ba00))<br>- vim [8.2.3582](https://github.com/vim/vim/releases/tag/v8.2.3582)<br>- Azure: Python for OEM images ([3.9.8](https://www.python.org/downloads/release/python-398/))<br>- Azure: WALinuxAgent ([2.6.0.2](https://github.com/Azure/WALinuxAgent/releases/tag/v2.6.0.2))<br>- SDK: edk2-ovmf [202105](https://github.com/tianocore/edk2/releases/tag/edk2-stable202105)<br>- SDK: file ([5.40](https://mailman.astron.com/pipermail/file/2021-March/000478.html))<br>- SDK: ipxe [1.21.1](https://github.com/ipxe/ipxe/releases/tag/v1.21.1)<br>- SDK: mantle ([0.18.0](https://github.com/flatcar/mantle/releases/tag/v0.18.0))<br>- SDK: perf ([5.15](https://kernelnewbies.org/LinuxChanges#Linux_5.15.Tracing.2C_perf_and_BPF))<br>- SDK: Python ([3.9.8](https://www.python.org/downloads/release/python-398/))<br>- SDK: qemu ([6.1.0](https://wiki.qemu.org/ChangeLog/6.1)<br>- SDK: Rust ([1.58.1](https://github.com/rust-lang/rust/releases/tag/1.58.1))<br>- SDK: seabios [1.14.0](https://seabios.org/Releases#SeaBIOS_1.14.0)<br>- SDK: sgabios [0.1_pre10](https://git.qemu.org/?p=sgabios.git;a=tree;h=a85446adb0e0)<br><br>_Changes since **Beta 3139.1.1**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-1015](https://nvd.nist.gov/vuln/detail/CVE-2022-1015), [CVE-2022-1016](https://nvd.nist.gov/vuln/detail/CVE-2022-1016))<br>- containerd ([CVE-2022-24769](https://nvd.nist.gov/vuln/detail/CVE-2022-24769))<br><br>#### Changes:<br><br>- Enabled FIPS mode for cryptsetup ([portage-stable#312](https://github.com/flatcar/portage-stable/pull/312))<br><br>#### Updates:<br><br>- Linux ([5.15.32](https://lwn.net/Articles/889438)) (from 5.15.30)<br>- ca-certificates ([3.77](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_77.html))<br>- containerd ([1.5.11](https://github.com/containerd/containerd/releases/tag/v1.5.11))<br>- Azure: WALinuxAgent ([2.6.0.2](https://github.com/Azure/WALinuxAgent/releases/tag/v2.6.0.2))<br><br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.15.32<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-04-07T12:05:52+00:00 @@ -222,7 +230,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3033.2.4 3033.2.4 - 2023-10-25T10:20:44.938049+00:00 + 2023-11-22T09:59:34.862094+00:00 New **Stable** Release **3033.2.4**<br><br>**Changes since Stable-3033.2.3**<br><br>#### Security fixes<br>- Linux ([CVE-2022-25636](https://nvd.nist.gov/vuln/detail/CVE-2022-25636))<br>- Go ([CVE-2022-24921](https://nvd.nist.gov/vuln/detail/CVE-2022-24921))<br>- systemd ([CVE-2021-3997](https://nvd.nist.gov/vuln/detail/CVE-2021-3997))<br>- containerd ([CVE-2022-23648](https://nvd.nist.gov/vuln/detail/CVE-2022-23648))<br>- openssl ([CVE-2022-0778](https://nvd.nist.gov/vuln/detail/CVE-2022-0778))<br><br>#### Bug fixes<br>- Reverted the Linux kernel commit which broke networking on AWS instances which use Intel 82559 NIC (c4/m4) ([Flatcar#665](https://github.com/flatcar/Flatcar/issues/665), [coreos-overlay#1720](https://github.com/flatcar/coreos-overlay/pull/1720))<br><br>#### Changes<br>- Added support for switching back to CGroupsV1 without requiring a reboot. Create `/etc/flatcar-cgroupv1` through ignition. ([coreos-overlay#1666](https://github.com/flatcar/coreos-overlay/pull/1666))<br><br>#### Updates<br>- Linux ([5.10.107](https://lwn.net/Articles/888522) (from 5.10.102, includes [5.10.103](https://lwn.net/Articles/886570), [5.10.104](https://lwn.net/Articles/887220), [5.10.105](https://lwn.net/Articles/887639), [5.10.106](https://lwn.net/Articles/888115)))<br>- Go ([1.17.8](https://go.googlesource.com/go/+/refs/tags/go1.17.8))<br>- systemd ([249.10](https://github.com/systemd/systemd-stable/releases/tag/v249.10))<br>- ca-certificates ([3.76](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_76.html))<br>- containerd ([1.5.10](https://github.com/containerd/containerd/releases/tag/v1.5.10))<br>- openssl ([1.1.1n](https://www.openssl.org/news/changelog.html#openssl-111))<br><br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.10.107<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-03-23T13:33:43+00:00 @@ -230,7 +238,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3033.2.3 3033.2.3 - 2023-10-25T10:20:44.932678+00:00 + 2023-11-22T09:59:34.856716+00:00 New **Stable** Release **3033.2.3**<br><br>_Changes since **Stable 3033.2.2**_<br><br>#### Security fixes<br>- Linux ([CVE-2022-24448](https://nvd.nist.gov/vuln/detail/CVE-2022-24448), [CVE-2022-0617](https://nvd.nist.gov/vuln/detail/CVE-2022-0617), [CVE-2022-24959](https://nvd.nist.gov/vuln/detail/CVE-2022-24959), [CVE-2022-0492](https://nvd.nist.gov/vuln/detail/CVE-2022-0492), [CVE-2022-0516](https://nvd.nist.gov/vuln/detail/CVE-2022-0516), [CVE-2022-0435](https://nvd.nist.gov/vuln/detail/CVE-2022-0435), [CVE-2022-0487](https://nvd.nist.gov/vuln/detail/CVE-2022-0487), [CVE-2022-25375](https://nvd.nist.gov/vuln/detail/CVE-2022-25375), [CVE-2022-25258](https://nvd.nist.gov/vuln/detail/CVE-2022-25258), [CVE-2022-0847](https://nvd.nist.gov/vuln/detail/CVE-2022-0847))<br>- go ([CVE-2022-23806](https://nvd.nist.gov/vuln/detail/CVE-2022-23806), [CVE-2022-23772](https://nvd.nist.gov/vuln/detail/CVE-2022-23772), [CVE-2022-23773](https://nvd.nist.gov/vuln/detail/CVE-2022-23773))<br>- ignition ([CVE-2020-14040](https://nvd.nist.gov/vuln/detail/CVE-2020-14040))<br>- expat ([CVE-2022-25235](https://nvd.nist.gov/vuln/detail/CVE-2022-25235), [CVE-2022-25236](https://nvd.nist.gov/vuln/detail/CVE-2022-25236), [CVE-2022-25313](https://nvd.nist.gov/vuln/detail/CVE-2022-25313), [CVE-2022-25314](https://nvd.nist.gov/vuln/detail/CVE-2022-25314), [CVE-2022-25315](https://nvd.nist.gov/vuln/detail/CVE-2022-25315))<br><br>#### Bug fixes<br>- Disabled the systemd-networkd settings `ManageForeignRoutes` and `ManageForeignRoutingPolicyRules` by default to ensure that CNIs like Cilium don't get their routes or routing policy rules discarded on network reconfiguration events ([Flatcar#620](https://github.com/flatcar/Flatcar/issues/620)).<br>- Prevented hitting races when creating filesystems in Ignition, these races caused boot failures like `fsck[1343]: Failed to stat /dev/disk/by-label/ROOT: No such file or directory` when creating a btrfs root filesystem ([ignition#35](https://github.com/flatcar/ignition/pull/35))<br>- Reverted the Linux kernel change to forbid xfrm id 0 for IPSec state because it broke Cilium ([Flatcar#626](https://github.com/flatcar/Flatcar/issues/626), [coreos-overlay#1682](https://github.com/flatcar/coreos-overlay/pull/1682))<br><br>#### Updates<br>- Linux ([5.10.102](https://lwn.net/Articles/885896)) (from 5.10.96)<br>- Go ([1.17.7](https://go.googlesource.com/go/+/refs/tags/go1.17.7) (includes [1.17.6](https://go.googlesource.com/go/+/refs/tags/go1.17.6)))<br>- expat ([2.4.6](https://github.com/libexpat/libexpat/blob/R_2_4_6/expat/Changes))<br>- ca-certificates ([3.75](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_75.html))<br><br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.10.102<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-03-07T13:12:34+00:00 @@ -238,7 +246,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3033.2.2 3033.2.2 - 2023-10-25T10:20:44.926705+00:00 + 2023-11-22T09:59:34.850716+00:00 New **Stable** Release **3033.2.2**<br><br>_Changes since **Stable 3033.2.1**_<br><br>#### Security fixes<br>- Linux ([CVE-2021-43976](https://nvd.nist.gov/vuln/detail/CVE-2021-43976), [CVE-2022-0330](https://nvd.nist.gov/vuln/detail/CVE-2022-0330), [CVE-2022-22942](https://nvd.nist.gov/vuln/detail/CVE-2022-22942))<br>- expat ([CVE-2022-23852](https://nvd.nist.gov/vuln/detail/CVE-2022-23852), [CVE-2022-23990](https://nvd.nist.gov/vuln/detail/CVE-2022-23990))<br>- glibc ([CVE-2021-3998](https://nvd.nist.gov/vuln/detail/CVE-2021-3998), [CVE-2021-3999](https://nvd.nist.gov/vuln/detail/CVE-2021-3999), [CVE-2022-23218](https://nvd.nist.gov/vuln/detail/CVE-2022-23218), [CVE-2022-23219](https://nvd.nist.gov/vuln/detail/CVE-2022-23219))<br>- polkit ([CVE-2021-4034](https://nvd.nist.gov/vuln/detail/CVE-2021-4034))<br><br><br>#### Bug fixes<br>- SDK: Fixed build error popping up in the new SDK Container because `policycoreutils` used the wrong ROOT to update the SELinux store ([flatcar-linux/coreos-overlay#1502](https://github.com/flatcar/coreos-overlay/pull/1502))<br>- Fixed leak of SELinux policy store to the root filesystem top directory due to wrong store path in `policycoreutils` instead of `/var/lib/selinux` ([flatcar-linux/Flatcar#596](https://github.com/flatcar/Flatcar/issues/596))<br><br>#### Updates<br>- Linux ([5.10.96](https://lwn.net/Articles/883442)) (from 5.10.93)<br>- Linux Firmware ([20211216](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20211216))<br>- expat ([2.4.4](https://github.com/libexpat/libexpat/blob/R_2_4_4/expat/Changes))<br>Packages:<br>- docker 20.10.12<br>- ignition 0.34.0<br>- kernel 5.10.96<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-02-09T10:03:27+00:00 @@ -246,7 +254,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3033.2.1 3033.2.1 - 2023-10-25T10:20:44.921423+00:00 + 2023-11-22T09:59:34.845360+00:00 New **Stable** release **3033.2.1**<br><br>_Changes since **Stable 3033.2.0**_<br><br>#### Known issues:<br>- The SELinux policy store update fix resulted in some files leaked to the root filesystem top directory ([flatcar-linux/Flatcar#596](https://github.com/flatcar/Flatcar/issues/596))<br><br>#### Security fixes:<br><br>- Linux ([CVE-2021-4135](https://nvd.nist.gov/vuln/detail/CVE-2021-4135), [CVE-2021-4155](https://nvd.nist.gov/vuln/detail/CVE-2021-4155), [CVE-2021-28711](https://nvd.nist.gov/vuln/detail/CVE-2021-28711), [CVE-2021-28712](https://nvd.nist.gov/vuln/detail/CVE-2021-28712), [CVE-2021-28713](https://nvd.nist.gov/vuln/detail/CVE-2021-28713), [CVE-2021-28714](https://nvd.nist.gov/vuln/detail/CVE-2021-28714), [CVE-2021-28715](https://nvd.nist.gov/vuln/detail/CVE-2021-28715), [CVE-2021-39685](https://nvd.nist.gov/vuln/detail/CVE-2021-39685), [CVE-2021-44733](https://nvd.nist.gov/vuln/detail/CVE-2021-44733), [CVE-2021-45095](https://nvd.nist.gov/vuln/detail/CVE-2021-45095), [CVE-2022-0185](https://nvd.nist.gov/vuln/detail/CVE-2022-0185))<br>- ca-certificates ([CVE-2021-43527](https://nvd.nist.gov/vuln/detail/CVE-2021-43527))<br>- containerd ([CVE-2021-43816](https://nvd.nist.gov/vuln/detail/CVE-2021-43816))<br>- expat ([CVE-2021-45960](https://nvd.nist.gov/vuln/detail/CVE-2021-45960), [CVE-2021-46143](https://nvd.nist.gov/vuln/detail/CVE-2021-46143), [CVE-2022-22822](https://nvd.nist.gov/vuln/detail/CVE-2022-22822), [CVE-2022-22823](https://nvd.nist.gov/vuln/detail/CVE-2022-22823), [CVE-2022-22824](https://nvd.nist.gov/vuln/detail/CVE-2022-22824), [CVE-2022-22825](https://nvd.nist.gov/vuln/detail/CVE-2022-22825), [CVE-2022-22826](https://nvd.nist.gov/vuln/detail/CVE-2022-22826), [CVE-2022-22827](https://nvd.nist.gov/vuln/detail/CVE-2022-22827))<br><br>#### Bug fixes:<br><br>- Ensured that the `/run/xtables.lock` coordination file exists for modifications of the xtables backend from containers (must be bind-mounted) or the `iptables-legacy` binaries on the host ([flatcar-linux/init#57](https://github.com/flatcar/init/pull/57))<br>- dev container: Fix github URL for coreos-overlay and portage-stable to use repos from flatcar-linux org directly instead of relying on redirects from the kinvolk org. This fixes checkouts with emerge-gitclone inside dev-container. ([flatcar-linux/scripts#194](https://github.com/flatcar/scripts/pull/194))<br>- SDK: Fixed build error popping up in the new SDK Container because `policycoreutils` used the wrong ROOT to update the SELinux store ([flatcar-linux/coreos-overlay#1502](https://github.com/flatcar/coreos-overlay/pull/1502))<br><br>#### Changes:<br><br>- Backported `elf` support for `iproute2` ([flatcar-linux/coreos-overlay#1256](https://github.com/flatcar/coreos-overlay/pull/1526))<br><br>#### Updates:<br><br>- Linux ([5.10.93](https://lwn.net/Articles/881964)) (from 5.10.84)<br>- ca-certificates ([3.74](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_74.html))<br>- Docker ([20.10.12](https://docs.docker.com/engine/release-notes/#201012))<br>- containerd ([1.5.9](https://github.com/containerd/containerd/releases/tag/v1.5.9))<br>- expat ([2.4.3](https://github.com/libexpat/libexpat/blob/R_2_4_3/expat/Changes))<br><br>Packages:<br>- docker 20.10.12<br>- ignition 0.34.0<br>- kernel 5.10.93<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-01-26T08:17:16+00:00 @@ -254,7 +262,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3033.2.0 3033.2.0 - 2023-10-25T10:20:44.915014+00:00 + 2023-11-22T09:59:34.838900+00:00 New **Stable** release **3033.2.0**<br><br>_Changes since **Stable 2983.2.1**_<br><br>**Security fixes**<br><br><br><br>* Linux ([CVE-2021-4002](https://nvd.nist.gov/vuln/detail/CVE-2021-4002), [CVE-2020-27820](https://nvd.nist.gov/vuln/detail/CVE-2020-27820), [CVE-2021-4001](https://nvd.nist.gov/vuln/detail/CVE-2021-4001), [CVE-2021-43975](https://nvd.nist.gov/vuln/detail/CVE-2021-43975))<br>* Go ([CVE-2021-29923](https://nvd.nist.gov/vuln/detail/CVE-2021-29923),[ CVE-2021-39293](https://nvd.nist.gov/vuln/detail/CVE-2021-39293),[ CVE-2021-38297](https://nvd.nist.gov/vuln/detail/CVE-2021-38297),[CVE-2021-39293](https://nvd.nist.gov/vuln/detail/CVE-2021-39293), [CVE-2021-44717](https://nvd.nist.gov/vuln/detail/CVE-2021-44717), [CVE-2021-44716](https://nvd.nist.gov/vuln/detail/CVE-2021-44716))<br>* bash ([CVE-2019-9924](https://nvd.nist.gov/vuln/detail/CVE-2019-9924),[ CVE-2019-18276](https://nvd.nist.gov/vuln/detail/CVE-2019-18276))<br>* binutils ([CVE-2021-3530](https://nvd.nist.gov/vuln/detail/CVE-2021-3530),[ CVE-2021-3549](https://nvd.nist.gov/vuln/detail/CVE-2021-3549))<br>* ca-certificates ([CVE-2021-43527](https://nvd.nist.gov/vuln/detail/CVE-2021-43527))<br>* containerd ([CVE-2021-41103](https://nvd.nist.gov/vuln/detail/CVE-2021-41103))<br>* curl ([CVE-2021-22945](https://nvd.nist.gov/vuln/detail/CVE-2021-22945),[ CVE-2021-22946](https://nvd.nist.gov/vuln/detail/CVE-2021-22946),[ CVE-2021-22947](https://nvd.nist.gov/vuln/detail/CVE-2021-22947))<br>* Docker ([CVE-2021-41092](https://nvd.nist.gov/vuln/detail/CVE-2021-41092),[ CVE-2021-41089](https://nvd.nist.gov/vuln/detail/CVE-2021-41089),[ CVE-2021-41091](https://nvd.nist.gov/vuln/detail/CVE-2021-41091))<br>* git ([CVE-2021-40330](https://nvd.nist.gov/vuln/detail/CVE-2021-40330))<br>* glibc ([CVE-2021-38604](https://nvd.nist.gov/vuln/detail/CVE-2021-38604))<br>* gnupg ([CVE-2020-25125](https://nvd.nist.gov/vuln/detail/CVE-2020-25125))<br>* libgcrypt ([CVE-2021-40528](https://nvd.nist.gov/vuln/detail/CVE-2021-40528))<br>* nettle ([CVE-2021-20305](https://nvd.nist.gov/vuln/detail/CVE-2021-20305),[ CVE-2021-3580](https://nvd.nist.gov/vuln/detail/CVE-2021-3580))<br>* polkit ([CVE-2021-3560](https://nvd.nist.gov/vuln/detail/CVE-2021-3560))<br>* sssd ([CVE-2021-3621](https://nvd.nist.gov/vuln/detail/CVE-2021-3621))<br>* util-linux ([CVE-2021-37600](https://nvd.nist.gov/vuln/detail/CVE-2021-37600))<br>* vim ([CVE-2021-3770](https://nvd.nist.gov/vuln/detail/CVE-2021-3770),[ CVE-2021-3778](https://nvd.nist.gov/vuln/detail/CVE-2021-3778),[ CVE-2021-3796](https://nvd.nist.gov/vuln/detail/CVE-2021-3796))<br>* SDK: bison ([CVE-2020-14150](https://nvd.nist.gov/vuln/detail/CVE-2020-14150),[ CVE-2020-24240](https://nvd.nist.gov/vuln/detail/CVE-2020-24240))<br>* SDK: perl ([CVE-2020-10878](https://nvd.nist.gov/vuln/detail/CVE-2020-10878))<br><br>**Bug fixes**<br><br><br><br>* arm64: the Polkit service does not crash anymore. ([flatcar-linux/Flatcar#156](https://github.com/flatcar/Flatcar/issues/156))<br>* toolbox: fixed support for multi-layered docker images ([toolbox#5](https://github.com/flatcar/toolbox/pull/5))<br>* Run emergency.target on ignition/torcx service unit failure in dracut ([bootengine#28](https://github.com/flatcar/bootengine/pull/28))<br>* Fix vim warnings on missing file, when built with USE=”minimal” ([portage-stable#260](https://github.com/flatcar/portage-stable/pull/260))<br>* The Torcx profile `docker-1.12-no` got fixed to reference the current Docker version instead of 19.03 which wasn't found on the image, causing Torcx to fail to provide Docker ([PR#1456](https://github.com/flatcar/coreos-overlay/pull/1456))<br><br>**Changes**<br><br><br><br>* Added GPIO support ([coreos-overlay#1236](https://github.com/flatcar/coreos-overlay/pull/1236))<br>* Enabled SELinux in permissive mode on ARM64 ([coreos-overlay#1245](https://github.com/flatcar/coreos-overlay/pull/1245))<br>* The `iptables` command uses the nftables kernel backend instead of the iptables backend, you can also migrate to using the `nft` tool instead of `iptables`. Containers with `iptables` binaries that use the iptables backend will result in [mixing both kernel backends](https://wiki.nftables.org/wiki-nftables/index.php/Troubleshooting#Question_4._How_do_nftables_and_iptables_interact_when_used_on_the_same_system.3F) which is supported but you have to look up the rules separately (on the host you can use the `iptables-legacy` and friends).<br><br>**Updates**<br><br><br><br>* Linux ([5.10.84](https://lwn.net/Articles/878041/))<br>* Linux Firmware ([20210919](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20210919))<br>* Docker ([20.10.9](https://docs.docker.com/engine/release-notes/#20109))<br>* Go ([1.17.5](https://go.googlesource.com/go/+/refs/tags/go1.17.5))<br>* containerd ([1.5.8](https://github.com/containerd/containerd/releases/tag/v1.5.8))<br>* systemd ([249.4](https://github.com/systemd/systemd-stable/blob/v249.4/NEWS))<br>* bash ([5.1_p8](https://lists.gnu.org/archive/html/info-gnu/2020-12/msg00003.html))<br>* binutils ([2.37](https://sourceware.org/pipermail/binutils/2021-July/117384.html))<br>* curl ([7.79.1](https://curl.se/changes.html#7_79_1))<br>* ca-certificates ([3.73](https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/vy9284s8APM))<br>* duktape ([2.6.0](https://github.com/svaarala/duktape/blob/master/doc/release-notes-v2-6.rst))<br>* ebtables ([2.0.11](https://lwn.net/Articles/806179/))<br>* git ([2.32.0](https://github.com/git/git/blob/master/Documentation/RelNotes/2.32.0.txt))<br>* gnupg ([2.2.29](https://lists.gnupg.org/pipermail/gnupg-announce/2021q3/000461.html))<br>* iptables ([1.8.7](https://lwn.net/Articles/843069/))<br>* keyutils ([1.6.1](https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/keyutils.git/tag/?h=v1.6.1))<br>* ldb ([2.3.0](https://gitlab.com/samba-team/samba/-/tags/ldb-2.3.0))<br>* libgcrypt ([1.9.4](https://dev.gnupg.org/T5402))<br>* libmnl ([1.0.4](https://marc.info/?l=netfilter-devel&m=146745072727070&w=2))<br>* libnftnl ([1.2.0](https://marc.info/?l=netfilter&m=162194376520385&w=2))<br>* libtirpc ([1.3.2](https://www.spinics.net/lists/linux-nfs/msg84129.html))<br>* lvm2 ([2.02.188](https://github.com/lvmteam/lvm2/releases/tag/v2_02_188))<br>* nettle ([3.7.3](https://lists.gnu.org/archive/html/info-gnu/2021-06/msg00002.html))<br>* nftables ([0.9.9](https://lwn.net/Articles/857369/))<br>* net-tools ([2.10](https://sourceforge.net/p/net-tools/code/ci/v2.10/tree/))<br>* openssh ([8.7_p1-r1](https://www.openssh.com/txt/release-8.7))<br>* open-vm-tools ([11.3.5](https://github.com/vmware/open-vm-tools/releases/tag/stable-11.3.5))<br>* polkit ([0.119](https://gitlab.freedesktop.org/polkit/polkit/-/blob/0.119/NEWS))<br>* realmd ([0.17.0](https://gitlab.freedesktop.org/realmd/realmd/-/tags/0.17.0))<br>* runc ([1.0.3](https://github.com/opencontainers/runc/releases/tag/v1.0.3))<br>* talloc ([2.3.2](https://gitlab.com/samba-team/samba/-/tags/talloc-2.3.2))<br>* util-linux ([2.37.2](https://github.com/karelzak/util-linux/blob/v2.37.2/NEWS))<br>* vim ([8.2.3428](https://github.com/vim/vim/releases/tag/v8.2.3428))<br>* xenstore ([4.14.2](https://xenproject.org/downloads/xen-project-archives/xen-project-4-14-series/xen-project-4-14-2/))<br>* SDK: gnuconfig (20210107)<br>* SDK: google-cloud-sdk ([355.0.0](https://groups.google.com/g/google-cloud-sdk-announce/c/HoJuttxnzNQ))<br>* SDK: meson (0.57.2)<br>* SDK: mtools (4.0.35)<br>* SDK: perl ([5.34.0](https://perldoc.perl.org/perl5340delta))<br>* SDK: Rust ([1.55.0](https://blog.rust-lang.org/2021/09/09/Rust-1.55.0.html))<br>* SDK: texinfo ([6.8](https://github.com/debian-tex/texinfo/releases/tag/upstream%2F6.8))<br><br>_Changes since **Beta 3033.1.1**_<br><br>**Security fixes**<br><br><br><br>* Linux ([CVE-2021-4002](https://nvd.nist.gov/vuln/detail/CVE-2021-4002), [CVE-2020-27820](https://nvd.nist.gov/vuln/detail/CVE-2020-27820), [CVE-2021-4001](https://nvd.nist.gov/vuln/detail/CVE-2021-4001), [CVE-2021-43975](https://nvd.nist.gov/vuln/detail/CVE-2021-43975))<br>* Go ([CVE-2021-29923](https://nvd.nist.gov/vuln/detail/CVE-2021-29923),[ CVE-2021-39293](https://nvd.nist.gov/vuln/detail/CVE-2021-39293),[ CVE-2021-38297](https://nvd.nist.gov/vuln/detail/CVE-2021-38297),[CVE-2021-39293](https://nvd.nist.gov/vuln/detail/CVE-2021-39293), [CVE-2021-44717](https://nvd.nist.gov/vuln/detail/CVE-2021-44717), [CVE-2021-44716](https://nvd.nist.gov/vuln/detail/CVE-2021-44716))<br>* ca-certificates ([CVE-2021-43527](https://nvd.nist.gov/vuln/detail/CVE-2021-43527))<br><br>**Bug fixes**<br><br><br><br>* Fix vim warnings on missing file, when built with USE=”minimal” ([portage-stable#260](https://github.com/flatcar/portage-stable/pull/260))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.84](https://lwn.net/Articles/878041/))<br>* Go ([1.17.5](https://go.googlesource.com/go/+/refs/tags/go1.17.5))<br>* ca-certificates ([3.73](https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/vy9284s8APM))<br>Packages:<br>- docker 20.10.11<br>- ignition 0.34.0<br>- kernel 5.10.84<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2021-12-15T19:36:24+00:00 @@ -262,7 +270,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2983.2.1 2983.2.1 - 2023-10-25T10:20:44.904981+00:00 + 2023-11-22T09:59:34.828815+00:00 New **Stable** Release **2983.2.1**<br><br>_Changes since **Stable 2983.2.0**_<br><br>**Security fixes**<br><br>* Linux ([CVE-2021-42739](https://nvd.nist.gov/vuln/detail/CVE-2021-42739))<br>* Docker, containerd ([CVE-2021-41190](https://nvd.nist.gov/vuln/detail/CVE-2021-41190))<br><br>**Updates**<br><br>* Linux ([5.10.80](https://lwn.net/Articles/876426/))<br>* Docker ([20.10.11](https://docs.docker.com/engine/release-notes/#20111))<br>* containerd ([1.5.8](https://github.com/containerd/containerd/releases/tag/v1.5.8))<br>* ca-certificates ([3.72](https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/7O6a4NlaI2A))<br><br>**Changes**<br><br>* Added missing SELinux rule as initial step to resolve Torcx unpacking issue ([coreos-overlay#1426](https://github.com/flatcar/coreos-overlay/pull/1426))<br>Packages:<br>- docker 20.10.11<br>- ignition 0.34.0<br>- kernel 5.10.80<br>- systemd 247<br><br>Architectures:<br>- amd64<br> 2021-11-25T11:10:38+00:00 @@ -270,7 +278,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2983.2.0 2983.2.0 - 2023-10-25T10:20:44.900180+00:00 + 2023-11-22T09:59:34.824014+00:00 New **Stable** release **2983.2.0**<br><br>Update to CGroupsV2<br><br>CGroups V2 is coming to Stable! Introduced in Alpha 2969.0.0, the feature has been stabilising for almost three months now and will be included in Stable 2983.2.0. \<br>NOTE that only new nodes will utilize CGroupsV2 by default. Existing nodes remain on CGroupsV1 and need to be manually migrated to CGroupsV2. To learn more about CGroupsV2 on Flatcar Container Linux and the migration guide, please refer to[ https://kinvolk.io/docs/flatcar-container-linux/latest/container-runtimes/switching-to-unified-cgroups/](https://kinvolk.io/docs/flatcar-container-linux/latest/container-runtimes/switching-to-unified-cgroups/)<br><br>_Changes since **Beta 2983.1.2**_<br><br>**Security fixes**<br><br><br><br>* Linux ([CVE-2021-3760](https://nvd.nist.gov/vuln/detail/CVE-2021-3760), [CVE-2021-3772](https://nvd.nist.gov/vuln/detail/CVE-2021-3772), [CVE-2021-42327](https://nvd.nist.gov/vuln/detail/CVE-2021-42327), [CVE-2021-43056](https://nvd.nist.gov/vuln/detail/CVE-2021-43056), [CVE-2021-43267](https://nvd.nist.gov/vuln/detail/CVE-2021-43267), [CVE-2021-43389](https://nvd.nist.gov/vuln/detail/CVE-2021-43389))<br>* Go ([CVE-2021-41771](https://nvd.nist.gov/vuln/detail/CVE-2021-41771),[ CVE-2021-41772](https://nvd.nist.gov/vuln/detail/CVE-2021-41772))<br><br>**Bug fixes**<br><br><br><br>* Use https protocol instead of git for Github URLs ([flatcar-linux/coreos-overlay#1394](https://github.com/flatcar/coreos-overlay/pull/1394))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.77](https://lwn.net/Articles/874852/))<br>* Go ([1.16.10](https://go.googlesource.com/go/+/refs/tags/go1.16.10))<br><br>_Changes since **Stable 2905.2.6**_<br><br>**Security fixes**<br><br><br><br>* Linux (CVE-2021-3609, [CVE-2021-3653](https://nvd.nist.gov/vuln/detail/CVE-2021-3653), CVE-2021-3655, [CVE-2021-3656](https://nvd.nist.gov/vuln/detail/CVE-2021-3656), [CVE-2021-3760](https://nvd.nist.gov/vuln/detail/CVE-2021-3760), [CVE-2021-3772](https://nvd.nist.gov/vuln/detail/CVE-2021-3772), [CVE-2020-26541](https://nvd.nist.gov/vuln/detail/CVE-2020-26541), [CVE-2021-35039](https://nvd.nist.gov/vuln/detail/CVE-2021-35039), [CVE-2021-37576](https://nvd.nist.gov/vuln/detail/CVE-2021-37576), [CVE-2021-22543](https://nvd.nist.gov/vuln/detail/CVE-2021-22543), [CVE-2021-33909](https://nvd.nist.gov/vuln/detail/CVE-2021-33909), [CVE-2021-34556](https://nvd.nist.gov/vuln/detail/CVE-2021-34556), [CVE-2021-35477](https://nvd.nist.gov/vuln/detail/CVE-2021-35477), [CVE-2021-38166](https://nvd.nist.gov/vuln/detail/CVE-2021-38166), [CVE-2021-38205](https://nvd.nist.gov/vuln/detail/CVE-2021-38205), [CVE-2021-42327](https://nvd.nist.gov/vuln/detail/CVE-2021-42327), [CVE-2021-43056](https://nvd.nist.gov/vuln/detail/CVE-2021-43056), [CVE-2021-43267](https://nvd.nist.gov/vuln/detail/CVE-2021-43267), [CVE-2021-43389](https://nvd.nist.gov/vuln/detail/CVE-2021-43389))<br>* Go ([CVE-2021-34558](https://nvd.nist.gov/vuln/detail/CVE-2021-34558), [CVE-2021-41771](https://nvd.nist.gov/vuln/detail/CVE-2021-41771),[ CVE-2021-41772](https://nvd.nist.gov/vuln/detail/CVE-2021-41772))<br>* c-ares ([CVE-2021-3672](https://nvd.nist.gov/vuln/detail/CVE-2021-3672))<br>* containerd ([CVE-2021-32760](https://nvd.nist.gov/vuln/detail/CVE-2021-32760))<br>* curl (CVE-2021-22922, CVE-2021-22923, CVE-2021-22924, CVE-2021-22925, CVE-2021-22926)<br>* dnsmasq ([CVE-2021-3448](https://nvd.nist.gov/vuln/detail/CVE-2021-3448))<br>* expat ([CVE-2013-0340](https://nvd.nist.gov/vuln/detail/CVE-2013-0340))<br>* glibc ([CVE-2020-29562](https://nvd.nist.gov/vuln/detail/CVE-2020-29562), [CVE-2019-25013](https://nvd.nist.gov/vuln/detail/CVE-2019-25013), [CVE-2020-27618](https://nvd.nist.gov/vuln/detail/https://cve.circl.lu/cve/CVE-2020-27618), [CVE-2021-27645](https://nvd.nist.gov/vuln/detail/CVE-2021-27645), [CVE-2021-33574](https://nvd.nist.gov/vuln/detail/CVE-2021-33574), [CVE-2021-35942](https://nvd.nist.gov/vuln/detail/CVE-2021-35942))<br>* libgcrypt ([CVE-2021-33560](https://nvd.nist.gov/vuln/detail/CVE-2021-33560))<br>* libpcre ([CVE-2019-20838](https://nvd.nist.gov/vuln/detail/CVE-2019-20838), [CVE-2020-14155](https://nvd.nist.gov/vuln/detail/CVE-2020-14155))<br>* libuv ([CVE-2021-22918](https://nvd.nist.gov/vuln/detail/CVE-2021-22918))<br>* mit-krb5 ([CVE-2021-36222](https://nvd.nist.gov/vuln/detail/CVE-2021-36222))<br>* NVIDIA Drivers ([CVE-2021-1090](https://nvd.nist.gov/vuln/detail/CVE-2021-1090), [CVE-2021-1093](https://nvd.nist.gov/vuln/detail/CVE-2021-1093), [CVE-2021-1094](https://nvd.nist.gov/vuln/detail/CVE-2021-1094), [CVE-2021-1095](https://nvd.nist.gov/vuln/detail/CVE-2021-1095))<br>* systemd ([CVE-2020-13529](https://nvd.nist.gov/vuln/detail/CVE-2020-13529), [CVE-2021-33910](https://nvd.nist.gov/vuln/detail/CVE-2021-33910))<br>* tar ([CVE-2021-20193](https://nvd.nist.gov/vuln/detail/CVE-2021-20193))<br><br>**Bug fixes**<br><br><br><br>* Use https protocol instead of git for Github URLs ([flatcar-linux/coreos-overlay#1394](https://github.com/flatcar/coreos-overlay/pull/1394))<br>* Skip tcsd.service for TPM2 devices to fix failures on c3.small.x86 instances of Equinix Metal ([Flatcar#208](https://github.com/flatcar/Flatcar/issues/208))<br>* Fixed containerd config after introduction of CGroupsV2 ([coreos-overlay#1214](https://github.com/flatcar/coreos-overlay/pull/1214))<br>* Fixed path for amazon-ssm-agent in base-ec2.ign ([coreos-overlay#1228](https://github.com/flatcar/coreos-overlay/pull/1228))<br>* Fixed locksmith adhering to reboot window when getting the etcd lock ([locksmith#10](https://github.com/flatcar/locksmith/pull/10))<br>* Add the systemd tag in udev for Azure storage devices, to fix /boot automount ([init#41](https://github.com/flatcar/init/pull/41))<br><br>**Changes**<br><br><br><br>* Added Azure[ Generation 2 VM](https://docs.microsoft.com/en-us/azure/virtual-machines/generation-2) support ([coreos-overlay#1198](https://github.com/flatcar/coreos-overlay/pull/1198))<br>* cgroups v2 by default for new nodes ([coreos-overlay#931](https://github.com/flatcar/coreos-overlay/pull/931)).<br>* Upgrade Docker to 20.10 ([coreos-overlay#931](https://github.com/flatcar/coreos-overlay/pull/931))<br>* Switched Docker ecosystem packages to go1.16 ([coreos-overlay#1217](https://github.com/flatcar/coreos-overlay/pull/1217))<br>* Added lbzip2 binary to the image ([coreos-overlay#1221](https://github.com/flatcar/coreos-overlay/pull/1221))<br>* flatcar-install uses lbzip2 if present, falls back on bzip2 if not ([init#46](https://github.com/flatcar/init/pull/46))<br>* Added Intel E800 series network adapter driver ([coreos-overlay#1237](https://github.com/flatcar/coreos-overlay/pull/1237))<br>* Enabled ‘audit’ use flag for sys-libs/pam ([coreos-overlay#1233](https://github.com/flatcar/coreos-overlay/pull/1233))<br>* Bumped etcd and flannel to respectively 3.5.0, 0.14.0 to get multiarch images for arm64 support. _Note for users of the old etcd v2 support_: ETCDCTL_API=2 must be set to use v2 store as well as ETCD_ENABLE_V2=true in the etcd-member.service - this support will be removed in 3.6.0 ([coreos-overlay#1179](https://github.com/flatcar/coreos-overlay/pull/1179))<br>* Support BTRFS in OEM and /usr partitions, but only used it for the OEM partition for now. Ignition configurations that refer to the OEM partition will work with any filesystem format specified, a mismatch is not resulting in a boot error. ([coreos-overlay#1106](https://github.com/flatcar/coreos-overlay/pull/1106))<br>* Switched the arm64 kernel to use a 4k page size instead of 64k<br>* Switched dm-verity corruption detection to issue a kernel panic (a panic results in a reboot after 1 minute, this was the case before already) instead of merely failing certain syscalls that try to use the corrupted data<br>* Enabled ARM64 SDK bootstrap ([flatcar-linux/scripts#134](https://github.com/flatcar/scripts/pull/134))<br>* SDK: enabled experimental ARM64 SDK usage ([flatcar-linux/scripts#134](https://github.com/flatcar/scripts/pull/134)) ([flatcar-linux/scripts#141](https://github.com/flatcar/scripts/pull/141))<br>* AWS: Added amazon-ssm-agent ([coreos-overlay#1162](https://github.com/flatcar/coreos-overlay/pull/1162))<br>* Azure: Compile OEM contents for all architectures ([coreos-overlay#1196](https://github.com/flatcar/coreos-overlay/pull/1196))<br>* update_engine: add postinstall hook to stay on cgroupv1 ([update_engine#13](https://github.com/flatcar/update_engine/pull/13))<br>* Enable telnet support for curl ([coreos-overlay#1099](https://github.com/flatcar/coreos-overlay/pull/1099))<br>* Enable ssl USE flag for wget ([coreos-overlay#932](https://github.com/flatcar/coreos-overlay/pull/932))<br>* Enable MDIO_BCM_UNIMAC for arm64 ([coreos-overlay#929](https://github.com/flatcar/coreos-overlay/pull/929))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.77](https://lwn.net/Articles/874852/))<br>* Linux firmware ([20210818](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20210818))<br>* Go ([1.16.10](https://go.googlesource.com/go/+/refs/tags/go1.16.10))<br>* c-ares ([1.17.2](https://c-ares.haxx.se/changelog.html#1_17_2))<br>* containerd ([1.5.7](https://github.com/containerd/containerd/releases/tag/v1.5.7))<br>* cryptsetup ([2.3.6](https://gitlab.com/cryptsetup/cryptsetup/-/tags/v2.3.6))<br>* curl ([7.78](https://curl.se/changes.html#7_78_0))<br>* dbus ([1.12.20](https://github.com/freedesktop/dbus/blob/ab88811768f750777d1a8b9d9ab12f13390bfd3a/NEWS#L1))<br>* docker ([20.10.10](https://docs.docker.com/engine/release-notes/#201010))<br>* docker CLI ([20.10.10](https://github.com/docker/cli/releases/tag/v20.10.10))<br>* docker proxy ([0.8.0_p20210525](https://github.com/moby/libnetwork/commit/64b7a4574d1426139437d20e81c0b6d391130ec8))<br>* dracut ([053](https://github.com/dracutdevs/dracut/releases/tag/053))<br>* etcd ([3.5.0](https://github.com/etcd-io/etcd/releases/tag/v3.5.0))<br>* expat ([2.4.1](https://www.xml.com/news/2021-05-expat-240-and-241/))<br>* gettext ([0.21-r1](https://lists.gnu.org/archive/html/info-gnu/2020-07/msg00009.html))<br>* glibc ([2.33-r5](https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7dfddd056de5f23bc29591d212f4051ed9d0634e))<br>* gptfdisk (1.0.7)<br>* flannel ([0.14.0](https://github.com/flannel-io/flannel/releases/tag/v0.14.0))<br>* intel-microcode ([20210608](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20210608))<br>* libarchive ([3.5.1](https://github.com/libarchive/libarchive/releases/tag/3.5.1))<br>* libev (4.33)<br>* libpcre (8.44)<br>* libuv ([1.41.1](https://github.com/libuv/libuv/releases/tag/v1.41.1))<br>* libverto ([0.3.1](https://github.com/latchset/libverto/releases/tag/0.3.1))<br>* lz4 ([1.9.3-r1](https://github.com/lz4/lz4/releases/tag/v1.9.3))<br>* mit-krb5 ([1.19.2](https://github.com/krb5/krb5/tree/krb5-1.19.2-final))<br>* NVIDIA Drivers ([470.57.02](https://docs.nvidia.com/datacenter/tesla/tesla-release-notes-470-57-02/index.html))<br>* pax-utils (1.3.1)<br>* portage-utils ([0.90](https://github.com/gentoo/portage-utils/releases/tag/v0.90))<br>* readline ([8.1_p1](https://tiswww.case.edu/php/chet/readline/CHANGES))<br>* runc ([1.0.2](https://github.com/opencontainers/runc/releases/tag/v1.0.2))<br>* selinux ([3.1](https://github.com/SELinuxProject/selinux/releases/tag/20200710))<br>* selinux-refpolicy ([2.20200818](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20200818))<br>* strace ([5.12](https://github.com/strace/strace/releases/tag/v5.12))<br>* systemd ([247.9](https://github.com/systemd/systemd-stable/releases/tag/v247.9))<br>* tar ([1.34](https://savannah.gnu.org/forum/forum.php?forum_id=9935))<br>* tini ([0.19](https://github.com/krallin/tini/releases/tag/v0.19.0))<br>* wa-linux-agent ([2.3.1.1](https://github.com/Azure/WALinuxAgent/releases/tag/v2.3.1.1))<br>* xz-utils ([5.2.5](https://git.tukaani.org/?p=xz.git;a=blob;f=NEWS;h=aade49443ad7ddba13bbfd9da188c99664736d80;hb=3247e95115acb95bc27f41e8cf4501db5b0b4309#l16))<br>* SDK: dnsmasq ([2.85](https://thekelleys.org.uk/dnsmasq/CHANGELOG))<br>* SDK: rust ([1.54](https://github.com/rust-lang/rust/releases/tag/1.54.0))<br>* VMWare: open-vm-tools ([11.3.0](https://github.com/vmware/open-vm-tools/releases/tag/stable-11.3.0))<br>Packages:<br>- docker 20.10.10<br>- ignition 0.34.0<br>- kernel 5.10.77<br>- systemd 247<br><br>Architectures:<br>- amd64<br> 2021-11-09T08:18:14+00:00 @@ -278,7 +286,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2905.2.6 2905.2.6 - 2023-10-25T10:20:44.887778+00:00 + 2023-11-22T09:59:34.811337+00:00 New **Stable** release **2905.2.6**<br><br>_Changes since **Stable 2905.2.5**_<br><br>**Security fixes**<br><br><br><br>* Linux ([CVE-2021-3764](https://nvd.nist.gov/vuln/detail/CVE-2021-3764), [CVE-2021-3744](https://nvd.nist.gov/vuln/detail/CVE-2021-3744), [CVE-2021-38300](https://nvd.nist.gov/vuln/detail/CVE-2021-38300), [CVE-2021-20321](https://nvd.nist.gov/vuln/detail/CVE-2021-20321), [CVE-2021-41864](https://nvd.nist.gov/vuln/detail/CVE-2021-41864))<br>* containerd ([CVE-2021-41103](https://nvd.nist.gov/vuln/detail/CVE-2021-41103))<br><br>**Bux fixes**<br><br><br><br>* The tcsd service for TPM 1 is not started on machines with TPM 2 anymore where it fails and isn’t necessary ([flatcar-linux/coreos-overlay#1364](https://github.com/flatcar/coreos-overlay/pull/1364))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.75](https://lwn.net/Articles/873465/))<br>* ca-certificates ([3.69.1](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_69_1.html#nss-3-69-1-release-notes))<br>* containerd ([1.5.7](https://github.com/containerd)<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.10.75<br>- systemd 247<br><br>Architectures:<br>- amd64<br> 2021-10-25T15:56:47+00:00 @@ -286,7 +294,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2905.2.5 2905.2.5 - 2023-10-25T10:20:44.882840+00:00 + 2023-11-22T09:59:34.806314+00:00 New **Stable** release **2905.2.5**<br><br>_Changes since **Stable 2905.2.4**_<br><br>**Security fixes**<br><br>* Linux ([CVE-2021-41073](https://nvd.nist.gov/vuln/detail/CVE-2021-41073), [CVE-2020-16119](https://nvd.nist.gov/vuln/detail/CVE-2020-16119))<br><br>**Bug fixes**<br><br>* The Mellanox NIC Linux driver issue introduced in the previous release was fixed ([Flatcar#520](https://github.com/flatcar/Flatcar/issues/520))<br><br>**Updates**<br><br>* Linux ([5.10.69](https://lwn.net/Articles/870544/))<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.10.69<br>- systemd 247<br><br>Architectures:<br>- amd64<br> 2021-09-30T16:21:29+00:00 @@ -294,7 +302,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2905.2.4 2905.2.4 - 2023-10-25T10:20:44.878312+00:00 + 2023-11-22T09:59:34.801696+00:00 <br>New **Stable** release **2905.2.4**<br><br>_Changes since **Stable 2905.2.3**_<br><br>**Security fixes**<br><br><br><br>* Linux ([CVE-2021-3753](https://nvd.nist.gov/vuln/detail/CVE-2021-3753),[ CVE-2021-3739](https://nvd.nist.gov/vuln/detail/CVE-2021-3739), [CVE-2021-40490](https://nvd.nist.gov/vuln/detail/CVE-2021-40490))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.67](https://lwn.net/Articles/869749/))<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.10.67<br>- systemd 247<br><br>Architectures:<br>- amd64<br> 2021-09-27T08:32:01+00:00 @@ -302,7 +310,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2905.2.3 2905.2.3 - 2023-10-25T10:20:44.873842+00:00 + 2023-11-22T09:59:34.797167+00:00 New **Stable** release **2905.2.3**<br><br>_Changes since **Stable 2905.2.2**_<br><br>**Security fixes**<br><br><br><br>* Linux ([CVE-2021-3653](https://nvd.nist.gov/vuln/detail/CVE-2021-3653), [CVE-2021-3656](https://nvd.nist.gov/vuln/detail/CVE-2021-3656), [CVE-2021-38166](https://nvd.nist.gov/vuln/detail/CVE-2021-38166)) <br>* openssl ([CVE-2021-3711](https://nvd.nist.gov/vuln/detail/CVE-2021-3711), [CVE-2021-3712](https://nvd.nist.gov/vuln/detail/CVE-2021-3712))<br><br>**Bug Fixes**<br><br><br><br>* Re-enabled kernel config FS_ENCRYPTION ([coreos-overlay#1212](https://github.com/kinvolk/coreos-overlay/pull/1212/))<br>* Fixed Perl in dev-container ([coreos-overlay#1238](https://github.com/kinvolk/coreos-overlay/pull/1238))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.61](https://lwn.net/Articles/867497/))<br>* openssl ([1.1.1l](https://mta.openssl.org/pipermail/openssl-announce/2021-August/000206.html))<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.10.61<br>- systemd 247<br><br>Architectures:<br>- amd64<br> 2021-09-01T14:15:46+00:00 @@ -310,7 +318,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2905.2.2 2905.2.2 - 2023-10-25T10:20:44.869040+00:00 + 2023-11-22T09:59:34.792291+00:00 _Changes since **Stable**_ **2905.2.1**<br><br>**Security fixes**<br><br><br><br>* Linux ([CVE-2021-34556](https://nvd.nist.gov/vuln/detail/CVE-2021-34556), [CVE-2021-35477](https://nvd.nist.gov/vuln/detail/CVE-2021-35477), [CVE-2021-38205](https://nvd.nist.gov/vuln/detail/CVE-2021-38205))<br>* Go ([CVE-2021-36221](https://nvd.nist.gov/vuln/detail/CVE-2021-36221))<br>* Systemd ([CVE-2020-13529](https://nvd.nist.gov/vuln/detail/CVE-2020-13529), [CVE-2021-33910](https://nvd.nist.gov/vuln/detail/CVE-2021-33910))<br><br>**Bug Fixes**<br><br><br><br>* Fixed `pam.d` sssd LDAP auth with sudo ([coreos-overlay#1170](https://github.com/kinvolk/coreos-overlay/pull/1170))<br>* Let network-cleanup.service finish before entering rootfs ([coreos-overlay#1182](https://github.com/kinvolk/coreos-overlay/pull/1182))<br><br>**Changes**<br><br><br><br>* Switched to zstd for the initramfs ([coreos-overlay#1136](https://github.com/kinvolk/coreos-overlay/pull/1136))<br>* Embedded new subkey in flatcar-install ([coreos-overlay#1180](https://github.com/kinvolk/coreos-overlay/pull/1180))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.59](https://lwn.net/Articles/866302/))<br>* Systemd ([247.9](https://github.com/systemd/systemd-stable/releases/tag/v247.9))<br>* Go ([1.16.7](https://golang.org/doc/devel/release#go1.16.minor))<br>* portage-utils ([0.90](https://github.com/gentoo/portage-utils/releases/tag/v0.90))<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.10.59<br>- systemd 247<br><br>Architectures:<br>- amd64<br> 2021-08-19T13:36:44+00:00 @@ -318,7 +326,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2905.2.1 2905.2.1 - 2023-10-25T10:20:44.863888+00:00 + 2023-11-22T09:59:34.787130+00:00 **Security fixes**<br><br>* Linux ([CVE-2021-37576](https://nvd.nist.gov/vuln/detail/CVE-2021-37576))<br><br>**Bug fixes**<br><br>* Set the cilium_vxlan interface to be not managed by networkd's default setup with DHCP as it's managed by Cilium. ([init#43](https://github.com/kinvolk/init/pull/43))<br>* Disabled SELinux by default on `dockerd` wrapper script ([coreos-overlay#1149](https://github.com/kinvolk/coreos-overlay/pull/1149))<br>* GCE: Granted CAP_NET_ADMIN to set routes for the TCP LB when starting oem-gce.service ([coreos-overlay#1146](https://github.com/kinvolk/coreos-overlay/pull/1146))<br><br>**Updates**<br><br>* Linux ([5.10.55](https://lwn.net/Articles/864901/))<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.10.55<br>- systemd 247<br><br>Architectures:<br>- amd64<br> 2021-08-04T13:24:56+00:00 @@ -326,7 +334,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2905.2.0 2905.2.0 - 2023-10-25T10:20:44.859130+00:00 + 2023-11-22T09:59:34.782314+00:00 _Changes since **Beta 2905.1.0**_<br><br>**Security Fixes**<br><br><br><br>* containerd ([CVE-2021-32760](https://nvd.nist.gov/vuln/detail/CVE-2021-32760))<br>* curl (CVE-2021-22922, CVE-2021-22923, CVE-2021-22924, CVE-2021-22925, CVE-2021-22926)<br>* linux ([CVE-2020-26541](https://nvd.nist.gov/vuln/detail/CVE-2020-26541), [CVE-2021-35039](https://nvd.nist.gov/vuln/detail/CVE-2021-35039), [CVE-2021-22543](https://nvd.nist.gov/vuln/detail/CVE-2021-22543), CVE-2021-3609, CVE-2021-3655, [CVE-2021-33909](https://nvd.nist.gov/vuln/detail/CVE-2021-33909))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.52](https://lwn.net/Articles/863648/))<br>* curl ([7.78](https://curl.se/changes.html#7_78_0))<br>* containerd ([1.5.4](https://github.com/containerd/containerd/releases/tag/v1.5.4))<br><br>_Changes since **Stable 2765.2.6**_<br><br>**Security Fixes:**<br><br><br><br>* Linux ([CVE-2020-26541](https://nvd.nist.gov/vuln/detail/CVE-2020-26541), [CVE-2021-35039](https://nvd.nist.gov/vuln/detail/CVE-2021-35039), [CVE-2021-22543](https://nvd.nist.gov/vuln/detail/CVE-2021-22543), CVE-2021-3609, CVE-2021-3655, [CVE-2021-33909](https://nvd.nist.gov/vuln/detail/CVE-2021-33909), [CVE-2021-34693](https://nvd.nist.gov/vuln/detail/CVE-2021-34693), [CVE-2021-33624](https://nvd.nist.gov/vuln/detail/CVE-2021-33624))<br>* containerd ([CVE-2021-32760](https://nvd.nist.gov/vuln/detail/CVE-2021-32760))<br>* curl (CVE-2021-22922, CVE-2021-22923, CVE-2021-22924, CVE-2021-22925, CVE-2021-22926)<br>* boost ([CVE-2012-2677](https://nvd.nist.gov/vuln/detail/CVE-2012-2677))<br>* Docker ([CVE-2021-21285](https://nvd.nist.gov/vuln/detail/CVE-2021-21285),[ CVE-2021-21284](https://nvd.nist.gov/vuln/detail/CVE-2021-21284))<br>* c-ares ([CVE-2020-8277](https://nvd.nist.gov/vuln/detail/CVE-2020-8277))<br>* coreutils ([CVE-2017-7476](https://nvd.nist.gov/vuln/detail/CVE-2017-7476))<br>* dbus ([CVE-2020-35512](https://nvd.nist.gov/vuln/detail/CVE-2020-35512))<br>* dnsmasq ([CVE-2020-25681](https://nvd.nist.gov/vuln/detail/CVE-2020-25681),[ CVE-2020-25682](https://nvd.nist.gov/vuln/detail/CVE-2020-25682),[ CVE-2020-25683](https://nvd.nist.gov/vuln/detail/CVE-2020-25683),[ CVE-2020-25684](https://nvd.nist.gov/vuln/detail/CVE-2020-25683),[ CVE-2020-25685](https://nvd.nist.gov/vuln/detail/CVE-2020-25685),[ CVE-2020-25686](https://nvd.nist.gov/vuln/detail/CVE-2020-25686),[ CVE-2020-25687](https://nvd.nist.gov/vuln/detail/CVE-2020-25687))<br>* git ([CVE-2021-21300](https://nvd.nist.gov/vuln/detail/CVE-2021-21300))<br>* glib ([CVE-2021-28153](https://nvd.nist.gov/vuln/detail/CVE-2021-28153),[ CVE-2021-27218](https://nvd.nist.gov/vuln/detail/CVE-2021-27218),[ CVE-2021-27219](https://nvd.nist.gov/vuln/detail/CVE-2021-27219))<br>* gnutls ([CVE-2021-20231](https://nvd.nist.gov/vuln/detail/CVE-2021-20231),[ CVE-2021-20232](https://nvd.nist.gov/vuln/detail/CVE-2021-20232))<br>* intel-microcode ([CVE-2020-8696](https://nvd.nist.gov/vuln/detail/CVE-2020-8696),[ CVE-2020-8698](https://nvd.nist.gov/vuln/detail/CVE-2020-8698))<br>* libxml2 ([CVE-2021-3516](https://nvd.nist.gov/vuln/detail/CVE-2021-3516),[CVE-2021-3517](https://nvd.nist.gov/vuln/detail/CVE-2021-3517),[CVE-2021-3518](https://nvd.nist.gov/vuln/detail/CVE-2021-3518),CVE-2021-3541)<br>* ncurses ([CVE-2019-17594](https://nvd.nist.gov/vuln/detail/CVE-2019-17594),[ CVE-2019-17595](https://nvd.nist.gov/vuln/detail/CVE-2019-17595))<br>* openldap ([CVE-2020-36221](https://nvd.nist.gov/vuln/detail/CVE-2020-36221),[ CVE-2020-36222](https://nvd.nist.gov/vuln/detail/CVE-2020-36222),[ CVE-2020-36223](https://nvd.nist.gov/vuln/detail/CVE-2020-36223),[ CVE-2020-36224](https://nvd.nist.gov/vuln/detail/-2020-36224),[ CVE-2020-36225](https://nvd.nist.gov/vuln/detail/CVE-2020-36225),[ CVE-2020-36226](https://nvd.nist.gov/vuln/detail/CVE-2020-36226),[ CVE-2020-36227](https://nvd.nist.gov/vuln/detail/CVE-2020-36227),[ CVE-2020-36228](https://nvd.nist.gov/vuln/detail/CVE-2020-36228),[ CVE-2020-36229](https://nvd.nist.gov/vuln/detail/CVE-2020-36229),[ CVE-2020-36230](https://nvd.nist.gov/vuln/detail/CVE-2020-36230))<br>* samba ([CVE-2020-14318](https://nvd.nist.gov/vuln/detail/CVE-2020-14318),[ CVE-2020-14323](https://nvd.nist.gov/vuln/detail/CVE-2020-14323),[ CVE-2020-14383](https://nvd.nist.gov/vuln/detail/CVE-2020-14383))<br>* sqlite ([CVE-2021-20227](https://nvd.nist.gov/vuln/detail/CVE-2021-20227))<br>* binutils ([CVE-2021-20197](https://nvd.nist.gov/vuln/detail/CVE-2021-20197),[CVE-2021-3487](https://nvd.nist.gov/vuln/detail/CVE-2021-3487))<br><br>**Bug Fixes:**<br><br><br><br>* passwd: use correct GID for tss ([baselayout#15](https://github.com/kinvolk/baselayout/pull/15))<br>* flatcar-eks: add missing mkdir and update to latest versions ([coreos-overlay#817](https://github.com/kinvolk/coreos-overlay/pull/817))<br>* gmerge: Stop installing gmerge script ([coreos-overlay#828](https://github.com/kinvolk/coreos-overlay/pull/828))<br>* Add explicit path to the binary call in the coreos-metadata unit file ([Issue #360](https://github.com/kinvolk/Flatcar/issues/360))<br>* Fix the patch to update DefaultTasksMax in systemd ([coreos-overlay#971](https://github.com/kinvolk/coreos-overlay/pull/971))<br><br>**Changes**<br><br><br><br>* Docker: disabled SELinux support in the Docker daemon<br>* The pam_faillock PAM module was enabled as replacement for the removed pam_tally2 module and will temporarily lock an account if there were login attempts with a wrong password. The faillock command can be used to show the current state. With pam_tally2 there was no limit for wrong password login attempts but with faillock the default is already restricting the attempts. The default behavior was relaxed to allow 5 wrong passwords per two minutes, and a one minute account lock time. This does not apply to logins with an SSH key. ([baselayout#17](https://github.com/kinvolk/baselayout/pull/17))<br>* The etcd and flannel services are now run with Docker and any rkt-based customizations of the etcd-member and flanneld services not supported anymore. Also, because the flanneld service relies on Docker and will restart Docker after applying the new configuration, it is not possible anymore to set Requires=flanneld.service for docker.service and instead it’s enough to have flanneld.service enabled. ([coreos-overlay#857](https://github.com/kinvolk/coreos-overlay/pull/857))<br>* toolbox: replace rkt with docker ([coreos-overlay#881](https://github.com/kinvolk/coreos-overlay/pull/881))<br>* flatcar-install: add parameters to make wget more resilient ([init#35](https://github.com/kinvolk/init/pull/35))<br>* flatcar-install: Add -D flag to only download the image file ([Flatcar#248](https://github.com/kinvolk/Flatcar/issues/248))<br>* flatcar-install: Detect device mapper (e.g., LVM/LUKS) usage when searching for free drives with the -s flag ([Flatcar#332](https://github.com/kinvolk/Flatcar/issues/332))<br>* motd: Add OEM information to motd output ([init#34](https://github.com/kinvolk/init/pull/34))<br>* open-iscsi: Command substitution in iscsi-init system service ([coreos-overlay#801](https://github.com/kinvolk/coreos-overlay/pull/801))<br>* sshd: use secure crypto algos only ([kinvolk/coreos-overlay#852](https://github.com/kinvolk/coreos-overlay/pull/852))<br>* kernel: enable kernel config CONFIG_BPF_LSM ([kinvolk/coreos-overlay#846](https://github.com/kinvolk/coreos-overlay/pull/846))<br>* bootengine: set hostname for EC2 and OpenStack from metadata ([kinvolk/coreos-overlay#848](https://github.com/kinvolk/coreos-overlay/pull/848))<br>* Make the hostname setting units optional. Having the hostname units as required by the initrd.target meant that if the unit failed the machine wouldn’t start, disrupting the whole boot. ([bootengine#23](https://github.com/kinvolk/bootengine/pull/23))<br>* Enable using iSCSI netroot devices on Flatcar ([bootengine#22](https://github.com/kinvolk/bootengine/pull/22))<br>* systemd-networkd: Do not manage loopback network interface ([bootengine#24 init#40](https://github.com/kinvolk/bootengine/pull/24))<br>* containerd: Removed the containerd-stress binary ([coreos-overlay#858](https://github.com/kinvolk/coreos-overlay/pull/858))<br>* dhcpcd: Removed the dhcpcd binary from the image, systemd-networkd is the only DHCP client ([coreos-overlay#858](https://github.com/kinvolk/coreos-overlay/pull/858))<br>* samba: Update to EAPI=7, add new USE flags and remove deps on icu ([kinvolk/coreos-overlay#864](https://github.com/kinvolk/coreos-overlay/pull/864))<br>* GCE: The oem-gce.service was ported to use systemd-nspawn instead of rkt. A one-time action is required to fetch the new service file because the OEM partition is not updated: sudo curl -s -S -f -L -o /etc/systemd/system/oem-gce.service https://raw.githubusercontent.com/kinvolk/coreos-overlay/fe7b0047ef5b634ebe04c9627bbf1ce3008ee5fa/coreos-base/oem-gce/files/units/oem-gce.service && sudo systemctl daemon-reload && sudo systemctl restart oem-gce.service<br>* SDK: update portage and related packages to newer versions ([coreos-overlay#840](https://github.com/kinvolk/coreos-overlay/pull/840))<br>* SDK: Drop jobs parameter in flatcar-scripts ([flatcar-scripts#121](https://github.com/kinvolk/flatcar-scripts/pull/121))<br>* SDK: delete Go 1.6 ([coreos-overlay#827](https://github.com/kinvolk/coreos-overlay/pull/827))<br>* Update sys-apps/coreutils and make sure they have split-usr disabled for generic images ([coreos-overlay#829](https://github.com/kinvolk/coreos-overlay/pull/829))<br>* systemd: Fix unit installation ([coreos-overlay#810](https://github.com/kinvolk/coreos-overlay/pull/810))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.52](https://lwn.net/Articles/863648/))<br>* Linux firmware ([20210511](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20210511))<br>* boost ([1.75.0](https://www.boost.org/users/history/version_1_75_0.html))<br>* docker ([19.03.15](https://docs.docker.com/engine/release-notes/19.03/#190315))<br>* c-ares ([1.17.1](https://c-ares.haxx.se/changelog.html#1_17_1))<br>* curl ([7.78](https://curl.se/changes.html#7_78_0))<br>* containerd ([1.5.4](https://github.com/containerd/containerd/releases/tag/v1.5.4))<br>* coreutils ([8.32](https://git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?h=v8.32))<br>* cri-tools ([1.19.0](https://github.com/kubernetes-sigs/cri-tools/releases/tag/v1.19.0))<br>* dbus ([1.10.32](https://lists.freedesktop.org/archives/ftp-release/2020-July/000759.html))<br>* dnsmasq ([2.83](https://thekelleys.org.uk/dnsmasq/CHANGELOG))<br>* go ([1.16.5](https://go.googlesource.com/go/+/refs/tags/go1.16.5))<br>* git ([2.26.3](https://raw.githubusercontent.com/git/git/v2.26.3/Documentation/RelNotes/2.26.3.txt))<br>* glib ([2.66.8](https://gitlab.gnome.org/GNOME/glib/-/releases/2.66.8))<br>* gnutls ([3.7.1](https://gitlab.com/gnutls/gnutls/-/tags/3.7.1))<br>* intel-microcode ([20210216](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20210216))<br>* libxml2 ([2.9.12](https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.9.12))<br>* multipath-tools ([0.8.5](https://github.com/opensvc/multipath-tools/releases/tag/0.8.5))<br>* ncurses ([6.2](https://invisible-island.net/ncurses/announce-6.2.html))<br>* open-iscsi ([2.1.4](https://github.com/open-iscsi/open-iscsi/releases/tag/2.1.4))<br>* openldap ([2.4.58](https://www.openldap.org/software/release/announce.html))<br>* openssh ([8.6_p1](https://www.openssh.com/txt/release-8.6))<br>* runc ([1.0.0_rc95](https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc95))<br>* samba ([4.12.9](https://www.samba.org/samba/history/samba-4.12.9.html))<br>* sqlite ([3.34.1](https://www.sqlite.org/releaselog/3_34_1.html))<br>* systemd ([247.6](https://github.com/systemd/systemd-stable/releases/tag/v247.6))<br>* zstd ([1.4.9](https://github.com/facebook/zstd/releases/tag/v1.4.9))<br>* SDK: Rust ([1.52.1](https://blog.rust-lang.org/2021/05/10/Rust-1.52.1.html))<br>* SDK: QEMU ([5.2.0](https://wiki.qemu.org/ChangeLog/5.2))<br>* SDK: cmake ([3.18.5](https://cmake.org/cmake/help/latest/release/3.18.html#id1))<br>* SDK: binutils ([2.36.1](https://sourceware.org/pipermail/binutils/2021-February/115240.html))<br><br>**Deprecation**<br><br><br><br>* docker-1.12, rkt and kubelet-wrapper are deprecated and removed from Stable, also from subsequent channels in the future. Please read the[ removal announcement](https://groups.google.com/g/flatcar-linux-user/c/MeinndLqJO4) to know more<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.10.52<br>- systemd 247<br><br>Architectures:<br>- amd64<br> 2021-07-28T08:25:15+00:00 @@ -334,7 +342,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2765.2.6 2765.2.6 - 2023-10-25T10:20:44.846466+00:00 + 2023-11-22T09:59:34.769673+00:00 <br>**Security fixes**<br><br><br><br>* Linux ([CVE-2020-26558](https://nvd.nist.gov/vuln/detail/CVE-2020-26558), [CVE-2021-0129](https://nvd.nist.gov/vuln/detail/CVE-2021-0129), [CVE-2020-24587](https://nvd.nist.gov/vuln/detail/CVE-2020-24587), [CVE-2020-24586](https://nvd.nist.gov/vuln/detail/CVE-2020-24586), [CVE-2020-24588](https://nvd.nist.gov/vuln/detail/CVE-2020-24588), [CVE-2020-26139](https://nvd.nist.gov/vuln/detail/CVE-2020-26139), [CVE-2020-26145](https://nvd.nist.gov/vuln/detail/CVE-2020-26145), [CVE-2020-26147](https://nvd.nist.gov/vuln/detail/CVE-2020-26147), [CVE-2020-26141](https://nvd.nist.gov/vuln/detail/CVE-2020-26141), [CVE-2021-3564](https://nvd.nist.gov/vuln/detail/CVE-2021-3564), [CVE-2021-28691](https://nvd.nist.gov/vuln/detail/CVE-2021-28691), [CVE-2021-3587](https://nvd.nist.gov/vuln/detail/CVE-2021-3587), [CVE-2021-3573](https://nvd.nist.gov/vuln/detail/CVE-2021-3573))<br><br>**Bug fixes**<br><br><br><br>* Update-engine sent empty requests when restarted before a pending reboot ([Flatcar#388](https://github.com/kinvolk/Flatcar/issues/388))<br>* motd login prompt list of failed services: The output of "systemctl list-units --state=failed --no-legend" contains a bullet point which is not expected and ended up being taken as the unit name of failed units which was previously on the start of the line. Filtered the bullet point out to stay compatible with the old behavior in case upstream would remove the bullet point again. ([coreos-overlay#1042](https://github.com/kinvolk/coreos-overlay/pull/1042))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.43](https://lwn.net/Articles/859022/))<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.10.43<br>- systemd 247<br><br>Architectures:<br>- amd64<br> 2021-06-17T10:32:06+00:00 @@ -342,7 +350,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2765.2.5 2765.2.5 - 2023-10-25T10:20:44.841175+00:00 + 2023-11-22T09:59:34.764274+00:00 **Bug fixes**<br><br>* The Linux kernel IOMMU-related crash introduced in the 5.10.37 update got fixed through the 5.10.38 update ([Flatcar#400](https://github.com/kinvolk/Flatcar/issues/400))<br><br>**Updates**<br><br>* Linux ([5.10.38](https://lwn.net/Articles/856654/))<br><br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.10.38<br>- systemd 247<br><br>Architectures:<br>- amd64<br> 2021-05-21T12:08:45+00:00 @@ -350,7 +358,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2765.2.4 2765.2.4 - 2023-10-25T10:20:44.836740+00:00 + 2023-11-22T09:59:34.759890+00:00 **Security fixes**<br><br>* Linux ([CVE-2021-3491](https://nvd.nist.gov/vuln/detail/CVE-2021-3491), [CVE-2021-31440](https://nvd.nist.gov/vuln/detail/CVE-2021-31440), [CVE-2021-31829](https://nvd.nist.gov/vuln/detail/CVE-2021-31829))<br>* nvidia-drivers ([CVE-2021-1052](https://nvd.nist.gov/vuln/detail/CVE-2021-1052), [CVE-2021-1053](https://nvd.nist.gov/vuln/detail/CVE-2021-1053), [CVE-2021-1056](https://nvd.nist.gov/vuln/detail/CVE-2021-1056), [CVE-2021-1076](https://nvd.nist.gov/vuln/detail/CVE-2021-1076), [CVE-2021-1077](https://nvd.nist.gov/vuln/detail/CVE-2021-1077))<br>* runc ([CVE-2021-30465](https://nvd.nist.gov/vuln/detail/CVE-2021-30465))<br><br>**Updates**<br><br>* Linux ([5.10.37](https://lwn.net/Articles/856269/))<br>* nvidia-drivers ([460.73.01](https://www.nvidia.com/Download/driverResults.aspx/172376/en-us))<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.10.37<br>- systemd 247<br><br>Architectures:<br>- amd64<br> 2021-05-19T11:38:16+00:00 @@ -358,7 +366,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2765.2.3 2765.2.3 - 2023-10-25T10:20:44.832098+00:00 + 2023-11-22T09:59:34.755174+00:00 <br>**Security fixes**<br><br><br><br>* Linux ([CVE-2021-28964](https://nvd.nist.gov/vuln/detail/CVE-2021-28964), [CVE-2021-28972](https://nvd.nist.gov/vuln/detail/CVE-2021-28972), [CVE-2021-28971](https://nvd.nist.gov/vuln/detail/CVE-2021-28971), [CVE-2021-28951](https://nvd.nist.gov/vuln/detail/CVE-2021-28951), [CVE-2021-28952](https://nvd.nist.gov/vuln/detail/CVE-2021-28952), [CVE-2021-29266](https://nvd.nist.gov/vuln/detail/CVE-2021-29266), [CVE-2021-28688](https://nvd.nist.gov/vuln/detail/CVE-2021-28688), [CVE-2021-29264](https://nvd.nist.gov/vuln/detail/CVE-2021-29264), [CVE-2021-29649](https://nvd.nist.gov/vuln/detail/CVE-2021-29649), [CVE-2021-29650](https://nvd.nist.gov/vuln/detail/CVE-2021-29650), [CVE-2021-29646](https://nvd.nist.gov/vuln/detail/CVE-2021-29646), [CVE-2021-29647](https://nvd.nist.gov/vuln/detail/CVE-2021-29647), [CVE-2021-29154](https://nvd.nist.gov/vuln/detail/CVE-2021-29154), [CVE-2021-29155](https://nvd.nist.gov/vuln/detail/CVE-2021-29155), [CVE-2021-23133](https://nvd.nist.gov/vuln/detail/CVE-2021-23133))<br><br>**Bug fixes**<br><br><br><br>* Fix the patch to update DefaultTasksMax in systemd ([coreos-overlay#971](https://github.com/kinvolk/coreos-overlay/pull/971))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.32](https://lwn.net/Articles/853762/))<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.10.32<br>- systemd 247<br><br>Architectures:<br>- amd64<br> 2021-04-28T13:36:47+00:00 @@ -366,7 +374,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2765.2.2 2765.2.2 - 2023-10-25T10:20:44.827169+00:00 + 2023-11-22T09:59:34.750075+00:00 **Security fixes**<br><br><br><br>* Linux ([CVE-2021-27365](https://nvd.nist.gov/vuln/detail/CVE-2021-27365), [CVE-2021-27364](https://nvd.nist.gov/vuln/detail/CVE-2021-27364), [CVE-2021-27363](https://nvd.nist.gov/vuln/detail/CVE-2021-27363), [CVE-2021-28038](https://nvd.nist.gov/vuln/detail/CVE-2021-28038),[CVE-2021-28039](https://nvd.nist.gov/vuln/detail/CVE-2021-28039), [CVE-2021-28375](https://nvd.nist.gov/vuln/detail/CVE-2021-28375), [CVE-2021-28660](https://nvd.nist.gov/vuln/detail/CVE-2021-28660), [CVE-2021-27218](https://nvd.nist.gov/vuln/detail/CVE-2021-27218), [CVE-2021-27219](https://nvd.nist.gov/vuln/detail/CVE-2021-27219))<br>* openssl ([CVE-2021-23840](https://nvd.nist.gov/vuln/detail/CVE-2021-23840),[ CVE-2021-23841](https://nvd.nist.gov/vuln/detail/CVE-2021-23841), [CVE-2020-1971](https://nvd.nist.gov/vuln/detail/CVE-2020-1971),[ CVE-2021-23840](https://nvd.nist.gov/vuln/detail/CVE-2021-23840),[ CVE-2021-23841](https://nvd.nist.gov/vuln/detail/CVE-2021-23841), [CVE-2021-3449](https://nvd.nist.gov/vuln/detail/CVE-2021-3449),[ CVE-2021-3450](https://nvd.nist.gov/vuln/detail/CVE-2021-3450))<br><br>**Bug Fixes**<br><br><br><br>* GCE: The old interface name ens4v1 which was replaced by eth0 due to a broken udev rule was restored, but now as alternative interface name, and eth0 will stay the primary name for consistency across cloud environments. ([init#38](https://github.com/kinvolk/init/pull/38))<br><br>**Changes**<br><br><br><br>* The virtio network interfaces got predictable interface names as alternative interface names, and thus these names can also be used to match for a specific interface in case there is more than one and the eth0 and eth1 name assignment is not stable. ([init#38](https://github.com/kinvolk/init/pull/38))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.25](https://lwn.net/Articles/849951/))<br>* openssl ([1.1.1k](https://mta.openssl.org/pipermail/openssl-announce/2021-March/000197.html))<br>* open-iscsi ([2.1.4](https://github.com/open-iscsi/open-iscsi/releases/tag/2.1.4))<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.10.25<br>- systemd 247<br><br>Architectures:<br>- amd64<br> 2021-03-25T15:39:33+00:00 @@ -374,7 +382,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2765.2.1 2765.2.1 - 2023-10-25T10:20:44.821617+00:00 + 2023-11-22T09:59:34.744309+00:00 **Security fixes**<br><br>* Linux - ([CVE-2020-25639](https://nvd.nist.gov/vuln/detail/CVE-2020-25639), [CVE-2021-27365](https://nvd.nist.gov/vuln/detail/CVE-2021-27365), [CVE-2021-27364](https://nvd.nist.gov/vuln/detail/CVE-2021-27364), [CVE-2021-27363](https://nvd.nist.gov/vuln/detail/CVE-2021-27363), [CVE-2021-28038](https://nvd.nist.gov/vuln/detail/CVE-2021-28038), [CVE-2021-28039](https://nvd.nist.gov/vuln/detail/CVE-2021-28039))<br>* containerd ([GHSA-6g2q-w5j3-fwh4](https://github.com/containerd/containerd/security/advisories/GHSA-6g2q-w5j3-fwh4))<br><br>**Bug fixes**<br><br>* Include firmware files for all modules shipped in our image ([Issue #359](https://github.com/kinvolk/Flatcar/issues/359), [PR #887](https://github.com/kinvolk/coreos-overlay/pull/887))<br>* Add explicit path to the binary call in the coreos-metadata unit file ([Issue #360](https://github.com/kinvolk/Flatcar/issues/360))<br><br>**Updates**<br><br>* Linux ([5.10.21](https://lwn.net/Articles/848617/))<br>* Containerd ([1.4.4](https://github.com/containerd/containerd/releases/tag/v1.4.4))<br><br><br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.10.21<br>- systemd 247<br><br>Architectures:<br>- amd64<br> 2021-03-11T09:19:31+00:00 @@ -382,7 +390,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2765.2.0 2765.2.0 - 2023-10-25T10:20:44.816723+00:00 + 2023-11-22T09:59:34.739360+00:00 **Security fixes**<br><br><br><br>* Linux ([CVE-2021-26931](https://nvd.nist.gov/vuln/detail/CVE-2021-26931), [CVE-2021-26930](https://nvd.nist.gov/vuln/detail/CVE-2021-26930), [CVE-2021-26932](https://nvd.nist.gov/vuln/detail/CVE-2021-26932))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.19](https://lwn.net/Articles/847589/))<br><br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.10.19<br>- systemd 247<br><br>Architectures:<br>- amd64<br> 2021-03-03T14:58:35+00:00 @@ -390,7 +398,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2605.9.0 2605.9.0 - 2023-10-25T10:20:44.812337+00:00 + 2023-11-22T09:59:34.734821+00:00 Security fixes:<br><br>* containerd ([CVE-2020-15257](https://nvd.nist.gov/vuln/detail/CVE-2020-15257))<br>* glibc ([CVE-2019-9169](https://nvd.nist.gov/vuln/detail/CVE-2019-9169),[ CVE-2019-6488](https://nvd.nist.gov/vuln/detail/CVE-2019-6488),[ CVE-2019-7309](https://nvd.nist.gov/vuln/detail/CVE-2019-7309),[ CVE-2020-10029](https://nvd.nist.gov/vuln/detail/CVE-2020-10029),[ CVE-2020-1751](https://nvd.nist.gov/vuln/detail/CVE-2020-1751),[ CVE-2020-6096](https://nvd.nist.gov/vuln/detail/CVE-2020-6096),[ CVE-2018-20796](https://nvd.nist.gov/vuln/detail/CVE-2018-20796))<br>* Linux ([CVE-2020-28941](https://nvd.nist.gov/vuln/detail/CVE-2020-28941), [CVE-2020-4788](https://nvd.nist.gov/vuln/detail/CVE-2020-4788), [CVE-2020-25669](https://nvd.nist.gov/vuln/detail/CVE-2020-25669), [CVE-2020-14351](https://nvd.nist.gov/vuln/detail/CVE-2020-14351))<br>* glib ([CVE-2019-12450](https://nvd.nist.gov/vuln/detail/CVE-2019-12450))<br>* open-iscsi ([CVE-2017-17840](https://nvd.nist.gov/vuln/detail/CVE-2017-17840))<br>* samba ([CVE-2019-10197](https://nvd.nist.gov/vuln/detail/CVE-2019-10197),[ CVE-2020-10704](https://nvd.nist.gov/vuln/detail/CVE-2020-10704),[ CVE-2020-10745](https://nvd.nist.gov/vuln/detail/CVE-2020-10745),[ CVE-2019-3880](https://nvd.nist.gov/vuln/detail/CVE-2019-3880),[ CVE-2019-10218](https://nvd.nist.gov/vuln/detail/CVE-2019-10218))<br>* shadow ([CVE-2019-19882](https://nvd.nist.gov/vuln/detail/CVE-2019-19882))<br>* sssd ([CVE-2018-16883](https://nvd.nist.gov/vuln/detail/CVE-2018-16883),[ CVE-2019-3811](https://nvd.nist.gov/vuln/detail/CVE-2019-3811),[ CVE-2018-16838](https://nvd.nist.gov/vuln/detail/CVE-2018-16838))<br>* trousers ([CVE-2020-24330](https://nvd.nist.gov/vuln/detail/CVE-2020-24330),[ CVE-2020-24331](https://nvd.nist.gov/vuln/detail/CVE-2020-24331))<br>* cifs-utils ([CVE-2020-14342](https://nvd.nist.gov/vuln/detail/CVE-2020-14342))<br>* ntp ([CVE-2020-11868](https://nvd.nist.gov/vuln/detail/CVE-2020-11868),[ CVE-2020-13817](https://nvd.nist.gov/vuln/detail/CVE-2020-13817),[ CVE-2018-8956](https://nvd.nist.gov/vuln/detail/CVE-2018-8956),[ CVE-2020-15025](https://nvd.nist.gov/vuln/detail/CVE-2020-15025))<br>* bzip2 ([CVE-2019-12900](https://nvd.nist.gov/vuln/detail/CVE-2019-12900))<br>* c-ares ([CVE-2017-1000381](https://nvd.nist.gov/vuln/detail/CVE-2017-1000381))<br>* file ([CVE-2019-18218](https://nvd.nist.gov/vuln/detail/CVE-2019-18218))<br>* json-c ([CVE-2020-12762](https://nvd.nist.gov/vuln/detail/CVE-2020-12762))<br>* jq ([CVE-2015-8863](https://nvd.nist.gov/vuln/detail/CVE-2015-8863), [CVE-2016-4074](https://nvd.nist.gov/vuln/detail/CVE-2016-4074))<br>* libuv ([CVE-2020-8252](https://nvd.nist.gov/vuln/detail/CVE-2020-8252))<br>* libxml2 ([CVE-2019-20388](https://nvd.nist.gov/vuln/detail/CVE-2019-20388), [CVE-2020-7595](https://nvd.nist.gov/vuln/detail/CVE-2020-7595))<br>* re2c ([CVE-2020-11958](https://nvd.nist.gov/vuln/detail/CVE-2020-11958))<br>* tar ([CVE-2019-9923](https://nvd.nist.gov/vuln/detail/CVE-2019-9923))<br>* sqlite ([CVE-2020-11656](https://nvd.nist.gov/vuln/detail/CVE-2020-11656), [CVE-2020-9327](https://nvd.nist.gov/vuln/detail/CVE-2020-9327), [CVE-2020-11655](https://nvd.nist.gov/vuln/detail/CVE-2020-11655), [CVE-2020-13630](https://nvd.nist.gov/vuln/detail/CVE-2020-13630), [CVE-2020-13435](https://nvd.nist.gov/vuln/detail/CVE-2020-13435), [CVE-2020-13434](https://nvd.nist.gov/vuln/detail/CVE-2020-13434), [CVE-2020-13631](https://nvd.nist.gov/vuln/detail/CVE-2020-13631), [CVE-2020-13632](https://nvd.nist.gov/vuln/detail/CVE-2020-13632), [CVE-2020-15358](https://nvd.nist.gov/vuln/detail/CVE-2020-15358))<br>* tcpdump and pcap ([CVE-2018-10103](https://nvd.nist.gov/vuln/detail/CVE-2018-10103), [CVE-2018-10105](https://nvd.nist.gov/vuln/detail/CVE-2018-10105), [CVE-2019-15163](https://nvd.nist.gov/vuln/detail/CVE-2019-15163), [CVE-2018-14461](https://nvd.nist.gov/vuln/detail/CVE-2018-14461), [CVE-2018-14462](https://nvd.nist.gov/vuln/detail/CVE-2018-14462), [CVE-2018-14463](https://nvd.nist.gov/vuln/detail/CVE-2018-14463), [CVE-2018-14464](https://nvd.nist.gov/vuln/detail/CVE-2018-14464), [CVE-2018-14465](https://nvd.nist.gov/vuln/detail/CVE-2018-14465), [CVE-2018-14466](https://nvd.nist.gov/vuln/detail/CVE-2018-14466), [CVE-2018-14467](https://nvd.nist.gov/vuln/detail/CVE-2018-14467), [CVE-2018-14468](https://nvd.nist.gov/vuln/detail/CVE-2018-14468), [CVE-2018-14469](https://nvd.nist.gov/vuln/detail/CVE-2018-14469), [CVE-2018-14470](https://nvd.nist.gov/vuln/detail/CVE-2018-14470), [CVE-2018-14880](https://nvd.nist.gov/vuln/detail/CVE-2018-14880), [CVE-2018-14881](https://nvd.nist.gov/vuln/detail/CVE-2018-14881), [CVE-2018-14882](https://nvd.nist.gov/vuln/detail/CVE-2018-14882), [CVE-2018-16227](https://nvd.nist.gov/vuln/detail/CVE-2018-16227), [CVE-2018-16228](https://nvd.nist.gov/vuln/detail/CVE-2018-16228), [CVE-2018-16229](https://nvd.nist.gov/vuln/detail/CVE-2018-16229), [CVE-2018-16230](https://nvd.nist.gov/vuln/detail/CVE-2018-16230), [CVE-2018-16300](https://nvd.nist.gov/vuln/detail/CVE-2018-16300), [CVE-2018-16451](https://nvd.nist.gov/vuln/detail/CVE-2018-16451), [CVE-2018-16452](https://nvd.nist.gov/vuln/detail/CVE-2018-16452), [CVE-2019-15166](https://nvd.nist.gov/vuln/detail/CVE-2019-15166), [CVE-2018-14879](https://nvd.nist.gov/vuln/detail/CVE-2018-14879), [CVE-2017-16808](https://nvd.nist.gov/vuln/detail/CVE-2017-16808), [CVE-2018-19519](https://nvd.nist.gov/vuln/detail/CVE-2018-19519), [CVE-2019-15161](https://nvd.nist.gov/vuln/detail/CVE-2019-15161), [CVE-2019-15165](https://nvd.nist.gov/vuln/detail/CVE-2019-15165), [CVE-2019-15164](https://nvd.nist.gov/vuln/detail/CVE-2019-15164), [CVE-2019-1010220](https://nvd.nist.gov/vuln/detail/CVE-2019-1010220))<br>* libbsd ([CVE-2019-20367](https://nvd.nist.gov/vuln/detail/CVE-2019-20367))<br>* rsync and zlib ([CVE-2016-9840](https://nvd.nist.gov/vuln/detail/CVE-2016-9840), [CVE-2016-9841](https://nvd.nist.gov/vuln/detail/CVE-2016-9841), [CVE-2016-9842](https://nvd.nist.gov/vuln/detail/CVE-2016-9842), [CVE-2016-9843](https://nvd.nist.gov/vuln/detail/CVE-2016-9843))<br><br>Bug fixes<br><br>* Added systemd-tmpfiles directives for /opt and /opt/bin to ensure that the folders have correct permissions even when /opt/ was once created by containerd ([Flatcar#279](https://github.com/kinvolk/Flatcar/issues/279))<br>* Make the automatic filesystem resizing more robust against a race and add more logging ([kinvolk/init#31](https://github.com/kinvolk/init/pull/31))<br>* Allow inactive network interfaces to be bound to a bonding interface, by encoding additional configuration for systemd-networkd-wait-online ([afterburn PR #10](https://github.com/flatcar/afterburn/pull/10))<br>* Do not configure ccache in Jenkins ([scripts PR #100](https://github.com/flatcar/scripts/pull/100))<br>* Azure: Exclude bonded SR-IOV network interfaces with newer drivers from networkd (in addition to the old drivers) to prevent them being configured instead of just the bond interface ([init PR#29](https://github.com/flatcar/init/pull/29),[ bootengine PR#19](https://github.com/flatcar/bootengine/pull/19))<br><br>Changes:<br><br>* Update-engine now detects rollbacks and reports them as errors to the update server ([PR#6](https://github.com/flatcar/update_engine/pull/6))<br>* The zstd tools were added (version 1.4.4)<br>* The kernel config CONFIG_PSI was set to support[ Pressure Stall Information](https://www.kernel.org/doc/html/latest/accounting/psi.html), more information also under[ https://facebookmicrosites.github.io/psi/docs/overview](https://facebookmicrosites.github.io/psi/docs/overview) ([Flatcar#162](https://github.com/flatcar/Flatcar/issues/162))<br>* The kernel config CONFIG_BPF_JIT_ALWAYS_ON was set to use the BPF just-in-time compiler by default for faster execution<br>* The kernel config CONFIG_POWER_SUPPLY was set<br>* The kernel configs CONFIG_OVERLAY_FS_METACOPY and CONFIG_OVERLAY_FS_REDIRECT_DIR were set. With the first overlayfs will only copy up metadata when a metadata-specific operation like chown/chmod is performed. The full file will be copied up later when the file is opened for write operations. With the second, which is equivalent to setting "redirect_dir=on" in the kernel command-line, overlayfs will copy up the directory first before the actual content ([Flatcar#170](https://github.com/kinvolk/Flatcar/issues/170)).<br>* Remove unnecessary kernel module nf-conntrack-ipv4 ([overlay PR#649](https://github.com/flatcar/coreos-overlay/pull/649))<br>* Compress kernel modules with xz ([overlay PR#628](https://github.com/flatcar/coreos-overlay/pull/628))<br>* Add containerd-runc-shim-v* binaries required by kubelet custom CRI endpoints ([overlay PR#623](https://github.com/flatcar/coreos-overlay/pull/623))<br>* Equinix Metal (Packet): Exclude unused network interfaces from networkd, disregard the state of the bonded interfaces for the network-online.target and only require the bond interface itself to have at least one active link instead of routable which requires both links to be active ([afterburn PR#10](https://github.com/flatcar/afterburn/pull/10))<br>* QEMU: Use flatcar.autologin kernel command line parameter for auto login on the console ([Flatcar #71](https://github.com/flatcar/Flatcar/issues/71))<br><br>Updates:<br><br>* Linux ([5.4.81](https://lwn.net/Articles/838790/))<br>* Linux firmware ([20200918](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20200918))<br>* systemd ([246.6](https://github.com/systemd/systemd-stable/releases/tag/v246.6))<br>* glibc ([2.32](https://lwn.net/Articles/828210/))<br>* Docker ([19.03.14](https://github.com/docker/docker-ce/releases/tag/v19.03.14))<br>* containerd ([1.4.3](https://github.com/containerd/containerd/releases/tag/v1.4.3))<br>* tini[ (0.18](https://github.com/krallin/tini/releases/tag/v0.18.0))<br>* libseccomp[ (2.5.0](https://github.com/seccomp/libseccomp/releases/tag/v2.5.0))<br>* audit[ (2.8.5](https://github.com/linux-audit/audit-userspace/releases/tag/v2.8.5))<br>* bzip2 ([1.0.8](https://sourceware.org/git/?p=bzip2.git;a=blob;f=CHANGES;h=30afead2586b6d64f50988a41d394a0131b38949;hb=HEAD#l342))<br>* c-ares[ (1.61.1](https://github.com/c-ares/c-ares/releases/tag/cares-1_16_1))<br>* cryptsetup[ (2.3.2](https://gitlab.com/cryptsetup/cryptsetup/-/tags/v2.3.2))<br>* cifs-utils (6.11)<br>* dbus-glib (0.110)<br>* dracut[ (050](https://github.com/dracutdevs/dracut/releases/tag/050))<br>* elfutils (0.178)<br>* glib (2.64.5)<br>* json-c[ (0.15](https://github.com/json-c/json-c/releases/tag/json-c-0.15-20200726))<br>* jq ([1.6](https://github.com/stedolan/jq/releases/tag/jq-1.6))<br>* libuv[ (1.39.0](https://github.com/libuv/libuv/releases/tag/v1.39.0))<br>* libxml2[ (2.9.10](https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.9.10))<br>* ntp (4.2.8_p15)<br>* open-iscsi (2.1.2)<br>* samba (4.11.13)<br>* shadow (4.8)<br>* sssd (2.3.1)<br>* strace (5.9)<br>* talloc (2.3.1)<br>* tar[ (1.32](https://git.savannah.gnu.org/cgit/tar.git/tag/?h=release_1_32))<br>* tdb (1.4.3)<br>* tevent (0.10.2)<br>* SDK/developer container: GCC (9.3.0), binutils (2.35), gdb (9.2)<br>* Go ([1.15.5](https://go.googlesource.com/go/+/refs/tags/go1.15.5), [1.12.17](https://go.googlesource.com/go/+/refs/tags/go1.12.17)) (only in SDK)<br>* Rust ([1.46.0](https://blog.rust-lang.org/2020/08/27/Rust-1.46.0.html)) (only in SDK)<br>* file ([5.39](https://github.com/file/file/tree/FILE5_39)) (only in SDK)<br>* gdbus-codegen ([2.64.5](https://gitlab.gnome.org/GNOME/glib/-/tags/2.64.5)) (only in SDK)<br>* meson ([0.55.3](https://github.com/mesonbuild/meson/releases/tag/0.55.3)) (only in SDK)<br>* re2c ([2.0.3](https://re2c.org/releases/release_notes.html#release-2-0-3)) (only in SDK)<br>* VMware: open-vm-tools (11.2.0)<br>Packages:<br>- docker 19.03.14<br>- ignition 0.34.0<br>- kernel 5.4.81<br>- systemd 246<br><br>Architectures:<br>- amd64<br> 2020-12-07T14:03:56+00:00 @@ -398,7 +406,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2605.8.0 2605.8.0 - 2023-10-25T10:20:44.800388+00:00 + 2023-11-22T09:59:34.722633+00:00 Security fixes:<br><br>* Linux - [CVE-2020-27673](https://nvd.nist.gov/vuln/detail/CVE-2020-27673), [CVE-2020-27675](https://nvd.nist.gov/vuln/detail/CVE-2020-27675)<br><br>Bug fixes:<br><br>* network: Restore KeepConfiguration=dhcp-on-stop ([kinvolk/init#30](https://github.com/kinvolk/init/pull/30))<br>* systemd-stable-245.8: ingest latest fixes on top of upstream release ([#1](https://github.com/kinvolk/systemd/commit/261680bc0ea61777ac22ea1c42b0d728ec52ae14), [#2](https://github.com/kinvolk/systemd/commit/b2b382820bcfc166d048b85aadd90f5cf71c7a4a), [#3](https://github.com/kinvolk/systemd/commit/711ca814c9f2e81d3d25ebbed0b837b7d4fbbeda))<br><br>Updates:<br><br>* Linux ([5.4.77](https://lwn.net/Articles/836795/))<br>* systemd ([245.8](https://github.com/systemd/systemd-stable/releases/tag/v245.8))<br>Packages:<br>- docker 19.03.12<br>- ignition 0.34.0<br>- kernel 5.4.77<br>- systemd 245<br><br>Architectures:<br>- amd64<br> 2020-11-19T15:40:47+00:00 @@ -406,7 +414,7 @@ https://github.com/flatcar/manifest/releases/tag/v2605.7.0 2605.7.0 - 2023-10-25T10:20:44.795751+00:00 + 2023-11-22T09:59:34.717892+00:00 Security fixes:<br><br>- Linux - [CVE-2020-25645](https://nvd.nist.gov/vuln/detail/CVE-2020-25645), [CVE-2020-25643](https://nvd.nist.gov/vuln/detail/CVE-2020-25643), [CVE-2020-25211](https://nvd.nist.gov/vuln/detail/CVE-2020-25211)<br><br>Bug fixes:<br><br>- Ensured that the `/etc/coreos` to `/etc/flatcar` symlink always exists, relevant for the Container Linux Config transpiler (ct) when specifying directives for `update:` or `locksmith:` while also reformatting the rootfs ([baselayout PR#7](https://github.com/flatcar/baselayout/pull/7))<br><br>Updates:<br><br>- Linux [5.4.72](https://lwn.net/Articles/834537/)<br>Packages:<br>- docker 19.03.12<br>- ignition 0.34.0<br>- kernel 5.4.72<br>- systemd 245<br><br>Architectures:<br>- amd64<br> 2020-10-28T14:35:36+00:00 @@ -414,7 +422,7 @@ https://github.com/flatcar/manifest/releases/tag/v2605.6.0 2605.6.0 - 2023-10-25T10:20:44.791155+00:00 + 2023-11-22T09:59:34.713247+00:00 Bug fixes:<br>- Enabled missing systemd services ([#191](https://github.com/flatcar/Flatcar/issues/191), [PR #612](https://github.com/flatcar/coreos-overlay/pull/612))<br>- Fixed Docker torcx image unpacking error on machines with less than ~600 MB total RAM ([#32](https://github.com/flatcar/Flatcar/issues/32))<br>- Solved adcli Kerberos Active Directory incompatibility ([#194](https://github.com/flatcar/Flatcar/issues/194))<br>- Fixed the makefile path when building kernel modules with the developer container ([#195](https://github.com/flatcar/Flatcar/issues/195))<br>- Removed the `/etc/portage/savedconfig/` folder that contained a dump of the firmware config [flatcar-linux/coreos-overlay#613](https://github.com/flatcar/coreos-overlay/pull/613)<br><br>Changes:<br><br>- GCE: Improved oslogin support and added shell aliases to run a Python Docker image ([PR #592](https://github.com/flatcar/coreos-overlay/pull/592))<br><br>Updates:<br><br>- Linux [5.4.67](https://lwn.net/Articles/832306/)<br>- adcli [0.9.0](https://cgit.freedesktop.org/realmd/adcli/tree/NEWS?h=0.9.0)<br>- GCE: oslogin [20200910.00](https://github.com/GoogleCloudPlatform/guest-oslogin/releases/tag/20200910.00)<br>Packages:<br>- docker 19.03.12<br>- ignition 0.34.0<br>- kernel 5.4.67<br>- systemd 245<br><br>Architectures:<br>- amd64<br> 2020-09-30T12:21:16+00:00 @@ -422,7 +430,7 @@ https://github.com/flatcar/manifest/releases/tag/v2605.5.0 2605.5.0 - 2023-10-25T10:20:44.786053+00:00 + 2023-11-22T09:59:34.708127+00:00 Security fixes:<br>- Linux kernel [CVE-2020-14390](https://www.openwall.com/lists/oss-security/2020/09/15/2) and the unassigned [similar bug](https://www.openwall.com/lists/oss-security/2020/09/16/1)<br>- Linux kernel [CVE-2020-25284](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25284)<br><br><br>Updates:<br><br>- Linux [5.4.66](https://lwn.net/Articles/831752/)<br><br>Packages:<br>- docker 19.03.12<br>- ignition 0.34.0<br>- kernel 5.4.66<br>- rkt 1.30.0<br>- systemd 245<br><br>Architectures:<br>- amd64<br> 2020-09-22T08:20:39+00:00 @@ -430,7 +438,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2605.12.0 2605.12.0 - 2023-10-25T10:20:44.781553+00:00 + 2023-11-22T09:59:34.703535+00:00 **Security fixes**<br><br>* linux - [CVE-2020-28374](https://nvd.nist.gov/vuln/detail/CVE-2020-28374), [CVE-2020-36158](https://nvd.nist.gov/vuln/detail/CVE-2020-36158)<br>* go - [CVE-2021-3114](https://github.com/golang/go/issues/43786)<br>* sudo - [CVE-2021-3156](https://nvd.nist.gov/vuln/detail/CVE-2021-3156), [CVE-2021-23239](https://nvd.nist.gov/vuln/detail/CVE-2021-23239)<br><br>**Bug fixes**<br><br>* `/etc/iscsi/initiatorname.iscsi` is generated by the iscsi-init service ([#321](https://github.com/kinvolk/Flatcar/issues/321))<br>* Prevent iscsiadm buffer overflow ([#318](https://github.com/kinvolk/Flatcar/issues/318))<br><br>**Changes**<br><br>* Revert to building docker and containerd with go1.13 instead of go1.15. This reduces the SIGURG log spam ([Issue #315](https://github.com/kinvolk/Flatcar/issues/315) [PR #774](https://github.com/kinvolk/coreos-overlay/pull/774))<br>* The containerd socket is now available in the default location (`/run/containerd/containerd.sock`) and also as a symlink in the previous location (`/run/docker/libcontainerd/docker-containerd.sock`) ([#771](https://github.com/kinvolk/coreos-overlay/pull/771))<br>* With the iscsi update, the service unit has changed from iscsid to iscsi ([#791](https://github.com/kinvolk/coreos-overlay/pull/791))<br>* AWS Pro: include scripts to facilitate setup of EKS workers ([#794](https://github.com/kinvolk/coreos-overlay/pull/794)).<br>* Missed from earlier notes: with the previous open-iscsi update to 2.1.2, the service unit name changed from iscsid to iscsi ([#682](https://github.com/kinvolk/coreos-overlay/pull/682))<br><br>**Updates**<br><br>* linux ([5.4.92](https://lwn.net/Articles/843687/))<br>* open-iscsi ([2.1.3](https://github.com/open-iscsi/open-iscsi/releases/tag/2.1.3))<br>* go ([1.15.7](https://go.googlesource.com/go/+/refs/tags/go1.15.7))<br>* sudo ([1.9.5p2](https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_5p2))<br>Packages:<br>- docker 19.03.14<br>- ignition 0.34.0<br>- kernel 5.4.92<br>- systemd 246<br><br>Architectures:<br>- amd64<br> 2021-01-28T11:02:10+00:00 @@ -438,7 +446,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2605.11.0 2605.11.0 - 2023-10-25T10:20:44.776008+00:00 + 2023-11-22T09:59:34.697889+00:00 **Security fixes**<br><br> * Linux<br> - [CVE-2020-27815](https://www.openwall.com/lists/oss-security/2020/11/30/5)<br> - [CVE-2020-29568](https://nvd.nist.gov/vuln/detail/CVE-2020-29568)<br> - [CVE-2020-29569](https://nvd.nist.gov/vuln/detail/CVE-2020-29569)<br><br>**Bug fixes**<br><br>* networkd: avoid managing MAC addresses for veth devices ([kinvolk/init#33](https://github.com/kinvolk/init/pull/33))<br><br>**Updates**<br><br>* Linux ([5.4.87](https://lwn.net/Articles/841900/))<br><br>Packages:<br>- docker 19.03.14<br>- ignition 0.34.0<br>- kernel 5.4.87<br>- systemd 246<br><br>Architectures:<br>- amd64<br> 2021-01-12T16:59:40+00:00 @@ -446,7 +454,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2605.10.0 2605.10.0 - 2023-10-25T10:20:44.771475+00:00 + 2023-11-22T09:59:34.693334+00:00 Security fixes:<br><br>* Linux [CVE-2020-29661](https://nvd.nist.gov/vuln/detail/CVE-2020-29661), [CVE-2020-29660](https://nvd.nist.gov/vuln/detail/CVE-2020-29660), [CVE-2020-27830](https://nvd.nist.gov/vuln/detail/CVE-2020-27830), [CVE-2020-28588](https://nvd.nist.gov/vuln/detail/CVE-2020-28588)<br><br>Bug fixes:<br><br>* The sysctl `net.ipv4.conf.*.rp_filter` is set to `0` for the Cilium CNI plugin to work ([Flatcar#181](https://github.com/kinvolk/Flatcar/issues/181))<br>* Package downloads in the developer container now use the correct URL again ([Flatcar#298](https://github.com/kinvolk/Flatcar/issues/298))<br><br>Changes:<br><br>* The sysctl default config file is now applied under the prefix 60 which allows for custom sysctl config files to take effect when they start with a prefix of 70, 80, or 90 ([baselayout#13](https://github.com/kinvolk/baselayout/pull/13))<br>* Containerd CRI plugin got enabled by default, only the containerd socket path needs to be specified as kubelet parameter for Kubernetes 1.20 to use containerd instead of Docker ([Flatcar#283](https://github.com/kinvolk/Flatcar/issues/283))<br>* For users with a custom update server a machine alias setting in update-engine allows to give human-friendly names to client instances ([update-engine#8](https://github.com/kinvolk/update_engine/pull/8))<br><br>Updates:<br><br>* Linux ([5.4.83](https://lwn.net/Articles/839875/))<br><br>Packages:<br>- docker 19.03.14<br>- ignition 0.34.0<br>- kernel 5.4.83<br>- systemd 246<br><br>Architectures:<br>- amd64<br> 2020-12-16T12:01:04+00:00 @@ -454,7 +462,7 @@ https://github.com/flatcar/manifest/releases/tag/v2512.5.0 2512.5.0 - 2023-10-25T10:20:44.766227+00:00 + 2023-11-22T09:59:34.687997+00:00 Changes:<br>- Update public key to include a [new subkey](https://www.flatcar-linux.org/security/image-signing-key/)<br><br>Updates:<br>- Linux [4.19.145](https://lwn.net/Articles/831367/)<br><br>Packages:<br>- docker 18.06.3<br>- ignition 0.34.0<br>- kernel 4.19.145<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2020-09-16T06:12:05+00:00 @@ -462,7 +470,7 @@ https://github.com/flatcar/manifest/releases/tag/v2512.4.0 2512.4.0 - 2023-10-25T10:20:44.761873+00:00 + 2023-11-22T09:59:34.683563+00:00 Security fixes:<br>- Linux kernel: Fix AF_PACKET overflow in tpacket_rcv [CVE-2020-14386](https://seclists.org/oss-sec/2020/q3/146)<br><br>Updates:<br>- Linux [4.19.143](https://lwn.net/Articles/830503/)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.34.0<br>- kernel 4.19.143<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2020-09-07T15:38:48+00:00 @@ -470,7 +478,7 @@ https://github.com/flatcar/manifest/releases/tag/v2512.3.0 2512.3.0 - 2023-10-25T10:20:44.757479+00:00 + 2023-11-22T09:59:34.679086+00:00 Security fixes:<br><br>* Bind: fixes for [CVE-2020-8616](https://nvd.nist.gov/vuln/detail/CVE-2020-8616), [CVE-2020-8617](https://nvd.nist.gov/vuln/detail/CVE-2020-8617), [CVE-2020-8620](https://nvd.nist.gov/vuln/detail/CVE-2020-8620), [CVE-2020-8621](https://nvd.nist.gov/vuln/detail/CVE-2020-8621), [CVE-2020-8622](https://nvd.nist.gov/vuln/detail/CVE-2020-8622), [CVE-2020-8623](https://nvd.nist.gov/vuln/detail/CVE-2020-8623), [CVE-2020-8624](https://nvd.nist.gov/vuln/detail/CVE-2020-8624)<br><br>Bug fixes:<br><br>* The static IP address configuration in the initramfs works again in the format `ip=<ip>::<gateway>:<netmask>:<hostname>:<iface>:none[:<dns1>[:<dns2>]]` ([flatcar-linux/bootengine#15](https://github.com/flatcar/bootengine/pull/15))<br>* app-admin/{kubelet, etcd, flannel}-wrapper: don't overwrite the user supplied –insecure-options argument ([flatcar-linux/coreos-overlay#426](https://github.com/flatcar/coreos-overlay/pull/426))<br>* etcd-wrapper: Adjust data dir permissions ([flatcar-linux/coreos-overlay#536](https://github.com/flatcar/coreos-overlay/pull/536))<br><br>Changes:<br><br>* Vultr support in Ignition ([flatcar-linux/ignition#13](https://github.com/flatcar/ignition/pull/13))<br>* VMware OVF settings default to ESXi 6.5 and Linux 3.x<br><br>Updates:<br><br>* Linux [4.19.140](https://lwn.net/Articles/829107/)<br>* bind-tools [9.11.22](https://ftp.isc.org/isc/bind9/cur/9.11/RELEASE-NOTES-bind-9.11.22.txt)<br>* etcd-wrapper [3.3.24](https://github.com/etcd-io/etcd/releases/tag/v3.3.24)<br>* Git [2.26.2](https://raw.githubusercontent.com/git/git/v2.26.2/Documentation/RelNotes/2.26.2.txt)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.34.0<br>- kernel 4.19.140<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2020-08-20T21:44:54+00:00 @@ -478,7 +486,7 @@ https://github.com/flatcar/manifest/releases/tag/v2512.2.1 2512.2.1 - 2023-10-25T10:20:44.752185+00:00 + 2023-11-22T09:59:34.673759+00:00 ## Flatcar updates<br><br>Security fixes:<br>- Fix the Intel Microcode vulnerabilities ([CVE-2020-0543](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0543))<br><br>Changes:<br>- A source code and licensing overview is available under `/usr/share/licenses/INFO`<br><br>Updates:<br>- Linux [4.19.128](https://lwn.net/Articles/822841/)<br>- intel-microcode [20200609](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20200609)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.34.0<br>- kernel 4.19.128<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2020-06-17T15:45:35+00:00 @@ -486,7 +494,7 @@ https://github.com/flatcar/manifest/releases/tag/v2512.2.0 2512.2.0 - 2023-10-25T10:20:44.747604+00:00 + 2023-11-22T09:59:34.669086+00:00 ## Flatcar updates<br><br>Security fixes:<br>- Fix e2fsprogs arbitrary code execution via crafted filesystem ([CVE-2019-5094](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094))<br>- Fix Git arbitrary path overwrite, credential leak from credential helpers, remote code execution in recursive clones, and arbitrary command execution via submodules ([CVE-2019-1348](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1348), [CVE-2019-1387](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1387), [CVE-2019-19604](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19604), [CVE-2020-11008](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11008), [CVE-2020-5260](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5260))<br>- Fix libarchive crash or use-after-free via crafted RAR file ([CVE-2019-18408](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18408), [CVE-2020-9308](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9308))<br>- Fix libgcrypt ECDSA timing attack ([CVE-2019-13627](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13627))<br>- Fix libidn2 domain impersonation ([CVE-2019-12290](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12290))<br>- Fix NSS crashes and heap corruption ([CVE-2017-11695](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11695), [CVE-2017-11696](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11696), [CVE-2017-11697](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11697), [CVE-2017-11698](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11698), [CVE-2018-18508](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18508), [CVE-2019-11745](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745))<br>- Fix OpenSSL overflow in Montgomery squaring procedure ([CVE-2019-1551](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551))<br>- Fix SQLite crash and heap corruption ([CVE-2019-16168](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16168), [CVE-2019-5827](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5827))<br>- Fix unzip heap overflow or excessive resource consumption via crafted archive ([CVE-2018-1000035](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000035), [CVE-2019-13232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13232))<br>- Fix vim arbitrary command execution via crafted file ([CVE-2019-12735](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12735))<br><br>Bug fixes:<br>- When writing the update kernel, prefer `/boot/coreos` only if `/boot/coreos/vmlinux-*` exists (https://github.com/flatcar/update_engine/pull/5)<br>- Fixed sysroot-boot initramfs service race which resulted in a warning that this service failed<br>- Use the correct `BINHOST` URLs in the development container to download binary packages<br><br>Changes:<br>- Support the CoreOS GRUB `/boot/coreos/first_boot` flag file (https://github.com/flatcar/bootengine/pull/13)<br>- Fetch container images in docker format rather than ACI by default in `etcd-member.service`, `flanneld.service`, and `kubelet-wrapper`<br>- Use `flatcar.autologin` kernel command line parameter on Azure and VMware for auto login on the serial console<br>- Include `conntrack` ([conntrack-tools](http://conntrack-tools.netfilter.org/))<br>- Include `journalctl` output, `pstore` kernel crash logs, and `coredumpctl list` output in the `mayday` report<br>- Update wa-linux-agent to 2.2.46 on Azure<br>- Support both `coreos.config.*` and `flatcar.config.*` guestinfo variables on VMware OEM<br><br>Updates:<br>- e2fsprogs [1.45.5](http://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.45.5)<br>- etcd [3.3.20](https://github.com/etcd-io/etcd/releases/tag/v3.3.20)<br>- etcdctl [3.3.20](https://github.com/etcd-io/etcd/releases/tag/v3.3.20)<br>- Git [2.24.1](https://raw.githubusercontent.com/git/git/v2.24.1/Documentation/RelNotes/2.24.1.txt)<br>- Linux [4.19.124](https://lwn.net/Articles/820974/)<br>- OpenSSL [1.0.2u](https://www.openssl.org/news/openssl-1.0.2-notes.html)<br>- vim [8.2.0360](http://ftp.vim.org/pub/vim/patches/8.2/README)<br><br>Packages:<br>- docker 18.06.3<br>- ignition 0.34.0<br>- kernel 4.19.124<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2020-05-26T16:58:25+00:00 @@ -494,7 +502,7 @@ https://github.com/flatcar/manifest/releases/tag/v2345.3.1 2345.3.1 - 2023-10-25T10:20:44.740478+00:00 + 2023-11-22T09:59:34.662011+00:00 ## Flatcar updates<br><br>Bug fixes:<br><br>- Use newest network interface naming scheme (https://github.com/flatcar/Flatcar/issues/36)<br> - It is a possible breaking change for some persistent network interface names<br>- Fix URL scheme in emerge-gitclone (https://github.com/flatcar/coreos-overlay/issues/223)<br>- Fix coreos-cloudinit variable names (https://github.com/flatcar/coreos-overlay/pull/206)<br>- Prefer /boot/coreos to write updates (https://github.com/flatcar/update_engine/pull/2)<br>- Remove /boot/coreos/first_boot after a Ignition rerun on migration (https://github.com/flatcar/bootengine/pull/10)<br>- Support coreos.config.url as kernel command line parameter for Ignition (https://github.com/flatcar/ignition/pull/10)<br><br>Changes:<br><br>- Add kernel config for QEDE driver (https://github.com/flatcar/coreos-overlay/pull/198)<br>- Add `tracepath` alongside `traceroute6` (https://github.com/flatcar/Flatcar/issues/50)<br><br>Updates:<br><br>- Linux [4.19.107](https://lwn.net/Articles/813602/)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.34.0<br>- kernel 4.19.107<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2020-03-31T16:25:06+00:00 @@ -502,7 +510,7 @@ https://github.com/flatcar/manifest/releases/tag/v2345.3.0 2345.3.0 - 2023-10-25T10:20:44.735458+00:00 + 2023-11-22T09:59:34.656803+00:00 ## Flatcar updates<br>Bug fixes:<br>- Enable persistent network interface names already in the initramfs to fix https://github.com/coreos/bugs/issues/1767<br>- Fix backwards compatibility issues for users to migrate from CoreOS Container Linux. Support the kernel command line parameters `coreos.oem.*`, `coreos.autologin`, `coreos.first_boot`, and the QEMU firmware config path `opt/com.coreos/config` (https://github.com/flatcar/Flatcar/issues/16 https://github.com/flatcar/afterburn/pull/7 https://github.com/flatcar/bootengine/pull/7 https://github.com/flatcar/bootengine/pull/8 https://github.com/flatcar/init/pull/16 https://github.com/flatcar/init/pull/17 https://github.com/flatcar/ignition/pull/8)<br><br>## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2345.3.0)<br>Security fixes:<br>- Fix systemd use-after-free upon receiving crafted D-Bus message from local unprivileged attacker [CVE-2020-1712](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1712)<br>- Fix heap-based buffer over-read in libexpat ([CVE-2019-15903](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903))<br>- Fix multiple Git [vulnerabilities](https://marc.info/?l=git&m=157600115215285&w=2) ([CVE-2019-1348](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1348), [CVE-2019-1349](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1349), [CVE-2019-1350](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1350), [CVE-2019-1351](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1351), [CVE-2019-1352](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1352), [CVE-2019-1353](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1353), [CVE-2019-1354](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1354), [CVE-2019-1387](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1387), [CVE-2019-19604](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19604))<br>- Fix curl Kerberos FTP double free ([CVE-2019-5481](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5481))<br> - Fix curl TFTP buffer overflow with non-default block size ([CVE-2019-5482](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5482))<br> - Fix OpenSSL key extraction attacks under non-default conditions ([CVE-2019-1563](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563), [CVE-2019-1547](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1547))<br><br>Updates:<br><br>- Git [2.24.1](https://github.com/git/git/blob/master/Documentation/RelNotes/2.24.1.txt)<br>- Linux [4.19.106](https://lwn.net/Articles/813157/)<br>- OpenSSL [1.0.2t](https://www.openssl.org/news/cl102.txt)<br>- curl [7.66.0](https://curl.haxx.se/mail/archive-2019-09/0002.html)<br>- etcd [3.3.18](https://github.com/etcd-io/etcd/releases/tag/v3.3.18)<br>- expat [2.2.8](https://github.com/libexpat/libexpat/releases/tag/R_2_2_8)<br><br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.106<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2020-03-02T14:03:06+00:00 @@ -510,7 +518,7 @@ https://github.com/flatcar/manifest/releases/tag/v2303.4.0 2303.4.0 - 2023-10-25T10:20:44.729363+00:00 + 2023-11-22T09:59:34.650564+00:00 ## Flatcar updates<br><br>Bug fixes:<br>- Fix DNS resolution for the GCE metadata server (https://github.com/flatcar/coreos-overlay/pull/160)<br>- Create symlink for /run/metadata/coreos (https://github.com/flatcar/coreos-overlay/pull/166)<br>- Create symlink for flatcar-install (https://github.com/flatcar/init/pull/14)<br><br>## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2303.4.0):<br><br>Updates:<br>- Linux [4.19.95](https://lwn.net/Articles/809258/)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.95<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2020-02-10T11:10:47+00:00 @@ -518,7 +526,7 @@ https://github.com/flatcar/manifest/releases/tag/v2303.3.1 2303.3.1 - 2023-10-25T10:20:44.724763+00:00 + 2023-11-22T09:59:34.645903+00:00 ## Flatcar updates<br><br>Bug fixes:<br><br>- Fix a bug when creating RAID0 arrays by setting the default layout (https://github.com/flatcar/baselayout/pull/2)<br>- Fix bug of unpacking tarballs failing when xattr is not supported (https://github.com/flatcar/torcx/pull/2)<br><br>Updates:<br><br>- ldb [1.3.6](https://gitlab.com/samba-team/samba/-/tags/ldb-1.3.6)<br>- samba [4.8.6](https://gitlab.com/samba-team/samba/-/tags/samba-4.8.6)<br>- talloc [2.1.11](https://gitlab.com/samba-team/samba/-/tags/talloc-2.1.11)<br>- tdb [1.3.15](https://gitlab.com/samba-team/samba/-/tags/tdb-1.3.15)<br>- tevent [0.9.37](https://gitlab.com/samba-team/samba/-/tags/tevent-0.9.37)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.86<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-12-18T09:49:23+00:00 @@ -526,7 +534,7 @@ https://github.com/flatcar/manifest/releases/tag/v2303.3.0 2303.3.0 - 2023-10-25T10:20:44.719978+00:00 + 2023-11-22T09:59:34.641080+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2303.3.0):<br><br>Updates:<br> - Linux [4.19.86](https://lwn.net/Articles/805531/)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.86<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-12-05T06:33:04+00:00 @@ -534,7 +542,7 @@ https://github.com/flatcar/manifest/releases/tag/v2247.7.0 2247.7.0 - 2023-10-25T10:20:44.715633+00:00 + 2023-11-22T09:59:34.636673+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2247.7.0):<br><br>Security fixes:<br><br>- Fix Intel CPU disclosure of memory to user process. Complete mitigation requires [manually disabling TSX or SMT](https://docs.flatcar-linux.org/os/disabling-smt/) on affected processors. ([CVE-2019-11135](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11135), [TAA](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00270.html))<br>- Fix Intel CPU denial of service by a malicious guest VM ([CVE-2018-12207](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12207))<br><br>Bug fixes:<br><br>- Fix CFS scheduler throttling highly-threaded I/O-bound applications ([#2623](https://github.com/coreos/bugs/issues/2623))<br><br>Updates:<br><br>- intel-microcode [20191115](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/blob/microcode-20191115/releasenote)<br>- Linux [4.19.84](https://lwn.net/Articles/804465/)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.84<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-11-21T09:27:14+00:00 @@ -542,7 +550,7 @@ https://github.com/flatcar/manifest/releases/tag/v2247.6.0 2247.6.0 - 2023-10-25T10:20:44.710749+00:00 + 2023-11-22T09:59:34.631717+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2247.6.0):<br><br>Bug fixes:<br><br>- Fix time zone for Brazil ([#2627](https://github.com/coreos/bugs/issues/2627))<br><br>Updates:<br><br>- timezone-data [2019c](http://mm.icann.org/pipermail/tz-announce/2019-September/000057.html)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.78<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-11-11T14:11:52+00:00 @@ -550,7 +558,7 @@ https://github.com/flatcar/manifest/releases/tag/v2247.5.0 2247.5.0 - 2023-10-25T10:20:44.706281+00:00 + 2023-11-22T09:59:34.627214+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2247.5.0):<br><br>No changes for stable promotion<br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.78<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-10-17T18:54:06+00:00 @@ -558,7 +566,7 @@ https://github.com/flatcar/manifest/releases/tag/v2191.5.0 2191.5.0 - 2023-10-25T10:20:44.701963+00:00 + 2023-11-22T09:59:34.622837+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2191.5.0):<br><br>Security fixes:<br><br>- Fix pam_systemd bug allowing authenticated remote users to perform polkit actions as if locally logged in ([CVE-2019-3842](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3842))<br>- Fix systemd-resolved bug allowing unprivileged users to change DNS settings ([CVE-2019-15718](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15718))<br><br>Bug fixes:<br><br>- Fix GCE agent crash loop in new installs ([#2608](https://github.com/coreos/bugs/issues/2608))<br><br>Updates:<br><br>- Linux [4.19.68](https://lwn.net/Articles/797250/)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.68<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-09-05T08:52:34+00:00 @@ -566,7 +574,7 @@ https://github.com/flatcar/manifest/releases/tag/v2191.4.1 2191.4.1 - 2023-10-25T10:20:44.697147+00:00 + 2023-11-22T09:59:34.618023+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2191.4.1):<br><br>Security fixes:<br>- Fix wget buffer overflow allowing arbitrary code execution ([CVE-2019-5953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5953))<br><br>Updates:<br>- Linux [4.19.66](https://lwn.net/Articles/795843/)<br>- wget [1.20.3](http://git.savannah.gnu.org/cgit/wget.git/tree/NEWS?h=v1.20.3&id=a220ead43505bc3e0ea8efb1572919111dbbf6dc#n8)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.66<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-08-30T07:36:13+00:00 @@ -574,7 +582,7 @@ https://github.com/flatcar/manifest/releases/tag/v2191.4.0 2191.4.0 - 2023-10-25T10:20:44.692641+00:00 + 2023-11-22T09:59:34.613451+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2191.4.0):<br><br>Security fixes:<br>- Use secure_getenv to fix a vulnerability around XDG_SEAT in pam_systemd (https://github.com/coreos/systemd/pull/118) ([CVE-2019-3842](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3842))<br><br>Updates:<br>- Linux [4.19.65](https://lwn.net/Articles/795525/)<br><br>## Flatcar updates<br><br>Bug fixes:<br>- Fix wrong key name for fw_cfg in ignition with QEMU (https://github.com/flatcar/ignition/issues/2)<br>- Get SELinux context included in torcx tarballs (https://github.com/flatcar/scripts/pull/16)<br>- Enable XattrPrivileged for untar to fix SELinux issue (https://github.com/flatcar/torcx/pull/1)<br><br>Changes:<br>- Add "-s" flag in flatcar-install to install to smallest disk (https://github.com/flatcar/init/pull/7)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.65<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-08-16T09:42:56+00:00 @@ -582,7 +590,7 @@ https://github.com/flatcar/manifest/releases/tag/v2135.6.0 2135.6.0 - 2023-10-25T10:20:44.687677+00:00 + 2023-11-22T09:59:34.608482+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2135.6.0):<br><br>- intel-microcode [20190618](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/blob/microcode-20190618/releasenote)<br>- Linux [4.19.56](https://lwn.net/Articles/792009/)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.56<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-08-01T09:14:26+00:00 @@ -590,7 +598,7 @@ https://github.com/flatcar/manifest/releases/tag/v2135.5.0 2135.5.0 - 2023-10-25T10:20:44.683278+00:00 + 2023-11-22T09:59:34.604029+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2135.5.0):<br><br>Bug fixes:<br><br> * Fix Ignition panic when no `guestinfo.(coreos|ignition).config` parameters are specified on VMware (coreos/ignition#821)<br><br>Updates:<br><br> * Ignition [0.33.0](https://github.com/coreos/ignition/releases/tag/v0.33.0)<br><br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.50<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-07-03T08:01:54+00:00 @@ -598,7 +606,7 @@ https://github.com/flatcar/manifest/releases/tag/v2135.4.0 2135.4.0 - 2023-10-25T10:20:44.678766+00:00 + 2023-11-22T09:59:34.599410+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2135.4.0):<br><br>No changes for stable promotion<br><br>Packages:<br>- docker 18.06.3<br>- ignition 0.32.0<br>- kernel 4.19.50<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-07-01T10:47:02+00:00 @@ -606,7 +614,7 @@ https://github.com/flatcar/manifest/releases/tag/v2079.6.0 2079.6.0 - 2023-10-25T10:20:44.674459+00:00 + 2023-11-22T09:59:34.595069+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2079.6.0):<br><br>Security fixes:<br><br>- Fix Linux TCP remotely-triggerable kernel panic and excessive resource consumption ([CVE-2019-11477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11477), [CVE-2019-11478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11478), [CVE-2019-11479](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11479))<br><br>Bug fixes:<br><br>- Fix invalid bzip2 compression of Container Linux release images ([#2589](https://github.com/coreos/bugs/issues/2589))<br>Packages:<br>- docker 18.06.3<br>- ignition 0.31.0<br>- kernel 4.19.43<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-06-19T08:15:07+00:00 @@ -614,7 +622,7 @@ https://github.com/flatcar/manifest/releases/tag/v2079.5.0 2079.5.0 - 2023-10-25T10:20:44.669818+00:00 + 2023-11-22T09:59:34.590361+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2079.5.0):<br><br>Bug fixes:<br>- Fix systemd `MountFlags=shared` option ([#2579](https://github.com/coreos/bugs/issues/2579))<br><br>Changes:<br>- Pin network interface naming to systemd v238 scheme ([#2578](https://github.com/coreos/bugs/issues/2578))<br>Packages:<br>- docker 18.06.3<br>- ignition 0.31.0<br>- kernel 4.19.43<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-06-06T08:49:52+00:00 @@ -622,7 +630,7 @@ https://github.com/flatcar/manifest/releases/tag/v2079.4.0 2079.4.0 - 2023-10-25T10:20:44.665375+00:00 + 2023-11-22T09:59:34.585842+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2079.4.0):<br><br>Security fixes:<br>- Fix Intel CPU disclosure of memory to user process. Complete mitigation requires [manually disabling SMT](https://docs.flatcar-linux.org/os/disabling-smt/) on affected processors. ([CVE-2019-11091](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11091), [CVE-2018-12126](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12126), [CVE-2018-12127](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12127), [CVE-2018-12130](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12130), [MDS](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html))<br><br>Updates:<br>- intel-microcode [20190514](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/blob/microcode-20190514/releasenote)<br>- Linux [4.19.43](https://lwn.net/Articles/788388/)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.31.0<br>- kernel 4.19.43<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-05-16T10:57:17+00:00 @@ -630,7 +638,7 @@ https://github.com/flatcar/manifest/releases/tag/v2079.3.2 2079.3.2 - 2023-10-25T10:20:44.660615+00:00 + 2023-11-22T09:59:34.581022+00:00 ## Flatcar updates<br><br>Bug fixes:<br><br>* Fix a regression from the latest hotfix builds, about [CROS_WORKON_COMMIT](https://github.com/flatcar/coreos-overlay/blob/60e44f23a1a5527cfa6bcbc978b1ffdef74e2e3f/coreos-base/coreos-metadata/coreos-metadata-9999.ebuild#L13) in [coreos-overlay](https://github.com/flatcar/coreos-overlay) <br><br>Packages:<br>- docker 18.06.3<br>- ignition 0.31.0<br>- kernel 4.19.34<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-04-26T07:43:52+00:00 @@ -638,7 +646,7 @@ https://github.com/flatcar/manifest/releases/tag/v2079.3.1 2079.3.1 - 2023-10-25T10:20:44.656139+00:00 + 2023-11-22T09:59:34.576507+00:00 ## Flatcar updates<br><br>Bug fixes:<br><br>* Fix a wrong vendor-specific string in [CMDLINE_OEM_FLAG](https://github.com/flatcar/afterburn/blob/f4f0adc6a96a1ba77a0f87b612ecdf21782aa8c6/src/main.rs#L60) in [afterburn](https://github.com/flatcar/afterburn) <br><br><br>Packages:<br>- docker 18.06.3<br>- ignition 0.31.0<br>- kernel 4.19.34<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-04-25T10:05:40+00:00 @@ -646,7 +654,7 @@ https://github.com/flatcar/manifest/releases/tag/v2079.3.0 2079.3.0 - 2023-10-25T10:20:44.651743+00:00 + 2023-11-22T09:59:34.571999+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2079.3.0):<br><br>No changes for stable promotion<br>Packages:<br>- docker 18.06.3<br>- ignition 0.31.0<br>- kernel 4.19.34<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-04-24T10:00:10+00:00 @@ -654,7 +662,7 @@ https://github.com/flatcar/manifest/releases/tag/v2023.5.0 2023.5.0 - 2023-10-25T10:20:44.647440+00:00 + 2023-11-22T09:59:34.567611+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2023.5.0):<br><br>Security fixes:<br>- Fix systemd crash from a specially-crafted D-Bus message ([CVE-2019-6454](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6454))<br><br>Bug fixes:<br>- Fix systemd-journald memory leak ([#2564](https://github.com/coreos/bugs/issues/2564))<br><br>Updates:<br>- Linux [4.19.25](https://lwn.net/Articles/780611/)<br>Packages:<br>- docker 18.06.1<br>- ignition 0.30.0<br>- kernel 4.19.25<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2019-03-12T14:35:58+00:00 @@ -662,7 +670,7 @@ https://github.com/flatcar/manifest/releases/tag/v2023.4.0 2023.4.0 - 2023-10-25T10:20:44.642884+00:00 + 2023-11-22T09:59:34.563025+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2023.4.0):<br><br>Security fixes:<br>- Fix Linux use-after-free in `sockfs_setattr` ([CVE-2019-8912](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8912))<br>Packages:<br>- docker 18.06.1<br>- ignition 0.30.0<br>- kernel 4.19.23<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2019-02-27T08:52:33+00:00 @@ -670,7 +678,7 @@ https://github.com/flatcar/manifest/releases/tag/v1967.6.0 1967.6.0 - 2023-10-25T10:20:44.638491+00:00 + 2023-11-22T09:59:34.558555+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1967.6.0):<br><br>Bug fixes:<br>- Fix kernel POSIX timer rearming ([#2549](https://github.com/coreos/bugs/issues/2549))<br>Packages:<br>- docker 18.06.1<br>- ignition 0.28.0<br>- kernel 4.14.96<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2019-02-21T08:40:53+00:00 @@ -678,7 +686,7 @@ https://github.com/flatcar/manifest/releases/tag/v1967.5.0 1967.5.0 - 2023-10-25T10:20:44.634137+00:00 + 2023-11-22T09:59:34.554150+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1967.5.0):<br>Security fixes:<br> - Fix runc container breakout ([CVE-2019-5736](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5736))<br>Packages:<br>- docker 18.06.1<br>- ignition 0.28.0<br>- kernel 4.14.96<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2019-02-14T10:29:38+00:00 @@ -686,7 +694,7 @@ https://github.com/flatcar/manifest/releases/tag/v1967.4.0 1967.4.0 - 2023-10-25T10:20:44.629807+00:00 + 2023-11-22T09:59:34.549776+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1967.4.0):<br><br>Updates:<br>- Linux [4.14.96](https://lwn.net/Articles/777581/)<br>Packages:<br>- docker 18.06.1<br>- ignition 0.28.0<br>- kernel 4.14.96<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2019-01-30T13:45:29+00:00 @@ -694,7 +702,7 @@ https://github.com/flatcar/manifest/releases/tag/v1967.3.1 1967.3.1 - 2023-10-25T10:20:44.625487+00:00 + 2023-11-22T09:59:34.545368+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1967.3.0):<br><br>No changes for stable promotion<br><br>## Flatcar updates<br><br>Changes:<br>- [Fix the previous update of Flatcar](https://github.com/flatcar/coreos-overlay/blob/build-1967.3.1/coreos-base/coreos-init/coreos-init-9999.ebuild#L13) where instead of https://github.com/flatcar/init the upstream coreos-init package was referenced and used accidentally.<br>Packages:<br>- docker 18.06.1<br>- ignition 0.28.0<br>- kernel 4.14.88<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2019-01-28T10:32:57+00:00 @@ -702,7 +710,7 @@ https://github.com/flatcar/manifest/releases/tag/v1967.3.0 1967.3.0 - 2023-10-25T10:20:44.620941+00:00 + 2023-11-22T09:59:34.540725+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1967.3.0):<br><br>No changes for stable promotion<br>Packages:<br>- docker 18.06.1<br>- ignition 0.28.0<br>- kernel 4.14.88<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2019-01-28T11:05:20+00:00 @@ -710,7 +718,7 @@ https://github.com/flatcar/manifest/releases/tag/v1911.5.0 1911.5.0 - 2023-10-25T10:20:44.616607+00:00 + 2023-11-22T09:59:34.536341+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1911.5.0):<br><br>Security fixes:<br>- Fix Go CPU denial of service in X.509 verification ([CVE-2018-16875](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16875))<br>- Fix PolicyKit always authorizing UIDs greater than `INT_MAX` ([CVE-2018-19788](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19788))<br><br>Updates:<br>- Go [1.10.6](https://golang.org/doc/devel/release.html#go1.10.minor)<br>- Go [1.11.3](https://golang.org/doc/devel/release.html#go1.11.minor)<br>- Linux [4.14.84](https://lwn.net/Articles/773114/)<br>Packages:<br>- docker 18.06.1<br>- ignition 0.28.0<br>- kernel 4.14.84<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-12-21T09:08:00+00:00 @@ -718,7 +726,7 @@ https://github.com/flatcar/manifest/releases/tag/v1911.4.0 1911.4.0 - 2023-10-25T10:20:44.611992+00:00 + 2023-11-22T09:59:34.531618+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1911.4.0):<br><br>Security fixes:<br>- Disable containerd CRI plugin to stop it from listening on a TCP port ([#2524](https://github.com/coreos/bugs/issues/2524))<br><br>Updates:<br>- Linux [4.14.81](https://lwn.net/Articles/771885/)<br>Packages:<br>- docker 18.06.1<br>- ignition 0.28.0<br>- kernel 4.14.81<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-11-27T14:54:50+00:00 @@ -726,7 +734,7 @@ https://github.com/flatcar/manifest/releases/tag/v1911.3.0 1911.3.0 - 2023-10-25T10:20:44.607497+00:00 + 2023-11-22T09:59:34.527031+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1911.3.0):<br><br>Security fixes:<br>- Fix systemd re-executing with arbitrary supplied state ([CVE-2018-15686](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15686))<br>- Fix systemd race allowing changing file permissions ([CVE-2018-15687](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15687))<br>- Fix systemd-networkd buffer overflow in the dhcp6 client ([CVE-2018-15688](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15688))<br>Packages:<br>- docker 18.06.1<br>- ignition 0.28.0<br>- kernel 4.14.78<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-11-08T16:14:37+00:00 @@ -734,7 +742,7 @@ https://github.com/flatcar/manifest/releases/tag/v1855.5.0 1855.5.0 - 2023-10-25T10:20:44.602939+00:00 + 2023-11-22T09:59:34.522382+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1855.5.0):<br><br>Security fixes:<br>- Fix Git remote code execution during recursive clone ([CVE-2018-17456](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17456))<br><br>Updates:<br>- Git [2.16.5](https://raw.githubusercontent.com/git/git/v2.16.5/Documentation/RelNotes/2.16.5.txt)<br>- Linux [4.14.74](https://lwn.net/Articles/767628/)<br>Packages:<br>- docker 18.06.1<br>- ignition 0.26.0<br>- kernel 4.14.74<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-10-26T10:13:33+00:00 @@ -742,7 +750,7 @@ https://github.com/flatcar/manifest/releases/tag/v1855.4.2 1855.4.2 - 2023-10-25T10:20:44.598421+00:00 + 2023-11-22T09:59:34.517815+00:00 ## Flatcar updates<br><br>Changes:<br><br>* Add new image signing subkey to `flatcar-install` ([flatcar-linux/init#4](https://github.com/flatcar/init/pull/4))<br><br>Packages:<br>- docker 18.06.1<br>- ignition 0.26.0<br>- kernel 4.14.67<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-10-11T20:17:03+00:00 @@ -750,7 +758,7 @@ https://github.com/flatcar/manifest/releases/tag/v1855.4.0 1855.4.0 - 2023-10-25T10:20:44.594040+00:00 + 2023-11-22T09:59:34.513408+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1855.4.0):<br><br>Bug fixes:<br>- Fix Docker mounting named volumes ([#2497](https://github.com/coreos/bugs/issues/2497))<br><br>Packages:<br>- docker 18.06.1<br>- ignition 0.26.0<br>- kernel 4.14.67<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-09-14T09:59:47+00:00 @@ -758,7 +766,7 @@ https://github.com/flatcar/manifest/releases/tag/v1800.7.0 1800.7.0 - 2023-10-25T10:20:44.589697+00:00 + 2023-11-22T09:59:34.508945+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1800.7.0):<br><br>Security fixes:<br>- Fix Linux remote denial of service ([FragmentSmack](https://access.redhat.com/security/cve/cve-2018-5391), [CVE-2018-5391](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5391))<br>- Fix Linux privileged memory access via speculative execution ([L1TF/Foreshadow](https://foreshadowattack.eu/), [CVE-2018-3620](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3620), [CVE-2018-3646](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3646))<br><br>Updates:<br>- intel-microcode [20180703](https://downloadcenter.intel.com/download/27945/Linux-Processor-Microcode-Data-File)<br>- Linux [4.14.63](https://lwn.net/Articles/762808/)<br>Packages:<br>- docker 18.03.1<br>- ignition 0.25.1<br>- kernel 4.14.63<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-08-17T12:07:54+00:00 @@ -766,7 +774,7 @@ https://github.com/flatcar/manifest/releases/tag/v1800.6.0 1800.6.0 - 2023-10-25T10:20:44.584999+00:00 + 2023-11-22T09:59:34.504178+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1800.6.0):<br><br>Security fixes:<br>- Fix Linux local denial of service as Xen PV guest ([CVE-2018-14678](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14678))<br><br>Bug fixes:<br>- Fix failure to mount large ext4 filesystems ([#2485](https://github.com/coreos/bugs/issues/2485))<br>Packages:<br>- docker 18.03.1<br>- ignition 0.25.1<br>- kernel 4.14.59<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-08-08T10:49:51+00:00 @@ -774,7 +782,7 @@ https://github.com/flatcar/manifest/releases/tag/v1800.5.0 1800.5.0 - 2023-10-25T10:20:44.580491+00:00 + 2023-11-22T09:59:34.499635+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1800.5.0):<br><br>Bug fixes:<br>- Fix kernel CIFS client ([#2480](https://github.com/coreos/bugs/issues/2480))<br><br>Updates:<br>- Linux [4.14.59](https://lwn.net/Articles/761180/)<br>Packages:<br>- docker 18.03.1<br>- ignition 0.25.1<br>- kernel 4.14.59<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-07-31T09:16:01+00:00 @@ -782,7 +790,7 @@ https://github.com/flatcar/manifest/releases/tag/v1800.4.0 1800.4.0 - 2023-10-25T10:20:44.576027+00:00 + 2023-11-22T09:59:34.495146+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1800.4.0):<br><br>No changes for stable promotion<br>Packages:<br>- docker 18.03.1<br>- ignition 0.25.1<br>- kernel 4.14.55<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-07-26T09:38:46+00:00 @@ -790,7 +798,7 @@ https://github.com/flatcar/manifest/releases/tag/v1745.7.0 1745.7.0 - 2023-10-25T10:20:44.571697+00:00 + 2023-11-22T09:59:34.490775+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1745.7.0):<br><br>Bug fixes:<br>- Fix TCP connection stalls ([#2457](https://github.com/coreos/bugs/issues/2457))<br>Packages:<br>- docker 18.03.1<br>- ignition 0.24.1<br>- kernel 4.14.48<br>- rkt 1.29.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-06-15T14:51:25+00:00 @@ -798,7 +806,7 @@ https://github.com/flatcar/manifest/releases/tag/v1745.6.0 1745.6.0 - 2023-10-25T10:20:44.567278+00:00 + 2023-11-22T09:59:34.486363+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1745.6.0):<br><br>Bug fixes:<br>- Fix Hyper-V network driver regression ([#2454](https://github.com/coreos/bugs/issues/2454))<br><br>Updates:<br>- Linux [4.14.48](https://lwn.net/Articles/756652/)<br>Packages:<br>- docker 18.03.1<br>- ignition 0.24.1<br>- kernel 4.14.48<br>- rkt 1.29.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-06-13T13:21:16+00:00 @@ -806,7 +814,7 @@ https://github.com/flatcar/manifest/releases/tag/v1745.5.0 1745.5.0 - 2023-10-25T10:20:44.562719+00:00 + 2023-11-22T09:59:34.481860+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1745.5.0):<br><br>Security fixes:<br>- Fix Git arbitrary code execution when cloning untrusted repositories ([CVE-2018-11235](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11235))<br><br>Bug fixes:<br>- Fix failure to set network interface MTU ([#2443](https://github.com/coreos/bugs/issues/2443))<br><br>Updates:<br>- Git [2.16.4](https://raw.githubusercontent.com/git/git/v2.16.4/Documentation/RelNotes/2.16.4.txt)<br>- Linux [4.14.44](https://lwn.net/Articles/755717/)<br>Packages:<br>- docker 18.03.1<br>- ignition 0.24.1<br>- kernel 4.14.44<br>- rkt 1.29.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-06-01T13:23:44+00:00 @@ -814,7 +822,7 @@ https://github.com/flatcar/manifest/releases/tag/v1745.4.0 1745.4.0 - 2023-10-25T10:20:44.558138+00:00 + 2023-11-22T09:59:34.477191+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1745.4.0):<br><br>Bug fixes:<br>- Fix inadvertent change of network interface names ([#2437](https://github.com/coreos/bugs/issues/2437))<br>Packages:<br>- docker 18.03.1<br>- ignition 0.24.1<br>- kernel 4.14.42<br>- rkt 1.29.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-05-27T09:02:48+00:00 @@ -822,7 +830,7 @@ https://github.com/flatcar/manifest/releases/tag/v1745.3.1 1745.3.1 - 2023-10-25T10:20:44.553804+00:00 + 2023-11-22T09:59:34.472807+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1745.3.1):<br><br>Updates:<br>- Ignition [0.24.1](https://github.com/coreos/ignition/releases/tag/v0.24.1)<br>- Linux [4.14.42](https://lwn.net/Articles/754972/)<br>Packages:<br>- docker 18.03.1<br>- ignition 0.24.1<br>- kernel 4.14.42<br>- rkt 1.29.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-05-26T15:29:48+00:00 @@ -830,7 +838,7 @@ https://github.com/flatcar/manifest/releases/tag/v1688.5.3 1688.5.3 - 2023-10-25T10:20:44.549416+00:00 + 2023-11-22T09:59:34.468348+00:00 ## Flatcar updates<br><br>Initial Flatcar release.<br><br>Bug fixes:<br>- Fix GRUB crash at boot ([#2284](https://github.com/coreos/bugs/issues/2284))<br>- Fix [poweroff problems](https://groups.google.com/forum/#!topic/coreos-user/YcGkRHU9SvQ) ([#8080](https://github.com/systemd/systemd/pull/8080))<br><br>Notes:<br>- Previous test images have been removed from the release servers. This is due to a new update key being generated using our updated security policy which we [included](https://github.com/flatcar/coreos-overlay/pull/6) in the first public image.<br><br>## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1688.5.3):<br><br>Bug fixes:<br>- ~~Avoid GRUB crash at boot ([#2284](https://github.com/coreos/bugs/issues/2284))~~ We've included the [real fix for this](https://github.com/flatcar/grub/commit/8281b03be34552e744fd08aae78b38704e2562b5).<br>- Fix kernel panic with vxlan ([#2382](https://github.com/coreos/bugs/issues/2382))<br>Packages:<br>- docker 17.12.1<br>- ignition 0.22.0<br>- kernel 4.14.32<br>- rkt 1.29.0<br>- systemd 237<br><br>Architectures:<br>- amd64<br> 2018-04-25T14:36:41+00:00 @@ -838,7 +846,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2605.15.1 2605.15.1 - 2023-10-25T10:20:44.253299+00:00 + 2023-11-22T09:59:34.169312+00:00 <br>**Security fixes**<br><br><br><br>* Linux ([CVE-2021-28964](https://nvd.nist.gov/vuln/detail/CVE-2021-28964), [CVE-2021-28972](https://nvd.nist.gov/vuln/detail/CVE-2021-28972), [CVE-2021-28971](https://nvd.nist.gov/vuln/detail/CVE-2021-28971), [CVE-2021-28688](https://nvd.nist.gov/vuln/detail/CVE-2021-28688), [CVE-2021-29264](https://nvd.nist.gov/vuln/detail/CVE-2021-29264),[CVE-2021-29647](https://nvd.nist.gov/vuln/detail/CVE-2021-29647), [CVE-2021-29650](https://nvd.nist.gov/vuln/detail/CVE-2021-29650), [CVE-2021-29154](https://nvd.nist.gov/vuln/detail/CVE-2021-29154), [CVE-2021-23133](https://nvd.nist.gov/vuln/detail/CVE-2021-23133))<br><br>**Bug fixes**<br><br><br><br>* Fix the patch to update DefaultTasksMax in systemd ([coreos-overlay#971](https://github.com/kinvolk/coreos-overlay/pull/971))<br><br>**Updates**<br><br><br><br>* Linux ([5.4.114](https://lwn.net/Articles/853763/))<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.4.114<br>- systemd 246<br><br>Architectures:<br>- amd64<br> 2021-04-28T13:38:02+00:00 @@ -846,7 +854,7 @@ https://github.com/flatcar/scripts/releases/tag/lts-3510.3.1 3510.3.1 - 2023-10-25T10:20:44.218829+00:00 + 2023-11-22T09:59:34.134441+00:00 _Changes since **LTS 3510.3.0**_<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2023-31085](https://nvd.nist.gov/vuln/detail/CVE-2023-31085), [CVE-2023-34324](https://nvd.nist.gov/vuln/detail/CVE-2023-34324), [CVE-2023-4244](https://nvd.nist.gov/vuln/detail/CVE-2023-4244), [CVE-2023-42754](https://nvd.nist.gov/vuln/detail/CVE-2023-42754), [CVE-2023-42755](https://nvd.nist.gov/vuln/detail/CVE-2023-42755), [CVE-2023-5197](https://nvd.nist.gov/vuln/detail/CVE-2023-5197))<br> - curl ([CVE-2023-38545](https://nvd.nist.gov/vuln/detail/CVE-2023-38545), [CVE-2023-38546](https://nvd.nist.gov/vuln/detail/CVE-2023-38546)) <br> <br> #### Bug fixes:<br> <br> - Disabled systemd-networkd's RoutesToDNS setting by default to fix provisioning failures observed in VMs with multiple network interfaces on Azure ([scripts#1206](https://github.com/flatcar/scripts/pull/1206))<br> - Triggered re-reading of partition table to fix adding partitions to the boot disk ([scripts#1202](https://github.com/flatcar/scripts/pull/1202))<br> <br> #### Changes:<br> <br> - To make Kubernetes work by default, `/usr/libexec/kubernetes/kubelet-plugins/volume/exec` is now a symlink to the writable folder `/var/kubernetes/kubelet-plugins/volume/exec` ([Flatcar#1193](https://github.com/flatcar/Flatcar/issues/1193))<br> <br> #### Updates:<br> <br> - Linux ([5.15.136](https://lwn.net/Articles/948297) (includes [5.15.135](https://lwn.net/Articles/947299), [5.15.134](https://lwn.net/Articles/946855), [5.15.133](https://lwn.net/Articles/945380)))<br> - ca-certificates ([3.94](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_94.html))<br>Packages:<br>- containerd 1.6.16<br>- docker 20.10.23<br>- ignition 2.14.0<br>- kernel 5.15.136<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-10-25T08:41:08+00:00 @@ -854,7 +862,7 @@ https://github.com/flatcar/scripts/releases/tag/lts-3510.3.0 3510.3.0 - 2023-10-25T10:20:44.213126+00:00 + 2023-11-22T09:59:34.128714+00:00 _Changes since **Stable 3510.2.8**_<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2023-42752](https://nvd.nist.gov/vuln/detail/CVE-2023-42752), [CVE-2023-42753](https://nvd.nist.gov/vuln/detail/CVE-2023-42753), [CVE-2023-4623](https://nvd.nist.gov/vuln/detail/CVE-2023-4623), [CVE-2023-4921](https://nvd.nist.gov/vuln/detail/CVE-2023-4921))<br> <br> #### Bug fixes:<br> <br> <br> #### Changes:<br> <br> - Use qcow2 compressed format instead of additional compression layer in Qemu images ([Flatcar#1135](https://github.com/flatcar/Flatcar/issues/1135), [scripts#1132](https://github.com/flatcar/scripts/pull/1132))<br> <br> #### Updates:<br> <br> - Linux ([5.15.132](https://lwn.net/Articles/944877) (includes [5.15.131](https://lwn.net/Articles/943755), [5.15.130](https://lwn.net/Articles/943404)))<br><br><br>**Changes compared to LTS-2022 3033.3.17**<br><br> #### Security fixes:<br> <br> - Linux ([CVE-2019-15794](https://nvd.nist.gov/vuln/detail/CVE-2019-15794),[CVE-2020-16119](https://nvd.nist.gov/vuln/detail/CVE-2020-16119),[CVE-2020-24586](https://nvd.nist.gov/vuln/detail/CVE-2020-24586),[CVE-2020-24587](https://nvd.nist.gov/vuln/detail/CVE-2020-24587),[CVE-2020-24588](https://nvd.nist.gov/vuln/detail/CVE-2020-24588),[CVE-2020-25639](https://nvd.nist.gov/vuln/detail/CVE-2020-25639),[CVE-2020-25670](https://nvd.nist.gov/vuln/detail/CVE-2020-25670),[CVE-2020-25671](https://nvd.nist.gov/vuln/detail/CVE-2020-25671),[CVE-2020-25672](https://nvd.nist.gov/vuln/detail/CVE-2020-25672),[CVE-2020-25673](https://nvd.nist.gov/vuln/detail/CVE-2020-25673),[CVE-2020-26139](https://nvd.nist.gov/vuln/detail/CVE-2020-26139),[CVE-2020-26141](https://nvd.nist.gov/vuln/detail/CVE-2020-26141),[CVE-2020-26145](https://nvd.nist.gov/vuln/detail/CVE-2020-26145),[CVE-2020-26147](https://nvd.nist.gov/vuln/detail/CVE-2020-26147),[CVE-2020-26541](https://nvd.nist.gov/vuln/detail/CVE-2020-26541),[CVE-2020-26555](https://nvd.nist.gov/vuln/detail/CVE-2020-26555),[CVE-2020-26558](https://nvd.nist.gov/vuln/detail/CVE-2020-26558),[CVE-2020-27170](https://nvd.nist.gov/vuln/detail/CVE-2020-27170),[CVE-2020-27171](https://nvd.nist.gov/vuln/detail/CVE-2020-27171),[CVE-2020-27820](https://nvd.nist.gov/vuln/detail/CVE-2020-27820),[CVE-2020-36516](https://nvd.nist.gov/vuln/detail/CVE-2020-36516),[CVE-2021-0129](https://nvd.nist.gov/vuln/detail/CVE-2021-0129),[CVE-2021-0512](https://nvd.nist.gov/vuln/detail/CVE-2021-0512),[CVE-2021-0920](https://nvd.nist.gov/vuln/detail/CVE-2021-0920),[CVE-2021-0937](https://nvd.nist.gov/vuln/detail/CVE-2021-0937),[CVE-2021-0941](https://nvd.nist.gov/vuln/detail/CVE-2021-0941),[CVE-2021-20320](https://nvd.nist.gov/vuln/detail/CVE-2021-20320),[CVE-2021-20321](https://nvd.nist.gov/vuln/detail/CVE-2021-20321),[CVE-2021-20322](https://nvd.nist.gov/vuln/detail/CVE-2021-20322),[CVE-2021-22543](https://nvd.nist.gov/vuln/detail/CVE-2021-22543),[CVE-2021-22555](https://nvd.nist.gov/vuln/detail/CVE-2021-22555),[CVE-2021-22600](https://nvd.nist.gov/vuln/detail/CVE-2021-22600),[CVE-2021-23133](https://nvd.nist.gov/vuln/detail/CVE-2021-23133),[CVE-2021-23134](https://nvd.nist.gov/vuln/detail/CVE-2021-23134),[CVE-2021-26401](https://nvd.nist.gov/vuln/detail/CVE-2021-26401),[CVE-2021-26930](https://nvd.nist.gov/vuln/detail/CVE-2021-26930),[CVE-2021-26931](https://nvd.nist.gov/vuln/detail/CVE-2021-26931),[CVE-2021-26932](https://nvd.nist.gov/vuln/detail/CVE-2021-26932),[CVE-2021-27363](https://nvd.nist.gov/vuln/detail/CVE-2021-27363),[CVE-2021-27364](https://nvd.nist.gov/vuln/detail/CVE-2021-27364),[CVE-2021-27365](https://nvd.nist.gov/vuln/detail/CVE-2021-27365),[CVE-2021-28038](https://nvd.nist.gov/vuln/detail/CVE-2021-28038),[CVE-2021-28039](https://nvd.nist.gov/vuln/detail/CVE-2021-28039),[CVE-2021-28375](https://nvd.nist.gov/vuln/detail/CVE-2021-28375),[CVE-2021-28660](https://nvd.nist.gov/vuln/detail/CVE-2021-28660),[CVE-2021-28688](https://nvd.nist.gov/vuln/detail/CVE-2021-28688),[CVE-2021-28691](https://nvd.nist.gov/vuln/detail/CVE-2021-28691),[CVE-2021-28711](https://nvd.nist.gov/vuln/detail/CVE-2021-28711),[CVE-2021-28712](https://nvd.nist.gov/vuln/detail/CVE-2021-28712),[CVE-2021-28713](https://nvd.nist.gov/vuln/detail/CVE-2021-28713),[CVE-2021-28714](https://nvd.nist.gov/vuln/detail/CVE-2021-28714),[CVE-2021-28715](https://nvd.nist.gov/vuln/detail/CVE-2021-28715),[CVE-2021-28950](https://nvd.nist.gov/vuln/detail/CVE-2021-28950),[CVE-2021-28951](https://nvd.nist.gov/vuln/detail/CVE-2021-28951),[CVE-2021-28952](https://nvd.nist.gov/vuln/detail/CVE-2021-28952),[CVE-2021-28964](https://nvd.nist.gov/vuln/detail/CVE-2021-28964),[CVE-2021-28971](https://nvd.nist.gov/vuln/detail/CVE-2021-28971),[CVE-2021-28972](https://nvd.nist.gov/vuln/detail/CVE-2021-28972),[CVE-2021-29154](https://nvd.nist.gov/vuln/detail/CVE-2021-29154),[CVE-2021-29155](https://nvd.nist.gov/vuln/detail/CVE-2021-29155),[CVE-2021-29264](https://nvd.nist.gov/vuln/detail/CVE-2021-29264),[CVE-2021-29265](https://nvd.nist.gov/vuln/detail/CVE-2021-29265),[CVE-2021-29266](https://nvd.nist.gov/vuln/detail/CVE-2021-29266),[CVE-2021-29646](https://nvd.nist.gov/vuln/detail/CVE-2021-29646),[CVE-2021-29647](https://nvd.nist.gov/vuln/detail/CVE-2021-29647),[CVE-2021-29648](https://nvd.nist.gov/vuln/detail/CVE-2021-29648),[CVE-2021-29649](https://nvd.nist.gov/vuln/detail/CVE-2021-29649),[CVE-2021-29650](https://nvd.nist.gov/vuln/detail/CVE-2021-29650),[CVE-2021-29657](https://nvd.nist.gov/vuln/detail/CVE-2021-29657),[CVE-2021-30002](https://nvd.nist.gov/vuln/detail/CVE-2021-30002),[CVE-2021-31440](https://nvd.nist.gov/vuln/detail/CVE-2021-31440),[CVE-2021-31829](https://nvd.nist.gov/vuln/detail/CVE-2021-31829),[CVE-2021-31916](https://nvd.nist.gov/vuln/detail/CVE-2021-31916),[CVE-2021-32399](https://nvd.nist.gov/vuln/detail/CVE-2021-32399),[CVE-2021-32606](https://nvd.nist.gov/vuln/detail/CVE-2021-32606),[CVE-2021-33033](https://nvd.nist.gov/vuln/detail/CVE-2021-33033),[CVE-2021-33034](https://nvd.nist.gov/vuln/detail/CVE-2021-33034),[CVE-2021-33098](https://nvd.nist.gov/vuln/detail/CVE-2021-33098),[CVE-2021-33135](https://nvd.nist.gov/vuln/detail/CVE-2021-33135),[CVE-2021-33200](https://nvd.nist.gov/vuln/detail/CVE-2021-33200),[CVE-2021-33624](https://nvd.nist.gov/vuln/detail/CVE-2021-33624),[CVE-2021-33655](https://nvd.nist.gov/vuln/detail/CVE-2021-33655),[CVE-2021-33909](https://nvd.nist.gov/vuln/detail/CVE-2021-33909),[CVE-2021-3444](https://nvd.nist.gov/vuln/detail/CVE-2021-3444),[CVE-2021-34556](https://nvd.nist.gov/vuln/detail/CVE-2021-34556),[CVE-2021-34693](https://nvd.nist.gov/vuln/detail/CVE-2021-34693),[CVE-2021-3483](https://nvd.nist.gov/vuln/detail/CVE-2021-3483),[CVE-2021-34866](https://nvd.nist.gov/vuln/detail/CVE-2021-34866),[CVE-2021-3489](https://nvd.nist.gov/vuln/detail/CVE-2021-3489),[CVE-2021-3490](https://nvd.nist.gov/vuln/detail/CVE-2021-3490),[CVE-2021-3491](https://nvd.nist.gov/vuln/detail/CVE-2021-3491),[CVE-2021-34981](https://nvd.nist.gov/vuln/detail/CVE-2021-34981),[CVE-2021-3501](https://nvd.nist.gov/vuln/detail/CVE-2021-3501),[CVE-2021-35039](https://nvd.nist.gov/vuln/detail/CVE-2021-35039),[CVE-2021-3506](https://nvd.nist.gov/vuln/detail/CVE-2021-3506),[CVE-2021-3543](https://nvd.nist.gov/vuln/detail/CVE-2021-3543),[CVE-2021-35477](https://nvd.nist.gov/vuln/detail/CVE-2021-35477),[CVE-2021-3564](https://nvd.nist.gov/vuln/detail/CVE-2021-3564),[CVE-2021-3573](https://nvd.nist.gov/vuln/detail/CVE-2021-3573),[CVE-2021-3600](https://nvd.nist.gov/vuln/detail/CVE-2021-3600),[CVE-2021-3609](https://nvd.nist.gov/vuln/detail/CVE-2021-3609),[CVE-2021-3612](https://nvd.nist.gov/vuln/detail/CVE-2021-3612),[CVE-2021-3640](https://nvd.nist.gov/vuln/detail/CVE-2021-3640),[CVE-2021-3653](https://nvd.nist.gov/vuln/detail/CVE-2021-3653),[CVE-2021-3655](https://nvd.nist.gov/vuln/detail/CVE-2021-3655),[CVE-2021-3656](https://nvd.nist.gov/vuln/detail/CVE-2021-3656),[CVE-2021-3659](https://nvd.nist.gov/vuln/detail/CVE-2021-3659),[CVE-2021-3679](https://nvd.nist.gov/vuln/detail/CVE-2021-3679),[CVE-2021-37159](https://nvd.nist.gov/vuln/detail/CVE-2021-37159),[CVE-2021-3732](https://nvd.nist.gov/vuln/detail/CVE-2021-3732),[CVE-2021-3736](https://nvd.nist.gov/vuln/detail/CVE-2021-3736),[CVE-2021-3739](https://nvd.nist.gov/vuln/detail/CVE-2021-3739),[CVE-2021-3743](https://nvd.nist.gov/vuln/detail/CVE-2021-3743),[CVE-2021-3744](https://nvd.nist.gov/vuln/detail/CVE-2021-3744),[CVE-2021-3752](https://nvd.nist.gov/vuln/detail/CVE-2021-3752),[CVE-2021-3753](https://nvd.nist.gov/vuln/detail/CVE-2021-3753),[CVE-2021-37576](https://nvd.nist.gov/vuln/detail/CVE-2021-37576),[CVE-2021-3760](https://nvd.nist.gov/vuln/detail/CVE-2021-3760),[CVE-2021-3764](https://nvd.nist.gov/vuln/detail/CVE-2021-3764),[CVE-2021-3772](https://nvd.nist.gov/vuln/detail/CVE-2021-3772),[CVE-2021-38166](https://nvd.nist.gov/vuln/detail/CVE-2021-38166),[CVE-2021-38198](https://nvd.nist.gov/vuln/detail/CVE-2021-38198),[CVE-2021-38199](https://nvd.nist.gov/vuln/detail/CVE-2021-38199),[CVE-2021-38200](https://nvd.nist.gov/vuln/detail/CVE-2021-38200),[CVE-2021-38201](https://nvd.nist.gov/vuln/detail/CVE-2021-38201),[CVE-2021-38202](https://nvd.nist.gov/vuln/detail/CVE-2021-38202),[CVE-2021-38203](https://nvd.nist.gov/vuln/detail/CVE-2021-38203),[CVE-2021-38204](https://nvd.nist.gov/vuln/detail/CVE-2021-38204),[CVE-2021-38205](https://nvd.nist.gov/vuln/detail/CVE-2021-38205),[CVE-2021-38206](https://nvd.nist.gov/vuln/detail/CVE-2021-38206),[CVE-2021-38207](https://nvd.nist.gov/vuln/detail/CVE-2021-38207),[CVE-2021-38208](https://nvd.nist.gov/vuln/detail/CVE-2021-38208),[CVE-2021-38209](https://nvd.nist.gov/vuln/detail/CVE-2021-38209),[CVE-2021-38300](https://nvd.nist.gov/vuln/detail/CVE-2021-38300),[CVE-2021-3923](https://nvd.nist.gov/vuln/detail/CVE-2021-3923),[CVE-2021-39633](https://nvd.nist.gov/vuln/detail/CVE-2021-39633),[CVE-2021-39656](https://nvd.nist.gov/vuln/detail/CVE-2021-39656),[CVE-2021-39685](https://nvd.nist.gov/vuln/detail/CVE-2021-39685),[CVE-2021-39686](https://nvd.nist.gov/vuln/detail/CVE-2021-39686),[CVE-2021-39698](https://nvd.nist.gov/vuln/detail/CVE-2021-39698),[CVE-2021-4001](https://nvd.nist.gov/vuln/detail/CVE-2021-4001),[CVE-2021-4002](https://nvd.nist.gov/vuln/detail/CVE-2021-4002),[CVE-2021-4028](https://nvd.nist.gov/vuln/detail/CVE-2021-4028),[CVE-2021-40490](https://nvd.nist.gov/vuln/detail/CVE-2021-40490),[CVE-2021-4083](https://nvd.nist.gov/vuln/detail/CVE-2021-4083),[CVE-2021-4090](https://nvd.nist.gov/vuln/detail/CVE-2021-4090),[CVE-2021-4093](https://nvd.nist.gov/vuln/detail/CVE-2021-4093),[CVE-2021-41073](https://nvd.nist.gov/vuln/detail/CVE-2021-41073),[CVE-2021-4135](https://nvd.nist.gov/vuln/detail/CVE-2021-4135),[CVE-2021-4148](https://nvd.nist.gov/vuln/detail/CVE-2021-4148),[CVE-2021-4149](https://nvd.nist.gov/vuln/detail/CVE-2021-4149),[CVE-2021-4154](https://nvd.nist.gov/vuln/detail/CVE-2021-4154),[CVE-2021-4155](https://nvd.nist.gov/vuln/detail/CVE-2021-4155),[CVE-2021-4157](https://nvd.nist.gov/vuln/detail/CVE-2021-4157),[CVE-2021-41864](https://nvd.nist.gov/vuln/detail/CVE-2021-41864),[CVE-2021-4197](https://nvd.nist.gov/vuln/detail/CVE-2021-4197),[CVE-2021-42008](https://nvd.nist.gov/vuln/detail/CVE-2021-42008),[CVE-2021-4202](https://nvd.nist.gov/vuln/detail/CVE-2021-4202),[CVE-2021-4203](https://nvd.nist.gov/vuln/detail/CVE-2021-4203),[CVE-2021-42252](https://nvd.nist.gov/vuln/detail/CVE-2021-42252),[CVE-2021-42327](https://nvd.nist.gov/vuln/detail/CVE-2021-42327),[CVE-2021-42739](https://nvd.nist.gov/vuln/detail/CVE-2021-42739),[CVE-2021-43056](https://nvd.nist.gov/vuln/detail/CVE-2021-43056),[CVE-2021-43057](https://nvd.nist.gov/vuln/detail/CVE-2021-43057),[CVE-2021-43267](https://nvd.nist.gov/vuln/detail/CVE-2021-43267),[CVE-2021-43389](https://nvd.nist.gov/vuln/detail/CVE-2021-43389),[CVE-2021-43975](https://nvd.nist.gov/vuln/detail/CVE-2021-43975),[CVE-2021-43976](https://nvd.nist.gov/vuln/detail/CVE-2021-43976),[CVE-2021-44733](https://nvd.nist.gov/vuln/detail/CVE-2021-44733),[CVE-2021-44879](https://nvd.nist.gov/vuln/detail/CVE-2021-44879),[CVE-2021-45095](https://nvd.nist.gov/vuln/detail/CVE-2021-45095),[CVE-2021-45100](https://nvd.nist.gov/vuln/detail/CVE-2021-45100),[CVE-2021-45402](https://nvd.nist.gov/vuln/detail/CVE-2021-45402),[CVE-2021-45469](https://nvd.nist.gov/vuln/detail/CVE-2021-45469),[CVE-2021-45480](https://nvd.nist.gov/vuln/detail/CVE-2021-45480),[CVE-2021-45485](https://nvd.nist.gov/vuln/detail/CVE-2021-45485),[CVE-2021-45486](https://nvd.nist.gov/vuln/detail/CVE-2021-45486),[CVE-2021-45868](https://nvd.nist.gov/vuln/detail/CVE-2021-45868),[CVE-2021-46283](https://nvd.nist.gov/vuln/detail/CVE-2021-46283),[CVE-2022-0001](https://nvd.nist.gov/vuln/detail/CVE-2022-0001),[CVE-2022-0002](https://nvd.nist.gov/vuln/detail/CVE-2022-0002),[CVE-2022-0168](https://nvd.nist.gov/vuln/detail/CVE-2022-0168),[CVE-2022-0171](https://nvd.nist.gov/vuln/detail/CVE-2022-0171),[CVE-2022-0185](https://nvd.nist.gov/vuln/detail/CVE-2022-0185),[CVE-2022-0264](https://nvd.nist.gov/vuln/detail/CVE-2022-0264),[CVE-2022-0286](https://nvd.nist.gov/vuln/detail/CVE-2022-0286),[CVE-2022-0322](https://nvd.nist.gov/vuln/detail/CVE-2022-0322),[CVE-2022-0330](https://nvd.nist.gov/vuln/detail/CVE-2022-0330),[CVE-2022-0382](https://nvd.nist.gov/vuln/detail/CVE-2022-0382),[CVE-2022-0435](https://nvd.nist.gov/vuln/detail/CVE-2022-0435),[CVE-2022-0487](https://nvd.nist.gov/vuln/detail/CVE-2022-0487),[CVE-2022-0492](https://nvd.nist.gov/vuln/detail/CVE-2022-0492),[CVE-2022-0494](https://nvd.nist.gov/vuln/detail/CVE-2022-0494),[CVE-2022-0500](https://nvd.nist.gov/vuln/detail/CVE-2022-0500),[CVE-2022-0516](https://nvd.nist.gov/vuln/detail/CVE-2022-0516),[CVE-2022-0617](https://nvd.nist.gov/vuln/detail/CVE-2022-0617),[CVE-2022-0742](https://nvd.nist.gov/vuln/detail/CVE-2022-0742),[CVE-2022-0847](https://nvd.nist.gov/vuln/detail/CVE-2022-0847),[CVE-2022-0850](https://nvd.nist.gov/vuln/detail/CVE-2022-0850),[CVE-2022-0995](https://nvd.nist.gov/vuln/detail/CVE-2022-0995),[CVE-2022-1011](https://nvd.nist.gov/vuln/detail/CVE-2022-1011),[CVE-2022-1012](https://nvd.nist.gov/vuln/detail/CVE-2022-1012),[CVE-2022-1015](https://nvd.nist.gov/vuln/detail/CVE-2022-1015),[CVE-2022-1016](https://nvd.nist.gov/vuln/detail/CVE-2022-1016),[CVE-2022-1043](https://nvd.nist.gov/vuln/detail/CVE-2022-1043),[CVE-2022-1048](https://nvd.nist.gov/vuln/detail/CVE-2022-1048),[CVE-2022-1055](https://nvd.nist.gov/vuln/detail/CVE-2022-1055),[CVE-2022-1158](https://nvd.nist.gov/vuln/detail/CVE-2022-1158),[CVE-2022-1184](https://nvd.nist.gov/vuln/detail/CVE-2022-1184),[CVE-2022-1195](https://nvd.nist.gov/vuln/detail/CVE-2022-1195),[CVE-2022-1198](https://nvd.nist.gov/vuln/detail/CVE-2022-1198),[CVE-2022-1199](https://nvd.nist.gov/vuln/detail/CVE-2022-1199),[CVE-2022-1204](https://nvd.nist.gov/vuln/detail/CVE-2022-1204),[CVE-2022-1263](https://nvd.nist.gov/vuln/detail/CVE-2022-1263),[CVE-2022-1353](https://nvd.nist.gov/vuln/detail/CVE-2022-1353),[CVE-2022-1462](https://nvd.nist.gov/vuln/detail/CVE-2022-1462),[CVE-2022-1516](https://nvd.nist.gov/vuln/detail/CVE-2022-1516),[CVE-2022-1651](https://nvd.nist.gov/vuln/detail/CVE-2022-1651),[CVE-2022-1652](https://nvd.nist.gov/vuln/detail/CVE-2022-1652),[CVE-2022-1671](https://nvd.nist.gov/vuln/detail/CVE-2022-1671),[CVE-2022-1679](https://nvd.nist.gov/vuln/detail/CVE-2022-1679),[CVE-2022-1729](https://nvd.nist.gov/vuln/detail/CVE-2022-1729),[CVE-2022-1734](https://nvd.nist.gov/vuln/detail/CVE-2022-1734),[CVE-2022-1789](https://nvd.nist.gov/vuln/detail/CVE-2022-1789),[CVE-2022-1852](https://nvd.nist.gov/vuln/detail/CVE-2022-1852),[CVE-2022-1943](https://nvd.nist.gov/vuln/detail/CVE-2022-1943),[CVE-2022-1973](https://nvd.nist.gov/vuln/detail/CVE-2022-1973),[CVE-2022-1974](https://nvd.nist.gov/vuln/detail/CVE-2022-1974),[CVE-2022-1975](https://nvd.nist.gov/vuln/detail/CVE-2022-1975),[CVE-2022-1998](https://nvd.nist.gov/vuln/detail/CVE-2022-1998),[CVE-2022-20008](https://nvd.nist.gov/vuln/detail/CVE-2022-20008),[CVE-2022-20132](https://nvd.nist.gov/vuln/detail/CVE-2022-20132),[CVE-2022-20141](https://nvd.nist.gov/vuln/detail/CVE-2022-20141),[CVE-2022-20148](https://nvd.nist.gov/vuln/detail/CVE-2022-20148),[CVE-2022-20154](https://nvd.nist.gov/vuln/detail/CVE-2022-20154),[CVE-2022-20158](https://nvd.nist.gov/vuln/detail/CVE-2022-20158),[CVE-2022-20368](https://nvd.nist.gov/vuln/detail/CVE-2022-20368),[CVE-2022-20369](https://nvd.nist.gov/vuln/detail/CVE-2022-20369),[CVE-2022-20421](https://nvd.nist.gov/vuln/detail/CVE-2022-20421),[CVE-2022-20422](https://nvd.nist.gov/vuln/detail/CVE-2022-20422),[CVE-2022-20566](https://nvd.nist.gov/vuln/detail/CVE-2022-20566),[CVE-2022-20572](https://nvd.nist.gov/vuln/detail/CVE-2022-20572),[CVE-2022-2078](https://nvd.nist.gov/vuln/detail/CVE-2022-2078),[CVE-2022-21123](https://nvd.nist.gov/vuln/detail/CVE-2022-21123),[CVE-2022-21125](https://nvd.nist.gov/vuln/detail/CVE-2022-21125),[CVE-2022-21166](https://nvd.nist.gov/vuln/detail/CVE-2022-21166),[CVE-2022-21499](https://nvd.nist.gov/vuln/detail/CVE-2022-21499),[CVE-2022-21505](https://nvd.nist.gov/vuln/detail/CVE-2022-21505),[CVE-2022-2153](https://nvd.nist.gov/vuln/detail/CVE-2022-2153),[CVE-2022-2196](https://nvd.nist.gov/vuln/detail/CVE-2022-2196),[CVE-2022-22942](https://nvd.nist.gov/vuln/detail/CVE-2022-22942),[CVE-2022-23036](https://nvd.nist.gov/vuln/detail/CVE-2022-23036),[CVE-2022-23037](https://nvd.nist.gov/vuln/detail/CVE-2022-23037),[CVE-2022-23038](https://nvd.nist.gov/vuln/detail/CVE-2022-23038),[CVE-2022-23039](https://nvd.nist.gov/vuln/detail/CVE-2022-23039),[CVE-2022-23040](https://nvd.nist.gov/vuln/detail/CVE-2022-23040),[CVE-2022-23041](https://nvd.nist.gov/vuln/detail/CVE-2022-23041),[CVE-2022-23042](https://nvd.nist.gov/vuln/detail/CVE-2022-23042),[CVE-2022-2308](https://nvd.nist.gov/vuln/detail/CVE-2022-2308),[CVE-2022-2318](https://nvd.nist.gov/vuln/detail/CVE-2022-2318),[CVE-2022-23222](https://nvd.nist.gov/vuln/detail/CVE-2022-23222),[CVE-2022-2380](https://nvd.nist.gov/vuln/detail/CVE-2022-2380),[CVE-2022-23960](https://nvd.nist.gov/vuln/detail/CVE-2022-23960),[CVE-2022-24122](https://nvd.nist.gov/vuln/detail/CVE-2022-24122),[CVE-2022-24448](https://nvd.nist.gov/vuln/detail/CVE-2022-24448),[CVE-2022-24958](https://nvd.nist.gov/vuln/detail/CVE-2022-24958),[CVE-2022-24959](https://nvd.nist.gov/vuln/detail/CVE-2022-24959),[CVE-2022-2503](https://nvd.nist.gov/vuln/detail/CVE-2022-2503),[CVE-2022-25258](https://nvd.nist.gov/vuln/detail/CVE-2022-25258),[CVE-2022-25375](https://nvd.nist.gov/vuln/detail/CVE-2022-25375),[CVE-2022-25636](https://nvd.nist.gov/vuln/detail/CVE-2022-25636),[CVE-2022-2585](https://nvd.nist.gov/vuln/detail/CVE-2022-2585),[CVE-2022-2586](https://nvd.nist.gov/vuln/detail/CVE-2022-2586),[CVE-2022-2588](https://nvd.nist.gov/vuln/detail/CVE-2022-2588),[CVE-2022-2602](https://nvd.nist.gov/vuln/detail/CVE-2022-2602),[CVE-2022-26365](https://nvd.nist.gov/vuln/detail/CVE-2022-26365),[CVE-2022-26373](https://nvd.nist.gov/vuln/detail/CVE-2022-26373),[CVE-2022-2639](https://nvd.nist.gov/vuln/detail/CVE-2022-2639),[CVE-2022-26490](https://nvd.nist.gov/vuln/detail/CVE-2022-26490),[CVE-2022-2663](https://nvd.nist.gov/vuln/detail/CVE-2022-2663),[CVE-2022-26966](https://nvd.nist.gov/vuln/detail/CVE-2022-26966),[CVE-2022-27223](https://nvd.nist.gov/vuln/detail/CVE-2022-27223),[CVE-2022-27666](https://nvd.nist.gov/vuln/detail/CVE-2022-27666),[CVE-2022-27672](https://nvd.nist.gov/vuln/detail/CVE-2022-27672),[CVE-2022-27950](https://nvd.nist.gov/vuln/detail/CVE-2022-27950),[CVE-2022-28356](https://nvd.nist.gov/vuln/detail/CVE-2022-28356),[CVE-2022-28388](https://nvd.nist.gov/vuln/detail/CVE-2022-28388),[CVE-2022-28389](https://nvd.nist.gov/vuln/detail/CVE-2022-28389),[CVE-2022-28390](https://nvd.nist.gov/vuln/detail/CVE-2022-28390),[CVE-2022-2873](https://nvd.nist.gov/vuln/detail/CVE-2022-2873),[CVE-2022-28893](https://nvd.nist.gov/vuln/detail/CVE-2022-28893),[CVE-2022-2905](https://nvd.nist.gov/vuln/detail/CVE-2022-2905),[CVE-2022-29156](https://nvd.nist.gov/vuln/detail/CVE-2022-29156),[CVE-2022-2938](https://nvd.nist.gov/vuln/detail/CVE-2022-2938),[CVE-2022-29581](https://nvd.nist.gov/vuln/detail/CVE-2022-29581),[CVE-2022-29582](https://nvd.nist.gov/vuln/detail/CVE-2022-29582),[CVE-2022-2959](https://nvd.nist.gov/vuln/detail/CVE-2022-2959),[CVE-2022-2964](https://nvd.nist.gov/vuln/detail/CVE-2022-2964),[CVE-2022-2977](https://nvd.nist.gov/vuln/detail/CVE-2022-2977),[CVE-2022-2978](https://nvd.nist.gov/vuln/detail/CVE-2022-2978),[CVE-2022-29900](https://nvd.nist.gov/vuln/detail/CVE-2022-29900),[CVE-2022-29901](https://nvd.nist.gov/vuln/detail/CVE-2022-29901),[CVE-2022-3028](https://nvd.nist.gov/vuln/detail/CVE-2022-3028),[CVE-2022-30594](https://nvd.nist.gov/vuln/detail/CVE-2022-30594),[CVE-2022-3061](https://nvd.nist.gov/vuln/detail/CVE-2022-3061),[CVE-2022-3077](https://nvd.nist.gov/vuln/detail/CVE-2022-3077),[CVE-2022-3078](https://nvd.nist.gov/vuln/detail/CVE-2022-3078),[CVE-2022-3104](https://nvd.nist.gov/vuln/detail/CVE-2022-3104),[CVE-2022-3105](https://nvd.nist.gov/vuln/detail/CVE-2022-3105),[CVE-2022-3106](https://nvd.nist.gov/vuln/detail/CVE-2022-3106),[CVE-2022-3107](https://nvd.nist.gov/vuln/detail/CVE-2022-3107),[CVE-2022-3108](https://nvd.nist.gov/vuln/detail/CVE-2022-3108),[CVE-2022-3110](https://nvd.nist.gov/vuln/detail/CVE-2022-3110),[CVE-2022-3111](https://nvd.nist.gov/vuln/detail/CVE-2022-3111),[CVE-2022-3112](https://nvd.nist.gov/vuln/detail/CVE-2022-3112),[CVE-2022-3113](https://nvd.nist.gov/vuln/detail/CVE-2022-3113),[CVE-2022-3115](https://nvd.nist.gov/vuln/detail/CVE-2022-3115),[CVE-2022-3169](https://nvd.nist.gov/vuln/detail/CVE-2022-3169),[CVE-2022-3176](https://nvd.nist.gov/vuln/detail/CVE-2022-3176),[CVE-2022-3202](https://nvd.nist.gov/vuln/detail/CVE-2022-3202),[CVE-2022-32250](https://nvd.nist.gov/vuln/detail/CVE-2022-32250),[CVE-2022-32296](https://nvd.nist.gov/vuln/detail/CVE-2022-32296),[CVE-2022-3239](https://nvd.nist.gov/vuln/detail/CVE-2022-3239),[CVE-2022-32981](https://nvd.nist.gov/vuln/detail/CVE-2022-32981),[CVE-2022-3303](https://nvd.nist.gov/vuln/detail/CVE-2022-3303),[CVE-2022-3344](https://nvd.nist.gov/vuln/detail/CVE-2022-3344),[CVE-2022-33740](https://nvd.nist.gov/vuln/detail/CVE-2022-33740),[CVE-2022-33741](https://nvd.nist.gov/vuln/detail/CVE-2022-33741),[CVE-2022-33742](https://nvd.nist.gov/vuln/detail/CVE-2022-33742),[CVE-2022-33743](https://nvd.nist.gov/vuln/detail/CVE-2022-33743),[CVE-2022-33744](https://nvd.nist.gov/vuln/detail/CVE-2022-33744),[CVE-2022-33981](https://nvd.nist.gov/vuln/detail/CVE-2022-33981),[CVE-2022-3424](https://nvd.nist.gov/vuln/detail/CVE-2022-3424),[CVE-2022-34494](https://nvd.nist.gov/vuln/detail/CVE-2022-34494),[CVE-2022-34495](https://nvd.nist.gov/vuln/detail/CVE-2022-34495),[CVE-2022-34918](https://nvd.nist.gov/vuln/detail/CVE-2022-34918),[CVE-2022-3521](https://nvd.nist.gov/vuln/detail/CVE-2022-3521),[CVE-2022-3524](https://nvd.nist.gov/vuln/detail/CVE-2022-3524),[CVE-2022-3526](https://nvd.nist.gov/vuln/detail/CVE-2022-3526),[CVE-2022-3534](https://nvd.nist.gov/vuln/detail/CVE-2022-3534),[CVE-2022-3543](https://nvd.nist.gov/vuln/detail/CVE-2022-3543),[CVE-2022-3545](https://nvd.nist.gov/vuln/detail/CVE-2022-3545),[CVE-2022-3564](https://nvd.nist.gov/vuln/detail/CVE-2022-3564),[CVE-2022-3565](https://nvd.nist.gov/vuln/detail/CVE-2022-3565),[CVE-2022-3577](https://nvd.nist.gov/vuln/detail/CVE-2022-3577),[CVE-2022-3586](https://nvd.nist.gov/vuln/detail/CVE-2022-3586),[CVE-2022-3594](https://nvd.nist.gov/vuln/detail/CVE-2022-3594),[CVE-2022-36123](https://nvd.nist.gov/vuln/detail/CVE-2022-36123),[CVE-2022-3619](https://nvd.nist.gov/vuln/detail/CVE-2022-3619),[CVE-2022-3621](https://nvd.nist.gov/vuln/detail/CVE-2022-3621),[CVE-2022-3623](https://nvd.nist.gov/vuln/detail/CVE-2022-3623),[CVE-2022-3625](https://nvd.nist.gov/vuln/detail/CVE-2022-3625),[CVE-2022-3628](https://nvd.nist.gov/vuln/detail/CVE-2022-3628),[CVE-2022-36280](https://nvd.nist.gov/vuln/detail/CVE-2022-36280),[CVE-2022-3629](https://nvd.nist.gov/vuln/detail/CVE-2022-3629),[CVE-2022-3633](https://nvd.nist.gov/vuln/detail/CVE-2022-3633),[CVE-2022-3635](https://nvd.nist.gov/vuln/detail/CVE-2022-3635),[CVE-2022-3643](https://nvd.nist.gov/vuln/detail/CVE-2022-3643),[CVE-2022-3646](https://nvd.nist.gov/vuln/detail/CVE-2022-3646),[CVE-2022-3649](https://nvd.nist.gov/vuln/detail/CVE-2022-3649),[CVE-2022-36879](https://nvd.nist.gov/vuln/detail/CVE-2022-36879),[CVE-2022-36946](https://nvd.nist.gov/vuln/detail/CVE-2022-36946),[CVE-2022-3707](https://nvd.nist.gov/vuln/detail/CVE-2022-3707),[CVE-2022-39189](https://nvd.nist.gov/vuln/detail/CVE-2022-39189),[CVE-2022-39190](https://nvd.nist.gov/vuln/detail/CVE-2022-39190),[CVE-2022-40307](https://nvd.nist.gov/vuln/detail/CVE-2022-40307),[CVE-2022-40768](https://nvd.nist.gov/vuln/detail/CVE-2022-40768),[CVE-2022-4095](https://nvd.nist.gov/vuln/detail/CVE-2022-4095),[CVE-2022-40982](https://nvd.nist.gov/vuln/detail/CVE-2022-40982),[CVE-2022-41218](https://nvd.nist.gov/vuln/detail/CVE-2022-41218),[CVE-2022-41222](https://nvd.nist.gov/vuln/detail/CVE-2022-41222),[CVE-2022-4129](https://nvd.nist.gov/vuln/detail/CVE-2022-4129),[CVE-2022-41674](https://nvd.nist.gov/vuln/detail/CVE-2022-41674),[CVE-2022-41849](https://nvd.nist.gov/vuln/detail/CVE-2022-41849),[CVE-2022-41850](https://nvd.nist.gov/vuln/detail/CVE-2022-41850),[CVE-2022-41858](https://nvd.nist.gov/vuln/detail/CVE-2022-41858),[CVE-2022-42432](https://nvd.nist.gov/vuln/detail/CVE-2022-42432),[CVE-2022-4269](https://nvd.nist.gov/vuln/detail/CVE-2022-4269),[CVE-2022-42703](https://nvd.nist.gov/vuln/detail/CVE-2022-42703),[CVE-2022-42719](https://nvd.nist.gov/vuln/detail/CVE-2022-42719),[CVE-2022-42720](https://nvd.nist.gov/vuln/detail/CVE-2022-42720),[CVE-2022-42721](https://nvd.nist.gov/vuln/detail/CVE-2022-42721),[CVE-2022-42722](https://nvd.nist.gov/vuln/detail/CVE-2022-42722),[CVE-2022-42895](https://nvd.nist.gov/vuln/detail/CVE-2022-42895),[CVE-2022-42896](https://nvd.nist.gov/vuln/detail/CVE-2022-42896),[CVE-2022-43750](https://nvd.nist.gov/vuln/detail/CVE-2022-43750),[CVE-2022-4378](https://nvd.nist.gov/vuln/detail/CVE-2022-4378),[CVE-2022-4379](https://nvd.nist.gov/vuln/detail/CVE-2022-4379),[CVE-2022-4382](https://nvd.nist.gov/vuln/detail/CVE-2022-4382),[CVE-2022-43945](https://nvd.nist.gov/vuln/detail/CVE-2022-43945),[CVE-2022-45869](https://nvd.nist.gov/vuln/detail/CVE-2022-45869),[CVE-2022-45886](https://nvd.nist.gov/vuln/detail/CVE-2022-45886),[CVE-2022-45887](https://nvd.nist.gov/vuln/detail/CVE-2022-45887),[CVE-2022-45919](https://nvd.nist.gov/vuln/detail/CVE-2022-45919),[CVE-2022-45934](https://nvd.nist.gov/vuln/detail/CVE-2022-45934),[CVE-2022-4662](https://nvd.nist.gov/vuln/detail/CVE-2022-4662),[CVE-2022-4744](https://nvd.nist.gov/vuln/detail/CVE-2022-4744),[CVE-2022-47518](https://nvd.nist.gov/vuln/detail/CVE-2022-47518),[CVE-2022-47519](https://nvd.nist.gov/vuln/detail/CVE-2022-47519),[CVE-2022-47520](https://nvd.nist.gov/vuln/detail/CVE-2022-47520),[CVE-2022-47521](https://nvd.nist.gov/vuln/detail/CVE-2022-47521),[CVE-2022-47929](https://nvd.nist.gov/vuln/detail/CVE-2022-47929),[CVE-2022-47938](https://nvd.nist.gov/vuln/detail/CVE-2022-47938),[CVE-2022-47939](https://nvd.nist.gov/vuln/detail/CVE-2022-47939),[CVE-2022-47941](https://nvd.nist.gov/vuln/detail/CVE-2022-47941),[CVE-2022-47942](https://nvd.nist.gov/vuln/detail/CVE-2022-47942),[CVE-2022-47943](https://nvd.nist.gov/vuln/detail/CVE-2022-47943),[CVE-2022-4842](https://nvd.nist.gov/vuln/detail/CVE-2022-4842),[CVE-2022-48423](https://nvd.nist.gov/vuln/detail/CVE-2022-48423),[CVE-2022-48424](https://nvd.nist.gov/vuln/detail/CVE-2022-48424),[CVE-2022-48425](https://nvd.nist.gov/vuln/detail/CVE-2022-48425),[CVE-2022-48502](https://nvd.nist.gov/vuln/detail/CVE-2022-48502),[CVE-2023-0045](https://nvd.nist.gov/vuln/detail/CVE-2023-0045),[CVE-2023-0160](https://nvd.nist.gov/vuln/detail/CVE-2023-0160),[CVE-2023-0179](https://nvd.nist.gov/vuln/detail/CVE-2023-0179),[CVE-2023-0210](https://nvd.nist.gov/vuln/detail/CVE-2023-0210),[CVE-2023-0266](https://nvd.nist.gov/vuln/detail/CVE-2023-0266),[CVE-2023-0386](https://nvd.nist.gov/vuln/detail/CVE-2023-0386),[CVE-2023-0394](https://nvd.nist.gov/vuln/detail/CVE-2023-0394),[CVE-2023-0458](https://nvd.nist.gov/vuln/detail/CVE-2023-0458),[CVE-2023-0459](https://nvd.nist.gov/vuln/detail/CVE-2023-0459),[CVE-2023-0461](https://nvd.nist.gov/vuln/detail/CVE-2023-0461),[CVE-2023-0590](https://nvd.nist.gov/vuln/detail/CVE-2023-0590),[CVE-2023-0615](https://nvd.nist.gov/vuln/detail/CVE-2023-0615),[CVE-2023-1073](https://nvd.nist.gov/vuln/detail/CVE-2023-1073),[CVE-2023-1074](https://nvd.nist.gov/vuln/detail/CVE-2023-1074),[CVE-2023-1076](https://nvd.nist.gov/vuln/detail/CVE-2023-1076),[CVE-2023-1077](https://nvd.nist.gov/vuln/detail/CVE-2023-1077),[CVE-2023-1078](https://nvd.nist.gov/vuln/detail/CVE-2023-1078),[CVE-2023-1079](https://nvd.nist.gov/vuln/detail/CVE-2023-1079),[CVE-2023-1095](https://nvd.nist.gov/vuln/detail/CVE-2023-1095),[CVE-2023-1118](https://nvd.nist.gov/vuln/detail/CVE-2023-1118),[CVE-2023-1192](https://nvd.nist.gov/vuln/detail/CVE-2023-1192),[CVE-2023-1206](https://nvd.nist.gov/vuln/detail/CVE-2023-1206),[CVE-2023-1249](https://nvd.nist.gov/vuln/detail/CVE-2023-1249),[CVE-2023-1252](https://nvd.nist.gov/vuln/detail/CVE-2023-1252),[CVE-2023-1281](https://nvd.nist.gov/vuln/detail/CVE-2023-1281),[CVE-2023-1295](https://nvd.nist.gov/vuln/detail/CVE-2023-1295),[CVE-2023-1380](https://nvd.nist.gov/vuln/detail/CVE-2023-1380),[CVE-2023-1382](https://nvd.nist.gov/vuln/detail/CVE-2023-1382),[CVE-2023-1513](https://nvd.nist.gov/vuln/detail/CVE-2023-1513),[CVE-2023-1582](https://nvd.nist.gov/vuln/detail/CVE-2023-1582),[CVE-2023-1611](https://nvd.nist.gov/vuln/detail/CVE-2023-1611),[CVE-2023-1637](https://nvd.nist.gov/vuln/detail/CVE-2023-1637),[CVE-2023-1652](https://nvd.nist.gov/vuln/detail/CVE-2023-1652),[CVE-2023-1670](https://nvd.nist.gov/vuln/detail/CVE-2023-1670),[CVE-2023-1829](https://nvd.nist.gov/vuln/detail/CVE-2023-1829),[CVE-2023-1838](https://nvd.nist.gov/vuln/detail/CVE-2023-1838),[CVE-2023-1855](https://nvd.nist.gov/vuln/detail/CVE-2023-1855),[CVE-2023-1859](https://nvd.nist.gov/vuln/detail/CVE-2023-1859),[CVE-2023-1989](https://nvd.nist.gov/vuln/detail/CVE-2023-1989),[CVE-2023-1990](https://nvd.nist.gov/vuln/detail/CVE-2023-1990),[CVE-2023-2002](https://nvd.nist.gov/vuln/detail/CVE-2023-2002),[CVE-2023-2006](https://nvd.nist.gov/vuln/detail/CVE-2023-2006),[CVE-2023-2008](https://nvd.nist.gov/vuln/detail/CVE-2023-2008),[CVE-2023-2019](https://nvd.nist.gov/vuln/detail/CVE-2023-2019),[CVE-2023-20569](https://nvd.nist.gov/vuln/detail/CVE-2023-20569),[CVE-2023-20588](https://nvd.nist.gov/vuln/detail/CVE-2023-20588),[CVE-2023-20593](https://nvd.nist.gov/vuln/detail/CVE-2023-20593),[CVE-2023-20928](https://nvd.nist.gov/vuln/detail/CVE-2023-20928),[CVE-2023-21102](https://nvd.nist.gov/vuln/detail/CVE-2023-21102),[CVE-2023-2124](https://nvd.nist.gov/vuln/detail/CVE-2023-2124),[CVE-2023-2156](https://nvd.nist.gov/vuln/detail/CVE-2023-2156),[CVE-2023-2162](https://nvd.nist.gov/vuln/detail/CVE-2023-2162),[CVE-2023-2163](https://nvd.nist.gov/vuln/detail/CVE-2023-2163),[CVE-2023-2166](https://nvd.nist.gov/vuln/detail/CVE-2023-2166),[CVE-2023-2177](https://nvd.nist.gov/vuln/detail/CVE-2023-2177),[CVE-2023-2194](https://nvd.nist.gov/vuln/detail/CVE-2023-2194),[CVE-2023-2235](https://nvd.nist.gov/vuln/detail/CVE-2023-2235),[CVE-2023-2269](https://nvd.nist.gov/vuln/detail/CVE-2023-2269),[CVE-2023-22998](https://nvd.nist.gov/vuln/detail/CVE-2023-22998),[CVE-2023-22999](https://nvd.nist.gov/vuln/detail/CVE-2023-22999),[CVE-2023-23001](https://nvd.nist.gov/vuln/detail/CVE-2023-23001),[CVE-2023-23002](https://nvd.nist.gov/vuln/detail/CVE-2023-23002),[CVE-2023-23004](https://nvd.nist.gov/vuln/detail/CVE-2023-23004),[CVE-2023-23006](https://nvd.nist.gov/vuln/detail/CVE-2023-23006),[CVE-2023-23454](https://nvd.nist.gov/vuln/detail/CVE-2023-23454),[CVE-2023-23455](https://nvd.nist.gov/vuln/detail/CVE-2023-23455),[CVE-2023-23559](https://nvd.nist.gov/vuln/detail/CVE-2023-23559),[CVE-2023-25012](https://nvd.nist.gov/vuln/detail/CVE-2023-25012),[CVE-2023-2513](https://nvd.nist.gov/vuln/detail/CVE-2023-2513),[CVE-2023-26544](https://nvd.nist.gov/vuln/detail/CVE-2023-26544),[CVE-2023-26545](https://nvd.nist.gov/vuln/detail/CVE-2023-26545),[CVE-2023-26606](https://nvd.nist.gov/vuln/detail/CVE-2023-26606),[CVE-2023-26607](https://nvd.nist.gov/vuln/detail/CVE-2023-26607),[CVE-2023-28327](https://nvd.nist.gov/vuln/detail/CVE-2023-28327),[CVE-2023-28328](https://nvd.nist.gov/vuln/detail/CVE-2023-28328),[CVE-2023-28410](https://nvd.nist.gov/vuln/detail/CVE-2023-28410),[CVE-2023-28466](https://nvd.nist.gov/vuln/detail/CVE-2023-28466),[CVE-2023-2860](https://nvd.nist.gov/vuln/detail/CVE-2023-2860),[CVE-2023-28772](https://nvd.nist.gov/vuln/detail/CVE-2023-28772),[CVE-2023-2898](https://nvd.nist.gov/vuln/detail/CVE-2023-2898),[CVE-2023-2985](https://nvd.nist.gov/vuln/detail/CVE-2023-2985),[CVE-2023-3006](https://nvd.nist.gov/vuln/detail/CVE-2023-3006),[CVE-2023-30456](https://nvd.nist.gov/vuln/detail/CVE-2023-30456),[CVE-2023-30772](https://nvd.nist.gov/vuln/detail/CVE-2023-30772),[CVE-2023-3090](https://nvd.nist.gov/vuln/detail/CVE-2023-3090),[CVE-2023-3111](https://nvd.nist.gov/vuln/detail/CVE-2023-3111),[CVE-2023-31248](https://nvd.nist.gov/vuln/detail/CVE-2023-31248),[CVE-2023-3141](https://nvd.nist.gov/vuln/detail/CVE-2023-3141),[CVE-2023-31436](https://nvd.nist.gov/vuln/detail/CVE-2023-31436),[CVE-2023-3159](https://nvd.nist.gov/vuln/detail/CVE-2023-3159),[CVE-2023-3161](https://nvd.nist.gov/vuln/detail/CVE-2023-3161),[CVE-2023-3212](https://nvd.nist.gov/vuln/detail/CVE-2023-3212),[CVE-2023-3220](https://nvd.nist.gov/vuln/detail/CVE-2023-3220),[CVE-2023-32233](https://nvd.nist.gov/vuln/detail/CVE-2023-32233),[CVE-2023-32248](https://nvd.nist.gov/vuln/detail/CVE-2023-32248),[CVE-2023-32269](https://nvd.nist.gov/vuln/detail/CVE-2023-32269),[CVE-2023-3268](https://nvd.nist.gov/vuln/detail/CVE-2023-3268),[CVE-2023-33203](https://nvd.nist.gov/vuln/detail/CVE-2023-33203),[CVE-2023-33288](https://nvd.nist.gov/vuln/detail/CVE-2023-33288),[CVE-2023-3338](https://nvd.nist.gov/vuln/detail/CVE-2023-3338),[CVE-2023-3355](https://nvd.nist.gov/vuln/detail/CVE-2023-3355),[CVE-2023-3357](https://nvd.nist.gov/vuln/detail/CVE-2023-3357),[CVE-2023-3358](https://nvd.nist.gov/vuln/detail/CVE-2023-3358),[CVE-2023-3390](https://nvd.nist.gov/vuln/detail/CVE-2023-3390),[CVE-2023-35001](https://nvd.nist.gov/vuln/detail/CVE-2023-35001),[CVE-2023-3567](https://nvd.nist.gov/vuln/detail/CVE-2023-3567),[CVE-2023-35788](https://nvd.nist.gov/vuln/detail/CVE-2023-35788),[CVE-2023-35823](https://nvd.nist.gov/vuln/detail/CVE-2023-35823),[CVE-2023-35824](https://nvd.nist.gov/vuln/detail/CVE-2023-35824),[CVE-2023-35828](https://nvd.nist.gov/vuln/detail/CVE-2023-35828),[CVE-2023-35829](https://nvd.nist.gov/vuln/detail/CVE-2023-35829),[CVE-2023-3609](https://nvd.nist.gov/vuln/detail/CVE-2023-3609),[CVE-2023-3610](https://nvd.nist.gov/vuln/detail/CVE-2023-3610),[CVE-2023-3611](https://nvd.nist.gov/vuln/detail/CVE-2023-3611),[CVE-2023-3772](https://nvd.nist.gov/vuln/detail/CVE-2023-3772),[CVE-2023-3776](https://nvd.nist.gov/vuln/detail/CVE-2023-3776),[CVE-2023-3777](https://nvd.nist.gov/vuln/detail/CVE-2023-3777),[CVE-2023-3812](https://nvd.nist.gov/vuln/detail/CVE-2023-3812),[CVE-2023-38426](https://nvd.nist.gov/vuln/detail/CVE-2023-38426),[CVE-2023-38428](https://nvd.nist.gov/vuln/detail/CVE-2023-38428),[CVE-2023-38429](https://nvd.nist.gov/vuln/detail/CVE-2023-38429),[CVE-2023-38432](https://nvd.nist.gov/vuln/detail/CVE-2023-38432),[CVE-2023-3863](https://nvd.nist.gov/vuln/detail/CVE-2023-3863),[CVE-2023-3865](https://nvd.nist.gov/vuln/detail/CVE-2023-3865),[CVE-2023-3866](https://nvd.nist.gov/vuln/detail/CVE-2023-3866),[CVE-2023-4004](https://nvd.nist.gov/vuln/detail/CVE-2023-4004),[CVE-2023-4015](https://nvd.nist.gov/vuln/detail/CVE-2023-4015),[CVE-2023-40283](https://nvd.nist.gov/vuln/detail/CVE-2023-40283),[CVE-2023-4128](https://nvd.nist.gov/vuln/detail/CVE-2023-4128),[CVE-2023-4132](https://nvd.nist.gov/vuln/detail/CVE-2023-4132),[CVE-2023-4147](https://nvd.nist.gov/vuln/detail/CVE-2023-4147),[CVE-2023-4206](https://nvd.nist.gov/vuln/detail/CVE-2023-4206),[CVE-2023-4207](https://nvd.nist.gov/vuln/detail/CVE-2023-4207),[CVE-2023-4208](https://nvd.nist.gov/vuln/detail/CVE-2023-4208),[CVE-2023-4273](https://nvd.nist.gov/vuln/detail/CVE-2023-4273),[CVE-2023-42752](https://nvd.nist.gov/vuln/detail/CVE-2023-42752),[CVE-2023-42753](https://nvd.nist.gov/vuln/detail/CVE-2023-42753),[CVE-2023-42755](https://nvd.nist.gov/vuln/detail/CVE-2023-42755),[CVE-2023-4385](https://nvd.nist.gov/vuln/detail/CVE-2023-4385),[CVE-2023-4387](https://nvd.nist.gov/vuln/detail/CVE-2023-4387),[CVE-2023-4389](https://nvd.nist.gov/vuln/detail/CVE-2023-4389),[CVE-2023-4459](https://nvd.nist.gov/vuln/detail/CVE-2023-4459),[CVE-2023-4569](https://nvd.nist.gov/vuln/detail/CVE-2023-4569),[CVE-2023-4623](https://nvd.nist.gov/vuln/detail/CVE-2023-4623), [CVE-2023-4921](https://nvd.nist.gov/vuln/detail/CVE-2023-4921), [CVE-2022-40982](https://nvd.nist.gov/vuln/detail/CVE-2022-40982), [CVE-2022-41804](https://nvd.nist.gov/vuln/detail/CVE-2022-41804), [CVE-2023-20569](https://nvd.nist.gov/vuln/detail/CVE-2023-20569), [CVE-2023-23908](https://nvd.nist.gov/vuln/detail/CVE-2023-23908))<br> - Docker ([CVE-2022-36109](https://nvd.nist.gov/vuln/detail/CVE-2022-36109), [CVE-2022-29526](https://nvd.nist.gov/vuln/detail/CVE-2022-29526))<br> - Go ([CVE-2021-44716](https://nvd.nist.gov/vuln/detail/CVE-2021-44716), [CVE-2021-44717](https://nvd.nist.gov/vuln/detail/CVE-2021-44717), [CVE-2022-1705](https://nvd.nist.gov/vuln/detail/CVE-2022-1705), [CVE-2022-1962](https://nvd.nist.gov/vuln/detail/CVE-2022-1962), [CVE-2022-2879](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879), [CVE-2022-2880](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880), [CVE-2022-24675](https://nvd.nist.gov/vuln/detail/CVE-2022-24675), [CVE-2022-27664](https://nvd.nist.gov/vuln/detail/CVE-2022-27664), [CVE-2022-28131](https://nvd.nist.gov/vuln/detail/CVE-2022-28131), [CVE-2022-29526](https://nvd.nist.gov/vuln/detail/CVE-2022-29526), [CVE-2022-30630](https://nvd.nist.gov/vuln/detail/CVE-2022-30630), [CVE-2022-30631](https://nvd.nist.gov/vuln/detail/CVE-2022-30631), [CVE-2022-30632](https://nvd.nist.gov/vuln/detail/CVE-2022-30632), [CVE-2022-30633](https://nvd.nist.gov/vuln/detail/CVE-2022-30633), [CVE-2022-30635](https://nvd.nist.gov/vuln/detail/CVE-2022-30635), [CVE-2022-32148](https://nvd.nist.gov/vuln/detail/CVE-2022-32148), [CVE-2022-32189](https://nvd.nist.gov/vuln/detail/CVE-2022-32189), [CVE-2022-32190](https://nvd.nist.gov/vuln/detail/CVE-2022-32190), [CVE-2022-41715](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41715), [CVE-2022-41717](https://nvd.nist.gov/vuln/detail/CVE-2022-41717))<br> - bind tools ([CVE-2022-2795](https://nvd.nist.gov/vuln/detail/CVE-2022-2795), [CVE-2022-2881](https://nvd.nist.gov/vuln/detail/CVE-2022-2881), [CVE-2022-2906](https://nvd.nist.gov/vuln/detail/CVE-2022-2906), [CVE-2022-3080](https://nvd.nist.gov/vuln/detail/CVE-2022-3080), [CVE-2022-38177](https://nvd.nist.gov/vuln/detail/CVE-2022-38177), [CVE-2022-38178](https://nvd.nist.gov/vuln/detail/CVE-2022-38178))<br> - binutils ([CVE-2021-45078](https://nvd.nist.gov/vuln/detail/CVE-2021-45078))<br> - cifs-utils ([CVE-2021-20208](https://nvd.nist.gov/vuln/detail/CVE-2021-20208), [CVE-2022-27239](https://nvd.nist.gov/vuln/detail/CVE-2022-27239), [CVE-2022-29869](https://nvd.nist.gov/vuln/detail/CVE-2022-29869))<br> - containerd ([CVE-2021-43816](https://nvd.nist.gov/vuln/detail/CVE-2021-43816), [CVE-2022-23471](https://nvd.nist.gov/vuln/detail/CVE-2022-23471), [CVE-2022-23648](https://nvd.nist.gov/vuln/detail/CVE-2022-23648), [CVE-2022-24769](https://nvd.nist.gov/vuln/detail/CVE-2022-24769), [CVE-2022-31030](https://nvd.nist.gov/vuln/detail/CVE-2022-31030))<br> - cpio ([CVE-2021-38185](https://nvd.nist.gov/vuln/detail/CVE-2021-38185))<br> - cryptsetup ([CVE-2021-4122](https://nvd.nist.gov/vuln/detail/CVE-2021-4122)) <br> - curl ([CVE-2022-22576](https://nvd.nist.gov/vuln/detail/CVE-2022-22576), [CVE-2022-27774](https://nvd.nist.gov/vuln/detail/CVE-2022-27774), [CVE-2022-27775](https://nvd.nist.gov/vuln/detail/CVE-2022-27775), [CVE-2022-27776](https://nvd.nist.gov/vuln/detail/CVE-2022-27776), [CVE-2022-27778](https://nvd.nist.gov/vuln/detail/CVE-2022-27778), [CVE-2022-27779](https://nvd.nist.gov/vuln/detail/CVE-2022-27779), [CVE-2022-27780](https://nvd.nist.gov/vuln/detail/CVE-2022-27780), [CVE-2022-27781](https://nvd.nist.gov/vuln/detail/CVE-2022-27781), [CVE-2022-27782](https://nvd.nist.gov/vuln/detail/CVE-2022-27782), [CVE-2022-30115](https://nvd.nist.gov/vuln/detail/CVE-2022-30115), [CVE-2022-32205](https://nvd.nist.gov/vuln/detail/CVE-2022-32205), [CVE-2022-32206](https://nvd.nist.gov/vuln/detail/CVE-2022-32206), [CVE-2022-32207](https://nvd.nist.gov/vuln/detail/CVE-2022-32207), [CVE-2022-32208](https://nvd.nist.gov/vuln/detail/CVE-2022-32208), [CVE-2022-32221](https://nvd.nist.gov/vuln/detail/CVE-2022-32221), [CVE-2022-35260](https://nvd.nist.gov/vuln/detail/CVE-2022-32221), [CVE-2022-42915](https://nvd.nist.gov/vuln/detail/CVE-2022-32221), [CVE-2022-42916](https://nvd.nist.gov/vuln/detail/CVE-2022-32221), [CVE-2022-35252](https://nvd.nist.gov/vuln/detail/CVE-2022-35252), [CVE-2022-43551](https://nvd.nist.gov/vuln/detail/CVE-2022-43551), [CVE-2022-43552](https://nvd.nist.gov/vuln/detail/CVE-2022-43552))<br> - dbus ([CVE-2022-42010](https://nvd.nist.gov/vuln/detail/CVE-2022-42010), [CVE-2022-42011](https://nvd.nist.gov/vuln/detail/CVE-2022-42011), [CVE-2022-42012](https://nvd.nist.gov/vuln/detail/CVE-2022-42012))<br> - duktape ([CVE-2021-46322](https://nvd.nist.gov/vuln/detail/CVE-2021-46322))<br> - expat ([CVE-2022-40674](https://nvd.nist.gov/vuln/detail/CVE-2022-40674), [CVE-2022-43680](https://nvd.nist.gov/vuln/detail/CVE-2022-43680))<br> - gcc ([CVE-2020-13844](https://nvd.nist.gov/vuln/detail/CVE-2020-13844))<br> - git ([CVE-2022-23521](https://nvd.nist.gov/vuln/detail/CVE-2022-23521), [CVE-2022-24765](https://nvd.nist.gov/vuln/detail/CVE-2022-24765), [CVE-2022-29187](https://nvd.nist.gov/vuln/detail/CVE-2022-29187), [CVE-2022-39253](https://nvd.nist.gov/vuln/detail/CVE-2022-39253), [CVE-2022-39260](https://nvd.nist.gov/vuln/detail/CVE-2022-39260), [CVE-2022-41903](https://nvd.nist.gov/vuln/detail/CVE-2022-41903))<br> - glib ([fixes to normal form handling in GVariant](https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835))<br> - gnupg ([CVE-2022-34903](https://nvd.nist.gov/vuln/detail/CVE-2022-34903))<br> - gnutls ([CVE-2021-4209](https://nvd.nist.gov/vuln/detail/CVE-2021-4209), [GNUTLS-SA-2022-01-17](https://gitlab.com/gnutls/gnutls/-/issues/1277), [CVE-2022-2509](https://nvd.nist.gov/vuln/detail/CVE-2022-2509))<br> - gzip,xz-utils ([CVE-2022-1271](https://nvd.nist.gov/vuln/detail/CVE-2022-1271))<br> - ignition ([CVE-2020-14040](https://nvd.nist.gov/vuln/detail/CVE-2020-14040), [CVE-2021-38561](https://nvd.nist.gov/vuln/detail/CVE-2021-38561), [CVE-2022-1706](https://nvd.nist.gov/vuln/detail/CVE-2022-1706))<br> - intel-microcode ([CVE-2021-0127](https://nvd.nist.gov/vuln/detail/CVE-2021-0127), [CVE-2021-0146](https://nvd.nist.gov/vuln/detail/CVE-2021-0146), [CVE-2022-21151](https://nvd.nist.gov/vuln/detail/CVE-2022-21151), [CVE-2022-21233](https://nvd.nist.gov/vuln/detail/CVE-2022-21233))<br> - krb5 ([CVE-2021-37750](https://nvd.nist.gov/vuln/detail/CVE-2021-37750))<br> - libarchive ([CVE-2021-31566](https://nvd.nist.gov/vuln/detail/CVE-2021-31566), [CVE-2021-36976](https://nvd.nist.gov/vuln/detail/CVE-2021-36976), [CVE-2022-26280](https://nvd.nist.gov/vuln/detail/CVE-2022-26280), [CVE-2022-36227](https://nvd.nist.gov/vuln/detail/CVE-2022-36227), [libarchive-1565](https://github.com/libarchive/libarchive/issues/1565), [libarchive-1566](https://github.com/libarchive/libarchive/issues/1566))<br> - libksba ([CVE-2022-3515](https://nvd.nist.gov/vuln/detail/CVE-2022-3515), [CVE-2022-47629](https://nvd.nist.gov/vuln/detail/CVE-2022-47629))<br> - GNU Libtasn1 ([Gentoo#866237](https://bugs.gentoo.org/866237))<br> - libtirpc ([CVE-2021-46828](https://nvd.nist.gov/vuln/detail/CVE-2021-46828))<br> - libxml2 ([CVE-2016-3709](https://nvd.nist.gov/vuln/detail/CVE-2016-3709), [CVE-2022-2309](https://nvd.nist.gov/vuln/detail/CVE-2022-2309), [CVE-2022-23308](https://nvd.nist.gov/vuln/detail/CVE-2022-23308), [CVE-2022-29824](https://nvd.nist.gov/vuln/detail/CVE-2022-29824), [CVE-2022-40303](https://nvd.nist.gov/vuln/detail/CVE-2022-40303), [CVE-2022-40304](https://nvd.nist.gov/vuln/detail/CVE-2022-40304))<br> - logrotate ([CVE-2022-1348](https://nvd.nist.gov/vuln/detail/CVE-2022-1348))<br> - multipath-tools ([CVE-2022-41973](https://nvd.nist.gov/vuln/detail/CVE-2022-41973), [CVE-2022-41974](https://nvd.nist.gov/vuln/detail/CVE-2022-41974))<br> - ncurses ([CVE-2022-29458](https://nvd.nist.gov/vuln/detail/CVE-2022-29458))<br> - nvidia-drivers ([CVE-2022-28181](https://nvd.nist.gov/vuln/detail/CVE-2022-28181), [CVE-2022-28183](https://nvd.nist.gov/vuln/detail/CVE-2022-28183), [CVE-2022-28184](https://nvd.nist.gov/vuln/detail/CVE-2022-28184), [CVE-2022-28185](https://nvd.nist.gov/vuln/detail/CVE-2022-28185))<br> - oniguruma ([oniguruma-20220430](https://bugs.gentoo.org/841893))<br> - OpenSSH ([CVE-2021-41617](https://nvd.nist.gov/vuln/detail/CVE-2021-41617))<br> - OpenSSL ([CVE-2021-4044](https://nvd.nist.gov/vuln/detail/CVE-2021-4044), [CVE-2022-1292](https://nvd.nist.gov/vuln/detail/CVE-2022-1292), [CVE-2022-1343](https://nvd.nist.gov/vuln/detail/CVE-2022-1343), [CVE-2022-1434](https://nvd.nist.gov/vuln/detail/CVE-2022-1434), [CVE-2022-1473](https://nvd.nist.gov/vuln/detail/CVE-2022-1473), [CVE-2022-3602](https://nvd.nist.gov/vuln/detail/CVE-2022-3602), [CVE-2022-3786](https://nvd.nist.gov/vuln/detail/CVE-2022-3786))<br> - polkit ([CVE-2021-4115](https://nvd.nist.gov/vuln/detail/CVE-2021-4115))<br> - rsync ([CVE-2018-25032](https://nvd.nist.gov/vuln/detail/CVE-2018-25032), [CVE-2022-29154](https://nvd.nist.gov/vuln/detail/CVE-2022-29154))<br> - runc ([CVE-2022-29162](https://nvd.nist.gov/vuln/detail/CVE-2022-29162))<br> - shadow ([CVE-2013-4235](https://nvd.nist.gov/vuln/detail/CVE-2013-4235))<br> - sudo ([CVE-2022-43995](https://nvd.nist.gov/vuln/detail/CVE-2022-43995), [CVE-2023-22809](https://nvd.nist.gov/vuln/detail/CVE-2023-22809))<br> - systemd ([CVE-2021-3997](https://nvd.nist.gov/vuln/detail/CVE-2021-3997), [CVE-2022-3821](https://nvd.nist.gov/vuln/detail/CVE-2022-3821), [CVE-2022-4415](https://nvd.nist.gov/vuln/detail/CVE-2022-4415))<br> - unzip ([CVE-2022-0529](https://nvd.nist.gov/vuln/detail/CVE-2022-0529), [CVE-2022-0530](https://nvd.nist.gov/vuln/detail/CVE-2022-0530), [CVE-2021-4217](https://nvd.nist.gov/vuln/detail/CVE-2021-4217))<br> - util-linux ([CVE-2021-3995](https://nvd.nist.gov/vuln/detail/CVE-2021-3995), [CVE-2021-3996](https://nvd.nist.gov/vuln/detail/CVE-2021-3996), [CVE-2022-0563](https://nvd.nist.gov/vuln/detail/CVE-2022-0563))<br> - vim ([CVE-2021-3872](https://nvd.nist.gov/vuln/detail/CVE-2021-3872), [CVE-2021-3875](https://nvd.nist.gov/vuln/detail/CVE-2021-3875), [CVE-2021-3903](https://nvd.nist.gov/vuln/detail/CVE-2021-3903), [CVE-2021-3927](https://nvd.nist.gov/vuln/detail/CVE-2021-3927), [CVE-2021-3928](https://nvd.nist.gov/vuln/detail/CVE-2021-3928), [CVE-2021-3968](https://nvd.nist.gov/vuln/detail/CVE-2021-3968), [CVE-2021-3973](https://nvd.nist.gov/vuln/detail/CVE-2021-3973), [CVE-2021-3974](https://nvd.nist.gov/vuln/detail/CVE-2021-3974), [CVE-2021-3984](https://nvd.nist.gov/vuln/detail/CVE-2021-3984), [CVE-2021-4019](https://nvd.nist.gov/vuln/detail/CVE-2021-4019), [CVE-2021-4069](https://nvd.nist.gov/vuln/detail/CVE-2021-4069), [CVE-2021-4136](https://nvd.nist.gov/vuln/detail/CVE-2021-4136), [CVE-2021-4173](https://nvd.nist.gov/vuln/detail/CVE-2021-4173),[ CVE-2021-4166](https://nvd.nist.gov/vuln/detail/CVE-2021-4166), [CVE-2021-4187](https://nvd.nist.gov/vuln/detail/CVE-2021-4187), [CVE-2021-4192](https://nvd.nist.gov/vuln/detail/CVE-2021-4192), [CVE-2021-4193](https://nvd.nist.gov/vuln/detail/CVE-2021-4193), [CVE-2022-0128](https://nvd.nist.gov/vuln/detail/CVE-2022-0128), [CVE-2022-0156](https://nvd.nist.gov/vuln/detail/CVE-2022-0156), [CVE-2022-0158](https://nvd.nist.gov/vuln/detail/CVE-2022-0158), [CVE-2022-0213](https://nvd.nist.gov/vuln/detail/CVE-2022-0213), [CVE-2022-0261](https://nvd.nist.gov/vuln/detail/CVE-2022-0261), [CVE-2022-0318](https://nvd.nist.gov/vuln/detail/CVE-2022-0318), [CVE-2022-0319](https://nvd.nist.gov/vuln/detail/CVE-2022-0319), [CVE-2022-0351](https://nvd.nist.gov/vuln/detail/CVE-2022-0351), [CVE-2022-0359](https://nvd.nist.gov/vuln/detail/CVE-2022-0359), [CVE-2022-0361](https://nvd.nist.gov/vuln/detail/CVE-2022-0361), [CVE-2022-0368](https://nvd.nist.gov/vuln/detail/CVE-2022-0368), [CVE-2022-0392](https://nvd.nist.gov/vuln/detail/CVE-2022-0392), [CVE-2022-0393](https://nvd.nist.gov/vuln/detail/CVE-2022-0393), [CVE-2022-0407](https://nvd.nist.gov/vuln/detail/CVE-2022-0407), [CVE-2022-0408](https://nvd.nist.gov/vuln/detail/CVE-2022-0408), [CVE-2022-0413](https://nvd.nist.gov/vuln/detail/CVE-2022-0413), [CVE-2022-0417](https://nvd.nist.gov/vuln/detail/CVE-2022-0417), [CVE-2022-0443](https://nvd.nist.gov/vuln/detail/CVE-2022-0443), [CVE-2022-0629](https://nvd.nist.gov/vuln/detail/CVE-2022-0629), [CVE-2022-0685](https://nvd.nist.gov/vuln/detail/CVE-2022-0685), [CVE-2022-0714](https://nvd.nist.gov/vuln/detail/CVE-2022-0714), [CVE-2022-0729](https://nvd.nist.gov/vuln/detail/CVE-2022-0729), [CVE-2022-0943](https://nvd.nist.gov/vuln/detail/CVE-2022-0943), [CVE-2022-1154](https://nvd.nist.gov/vuln/detail/CVE-2022-1154), [CVE-2022-1160](https://nvd.nist.gov/vuln/detail/CVE-2022-1160), [CVE-2022-1381](https://nvd.nist.gov/vuln/detail/CVE-2022-1381), [CVE-2022-1420](https://nvd.nist.gov/vuln/detail/CVE-2022-1420), [CVE-2022-1616](https://nvd.nist.gov/vuln/detail/CVE-2022-1616), [CVE-2022-1619](https://nvd.nist.gov/vuln/detail/CVE-2022-1619), [CVE-2022-1620](https://nvd.nist.gov/vuln/detail/CVE-2022-1620), [CVE-2022-1621](https://nvd.nist.gov/vuln/detail/CVE-2022-1621), [CVE-2022-1629](https://nvd.nist.gov/vuln/detail/CVE-2022-1629), [CVE-2022-1674](https://nvd.nist.gov/vuln/detail/CVE-2022-1674), [CVE-2022-1725](https://nvd.nist.gov/vuln/detail/CVE-2022-1725), [CVE-2022-1733](https://nvd.nist.gov/vuln/detail/CVE-2022-1733), [CVE-2022-1735](https://nvd.nist.gov/vuln/detail/CVE-2022-1735), [CVE-2022-1769](https://nvd.nist.gov/vuln/detail/CVE-2022-1769), [CVE-2022-1771](https://nvd.nist.gov/vuln/detail/CVE-2022-1771), [CVE-2022-1785](https://nvd.nist.gov/vuln/detail/CVE-2022-1785), [CVE-2022-1796](https://nvd.nist.gov/vuln/detail/CVE-2022-1796), [CVE-2022-1897](https://nvd.nist.gov/vuln/detail/CVE-2022-1897), [CVE-2022-1898](https://nvd.nist.gov/vuln/detail/CVE-2022-1898), [CVE-2022-1886](https://nvd.nist.gov/vuln/detail/CVE-2022-1886), [CVE-2022-1851](https://nvd.nist.gov/vuln/detail/CVE-2022-1851), [CVE-2022-1927](https://nvd.nist.gov/vuln/detail/CVE-2022-1927), [CVE-2022-1942](https://nvd.nist.gov/vuln/detail/CVE-2022-1942), [CVE-2022-1968](https://nvd.nist.gov/vuln/detail/CVE-2022-1968), [CVE-2022-2000](https://nvd.nist.gov/vuln/detail/CVE-2022-2000), [CVE-2022-2042](https://nvd.nist.gov/vuln/detail/CVE-2022-2042), [CVE-2022-2124](https://nvd.nist.gov/vuln/detail/CVE-2022-2124), [CVE-2022-2125](https://nvd.nist.gov/vuln/detail/CVE-2022-2125), [CVE-2022-2126](https://nvd.nist.gov/vuln/detail/CVE-2022-2126), [CVE-2022-2129](https://nvd.nist.gov/vuln/detail/CVE-2022-2129), [CVE-2022-2175](https://nvd.nist.gov/vuln/detail/CVE-2022-2175), [CVE-2022-2182](https://nvd.nist.gov/vuln/detail/CVE-2022-2182), [CVE-2022-2183](https://nvd.nist.gov/vuln/detail/CVE-2022-2183), [CVE-2022-2206](https://nvd.nist.gov/vuln/detail/CVE-2022-2206), [CVE-2022-2207](https://nvd.nist.gov/vuln/detail/CVE-2022-2207), [CVE-2022-2208](https://nvd.nist.gov/vuln/detail/CVE-2022-2208), [CVE-2022-2210](https://nvd.nist.gov/vuln/detail/CVE-2022-2210), [CVE-2022-2231](https://nvd.nist.gov/vuln/detail/CVE-2022-2231), [CVE-2022-2257](https://nvd.nist.gov/vuln/detail/CVE-2022-2257), [CVE-2022-2264](https://nvd.nist.gov/vuln/detail/CVE-2022-2264), [CVE-2022-2284](https://nvd.nist.gov/vuln/detail/CVE-2022-2284), [CVE-2022-2285](https://nvd.nist.gov/vuln/detail/CVE-2022-2285), [CVE-2022-2286](https://nvd.nist.gov/vuln/detail/CVE-2022-2286), [CVE-2022-2287](https://nvd.nist.gov/vuln/detail/CVE-2022-2287), [CVE-2022-2288](https://nvd.nist.gov/vuln/detail/CVE-2022-2288), [CVE-2022-2289](https://nvd.nist.gov/vuln/detail/CVE-2022-2289), [CVE-2022-2304](https://nvd.nist.gov/vuln/detail/CVE-2022-2304), [CVE-2022-2343](https://nvd.nist.gov/vuln/detail/CVE-2022-2343), [CVE-2022-2344](https://nvd.nist.gov/vuln/detail/CVE-2022-2344), [CVE-2022-2345](https://nvd.nist.gov/vuln/detail/CVE-2022-2345), [CVE-2022-2522](https://nvd.nist.gov/vuln/detail/CVE-2022-2522), [CVE-2022-2816](https://nvd.nist.gov/vuln/detail/CVE-2022-2816), [CVE-2022-2817](https://nvd.nist.gov/vuln/detail/CVE-2022-2817), [CVE-2022-2819](https://nvd.nist.gov/vuln/detail/CVE-2022-2819), [CVE-2022-2845](https://nvd.nist.gov/vuln/detail/CVE-2022-2845), [CVE-2022-2849](https://nvd.nist.gov/vuln/detail/CVE-2022-2849), [CVE-2022-2862](https://nvd.nist.gov/vuln/detail/CVE-2022-2862), [CVE-2022-2874](https://nvd.nist.gov/vuln/detail/CVE-2022-2874), [CVE-2022-2889](https://nvd.nist.gov/vuln/detail/CVE-2022-2889), [CVE-2022-2923](https://nvd.nist.gov/vuln/detail/CVE-2022-2923), [CVE-2022-2946](https://nvd.nist.gov/vuln/detail/CVE-2022-2946), [CVE-2022-2980](https://nvd.nist.gov/vuln/detail/CVE-2022-2980), [CVE-2022-2982](https://nvd.nist.gov/vuln/detail/CVE-2022-2982), [CVE-2022-3016](https://nvd.nist.gov/vuln/detail/CVE-2022-3016), [CVE-2022-3099](https://nvd.nist.gov/vuln/detail/CVE-2022-3099), [CVE-2022-3134](https://nvd.nist.gov/vuln/detail/CVE-2022-3134), [CVE-2022-3153](https://nvd.nist.gov/vuln/detail/CVE-2022-3153), [CVE-2022-3234](https://nvd.nist.gov/vuln/detail/CVE-2022-3234), [CVE-2022-3235](https://nvd.nist.gov/vuln/detail/CVE-2022-3235), [CVE-2022-3278](https://nvd.nist.gov/vuln/detail/CVE-2022-3278), [CVE-2022-3256](https://nvd.nist.gov/vuln/detail/CVE-2022-3256), [CVE-2022-3296](https://nvd.nist.gov/vuln/detail/CVE-2022-3296), [CVE-2022-3297](https://nvd.nist.gov/vuln/detail/CVE-2022-3297), [CVE-2022-3324](https://nvd.nist.gov/vuln/detail/CVE-2022-3324), [CVE-2022-3352](https://nvd.nist.gov/vuln/detail/CVE-2022-3352), [CVE-2022-3491](https://nvd.nist.gov/vuln/detail/CVE-2022-3491), [CVE-2022-3520](https://nvd.nist.gov/vuln/detail/CVE-2022-3520), [CVE-2022-3591](https://nvd.nist.gov/vuln/detail/CVE-2022-3591), [CVE-2022-3705](https://nvd.nist.gov/vuln/detail/CVE-2022-3705), [CVE-2022-4141](https://nvd.nist.gov/vuln/detail/CVE-2022-4141), [CVE-2022-4292](https://nvd.nist.gov/vuln/detail/CVE-2022-4292), [CVE-2022-4293](https://nvd.nist.gov/vuln/detail/CVE-2022-4293), [CVE-2023-0049](https://nvd.nist.gov/vuln/detail/CVE-2023-0049), [CVE-2023-0051](https://nvd.nist.gov/vuln/detail/CVE-2023-0051), [CVE-2023-0054](https://nvd.nist.gov/vuln/detail/CVE-2023-0054))<br> - zlib ([CVE-2018-25032](https://nvd.nist.gov/vuln/detail/CVE-2018-25032), [CVE-2022-37434](https://nvd.nist.gov/vuln/detail/CVE-2022-37434))<br> - SDK: edk2-ovmf ([CVE-2019-14584](https://nvd.nist.gov/vuln/detail/CVE-2019-14584), [CVE-2021-28210](https://nvd.nist.gov/vuln/detail/CVE-2021-28210), [CVE-2021-28211](https://nvd.nist.gov/vuln/detail/CVE-2021-28211), [CVE-2021-28213](https://nvd.nist.gov/vuln/detail/CVE-2021-28213))<br> - SDK: libxslt ([CVE-2021-30560](https://nvd.nist.gov/vuln/detail/CVE-2021-30560))<br> - SDK: mantle ([CVE-2021-3121](https://nvd.nist.gov/vuln/detail/CVE-2021-3121), [CVE-2021-38561](https://nvd.nist.gov/vuln/detail/CVE-2021-38561), [CVE-2021-43565](https://nvd.nist.gov/vuln/detail/CVE-2021-43565))<br> - SDK: Python ([CVE-2015-20107](https://nvd.nist.gov/vuln/detail/CVE-2015-20107), [CVE-2020-10735](https://nvd.nist.gov/vuln/detail/CVE-2020-10735), [CVE-2021-3654](https://nvd.nist.gov/vuln/detail/CVE-2021-3654), [CVE-2022-37454](https://nvd.nist.gov/vuln/detail/CVE-2022-37454), [CVE-2022-42919](https://nvd.nist.gov/vuln/detail/CVE-2022-42919), [CVE-2022-45061](https://nvd.nist.gov/vuln/detail/CVE-2022-45061))<br> - SDK: QEMU ([CVE-2020-14394](https://nvd.nist.gov/vuln/detail/CVE-2020-14394), [CVE-2020-35504](https://nvd.nist.gov/vuln/detail/CVE-2020-35504), [CVE-2020-35505](https://nvd.nist.gov/vuln/detail/CVE-2020-35505), [CVE-2020-35506](https://nvd.nist.gov/vuln/detail/CVE-2020-35506), [CVE-2020-35517](https://nvd.nist.gov/vuln/detail/CVE-2020-35517), [CVE-2021-20203](https://nvd.nist.gov/vuln/detail/CVE-2021-20203), [CVE-2021-20255](https://nvd.nist.gov/vuln/detail/CVE-2021-20255), [CVE-2021-20257](https://nvd.nist.gov/vuln/detail/CVE-2021-20257), [CVE-2021-20263](https://nvd.nist.gov/vuln/detail/CVE-2021-20263), [CVE-2021-3409](https://nvd.nist.gov/vuln/detail/CVE-2021-3409), [CVE-2021-3416](https://nvd.nist.gov/vuln/detail/CVE-2021-3416), [CVE-2021-3527](https://nvd.nist.gov/vuln/detail/CVE-2021-3527), [CVE-2021-3544](https://nvd.nist.gov/vuln/detail/CVE-2021-3544), [CVE-2021-3545](https://nvd.nist.gov/vuln/detail/CVE-2021-3545), [CVE-2021-3546](https://nvd.nist.gov/vuln/detail/CVE-2021-3546), [CVE-2021-3582](https://nvd.nist.gov/vuln/detail/CVE-2021-3582), [CVE-2021-3607](https://nvd.nist.gov/vuln/detail/CVE-2021-3607), [CVE-2021-3608](https://nvd.nist.gov/vuln/detail/CVE-2021-3608), [CVE-2021-3682](https://nvd.nist.gov/vuln/detail/CVE-2021-3682), [CVE-2021-20203](https://nvd.nist.gov/vuln/detail/CVE-2021-20203), [CVE-2021-3713](https://nvd.nist.gov/vuln/detail/CVE-2021-3713), [CVE-2021-3930](https://nvd.nist.gov/vuln/detail/CVE-2021-3930), [CVE-2021-3947](https://nvd.nist.gov/vuln/detail/CVE-2021-3947), [CVE-2021-4145](https://nvd.nist.gov/vuln/detail/CVE-2021-4145), [CVE-2022-0216](https://nvd.nist.gov/vuln/detail/CVE-2022-0216), [CVE-2022-26353](https://nvd.nist.gov/vuln/detail/CVE-2022-26353), [CVE-2022-26354](https://nvd.nist.gov/vuln/detail/CVE-2022-26354), [CVE-2022-3872](https://nvd.nist.gov/vuln/detail/CVE-2022-3872), [CVE-2022-4172](https://nvd.nist.gov/vuln/detail/CVE-2022-4172))<br> - SDK: Rust ([CVE-2022-21658](https://nvd.nist.gov/vuln/detail/CVE-2022-21658), [CVE-2022-36113](https://nvd.nist.gov/vuln/detail/CVE-2022-36113), [CVE-2022-36114](https://nvd.nist.gov/vuln/detail/CVE-2022-36114), [CVE-2022-46176](https://nvd.nist.gov/vuln/detail/CVE-2022-46176))<br> - SDK: squashfs-tools ([CVE-2021-40153](https://nvd.nist.gov/vuln/detail/CVE-2021-40153), [CVE-2021-41072](https://nvd.nist.gov/vuln/detail/CVE-2021-41072))<br> - VMware: open-vm-tools ([CVE-2022-31676](https://nvd.nist.gov/vuln/detail/CVE-2022-31676))<br><br> <br> #### Bug fixes:<br> <br> - Added `networkd` translation to `files` section when converting from Ignition 2.x to Ignition 3.x ([coreos-overlay#1910](https://github.com/flatcar-linux/coreos-overlay/pull/1910), [flatcar#741](https://github.com/flatcar-linux/Flatcar/issues/741))<br> - Added a remount action as `systemd-sysext.service` drop-in unit to restore the OEM partition mount after the overlay mounts in `/usr` are done ([init#69](https://github.com/flatcar-linux/init/pull/69))<br> - Added back Ignition support for Vagrant ([coreos-overlay#2351](https://github.com/flatcar/coreos-overlay/pull/2351))<br> - Added back `gettext` to the OS ([Flatcar#849](https://github.com/flatcar-linux/Flatcar/issues/849))<br> - Added merging of Ignition systemd duplicated units when auto-translating from Ignition 2 to Ignition 3. ([coreos-overlay#2187](https://github.com/flatcar/coreos-overlay/pull/2187))<br> - Added support for Openstack for cloud-init activation ([flatcar-linux/init#76](https://github.com/flatcar-linux/init/pull/76))<br> - Added support for hardware security keys in update-ssh-keys ([update-ssh-keys#7](https://github.com/flatcar/update-ssh-keys/pull/7))<br> - Enabled IOMMU on arm64 kernels, the lack of which prevented some systems from booting ([coreos-overlay#2235](https://github.com/flatcar/coreos-overlay/pull/2235))<br> - Excluded Wireguard interface from `systemd-networkd` default management ([Flatcar#808](https://github.com/flatcar-linux/Flatcar/issues/808))<br> - Excluded the Kubenet cbr0 interface from networkd's DHCP config and set it to Unmanaged to prevent interference and ensure that it is not part of the network online check ([init#55](https://github.com/flatcar-linux/init/pull/55))<br> - Excluded the special Kubernetes network interfaces `nodelocaldns` and `kube-ipvs0` from being managed with systemd-networkd which interfered with the setup ([init#89](https://github.com/flatcar/init/pull/89)).<br> - Fix "ext4 deadlock under heavy I/O load" kernel issue. The patch for this is included provisionally while we wait for it to be merged upstream ([Flatcar#847](https://github.com/flatcar/Flatcar/issues/847), [coreos-overlay#2315](https://github.com/flatcar/coreos-overlay/pull/2315))<br> - Fixed Ignition btrfs forced formatting for OEM partition ([coreos-overlay#2277](https://github.com/flatcar/coreos-overlay/pull/2277))<br> - Fixed Ignition's OEM ID to be `metal` to follow the Ignition upstream change which otherwise resulted in a broken boot when the Flatcar OEM ID `pxe` was used ([bootengine#45](https://github.com/flatcar-linux/bootengine/pull/45))<br> - Fixed `/etc/resolv.conf` symlink by pointing it at `resolv.conf` instead of `stub-resolv.conf`. This bug was present since the update to systemd v250 ([coreos-overlay#2057](https://github.com/flatcar-linux/coreos-overlay/pull/2057))<br> - Fixed a regression (in Alpha/Beta) where machines failed to boot if they didn't have the `core` user or group in `/etc/passwd` or `/etc/group` ([baselayout#26](https://github.com/flatcar/baselayout/pull/26))<br> - Fixed excluded interface type from default systemd-networkd configuration ([flatcar-linux/init#78](https://github.com/flatcar-linux/init/pull/78))<br> - Fixed space escaping in the `networkd` Ignition translation ([Flatcar#812](https://github.com/flatcar-linux/Flatcar/issues/812))<br> - Fixed the dracut emergency Ignition log printing that had a scripting error causing the cat command to fail ([bootengine#33](https://github.com/flatcar-linux/bootengine/pull/33))<br> - Made Ignition write the SSH keys into a file under `authorized_keys.d/ignition` again and added a call to `update-ssh-keys` after Ignition ran to create the merged `authorized_keys` file, which fixes the problem that keys added by Ignition get lost when `update-ssh-keys` runs ([init#66](https://github.com/flatcar-linux/init/pull/66))<br> - Re-added the `brd drbd nbd rbd xen-blkfront zram libarc4 lru_cache zsmalloc` kernel modules to the initramfs since they were missing compared to the Flatcar 3033.2.x releases where the 5.10 kernel is used ([bootengine#40](https://github.com/flatcar-linux/bootengine/pull/40))<br> - Restored the support to specify OEM partition files in Ignition when `/usr/share/oem` is given as initrd mount point ([bootengine#58](https://github.com/flatcar/bootengine/pull/58))<br> - Reverted the Linux kernel commit which broke networking on AWS instances which use Intel 82559 NIC (c4/m4) ([Flatcar#665](https://github.com/flatcar-linux/Flatcar/issues/665), [coreos-overlay#1723](https://github.com/flatcar-linux/coreos-overlay/pull/1723))<br> - Skipped starting `ensure-sysext.service` if `systemd-sysext.service` won't be started, to prevent reporting a dependency failure ([Flatcar#710](https://github.com/flatcar-linux/Flatcar/issues/710))<br> - The Ignition v3 kargs directive failed before when used with the generic image where no `grub.cfg` exists, this was fixed by creating it first ([bootengine#47](https://github.com/flatcar-linux/bootengine/pull/47))<br> - The rootfs setup in the initrd now runs systemd-tmpfiles on every boot, not only when Ignition runs, to fix a dbus failure due to missing files ([Flatcar#944](https://github.com/flatcar/Flatcar/issues/944))<br> - flatcar-update: Stopped checking for the `USER` environment variable which may not be set in all environments, causing the script to fail unless a workaround was used like prepending an additional `sudo` invocation ([init#58](https://github.com/flatcar-linux/init/pull/58))<br> - network: Accept ICMPv6 Router Advertisements to fix IPv6 address assignment in the default DHCP setting ([init#51](https://github.com/flatcar-linux/init/pull/51), [coreos-cloudinit#12](https://github.com/flatcar-linux/coreos-cloudinit/pull/12), [bootengine#30](https://github.com/flatcar-linux/bootengine/pull/30))<br> - Fixed the restart of Systemd services when the main process is being killed by a SIGHUP signal ([flatcar#1157](https://github.com/flatcar/Flatcar/issues/1157))<br> - Resolved the conflicting FD usage of libselinux and systemd which caused, e.g., a systemd crash on certain watchdog interaction during shutdown (patch in systemd 252.11)<br> - AWS: added EKS support for version 1.22 and 1.23. ([coreos-overlay#2110](https://github.com/flatcar-linux/coreos-overlay/pull/2110), [Flatcar#829](https://github.com/flatcar-linux/Flatcar/issues/829))- VMWare: excluded `wireguard` (and others) from `systemd-networkd` management. ([init#80](https://github.com/flatcar-linux/init/pull/80))<br> - GCP: Restored oem-gce.service functionality on GCP ([coreos-overlay#1813](https://github.com/flatcar-linux/coreos-overlay/pull/1813))<br> - GCP: Fixed shutdown script execution ([coreos-overlay#1912](https://github.com/flatcar-linux/coreos-overlay/pull/1912), [flatcar#743](https://github.com/flatcar-linux/Flatcar/issues/743))<br><br> <br> #### Changes:<br> <br> - ARM64: Added [cifs-utils](https://wiki.samba.org/index.php/LinuxCIFS_utils) for ARM64<br> - ARM64: Added [sssd](https://sssd.io/), [adcli](https://www.freedesktop.org/software/realmd/adcli/adcli.html) and realmd for ARM64<br> - Added CONFIG_NF_CT_NETLINK_HELPER (for libnetfilter_cthelper), CONFIG_NET_VRF (for virtual routing and forwarding) and CONFIG_KEY_DH_OPERATIONS (for keyutils) to the kernel config ([coreos-overlay#1524](https://github.com/flatcar-linux/coreos-overlay/pull/1524))<br> - Added VMware networking configuration in the initramfs via guestinfo settings ([bootengine#44](https://github.com/flatcar-linux/bootengine/pull/44), [flatcar#717](https://github.com/flatcar-linux/Flatcar/issues/717))<br> - Added `CONFIG_NF_CONNTRACK_BRIDGE` (for nf_conntrack_bridge) and `CONFIG_NFT_BRIDGE_META` (for nft_meta_bridge) to the kernel config to allow using conntrack rules for bridges in nftables and to match on bridge interface names ([coreos-overlay#2207](https://github.com/flatcar/coreos-overlay/pull/2207))<br> - Added `auditd.service` but left it disabled by default, a custom configuration can be created by removing `/etc/audit/auditd.conf` and replacing it with an own file ([coreos-overlay#1636](https://github.com/flatcar-linux/coreos-overlay/pull/1636))<br> - Added `cryptsetup` to the initramfs for the Ignition `luks` directive ([flatcar-linux/coreos-overlay#1760](https://github.com/flatcar-linux/coreos-overlay/pull/1760))<br> - Added a new flatcar-update tool to the image to ease manual updates, rollbacks, channel/release jumping, and airgapped updates ([init#53](https://github.com/flatcar-linux/init/pull/53))<br> - Added efibootmgr binary to the image ([coreos-overlay#1955](https://github.com/flatcar-linux/coreos-overlay/pull/1955))<br> - Added symlink from `nc` to `ncat`. `-q` option is [not yet supported](https://github.com/nmap/nmap/issues/2422) ([flatcar#545](https://github.com/flatcar-linux/Flatcar/issues/545))<br> - Besides Ignition v1 and v2 configurations, Ignition configurations with specification v3 (up to 3.3.0) are now supported, see the [docs section for details](https://www.flatcar.org/docs/latest/provisioning/ignition/specification/#ignition-v3)<br> - Bring in dependencies for NFS4 with Kerberos both in kernel and userspace. Tested against NFS4.1 server. ([coreos-overlay#1664](https://github.com/flatcar-linux/coreos-overlay/pull/1664))<br> - Change CONFIG_WIREGUARD kernel option to module to save space on boot partition ([coreos-overlay#2239](https://github.com/flatcar/coreos-overlay/pull/2239))<br> - Disable several arch specific arm64 kernel config options for unsupported platforms to save space on boot partition ([coreos-overlay#2239](https://github.com/flatcar/coreos-overlay/pull/2239))<br> - Enabled `CONFIG_INTEL_RAPL` on AMD64 Kernel config to compile `intel_rapl_common` module in order to allow power monitoring on modern Intel processors ([coreos-overlay#1801](https://github.com/flatcar-linux/coreos-overlay/pull/1801))<br> - Enabled `systemd-sysext.service` to activate systemd-sysext images on boot, to disable you will need to mask it. Also added a helper service `ensure-sysext.service` which reloads the systemd units to reevaluate the `sockets`, `timers`, and `multi-user` targets when `systemd-sysext.service` is (re)started, making it possible to enable units that are part of a sysext image ([init#65](https://github.com/flatcar-linux/init/pull/65))<br> - Excluded special network interface devices like bridge, tunnel, vxlan, and veth devices from the default DHCP configuration to prevent networkd interference ([init#56](https://github.com/flatcar-linux/init/pull/56))<br> - For amd64 `/usr/lib` used to be a symlink to `/usr/lib64` but now they became two separate folders as common in other distributions (and was the case for arm64 already). Compatibility symlinks exist in case `/usr/lib64` was used to access, e.g., the `modules` folder or the `systemd` folder ([coreos-overlay#1713](https://github.com/flatcar-linux/coreos-overlay/pull/1713), [scripts#255](https://github.com/flatcar-linux/scripts/pull/255))<br> - Made SELinux enabled by default in default containerd configuration file. ([coreos-overlay#1699](https://github.com/flatcar-linux/coreos-overlay/pull/1699))<br> - Removed rngd.service because it is not essential anymore for the kernel to boot fast in VM environments ([coreos-overlay#1700](https://github.com/flatcar-linux/coreos-overlay/pull/1700))<br> - Specifying the OEM filesystem in Ignition to write files to `/usr/share/oem` is not needed anymore ([bootengine#58](https://github.com/flatcar/bootengine/pull/58))<br> - Switched from `--strip-unneeded` to `--strip-debug` when installing kernel modules, which makes kernel stacktraces more accurate and makes debugging issues easier ([coreos-overlay#2196](https://github.com/flatcar/coreos-overlay/pull/2196))<br> - The flatcar-update tool got two new flags to customize ports used on the host while updating flatcar ([init#81](https://github.com/flatcar/init/pull/81))<br> - Toolbox now uses containerd to download and mount the image ([toolbox#7](https://github.com/flatcar/toolbox/pull/7))<br> - Update-engine now creates the `/run/reboot-required` flag file for [kured](https://github.com/weaveworks/kured) ([update_engine#15](https://github.com/flatcar-linux/update_engine/pull/15))<br> - flatcar-install: Added option to create UEFI boot entry ([init#74](https://github.com/flatcar-linux/init/pull/74))<br> - Add qemu-guest-agent to all amd64 images, it will be automatically enabled when qemu-ga virtio-port is detected ([coreos-overlay#2240](https://github.com/flatcar/coreos-overlay/pull/2240), [portage-stable#373](https://github.com/flatcar/portage-stable/pull/373))<br> - Add a way to remove packages that are hard-blockers for update. A hard-blocker means that the package needs to be removed (for example with `emerge -C`) before an update can happen.<br> - Add support for Microsoft Azure Network Adapter (MANA) NICs on Azure ([scripts#1131](https://github.com/flatcar/scripts/pull/1131))<br> - Defined a systemd-sysext level that sysext images can match for instead of the OS version when they don't have a strong coupling, meaning the only metadata required is `SYSEXT_LEVEL=1.0` and `ID=flatcar` ([Flatcar#643](https://github.com/flatcar-linux/Flatcar/issues/643))<br> - Removed the pre-shipped `/etc/flatcar/update.conf` file, leaving it totally to the user to define the contents as it was unnecessarily overwriting the `/use/share/flatcar/update.conf` ([scripts#212](https://github.com/flatcar-linux/scripts/pull/212))<br> - Rework the way we set up the default python intepreter in SDK - it is now without specifying a version. This should work fine as long as we keep having one version of python in SDK.<br> - Use qcow2 compressed format instead of additional compression layer in Qemu images ([Flatcar#1135](https://github.com/flatcar/Flatcar/issues/1135), [scripts#1132](https://github.com/flatcar/scripts/pull/1132))<br> - AWS: Added AWS IMDSv2 support to coreos-cloudinit ([flatcar-linux/coreos-cloudinit#13](https://github.com/flatcar-linux/coreos-cloudinit/pull/13))<br> - AWS EC2: Removed the setup of `/etc/hostname` from the instance metadata because it used a long FQDN but we can just use use the hostname set via DHCP ([Flatcar#707](https://github.com/flatcar-linux/Flatcar/issues/707))<br> - Azure: Azure VHD disks are now created using subformat=fixed, which makes them suitable for immediate upload to Azure using any tool.<br> - Azure: Set up `/etc/hostname` from instance metadata with Afterburn<br> - OpenStack: enabled `coreos-metadata-sshkeys@.service` to provision SSH keys from metadata. ([Flatcar#817](https://github.com/flatcar/Flatcar/issues/817), [coreos-overlay#2246](https://github.com/flatcar/coreos-overlay/pull/2246))<br> - VMWare: Added `ignition-delete-config.service` to remove Ignition config from VM metadata, see also [here](https://coreos.github.io/ignition/operator-notes/#automatic-config-deletion) ([coreos-overlay#1948](https://github.com/flatcar-linux/coreos-overlay/pull/1948))<br> - SDK / ARM64: Added [go-tspi](https://pkg.go.dev/github.com/coreos/go-tspi) bindings for ARM64<br><br> <br> #### Updates:<br> <br>- Linux ([5.15.132](https://lwn.net/Articles/944877) (includes [5.15.131](https://lwn.net/Articles/943755), [5.15.130](https://lwn.net/Articles/943404), [5.15.129](https://lwn.net/Articles/943113), [5.15.128](https://lwn.net/Articles/942866), [5.15.127](https://lwn.net/Articles/941775), [5.15.126](https://lwn.net/Articles/941296), [5.15.125](https://lwn.net/Articles/940798), [5.15.124](https://lwn.net/Articles/940339), [5.15.123](https://lwn.net/Articles/939424), [5.15.122](https://lwn.net/Articles/939104), [5.15.121](https://lwn.net/Articles/939016), [5.15.120](https://lwn.net/Articles/937404), [5.15.119](https://lwn.net/Articles/936675), [5.15.118](https://lwn.net/Articles/935584), [5.15.117](https://lwn.net/Articles/934622), [5.15.116](https://lwn.net/Articles/934320), [5.15.115](https://lwn.net/Articles/933909), [5.15.114](https://lwn.net/Articles/933280), [5.15.113](https://lwn.net/Articles/932883), [5.15.112](https://lwn.net/Articles/932134), [5.15.111](https://lwn.net/Articles/931680), [5.15.110](https://lwn.net/Articles/930600), [5.15.109](https://lwn.net/Articles/930263), [5.15.108](https://lwn.net/Articles/929679), [5.15.107](https://lwn.net/Articles/929015), [5.15.106](https://lwn.net/Articles/928343), [5.15.105](https://lwn.net/Articles/927860), [5.15.104](https://lwn.net/Articles/926873), [5.15.103](https://lwn.net/Articles/926415), [5.15.102](https://lwn.net/Articles/925991), [5.15.101](https://lwn.net/Articles/925939), [5.15.100](https://lwn.net/Articles/925913), [5.15.99](https://lwn.net/Articles/925844), [5.15.98](https://lwn.net/Articles/925080), [5.15.97](https://lwn.net/Articles/925064), [5.15.96](https://lwn.net/Articles/924441), [5.15.95](https://lwn.net/Articles/924073), [5.15.94](https://lwn.net/Articles/923308), [5.15.93](https://lwn.net/Articles/922814), [5.15.92](https://lwn.net/Articles/922340), [5.15.91](https://lwn.net/Articles/921851), [5.15.90](https://lwn.net/Articles/921029), [5.15.89](https://lwn.net/Articles/920321), [5.15.88](https://lwn.net/Articles/920012), [5.15.87](https://lwn.net/Articles/919793), [5.15.86](https://lwn.net/Articles/918808), [5.15.85](https://lwn.net/Articles/918329), [5.15.84](https://lwn.net/Articles/918206), [5.15.83](https://lwn.net/Articles/917896), [5.15.82](https://lwn.net/Articles/917400), [5.15.81](https://lwn.net/Articles/916763), [5.15.80](https://lwn.net/Articles/916003), [5.15.79](https://lwn.net/Articles/915100), [5.15.78](https://lwn.net/Articles/914423), [5.15.77](https://lwn.net/Articles/913681), [5.15.76](https://lwn.net/Articles/912997), [5.15.75](https://lwn.net/Articles/912500), [5.15.74](https://lwn.net/Articles/911275), [5.15.73](https://lwn.net/Articles/910957), [5.15.72](https://lwn.net/Articles/910398), [5.15.71](https://lwn.net/Articles/909679), [5.15.70](https://lwn.net/Articles/909212), [5.15.69](https://lwn.net/Articles/908782), [5.15.68](https://lwn.net/Articles/908140), [5.15.67](https://lwn.net/Articles/907526), [5.15.66](https://lwn.net/Articles/907524), [5.15.65](https://lwn.net/Articles/907204), [5.15.64](https://lwn.net/Articles/906630), [5.15.63](https://lwn.net/Articles/906059), [5.15.62](https://lwn.net/Articles/905533), [5.15.61](https://lwn.net/Articles/904959), [5.15.60](https://lwn.net/Articles/904461), [5.15.59](https://lwn.net/Articles/903688), [5.15.58](https://lwn.net/Articles/902917), [5.15.57](https://lwn.net/Articles/902317), [5.15.56](https://lwn.net/Articles/902101), [5.15.55](https://lwn.net/Articles/901380), [5.15.54](https://lwn.net/Articles/900911), [5.15.53](https://lwn.net/Articles/900321), [5.15.52](https://lwn.net/Articles/899788), [5.15.51](https://lwn.net/Articles/899370), [5.15.50](https://lwn.net/Articles/899091), [5.15.49](https://lwn.net/Articles/898622), [5.15.48](https://lwn.net/Articles/898124), [5.15.47](https://lwn.net/Articles/897904), [5.15.46](https://lwn.net/Articles/897377), [5.15.45](https://lwn.net/Articles/897167), [5.15.44](https://lwn.net/Articles/896647), [5.15.43](https://lwn.net/Articles/896220), [5.15.42](https://lwn.net/Articles/896226), [5.15.41](https://lwn.net/Articles/895645), [5.15.40](https://lwn.net/Articles/895318), [5.15.39](https://lwn.net/Articles/895070), [5.15.38](https://lwn.net/Articles/894357), [5.15.37](https://lwn.net/Articles/893264), [5.15.36](https://lwn.net/Articles/892812), [5.15.35](https://lwn.net/Articles/892002), [5.15.34](https://lwn.net/Articles/891251), [5.15.33](https://lwn.net/Articles/890722), [5.15.32](https://lwn.net/Articles/889438), [5.15.31](https://lwn.net/Articles/889001), [5.15.30](https://lwn.net/Articles/888521), [5.15.29](https://lwn.net/Articles/888116), [5.15.28](https://lwn.net/Articles/887638), [5.15.27](https://lwn.net/Articles/887219), [5.15.26](https://lwn.net/Articles/886569), [5.15.25](https://lwn.net/Articles/885895), [5.15.24](https://lwn.net/Articles/884973), [5.15.23](https://lwn.net/Articles/884527), [5.15.22](https://lwn.net/Articles/884107), [5.15.21](https://lwn.net/Articles/883958), [5.15.20](https://lwn.net/Articles/883951), [5.15.19](https://lwn.net/Articles/883441), [5.15.18](https://lwn.net/Articles/883326), [5.15.17](https://lwn.net/Articles/882911), [5.15.16](https://lwn.net/Articles/881963), [5.15.15](https://lwn.net/Articles/881548), [5.15.14](https://lwn.net/Articles/881018), [5.15.13](https://lwn.net/Articles/880469), [5.15.12](https://lwn.net/Articles/879997), [5.15.11](https://lwn.net/Articles/879496), [5.15.10](https://lwn.net/Articles/879023), [5.15.9](https://lwn.net/Articles/878898), [5.15.8](https://lwn.net/Articles/878631), [5.15.7](https://lwn.net/Articles/878040), [5.15.6](https://lwn.net/Articles/877286), [5.15.5](https://lwn.net/Articles/876860), [5.15.4](https://lwn.net/Articles/876611)))<br>- Linux Firmware ([20230117](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20230117) (includes [20221214](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20221214), [20221109](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20221109), [20221012](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20221012), [20220913](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20220913), [20220815](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20220815), [20220708](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20220708), [20220610](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20220610), [20220509](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20220509), [20220411](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20220411), [20220310](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20220310), [20220209](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20220209)))<br>- Linux Headers ([5.15](https://lwn.net/Articles/876611/))<br>- Go ([1.19.5](https://go.dev/doc/devel/release#go1.19.5) (includes [1.19.4](https://go.dev/doc/devel/release#go1.19.4), [1.19.3](https://go.dev/doc/devel/release#go1.19.3), [1.18.10](https://go.dev/doc/devel/release#go1.18.10), [1.18.9](https://go.dev/doc/devel/release#go1.18.9), [1.18.7](https://go.dev/doc/devel/release#1.18.7), [1.18.6](https://go.dev/doc/devel/release#go1.18.6), [1.18.4](https://go.dev/doc/devel/release#go1.18.4), [1.18.2](https://go.googlesource.com/go/+/refs/tags/go1.18.2), [1.17.9](https://go.googlesource.com/go/+/refs/tags/go1.17.9)))<br>- Docker ([20.10.23](https://docs.docker.com/engine/release-notes/#201023) (includes [20.10.22](https://docs.docker.com/engine/release-notes/#201022), [20.10.21](https://docs.docker.com/engine/release-notes/#201021), [20.10.20](https://docs.docker.com/engine/release-notes/#201020), [20.10.18](https://docs.docker.com/engine/release-notes/#201018), [20.10.17](https://docs.docker.com/engine/release-notes/#201017), [20.10.16](https://docs.docker.com/engine/release-notes/#201016), [20.10.15](https://docs.docker.com/engine/release-notes/#201015), [20.10.14](https://docs.docker.com/engine/release-notes/#201014), [20.10.13](https://docs.docker.com/engine/release-notes/#201013)))<br>- acl ([2.3.1](https://git.savannah.nongnu.org/cgit/acl.git/log/?h=v2.3.1))<br>- new: acpid ([2.0.33](https://sourceforge.net/p/acpid2/code/ci/2.0.33/tree/Changelog)) <br>- adcli ([0.9.2](https://gitlab.freedesktop.org/realmd/adcli/-/releases#0.9.2) (includes [0.9.1](https://gitlab.freedesktop.org/realmd/adcli/-/releases#0.9.1)))<br>- afterburn ([5.2.0](https://github.com/coreos/afterburn/releases/tag/v5.2.0))<br>- attr ([2.5.1](https://git.savannah.nongnu.org/cgit/attr.git/log/?h=v2.5.1))<br>- audit ([3.0.6](https://listman.redhat.com/archives/linux-audit/2021-October/msg00000.html))<br>- automake ([1.16.5](https://savannah.gnu.org/forum/forum.php?forum_id=10055))<br>- bind tools ([9.16.36](https://bind9.readthedocs.io/en/v9_16_36/notes.html#notes-for-bind-9-16-36) (includes [9.16.35](https://bind9.readthedocs.io/en/v9_16_34/notes.html#notes-for-bind-9-16-35), [9.16.34](https://bind9.readthedocs.io/en/v9_16_35/notes.html#notes-for-bind-9-16-34), [9.16.33](https://gitlab.isc.org/isc-projects/bind9/-/raw/v9_16_33/CHANGES), [9.16.27](https://gitlab.isc.org/isc-projects/bind9/-/blob/v9_16_27/CHANGES)))<br>- binutils ([2.39](https://sourceware.org/pipermail/binutils/2022-August/122246.html) (includes [2.38](https://lwn.net/Articles/884264)))<br>- boost ([1.79](https://www.boost.org/users/history/version_1_79_0.html) (includes [1.76.0](https://www.boost.org/users/history/version_1_76_0.html)))<br>- bpftool ([5.19.12](https://lwn.net/Articles/909678/) (includes [5.19.8](https://lwn.net/Articles/907523/), [5.19.2](https://lwn.net/Articles/904957/), [5.18.11](https://lwn.net/Articles/900912/), [5.15.8](https://lwn.net/Articles/878631/)))<br>- bridge-utils ([1.7.1](https://git.kernel.org/pub/scm/network/bridge/bridge-utils.git/log/?h=v1.7.1))<br>- btrfs-progs ([5.15.1](https://btrfs.wiki.kernel.org/index.php/Changelog#btrfs-progs_v5.15_.28Nov_2021.29))<br>- ca-certificates ([3.93](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_93.html) (includes [3.90](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_90.html), [3.78](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_78.html)))<br>- cifs-utils ([6.15](https://lists.samba.org/archive/samba-technical/2022-April/137335.html) (includes [6.13](https://lkml.kernel.org/linux-cifs/CAKywueSqRGSFmeDHQacyu831BNUeGFxGg3vgBmozzhkGBCjyXQ@mail.gmail.com/T/)))<br>- conntrack-tools ([1.4.6](https://lists.netfilter.org/pipermail/netfilter-announce/2020/000240.html))<br>- containerd ([1.6.16](https://github.com/containerd/containerd/releases/tag/v1.6.16) (includes [1.6.15](https://github.com/containerd/containerd/releases/tag/v1.6.15), [1.6.14](https://github.com/containerd/containerd/releases/tag/v1.6.14), [1.6.13](https://github.com/containerd/containerd/releases/tag/v1.6.13), [1.6.12](https://github.com/containerd/containerd/releases/tag/v1.6.12), [1.6.10](https://github.com/containerd/containerd/releases/tag/v1.6.10), [1.6.9](https://github.com/containerd/containerd/releases/tag/v1.6.9), [1.6.8](https://github.com/containerd/containerd/releases/tag/v1.6.8), [1.6.7](https://github.com/containerd/containerd/releases/tag/v1.6.7), [1.6.6](https://github.com/containerd/containerd/releases/tag/v1.6.6), [1.6.4](https://github.com/containerd/containerd/releases/tag/v1.6.4), [1.6.3](https://github.com/containerd/containerd/releases/tag/v1.6.3), [1.6.2](https://github.com/containerd/containerd/releases/tag/v1.6.2), [1.6.1](https://github.com/containerd/containerd/releases/tag/v1.6.1), [1.6.0](https://github.com/containerd/containerd/releases/tag/v1.6.0)))<br>- coreutils ([8.32](https://lists.gnu.org/archive/html/coreutils-announce/2020-03/msg00000.html))<br>- cpio ([2.13](https://lists.gnu.org/archive/html/bug-cpio/2019-11/msg00000.html))<br>- cri-tools ([1.24.2](https://github.com/kubernetes-sigs/cri-tools/releases/tag/v1.24.2))<br>- cryptsetup ([2.4.3](https://lore.kernel.org/all/572c18a7bf60cb1b0f67c3a03c531d7e7ed31832.camel@scientia.net/T/))<br>- curl ([7.87.0](https://curl.se/changes.html#7_87_0) (includes [7.86](https://curl.se/changes.html#7_86_0), [7.85](https://curl.se/mail/archive-2022-08/0012.html), [7.84.0](https://github.com/curl/curl/releases/tag/curl-7_84_0), [7.83.1](https://curl.se/mail/lib-2022-05/0010.html)))<br>- Cyrus SASL ([2.1.28](https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28))<br>- dbus ([1.14.4](https://gitlab.freedesktop.org/dbus/dbus/-/raw/dbus-1.14.4/NEWS) (includes [1.12.22](https://gitlab.freedesktop.org/dbus/dbus/-/blob/177ab044bc87cbc4ded75d21b900795a6fefef76/NEWS)))<br>- diffutils ([3.8](https://lists.gnu.org/archive/html/info-gnu/2021-08/msg00000.html))<br>- dosfstools ([4.2](https://github.com/dosfstools/dosfstools/releases/tag/v4.2))<br>- duktape ([2.7.0](https://github.com/svaarala/duktape/releases/tag/v2.7.0))<br>- e2fsprogs ([1.46.5](http://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.46.5) (includes [1.46.4](http://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.46.4)))<br>- elfutils ([0.188](https://sourceware.org/pipermail/elfutils-devel/2022q4/005561.html) (includes [0.187](https://sourceware.org/pipermail/elfutils-devel/2022q2/004978.html), [0.186](https://sourceware.org/git/?p=elfutils.git;a=blob;f=NEWS;h=490932ae4ef9b5a3af01d2c8c616f14d57586046;hb=983e86fd89e8bf02f2d27ba5dce5bf078af4ceda)))<br>- ethtool ([5.10](https://git.kernel.org/pub/scm/network/ethtool/ethtool.git/tree/NEWS?h=v5.10))<br>- expat ([2.5.0](https://github.com/libexpat/libexpat/blob/R_2_5_0/expat/Changes) (includes [2.4.9](https://github.com/libexpat/libexpat/blob/R_2_4_9/expat/Changes)))<br>- findutils ([4.8.0](https://savannah.gnu.org/forum/forum.php?forum_id=9914))<br>- gawk ([5.2.1](https://lists.gnu.org/archive/html/help-gawk/2022-11/msg00008.html) (contains [5.2.0](https://lists.gnu.org/archive/html/help-gawk/2022-09/msg00000.html)))<br>- gcc ([11.3.0](https://gcc.gnu.org/gcc-11/changes.html) (includes [10.3.0](https://gcc.gnu.org/gcc-10/changes.html), [9.4.0](https://lists.gnu.org/archive/html/info-gnu/2021-06/msg00000.html)))<br>- gdb ([11.2](https://lists.gnu.org/archive/html/info-gnu/2022-01/msg00009.html))<br>- gdbm ([1.22](https://lists.gnu.org/archive/html/info-gnu/2021-10/msg00006.html))<br>- gettext ([0.21.1](https://git.savannah.gnu.org/gitweb/?p=gettext.git;a=blob;f=NEWS;h=cdbb16746c23555e70bb1e16917f5c349ce92d9e;hb=8b38ee827251cadbb90cb6cb576ae98702566288) (includes [0.21](https://www.gnu.org/software/gettext/)))<br>- git ([2.39.1](https://github.com/git/git/blob/v2.39.1/Documentation/RelNotes/2.39.1.txt) (includes [2.39.0](https://github.com/git/git/blob/v2.39.0/Documentation/RelNotes/2.39.0.txt), [2.38.3](https://github.com/git/git/blob/v2.38.3/Documentation/RelNotes/2.38.3.txt), [2.37.4](https://github.com/git/git/blob/master/Documentation/RelNotes/2.37.4.txt), [2.37.3](https://github.com/git/git/blob/v2.37.3/Documentation/RelNotes/2.37.3.txt), [2.37.1](https://github.com/git/git/blob/v2.37.1/Documentation/RelNotes/2.37.1.txt), [2.35.3](https://github.com/git/git/blob/v2.35.3/Documentation/RelNotes/2.35.3.txt)))<br>- glib ([2.74.4](https://gitlab.gnome.org/GNOME/glib/-/tags/2.74.4) (includes [2.74.1](https://gitlab.gnome.org/GNOME/glib/-/tags/2.74.1), [2.72.3](https://gitlab.gnome.org/GNOME/glib/-/tags/2.73.3), [2.68.4](https://gitlab.gnome.org/GNOME/glib/-/releases/2.68.4)))<br>- glibc ([2.36](https://sourceware.org/pipermail/libc-alpha/2022-August/141193.html) (includes [2.35](https://savannah.gnu.org/forum/forum.php?forum_id=10111), [2.34](https://sourceware.org/pipermail/libc-alpha/2021-August/129718.html)))<br>- gnupg ([2.2.35](https://dev.gnupg.org/T5928))<br>- gnutls ([3.7.8](https://lists.gnupg.org/pipermail/gnutls-help/2022-September/004765.html) (includes [3.7.7](https://gitlab.com/gnutls/gnutls/-/tags/3.7.7), [3.7.3](https://gitlab.com/gnutls/gnutls/-/merge_requests/1517)))<br>- grep ([3.7](https://savannah.gnu.org/forum/forum.php?forum_id=10037))<br>- gzip ([1.12](https://savannah.gnu.org/forum/forum.php?forum_id=10157) (includes [1.11](https://lists.gnu.org/archive/html/info-gnu/2021-09/msg00002.html)))<br>- i2c-tools ([4.3](https://git.kernel.org/pub/scm/utils/i2c-tools/i2c-tools.git/tree/CHANGES?id=d8bc1f1ff4b00a6bd988aa114100ae9b787f50d8) (includes [4.2](https://git.kernel.org/pub/scm/utils/i2c-tools/i2c-tools.git/log/?h=v4.2)))<br>- ignition ([2.14.0](https://github.com/coreos/ignition/releases/tag/v2.14.0) (includes [2.13.0](https://github.com/coreos/ignition/releases/tag/v2.13.0)))<br>- intel-microcode ([20220809](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20220809) (includes [20220510](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20220510), [20220207_p20220207](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20220207), [20221108](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20221108)))<br>- iperf ([3.10.1](https://github.com/esnet/iperf/blob/master/RELNOTES.md#iperf-3101-2021-06-03))<br>- iproute2 ([5.15](https://lwn.net/ml/linux-kernel/20211101164705.6f4f2e41%40hermes.local/))<br>- ipset ([7.11](https://ipset.netfilter.org/changelog.html))<br>- iptables ([1.8.8](https://www.netfilter.org/projects/iptables/files/changes-iptables-1.8.8.txt))<br>- iputils ([20211215](https://github.com/iputils/iputils/releases/tag/20211215) (includes [20210722](https://github.com/iputils/iputils/releases/tag/20210722)))<br>- ipvsadm ([1.27](http://archive.linuxvirtualserver.org/html/lvs-devel/2013-09/msg00011.html))<br>- jansson ([2.14](https://github.com/akheron/jansson/blob/v2.14/CHANGES))<br>- kmod ([29](https://git.kernel.org/pub/scm/utils/kernel/kmod/kmod.git/commit/?id=b6ecfc916a17eab8f93be5b09f4e4f845aabd3d1))<br>- ldb ([2.4.1](https://gitlab.com/samba-team/samba/-/commit/a795e0c84597aa045d011e663dbad3cdabf0f1e6))<br>- less ([590](https://www.greenwoodsoftware.com/less/news.590.html))<br>- libarchive ([3.6.1](https://github.com/libarchive/libarchive/releases/tag/v3.6.1) (includes [3.5.3](https://github.com/libarchive/libarchive/releases/tag/v3.5.3), [3.5.2](https://github.com/libarchive/libarchive/releases/tag/v3.5.2)))<br>- libbsd ([0.11.3](https://gitlab.freedesktop.org/libbsd/libbsd/-/commits/0.11.3/))<br>- libcap ([2.66](https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.d9ygdose5kw) (includes [2.65](https://sites.google.com/site/fullycapable/release-notes-for-libcap?authuser=0#h.wfblevfzkj0)))<br>- libcap-ng ([0.8.3](https://people.redhat.com/sgrubb/libcap-ng/ChangeLog) (includes [0.8.2](https://github.com/stevegrubb/libcap-ng/releases/tag/v0.8.2)))<br>- libksba ([1.6.3](https://dev.gnupg.org/T6304) (includes [1.6.2](https://dev.gnupg.org/T6230)))<br>- libnetfilter_queue ([1.0.5](https://git.netfilter.org/libnetfilter_queue/log/?h=libnetfilter_queue-1.0.5))<br>- libpcap ([1.10.1](https://git.tcpdump.org/libpcap/blob/c7642e2cc0c5bd65754685b160d25dc23c76c6bd:/CHANGES))<br>- libseccomp ([2.5.4](https://github.com/seccomp/libseccomp/releases/tag/v2.5.4) (contains [2.5.3](https://github.com/seccomp/libseccomp/releases/tag/v2.5.3), [2.5.2](https://github.com/seccomp/libseccomp/releases/tag/v2.5.2), [2.5.1](https://github.com/seccomp/libseccomp/releases/tag/v2.5.1)))<br>- libtasn1 ([4.19.0](https://lists.gnu.org/archive/html/help-libtasn1/2022-08/msg00001.html) (includes [4.17.0](https://gitlab.com/gnutls/libtasn1/-/blob/v4.17.0/NEWS)))<br>- liburing ([2.1](https://github.com/axboe/liburing/commits/liburing-2.1))<br>- libxml2 ([2.10.3](https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3) (includes [2.10.2](https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.2), [2.9.14](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.9.14), [2.9.13](http://www.xmlsoft.org/news.html)))<br>- logrotate ([3.20.1](https://github.com/logrotate/logrotate/releases/tag/3.20.1))<br>- lshw ([02.19.2b_p20210121](https://www.ezix.org/project/wiki/HardwareLiSter#Changes))<br>- lsof ([4.94.0](https://github.com/lsof-org/lsof/releases/tag/4.94.0))<br>- lsscsi ([0.32](https://sg.danny.cz/scsi/lsscsi.ChangeLog))<br>- mantle ([0.18.0](https://github.com/flatcar-linux/mantle/releases/tag/v0.18.0) (includes [0.17.0](https://github.com/flatcar-linux/mantle/releases/tag/v0.17.0)))<br>- mdadm ([4.2](https://lore.kernel.org/all/28fdbc45-96ca-7cdb-3ced-a5f65d978048@trained-monkey.org/T/))<br>- MIT Kerberos V ([1.20.1](https://web.mit.edu/kerberos/krb5-1.20/krb5-1.20.1.html))<br>- multipath-tools ([0.9.3](https://github.com/opensvc/multipath-tools/releases/tag/0.9.3) (includes [0.8.7](https://github.com/opensvc/multipath-tools/commits/0.8.7)))<br>- ncurses ([6.3_p20220423](https://lists.gnu.org/archive/html/info-gnu/2021-11/msg00001.html))<br>- nettle ([3.8.1](https://git.lysator.liu.se/nettle/nettle/-/blob/990abad16ceacd070747dcc76ed16a39c129321e/ChangeLog))<br>- nfs-utils ([2.5.4](https://lore.kernel.org/linux-fsdevel/c8795653-7728-18a4-93dc-58943ad0fe09@redhat.com/))<br>- nghttp2 ([1.45.1](https://github.com/nghttp2/nghttp2/releases/tag/v1.45.1))<br>- nmap ([7.93](https://nmap.org/changelog.html#7.93))<br>- nvidia-drivers ([510.73.05](https://docs.nvidia.com/datacenter/tesla/tesla-release-notes-510-73-05/index.html))<br>- nvme-cli ([1.16](https://github.com/linux-nvme/nvme-cli/commits/deee9cae1ac94760deebd71f8e5449061338666c))<br>- oniguruma ([6.9.8](https://github.com/kkos/oniguruma/releases/tag/v6.9.8) (includes [6.9.7.1](https://github.com/kkos/oniguruma/releases/tag/v6.9.7.1)))<br>- open-isns ([0.101](https://github.com/open-iscsi/open-isns/blob/v0.101/ChangeLog))<br>- openssh ([9.1](http://www.openssh.com/releasenotes.html#9.1) (includes [8.8](http://www.openssh.com/txt/release-8.8)))<br>- openssl ([3.0.7](https://www.openssl.org/news/openssl-3.0-notes.html) (includes [3.0.3](https://www.openssl.org/news/changelog.html#openssl-30), [3.0.2](https://www.openssl.org/news/changelog.html#openssl-30), [3.0.1](https://www.openssl.org/news/changelog.html#openssl-30)))<br>- pam ([1.5.1_p20210622](https://github.com/linux-pam/linux-pam/commit/fe1307512fb8892b5ceb3d884c793af8dbd4c16a))<br>- pambase (20220214)<br>- parted ([3.4](https://savannah.gnu.org/forum/forum.php?forum_id=9924) (includes [3.3](https://savannah.gnu.org/forum/forum.php?forum_id=9569)))<br>- pciutils ([3.7.0](https://github.com/pciutils/pciutils/commit/864aecdea9c7db626856d8d452f6c784316a878c))<br>- pcre2 ([10.39](https://github.com/PhilipHazel/pcre2/blob/pcre2-10.39/NEWS))<br>- pinentry ([1.2.0](https://dev.gnupg.org/T5566))<br>- polkit ([121](https://gitlab.freedesktop.org/polkit/polkit/-/commit/827b0ddac5b1ef00a47fca4526fcf057bee5f1db) (includes [0.120](https://gitlab.freedesktop.org/polkit/polkit/-/blob/0.120/NEWS)))<br>- quota ([4.06](https://sourceforge.net/p/linuxquota/code/ci/0acd4cc6275122fd9864cb7b5d349e65a2622920/))<br>- rpcbind ([1.2.6](https://git.linux-nfs.org/?p=steved/rpcbind.git;a=shortlog;h=refs/tags/rpcbind-1_2_6))<br>- rsync ([3.2.7](https://download.samba.org/pub/rsync/NEWS#3.2.7) (includes [3.2.6](https://github.com/WayneD/rsync/releases/tag/v3.2.6), [3.2.4](https://download.samba.org/pub/rsync/NEWS.html#3.2.4)))<br>- runc ([1.1.4](https://github.com/opencontainers/runc/releases/tag/v1.1.4) (includes [1.1.3](https://github.com/opencontainers/runc/releases/tag/v1.1.3), [1.1.2](https://github.com/opencontainers/runc/releases/tag/v1.1.2), [1.1.1](https://github.com/opencontainers/runc/releases/tag/v1.1.1), [1.1.0](https://github.com/opencontainers/runc/releases/tag/v1.1.0)))<br>- samba ([4.15.4](https://www.samba.org/samba/history/samba-4.15.4.html))<br>- sed ([4.8](https://savannah.gnu.org/forum/forum.php?forum_id=9647))<br>- shadow ([4.13](https://github.com/shadow-maint/shadow/releases/tag/4.13) (includes [4.12.3](https://github.com/shadow-maint/shadow/releases/tag/4.12.3), [4.11.1](https://github.com/shadow-maint/shadow/releases/tag/v4.11.1)))<br>- socat ([1.7.4.3](https://repo.or.cz/socat.git/blob/refs/tags/tag-1.7.4.3:/CHANGES))<br>- sqlite ([3.40.1](https://www.sqlite.org/releaselog/3_40_1.html) (contains [3.40.0](https://www.sqlite.org/releaselog/3_40_0.html), [3.39.4](https://sqlite.org/releaselog/3_39_4.html), [3.38.1](https://www.sqlite.org/releaselog/3_38_1.html)))<br>- strace ([5.19](https://github.com/strace/strace/releases/tag/v5.19))<br>- sudo ([1.9.12_p2](https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_12p2) (includes [1.9.12_p1](https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_12p1), [1.9.10](https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_10)))<br>- systemd ([252.11](https://github.com/systemd/systemd-stable/releases/tag/v252.11) (includes [252.5](https://github.com/systemd/systemd-stable/releases/tag/v252.5), [252](https://github.com/systemd/systemd/releases/tag/v252), [251.10](https://github.com/systemd/systemd-stable/commits/v251.10), [251](https://github.com/systemd/systemd/releases/tag/v251), [250.7](https://github.com/systemd/systemd-stable/releases/tag/v250.7), [250.3](https://github.com/systemd/systemd-stable/releases/tag/v250.3), [249.7](https://github.com/systemd/systemd-stable/blob/v249.7/NEWS)))<br>- talloc ([2.3.3](https://gitlab.com/samba-team/samba/-/commit/bc1ee7ca0640f0136e5af7dcc4ca8ed0a5893053))<br>- tcpdump ([4.99.1](https://git.tcpdump.org/tcpdump/blob/5f552b5e6e9fe05f7ad9681d51d0303233daba6a:/CHANGES))<br>- tevent ([0.11.0](https://gitlab.com/samba-team/samba/-/commit/de4e8a1af9564f6056f9af90867c2f013449051c))<br>- thin-provisioning-tools ([0.9.0](https://github.com/jthornber/thin-provisioning-tools/blob/d6d93c3157631b242a13a81d30f75453e576c55a/CHANGES#L1-L9))<br>- timezone-data ([2021a](https://mm.icann.org/pipermail/tz-announce/2021-January/000065.html))<br>- unzip ([6.0_p27](https://metadata.ftp-master.debian.org/changelogs//main/u/unzip/unzip_6.0-27_changelog) (includes [6.0_p26](https://metadata.ftp-master.debian.org/changelogs//main/u/unzip/unzip_6.0-26_changelog)))<br>- usbutils ([014](https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usbutils.git/commit/?id=57fb18e59cce31a50a1ca62d1e192512c905ba00))<br>- util-linux ([2.37.4](https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.4-ChangeLog))<br>- vim ([9.0.1157](https://github.com/vim/vim/releases/tag/v9.0.1157) (includes [9.0.1000](https://github.com/vim/vim/releases/tag/v9.0.1000), [9.0.0828](https://github.com/vim/vim/releases/tag/v9.0.0828), [9.0.0655](https://github.com/vim/vim/releases/tag/v9.0.0655), [9.0.0469](https://github.com/vim/vim/releases/tag/v9.0.0469), [8.2.5066](https://github.com/vim/vim/releases/tag/v8.2.5066), [8.2.4328](https://github.com/vim/vim/releases/tag/v8.2.4328), [8.2.3582](https://github.com/vim/vim/releases/tag/v8.2.3582)))<br>- wget ([1.21.3](https://lists.gnu.org/archive/html/info-gnu/2022-02/msg00017.html))<br>- whois ([5.5.14](https://github.com/rfc1036/whois/commit/ab10466cf2e1ec4887f6a44375c3e29c1720157f) (includes [5.5.13](https://github.com/rfc1036/whois/blob/v5.5.13/debian/changelog), [5.5.11](https://github.com/rfc1036/whois/commit/5f5ba8312c04a759dad05723c035549273d07461)))<br>- wireguard-tools ([1.0.20210914](https://github.com/WireGuard/wireguard-tools/releases/tag/v1.0.20210914))<br>- xfsprogs ([5.14.2](https://marc.info/?l=linux-xfs&m=163883318025390&w=2))<br>- xz-utils ([5.4.1](https://github.com/tukaani-project/xz/releases/tag/v5.4.1) (includes [5.4.0](https://github.com/tukaani-project/xz/releases/tag/v5.4.0), [5.2.10](https://git.tukaani.org/?p=xz.git;a=blob;f=NEWS;h=d92fa88a835180af5d6ff22ad0e240d6468f81af;hb=f7c2cc55618b9af3318f0c908cf8db0df1e28e7c), [5.2.9](https://git.tukaani.org/?p=xz.git;a=blob;f=NEWS;h=ebb303084403445088ec97dfedf0461a6e5b5077;hb=d8a898eb9974683bc725c49ec76722f9a8758f48), [5.2.8](https://git.tukaani.org/?p=xz.git;a=blob;f=NEWS;h=c244b42a6771a6e8af206318dfc500d78929fd6f;hb=5476089d9c42b9b04e92b80e1800b384a98265cb), [5.2.7](https://git.tukaani.org/?p=xz.git;a=blob;f=NEWS;h=0205423e79ce8297102096b0fc8b030ddf5b2023;hb=d24a57b7fc7e5e9267b84367cb0788d3acf7f569), [5.2.6](https://git.tukaani.org/?p=xz.git;a=blob;f=NEWS;h=4c79b18ff26a1c479a920b21f07d050599c04c9e;hb=8dfed05bdaa4873833ba24279f02ad2db25effea)))<br>- zlib ([1.2.13](https://github.com/madler/zlib/releases/tag/v1.2.13) (includes [1.2.12](https://github.com/madler/zlib/blob/21767c654d31d2dccdde4330529775c6c5fd5389/ChangeLog#L4)))<br>- GCE: google-compute-image-packages ([20190124](https://github.com/GoogleCloudPlatform/compute-image-packages/releases/tag/20190124))<br>- OEM: distro ([1.7.0](https://github.com/python-distro/distro/releases/tag/v1.7.0))<br>- OEM: libmspack ([0.10.1_alpha](https://github.com/kyz/libmspack/blob/v0.10.1alpha/libmspack/ChangeLog))<br>- OEM: python ([3.9.16](https://www.python.org/downloads/release/python-3916/) (includes [3.9.12](https://www.python.org/downloads/release/python-3912/), [3.9.8](https://www.python.org/downloads/release/python-398/)))<br>- SDK: bison ([3.8.2](https://lists.gnu.org/archive/html/bug-bison/2021-09/msg00056.html))<br>- SDK: boost ([1.81.0](https://www.boost.org/users/history/version_1_81_0.html))<br>- SDK: catalyst ([3.0.21](https://gitweb.gentoo.org/proj/catalyst.git/log/?h=3.0.21))<br>- SDK: cmake ([3.23.3](https://cmake.org/cmake/help/v3.23/release/3.23.html))<br>- SDK: edk2-ovmf ([202105](https://github.com/tianocore/edk2/releases/tag/edk2-stable202105))<br>- SDK: file ([5.44](https://github.com/file/file/blob/FILE5_44/ChangeLog) (includes [5.43](https://mailman.astron.com/pipermail/file/2022-September/000857.html), [5.40](https://mailman.astron.com/pipermail/file/2021-March/000478.html)))<br>- SDK: gcc-config ([2.5](https://gitweb.gentoo.org/proj/gcc-config.git/tag/?h=v2.5))<br>- SDK: iasl ([20200717](https://www.acpica.org/node/183))<br>- SDK: ipxe ([1.21.1](https://github.com/ipxe/ipxe/releases/tag/v1.21.1))<br>- SDK: kexec-tools ([2.0.22](https://www.spinics.net/lists/kexec/msg26864.html))<br>- SDK: libpng ([1.6.39](http://www.libpng.org/pub/png/src/libpng-1.6.39-README.txt) (includes [1.6.38](http://www.libpng.org/pub/png/src/libpng-1.6.38-README.txt)))<br>- SDK: libtool ([2.4.7](https://savannah.gnu.org/forum/forum.php?forum_id=10139))<br>- SDK: libxslt ([1.1.37](https://gitlab.gnome.org/GNOME/libxslt/-/tags/v1.1.37) (includes [1.1.35](https://gitlab.gnome.org/GNOME/libxslt/-/tags/v1.1.35)))<br>- SDK: man-db ([2.9.4](https://gitlab.com/cjwatson/man-db/-/tags/2.9.4))<br>- SDK: man-pages ([5.12-r2](https://man7.org/linux/man-pages/changelog.html#release_5.12))<br>- SDK: meson ([0.62.2](https://mesonbuild.com/Release-notes-for-0-62-0.html))<br>- SDK: netperf ([2.7.0](https://github.com/HewlettPackard/netperf/blob/netperf-2.7.0/Release_Notes))<br>- SDK: ninja ([1.11.0](https://groups.google.com/g/ninja-build/c/R2oCyDctDf8/m/-U94Y5I8AgAJ?pli=1))<br>- SDK: pahole ([1.23](https://git.kernel.org/pub/scm/devel/pahole/pahole.git/tag/?h=v1.23))<br>- SDK: perl ([5.36.0](https://perldoc.perl.org/5.36.0/perldelta) (includes [5.34.1](https://perldoc.perl.org/5.34.1/perldelta), [5.15](https://kernelnewbies.org/LinuxChanges#Linux_5.15.Tracing.2C_perf_and_BPF)))<br>- SDK: pkgconf ([1.8.0](https://gitea.treehouse.systems/ariadne/pkgconf/src/tag/pkgconf-1.8.0/NEWS))<br>- SDK: portage ([3.0.43](https://github.com/gentoo/portage/blob/portage-3.0.43/NEWS) (includes [3.0.42](https://github.com/gentoo/portage/blob/portage-3.0.42/NEWS), [3.0.41](https://gitweb.gentoo.org/proj/portage.git/tree/NEWS?h=portage-3.0.41)))<br>- SDK: Python ([3.9.12](https://www.python.org/downloads/release/python-3912/) (includes [3.9.8](https://www.python.org/downloads/release/python-398/)))<br>- SDK: qemu ([7.2.0](https://wiki.qemu.org/ChangeLog/7.2) (includes [7.1.0](https://wiki.qemu.org/ChangeLog/7.1), [7.0.0](https://wiki.qemu.org/ChangeLog/7.0), [6.1.0](https://wiki.qemu.org/ChangeLog/6.1)))<br>- SDK: Rust ([1.67.0](https://github.com/rust-lang/rust/releases/tag/1.67.0) (includes [1.66.1](https://github.com/rust-lang/rust/releases/tag/1.66.1), [1.66.0](https://github.com/rust-lang/rust/releases/tag/1.66.0), [1.65.0](https://github.com/rust-lang/rust/releases/tag/1.65.0), [1.64.0](https://github.com/rust-lang/rust/releases/tag/1.64.0), [1.63.0](https://github.com/rust-lang/rust/releases/tag/1.63.0), [1.62.1](https://github.com/rust-lang/rust/releases/tag/1.62.1), [1.62.0](https://github.com/rust-lang/rust/releases/tag/1.62.0), [1.61.0](https://github.com/rust-lang/rust/releases/tag/1.61.0), [1.60.0](https://github.com/rust-lang/rust/releases/tag/1.60.0), [1.59.0](https://github.com/rust-lang/rust/releases/tag/1.59.0), [1.58.1](https://github.com/rust-lang/rust/releases/tag/1.58.1), [1.57.0](https://github.com/rust-lang/rust/releases/tag/1.57.0)))<br>- SDK: sbsigntools ([0.9.4](https://git.kernel.org/pub/scm/linux/kernel/git/jejb/sbsigntools.git/tag/?h=v0.9.4))<br>- SDK: seabios ([1.14.0](https://seabios.org/Releases#SeaBIOS_1.14.0))<br>- SDK: sgabios ([0.1_pre10](https://git.qemu.org/?p=sgabios.git;a=tree;h=a85446adb0e0))<br>- SDK: squashfs-tools ([4.5_p20210914](https://lore.kernel.org/lkml/CAB3woddJss+ziGp-RjJ-yiax6pc_HLMdxk3Qk5nJdRgjpEYWBg@mail.gmail.com/))<br>- VMware: open-vm-tools ([12.1.5](https://github.com/vmware/open-vm-tools/releases/tag/stable-12.1.5) (includes [12.1.0](https://github.com/vmware/open-vm-tools/releases/tag/stable-12.1.0), [12.0.5](https://github.com/vmware/open-vm-tools/releases/tag/stable-12.0.5), [12.0.0](https://github.com/vmware/open-vm-tools/releases/tag/stable-12.0.0)))<br>Packages:<br>- containerd 1.6.16<br>- docker 20.10.23<br>- ignition 2.14.0<br>- kernel 5.15.132<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-10-05T10:09:06+00:00 @@ -862,7 +870,7 @@ https://github.com/flatcar/scripts/releases/tag/lts-3033.3.9 3033.3.9 - 2023-10-25T10:20:44.137679+00:00 + 2023-11-22T09:59:34.052797+00:00 _Changes since **LTS 3033.3.8**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-3424](https://nvd.nist.gov/vuln/detail/CVE-2022-3424), [CVE-2022-3534](https://nvd.nist.gov/vuln/detail/CVE-2022-3534), [CVE-2022-3545](https://nvd.nist.gov/vuln/detail/CVE-2022-3545), [CVE-2022-3623](https://nvd.nist.gov/vuln/detail/CVE-2022-3623), [CVE-2022-36280](https://nvd.nist.gov/vuln/detail/CVE-2022-36280), [CVE-2022-3643](https://nvd.nist.gov/vuln/detail/CVE-2022-3643), [CVE-2022-41218](https://nvd.nist.gov/vuln/detail/CVE-2022-41218), [CVE-2022-4378](https://nvd.nist.gov/vuln/detail/CVE-2022-4378), [CVE-2022-45934](https://nvd.nist.gov/vuln/detail/CVE-2022-45934), [CVE-2022-47929](https://nvd.nist.gov/vuln/detail/CVE-2022-47929), [CVE-2023-0266](https://nvd.nist.gov/vuln/detail/CVE-2023-0266), [CVE-2023-0394](https://nvd.nist.gov/vuln/detail/CVE-2023-0394), [CVE-2023-23454](https://nvd.nist.gov/vuln/detail/CVE-2023-23454), [CVE-2023-23455](https://nvd.nist.gov/vuln/detail/CVE-2023-23455))<br><br>#### Bug fixes:<br><br><br>#### Changes:<br><br><br>#### Updates:<br><br>- Linux ([5.10.164](https://lwn.net/Articles/920322) (includes [5.10.163](https://lwn.net/Articles/920013), [5.10.162](https://lwn.net/Articles/919055), [5.10.161](https://lwn.net/Articles/918330), [5.10.160](https://lwn.net/Articles/918207), [5.10.159](https://lwn.net/Articles/917899), [5.10.158](https://lwn.net/Articles/917402)))<br>- ca-certificates ([3.87](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_87.html) (includes [3.86](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_86.html)))<br><br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.10.164<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-01-24T13:14:09+00:00 @@ -870,7 +878,7 @@ https://github.com/flatcar/scripts/releases/tag/lts-3033.3.8 3033.3.8 - 2023-10-25T10:20:44.132567+00:00 + 2023-11-22T09:59:34.047609+00:00 _Changes since **LTS 3033.3.7**_<br> <br>#### Security fixes:<br> <br>- Linux ([CVE-2022-3169](https://nvd.nist.gov/vuln/detail/CVE-2022-3169), [CVE-2022-3521](https://nvd.nist.gov/vuln/detail/CVE-2022-3521))<br><br>#### Updates:<br> <br>- Linux ([5.10.157](https://lwn.net/Articles/916764) (includes [5.10.156](https://lwn.net/Articles/915992), [5.10.155](https://lwn.net/Articles/915101)))<br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.10.157<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-12-09T09:46:54+00:00 @@ -878,7 +886,7 @@ https://github.com/flatcar/scripts/releases/tag/lts-3033.3.7 3033.3.7 - 2023-10-25T10:20:44.128111+00:00 + 2023-11-22T09:59:34.043083+00:00 _Changes since **LTS 3033.3.6**_<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2021-4037](https://nvd.nist.gov/vuln/detail/CVE-2021-4037), [CVE-2022-0171](https://nvd.nist.gov/vuln/detail/CVE-2022-0171), [CVE-2022-2602](https://nvd.nist.gov/vuln/detail/CVE-2022-2602), [CVE-2022-2663](https://nvd.nist.gov/vuln/detail/CVE-2022-2663), [CVE-2022-3061](https://nvd.nist.gov/vuln/detail/CVE-2022-3061), [CVE-2022-3303](https://nvd.nist.gov/vuln/detail/CVE-2022-3303), [CVE-2022-3535](https://nvd.nist.gov/vuln/detail/CVE-2022-3535), [CVE-2022-3542](https://nvd.nist.gov/vuln/detail/CVE-2022-3542), [CVE-2022-3565](https://nvd.nist.gov/vuln/detail/CVE-2022-3565), [CVE-2022-3586](https://nvd.nist.gov/vuln/detail/CVE-2022-3586), [CVE-2022-3594](https://nvd.nist.gov/vuln/detail/CVE-2022-3594), [CVE-2022-3621](https://nvd.nist.gov/vuln/detail/CVE-2022-3621), [CVE-2022-3646](https://nvd.nist.gov/vuln/detail/CVE-2022-3646), [CVE-2022-3649](https://nvd.nist.gov/vuln/detail/CVE-2022-3649), [CVE-2022-39842](https://nvd.nist.gov/vuln/detail/CVE-2022-39842), [CVE-2022-40307](https://nvd.nist.gov/vuln/detail/CVE-2022-40307), [CVE-2022-40768](https://nvd.nist.gov/vuln/detail/CVE-2022-40768), [CVE-2022-41674](https://nvd.nist.gov/vuln/detail/CVE-2022-41674), [CVE-2022-42719](https://nvd.nist.gov/vuln/detail/CVE-2022-42719), [CVE-2022-42720](https://nvd.nist.gov/vuln/detail/CVE-2022-42720), [CVE-2022-42721](https://nvd.nist.gov/vuln/detail/CVE-2022-42721), [CVE-2022-42722](https://nvd.nist.gov/vuln/detail/CVE-2022-42722), [CVE-2022-43750](https://nvd.nist.gov/vuln/detail/CVE-2022-43750))<br> <br> #### Updates:<br> <br> - Linux ([5.10.154](https://lwn.net/Articles/914423) (includes [5.10.153](https://lwn.net/Articles/913682) [5.10.152](https://lwn.net/Articles/913110), [5.10.151](https://lwn.net/Articles/912993), [5.10.150](https://lwn.net/Articles/912501), [5.10.149](https://lwn.net/Articles/911488), [5.10.148](https://lwn.net/Articles/911276), [5.10.147](https://lwn.net/Articles/910399), [5.10.146](https://lwn.net/Articles/909680), [5.10.145](https://lwn.net/Articles/909213), [5.10.144](https://lwn.net/Articles/908783), [5.10.143](https://lwn.net/Articles/908141)))<br> - ca-certificates ([3.84](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_84.html))<br><br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.10.154<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-11-17T12:03:56+00:00 @@ -886,7 +894,7 @@ https://github.com/flatcar/scripts/releases/tag/lts-3033.3.6 3033.3.6 - 2023-10-25T10:20:44.122526+00:00 + 2023-11-22T09:59:34.037487+00:00 _Changes since **LTS 3033.3.5**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-2905](https://nvd.nist.gov/vuln/detail/CVE-2022-2905), [CVE-2022-3028](https://nvd.nist.gov/vuln/detail/CVE-2022-3028), [CVE-2022-39190](https://nvd.nist.gov/vuln/detail/CVE-2022-39190))<br>- torcx ([CVE-2021-38561](https://nvd.nist.gov/vuln/detail/CVE-2021-38561), [CVE-2021-43565](https://nvd.nist.gov/vuln/detail/CVE-2021-43565), [CVE-2022-27191](https://nvd.nist.gov/vuln/detail/CVE-2022-27191))<br><br>#### Bug fixes:<br><br>- Equinix Metal: Fixed serial console settings for the `m3.small.x86` instance by expanding the GRUB check for `i386` to `x86_64` [coreos-overlay#2122](https://github.com/flatcar-linux/coreos-overlay/pull/2122)<br><br>#### Changes:<br><br>- emerge-gitclone: Migrate emerge-gitclone to use scripts repo tags and submodule refs<br><br>#### Updates:<br><br>- Linux ([5.10.142](https://lwn.net/Articles/907525) (includes [5.10.141](https://lwn.net/Articles/907205), [5.10.140](https://lwn.net/Articles/906628), [5.10.139](https://lwn.net/Articles/906359), [5.10.138](https://lwn.net/Articles/906062)))<br>- ca-certificates ([3.83](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_83.html))<br>- locksmith([0.7.0](https://github.com/flatcar/locksmith/blob/v0.7.0/CHANGELOG.md#v070--30112021))<br><br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.10.142<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-10-17T14:39:29+00:00 @@ -894,7 +902,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3033.3.5 3033.3.5 - 2023-10-25T10:20:44.117405+00:00 + 2023-11-22T09:59:34.032328+00:00 _Changes since **LTS 3033.3.4**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-1679](https://nvd.nist.gov/vuln/detail/CVE-2022-1679), [CVE-2022-2153](https://nvd.nist.gov/vuln/detail/CVE-2022-2153), [CVE-2022-2585](https://nvd.nist.gov/vuln/detail/CVE-2022-2585), [CVE-2022-2586](https://nvd.nist.gov/vuln/detail/CVE-2022-2586), [CVE-2022-2588](https://nvd.nist.gov/vuln/detail/CVE-2022-2588), [CVE-2022-26373](https://nvd.nist.gov/vuln/detail/CVE-2022-26373), [CVE-2022-36946](https://nvd.nist.gov/vuln/detail/CVE-2022-36946))<br><br>#### Changes:<br><br>- The new image signing subkey was added to the public key embedded into `flatcar-install` (the old expired on 10th August 2022), only an updated `flatcar-install` script can verify releases signed with the new key ([init#79](https://github.com/flatcar/init/pull/79))<br><br>#### Updates:<br><br>- Linux ([5.10.137](https://lwn.net/Articles/905534) (includes [5.10.136](https://lwn.net/Articles/904462), [5.10.135](https://lwn.net/Articles/903689)))<br>- ca-certificates ([3.82](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_82.html))<br><br><br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.10.137<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-09-01T12:58:14+00:00 @@ -902,7 +910,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3033.3.4 3033.3.4 - 2023-10-25T10:20:44.112439+00:00 + 2023-11-22T09:59:34.027342+00:00 New LTS-2022 Release 3033.3.4<br><br>Changes since LTS-2022 3033.3.3<br><br>## Security fixes:<br><br>- Linux ([CVE-2022-23816](https://nvd.nist.gov/vuln/detail/CVE-2022-23816), [CVE-2022-23825](https://nvd.nist.gov/vuln/detail/CVE-2022-23825), [CVE-2022-29900](https://nvd.nist.gov/vuln/detail/CVE-2022-29900), [CVE-2022-29901](https://nvd.nist.gov/vuln/detail/CVE-2022-29901))<br><br>## Bug fixes:<br><br><br>## Changes:<br><br><br>## Updates:<br><br>- Linux ([5.10.134](https://lwn.net/Articles/902918) (includes [5.10.133](https://lwn.net/Articles/902372), [5.10.132](https://lwn.net/Articles/902102)))<br>- ca-certificates ([3.81](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_81.html))<br><br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.10.134<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-08-04T12:04:45+00:00 @@ -910,7 +918,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3033.3.3 3033.3.3 - 2023-10-25T10:20:44.107787+00:00 + 2023-11-22T09:59:34.022599+00:00 New **LTS-2022** Release **3033.3.3**<br><br>_Changes since **LTS 3033.3.2**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2021-33655](https://nvd.nist.gov/vuln/detail/CVE-2021-33655), [CVE-2021-33656](https://nvd.nist.gov/vuln/detail/CVE-2021-33656), [CVE-2022-2318](https://nvd.nist.gov/vuln/detail/CVE-2022-2318), [CVE-2022-26365](https://nvd.nist.gov/vuln/detail/CVE-2022-26365), [CVE-2022-32296](https://nvd.nist.gov/vuln/detail/CVE-2022-32296), [CVE-2022-33740](https://nvd.nist.gov/vuln/detail/CVE-2022-33740), [CVE-2022-33741](https://nvd.nist.gov/vuln/detail/CVE-2022-33741), [CVE-2022-33742](https://nvd.nist.gov/vuln/detail/CVE-2022-33742), [CVE-2022-33743](https://nvd.nist.gov/vuln/detail/CVE-2022-33743), [CVE-2022-33744](https://nvd.nist.gov/vuln/detail/CVE-2022-33744), [CVE-2022-34918](https://nvd.nist.gov/vuln/detail/CVE-2022-34918))<br>- containerd ([CVE-2022-31030](https://nvd.nist.gov/vuln/detail/CVE-2022-31030))<br><br>#### Bug fixes:<br><br>- Removed outdated LTS channel information printed on login ([init#75](https://github.com/flatcar/init/pull/75))<br><br>#### Changes:<br><br>- Enabled `containerd.service` unit, `br_netfilter` and `overlay` modules by default to follow Kubernetes requirements ([coreos-overlay#1944](https://github.com/flatcar/coreos-overlay/pull/1944), [init#72](https://github.com/flatcar/init/pull/72))<br>- DigitalOcean: In addition to the `bz2` image, a `gz` compressed image is published. This helps against hitting the compression timeout that sometimes lets the image import fail.<br>- OpenStack: In addition to the `bz2` image, a `gz` compressed image is published. This allows Glance to directly consume the images by simply passing in the URL of the image.<br>- SDK: The image compression format is now configurable. Supported formats are: `bz2`, `gz`, `zip`, `none`, `zst`. Selecting the image format can now be done by passing the `--image_compression_formats` option. This flag gets a comma separated list of formats.<br><br>#### Updates:<br><br>- Linux ([5.10.131](https://lwn.net/Articles/901381/) (includes [5.10.130](https://lwn.net/Articles/900910), [5.10.129](https://lwn.net/Articles/900322), [5.10.128](https://lwn.net/Articles/899789), [5.10.127](https://lwn.net/Articles/899371), [5.10.126](https://lwn.net/Articles/899121), [5.10.125](https://lwn.net/Articles/899090), [5.10.124](https://lwn.net/Articles/898623)))<br>- ca-certificates ([3.80](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_80.html))<br>- containerd ([1.5.13](https://github.com/containerd/containerd/releases/tag/v1.5.13))<br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.10.131<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-07-21T15:46:59+00:00 @@ -918,7 +926,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3033.3.2 3033.3.2 - 2023-10-25T10:20:44.101770+00:00 + 2023-11-22T09:59:34.016547+00:00 New **LTS-2022** Release **3033.3.2**<br><br>Changes since **LTS 3033.3.1**<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-1012](https://nvd.nist.gov/vuln/detail/CVE-2022-1012), [CVE-2022-1789](https://nvd.nist.gov/vuln/detail/CVE-2022-1789), [CVE-2022-1852](https://nvd.nist.gov/vuln/detail/CVE-2022-1852), [CVE-2022-1972](https://nvd.nist.gov/vuln/detail/CVE-2022-1972), [CVE-2022-2078](https://nvd.nist.gov/vuln/detail/CVE-2022-2078), [CVE-2022-21499](https://nvd.nist.gov/vuln/detail/CVE-2022-21499), [CVE-2022-32250](https://nvd.nist.gov/vuln/detail/CVE-2022-32250), [CVE-2022-32981](https://nvd.nist.gov/vuln/detail/CVE-2022-32981))<br>- libpcre2 ([CVE-2022-1586](https://nvd.nist.gov/vuln/detail/CVE-2022-1586), [CVE-2022-1587](https://nvd.nist.gov/vuln/detail/CVE-2022-1587))<br><br>#### Updates:<br><br>- Linux ([5.10.123](https://lwn.net/Articles/898125) (includes [5.10.122](https://lwn.net/Articles/897903), [5.10.121](https://lwn.net/Articles/897378), [5.10.120](https://lwn.net/Articles/897168), [5.10.119](https://lwn.net/Articles/896648))<br>- ca-certificates ([3.79](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_79.html))<br>- libpcre2 ([10.40](https://github.com/PCRE2Project/pcre2/blob/pcre2-10.40/NEWS))<br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.10.123<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-06-23T11:49:00+00:00 @@ -926,7 +934,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3033.3.1 3033.3.1 - 2023-10-25T10:20:44.096803+00:00 + 2023-11-22T09:59:34.011499+00:00 New **LTS-2022** Release **3033.3.1**<br><br>_Changes since **LTS-2022 3033.3.0**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-28390](https://nvd.nist.gov/vuln/detail/CVE-2022-28390), [CVE-2022-0168](https://nvd.nist.gov/vuln/detail/CVE-2022-0168), [CVE-2022-1158](https://nvd.nist.gov/vuln/detail/CVE-2022-1158), [CVE-2022-1353](https://nvd.nist.gov/vuln/detail/CVE-2022-1353), [CVE-2022-30594](https://nvd.nist.gov/vuln/detail/CVE-2022-30594), [CVE-2022-1198](https://nvd.nist.gov/vuln/detail/CVE-2022-1198), [CVE-2022-28389](https://nvd.nist.gov/vuln/detail/CVE-2022-28389), [CVE-2022-28388](https://nvd.nist.gov/vuln/detail/CVE-2022-28388), [CVE-2022-1516](https://nvd.nist.gov/vuln/detail/CVE-2022-1516), [CVE-2022-29582](https://nvd.nist.gov/vuln/detail/CVE-2022-29582), [CVE-2021-4197](https://nvd.nist.gov/vuln/detail/CVE-2021-4197), [CVE-2022-1204](https://nvd.nist.gov/vuln/detail/CVE-2022-1204), [CVE-2022-1205](https://nvd.nist.gov/vuln/detail/CVE-2022-1205), [CVE-2022-29581](https://nvd.nist.gov/vuln/detail/CVE-2022-29581), [CVE-2022-1836](https://nvd.nist.gov/vuln/detail/CVE-2022-1836), [CVE-2022-1734](https://nvd.nist.gov/vuln/detail/CVE-2022-1734), [CVE-2022-0494](https://nvd.nist.gov/vuln/detail/CVE-2022-0494), [CVE-2022-28893](https://nvd.nist.gov/vuln/detail/CVE-2022-28893), [CVE-2022-1729](https://nvd.nist.gov/vuln/detail/CVE-2022-1729), [CVE-2022-0854](https://nvd.nist.gov/vuln/detail/CVE-2022-0854))<br><br>#### Bug fixes:<br><br>- Ensured `/etc/flatcar/update.conf` exists because it happens to be used as flag file for Ansible ([init#71](https://github.com/flatcar/init/pull/71))<br><br>#### Updates:<br><br>- Linux ([5.10.118](https://lwn.net/Articles/896225/) (includes [5.10.117](https://lwn.net/Articles/895646), [5.10.116](https://lwn.net/Articles/895319), [5.10.115](https://lwn.net/Articles/895071), [5.10.114](https://lwn.net/Articles/894358), [5.10.113](https://lwn.net/Articles/892813), [5.10.112](https://lwn.net/Articles/891997), [5.10.111](https://lwn.net/Articles/891252), [5.10.110](https://lwn.net/Articles/890723)))<br>- ca-certificates ([3.78](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_78.html))<br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.10.118<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-06-02T15:10:04+00:00 @@ -934,7 +942,7 @@ https://github.com/flatcar/scripts/releases/tag/lts-3033.3.18 3033.3.18 - 2023-10-25T10:20:44.091298+00:00 + 2023-11-22T09:59:34.005905+00:00 _Changes since **LTS 3033.3.17**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2023-31085](https://nvd.nist.gov/vuln/detail/CVE-2023-31085), [CVE-2023-34324](https://nvd.nist.gov/vuln/detail/CVE-2023-34324), [CVE-2023-39189](https://nvd.nist.gov/vuln/detail/CVE-2023-39189), [CVE-2023-39192](https://nvd.nist.gov/vuln/detail/CVE-2023-39192), [CVE-2023-39193](https://nvd.nist.gov/vuln/detail/CVE-2023-39193), [CVE-2023-4244](https://nvd.nist.gov/vuln/detail/CVE-2023-4244), [CVE-2023-42752](https://nvd.nist.gov/vuln/detail/CVE-2023-42752), [CVE-2023-42753](https://nvd.nist.gov/vuln/detail/CVE-2023-42753), [CVE-2023-42754](https://nvd.nist.gov/vuln/detail/CVE-2023-42754), [CVE-2023-42755](https://nvd.nist.gov/vuln/detail/CVE-2023-42755), [CVE-2023-45871](https://nvd.nist.gov/vuln/detail/CVE-2023-45871), [CVE-2023-4623](https://nvd.nist.gov/vuln/detail/CVE-2023-4623), [CVE-2023-4921](https://nvd.nist.gov/vuln/detail/CVE-2023-4921), [CVE-2023-5197](https://nvd.nist.gov/vuln/detail/CVE-2023-5197))<br>- curl ([CVE-2023-38545](https://nvd.nist.gov/vuln/detail/CVE-2023-38545), [CVE-2023-38546](https://nvd.nist.gov/vuln/detail/CVE-2023-38546))<br><br>#### Bug fixes:<br><br><br>#### Changes:<br><br>- Add support for Microsoft Azure Network Adapter (MANA) NICs on Azure ([scripts#1131](https://github.com/flatcar/scripts/pull/1131))<br><br>#### Updates:<br><br>- ca-certificates ([3.94](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_94.html))<br>- Linux ([5.10.198](https://lwn.net/Articles/947300) (includes [5.10.197](https://lwn.net/Articles/945381), [5.10.196](https://lwn.net/Articles/945131), [5.10.195](https://lwn.net/Articles/944878), [5.10.194](https://lwn.net/Articles/943405)))<br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.10.198<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-10-25T08:40:29+00:00 @@ -942,7 +950,7 @@ https://github.com/flatcar/scripts/releases/tag/lts-3033.3.17 3033.3.17 - 2023-10-25T10:20:44.086124+00:00 + 2023-11-22T09:59:34.000697+00:00 _Changes since **LTS 3033.3.16**_<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2022-40982](https://nvd.nist.gov/vuln/detail/CVE-2022-40982), [CVE-2022-41804](https://nvd.nist.gov/vuln/detail/CVE-2022-41804), [CVE-2023-20569](https://nvd.nist.gov/vuln/detail/CVE-2023-20569), [CVE-2023-23908](https://nvd.nist.gov/vuln/detail/CVE-2023-23908), [CVE-2023-1206](https://nvd.nist.gov/vuln/detail/CVE-2023-1206), [CVE-2023-20588](https://nvd.nist.gov/vuln/detail/CVE-2023-20588), [CVE-2023-40283](https://nvd.nist.gov/vuln/detail/CVE-2023-40283), [CVE-2023-4128](https://nvd.nist.gov/vuln/detail/CVE-2023-4128), [CVE-2023-4147](https://nvd.nist.gov/vuln/detail/CVE-2023-4147), [CVE-2023-4273](https://nvd.nist.gov/vuln/detail/CVE-2023-4273))<br> <br> #### Updates:<br> <br> - Linux ([5.10.193](https://lwn.net/Articles/943114) (includes [5.10.192](https://lwn.net/Articles/942867), [5.10.191](https://lwn.net/Articles/941777),[5.10.190](https://lwn.net/Articles/941276), [5.10.189](https://lwn.net/Articles/940802)))<br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.10.193<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-09-06T13:19:04+00:00 @@ -950,7 +958,7 @@ https://github.com/flatcar/scripts/releases/tag/lts-3033.3.16 3033.3.16 - 2023-10-25T10:20:44.081342+00:00 + 2023-11-22T09:59:33.995815+00:00 _Changes since **LTS 3033.3.15**_<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2023-20593](https://nvd.nist.gov/vuln/detail/CVE-2023-20593), [CVE-2023-2898](https://nvd.nist.gov/vuln/detail/CVE-2023-2898), [CVE-2023-31248](https://nvd.nist.gov/vuln/detail/CVE-2023-31248), [CVE-2023-3390](https://nvd.nist.gov/vuln/detail/CVE-2023-3390), [CVE-2023-35001](https://nvd.nist.gov/vuln/detail/CVE-2023-35001), [CVE-2023-3610](https://nvd.nist.gov/vuln/detail/CVE-2023-3610), [CVE-2023-3611](https://nvd.nist.gov/vuln/detail/CVE-2023-3611), [CVE-2023-3776](https://nvd.nist.gov/vuln/detail/CVE-2023-3776), [CVE-2023-3863](https://nvd.nist.gov/vuln/detail/CVE-2023-3863))<br> - linux-firmware ([CVE-2023-20593](https://nvd.nist.gov/vuln/detail/CVE-2023-20593))<br> <br> #### Updates:<br> <br> - Linux ([5.10.188](https://lwn.net/Articles/939425) (includes [5.10.187](https://lwn.net/Articles/939105)))<br> - ca-certificates ([3.92](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_92.html))<br> - linux-firmware ([20230625](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20230625))<br><br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.10.188<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-08-09T11:41:25+00:00 @@ -958,7 +966,7 @@ https://github.com/flatcar/scripts/releases/tag/lts-3033.3.15 3033.3.15 - 2023-10-25T10:20:44.076407+00:00 + 2023-11-22T09:59:33.990909+00:00 _Changes since **LTS 3033.3.14**_<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2023-3338](https://nvd.nist.gov/vuln/detail/CVE-2023-3338))<br> <br> #### Bug fixes:<br> <br> <br> #### Changes:<br> <br> - Changed ext4 inode size of root partition to 256 bytes. This improves compatibility with applications and is necessary for 2038 readiness ([Flatcar#1082](https://github.com/flatcar/Flatcar/issues/1082))<br> <br> #### Updates:<br> <br> - Linux ([5.10.186](https://lwn.net/Articles/936676) (includes [5.10.185](https://lwn.net/Articles/935583)))<br> - ca-certificates ([3.91](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_91.html))<br><br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.10.186<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-07-18T09:01:17+00:00 @@ -966,7 +974,7 @@ https://github.com/flatcar/scripts/releases/tag/lts-3033.3.14 3033.3.14 - 2023-10-25T10:20:44.071683+00:00 + 2023-11-22T09:59:33.986119+00:00 _Changes since **LTS 3033.3.13**_<br> <br>#### Security fixes:<br> <br>- Linux ([CVE-2022-4269](https://nvd.nist.gov/vuln/detail/CVE-2022-4269))<br> <br>#### Updates:<br> <br>- Linux ([5.10.184](https://lwn.net/Articles/934624) (includes [5.10.183](https://lwn.net/Articles/934321), [5.10.182](https://lwn.net/Articles/933910), [5.10.181](https://lwn.net/Articles/933279)))<br>- ca-certificates ([3.90](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_90.html))<br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.10.184<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-06-21T12:18:59+00:00 @@ -974,7 +982,7 @@ https://github.com/flatcar/scripts/releases/tag/lts-3033.3.13 3033.3.13 - 2023-10-25T10:20:44.067114+00:00 + 2023-11-22T09:59:33.981535+00:00 _Changes since **LTS 3033.3.12**_<br> <br>#### Security fixes:<br> <br> - Linux ([CVE-2022-39189](https://nvd.nist.gov/vuln/detail/CVE-2022-39189), [CVE-2023-1380](https://nvd.nist.gov/vuln/detail/CVE-2023-1380), [CVE-2023-2002](https://nvd.nist.gov/vuln/detail/CVE-2023-2002), [CVE-2023-2269](https://nvd.nist.gov/vuln/detail/CVE-2023-2269), [CVE-2023-2513](https://nvd.nist.gov/vuln/detail/CVE-2023-2513), [CVE-2023-31436](https://nvd.nist.gov/vuln/detail/CVE-2023-31436), [CVE-2023-32233](https://nvd.nist.gov/vuln/detail/CVE-2023-32233))<br> <br>#### Bug fixes:<br> <br> <br>#### Changes:<br> <br> <br>#### Updates:<br> <br> - Linux ([5.10.180](https://lwn.net/Articles/932135) (includes [5.10.179](https://lwn.net/Articles/930264)))<br> - ca-certificates ([3.89.1](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_89_1.html))<br><br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.10.180<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-06-01T11:48:40+00:00 @@ -982,7 +990,7 @@ https://github.com/flatcar/scripts/releases/tag/lts-3033.3.12 3033.3.12 - 2023-10-25T10:20:44.062361+00:00 + 2023-11-22T09:59:33.976720+00:00 _Changes since **LTS 3033.3.11**_<br><br>#### Security fixes:<br><br>- nvidia-drivers ([CVE-2022-31607](https://nvd.nist.gov/vuln/detail/CVE-2022-31607), [CVE-2022-31608](https://nvd.nist.gov/vuln/detail/CVE-2022-31608), [CVE-2022-31615](https://nvd.nist.gov/vuln/detail/CVE-2022-31615), [CVE-2022-34665](https://nvd.nist.gov/vuln/detail/CVE-2022-34665), [CVE-2022-34666](https://nvd.nist.gov/vuln/detail/CVE-2022-34666), [CVE-2022-34670](https://nvd.nist.gov/vuln/detail/CVE-2022-34670), [CVE-2022-34673](https://nvd.nist.gov/vuln/detail/CVE-2022-34673), [CVE-2022-34674](https://nvd.nist.gov/vuln/detail/CVE-2022-34674), [CVE-2022-34676](https://nvd.nist.gov/vuln/detail/CVE-2022-34676), [CVE-2022-34677](https://nvd.nist.gov/vuln/detail/CVE-2022-34677), [CVE-2022-34678](https://nvd.nist.gov/vuln/detail/CVE-2022-34678), [CVE-2022-34679](https://nvd.nist.gov/vuln/detail/CVE-2022-34679), [CVE-2022-34680](https://nvd.nist.gov/vuln/detail/CVE-2022-34680), [CVE-2022-34682](https://nvd.nist.gov/vuln/detail/CVE-2022-34682), [CVE-2022-34684](https://nvd.nist.gov/vuln/detail/CVE-2022-34684), [CVE-2022-42254](https://nvd.nist.gov/vuln/detail/CVE-2022-42254), [CVE-2022-42255](https://nvd.nist.gov/vuln/detail/CVE-2022-42255), [CVE-2022-42256](https://nvd.nist.gov/vuln/detail/CVE-2022-42256), [CVE-2022-42257](https://nvd.nist.gov/vuln/detail/CVE-2022-42257), [CVE-2022-42258](https://nvd.nist.gov/vuln/detail/CVE-2022-42258), [CVE-2022-42259](https://nvd.nist.gov/vuln/detail/CVE-2022-42259), [CVE-2022-42260](https://nvd.nist.gov/vuln/detail/CVE-2022-42260), [CVE-2022-42261](https://nvd.nist.gov/vuln/detail/CVE-2022-42261), [CVE-2022-42263](https://nvd.nist.gov/vuln/detail/CVE-2022-42263), [CVE-2022-42264](https://nvd.nist.gov/vuln/detail/CVE-2022-42264), [CVE-2022-42265](https://nvd.nist.gov/vuln/detail/CVE-2022-42265))<br><br>#### Bug fixes:<br>- Fix the broken emerge-gitclone in the dev-container owing to the missing migration action around the unification of the Flatcar core repositories<br><br>#### Changes:<br>- The package upgrade for nvidia-drivers might result in not supporting a few of the older NVIDIA Tesla GPUs. If you are facing issues, set `NVIDIA_DRIVER_VERSION=460.106.00` in `/etc/flatcar/nvidia-metadata`<br><br>#### Updates:<br><br>- Linux ([5.10.178](https://lwn.net/Articles/929680/))<br>- nvidia-drivers ([525.105.17](https://docs.nvidia.com/datacenter/tesla/tesla-release-notes-525-105-17/index.html))<br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.10.178<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-04-25T13:46:55+00:00 @@ -990,7 +998,7 @@ https://github.com/flatcar/scripts/releases/tag/lts-3033.3.11 3033.3.11 - 2023-10-25T10:20:44.056667+00:00 + 2023-11-22T09:59:33.970877+00:00 _Changes since **LTS 3033.3.10**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-4379](https://nvd.nist.gov/vuln/detail/CVE-2022-4379), [CVE-2023-1076](https://nvd.nist.gov/vuln/detail/CVE-2023-1076), [CVE-2023-1077](https://nvd.nist.gov/vuln/detail/CVE-2023-1077), [CVE-2023-1079](https://nvd.nist.gov/vuln/detail/CVE-2023-1079), [CVE-2023-1118](https://nvd.nist.gov/vuln/detail/CVE-2023-1118), [CVE-2023-1611](https://nvd.nist.gov/vuln/detail/CVE-2023-1611), [CVE-2023-1670](https://nvd.nist.gov/vuln/detail/CVE-2023-1670), [CVE-2023-1829](https://nvd.nist.gov/vuln/detail/CVE-2023-1829), [CVE-2023-1855](https://nvd.nist.gov/vuln/detail/CVE-2023-1855), [CVE-2023-1989](https://nvd.nist.gov/vuln/detail/CVE-2023-1989), [CVE-2023-1990](https://nvd.nist.gov/vuln/detail/CVE-2023-1990), [CVE-2023-23004](https://nvd.nist.gov/vuln/detail/CVE-2023-23004), [CVE-2023-25012](https://nvd.nist.gov/vuln/detail/CVE-2023-25012), [CVE-2023-28466](https://nvd.nist.gov/vuln/detail/CVE-2023-28466), [CVE-2023-30456](https://nvd.nist.gov/vuln/detail/CVE-2023-30456), [CVE-2023-30772](https://nvd.nist.gov/vuln/detail/CVE-2023-30772))<br><br>#### Bug fixes:<br><br><br>#### Changes:<br><br>- Added new image signing pub key to `flatcar-install`, needed for download verification of releases built from July 2023 onwards, if you have copies of `flatcar-install` or the image signing pub key, you need to update them as well ([init#92](https://github.com/flatcar/init/pull/92))<br><br>#### Updates:<br><br>- ca-certificates ([3.89](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_89.html))<br>- Linux ([5.10.177](https://lwn.net/Articles/928342) (includes [5.10.176](https://lwn.net/Articles/926874), [5.10.175](https://lwn.net/Articles/926416), [5.10.174](https://lwn.net/Articles/925992), [5.10.173](https://lwn.net/Articles/925935)))<br><br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.10.177<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-04-17T13:20:00+00:00 @@ -998,7 +1006,7 @@ https://github.com/flatcar/scripts/releases/tag/lts-3033.3.10 3033.3.10 - 2023-10-25T10:20:44.051317+00:00 + 2023-11-22T09:59:33.965419+00:00 _Changes since **LTS 3033.3.9**_<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2022-2196](https://nvd.nist.gov/vuln/detail/CVE-2022-2196), [CVE-2022-3707](https://nvd.nist.gov/vuln/detail/CVE-2022-3707), [CVE-2022-4129](https://nvd.nist.gov/vuln/detail/CVE-2022-4129), [CVE-2022-4382](https://nvd.nist.gov/vuln/detail/CVE-2022-4382), [CVE-2023-1073](https://nvd.nist.gov/vuln/detail/CVE-2023-1073), [CVE-2023-1074](https://nvd.nist.gov/vuln/detail/CVE-2023-1074), [CVE-2023-1078](https://nvd.nist.gov/vuln/detail/CVE-2023-1078), [CVE-2023-22998](https://nvd.nist.gov/vuln/detail/CVE-2023-22998), [CVE-2023-23559](https://nvd.nist.gov/vuln/detail/CVE-2023-23559), [CVE-2023-26545](https://nvd.nist.gov/vuln/detail/CVE-2023-26545))<br> <br> #### Updates:<br> <br> - Linux ([5.10.172](https://lwn.net/Articles/925079) (includes [5.10.171](https://lwn.net/Articles/925065), [5.10.170](https://lwn.net/Articles/924440), [5.10.169](https://lwn.net/Articles/924074), [5.10.168](https://lwn.net/Articles/923395), [5.10.167](https://lwn.net/Articles/922341), [5.10.166](https://lwn.net/Articles/921852), [5.10.165](https://lwn.net/Articles/921030)))<br> - ca-certificates ([3.88.1](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_88_1.html))<br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.10.172<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-03-07T15:25:03+00:00 @@ -1006,7 +1014,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3033.3.0 3033.3.0 - 2023-10-25T10:20:44.046044+00:00 + 2023-11-22T09:59:33.960058+00:00 New **LTS-2022** Release **3033.3.0**<br><br>_Changes since **LTS-2021 2605.27.1**_<br><br>Update to CGroupsV2: Flatcar Container Linux migrates to the unified cgroup hierarchy (aka cgroups v2)! New nodes will utilize cgroups v2 by default. Existing nodes remain on cgroups v1 and need to be manually migrated to cgroups v2. To learn more about the cgroups v2 on Flatcar Container Linux and the migration guide, please refer to https://flatcar-linux.org/docs/latest/container-runtimes/switching-to-unified-cgroups/<br><br>Other notable changes: cri-tools and lbzip2 got added, PAM tally2 got replaced by PAM faillock, only a single Docker version is now shipped (20.10), and rkt, kubelet-wapper, dhcpcd, and containerd-stress got removed.<br><br>### Security fixes:<br><br>(Note: Not all fixed issues may have been present in the old versions)<br>- Linux ([CVE-2020-27170](https://nvd.nist.gov/vuln/detail/CVE-2020-27170), [CVE-2020-25220](https://nvd.nist.gov/vuln/detail/CVE-2020-25220), [CVE-2020-27171](https://nvd.nist.gov/vuln/detail/CVE-2020-27171), [CVE-2020-35499](https://nvd.nist.gov/vuln/detail/CVE-2020-35499), [CVE-2022-0286](https://nvd.nist.gov/vuln/detail/CVE-2022-0286), [CVE-2022-0516](https://nvd.nist.gov/vuln/detail/CVE-2022-0516), [CVE-2021-3411](https://nvd.nist.gov/vuln/detail/CVE-2021-3411), [CVE-2021-3489](https://nvd.nist.gov/vuln/detail/CVE-2021-3489), [CVE-2021-3490](https://nvd.nist.gov/vuln/detail/CVE-2021-3490), [CVE-2021-3491](https://nvd.nist.gov/vuln/detail/CVE-2021-3491), [CVE-2021-3501](https://nvd.nist.gov/vuln/detail/CVE-2021-3501), [CVE-2021-3543](https://nvd.nist.gov/vuln/detail/CVE-2021-3543), [CVE-2021-4001](https://nvd.nist.gov/vuln/detail/CVE-2021-4001), [CVE-2021-4028](https://nvd.nist.gov/vuln/detail/CVE-2021-4028), [CVE-2021-4204](https://nvd.nist.gov/vuln/detail/CVE-2021-4204), [CVE-2021-20268](https://nvd.nist.gov/vuln/detail/CVE-2021-20268), [CVE-2021-22600](https://nvd.nist.gov/vuln/detail/CVE-2021-22600), [CVE-2021-26708](https://nvd.nist.gov/vuln/detail/CVE-2021-26708), [CVE-2021-28039](https://nvd.nist.gov/vuln/detail/CVE-2021-28039), [CVE-2021-28691](https://nvd.nist.gov/vuln/detail/CVE-2021-28691), [CVE-2021-28952](https://nvd.nist.gov/vuln/detail/CVE-2021-28952), [CVE-2021-29266](https://nvd.nist.gov/vuln/detail/CVE-2021-29266), [CVE-2021-29646](https://nvd.nist.gov/vuln/detail/CVE-2021-29646), [CVE-2021-29649](https://nvd.nist.gov/vuln/detail/CVE-2021-29649), [CVE-2021-29657](https://nvd.nist.gov/vuln/detail/CVE-2021-29657), [CVE-2021-34866](https://nvd.nist.gov/vuln/detail/CVE-2021-34866), [CVE-2021-38166](https://nvd.nist.gov/vuln/detail/CVE-2021-38166), [CVE-2021-38206](https://nvd.nist.gov/vuln/detail/CVE-2021-38206), [CVE-2021-38207](https://nvd.nist.gov/vuln/detail/CVE-2021-38207), [CVE-2021-38209](https://nvd.nist.gov/vuln/detail/CVE-2021-38209), [CVE-2021-31440](https://nvd.nist.gov/vuln/detail/CVE-2021-31440), [CVE-2021-41073](https://nvd.nist.gov/vuln/detail/CVE-2021-41073), [CVE-2021-42327](https://nvd.nist.gov/vuln/detail/CVE-2021-42327), [CVE-2021-45402](https://nvd.nist.gov/vuln/detail/CVE-2021-45402), [CVE-2021-43267](https://nvd.nist.gov/vuln/detail/CVE-2021-43267), [CVE-2021-46283](https://nvd.nist.gov/vuln/detail/CVE-2021-46283), [CVE-2022-0847](https://nvd.nist.gov/vuln/detail/CVE-2022-0847))<br>- systemd ([CVE-2020-13529](https://nvd.nist.gov/vuln/detail/CVE-2020-13529), [CVE-2021-3997](https://nvd.nist.gov/vuln/detail/CVE-2021-3997), [CVE-2021-33910](https://nvd.nist.gov/vuln/detail/CVE-2021-33910))<br>- Docker ([CVE-2021-21284](https://nvd.nist.gov/vuln/detail/CVE-2021-21284), [CVE-2021-21285](https://nvd.nist.gov/vuln/detail/CVE-2021-21285), [CVE-2021-41089](https://nvd.nist.gov/vuln/detail/CVE-2021-41089), [CVE-2021-41091](https://nvd.nist.gov/vuln/detail/CVE-2021-41091), [CVE-2021-41092](https://nvd.nist.gov/vuln/detail/CVE-2021-41092))<br>- containerd ([CVE-2020-15257](https://nvd.nist.gov/vuln/detail/CVE-2020-15257), [CVE-2021-21334](https://nvd.nist.gov/vuln/detail/CVE-2021-21334), [CVE-2021-32760](https://nvd.nist.gov/vuln/detail/CVE-2021-32760), [CVE-2021-41103](https://nvd.nist.gov/vuln/detail/CVE-2021-41103), [CVE-2021-43816](https://nvd.nist.gov/vuln/detail/CVE-2021-43816), [CVE-2022-23648](https://nvd.nist.gov/vuln/detail/CVE-2022-23648), [CVE-2022-24769](https://nvd.nist.gov/vuln/detail/CVE-2022-24769))<br>- Docker, containerd ([CVE-2021-41190](https://nvd.nist.gov/vuln/detail/CVE-2021-41190))<br>- glibc ([CVE-2019-25013](https://nvd.nist.gov/vuln/detail/CVE-2019-25013), [CVE-2020-27618](https://nvd.nist.gov/vuln/detail/CVE-2020-27618), [CVE-2020-29562](https://nvd.nist.gov/vuln/detail/CVE-2020-29562), [CVE-2021-3998](https://nvd.nist.gov/vuln/detail/CVE-2021-3998), [CVE-2021-3999](https://nvd.nist.gov/vuln/detail/CVE-2021-3999), [CVE-2021-27645](https://nvd.nist.gov/vuln/detail/CVE-2021-27645), [CVE-2021-33574](https://nvd.nist.gov/vuln/detail/CVE-2021-33574), [CVE-2021-35942](https://nvd.nist.gov/vuln/detail/CVE-2021-35942), [CVE-2021-38604](https://nvd.nist.gov/vuln/detail/CVE-2021-38604), [CVE-2022-23218](https://nvd.nist.gov/vuln/detail/CVE-2022-23218), [CVE-2022-23219](https://nvd.nist.gov/vuln/detail/CVE-2022-23219))<br>- Go ([CVE-2020-28362](https://nvd.nist.gov/vuln/detail/CVE-2020-28362), [CVE-2020-28366](https://nvd.nist.gov/vuln/detail/CVE-2020-28366), [CVE-2020-28367](https://nvd.nist.gov/vuln/detail/CVE-2020-28367), [CVE-2021-27918](https://nvd.nist.gov/vuln/detail/CVE-2021-27918), [CVE-2021-27919](https://nvd.nist.gov/vuln/detail/CVE-2021-27919), [CVE-2021-29923](https://nvd.nist.gov/vuln/detail/CVE-2021-29923), [CVE-2021-31525](https://nvd.nist.gov/vuln/detail/CVE-2021-31525), [CVE-2021-33195](https://nvd.nist.gov/vuln/detail/CVE-2021-33195),[CVE-2021-33196](https://nvd.nist.gov/vuln/detail/CVE-2021-33196),[CVE-2021-33197](https://nvd.nist.gov/vuln/detail/CVE-2021-33197),[CVE-2021-33198](https://nvd.nist.gov/vuln/detail/CVE-2021-33198), [CVE-2021-34558](https://nvd.nist.gov/vuln/detail/CVE-2021-34558), [CVE-2021-36221](https://nvd.nist.gov/vuln/detail/CVE-2021-36221), [CVE-2021-38297](https://nvd.nist.gov/vuln/detail/CVE-2021-38297), [CVE-2021-39293](https://nvd.nist.gov/vuln/detail/CVE-2021-39293), [CVE-2021-44716](https://nvd.nist.gov/vuln/detail/CVE-2021-44716), [CVE-2021-44717](https://nvd.nist.gov/vuln/detail/CVE-2021-44717), [CVE-2021-41771](https://nvd.nist.gov/vuln/detail/CVE-2021-41771), [CVE-2021-41772](https://nvd.nist.gov/vuln/detail/CVE-2021-41772), [CVE-2022-23772](https://nvd.nist.gov/vuln/detail/CVE-2022-23772), [CVE-2022-23773](https://nvd.nist.gov/vuln/detail/CVE-2022-23773), [CVE-2022-23806](https://nvd.nist.gov/vuln/detail/CVE-2022-23806), [CVE-2022-24921](https://nvd.nist.gov/vuln/detail/CVE-2022-24921))<br>- bash ([CVE-2019-9924](https://nvd.nist.gov/vuln/detail/CVE-2019-9924), [CVE-2019-18276](https://nvd.nist.gov/vuln/detail/CVE-2019-18276))<br>- binutils ([CVE-2021-20197](https://nvd.nist.gov/vuln/detail/CVE-2021-20197), [CVE-2021-3487](https://nvd.nist.gov/vuln/detail/CVE-2021-3487), [CVE-2021-3530](https://nvd.nist.gov/vuln/detail/CVE-2021-3530), [CVE-2021-3549](https://nvd.nist.gov/vuln/detail/CVE-2021-3549))<br>- boost ([CVE-2012-2677](https://nvd.nist.gov/vuln/detail/CVE-2012-2677))<br>- bsdiff [CVE-2014-9862](https://nvd.nist.gov/vuln/detail/CVE-2014-9862)<br>- bzip2 ([CVE-2019-12900](https://nvd.nist.gov/vuln/detail/CVE-2019-12900))<br>- curl ([CVE-2021-22876](https://nvd.nist.gov/vuln/detail/CVE-2021-22876), [CVE-2021-22890](https://nvd.nist.gov/vuln/detail/CVE-2021-22890), [CVE-2021-22898](https://nvd.nist.gov/vuln/detail/CVE-2021-22898), [CVE-2021-22901](https://nvd.nist.gov/vuln/detail/CVE-2021-22901), [CVE-2021-22945](https://nvd.nist.gov/vuln/detail/CVE-2021-22945), [CVE-2021-22946](https://nvd.nist.gov/vuln/detail/CVE-2021-22946), [CVE-2021-22947](https://nvd.nist.gov/vuln/detail/CVE-2021-22947), [CVE-2021-22922](https://nvd.nist.gov/vuln/detail/CVE-2021-22922), [CVE-2021-22923](https://nvd.nist.gov/vuln/detail/CVE-2021-22923), [CVE-2021-22924](https://nvd.nist.gov/vuln/detail/CVE-2021-22924), [CVE-2021-22925](https://nvd.nist.gov/vuln/detail/CVE-2021-22925), [CVE-2021-22926](https://nvd.nist.gov/vuln/detail/CVE-2021-22926))<br>- c-ares ([CVE-2020-8277](https://nvd.nist.gov/vuln/detail/CVE-2020-8277), [CVE-2021-3672](https://nvd.nist.gov/vuln/detail/CVE-2021-3672))<br>- ca-certificates ([CVE-2021-43527](https://nvd.nist.gov/vuln/detail/CVE-2021-43527))<br>- cifs-utils ([CVE-2020-14342](https://nvd.nist.gov/vuln/detail/CVE-2020-14342))<br>- coreutils ([CVE-2017-7476](https://nvd.nist.gov/vuln/detail/CVE-2017-7476))<br>- dbus ([CVE-2020-35512](https://nvd.nist.gov/vuln/detail/CVE-2020-35512))<br>- expat ([CVE-2013-0340](https://nvd.nist.gov/vuln/detail/CVE-2013-0340), [CVE-2021-45960](https://nvd.nist.gov/vuln/detail/CVE-2021-45960), [CVE-2021-46143](https://nvd.nist.gov/vuln/detail/CVE-2021-46143), [CVE-2022-22822](https://nvd.nist.gov/vuln/detail/CVE-2022-22822), [CVE-2022-22823](https://nvd.nist.gov/vuln/detail/CVE-2022-22823), [CVE-2022-22824](https://nvd.nist.gov/vuln/detail/CVE-2022-22824), [CVE-2022-22825](https://nvd.nist.gov/vuln/detail/CVE-2022-22825), [CVE-2022-22826](https://nvd.nist.gov/vuln/detail/CVE-2022-22826), [CVE-2022-22827](https://nvd.nist.gov/vuln/detail/CVE-2022-22827), [CVE-2022-23852](https://nvd.nist.gov/vuln/detail/CVE-2022-23852), [CVE-2022-23990](https://nvd.nist.gov/vuln/detail/CVE-2022-23990), [CVE-2022-25235](https://nvd.nist.gov/vuln/detail/CVE-2022-25235), [CVE-2022-25236](https://nvd.nist.gov/vuln/detail/CVE-2022-25236), [CVE-2022-25313](https://nvd.nist.gov/vuln/detail/CVE-2022-25313), [CVE-2022-25314](https://nvd.nist.gov/vuln/detail/CVE-2022-25314), [CVE-2022-25315](https://nvd.nist.gov/vuln/detail/CVE-2022-25315))<br>- gettext ([CVE-2020-12825](https://nvd.nist.gov/vuln/detail/CVE-2020-12825))<br>- git ([CVE-2021-21300](https://nvd.nist.gov/vuln/detail/CVE-2021-21300), [CVE-2021-40330](https://nvd.nist.gov/vuln/detail/CVE-2021-40330))<br>- glib ([CVE-2019-12450](https://nvd.nist.gov/vuln/detail/CVE-2019-12450), [CVE-2021-28153](https://nvd.nist.gov/vuln/detail/CVE-2021-28153), [CVE-2021-27218](https://nvd.nist.gov/vuln/detail/CVE-2021-27218), [CVE-2021-27219](https://nvd.nist.gov/vuln/detail/CVE-2021-27219))<br>- gnupg ([CVE-2020-25125](https://nvd.nist.gov/vuln/detail/CVE-2020-25125))<br>- gnutls ([CVE-2021-20231](https://nvd.nist.gov/vuln/detail/CVE-2021-20231), [CVE-2021-20232](https://nvd.nist.gov/vuln/detail/CVE-2021-20232))<br>- gptfdisk ([CVE-2021-0308](https://nvd.nist.gov/vuln/detail/CVE-2021-0308))<br>- ignition ([CVE-2020-14040](https://nvd.nist.gov/vuln/detail/CVE-2020-14040))<br>- intel-microcode ([CVE-2020-8694](https://nvd.nist.gov/vuln/detail/CVE-2020-8694), [CVE-2020-8695](https://nvd.nist.gov/vuln/detail/CVE-2020-8695), [CVE-2020-8696](https://nvd.nist.gov/vuln/detail/CVE-2020-8696), [CVE-2020-8698](https://nvd.nist.gov/vuln/detail/CVE-2020-8698), [CVE-2020-24489](https://nvd.nist.gov/vuln/detail/CVE-2020-24489), [CVE-2020-24511](https://nvd.nist.gov/vuln/detail/CVE-2020-24511), [CVE-2020-24513](https://nvd.nist.gov/vuln/detail/CVE-2020-24513))<br>- libgcrypt ([CVE-2021-33560](https://nvd.nist.gov/vuln/detail/CVE-2021-33560), [CVE-2021-40528](https://nvd.nist.gov/vuln/detail/CVE-2021-40528))<br>- libpcre ([CVE-2019-20838](https://nvd.nist.gov/vuln/detail/CVE-2019-20838), [CVE-2020-14155](https://nvd.nist.gov/vuln/detail/CVE-2020-14155))<br>- libuv ([CVE-2021-22918](https://nvd.nist.gov/vuln/detail/CVE-2021-22918))<br>- libxml2 ([CVE-2020-24977](https://nvd.nist.gov/vuln/detail/CVE-2020-24977), [CVE-2021-3516](https://nvd.nist.gov/vuln/detail/CVE-2021-3516), [CVE-2021-3517](https://nvd.nist.gov/vuln/detail/CVE-2021-3517), [CVE-2021-3518](https://nvd.nist.gov/vuln/detail/CVE-2021-3518), [CVE-2021-3541](https://nvd.nist.gov/vuln/detail/CVE-2021-3541))<br>- lz4 ([CVE-2021-3520](https://nvd.nist.gov/vuln/detail/CVE-2021-3520))<br>- mit-krb5 ([CVE-2021-36222](https://nvd.nist.gov/vuln/detail/CVE-2021-36222))<br>- ncurses ([CVE-2019-17594](https://nvd.nist.gov/vuln/detail/CVE-2019-17594), [CVE-2019-17595](https://nvd.nist.gov/vuln/detail/CVE-2019-17595))<br>- nettle ([CVE-2021-20305](https://nvd.nist.gov/vuln/detail/CVE-2021-20305), [CVE-2021-3580](https://nvd.nist.gov/vuln/detail/CVE-2021-3580))<br>- ntp ([CVE-2018-8956](https://nvd.nist.gov/vuln/detail/CVE-2018-8956), [CVE-2020-11868](https://nvd.nist.gov/vuln/detail/CVE-2020-11868), [CVE-2020-13817](https://nvd.nist.gov/vuln/detail/CVE-2020-13817), [CVE-2020-15025](https://nvd.nist.gov/vuln/detail/CVE-2020-15025))<br>- nvidia-drivers ([CVE-2022-21813](https://nvd.nist.gov/vuln/detail/CVE-2022-21813), [CVE-2022-21814](https://nvd.nist.gov/vuln/detail/CVE-2022-21814))<br>- open-iscsi ([CVE-2017-17840](https://nvd.nist.gov/vuln/detail/CVE-2017-17840))<br>- openssl ([CVE-2021-3449](https://nvd.nist.gov/vuln/detail/CVE-2021-3449), [CVE-2021-3450](https://nvd.nist.gov/vuln/detail/CVE-2021-3450), [CVE-2022-0778](https://nvd.nist.gov/vuln/detail/CVE-2022-0778))<br>- openldap ([CVE-2020-36221](https://nvd.nist.gov/vuln/detail/CVE-2020-36221), [CVE-2020-36222](https://nvd.nist.gov/vuln/detail/CVE-2020-36222), [CVE-2020-36223](https://nvd.nist.gov/vuln/detail/CVE-2020-36223), [CVE-2020-36224](https://nvd.nist.gov/vuln/detail/CVE-2020-36224), [CVE-2020-36225](https://nvd.nist.gov/vuln/detail/CVE-2020-36225), [CVE-2020-36226](https://nvd.nist.gov/vuln/detail/CVE-2020-36226), [CVE-2020-36227](https://nvd.nist.gov/vuln/detail/CVE-2020-36227), [CVE-2020-36228](https://nvd.nist.gov/vuln/detail/CVE-2020-36228), [CVE-2020-36229](https://nvd.nist.gov/vuln/detail/CVE-2020-36229), [CVE-2020-36230](https://nvd.nist.gov/vuln/detail/CVE-2020-36230), [CVE-2021-27212](https://nvd.nist.gov/vuln/detail/CVE-2021-27212))<br>- pam [CVE-2020-27780](https://nvd.nist.gov/vuln/detail/CVE-2020-27780)<br>- polkit ([CVE-2021-3560](https://nvd.nist.gov/vuln/detail/CVE-2021-3560), [CVE-2021-4034](https://nvd.nist.gov/vuln/detail/CVE-2021-4034))<br>- runc ([CVE-2021-30465](https://nvd.nist.gov/vuln/detail/CVE-2021-30465))<br>- samba ([CVE-2019-3880](https://nvd.nist.gov/vuln/detail/CVE-2019-3880), [CVE-2019-10197](https://nvd.nist.gov/vuln/detail/CVE-2019-10197), [CVE-2019-10218](https://nvd.nist.gov/vuln/detail/CVE-2019-10218), [CVE-2020-10704](https://nvd.nist.gov/vuln/detail/CVE-2020-10704), [CVE-2020-10745](https://nvd.nist.gov/vuln/detail/CVE-2020-10745), [CVE-2020-14318](https://nvd.nist.gov/vuln/detail/CVE-2020-14318), [CVE-2020-14323](https://nvd.nist.gov/vuln/detail/CVE-2020-14323), [CVE-2020-14383](https://nvd.nist.gov/vuln/detail/CVE-2020-14383))<br>- shadow ([CVE-2019-19882](https://nvd.nist.gov/vuln/detail/CVE-2019-19882))<br>- sqlite ([CVE-2021-20227](https://nvd.nist.gov/vuln/detail/CVE-2021-20227))<br>- sssd ([CVE-2018-16838](https://nvd.nist.gov/vuln/detail/CVE-2018-16838), [CVE-2018-16883](https://nvd.nist.gov/vuln/detail/CVE-2018-16883), [CVE-2019-3811](https://nvd.nist.gov/vuln/detail/CVE-2019-3811), [CVE-2021-3621](https://nvd.nist.gov/vuln/detail/CVE-2021-3621))<br>- tar ([CVE-2021-20193](https://nvd.nist.gov/vuln/detail/CVE-2021-20193))<br>- trousers ([CVE-2020-24330](https://nvd.nist.gov/vuln/detail/CVE-2020-24330), [CVE-2020-24331](https://nvd.nist.gov/vuln/detail/CVE-2020-24331))<br>- util-linux ([CVE-2021-37600](https://nvd.nist.gov/vuln/detail/CVE-2021-37600))<br>- vim ([CVE-2021-3770](https://nvd.nist.gov/vuln/detail/CVE-2021-3770), [CVE-2021-3778](https://nvd.nist.gov/vuln/detail/CVE-2021-3778), [CVE-2021-3796](https://nvd.nist.gov/vuln/detail/CVE-2021-3796))<br>- zstd ([CVE-2021-24032](https://nvd.nist.gov/vuln/detail/CVE-2021-24032))<br>- SDK: bison ([CVE-2020-14150](https://nvd.nist.gov/vuln/detail/CVE-2020-14150), [CVE-2020-24240](https://nvd.nist.gov/vuln/detail/CVE-2020-24240))<br>- SDK: dnsmasq ([CVE-2021-3448](https://nvd.nist.gov/vuln/detail/CVE-2021-3448), [CVE-2020-25681](https://nvd.nist.gov/vuln/detail/CVE-2020-25681), [CVE-2020-25682](https://nvd.nist.gov/vuln/detail/CVE-2020-25682), [CVE-2020-25683](https://nvd.nist.gov/vuln/detail/CVE-2020-25683), [CVE-2020-25684](https://nvd.nist.gov/vuln/detail/CVE-2020-25684), [CVE-2020-25685](https://nvd.nist.gov/vuln/detail/CVE-2020-25685), [CVE-2020-25686](https://nvd.nist.gov/vuln/detail/CVE-2020-25686), [CVE-2020-25687](https://nvd.nist.gov/vuln/detail/CVE-2020-25687))<br>- SDK: perl ([CVE-2020-10878](https://nvd.nist.gov/vuln/detail/CVE-2020-10878))<br>- SDK: qemu ([CVE-2020-10717](https://nvd.nist.gov/vuln/detail/CVE-2020-10717), [CVE-2020-13754](https://nvd.nist.gov/vuln/detail/CVE-2020-13754), [CVE-2020-15859](https://nvd.nist.gov/vuln/detail/CVE-2020-15859), [CVE-2020-15863](https://nvd.nist.gov/vuln/detail/CVE-2020-15863), [CVE-2020-16092](https://nvd.nist.gov/vuln/detail/CVE-2020-16092), [CVE-2020-25741](https://nvd.nist.gov/vuln/detail/CVE-2020-25741), [CVE-2020-25742](https://nvd.nist.gov/vuln/detail/CVE-2020-25742), [CVE-2020-25743](https://nvd.nist.gov/vuln/detail/CVE-2020-25743))<br>- SDK: Rust ([CVE-2020-36323](https://nvd.nist.gov/vuln/detail/CVE-2020-36323), [CVE-2021-28876](https://nvd.nist.gov/vuln/detail/CVE-2021-28876), [CVE-2021-28877](https://nvd.nist.gov/vuln/detail/CVE-2021-28877), [CVE-2021-28878](https://nvd.nist.gov/vuln/detail/CVE-2021-28878), [CVE-2021-28879](https://nvd.nist.gov/vuln/detail/CVE-2021-28879), [CVE-2021-31162](https://nvd.nist.gov/vuln/detail/CVE-2021-31162))<br><br><br>### Bug fixes:<br><br>- The Torcx profile `docker-1.12-no` got fixed to reference the current Docker version instead of 19.03 which wasn't found on the image, causing Torcx to fail to provide Docker ([coreos-overlay#1456](https://github.com/flatcar/coreos-overlay/pull/1456))<br>- Ensured that the `/run/xtables.lock` coordination file exists for modifications of the xtables backend from containers (must be bind-mounted) or the `iptables-legacy` binaries on the host ([init#57](https://github.com/flatcar/init/pull/57))<br>- SDK: Fixed build error popping up in the new SDK Container because `policycoreutils` used the wrong ROOT to update the SELinux store ([coreos-overlay#1502](https://github.com/flatcar/coreos-overlay/pull/1502))<br>- Fixed leak of SELinux policy store to the root filesystem top directory due to wrong store path in `policycoreutils` instead of `/var/lib/selinux` ([flatcar-linux/Flatcar#596](https://github.com/flatcar/Flatcar/issues/596))<br>- Disabled the systemd-networkd settings `ManageForeignRoutes` and `ManageForeignRoutingPolicyRules` by default to ensure that CNIs like Cilium don't get their routes or routing policy rules discarded on network reconfiguration events ([Flatcar#620](https://github.com/flatcar/Flatcar/issues/620)).<br>- AWS: specify correct console (ttyS0) on kernel command line for ARM64 instances ([coreos-overlay#1628](https://github.com/flatcar/coreos-overlay/pull/1628))<br>- Prevented hitting races when creating filesystems in Ignition, these races caused boot failures like `fsck[1343]: Failed to stat /dev/disk/by-label/ROOT: No such file or directory` when creating a btrfs root filesystem ([ignition#35](https://github.com/flatcar/ignition/pull/35))<br>- Reverted the Linux kernel change to forbid xfrm id 0 for IPSec state because it broke Cilium ([Flatcar#626](https://github.com/flatcar/Flatcar/issues/626), [coreos-overlay#1682](https://github.com/flatcar/coreos-overlay/pull/1682))<br>- Reverted the Linux kernel commit which broke networking on AWS instances which use Intel 82559 NIC (c4/m4) ([Flatcar#665](https://github.com/flatcar/Flatcar/issues/665), [coreos-overlay#1720](https://github.com/flatcar/coreos-overlay/pull/1720))<br>- Added pahole to developer container, without it kernel modules built against /usr/src/linux may fail to probe with an 'invalid relocation target' error ([coreos-overlay#1839](https://github.com/flatcar/coreos-overlay/pull/1839))<br>- vim with USE=minimal was fixed to run without warning in the beginning [portage-stable#260](https://github.com/flatcar/portage-stable/pull/260)<br>- dev container: Fix github URL for coreos-overlay and portage-stable to use repos from flatcar-linux org directly instead of relying on redirects from the kinvolk org. This fixes checkouts with emerge-gitclone inside dev-container. [scripts#194](https://github.com/flatcar/scripts/pull/194)<br>- Added missing SELinux rule as initial step to resolve Torcx unpacking issue ([coreos-overlay#1426](https://github.com/flatcar/coreos-overlay/pull/1426))<br>- Randomize OEM filesystem UUID if mounting fails ([init#47](https://github.com/flatcar/init/pull/47))<br>- Run emergency.target on ignition/torcx service unit failure in dracut ([bootengine#28](https://github.com/flatcar/bootengine/pull/28))<br>- Re-enabled kernel config FS_ENCRYPTION ([coreos-overlay#1212](https://github.com/flatcar/coreos-overlay/pull/1212/))<br>- Fixed Perl in dev-container ([coreos-overlay#1238](https://github.com/flatcar/coreos-overlay/pull/1238/))<br>- Fixed containerd config after introduction of CGroupsV2 ([coreos-overlay#1214](https://github.com/flatcar/coreos-overlay/pull/1214))<br>- Fixed path for amazon-ssm-agent in base-ec2.ign ([coreos-overlay#1228](https://github.com/flatcar/coreos-overlay/pull/1228))<br>- flatcar-install: randomized OEM filesystem UUID if mounting fails ([init#47](https://github.com/flatcar/init/pull/47))<br>- Fixed null-pointer deref crash in Ignition when specifying the OEM filesystem without a label ([ignition#25](https://github.com/flatcar/ignition/pull/25))<br>- Fixed locksmith adhering to reboot window when getting the etcd lock ([locksmith#10](https://github.com/flatcar/locksmith/pull/10))<br>- Fixed pam.d sssd LDAP auth with sudo ([coreos-overlay#1170](https://github.com/flatcar/coreos-overlay/pull/1170))<br>- Let network-cleanup.service finish before entering rootfs ([coreos-overlay#1182](https://github.com/flatcar/coreos-overlay/pull/1182))<br>- Fixed SELinux policy for Flannel CNI ([coreos-overlay#1181](https://github.com/flatcar/coreos-overlay/pull/1181))<br>- Set the cilium_vxlan interface to be not managed by networkd’s default setup with DHCP as it’s managed by Cilium. ([init#43](https://github.com/flatcar/init/pull/43))<br>- Disabled SELinux by default on dockerd wrapper script ([coreos-overlay#1149](https://github.com/flatcar/coreos-overlay/pull/1149))<br>- Fixed the network-cleanup service race in the initramfs which resulted in a failure being reported<br>- GCE: Granted CAP_NET_ADMIN to set routes for the TCP LB when starting oem-gce.service ([coreos-overlay#1146](https://github.com/flatcar/coreos-overlay/pull/1146))<br>- Add the systemd tag in udev for Azure storage devices, to fix /boot automount ([init#41](https://github.com/flatcar/init/pull/41))<br>- Update-engine sent empty requests when restarted before a pending reboot ([Flatcar#388](https://github.com/flatcar/Flatcar/issues/388))<br>- systemd-networkd: Do not manage loopback network interface ([bootengine#24](https://github.com/flatcar/bootengine/pull/24) [init#40](https://github.com/flatcar/init/pull/40))<br>- flatcar-install: Detect device mapper (e.g., LVM/LUKS) usage when searching for free drives with the -s flag ([Flatcar#332](https://github.com/flatcar/Flatcar/issues/332))<br>- GCE: The old interface name ens4v1 which was replaced by eth0 due to a broken udev rule was restored, but now as alternative interface name, and eth0 will stay the primary name for consistency across cloud environments. ([init#38](https://github.com/flatcar/init/pull/38))<br>- Include firmware files for all modules shipped in our image ([Issue #359](https://github.com/flatcar/Flatcar/issues/359), [coreos-overlay#887](https://github.com/flatcar/coreos-overlay/pull/887))<br>- Add explicit path to the binary call in the coreos-metadata unit file ([Issue #360](https://github.com/flatcar/Flatcar/issues/360))<br>- sys-apps/systemd: Fix unit installation ([coreos-overlay#810](https://github.com/flatcar/coreos-overlay/pull/810))<br>- passwd: use correct GID for tss ([baselayout#15](https://github.com/flatcar/baselayout/pull/15))<br>- coreos-base/gmerge: Stop installing gmerge script ([coreos-overlay#828](https://github.com/flatcar/coreos-overlay/pull/828))<br>- Update sys-apps/coreutils and make sure they have split-usr disabled for generic images ([coreos-overlay#829](https://github.com/flatcar/coreos-overlay/pull/829))<br>- afterburn (coreos-metadata): Restart on failure and keep coreos-metadata unit active ([coreos-overlay#768](https://github.com/flatcar/coreos-overlay/pull/768))<br>- network: Accept ICMPv6 Router Advertisements to fix IPv6 address assignment in the default DHCP setting ([flatcar-linux/init#51](https://github.com/flatcar/init/pull/51), [flatcar-linux/cloudinit#12](https://github.com/flatcar/coreos-cloudinit/pull/12), [flatcar-linux/bootengine#30](https://github.com/flatcar/bootengine/pull/30))<br>- Added a new flatcar-update tool to the image to ease manual updates, rollbacks, channel/release jumping, and airgapped updates ([flatcar-linux/init#53](https://github.com/flatcar/init/pull/53))<br>- Default again to disable SELinux permissions checks in systemd which was missing in the initial systemd 246 update<br>- Default again to set DefaultTasksMax=100% in systemd which was missing in the initial systemd 246 update<br>- Make systemd detect updates again when the /usr partition changes which was missing in the initial systemd 246 update<br>- Default again to disabling IP Forwarding in systemd which was missing in the initial systemd 246 update<br>- Default again to waiting only for one network interface to be ready with systemd-networkd-wait-online which was missing in the initial systemd 246 update<br><br>### Changes:<br><br>- Backported `elf` support for `iproute2` ([coreos-overlay#1256](https://github.com/flatcar/coreos-overlay/pull/1526))<br>- Enabled the FIPS support for the Linux kernel, which users can now choose through a kernel parameter in `grub.cfg` (check it taking effect with `cat /proc/sys/crypto/fips_enabled`) ([coreos-overlay#1602](https://github.com/flatcar/coreos-overlay/pull/1602))<br>- Merge the Flatcar Pro features into the regular Flatcar images ([coreos-overlay#1679](https://github.com/flatcar/coreos-overlay/pull/1679)) <br>- Added support for switching back to CGroupsV1 without requiring a reboot. Create `/etc/flatcar-cgroupv1` through ignition. ([coreos-overlay#1666](https://github.com/flatcar/coreos-overlay/pull/1666))<br>- Enabled FIPS mode for cryptsetup ([coreos-overlay#1747](https://github.com/flatcar/coreos-overlay/pull/1747))<br>- GCE: Enabled GVE kernel driver, which adds support for Google Virtual NIC on GCP ([coreos-overlay#1802](https://github.com/flatcar/coreos-overlay/pull/1802))<br>- Enabled FIPS mode for cryptsetup ([portage-stable#312](https://github.com/flatcar/portage-stable/pull/312))<br>- Added GPIO support ([coreos-overlay#1236](https://github.com/flatcar/coreos-overlay/pull/1236))<br>- Added Azure Generation 2 VM support ([coreos-overlay#1198](https://github.com/flatcar/coreos-overlay/pull/1198))<br>- Switched Docker ecosystem packages to go1.16 ([coreos-overlay#1217](https://github.com/flatcar/coreos-overlay/pull/1217))<br>- Added lbzip2 binary to the image ([coreos-overlay#1221](https://github.com/flatcar/coreos-overlay/pull/1221))<br>- flatcar-install uses lbzip2 if present, falls back on bzip2 if not ([init#46](https://github.com/flatcar/init/pull/46))<br>- Added Intel E800 series network adapter driver ([coreos-overlay#1237](https://github.com/flatcar/coreos-overlay/pull/1237))<br>- Enabled ‘audit’ use flag for sys-libs/pam ([coreos-overlay#1233](https://github.com/flatcar/coreos-overlay/pull/1233))<br>- Bumped etcd and flannel to respectively 3.5.0, 0.14.0 to get multiarch images for arm64 support. Note for users of the old etcd v2 support: ETCDCTL_API=2 must be set to use v2 store as well as ETCD_ENABLE_V2=true in the etcd-member.service - this support will be removed in 3.6.0 ([coreos-overlay#1179](https://github.com/flatcar/coreos-overlay/pull/1179))<br>- cgroups v2 by default for new nodes ([coreos-overlay#931](https://github.com/flatcar/coreos-overlay/pull/931))<br>- Upgrade Docker to 20.10 ([coreos-overlay#931](https://github.com/flatcar/coreos-overlay/pull/931))<br>- update_engine: add postinstall hook to stay on cgroupv1 ([update_engine#13](https://github.com/flatcar/update_engine/pull/13))<br>- Switched to zstd compression for the initramfs ([coreos-overlay#1136](https://github.com/flatcar/coreos-overlay/pull/1136))<br>- Embedded new subkey in flatcar-install ([coreos-overlay#1180](https://github.com/flatcar/coreos-overlay/pull/1180))<br>- Azure: Compile OEM contents for all architectures ([coreos-overlay#1196](https://github.com/flatcar/coreos-overlay/pull/1196))<br>- AWS: Added amazon-ssm-agent ([coreos-overlay#1162](https://github.com/flatcar/coreos-overlay/pull/1162))<br>- Switched dm-verity corruption detection to issue a kernel panic (a panic results in a reboot after 1 minute, this was the case before already) instead of merely failing certain syscalls that try to use the corrupted data<br>- Support BTRFS in OEM and /usr partitions, but only used it for the OEM partition for now. Ignition configurations that refer to the OEM partition will work with any filesystem format specified, a mismatch is not resulting in a boot error. ([coreos-overlay#1106](https://github.com/flatcar/coreos-overlay/pull/1106))<br>- Enabled zstd compression for the initramfs and for amd64 also for the kernel because we hit the vmlinuz size limit on the /boot partition<br>- Deleted the unused kernel+initramfs vmlinuz file from the /usr partition<br>- devcontainer: added support to run on arm64 by switching to an architecture-agnostic partition UUID<br>- Enabled ARM64 SDK bootstrap ([scripts#134](https://github.com/flatcar/scripts/pull/134))<br>- Enable telnet support for curl ([coreos-overlay#1099](https://github.com/flatcar/coreos-overlay/pull/1099))<br>- Enable MDIO_BCM_UNIMAC for arm64 ([coreos-overlay#929](https://github.com/flatcar/coreos-overlay/pull/929))<br>- Disabled SELinux for Docker ([coreos-overlay#1055](https://github.com/flatcar/coreos-overlay/pull/1055))<br>- flatcar-install: Add -D flag to only download the image file ([Flatcar#248](https://github.com/flatcar/Flatcar/issues/248))<br>- Make the hostname setting units optional. Having the hostname units as required by the initrd.target meant that if the unit failed the machine wouldn’t start, disrupting the whole boot. ([bootengine#23](https://github.com/flatcar/bootengine/pull/23))<br>- Enable using iSCSI netroot devices on Flatcar ([bootengine#22](https://github.com/flatcar/bootengine/pull/22))<br>- The virtio network interfaces got predictable interface names as alternative interface names, and thus these names can also be used to match for a specific interface in case there is more than one and the eth0 and eth1 name assignment is not stable. ([init#38](https://github.com/flatcar/init/pull/38))<br>- The pam_faillock PAM module was enabled as replacement for the removed pam_tally2 module and will temporarily lock an account if there were login attempts with a wrong password. The faillock command can be used to show the current state. With pam_tally2 there was no limit for wrong password login attempts but with faillock the default is already restricting the attempts. The default behavior was relaxed to allow 5 wrong passwords per two minutes, and a one minute account lock time. This does not apply to logins with an SSH key. ([baselayout#17](https://github.com/flatcar/baselayout/pull/17))<br>- The etcd and flannel services are now run with Docker and any rkt-based customizations of the etcd-member and flanneld services not supported anymore. Also, because the flanneld service relies on Docker and will restart Docker after applying the new configuration, it is not possible anymore to set Requires=flanneld.service for docker.service and instead it’s enough to have flanneld.service enabled. ([coreos-overlay#857](https://github.com/flatcar/coreos-overlay/pull/857))<br>- sshd: use secure crypto algos only ([coreos-overlay#852](https://github.com/flatcar/coreos-overlay/pull/852))<br>- samba: Update to EAPI=7, add new USE flags and remove deps on icu ([coreos-overlay#864](https://github.com/flatcar/coreos-overlay/pull/864))<br>- kernel: enable kernel config CONFIG_BPF_LSM ([coreos-overlay#846](https://github.com/flatcar/coreos-overlay/pull/846))<br>- bootengine: set hostname for EC2 and OpenStack from metadata ([coreos-overlay#848](https://github.com/flatcar/coreos-overlay/pull/848))<br>- sys-block/open-iscsi: Command substitution in iscsi-init system service ([coreos-overlay#801](https://github.com/flatcar/coreos-overlay/pull/801))<br>- scripts/motdgen: Add OEM information to motd output ([init#34](https://github.com/flatcar/init/pull/34))<br>- torcx: delete Docker 1.12 ([coreos-overlay#826](https://github.com/flatcar/coreos-overlay/pull/826))<br>- portage update: update portage and related packages to newer versions ([coreos-overlay#840](https://github.com/flatcar/coreos-overlay/pull/840))<br>- bin/flatcar-install: add parameters to make wget more resilient ([init#35](https://github.com/flatcar/init/pull/35))<br>- With the open-iscsi update to 2.1.2, the service unit name changed from iscsid to iscsi ([coreos-overlay#682](https://github.com/flatcar/coreos-overlay/pull/682))<br>- Updated nsswitch.conf to use systemd-resolved ([baselayout#10](https://github.com/flatcar/baselayout/pull/10))<br>- Enabled systemd-resolved stub listeners ([baselayout#11](https://github.com/flatcar/baselayout/pull/11))<br>- systemd-resolved: Disabled DNSSEC for the mean time ([baselayout#14](https://github.com/flatcar/baselayout/pull/14))<br>- kernel: enabled CONFIG_DEBUG_INFO_BTF ([coreos-overlay#753](https://github.com/flatcar/coreos-overlay/pull/753))<br>- containerd: Disabled shim debug logs ([coreos-overlay#766](https://github.com/flatcar/coreos-overlay/pull/766))<br>- Enable BCMGENET as a module on arm64_defconfig-5.9 ([coreos-overlay#717](https://github.com/flatcar/coreos-overlay/pull/717))<br>- Enable BCM7XXX_PHY as a module on arm64_defconfig-5.9 for Raspberry Pi 4 ([coreos-overlay#716](https://github.com/flatcar/coreos-overlay/pull/716))<br>- flatcar_production_qemu.sh: Use more CPUs for ARM if available ([scripts#91](https://github.com/flatcar/flatcar-scripts/pull/91))<br>- Enabled the kernel config HOTPLUG_PCI_ACPI for arm64 to support attaching EC2 volumes ([coreos-overlay#705](https://github.com/flatcar/coreos-overlay/pull/705))<br>- Support the lockdown kernel command line parameter ([coreos-overlay#533](https://github.com/flatcar/coreos-overlay/pull/553))<br>- AWS arm64: Enable elastic network adapter module ([coreos-overlay#631](https://github.com/flatcar/coreos-overlay/pull/631))<br>- rkt and kubelet-wrapper are deprecated and removed from Alpha, also from subsequent channels in the future. Please read the [removal announcement](https://groups.google.com/g/flatcar-linux-user/c/MeinndLqJO4) to know more.<br><br><br>### Updates:<br><br>- Linux ([5.10.109](https://lwn.net/Articles/889439)) (from 5.4.188)<br>- Linux Firmware ([20211216](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20211216))<br>- systemd ([249.10](https://github.com/systemd/systemd-stable/releases/tag/v249.10))<br>- glibc ([2.33](https://sourceware.org/glibc/wiki/Release/2.33))<br>- Go ([1.17.8](https://go.googlesource.com/go/+/refs/tags/go1.17.8))<br>- Docker ([20.10.12](https://docs.docker.com/engine/release-notes/#201012))<br>- bash ([5.1](https://lists.gnu.org/archive/html/info-gnu/2020-12/msg00003.html))<br>- c-ares ([1.17.2](https://github.com/c-ares/c-ares/releases/tag/cares-1_17_2))<br>- ca-certificates ([3.73](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_73.html))<br>- containerd ([1.5.11](https://github.com/containerd/containerd/releases/tag/v1.5.11))<br>- coreutils ([8.32](http://savannah.gnu.org/forum/forum.php?forum_id=9693))<br>- cryptsetup ([2.3.6](https://gitlab.com/cryptsetup/cryptsetup/-/blob/v2.3.6/docs/v2.3.6-ReleaseNotes))<br>- curl ([7.79.1](https://curl.se/mail/lib-2021-09/0079.html))<br>- dbus ([1.12.20](https://gitlab.freedesktop.org/dbus/dbus/-/blob/dbus-1.12.20/NEWS))<br>- ebtables ([2.0.11](https://lwn.net/Articles/806179/))<br>- etcd-wrapper ([3.5.0](https://github.com/etcd-io/etcd/releases/tag/v3.5.0))<br>- etcdctl ([3.5.0](https://github.com/etcd-io/etcd/releases/tag/v3.5.0))<br>- expat ([2.4.6](https://github.com/libexpat/libexpat/blob/R_2_4_6/expat/Changes))<br>- flannel-wrapper ([0.14](https://github.com/flannel-io/flannel/releases/tag/v0.14.0))<br>- gawk ([5.1.0](https://lists.gnu.org/archive/html/info-gnu/2020-04/msg00007.html))<br>- gettext ([0.21](https://lists.gnu.org/archive/html/info-gnu/2020-07/msg00009.html))<br>- git ([2.32.0](https://github.com/git/git/blob/master/Documentation/RelNotes/2.32.0.txt))<br>- glib ([2.66.8](https://gitlab.gnome.org/GNOME/glib/-/releases/2.66.8))<br>- gnupg ([2.2.29](https://lists.gnupg.org/pipermail/gnupg-announce/2021q3/000461.html))<br>- gnutls ([3.7.1](https://github.com/gnutls/gnutls/blob/3.7.1/NEWS))<br>- gptfdisk ([1.0.7](http://www.rodsbooks.com/gdisk/))<br>- ignition ([0.36.1](https://github.com/flatcar/ignition/releases/tag/v0.36.1))<br>- intel-microcode ([20210608_p20210608](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20210608))<br>- iptables ([1.8.7](https://lwn.net/Articles/843069/))<br>- keyutils ([1.6.1](https://lwn.net/Articles/771934/))<br>- ldb ([2.3.0](https://gitlab.com/samba-team/samba/-/blob/ldb-2.3.0/WHATSNEW.txt))<br>- libarchive ([3.5.1](https://github.com/libarchive/libarchive/releases/tag/v3.5.1))<br>- libev ([4.33](http://dist.schmorp.de/libev/))<br>- libgcrypt ([1.9.4](https://dev.gnupg.org/T5402))<br>- libmnl ([1.0.4](https://marc.info/?l=netfilter-devel&m=146745072727070&w=2))<br>- libnftnl ([1.2.0](https://lwn.net/Articles/857198/))<br>- libpcre ([8.44](http://www.rexegg.com/pcre-doc/ChangeLog))<br>- libselinux ([3.1](https://github.com/SELinuxProject/selinux/releases/tag/libselinux-3.1))<br>- libsemanage ([3.1](https://github.com/SELinuxProject/selinux/releases/tag/libsemanage-3.1))<br>- libsepol ([3.1](https://github.com/SELinuxProject/selinux/releases/tag/libsepol-3.1))<br>- libtirpc ([1.3.2](https://www.spinics.net/lists/linux-nfs/msg84129.html))<br>- libuv ([1.41.1](https://github.com/libuv/libuv/releases/tag/v1.41.1))<br>- libverto ([0.3.1](https://github.com/latchset/libverto/releases/tag/0.3.1))<br>- libxml2 ([2.9.12](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.9.12))<br>- lvm2 ([2.02.188](https://github.com/lvmteam/lvm2/blob/v2_02_188/WHATS_NEW))<br>- lz4 ([1.9.3](https://github.com/lz4/lz4/releases/tag/v1.9.3))<br>- mit-krb5 ([1.19.2](https://web.mit.edu/kerberos/krb5-1.19/README-1.19.2.txt))<br>- multipath-tools ([0.8.5](https://github.com/opensvc/multipath-tools/releases/tag/0.8.5))<br>- ncurses ([6.2](https://lists.gnu.org/archive/html/info-gnu/2020-02/msg00010.html))<br>- net-tools ([2.10](https://sourceforge.net/p/net-tools/mailman/message/37192002/))<br>- nettle ([3.7.3](https://lists.gnu.org/archive/html/info-gnu/2021-06/msg00002.html))<br>- nftables ([0.9.9](https://lwn.net/Articles/857369/))<br>- nvidia-drivers ([510.47.03](https://docs.nvidia.com/datacenter/tesla/tesla-release-notes-510-47-03/index.html)) <br>- openldap ([2.4.58](https://lists.openldap.org/hyperkitty/list/openldap-announce@openldap.org/thread/GK4OGTM6VMIAJCAZSG66VXRRN2LVQDVF/))<br>- openssh ([8.7](https://www.openssh.com/txt/release-8.7))<br>- openssl ([1.1.1n](https://www.openssl.org/news/changelog.html#openssl-111))<br>- pam ([1.5.1](https://github.com/linux-pam/linux-pam/releases/tag/v1.5.1))<br>- pambase 20200817<br>- pax-utils ([1.3.1](https://gitweb.gentoo.org/proj/pax-utils.git/tag/?h=v1.3.1))<br>- policycoreutils ([3.1](https://github.com/SELinuxProject/selinux/tree/policycoreutils-3.1))<br>- polkit ([0.119](https://gitlab.freedesktop.org/polkit/polkit/-/blob/0.119/NEWS))<br>- readline ([8.1](https://lwn.net/Articles/839213/))<br>- realmd ([0.17.0](https://gitlab.freedesktop.org/realmd/realmd/-/blob/0.17.0/NEWS))<br>- runc ([1.0.3](https://github.com/opencontainers/runc/releases/tag/v1.0.3))<br>- samba ([4.12.9](https://www.samba.org/samba/history/samba-4.12.9.html))<br>- selinux-base ([2.20200818](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20200818))<br>- selinux-base-policy ([2.20200818](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20200818))<br>- selinux-unconfined ([2.20200818](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20200818))<br>- selinux-virt ([2.20200818](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20200818))<br>- sssd ([2.3.1](https://sssd.io/release-notes/sssd-2.3.1.html))<br>- strace ([5.12](https://lists.strace.io/pipermail/strace-devel/2021-April/010516.html))<br>- talloc ([2.3.2](https://gitlab.com/samba-team/samba/-/tags/talloc-2.3.2))<br>- tar ([1.34](https://lists.gnu.org/archive/html/info-gnu/2021-02/msg00006.html))<br>- util-linux ([2.37.2](https://www.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.2-ChangeLog))<br>- vim ([8.2.3428](https://github.com/vim/vim/releases/tag/v8.2.3428))<br>- xenstore ([4.14](https://wiki.xenproject.org/wiki/Xen_Project_4.14_Release_Notes))<br>- xz-utils ([5.2.5](https://git.tukaani.org/?p=xz.git;a=blob;f=NEWS;h=d3f7d602343b4885e2c5653fefcc86fc2c14a06b;hb=v5.2.5))<br>- zstd ([1.4.9](https://github.com/facebook/zstd/releases/tag/v1.4.9))<br>- Azure: WALinuxAgent ([2.6.0.2](https://github.com/Azure/WALinuxAgent/releases/tag/v2.6.0.2))<br><br>_Changes since **Stable 3033.2.4**_<br><br><br>### Security fixes:<br><br>- nvidia-drivers ([CVE-2022-21814](https://nvd.nist.gov/vuln/detail/CVE-2022-21814), [CVE-2022-21813](https://nvd.nist.gov/vuln/detail/CVE-2022-21813))<br>- containerd ([CVE-2022-24769](https://nvd.nist.gov/vuln/detail/CVE-2022-24769))<br><br>### Bug fixes:<br><br>- AWS: specify correct console (ttyS0) on kernel command line for ARM64 instances ([coreos-overlay#1628](https://github.com/flatcar/coreos-overlay/pull/1628))<br>- Added pahole to developer container, without it kernel modules built against /usr/src/linux may fail to probe with an 'invalid relocation target' error ([coreos-overlay#1839](https://github.com/flatcar/coreos-overlay/pull/1839))<br>- network: Accept ICMPv6 Router Advertisements to fix IPv6 address assignment in the default DHCP setting ([flatcar-linux/init#51](https://github.com/flatcar/init/pull/51), [flatcar-linux/cloudinit#12](https://github.com/flatcar/coreos-cloudinit/pull/12), [flatcar-linux/bootengine#30](https://github.com/flatcar/bootengine/pull/30))<br><br>### Changes:<br><br>- The systemd-networkd `ManageForeignRoutes` and `ManageForeignRoutingPolicyRules` settings are now disabled through a drop-in file and thus can only be enabled again by a drop-in file under `/etc/systemd/networkd.conf.d/` because drop-in files take precedence over `/etc/systemd/networkd.conf` ([init#61](https://github.com/flatcar/init/pull/61))<br>- Excluded special network interface devices like bridge, tunnel, vxlan, and veth devices from the default DHCP configuration to prevent networkd interference ([init#56](https://github.com/flatcar/init/pull/56))<br>- Added a new flatcar-update tool to the image to ease manual updates, rollbacks, channel/release jumping, and airgapped updates ([flatcar-linux/init#53](https://github.com/flatcar/init/pull/53))<br>- Merge the Flatcar Pro features into the regular Flatcar images ([coreos-overlay#1679](https://github.com/flatcar/coreos-overlay/pull/1679))<br>- Enabled the FIPS support for the Linux kernel, which users can now choose through a kernel parameter in `grub.cfg` (check it taking effect with `cat /proc/sys/crypto/fips_enabled`) ([coreos-overlay#1602](https://github.com/flatcar/coreos-overlay/pull/1602))<br>- Merge the Flatcar Pro features into the regular Flatcar images ([coreos-overlay#1679](https://github.com/flatcar/coreos-overlay/pull/1679)) <br>- Enabled FIPS mode for cryptsetup ([flatcar-linux/coreos-overlay#1747](https://github.com/flatcar/coreos-overlay/pull/1747), [portage-stable#312](https://github.com/flatcar/portage-stable/pull/312))<br>- GCE: Enabled GVE kernel driver, which adds support for Google Virtual NIC on GCP ([coreos-overlay#1802](https://github.com/flatcar/coreos-overlay/pull/1802))<br>- SDK: Dropped the mantle binaries (kola, ore, etc.) from the SDK, they are now provided by the `ghcr.io/flatcar/mantle` image ([coreos-overlay#1827](https://github.com/flatcar/coreos-overlay/pull/1827), [scripts#275](https://github.com/flatcar/scripts/pull/275))<br><br>### Updates:<br><br>- Linux ([5.10.109](https://lwn.net/Articles/889439) with [5.10.108](https://lwn.net/Articles/889002))<br>- ca-certificates ([3.77](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_77.html))<br>- containerd ([1.5.11](https://github.com/containerd/containerd/releases/tag/v1.5.11))<br>- nvidia-drivers ([510.47.03](https://docs.nvidia.com/datacenter/tesla/tesla-release-notes-510-47-03/index.html)) <br>- Azure: WALinuxAgent ([2.6.0.2](https://github.com/Azure/WALinuxAgent/releases/tag/v2.6.0.2))<br><br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.10.109<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-05-05T08:46:50+00:00 @@ -1014,7 +1022,7 @@ https://github.com/flatcar/scripts/releases/tag/lts-2605.32.1 2605.32.1 - 2023-10-25T10:20:44.003317+00:00 + 2023-11-22T09:59:33.916827+00:00 _Changes since **LTS 2605.31.1**_<br><br>#### Updates:<br><br>- ca-certificates ([3.83](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_83.html))<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.4.210<br>- systemd 246<br><br>Architectures:<br>- amd64<br> 2022-10-17T15:09:11+00:00 @@ -1022,7 +1030,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2605.31.1 2605.31.1 - 2023-10-25T10:20:43.999015+00:00 + 2023-11-22T09:59:33.912465+00:00 **NOTE** LTS-2021 is near the designated end of its 18 month lifespan and will only receive 1 more update by the end of September. If you use a fixed LTS channel please switch to LTS-2022, the new LTS which has been published in May. After the next update by end of September there will be no more releases for the LTS-2021 channel. Please check your nodes' `GROUP=` setting in `/etc/flatcar/update.conf` to determine if you need to take action. Please refer to the Flatcar documentation on [switching channels](https://flatcar-linux.org/docs/latest/setup/releases/switching-channels/#freezing-an-lts-stream) to switch to LTS-2022.<br><br><br>_Changes since **LTS 2605.30.1**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2021-4159](https://nvd.nist.gov/vuln/detail/CVE-2021-4159), [CVE-2022-1462](https://nvd.nist.gov/vuln/detail/CVE-2022-1462), [CVE-2022-20369](https://nvd.nist.gov/vuln/detail/CVE-2022-20369), [CVE-2022-21505](https://nvd.nist.gov/vuln/detail/CVE-2022-21505), [CVE-2022-26373](https://nvd.nist.gov/vuln/detail/CVE-2022-26373), [CVE-2022-36123](https://nvd.nist.gov/vuln/detail/CVE-2022-36123), [CVE-2022-36879](https://nvd.nist.gov/vuln/detail/CVE-2022-36879), [CVE-2022-36946](https://nvd.nist.gov/vuln/detail/CVE-2022-36946))<br><br>#### Changes:<br><br>- The new image signing subkey was added to the public key embedded into `flatcar-install` (the old expired on 10th August 2022), only an updated `flatcar-install` script can verify releases signed with the new key ([init#79](https://github.com/flatcar/init/pull/79))<br><br>#### Updates:<br><br>- Linux ([5.4.210](https://lwn.net/Articles/904463) (includes [5.4.209](https://lwn.net/Articles/903690), [5.4.208](https://lwn.net/Articles/902919), [5.4.207](https://lwn.net/Articles/902103)))<br>- ca-certificates ([3.82](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_82.html))<br><br>Note: LTS 2605.32.1 i.e the next release to be release in the month of September would be the last release for LTS-2021. Post that there will be no more releases for the channel. Please upgrade your workloads to LTS-2022 as soon as possible.<br><br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.4.210<br>- systemd 246<br><br>Architectures:<br>- amd64<br> 2022-09-01T12:57:10+00:00 @@ -1030,7 +1038,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2605.30.1 2605.30.1 - 2023-10-25T10:20:43.993187+00:00 + 2023-11-22T09:59:33.906538+00:00 New LTS-2021 Release 2605.30.1<br><br>Changes since LTS-2021 2605.29.1<br><br>## Security fixes:<br><br>- Linux ([CVE-2021-33655](https://nvd.nist.gov/vuln/detail/CVE-2021-33655), [CVE-2021-33656](https://nvd.nist.gov/vuln/detail/CVE-2021-33656), [CVE-2022-2318](https://nvd.nist.gov/vuln/detail/CVE-2022-2318), [CVE-2022-26365](https://nvd.nist.gov/vuln/detail/CVE-2022-26365), [CVE-2022-32296](https://nvd.nist.gov/vuln/detail/CVE-2022-32296), [CVE-2022-33740](https://nvd.nist.gov/vuln/detail/CVE-2022-33740), [CVE-2022-33741](https://nvd.nist.gov/vuln/detail/CVE-2022-33741), [CVE-2022-33742](https://nvd.nist.gov/vuln/detail/CVE-2022-33742), [CVE-2022-33744](https://nvd.nist.gov/vuln/detail/CVE-2022-33744))<br><br>## Bug fixes:<br><br>- Removed outdated LTS channel information printed on login ([init#75](https://github.com/flatcar/init/pull/75))<br><br>## Changes:<br><br><br>## Updates:<br><br>- Linux ([5.4.206](https://lwn.net/Articles/901382) (includes [5.4.205](https://lwn.net/Articles/900908), [5.4.204](https://lwn.net/Articles/900323), [5.4.203](https://lwn.net/Articles/899790), [5.4.202](https://lwn.net/Articles/899372), [5.4.201](https://lwn.net/Articles/899089), [5.4.200](https://lwn.net/Articles/898624)))<br>- ca-certificates ([3.80](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_80.html))<br><br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.4.206<br>- systemd 246<br><br>Architectures:<br>- amd64<br> 2022-08-04T12:03:25+00:00 @@ -1038,7 +1046,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2605.29.1 2605.29.1 - 2023-10-25T10:20:43.988203+00:00 + 2023-11-22T09:59:33.901458+00:00 New **LTS-2021** Release **2605.29.1**<br><br>Changes since **LTS 2605.28.1**<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-1012](https://nvd.nist.gov/vuln/detail/CVE-2022-1012), [CVE-2022-32250](https://nvd.nist.gov/vuln/detail/CVE-2022-32250), [CVE-2022-21499](https://nvd.nist.gov/vuln/detail/CVE-2022-21499), [CVE-2022-32981](https://nvd.nist.gov/vuln/detail/CVE-2022-32981))<br><br>#### Updates:<br><br>- Linux ([5.4.199](https://lwn.net/Articles/898126) (includes [5.4.198](https://lwn.net/Articles/897902), [5.4.197](https://lwn.net/Articles/897169)))<br>- ca-certificates ([3.79](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_79.html))<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.4.199<br>- systemd 246<br><br>Architectures:<br>- amd64<br> 2022-06-23T11:56:51+00:00 @@ -1046,7 +1054,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2605.28.1 2605.28.1 - 2023-10-25T10:20:43.983599+00:00 + 2023-11-22T09:59:33.896804+00:00 # New **LTS-2021** Release **2605.28.1**<br><br>_Changes since **LTS-2021 2605.27.1**_<br><br>## Security fixes:<br><br>- Linux ([CVE-2022-28390](https://nvd.nist.gov/vuln/detail/CVE-2022-28390), [CVE-2022-1158](https://nvd.nist.gov/vuln/detail/CVE-2022-1158), [CVE-2022-1353](https://nvd.nist.gov/vuln/detail/CVE-2022-1353), [CVE-2022-30594](https://nvd.nist.gov/vuln/detail/CVE-2022-30594), [CVE-2022-1198](https://nvd.nist.gov/vuln/detail/CVE-2022-1198), [CVE-2021-4197](https://nvd.nist.gov/vuln/detail/CVE-2021-4197), [CVE-2022-28389](https://nvd.nist.gov/vuln/detail/CVE-2022-28389), [CVE-2022-1516](https://nvd.nist.gov/vuln/detail/CVE-2022-1516), [CVE-2022-1204](https://nvd.nist.gov/vuln/detail/CVE-2022-1204), [CVE-2022-1205](https://nvd.nist.gov/vuln/detail/CVE-2022-1205), [CVE-2022-29581](https://nvd.nist.gov/vuln/detail/CVE-2022-29581), [CVE-2022-28388](https://nvd.nist.gov/vuln/detail/CVE-2022-28388), [CVE-2022-1836](https://nvd.nist.gov/vuln/detail/CVE-2022-1836), [CVE-2022-1048](https://nvd.nist.gov/vuln/detail/CVE-2022-1048), [CVE-2022-1734](https://nvd.nist.gov/vuln/detail/CVE-2022-1734), [CVE-2022-0494](https://nvd.nist.gov/vuln/detail/CVE-2022-0494), [CVE-2022-28893](https://nvd.nist.gov/vuln/detail/CVE-2022-28893), [CVE-2022-1729](https://nvd.nist.gov/vuln/detail/CVE-2022-1729), [CVE-2022-0854](https://nvd.nist.gov/vuln/detail/CVE-2022-0854), [CVE-2022-26490](https://nvd.nist.gov/vuln/detail/CVE-2022-26490), [CVE-2022-28356](https://nvd.nist.gov/vuln/detail/CVE-2022-28356), [CVE-2022-1016](https://nvd.nist.gov/vuln/detail/CVE-2022-1016), [CVE-2022-27666](https://nvd.nist.gov/vuln/detail/CVE-2022-27666))<br><br><br>## Updates:<br><br>- Linux ([5.4.196](https://lwn.net/Articles/896224/) from 5.4.188)<br>- ca-certificates ([3.78](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_78.html))<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.4.196<br>- systemd 246<br><br>Architectures:<br>- amd64<br> 2022-06-23T08:51:23+00:00 @@ -1054,7 +1062,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2605.27.1 2605.27.1 - 2023-10-25T10:20:43.978382+00:00 + 2023-11-22T09:59:33.891536+00:00 <br>New **LTS-2021** Release **2605.27.1**<br><br>_Changes since **LTS 2605.26.1**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-0492](https://nvd.nist.gov/vuln/detail/CVE-2022-0492), [CVE-2022-0001](https://nvd.nist.gov/vuln/detail/CVE-2022-0001), [CVE-2022-0002](https://nvd.nist.gov/vuln/detail/CVE-2022-0002), [CVE-2022-1011](https://nvd.nist.gov/vuln/detail/CVE-2022-1011), [CVE-2022-1016](https://nvd.nist.gov/vuln/detail/CVE-2022-1016), [CVE-2022-23036](https://nvd.nist.gov/vuln/detail/CVE-2022-23036), [CVE-2022-23037](https://nvd.nist.gov/vuln/detail/CVE-2022-23037), [CVE-2022-23038](https://nvd.nist.gov/vuln/detail/CVE-2022-23038), [CVE-2022-23039](https://nvd.nist.gov/vuln/detail/CVE-2022-23039), [CVE-2022-23040](https://nvd.nist.gov/vuln/detail/CVE-2022-23040), [CVE-2022-23041](https://nvd.nist.gov/vuln/detail/CVE-2022-23041), [CVE-2022-23042](https://nvd.nist.gov/vuln/detail/CVE-2022-23042), [CVE-2022-23960](https://nvd.nist.gov/vuln/detail/CVE-2022-23960), [CVE-2022-25636](https://nvd.nist.gov/vuln/detail/CVE-2022-25636), [CVE-2022-27666](https://nvd.nist.gov/vuln/detail/CVE-2022-27666), [CVE-2022-28356](https://nvd.nist.gov/vuln/detail/CVE-2022-28356))<br><br>#### Updates:<br><br>- Linux ([5.4.188](https://lwn.net/Articles/889440)) (from 5.4.181)<br>- ca-certificates ([3.77](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_77.html))<br><br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.4.188<br>- systemd 246<br><br>Architectures:<br>- amd64<br> 2022-04-07T12:12:25+00:00 @@ -1062,7 +1070,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2605.26.1 2605.26.1 - 2023-10-25T10:20:43.973407+00:00 + 2023-11-22T09:59:33.886505+00:00 New **LTS-2605** Release **2605.26.1**<br><br>_Changes since **LTS 2605.25.1**_<br><br>#### Security fixes<br>- Linux ([CVE-2021-43976](https://nvd.nist.gov/vuln/detail/CVE-2021-43976), [CVE-2022-0330](https://nvd.nist.gov/vuln/detail/CVE-2022-0330), [CVE-2022-22942](https://nvd.nist.gov/vuln/detail/CVE-2022-22942), [CVE-2022-24448](https://nvd.nist.gov/vuln/detail/CVE-2022-24448), [CVE-2022-0617](https://nvd.nist.gov/vuln/detail/CVE-2022-0617), [CVE-2022-24959](https://nvd.nist.gov/vuln/detail/CVE-2022-24959))<br><br><br>#### Updates<br>- Linux ([5.4.176](https://lwn.net/Articles/883443)) (from 5.4.173)<br><br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.4.181<br>- systemd 246<br><br>Architectures:<br>- amd64<br> 2022-03-07T13:10:55+00:00 @@ -1070,7 +1078,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2605.25.1 2605.25.1 - 2023-10-25T10:20:43.968862+00:00 + 2023-11-22T09:59:33.881833+00:00 New **LTS** release **2605.25.1**<br><br>_Changes since **LTS 2605.24.1**_<br><br>#### Security fixes<br>- Linux ([CVE-2021-4135](https://nvd.nist.gov/vuln/detail/CVE-2021-4135), [CVE-2021-4155](https://nvd.nist.gov/vuln/detail/CVE-2021-4155), [CVE-2021-28711](https://nvd.nist.gov/vuln/detail/CVE-2021-28711), [CVE-2021-28712](https://nvd.nist.gov/vuln/detail/CVE-2021-28712), [CVE-2021-28713](https://nvd.nist.gov/vuln/detail/CVE-2021-28713), [CVE-2021-28714](https://nvd.nist.gov/vuln/detail/CVE-2021-28714), [CVE-2021-28715](https://nvd.nist.gov/vuln/detail/CVE-2021-28715), [CVE-2021-39685](https://nvd.nist.gov/vuln/detail/CVE-2021-39685), [CVE-2021-44733](https://nvd.nist.gov/vuln/detail/CVE-2021-44733), [CVE-2021-45095](https://nvd.nist.gov/vuln/detail/CVE-2021-45095), [CVE-2022-0185](https://nvd.nist.gov/vuln/detail/CVE-2022-0185))<br>- ca-certificates ([CVE-2021-43527](https://nvd.nist.gov/vuln/detail/CVE-2021-43527))<br><br>#### Updates<br>- Linux ([5.4.173](https://lwn.net/Articles/881965)) (includes [5.4.165](https://lwn.net/Articles/878633), [5.4.166](https://lwn.net/Articles/878900), [5.4.167](https://lwn.net/Articles/879025), [5.4.168](https://lwn.net/Articles/879498), [5.4.169](https://lwn.net/Articles/879999), [5.4.170](https://lwn.net/Articles/880467), [5.4.171](https://lwn.net/Articles/881016), [5.4.172](https://lwn.net/Articles/881550))<br>- ca-certificates ([3.74](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_74.html)) (includes [3.73.1](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_73_1.html))<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.4.173<br>- systemd 246<br><br>Architectures:<br>- amd64<br> 2022-01-26T08:39:00+00:00 @@ -1078,7 +1086,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2605.24.1 2605.24.1 - 2023-10-25T10:20:43.963746+00:00 + 2023-11-22T09:59:33.876684+00:00 <br><br>New **LTS** release **2605.24.1**<br><br>_Changes since **LTS 2605.23.1**_<br><br>**Security Fixes**<br><br><br><br>* Linux ([CVE-2021-42739](https://nvd.nist.gov/vuln/detail/CVE-2021-42739), [CVE-2021-3640](https://nvd.nist.gov/vuln/detail/CVE-2021-3640), [CVE-2021-4002](https://nvd.nist.gov/vuln/detail/CVE-2021-4002), [CVE-2020-27820](https://nvd.nist.gov/vuln/detail/CVE-2020-27820), [CVE-2021-43975](https://nvd.nist.gov/vuln/detail/CVE-2021-43975))<br>* ca-certificates ([CVE-2021-43527](https://nvd.nist.gov/vuln/detail/CVE-2021-43527))<br><br>**Updates**<br><br><br><br>* Linux ([5.4.164](https://lwn.net/Articles/878042))<br>* ca-certificates ([3.73](https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/vy9284s8APM))<br>* repo ([2.8](https://gerrit.googlesource.com/git-repo/+/refs/tags/v2.8))<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.4.164<br>- systemd 246<br><br>Architectures:<br>- amd64<br> 2021-12-15T19:41:33+00:00 @@ -1086,7 +1094,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2605.23.1 2605.23.1 - 2023-10-25T10:20:43.959074+00:00 + 2023-11-22T09:59:33.871902+00:00 <br>New **LTS** release **2605.23.1**<br><br>_Changes since **LTS 2605.22.1**_<br><br>**Security fixes**<br><br><br><br>* Linux ([CVE-2021-3760](https://nvd.nist.gov/vuln/detail/CVE-2021-3760), [CVE-2021-3772](https://nvd.nist.gov/vuln/detail/CVE-2021-3772), [CVE-2021-43056](https://nvd.nist.gov/vuln/detail/CVE-2021-43056), [CVE-2021-43389](https://nvd.nist.gov/vuln/detail/CVE-2021-43389))<br><br>**Bug fixes**<br><br><br><br>* Use https protocol instead of git for Github URLs ([flatcar-linux/coreos-overlay#1394](https://github.com/flatcar/coreos-overlay/pull/1394))<br><br>**Updates**<br><br><br><br>* Linux ([5.4.157](https://lwn.net/Articles/874853/))<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.4.157<br>- systemd 246<br><br>Architectures:<br>- amd64<br> 2021-11-09T08:12:13+00:00 @@ -1094,7 +1102,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2605.22.1 2605.22.1 - 2023-10-25T10:20:43.954467+00:00 + 2023-11-22T09:59:33.867215+00:00 <br>New **LTS** release **2605.22.1**<br><br>_Changes since **LTS 2605.21.1**_<br><br>**Security fixes**<br><br><br><br>* Linux ([CVE-2021-42252](https://nvd.nist.gov/vuln/detail/CVE-2021-42252), [CVE-2021-20320](https://nvd.nist.gov/vuln/detail/CVE-2021-20320), [CVE-2020-16119](https://nvd.nist.gov/vuln/detail/CVE-2020-16119), [CVE-2021-37159](https://nvd.nist.gov/vuln/detail/CVE-2021-37159), [CVE-2021-3764](https://nvd.nist.gov/vuln/detail/CVE-2021-3764), [CVE-2021-3744](https://nvd.nist.gov/vuln/detail/CVE-2021-3744), [CVE-2021-38300](https://nvd.nist.gov/vuln/detail/CVE-2021-38300), [CVE-2021-20321](https://nvd.nist.gov/vuln/detail/CVE-2021-20321), [CVE-2021-41864](https://nvd.nist.gov/vuln/detail/CVE-2021-41864))<br><br>**Bux fixes**<br><br><br><br>* The tcsd service for TPM 1 is not started on machines with TPM 2 anymore where it fails and isn’t necessary ([flatcar-linux/coreos-overlay#1364](https://github.com/flatcar/coreos-overlay/pull/1364))<br><br>**Updates**<br><br><br><br>* Linux ([5.4.155](https://lwn.net/Articles/873466/))<br>* ca-certificates ([3.69.1](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_69_1.html#nss-3-69-1-release-notes))<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.4.155<br>- systemd 246<br><br>Architectures:<br>- amd64<br> 2021-10-25T15:57:52+00:00 @@ -1102,7 +1110,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2605.21.1 2605.21.1 - 2023-10-25T10:20:43.949506+00:00 + 2023-11-22T09:59:33.862187+00:00 New **LTS** release **2605.21.1**<br><br>_Changes since **LTS 2605.20.1**_<br><br>**Security fixes**<br><br><br><br>* Linux ([CVE-2021-3753](https://nvd.nist.gov/vuln/detail/CVE-2021-3753),[ CVE-2021-3739](https://nvd.nist.gov/vuln/detail/CVE-2021-3739), [CVE-2021-40490](https://nvd.nist.gov/vuln/detail/CVE-2021-40490), [CVE-2021-34556](https://nvd.nist.gov/vuln/detail/CVE-2021-34556), [CVE-2021-35477](https://nvd.nist.gov/vuln/detail/CVE-2021-35477))<br><br>**Updates**<br><br><br><br>* Linux ([5.4.147](https://lwn.net/Articles/869407/))<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.4.147<br>- systemd 246<br><br>Architectures:<br>- amd64<br> 2021-09-27T08:32:37+00:00 @@ -1110,7 +1118,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2605.20.1 2605.20.1 - 2023-10-25T10:20:43.945034+00:00 + 2023-11-22T09:59:33.857634+00:00 New **LTS** release **2605.20.1**<br><br>_Changes since **LTS 2605.19.1**_<br><br>**Security fixes**<br><br><br><br>* Linux ([CVE-2021-3653](https://nvd.nist.gov/vuln/detail/CVE-2021-3653), [CVE-2021-3656](https://nvd.nist.gov/vuln/detail/CVE-2021-3656), [CVE-2021-38166](https://nvd.nist.gov/vuln/detail/CVE-2021-38166)) <br>* openssl ([CVE-2021-3711](https://nvd.nist.gov/vuln/detail/CVE-2021-3711), [CVE-2021-3712](https://nvd.nist.gov/vuln/detail/CVE-2021-3712))<br><br>**Updates**<br><br><br><br>* Linux ([5.4.143](https://lwn.net/Articles/867498/))<br>* openssl ([1.1.1l](https://mta.openssl.org/pipermail/openssl-announce/2021-August/000206.html))<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.4.143<br>- systemd 246<br><br>Architectures:<br>- amd64<br> 2021-09-01T14:16:35+00:00 @@ -1118,7 +1126,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2605.19.1 2605.19.1 - 2023-10-25T10:20:43.940448+00:00 + 2023-11-22T09:59:33.852989+00:00 <br>_Changes since **LTS 2605.18.1**_<br><br>**Security fixes**<br><br><br><br>* Linux ([CVE-2021-38204](https://nvd.nist.gov/vuln/detail/CVE-2021-38204), [CVE-2021-3679](https://nvd.nist.gov/vuln/detail/CVE-2021-3679), [CVE-2021-37576](https://nvd.nist.gov/vuln/detail/CVE-2021-37576), [CVE-2021-33624](https://nvd.nist.gov/vuln/detail/CVE-2021-33624), [CVE-2021-38198](https://nvd.nist.gov/vuln/detail/CVE-2021-38198), [CVE-2021-38205](https://nvd.nist.gov/vuln/detail/CVE-2021-38205))<br>* Systemd ([CVE-2020-13529](https://nvd.nist.gov/vuln/detail/CVE-2020-13529), [CVE-2021-33910](https://nvd.nist.gov/vuln/detail/CVE-2021-33910))<br><br>**Updates**<br><br><br><br>* Linux ([5.4.141](https://lwn.net/Articles/866303/))<br>* Systemd ([246.15](https://github.com/systemd/systemd-stable/releases/tag/v246.15))<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.4.141<br>- systemd 246<br><br>Architectures:<br>- amd64<br> 2021-08-19T13:37:31+00:00 @@ -1126,7 +1134,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2605.18.1 2605.18.1 - 2023-10-25T10:20:43.935789+00:00 + 2023-11-22T09:59:33.848228+00:00 **Security Fixes**<br><br><br><br>* Linux ([CVE-2021-34693](https://nvd.nist.gov/vuln/detail/CVE-2021-34693), [CVE-2020-26541](https://nvd.nist.gov/vuln/detail/CVE-2020-26541), [CVE-2021-35039](https://nvd.nist.gov/vuln/detail/CVE-2021-35039), [CVE-2021-22543](https://nvd.nist.gov/vuln/detail/CVE-2021-22543), [CVE-2020-36311](https://nvd.nist.gov/vuln/detail/CVE-2020-36311), [CVE-2021-3609](https://nvd.nist.gov/vuln/detail/CVE-2021-3609), [CVE-2021-3655](https://nvd.nist.gov/vuln/detail/CVE-2021-3655), [CVE-2021-33909](https://nvd.nist.gov/vuln/detail/CVE-2021-33909))<br><br>**Updates**<br><br><br><br>* Linux ([5.4.134](https://lwn.net/Articles/863649/))<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.4.134<br>- systemd 246<br><br>Architectures:<br>- amd64<br> 2021-07-28T08:28:35+00:00 @@ -1134,7 +1142,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2605.17.1 2605.17.1 - 2023-10-25T10:20:43.931254+00:00 + 2023-11-22T09:59:33.843618+00:00 <br>**Security fixes**<br><br><br><br>* Linux ([CVE-2020-26558](https://nvd.nist.gov/vuln/detail/CVE-2020-26558), [CVE-2021-0129](https://nvd.nist.gov/vuln/detail/CVE-2021-0129), [CVE-2020-24587](https://nvd.nist.gov/vuln/detail/CVE-2020-24587), [CVE-2020-24586](https://nvd.nist.gov/vuln/detail/CVE-2020-24586), [CVE-2020-24588](https://nvd.nist.gov/vuln/detail/CVE-2020-24588), [CVE-2020-26139](https://nvd.nist.gov/vuln/detail/CVE-2020-26139), [CVE-2020-26145](https://nvd.nist.gov/vuln/detail/CVE-2020-26145), [CVE-2020-26141](https://nvd.nist.gov/vuln/detail/CVE-2020-26141), [CVE-2021-3564](https://nvd.nist.gov/vuln/detail/CVE-2021-3564), [CVE-2021-3587](https://nvd.nist.gov/vuln/detail/CVE-2021-3587), [CVE-2021-3573](https://nvd.nist.gov/vuln/detail/CVE-2021-3573))<br><br>**Updates**<br><br><br><br>* Linux ([5.4.125](https://lwn.net/Articles/859023/))<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.4.125<br>- systemd 246<br><br>Architectures:<br>- amd64<br> 2021-06-17T10:32:57+00:00 @@ -1142,7 +1150,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2605.16.1 2605.16.1 - 2023-10-25T10:20:43.926613+00:00 + 2023-11-22T09:59:33.838834+00:00 **Security fixes**<br><br>* Linux ([CVE-2021-31829](https://nvd.nist.gov/vuln/detail/CVE-2021-31829))<br>* runc ([CVE-2021-30465](https://nvd.nist.gov/vuln/detail/CVE-2021-30465))<br><br>**Updates**<br><br>* Linux ([5.4.119](https://lwn.net/Articles/856270/))<br>* systemd ([246.13](https://github.com/systemd/systemd-stable/releases/tag/v246.13))<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.4.119<br>- systemd 246<br><br>Architectures:<br>- amd64<br> 2021-05-19T11:36:59+00:00 @@ -1150,7 +1158,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2605.14.1 2605.14.1 - 2023-10-25T10:20:43.922261+00:00 + 2023-11-22T09:59:33.834187+00:00 **Security fixes**<br><br><br><br>* Linux ([CVE-2021-28375](https://nvd.nist.gov/vuln/detail/CVE-2021-28375), [CVE-2021-28660](https://nvd.nist.gov/vuln/detail/CVE-2021-28660), [CVE-2021-27363](https://nvd.nist.gov/vuln/detail/CVE-2021-27363), [CVE-2021-27365](https://nvd.nist.gov/vuln/detail/CVE-2021-27365), [CVE-2021-28038](https://nvd.nist.gov/vuln/detail/CVE-2021-28038), [CVE-2021-27364](https://nvd.nist.gov/vuln/detail/CVE-2021-27364), [CVE-2020-25639](https://nvd.nist.gov/vuln/detail/CVE-2020-25639))<br>* openssl ([CVE-2021-23840](https://nvd.nist.gov/vuln/detail/CVE-2021-23840),[ CVE-2021-23841](https://nvd.nist.gov/vuln/detail/CVE-2021-23841), [CVE-2020-1971](https://nvd.nist.gov/vuln/detail/CVE-2020-1971),[ CVE-2021-23840](https://nvd.nist.gov/vuln/detail/CVE-2021-23840),[ CVE-2021-23841](https://nvd.nist.gov/vuln/detail/CVE-2021-23841), [CVE-2021-3449](https://nvd.nist.gov/vuln/detail/CVE-2021-3449),[ CVE-2021-3450](https://nvd.nist.gov/vuln/detail/CVE-2021-3450))<br><br>**Updates**<br><br><br><br>* Linux ([5.4.107](https://lwn.net/Articles/849952/))<br>* openssl ([1.1.1k](https://mta.openssl.org/pipermail/openssl-announce/2021-March/000197.html))<br>* open-iscsi ([2.1.4](https://github.com/open-iscsi/open-iscsi/releases/tag/2.1.4))<br>* containerd ([1.4.4](https://github.com/containerd/containerd/releases/tag/v1.4.4))<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.4.107<br>- systemd 246<br><br>Architectures:<br>- amd64<br> 2021-03-25T15:40:57+00:00 @@ -1158,7 +1166,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2605.13.1 2605.13.1 - 2023-10-25T10:20:43.917231+00:00 + 2023-11-22T09:59:33.829131+00:00 **Security fixes**<br><br>* Linux - [CVE-2021-20194](https://nvd.nist.gov/vuln/detail/CVE-2021-20194), [CVE-2021-3348](https://nvd.nist.gov/vuln/detail/CVE-2021-3348), [CVE-2020-27825](https://nvd.nist.gov/vuln/detail/CVE-2020-27825), [CVE-2021-3347](https://nvd.nist.gov/vuln/detail/CVE-2021-3347), [CVE-2021-26931](https://nvd.nist.gov/vuln/detail/CVE-2021-26931), [CVE-2021-26930](https://nvd.nist.gov/vuln/detail/CVE-2021-26930), [CVE-2021-26932](https://nvd.nist.gov/vuln/detail/CVE-2021-26932)<br><br>**Bug fixes**<br><br>* login message (motd): filter out bullet point when parsing failed units ([baselayout#16](https://github.com/kinvolk/baselayout/pull/16))<br>* tcsd.service: use correct file permissions ([coreos-overlay#809](https://github.com/kinvolk/coreos-overlay/pull/809))<br>* Use LTS 2021 as OS codename instead of the wrong LTS 2020 name<br>* Flatcar Pro for AWS: flatcar-eks: add missing mkdir and update to latest versions ([coreos-overlay#817](https://github.com/kinvolk/coreos-overlay/pull/817))<br><br>**Updates**<br><br>* Linux [5.4.101](https://lwn.net/Articles/847590/)<br><br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.4.101<br>- systemd 246<br><br>Architectures:<br>- amd64<br> 2021-03-02T12:23:32+00:00 @@ -1166,7 +1174,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2605.12.1 2605.12.1 - 2023-10-25T10:20:43.912345+00:00 + 2023-11-22T09:59:33.824098+00:00 **Security fixes**<br><br>* Linux [CVE-2020-27815](https://www.openwall.com/lists/oss-security/2020/11/30/5), [CVE-2020-29568](https://nvd.nist.gov/vuln/detail/CVE-2020-29568), [CVE-2020-29569](https://nvd.nist.gov/vuln/detail/CVE-2020-29569), [CVE-2020-28374](https://nvd.nist.gov/vuln/detail/CVE-2020-28374),[ CVE-2020-36158](https://nvd.nist.gov/vuln/detail/CVE-2020-36158)<br>* Go[ CVE-2021-3114](https://github.com/golang/go/issues/43786)<br>* sudo [CVE-2021-3156](https://nvd.nist.gov/vuln/detail/CVE-2021-3156),[ CVE-2021-23239](https://nvd.nist.gov/vuln/detail/CVE-2021-23239)<br><br>**Bug fixes**<br><br>* networkd: avoid managing MAC addresses for veth devices ([kinvolk/init#33](https://github.com/kinvolk/init/pull/33))<br>* `/etc/iscsi/initiatorname.iscsi` is generated by the iscsi-init service ([#321](https://github.com/kinvolk/Flatcar/issues/321))<br>* Prevent iscsiadm buffer overflow ([#318](https://github.com/kinvolk/Flatcar/issues/318))<br>* Revert to building docker and containerd with go1.13 instead of go1.15. This reduces the SIGURG log spam ([#315](https://github.com/kinvolk/Flatcar/issues/315))<br><br>**Changes**<br><br>* The containerd socket is now available in the default location (`/run/containerd/containerd.sock`) and also as a symlink in the previous location (`/run/docker/libcontainerd/docker-containerd.sock`) ([#771](https://github.com/kinvolk/coreos-overlay/pull/771))<br>* With the iscsi update, the service unit has changed from iscsid to iscsi ([#791](https://github.com/kinvolk/coreos-overlay/pull/791))<br>* AWS Pro: include scripts to facilitate setup of EKS workers ([#794](https://github.com/kinvolk/coreos-overlay/pull/794))<br><br>**Updates**<br><br>* Linux ([5.4.92](https://lwn.net/Articles/843687/))<br>* open-iscsi ([2.1.3](https://github.com/open-iscsi/open-iscsi/releases/tag/2.1.3))<br>* Go ([1.15.7](https://go.googlesource.com/go/+/refs/tags/go1.15.7))<br>* sudo ([1.9.5p2](https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_5p2))<br><br>Packages:<br>- docker 19.03.14<br>- ignition 0.34.0<br>- kernel 5.4.92<br>- systemd 246<br><br>Architectures:<br>- amd64<br> 2021-02-02T13:26:13+00:00 @@ -1174,7 +1182,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2605.10.1 2605.10.1 - 2023-10-25T10:20:43.906829+00:00 + 2023-11-22T09:59:33.815645+00:00 Changes:<br><br>* The Linux kernel is compiled with FIPS support<br>* Containerd CRI plugin got enabled by default, only the containerd socket path needs to be specified as kubelet parameter for Kubernetes 1.20 to use containerd instead of Docker ([Flatcar#283](https://github.com/kinvolk/Flatcar/issues/283))<br><br>Updates:<br><br>* Linux (5.4.83)<br>* Docker (19.03.14)<br>* containerd (1.4.3)<br>* systemd (246.6)<br><br>Packages:<br>- docker 19.03.14<br>- ignition 0.34.0<br>- kernel 5.4.83<br>- systemd 246<br><br>Architectures:<br>- amd64<br> 2020-12-16T12:01:59+00:00 @@ -1182,7 +1190,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2466.99.0 2466.99.0 - 2023-10-25T10:20:43.897087+00:00 + 2023-11-22T09:59:33.804016+00:00 ## Flatcar updates<br><br>Bug fixes:<br><br>- Use newest network interface naming scheme (https://github.com/flatcar/Flatcar/issues/36)<br> - It is a possible breaking change for some persistent network interface names<br>- Fix coreos-cloudinit variable names (https://github.com/flatcar/coreos-overlay/pull/206)<br>- Prefer /boot/coreos to write updates (https://github.com/flatcar/update_engine/pull/2)<br>- Build a download URL in a safer way (https://github.com/flatcar/update_engine/issues/3)<br>- Remove /boot/coreos/first_boot after a Ignition rerun on migration (https://github.com/flatcar/bootengine/pull/10)<br>- Support coreos.config.url as kernel command line parameter for Ignition (https://github.com/flatcar/ignition/pull/10)<br>- Make flannel cross-node traffic work with systemd > 242 (https://github.com/coreos/flannel/issues/1155, https://github.com/flatcar/coreos-overlay/pull/279)<br><br>Changes:<br><br>- Add `tracepath` alongside `traceroute6` (https://github.com/flatcar/Flatcar/issues/50)<br>- Extend logging capabilities of mayday (https://github.com/flatcar/Flatcar/issues/61)<br><br>Updates:<br><br>- Linux [5.6.2](https://lwn.net/Articles/816638/)<br> - An occasional lockup issue can happen at crypto_wait_for_test (https://bugzilla.kernel.org/show_bug.cgi?id=207159)<br>- Docker [19.03.8](https://github.com/docker/docker-ce/releases/tag/v19.03.8)<br>- open-vm-tools [11.0.5](https://github.com/vmware/open-vm-tools/releases/tag/stable-11.0.5)<br>- openssh [8.1](https://www.openssh.com/txt/release-8.1)<br>- WAAgent [2.2.46](https://github.com/Azure/WALinuxAgent/releases/tag/v2.2.46)<br>Packages:<br>- docker 19.03.8<br>- ignition 0.34.0<br>- kernel 5.6.2<br>- systemd 243<br><br>Architectures:<br>- amd64<br>- arm64<br> 2020-04-15T15:24:41+00:00 @@ -1190,7 +1198,7 @@ https://github.com/flatcar/manifest/releases/tag/v2430.99.0 2430.99.0 - 2023-10-25T10:20:43.891737+00:00 + 2023-11-22T09:59:33.798606+00:00 ## Flatcar updates<br><br>Bug fixes:<br><br>- Enable persistent network interface names already in the initramfs to fix https://github.com/coreos/bugs/issues/1767<br>- Make systemd-hostnamed work again by updating systemd to v243 (https://github.com/flatcar/systemd/pull/7)<br>- Use correct branch name format in developer container tools (https://github.com/flatcar/dev-util/pull/2)<br><br>Updates:<br><br>- Linux [5.5.6](https://lwn.net/Articles/813155/)<br>- systemd [243](https://github.com/systemd/systemd/releases/tag/v243)<br>Packages:<br>- docker 19.03.5<br>- ignition 0.34.0<br>- kernel 5.5.6<br>- rkt 1.30.0<br>- systemd 243<br><br>Architectures:<br>- amd64<br>- arm64<br> 2020-03-05T10:27:05+00:00 @@ -1198,7 +1206,7 @@ https://github.com/flatcar/manifest/releases/tag/v2411.99.0 2411.99.0 - 2023-10-25T10:20:43.887021+00:00 + 2023-11-22T09:59:33.793884+00:00 ## Flatcar updates<br><br>Security fixes:<br><br>- Fix incorrect access control leading to privileges escalation in runc ([CVE-2019-19921](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19921))<br>- Fix systemd use-after-free upon receiving crafted D-Bus message from local unprivileged attacker ([CVE-2020-1712](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1712))<br><br>Bug fixes:<br><br>- Fix backwards compatibility issues for users to migrate from CoreOS Container Linux (https://github.com/flatcar/Flatcar/issues/16 https://github.com/flatcar/afterburn/pull/7 https://github.com/flatcar/bootengine/pull/7 https://github.com/flatcar/bootengine/pull/8 https://github.com/flatcar/init/pull/16 https://github.com/flatcar/init/pull/17 https://github.com/flatcar/ignition/pull/8)<br><br>Changes:<br><br>- Build Flatcar tarballs to be used by containers (https://github.com/flatcar/scripts/pull/51)<br>- Enable qede kernel module<br>- Enable kernel config for BTF (BPF Type Format)<br><br>Updates:<br><br>- Linux [5.5.2](https://lwn.net/Articles/811599/)<br>- coreos-firmware [20200122](https://github.com/flatcar/coreos-overlay/pull/175/commits/8751b200031ca9d9b52a6ff060640b77f21b9504) (https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20200122)<br>- runc [1.0.0-rc10](https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc10)<br><br>Packages:<br>- docker 19.03.5<br>- ignition 0.34.0<br>- kernel 5.5.2<br>- rkt 1.30.0<br>- systemd 242<br><br>Architectures:<br>- amd64<br>- arm64<br> 2020-02-17T16:41:29+00:00 @@ -1206,7 +1214,7 @@ https://github.com/flatcar/manifest/releases/tag/v2387.99.0 2387.99.0 - 2023-10-25T10:20:43.881784+00:00 + 2023-11-22T09:59:33.788568+00:00 ## Flatcar updates<br><br>Security fixes:<br><br>- Fix stack-based buffer overflow in sudo ([CVE-2019-18634](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18634))<br><br>Bug fixes:<br><br>- Fix DNS resolution for the GCE metadata server (https://github.com/flatcar/coreos-overlay/pull/160)<br>- Use correct URLs for flatcar-linux in emerge-gitclone and scripts (https://github.com/flatcar/dev-util/pull/1) (https://github.com/flatcar/scripts/pull/50)<br>- Fix a wrong profile reference in torcx (https://github.com/flatcar/coreos-overlay/pull/162)<br>- Use rkt again instead of docker in wrappers (https://github.com/flatcar/coreos-overlay/pull/163)<br>- Create symlink for /run/metadata/coreos (https://github.com/flatcar/coreos-overlay/pull/166)<br>- Create symlink for flatcar-install (https://github.com/flatcar/init/pull/14)<br>- Build static libraries for elfutils (https://github.com/flatcar/coreos-overlay/pull/169)<br><br>Updates:<br><br>- Linux [5.4.16](https://lwn.net/Articles/811027/)<br>- dwarves [1.16](https://git.kernel.org/pub/scm/devel/pahole/pahole.git/tag/?h=v1.16)<br>- elfutils [0.178](https://sourceware.org/git/?p=elfutils.git;a=tag;h=refs/tags/elfutils-0.178)<br>- sudo [1.8.31](https://www.sudo.ws/stable.html#1.8.31)<br>- wireguard [20200128](https://git.zx2c4.com/wireguard-linux-compat/tag/?h=v0.0.20200128)<br>Packages:<br>- docker 19.03.5<br>- ignition 0.33.0<br>- kernel 5.4.16<br>- rkt 1.30.0<br>- systemd 242<br><br>Architectures:<br>- amd64<br>- arm64<br> 2020-02-06T13:20:48+00:00 @@ -1214,7 +1222,7 @@ https://github.com/flatcar/manifest/releases/tag/v2345.99.1 2345.99.1 - 2023-10-25T10:20:43.876564+00:00 + 2023-11-22T09:59:33.783268+00:00 ## Flatcar updates<br><br>Security fixes:<br><br>- Fix a denial-of-service issue via malicious access to `/dev/kvm` ([CVE-2019-19332](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19332))<br><br>Bug fixes:<br><br>- Fix a bug when creating RAID0 arrays by setting the default layout (https://github.com/flatcar/baselayout/pull/2)<br>- Use rkt instead of docker in kubelet-wrapper (https://github.com/flatcar/coreos-overlay/pull/148)<br><br>Changes:<br><br>- Support the default layout feature in mdadm (https://github.com/flatcar/coreos-overlay/pull/146)<br><br>Updates:<br><br>- Linux [5.4.4](https://lwn.net/Articles/807611/)<br>- containerd [1.3.2](https://github.com/containerd/containerd/releases/tag/v1.3.2)<br>- mdadm [4.1](https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/tag/?h=mdadm-4.1)<br>- wireguard [20191212](https://git.zx2c4.com/WireGuard/tag/?h=0.0.20191212)<br>Packages:<br>- docker 19.03.5<br>- ignition 0.33.0<br>- kernel 5.4.4<br>- rkt 1.30.0<br>- systemd 242<br><br>Architectures:<br>- amd64<br>- arm64<br> 2019-12-20T09:28:45+00:00 @@ -1222,7 +1230,7 @@ https://github.com/flatcar/manifest/releases/tag/v2345.99.0 2345.99.0 - 2023-10-25T10:20:43.871610+00:00 + 2023-11-22T09:59:33.778293+00:00 ## Flatcar updates<br><br>This release is done for both amd64 and arm64.<br><br>Security fixes:<br><br>- Fix Intel CPU disclosure of memory to user process. Complete mitigation requires [manually disabling TSX or SMT](https://docs.flatcar-linux.org/os/disabling-smt/) on affected processors. ([CVE-2019-11135](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11135), [TAA](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00270.html))<br>- Fix Intel CPU denial of service by a malicious guest VM ([CVE-2018-12207](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12207))<br>- Fix curl Kerberos FTP double free ([CVE-2019-5481](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5481))<br>- Fix curl TFTP buffer overflow with non-default block size ([CVE-2019-5482](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5482))<br>- Fix openssl key extraction attacks under non-default conditions ([CVE-2019-1563](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563), [CVE-2019-1547](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1547))<br>- Fix heap-based buffer over-read in libexpat ([CVE-2019-15903](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903))<br><br>Bug fixes:<br><br>- Fix cross-build issues around WAF by creating wrappers (https://github.com/flatcar/coreos-overlay/pull/138)<br>- Fix rust-related issues around cross toolchains (https://github.com/flatcar/scripts/pull/34)<br>- Fix time zone for Brazil (https://github.com/flatcar/coreos-overlay/pull/118)<br><br>Changes:<br><br>- Support cross-builds for ARM64 (https://github.com/flatcar/coreos-overlay/pull/122)<br><br>Updates:<br><br>- Linux [5.4.2](https://lwn.net/Articles/806394/)<br>- curl [7.66.0](https://curl.haxx.se/mail/archive-2019-09/0002.html)<br>- docker [19.03.5](https://docs.docker.com/engine/release-notes/#19035)<br>- etcd [3.3.18](https://github.com/etcd-io/etcd/releases/tag/v3.3.18)<br>- expat [2.2.8](https://github.com/libexpat/libexpat/releases/tag/R_2_2_8)<br>- intel-microcode [20191115](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/blob/microcode-20191115/releasenote)<br>- ldb [1.3.6](https://gitlab.com/samba-team/samba/-/tags/ldb-1.3.6)<br>- openssl [1.0.2t](https://www.openssl.org/news/cl102.txt)<br>- samba [4.8.6](https://gitlab.com/samba-team/samba/-/tags/samba-4.8.6)<br>- talloc [2.1.11](https://gitlab.com/samba-team/samba/-/tags/talloc-2.1.11)<br>- tdb [1.3.15](https://gitlab.com/samba-team/samba/-/tags/tdb-1.3.15)<br>- tevent [0.9.37](https://gitlab.com/samba-team/samba/-/tags/tevent-0.9.37)<br>- timezone-data [2019c](http://mm.icann.org/pipermail/tz-announce/2019-September/000057.html)<br>Packages:<br>- docker 19.03.5<br>- ignition 0.33.0<br>- kernel 5.4.2<br>- rkt 1.30.0<br>- systemd 242<br><br>Architectures:<br>- amd64<br>- arm64<br> 2019-12-10T09:21:56+00:00 @@ -1230,7 +1238,7 @@ https://github.com/flatcar/manifest/releases/tag/v2303.99.1 2303.99.1 - 2023-10-25T10:20:43.865465+00:00 + 2023-11-22T09:59:33.772128+00:00 ## Flatcar updates<br><br>Bug fixes:<br><br>- Fix wrong CROS_WORKON_COMMIT values (https://github.com/flatcar/coreos-overlay/pull/101)<br>- Fix bug of unpacking tarballs failing when xattr is not supported (https://github.com/flatcar/torcx/pull/3)<br><br>Changes:<br><br>- Replace rkt with docker in scripts like kubelet-wrapper (https://github.com/flatcar/coreos-overlay/pull/103)<br><br>Updates:<br><br>- docker [19.03.4](https://docs.docker.com/engine/release-notes/#19034)<br>- containerd [1.3.0](https://github.com/containerd/containerd/releases/tag/v1.3.0)<br>Packages:<br>- docker 19.03.4<br>- ignition 0.33.0<br>- kernel 5.3.7<br>- rkt 1.30.0<br>- systemd 242<br><br>Architectures:<br>- amd64<br> 2019-11-01T16:45:14+00:00 @@ -1238,7 +1246,7 @@ https://github.com/flatcar/manifest/releases/tag/v2303.99.0 2303.99.0 - 2023-10-25T10:20:43.860838+00:00 + 2023-11-22T09:59:33.767414+00:00 ## Flatcar updates<br><br>Bug fixes:<br><br>- Fix issue of missing patches in grub (https://github.com/flatcar/grub/pull/1)<br>- Fix issue of wrong commit IDs for repos like [init](https://github.com/flatcar/init)<br>Packages:<br>- docker 19.03.2<br>- ignition 0.33.0<br>- kernel 5.3.7<br>- rkt 1.30.0<br>- systemd 242<br><br>Architectures:<br>- amd64<br> 2019-10-28T09:51:36+00:00 @@ -1246,7 +1254,7 @@ https://github.com/flatcar/manifest/releases/tag/v2296.99.0 2296.99.0 - 2023-10-25T10:20:43.856426+00:00 + 2023-11-22T09:59:33.762968+00:00 ## Flatcar updates<br><br>Security fixes:<br><br>- Fix panic caused by invalid DSA public keys in Go 1.12 and 1.13 ([CVE-2019-17596](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17596))<br>- Fix AppArmor restriction bypass issue in runc 1.0.0-rc8 or older ([CVE-2019-16884](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16884))<br>- Fix bypass of certain policy blacklists and session PAM modules in sudo 1.8.27 or older ([CVE-2019-14287](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14287))<br><br>Bug fixes:<br><br>- Fix rkt fetch issue that does not work without docker:// prefix in URLs (https://github.com/flatcar/coreos-overlay/pull/96)<br>- Multiple bug fixes from the upstream systemd-stable repo (https://github.com/flatcar/coreos-overlay/pull/97)<br><br>Updates: <br><br>- Linux [5.3.7](https://lwn.net/Articles/802627/)<br>- Go [1.12.12](https://go.googlesource.com/go/+/refs/tags/go1.12.12) and [1.13.3](https://go.googlesource.com/go/+/refs/tags/go1.13.3)<br>- runc [1.0.0-rc9](https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc9)<br>- sudo [1.8.28](https://www.sudo.ws/stable.html#1.8.28)<br>Packages:<br>- docker 19.03.2<br>- ignition 0.33.0<br>- kernel 5.3.7<br>- rkt 1.30.0<br>- systemd 242<br><br>Architectures:<br>- amd64<br> 2019-10-23T08:54:42+00:00 @@ -1254,7 +1262,7 @@ https://github.com/flatcar/manifest/releases/tag/v2275.99.0 2275.99.0 - 2023-10-25T10:20:43.851271+00:00 + 2023-11-22T09:59:33.757801+00:00 ## Flatcar updates<br><br>Security fixes:<br><br>- Fix dbus authentication bypass in non-default configurations ([CVE-2019-12749](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12749))<br>- Fix kernel KVM guest escape ([CVE-2019-14835](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14835))<br>- Fix race condition in Intel microprocessors ([CVE-2019-11184](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11184))<br>- Fix invalid HTTP/1.1 handling in net/http of Go ([CVE-2019-16276](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16276))<br><br>Bug fixes:<br><br>- Fix path prefix in crio-wipe.service in cri-o (https://github.com/flatcar/coreos-overlay/pull/91)<br>- Fix ListenPort= in WireGuard section in systemd (https://github.com/flatcar/systemd/pull/5)<br><br>Updates: <br><br> - Linux [5.3.1](https://lwn.net/Articles/800245/)<br> - Go [1.12.10](https://go.googlesource.com/go/+/refs/tags/go1.12.10)<br> - coreos-firmware [20190815](https://github.com/flatcar/coreos-overlay/pull/93/commits/3c63b3d592960030b32ddabac7a1f6cba61b18ab) (https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20190815)<br> - cri-o [1.15.2](https://github.com/cri-o/cri-o/releases/tag/v1.15.2)<br> - cri-tools [1.16.1](https://github.com/kubernetes-sigs/cri-tools/releases/tag/v1.16.1)<br> - intel-microcode [20190918](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/blob/microcode-20190918/releasenote)<br><br>Packages:<br>- docker 19.03.2<br>- ignition 0.33.0<br>- kernel 5.3.1<br>- rkt 1.30.0<br>- systemd 242<br><br>Architectures:<br>- amd64<br> 2019-10-14T08:54:42+00:00 @@ -1262,7 +1270,7 @@ https://github.com/flatcar/manifest/releases/tag/v2261.99.0 2261.99.0 - 2023-10-25T10:20:43.845975+00:00 + 2023-11-22T09:59:33.752518+00:00 ## Flatcar updates<br><br>Security fixes:<br><br>- Fix systemd-resolved bug allowing unprivileged users to change DNS settings ([CVE-2019-15718](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15718))<br><br>Bug fixes:<br><br> - Fix commit ID to match with Manifest in coreos-firmware (https://github.com/flatcar/coreos-overlay/pull/76)<br> - Use mantle/ignition versions which have the `opt/org.flatcar-linux` Ignition variable (https://github.com/flatcar/coreos-overlay/pull/77)<br><br>Updates: <br><br> - Linux [5.2.13](https://lwn.net/Articles/798626/)<br> - systemd [v242](https://github.com/systemd/systemd/releases/tag/v242) (https://github.com/flatcar/coreos-overlay/pull/71)<br> - containerd [1.2.8](https://github.com/containerd/containerd/releases/tag/v1.2.8)<br> - cri-o [1.15.1](https://github.com/cri-o/cri-o/releases/tag/v1.15.1)<br> - docker [19.03.2](https://docs.docker.com/engine/release-notes/#19032)<br>Packages:<br>- docker 19.03.2<br>- ignition 0.33.0<br>- kernel 5.2.13<br>- rkt 1.30.0<br>- systemd 242<br><br>Architectures:<br>- amd64<br> 2019-09-19T13:43:42+00:00 @@ -1270,7 +1278,7 @@ https://github.com/flatcar/manifest/releases/tag/v2247.99.0 2247.99.0 - 2023-10-25T10:20:43.841074+00:00 + 2023-11-22T09:59:33.747574+00:00 ## Flatcar updates<br><br>Security fixes:<br><br> - Fix secret leakage in libgcrypt ([CVE-2018-6829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6829))<br> - Fix denial of service in libtasn1 ([CVE-2018-1000654](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000654))<br> - Fix bypass of a protection mechanism in libxslt ([CVE-2019-11068](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11068))<br><br>Bug fixes:<br><br> - Fix an issue of oem-gce crashlooping in GCE images (https://github.com/flatcar/coreos-overlay/pull/69)<br><br>Updates: <br><br> - Linux [5.2.11](https://lwn.net/Articles/797814/)<br> - libgcrypt [1.8.3](https://github.com/gpg/libgcrypt/releases/tag/libgcrypt-1.8.3)<br> - libtasn1 [4.13](https://github.com/gnutls/libtasn1/releases/tag/libtasn1_4_13)<br> - libxslt [1.1.33](https://github.com/GNOME/libxslt/releases/tag/v1.1.33)<br><br>Packages:<br>- docker 19.03.1<br>- ignition 0.33.0<br>- kernel 5.2.11<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-09-03T18:01:18+00:00 @@ -1278,7 +1286,7 @@ https://github.com/flatcar/manifest/releases/tag/v2234.99.0 2234.99.0 - 2023-10-25T10:20:43.836087+00:00 + 2023-11-22T09:59:33.742639+00:00 ## Flatcar updates<br><br>Security fixes:<br><br> - Fix denial of service in HTTP/2 implementations written in Go ([CVE-2019-9512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512) [CVE-2019-9514](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514) [CVE-2019-14809](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14809) )<br> - Fix arbitrary execution of code in libarchive ( [CVE-2017-14166](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14166) [CVE-2017-14501](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14501) [CVE-2017-14502](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14502) [CVE-2017-14503](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14503) )<br> - Fix privilege escalation issues in polkit ([CVE-2018-1116](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1116) [CVE-2018-19788](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19788) ) <br> - Fix arbitrary execution of SQL statements in sqlite ( [CVE-2019-5018](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5018) [CVE-2019-9936](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9936) [CVE-2019-9937](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9937) )<br> - Fix arbitrary execution of code in wget ( [CVE-2019-5953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5953) )<br> - Fix issues of secret leakage and nsswitch based config in Docker ( [CVE-2019-13509](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13509) [CVE-2019-14271](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14271) )<br><br>Bug fixes:<br><br> - Remove unnecessary dependency on Go 1.6 from cgroupid (https://github.com/flatcar/coreos-overlay/commit/20f24ed14daf747e9b6923ee6baf2aa3635589e8)<br><br>Updates: <br><br> - Linux [5.2.9](https://lwn.net/Articles/796462/)<br> - Binutils [2.32-r1](https://github.com/flatcar/portage-stable/commit/6124ccfbdf9b42b43f3bcc54331b1a590a09c142)<br> - Docker [19.03.1](https://github.com/flatcar/coreos-overlay/pull/62)<br> - Go [1.12.9](https://github.com/golang/go/releases/tag/go1.12.9)<br> - Libarchive [3.3.3](https://github.com/libarchive/libarchive/releases/tag/v3.3.3)<br> - Patch [2.7.6-r4](https://github.com/flatcar/portage-stable/commit/54a7e341d741c4dab4ac8df3bda7665c49700a12)<br> - Polkit [0.113-r5](https://github.com/flatcar/coreos-overlay/commit/a42f51d3714ae96577392293d0a683c324a4f6ee)<br> - Rust [1.37.0](https://github.com/rust-lang/rust/releases/tag/1.37.0)<br> - Cargo [1.37.0](https://github.com/rust-lang/rust/releases/tag/1.37.0) (https://github.com/rust-lang/cargo/releases/tag/0.38.0)<br> - Sqlite [3.29.0](https://repo.or.cz/sqlite.git/shortlog/refs/tags/version-3.29.0)<br> - Wget [1.20.3](http://git.savannah.gnu.org/cgit/wget.git/tag/?h=v1.20.3)<br><br>Packages:<br>- docker 19.03.1<br>- ignition 0.33.0<br>- kernel 5.2.9<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-08-28T15:11:00+00:00 @@ -1286,7 +1294,7 @@ https://github.com/flatcar/manifest/releases/tag/v2219.99.1 2219.99.1 - 2023-10-25T10:20:43.830008+00:00 + 2023-11-22T09:59:33.736464+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2219.1.0):<br><br>Security fixes:<br>- Fix Linux information leak attack vector via speculative side channel ([CVE-2019-1125](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1125))<br><br>## Flatcar updates<br><br>Security fixes:<br>- Use secure_getenv to fix a vulnerability around XDG_SEAT in pam_systemd (https://github.com/flatcar/coreos-overlay/pull/61) ([CVE-2019-3842](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3842)) <br><br>Bug fixes:<br>- Get SELinux context included in torcx tarballs (https://github.com/flatcar/scripts/pull/16)<br>- Enable XattrPrivileged for untar to fix SELinux issue (https://github.com/flatcar/torcx/pull/1)<br><br>Updates:<br>- Linux [5.2.7](https://lwn.net/Articles/795524/)<br>- cri-o [1.15.0](https://github.com/flatcar/coreos-overlay/pull/59)<br><br>Changes:<br>- Add "-s" flag in flatcar-install to install to smallest disk (https://github.com/flatcar/init/pull/7)<br><br>Packages:<br>- docker 18.09.7<br>- ignition 0.33.0<br>- kernel 5.2.7<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-08-09T17:41:16+00:00 @@ -1294,7 +1302,7 @@ https://github.com/flatcar/manifest/releases/tag/v2219.99.0 2219.99.0 - 2023-10-25T10:20:43.824984+00:00 + 2023-11-22T09:59:33.731266+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2219.0.0):<br><br>Bug fixes:<br>- Fix Ignition fetching from S3 URLs when network is slow to start ([ignition#826](https://github.com/coreos/ignition/issues/826))<br><br>## Flatcar updates<br><br>Bug fixes:<br><br> - Fix cgroup v2 path for systemd hybrid mode in runc (https://github.com/flatcar/coreos-overlay/pull/58)<br> - Fix issue of rsyslog not running with root directory in systemd (https://github.com/flatcar/systemd/pull/3)<br><br>Updates: <br><br> - Linux [5.2.5](https://lwn.net/Articles/795009/)<br><br>Changes:<br> - Enable SELinux for tar and coreutils for SDK profile (https://github.com/flatcar/coreos-overlay/pull/55)<br><br>Packages:<br>- docker 18.09.7<br>- ignition 0.33.0<br>- kernel 5.2.5<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-08-05T09:06:39+00:00 @@ -1302,7 +1310,7 @@ https://github.com/flatcar/manifest/releases/tag/v2205.99.1 2205.99.1 - 2023-10-25T10:20:43.820160+00:00 + 2023-11-22T09:59:33.726342+00:00 ## Flatcar updates<br><br>Bug fixes:<br><br> - [Temporary workaround for runc on Flatcar: disable SELinux for runc v1.0.0-rc8](https://github.com/flatcar/coreos-overlay/pull/53)<br> - [Fix a bug in bind mount options in systemd](https://github.com/flatcar/coreos-overlay/pull/52)<br><br>Updates: <br><br> - [Upgrade runc to 1.0.0-rc8](https://github.com/flatcar/coreos-overlay/pull/51)<br><br>Packages:<br>- docker 18.09.7<br>- ignition 0.33.0<br>- kernel 5.2.1<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-07-29T09:39:34+00:00 @@ -1310,7 +1318,7 @@ https://github.com/flatcar/manifest/releases/tag/v2205.99.0 2205.99.0 - 2023-10-25T10:20:43.815683+00:00 + 2023-11-22T09:59:33.721717+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2205.0.0):<br><br>Bug fixes:<br><br> - Fix Docker `device or resource busy` error when creating overlay mounts, introduced in 2191.99.0<br><br>## Flatcar updates<br><br>Updates: <br><br> - Linux [5.2.1](https://lwn.net/Articles/793683/)<br>Packages:<br>- docker 18.09.7<br>- ignition 0.33.0<br>- kernel 5.2.1<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-07-17T13:54:57+00:00 @@ -1318,7 +1326,7 @@ https://github.com/flatcar/manifest/releases/tag/v2191.99.1 2191.99.1 - 2023-10-25T10:20:43.811205+00:00 + 2023-11-22T09:59:33.717178+00:00 ## Flatcar updates<br><br>Bug fixes:<br><br>- Fix a bug in systemd not being able to activate netlink (https://github.com/flatcar/coreos-overlay/pull/49)<br><br>Updates:<br><br>- Linux [5.2](https://lwn.net/Articles/792995/)<br>- docker [18.09.7](https://github.com/flatcar/coreos-overlay/pull/46)<br>- wireguard [0.0.20190702](https://github.com/flatcar/coreos-overlay/pull/48/commits/0af0437c3dc14e4ac8763a9a335b799e739f4f3b)<br>- coreos-firmware [20190620](https://github.com/flatcar/coreos-overlay/pull/48/commits/e0e285c0bf7a6953fafbe10a5539bc8c84dbf48f)<br><br>Packages:<br>- docker 18.09.7<br>- ignition 0.33.0<br>- kernel 5.2.0<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-07-09T13:00:37+00:00 @@ -1326,7 +1334,7 @@ https://github.com/flatcar/manifest/releases/tag/v2191.99.0 2191.99.0 - 2023-10-25T10:20:43.806547+00:00 + 2023-11-22T09:59:33.712496+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2191.0.0):<br><br>Security fixes:<br><br> * Fix libexpat denial of service ([CVE-2018-20843](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20843))<br><br>Bug fixes:<br><br> * Fix Ignition panic when no `guestinfo.(coreos|ignition).config` parameters are specified on VMware (https://github.com/coreos/ignition/issues/821)<br><br>Updates:<br><br> * expat [2.2.7](https://github.com/libexpat/libexpat/releases/tag/R_2_2_7)<br> * Ignition [0.33.0](https://github.com/coreos/ignition/releases/tag/v0.33.0)<br><br>## Flatcar updates<br><br>Bug fixes:<br><br>- make containerd listen on localhost (https://github.com/flatcar/coreos-overlay/pull/41)<br><br>Updates:<br><br>- Linux [5.1.15](https://lwn.net/Articles/792008/)<br>- cri-tools [1.14.0](https://github.com/flatcar/coreos-overlay/pull/42)<br><br>Changes:<br><br>- Fix installation prefix of conmon in a cri-o example config (https://github.com/flatcar/coreos-overlay/pull/43)<br><br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 5.1.15<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-07-04T08:25:18+00:00 @@ -1334,7 +1342,7 @@ https://github.com/flatcar/manifest/releases/tag/v2163.99.0 2163.99.0 - 2023-10-25T10:20:43.801519+00:00 + 2023-11-22T09:59:33.707441+00:00 ## Flatcar updates<br><br>Security fixes:<br>- Fix Linux TCP remotely-triggerable kernel panic and excessive resource consumption ([CVE-2019-11477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11477), [CVE-2019-11478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11478), [CVE-2019-11479](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11479))<br><br>Updates:<br><br>- Linux [5.1.11](https://lwn.net/Articles/791290/)<br>- cri-o [1.14.4](https://github.com/flatcar/coreos-overlay/pull/40)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.32.0<br>- kernel 5.1.11<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-06-21T14:11:23+00:00 @@ -1342,7 +1350,7 @@ https://github.com/flatcar/manifest/releases/tag/v2149.99.0 2149.99.0 - 2023-10-25T10:20:43.796946+00:00 + 2023-11-22T09:59:33.702840+00:00 ## Flatcar updates<br><br>Security fixes:<br>- Fix Intel CPU disclosure of memory to user process. Complete mitigation requires [manually disabling SMT](https://docs.flatcar-linux.org/os/disabling-smt/) on affected processors. ([CVE-2019-11091](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11091), [CVE-2018-12126](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12126), [CVE-2018-12127](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12127), [CVE-2018-12130](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12130), [MDS](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html))<br><br>Bug fixes:<br>- Fix kernel build path issues to build coreos-firmware (https://github.com/flatcar/coreos-overlay/pull/36) (https://github.com/flatcar/coreos-overlay/pull/31)<br><br>Updates:<br>- intel-microcode [20190514](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/blob/microcode-20190514/releasenote)<br>- Linux [5.1.5](https://lwn.net/Articles/789418/)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.32.0<br>- kernel 5.1.5<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-05-28T08:35:24+00:00 @@ -1350,7 +1358,7 @@ https://github.com/flatcar/manifest/releases/tag/v2135.99.0 2135.99.0 - 2023-10-25T10:20:43.792069+00:00 + 2023-11-22T09:59:33.697897+00:00 ## Initial release<br><br>This is the first release meant to be used by the public so all the Edge changes are listed.<br><br>## Flatcar updates<br><br>Changes:<br><br>* Add bpftool (https://github.com/flatcar/coreos-overlay/pull/24)<br>* Add [wireguard](https://www.wireguard.com/) (https://github.com/flatcar/coreos-overlay/pull/32)<br>* Add a new package cri-o (https://github.com/flatcar/coreos-overlay/pull/29)<br>* Add cgroupid and patch runc for OCI hooks (https://github.com/flatcar/coreos-overlay/pull/23)<br>* Enable cgroup v2 via kernel command line (https://github.com/flatcar/scripts/commit/271ec2423bc99c9d23faf4ab6ae722726f955966)<br>* Add missing OEM changes for cloud providers to enable cgroup v2 (https://github.com/flatcar/coreos-overlay/commit/f4dde83caf457fc5b480edbbb54d550632c92cf3)<br>* Make docker and containerd support cgroup v2 (https://github.com/flatcar/coreos-overlay/commit/8184af2518634c115dd6ef623959da5948be4cca)<br>* Add CFLAGS to prevent the Spectre v2 (https://github.com/flatcar/coreos-overlay/pull/28)<br><br>Updates:<br><br>* Linux [5.1.0](https://lwn.net/Articles/787556/)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.32.0<br>- kernel 5.1.0<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-05-15T13:42:10+00:00 @@ -1358,7 +1366,7 @@ https://github.com/flatcar/manifest/releases/tag/v2121.99.0 2121.99.0 - 2023-10-25T10:20:43.786965+00:00 + 2023-11-22T09:59:33.692789+00:00 ## Flatcar updates<br><br>Changes:<br><br>* add a new package cri-o (https://github.com/flatcar/coreos-overlay/pull/29)<br>* add CFLAGS to prevent the Spectre v2 (https://github.com/flatcar/coreos-overlay/pull/28)<br><br>Updates:<br><br>* Linux [5.0.9](https://lwn.net/Articles/786360/)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.32.0<br>- kernel 5.0.9<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-04-29T19:25:05+00:00 @@ -1366,7 +1374,7 @@ https://github.com/flatcar/manifest/releases/tag/v2107.99.0 2107.99.0 - 2023-10-25T10:20:43.782526+00:00 + 2023-11-22T09:59:33.688256+00:00 ## Flatcar updates<br><br>Changes:<br><br>* add cgroupid and patch runc for OCI hooks (https://github.com/flatcar/coreos-overlay/pull/23)<br>* add bpftool (https://github.com/flatcar/coreos-overlay/pull/24)<br><br>Updates:<br><br>* Linux [5.0.7](https://lwn.net/Articles/786049/)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.31.0<br>- kernel 5.0.7<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-04-26T14:02:24+00:00 @@ -1374,7 +1382,7 @@ https://github.com/flatcar/manifest/releases/tag/v2079.99.0 2079.99.0 - 2023-10-25T10:20:43.778052+00:00 + 2023-11-22T09:59:33.683793+00:00 ## Flatcar updates<br><br>Updates:<br><br>* Linux [5.0.1](https://lwn.net/Articles/782717/)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.31.0<br>- kernel 5.0.1<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-04-26T14:01:27+00:00 @@ -1382,7 +1390,7 @@ https://github.com/flatcar/manifest/releases/tag/v2051.99.2 2051.99.2 - 2023-10-25T10:20:43.773748+00:00 + 2023-11-22T09:59:33.679444+00:00 ## Flatcar updates<br><br>Bug fixes:<br><br>* Add missing OEM changes for cloud providers to enable cgroup v2 (https://github.com/flatcar/coreos-overlay/commit/f4dde83caf457fc5b480edbbb54d550632c92cf3)<br><br>Packages:<br>- docker 18.06.1<br>- ignition 0.30.0<br>- kernel 4.19.20<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2019-04-26T14:00:54+00:00 @@ -1390,15 +1398,23 @@ https://github.com/flatcar/manifest/releases/tag/v2051.99.1 2051.99.1 - 2023-10-25T10:20:43.769341+00:00 + 2023-11-22T09:59:33.674933+00:00 ## Flatcar updates<br><br>Changes:<br><br>* enable cgroup v2 via kernel command line (https://github.com/flatcar/scripts/commit/271ec2423bc99c9d23faf4ab6ae722726f955966)<br>* make docker and containerd support cgroup v2 (https://github.com/flatcar/coreos-overlay/commit/8184af2518634c115dd6ef623959da5948be4cca)<br><br>Packages:<br>- docker 18.06.1<br>- ignition 0.30.0<br>- kernel 4.19.20<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2019-04-26T13:59:39+00:00 + + https://github.com/flatcar/scripts/releases/tag/beta-3760.1.0 + 3760.1.0 + 2023-11-22T09:59:33.662593+00:00 + :warning: From Alpha 3794.0.0 Torcx has been removed - please assert that you don't rely on specific Torcx mechanism but now use systemd-sysext. See [here](https://www.flatcar.org/docs/latest/provisioning/sysext/) for more information.<br><br> _Changes since **Beta 3745.1.0**_<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2023-35827](https://nvd.nist.gov/vuln/detail/CVE-2023-35827), [CVE-2023-46813](https://nvd.nist.gov/vuln/detail/CVE-2023-46813), [CVE-2023-46862](https://nvd.nist.gov/vuln/detail/CVE-2023-46862), [CVE-2023-5178](https://nvd.nist.gov/vuln/detail/CVE-2023-5178), [CVE-2023-5717](https://nvd.nist.gov/vuln/detail/CVE-2023-5717))<br> - curl ([CVE-2023-38545](https://nvd.nist.gov/vuln/detail/CVE-2023-38545), [CVE-2023-38546](https://nvd.nist.gov/vuln/detail/CVE-2023-38546))<br> - glibc ([CVE-2023-4911](https://nvd.nist.gov/vuln/detail/CVE-2023-4911))<br> - go ([CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325), [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325))<br> - grub ([CVE-2023-4692](https://nvd.nist.gov/vuln/detail/CVE-2023-4692), [CVE-2023-4693](https://nvd.nist.gov/vuln/detail/CVE-2023-4693))<br> - libtirpc ([libtirpc-rhbg-2138317](http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=4a2d85c64110ee9e21a8c4f9dafd6b0ae621506d), [libtirpc-rhbg-2150611](http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=f7f0abdf267698de3f74a0285405b1b01f40893b), [libtirpc-rhbg-2224666](http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=1d2e10afb2ffc35cb3623f57a15f712359f18e75))<br> <br> #### Bug fixes:<br> <br> - Added AWS EKS support for versions 1.24-1.28. Fixed `/usr/share/amazon/eks/download-kubelet.sh` to include download paths for these versions. ([scripts#1210](https://github.com/flatcar/scripts/pull/1210))<br> - Fixed iterating over the OEM update payload signatures which prevented the AWS OEM update to 3745.x.y ([update-engine#31](https://github.com/flatcar/update_engine/pull/31))<br> - Fixed quotes handling for update-engine ([Flatcar#1209](https://github.com/flatcar/Flatcar/issues/1209))<br> - Made `sshkeys.service` more robust to only run `coreos-metadata-sshkeys@core.service` when not masked and also retry on failure ([init#112](https://github.com/flatcar/init/pull/112))<br> <br> #### Changes:<br> <br> - Brightbox: The regular OpenStack image should now be used, it includes Afterburn for instance metadata attributes<br> - OpenStack: An uncompressed image is provided for simpler import (since the images use qcow2 inline compression, there is no benefit in using the `.gz` or `.bz2` images)<br> <br> #### Updates:<br> <br> - Go ([1.20.10](https://go.dev/doc/devel/release#go1.20.10) (includes [1.20.9](https://go.dev/doc/devel/release#go1.20.9)))<br> - Linux ([6.1.62](https://lwn.net/Articles/950700) (includes [6.1.61](https://lwn.net/Articles/949826), [6.1.60](https://lwn.net/Articles/948817) and includes [6.1.59](https://lwn.net/Articles/948299)))<br> - containerd ([1.7.7](https://github.com/containerd/containerd/releases/tag/v1.7.7))<br> - curl ([8.4.0](https://curl.se/changes.html#8_4_0))<br> - libnl ([3.8.0](https://github.com/thom311/libnl/compare/libnl3_7_0...libnl3_8_0))<br> - libtirpc ([1.3.4](https://marc.info/?l=linux-nfs&m=169667640909830&w=2))<br> - libxml2 ([2.11.5](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.5))<br> - openssh ([9.5p1](https://www.openssh.com/releasenotes.html#9.5p1))<br> - pigz ([2.8](https://zlib.net/pipermail/pigz-announce_zlib.net/2023-August/000018.html))<br> - strace([6.4](https://github.com/strace/strace/releases/tag/v6.4))<br> - whois ([5.5.18](https://github.com/rfc1036/whois/blob/v5.5.18/debian/changelog))<br> <br> _Changes since **Alpha 3760.0.0**_<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2023-35827](https://nvd.nist.gov/vuln/detail/CVE-2023-35827), [CVE-2023-46813](https://nvd.nist.gov/vuln/detail/CVE-2023-46813), [CVE-2023-46862](https://nvd.nist.gov/vuln/detail/CVE-2023-46862), [CVE-2023-5178](https://nvd.nist.gov/vuln/detail/CVE-2023-5178), [CVE-2023-5717](https://nvd.nist.gov/vuln/detail/CVE-2023-5717))<br> <br> #### Bug fixes:<br> <br> - Fixed iterating over the OEM update payload signatures which prevented the AWS OEM update to 3745.x.y ([update-engine#31](https://github.com/flatcar/update_engine/pull/31))<br> - Made `sshkeys.service` more robust to only run `coreos-metadata-sshkeys@core.service` when not masked and also retry on failure ([init#112](https://github.com/flatcar/init/pull/112))<br> <br> #### Changes:<br> <br> - Brightbox: The regular OpenStack image should now be used, it includes Afterburn for instance metadata attributes<br> - OpenStack: An uncompressed image is provided for simpler import (since the images use qcow2 inline compression, there is no benefit in using the `.gz` or `.bz2` images)<br> <br> #### Updates:<br> <br> - Linux ([6.1.62](https://lwn.net/Articles/950700) (includes [6.1.61](https://lwn.net/Articles/949826), [6.1.60](https://lwn.net/Articles/948817) and includes [6.1.59](https://lwn.net/Articles/948299)))<br>Packages:<br>- containerd 1.7.7<br>- docker 20.10.24<br>- ignition 2.15.0<br>- kernel 6.1.62<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> + + 2023-11-22T07:54:40+00:00 + https://github.com/flatcar/scripts/releases/tag/beta-3745.1.0 3745.1.0 - 2023-10-25T10:20:43.756256+00:00 + 2023-11-22T09:59:33.654620+00:00 _Changes since **Beta 3732.1.0**_<br> <br> #### Security fixes:<br> <br> - curl ([CVE-2023-38039](https://nvd.nist.gov/vuln/detail/CVE-2023-38039), [CVE-2023-38545](https://nvd.nist.gov/vuln/detail/CVE-2023-38545), [CVE-2023-38546](https://nvd.nist.gov/vuln/detail/CVE-2023-38546))<br> - glibc ([CVE-2023-4527](https://nvd.nist.gov/vuln/detail/CVE-2023-4527), [CVE-2023-4806](https://nvd.nist.gov/vuln/detail/CVE-2023-4806))<br> - lua ([CVE-2022-33099](https://nvd.nist.gov/vuln/detail/CVE-2022-33099))<br> - mit-krb5 ([CVE-2023-36054](https://nvd.nist.gov/vuln/detail/CVE-2023-36054))<br> - procps ([CVE-2023-4016](https://nvd.nist.gov/vuln/detail/CVE-2023-4016))<br> - samba ([CVE-2021-44142](https://nvd.nist.gov/vuln/detail/CVE-2021-44142), [CVE-2022-1615](https://nvd.nist.gov/vuln/detail/CVE-2022-1615))<br> <br> #### Bug fixes:<br> <br> - Disabled systemd-networkd's RoutesToDNS setting by default to fix provisioning failures observed in VMs with multiple network interfaces on Azure ([scripts#1206](https://github.com/flatcar/scripts/pull/1206))<br> - Fixed the postinstall hook failure when updating from Azure instances without OEM systemd-sysext images to Flatcar Alpha 3745.x.y ([update_engine#29](https://github.com/flatcar/update_engine/pull/29))<br> <br> #### Changes:<br> <br> - AWS OEM images now use a systemd-sysext image for layering additional platform-specific software on top of `/usr`<br> - Reworked the VMware OEM software to be shipped as A/B updated systemd-sysext image<br> - SDK: Experimental support for [prefix builds](https://github.com/flatcar/scripts/blob/main/PREFIX.md) to create distro independent, portable, self-contained applications w/ all dependencies included. With contributions from [chewi](https://github.com/chewi) and [HappyTobi](https://github.com/HappyTobi).<br> - Started shipping default ssh client and ssh daemon configs in `/etc/ssh/ssh_config` and `/etc/ssh/sshd_config` which include config snippets in `/etc/ssh/ssh_config.d` and `/etc/ssh/sshd_config.d`, respectively.<br> - The open-vm-tools package in VMware OEM now comes with vmhgfs-fuse, udev rules, pam and vgauth<br> - To make Kubernetes work by default, `/usr/libexec/kubernetes/kubelet-plugins/volume/exec` is now a symlink to the writable folder `/var/kubernetes/kubelet-plugins/volume/exec` ([Flatcar#1193](https://github.com/flatcar/Flatcar/issues/1193))<br> <br> #### Updates:<br> <br> - Linux ([6.1.58](https://lwn.net/Articles/947820) (includes [6.1.57](https://lwn.net/Articles/947298), [6.1.56](https://lwn.net/Articles/946854)))<br> - Linux Firmware ([20230919](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20230919))<br> - bind-tools ([9.16.42](https://bind9.readthedocs.io/en/v9.16.42/notes.html#notes-for-bind-9-16-42))<br> - ca-certificates ([3.94](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_94.html))<br> - checkpolicy ([3.5](https://github.com/SELinuxProject/selinux/releases/tag/3.5))<br> - curl ([8.3.0](https://curl.se/changes.html#8_3_0))<br> - gcc ([13.2](https://gcc.gnu.org/gcc-13/changes.html))<br> - gzip ([1.13](https://savannah.gnu.org/news/?id=10501))<br> - libgcrypt ([1.10.2](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=blob;f=NEWS;h=c9a239615f8070427a96688b1be40a81e59e9b8a;hb=1c5cbacf3d88dded5063e959ee68678ff7d0fa56))<br> - libselinux ([3.5](https://github.com/SELinuxProject/selinux/releases/tag/3.5))<br> - libsemanage ([3.5](https://github.com/SELinuxProject/selinux/releases/tag/3.5))<br> - libsepol ([3.5](https://github.com/SELinuxProject/selinux/releases/tag/3.5))<br> - lua ([5.4.6](https://www.lua.org/manual/5.4/readme.html#changes))<br> - mit-krb5 ([1.21.2](http://web.mit.edu/kerberos/krb5-1.21/))<br> - openssh ([9.4p1](https://www.openssh.com/releasenotes.html#9.4p1))<br> - policycoreutils ([3.5](https://github.com/SELinuxProject/selinux/releases/tag/3.5))<br> - procps ([4.0.4](https://gitlab.com/procps-ng/procps/-/releases/v4.0.4) (includes [4.0.3](https://gitlab.com/procps-ng/procps/-/releases/v4.0.3) and [4.0.0](https://gitlab.com/procps-ng/procps/-/releases/v4.0.0)))<br> - rpcsvc-proto ([1.4.4](https://github.com/thkukuk/rpcsvc-proto/releases/tag/v1.4.4))<br> - samba ([4.18.4](https://wiki.samba.org/index.php/Samba_4.18_Features_added/changed#Samba_4.18.4))<br> - selinux-base ([2.20221101](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20221101))<br> - selinux-base-policy ([2.20221101](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20221101))<br> - selinux-container ([2.20221101](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20221101))<br> - selinux-sssd ([2.20221101](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20221101))<br> - selinux-unconfined ([2.20221101](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20221101))<br> - semodule-utils ([3.5](https://github.com/SELinuxProject/selinux/releases/tag/3.5))<br> - SDK: Rust ([1.72.1](https://github.com/rust-lang/rust/releases/tag/1.72.1))<br> - VMWARE: libdnet ([1.16.2](https://github.com/ofalk/libdnet/releases/tag/libdnet-1.16.2) (includes [1.16](https://github.com/ofalk/libdnet/releases/tag/libdnet-1.16)))<br><br> _Changes since **Alpha 3745.0.0**_<br> <br> #### Security fixes:<br> <br> - curl ([CVE-2023-38545](https://nvd.nist.gov/vuln/detail/CVE-2023-38545), [CVE-2023-38546](https://nvd.nist.gov/vuln/detail/CVE-2023-38546))<br> <br> #### Bug fixes:<br> <br> - Disabled systemd-networkd's RoutesToDNS setting by default to fix provisioning failures observed in VMs with multiple network interfaces on Azure ([scripts#1206](https://github.com/flatcar/scripts/pull/1206))<br> - Fixed the postinstall hook failure when updating from Azure instances without OEM systemd-sysext images to Flatcar Alpha 3745.x.y ([update_engine#29](https://github.com/flatcar/update_engine/pull/29))<br> <br> #### Changes:<br> <br> - To make Kubernetes work by default, `/usr/libexec/kubernetes/kubelet-plugins/volume/exec` is now a symlink to the writable folder `/var/kubernetes/kubelet-plugins/volume/exec` ([Flatcar#1193](https://github.com/flatcar/Flatcar/issues/1193))<br> <br> #### Updates:<br> <br> - Linux ([6.1.58](https://lwn.net/Articles/947820) (includes [6.1.57](https://lwn.net/Articles/947298), [6.1.56](https://lwn.net/Articles/946854)))<br> - ca-certificates ([3.94](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_94.html))<br>Packages:<br>- containerd 1.7.6<br>- docker 20.10.24<br>- ignition 2.15.0<br>- kernel 6.1.58<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-10-25T08:38:48+00:00 @@ -1406,7 +1422,7 @@ https://github.com/flatcar/scripts/releases/tag/beta-3732.1.0 3732.1.0 - 2023-10-25T10:20:43.747372+00:00 + 2023-11-22T09:59:33.645680+00:00 _Changes since **Alpha 3732.0.0**_<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2023-42755](https://nvd.nist.gov/vuln/detail/CVE-2023-42755))<br> <br> #### Bug fixes:<br> <br> - Triggered re-reading of partition table to fix adding partitions to the boot disk ([scripts#1202](https://github.com/flatcar/scripts/pull/1202))<br> <br> #### Changes:<br> <br> - Use qcow2 compressed format instead of additional compression layer in Qemu images ([Flatcar#1135](https://github.com/flatcar/Flatcar/issues/1135), [scripts#1132](https://github.com/flatcar/scripts/pull/1132))<br> <br> #### Updates:<br> <br> - Linux ([6.1.55](https://lwn.net/Articles/945379))<br><br>_Changes compared to **Beta 3602.1.6**_<br><br> #### Security fixes:<br> <br> - Linux ([CVE-2020-36516](https://nvd.nist.gov/vuln/detail/CVE-2020-36516),[CVE-2021-26401](https://nvd.nist.gov/vuln/detail/CVE-2021-26401),[CVE-2021-33135](https://nvd.nist.gov/vuln/detail/CVE-2021-33135),[CVE-2021-33655](https://nvd.nist.gov/vuln/detail/CVE-2021-33655),[CVE-2021-3923](https://nvd.nist.gov/vuln/detail/CVE-2021-3923),[CVE-2021-4155](https://nvd.nist.gov/vuln/detail/CVE-2021-4155),[CVE-2021-4197](https://nvd.nist.gov/vuln/detail/CVE-2021-4197),[CVE-2021-43976](https://nvd.nist.gov/vuln/detail/CVE-2021-43976),[CVE-2021-44879](https://nvd.nist.gov/vuln/detail/CVE-2021-44879),[CVE-2021-45469](https://nvd.nist.gov/vuln/detail/CVE-2021-45469),[CVE-2022-0001](https://nvd.nist.gov/vuln/detail/CVE-2022-0001),[CVE-2022-0002](https://nvd.nist.gov/vuln/detail/CVE-2022-0002),[CVE-2022-0168](https://nvd.nist.gov/vuln/detail/CVE-2022-0168),[CVE-2022-0185](https://nvd.nist.gov/vuln/detail/CVE-2022-0185),[CVE-2022-0330](https://nvd.nist.gov/vuln/detail/CVE-2022-0330),[CVE-2022-0382](https://nvd.nist.gov/vuln/detail/CVE-2022-0382),[CVE-2022-0433](https://nvd.nist.gov/vuln/detail/CVE-2022-0433),[CVE-2022-0435](https://nvd.nist.gov/vuln/detail/CVE-2022-0435),[CVE-2022-0487](https://nvd.nist.gov/vuln/detail/CVE-2022-0487),[CVE-2022-0492](https://nvd.nist.gov/vuln/detail/CVE-2022-0492),[CVE-2022-0494](https://nvd.nist.gov/vuln/detail/CVE-2022-0494),[CVE-2022-0500](https://nvd.nist.gov/vuln/detail/CVE-2022-0500),[CVE-2022-0516](https://nvd.nist.gov/vuln/detail/CVE-2022-0516),[CVE-2022-0617](https://nvd.nist.gov/vuln/detail/CVE-2022-0617),[CVE-2022-0742](https://nvd.nist.gov/vuln/detail/CVE-2022-0742),[CVE-2022-0847](https://nvd.nist.gov/vuln/detail/CVE-2022-0847),[CVE-2022-0995](https://nvd.nist.gov/vuln/detail/CVE-2022-0995),[CVE-2022-1011](https://nvd.nist.gov/vuln/detail/CVE-2022-1011),[CVE-2022-1012](https://nvd.nist.gov/vuln/detail/CVE-2022-1012),[CVE-2022-1015](https://nvd.nist.gov/vuln/detail/CVE-2022-1015),[CVE-2022-1016](https://nvd.nist.gov/vuln/detail/CVE-2022-1016),[CVE-2022-1048](https://nvd.nist.gov/vuln/detail/CVE-2022-1048),[CVE-2022-1055](https://nvd.nist.gov/vuln/detail/CVE-2022-1055),[CVE-2022-1158](https://nvd.nist.gov/vuln/detail/CVE-2022-1158),[CVE-2022-1184](https://nvd.nist.gov/vuln/detail/CVE-2022-1184),[CVE-2022-1198](https://nvd.nist.gov/vuln/detail/CVE-2022-1198),[CVE-2022-1199](https://nvd.nist.gov/vuln/detail/CVE-2022-1199),[CVE-2022-1204](https://nvd.nist.gov/vuln/detail/CVE-2022-1204),[CVE-2022-1205](https://nvd.nist.gov/vuln/detail/CVE-2022-1205),[CVE-2022-1263](https://nvd.nist.gov/vuln/detail/CVE-2022-1263),[CVE-2022-1353](https://nvd.nist.gov/vuln/detail/CVE-2022-1353),[CVE-2022-1462](https://nvd.nist.gov/vuln/detail/CVE-2022-1462),[CVE-2022-1516](https://nvd.nist.gov/vuln/detail/CVE-2022-1516),[CVE-2022-1651](https://nvd.nist.gov/vuln/detail/CVE-2022-1651),[CVE-2022-1652](https://nvd.nist.gov/vuln/detail/CVE-2022-1652),[CVE-2022-1671](https://nvd.nist.gov/vuln/detail/CVE-2022-1671),[CVE-2022-1679](https://nvd.nist.gov/vuln/detail/CVE-2022-1679),[CVE-2022-1729](https://nvd.nist.gov/vuln/detail/CVE-2022-1729),[CVE-2022-1734](https://nvd.nist.gov/vuln/detail/CVE-2022-1734),[CVE-2022-1789](https://nvd.nist.gov/vuln/detail/CVE-2022-1789),[CVE-2022-1852](https://nvd.nist.gov/vuln/detail/CVE-2022-1852),[CVE-2022-1882](https://nvd.nist.gov/vuln/detail/CVE-2022-1882),[CVE-2022-1943](https://nvd.nist.gov/vuln/detail/CVE-2022-1943),[CVE-2022-1973](https://nvd.nist.gov/vuln/detail/CVE-2022-1973),[CVE-2022-1974](https://nvd.nist.gov/vuln/detail/CVE-2022-1974),[CVE-2022-1975](https://nvd.nist.gov/vuln/detail/CVE-2022-1975),[CVE-2022-1976](https://nvd.nist.gov/vuln/detail/CVE-2022-1976),[CVE-2022-1998](https://nvd.nist.gov/vuln/detail/CVE-2022-1998),[CVE-2022-20008](https://nvd.nist.gov/vuln/detail/CVE-2022-20008),[CVE-2022-20158](https://nvd.nist.gov/vuln/detail/CVE-2022-20158),[CVE-2022-20368](https://nvd.nist.gov/vuln/detail/CVE-2022-20368),[CVE-2022-20369](https://nvd.nist.gov/vuln/detail/CVE-2022-20369),[CVE-2022-20421](https://nvd.nist.gov/vuln/detail/CVE-2022-20421),[CVE-2022-20422](https://nvd.nist.gov/vuln/detail/CVE-2022-20422),[CVE-2022-20423](https://nvd.nist.gov/vuln/detail/CVE-2022-20423),[CVE-2022-20566](https://nvd.nist.gov/vuln/detail/CVE-2022-20566),[CVE-2022-20572](https://nvd.nist.gov/vuln/detail/CVE-2022-20572),[CVE-2022-2078](https://nvd.nist.gov/vuln/detail/CVE-2022-2078),[CVE-2022-21123](https://nvd.nist.gov/vuln/detail/CVE-2022-21123),[CVE-2022-21125](https://nvd.nist.gov/vuln/detail/CVE-2022-21125),[CVE-2022-21166](https://nvd.nist.gov/vuln/detail/CVE-2022-21166),[CVE-2022-21499](https://nvd.nist.gov/vuln/detail/CVE-2022-21499),[CVE-2022-21505](https://nvd.nist.gov/vuln/detail/CVE-2022-21505),[CVE-2022-2153](https://nvd.nist.gov/vuln/detail/CVE-2022-2153),[CVE-2022-2196](https://nvd.nist.gov/vuln/detail/CVE-2022-2196),[CVE-2022-22942](https://nvd.nist.gov/vuln/detail/CVE-2022-22942),[CVE-2022-23036](https://nvd.nist.gov/vuln/detail/CVE-2022-23036),[CVE-2022-23037](https://nvd.nist.gov/vuln/detail/CVE-2022-23037),[CVE-2022-23038](https://nvd.nist.gov/vuln/detail/CVE-2022-23038),[CVE-2022-23039](https://nvd.nist.gov/vuln/detail/CVE-2022-23039),[CVE-2022-23040](https://nvd.nist.gov/vuln/detail/CVE-2022-23040),[CVE-2022-23041](https://nvd.nist.gov/vuln/detail/CVE-2022-23041),[CVE-2022-23042](https://nvd.nist.gov/vuln/detail/CVE-2022-23042),[CVE-2022-2308](https://nvd.nist.gov/vuln/detail/CVE-2022-2308),[CVE-2022-2318](https://nvd.nist.gov/vuln/detail/CVE-2022-2318),[CVE-2022-23222](https://nvd.nist.gov/vuln/detail/CVE-2022-23222),[CVE-2022-2380](https://nvd.nist.gov/vuln/detail/CVE-2022-2380),[CVE-2022-23960](https://nvd.nist.gov/vuln/detail/CVE-2022-23960),[CVE-2022-24448](https://nvd.nist.gov/vuln/detail/CVE-2022-24448),[CVE-2022-24958](https://nvd.nist.gov/vuln/detail/CVE-2022-24958),[CVE-2022-24959](https://nvd.nist.gov/vuln/detail/CVE-2022-24959),[CVE-2022-2503](https://nvd.nist.gov/vuln/detail/CVE-2022-2503),[CVE-2022-25258](https://nvd.nist.gov/vuln/detail/CVE-2022-25258),[CVE-2022-25375](https://nvd.nist.gov/vuln/detail/CVE-2022-25375),[CVE-2022-25636](https://nvd.nist.gov/vuln/detail/CVE-2022-25636),[CVE-2022-2585](https://nvd.nist.gov/vuln/detail/CVE-2022-2585),[CVE-2022-2586](https://nvd.nist.gov/vuln/detail/CVE-2022-2586),[CVE-2022-2588](https://nvd.nist.gov/vuln/detail/CVE-2022-2588),[CVE-2022-2590](https://nvd.nist.gov/vuln/detail/CVE-2022-2590),[CVE-2022-2602](https://nvd.nist.gov/vuln/detail/CVE-2022-2602),[CVE-2022-26365](https://nvd.nist.gov/vuln/detail/CVE-2022-26365),[CVE-2022-26373](https://nvd.nist.gov/vuln/detail/CVE-2022-26373),[CVE-2022-2639](https://nvd.nist.gov/vuln/detail/CVE-2022-2639),[CVE-2022-26490](https://nvd.nist.gov/vuln/detail/CVE-2022-26490),[CVE-2022-2663](https://nvd.nist.gov/vuln/detail/CVE-2022-2663),[CVE-2022-26966](https://nvd.nist.gov/vuln/detail/CVE-2022-26966),[CVE-2022-27223](https://nvd.nist.gov/vuln/detail/CVE-2022-27223),[CVE-2022-27666](https://nvd.nist.gov/vuln/detail/CVE-2022-27666),[CVE-2022-27672](https://nvd.nist.gov/vuln/detail/CVE-2022-27672),[CVE-2022-2785](https://nvd.nist.gov/vuln/detail/CVE-2022-2785),[CVE-2022-27950](https://nvd.nist.gov/vuln/detail/CVE-2022-27950),[CVE-2022-28356](https://nvd.nist.gov/vuln/detail/CVE-2022-28356),[CVE-2022-28388](https://nvd.nist.gov/vuln/detail/CVE-2022-28388),[CVE-2022-28389](https://nvd.nist.gov/vuln/detail/CVE-2022-28389),[CVE-2022-28390](https://nvd.nist.gov/vuln/detail/CVE-2022-28390),[CVE-2022-2873](https://nvd.nist.gov/vuln/detail/CVE-2022-2873),[CVE-2022-28796](https://nvd.nist.gov/vuln/detail/CVE-2022-28796),[CVE-2022-28893](https://nvd.nist.gov/vuln/detail/CVE-2022-28893),[CVE-2022-2905](https://nvd.nist.gov/vuln/detail/CVE-2022-2905),[CVE-2022-29156](https://nvd.nist.gov/vuln/detail/CVE-2022-29156),[CVE-2022-2938](https://nvd.nist.gov/vuln/detail/CVE-2022-2938),[CVE-2022-29581](https://nvd.nist.gov/vuln/detail/CVE-2022-29581),[CVE-2022-29582](https://nvd.nist.gov/vuln/detail/CVE-2022-29582),[CVE-2022-2959](https://nvd.nist.gov/vuln/detail/CVE-2022-2959),[CVE-2022-2964](https://nvd.nist.gov/vuln/detail/CVE-2022-2964),[CVE-2022-2977](https://nvd.nist.gov/vuln/detail/CVE-2022-2977),[CVE-2022-2978](https://nvd.nist.gov/vuln/detail/CVE-2022-2978),[CVE-2022-29900](https://nvd.nist.gov/vuln/detail/CVE-2022-29900),[CVE-2022-29901](https://nvd.nist.gov/vuln/detail/CVE-2022-29901),[CVE-2022-29968](https://nvd.nist.gov/vuln/detail/CVE-2022-29968),[CVE-2022-3028](https://nvd.nist.gov/vuln/detail/CVE-2022-3028),[CVE-2022-30594](https://nvd.nist.gov/vuln/detail/CVE-2022-30594),[CVE-2022-3077](https://nvd.nist.gov/vuln/detail/CVE-2022-3077),[CVE-2022-3078](https://nvd.nist.gov/vuln/detail/CVE-2022-3078),[CVE-2022-3104](https://nvd.nist.gov/vuln/detail/CVE-2022-3104),[CVE-2022-3105](https://nvd.nist.gov/vuln/detail/CVE-2022-3105),[CVE-2022-3107](https://nvd.nist.gov/vuln/detail/CVE-2022-3107),[CVE-2022-3108](https://nvd.nist.gov/vuln/detail/CVE-2022-3108),[CVE-2022-3110](https://nvd.nist.gov/vuln/detail/CVE-2022-3110),[CVE-2022-3111](https://nvd.nist.gov/vuln/detail/CVE-2022-3111),[CVE-2022-3112](https://nvd.nist.gov/vuln/detail/CVE-2022-3112),[CVE-2022-3113](https://nvd.nist.gov/vuln/detail/CVE-2022-3113),[CVE-2022-3115](https://nvd.nist.gov/vuln/detail/CVE-2022-3115),[CVE-2022-3169](https://nvd.nist.gov/vuln/detail/CVE-2022-3169),[CVE-2022-3202](https://nvd.nist.gov/vuln/detail/CVE-2022-3202),[CVE-2022-32250](https://nvd.nist.gov/vuln/detail/CVE-2022-32250),[CVE-2022-32296](https://nvd.nist.gov/vuln/detail/CVE-2022-32296),[CVE-2022-3239](https://nvd.nist.gov/vuln/detail/CVE-2022-3239),[CVE-2022-32981](https://nvd.nist.gov/vuln/detail/CVE-2022-32981),[CVE-2022-3303](https://nvd.nist.gov/vuln/detail/CVE-2022-3303),[CVE-2022-3344](https://nvd.nist.gov/vuln/detail/CVE-2022-3344),[CVE-2022-33740](https://nvd.nist.gov/vuln/detail/CVE-2022-33740),[CVE-2022-33741](https://nvd.nist.gov/vuln/detail/CVE-2022-33741),[CVE-2022-33742](https://nvd.nist.gov/vuln/detail/CVE-2022-33742),[CVE-2022-33743](https://nvd.nist.gov/vuln/detail/CVE-2022-33743),[CVE-2022-33744](https://nvd.nist.gov/vuln/detail/CVE-2022-33744),[CVE-2022-33981](https://nvd.nist.gov/vuln/detail/CVE-2022-33981),[CVE-2022-3424](https://nvd.nist.gov/vuln/detail/CVE-2022-3424),[CVE-2022-3435](https://nvd.nist.gov/vuln/detail/CVE-2022-3435),[CVE-2022-34494](https://nvd.nist.gov/vuln/detail/CVE-2022-34494),[CVE-2022-34495](https://nvd.nist.gov/vuln/detail/CVE-2022-34495),[CVE-2022-34918](https://nvd.nist.gov/vuln/detail/CVE-2022-34918),[CVE-2022-3521](https://nvd.nist.gov/vuln/detail/CVE-2022-3521),[CVE-2022-3524](https://nvd.nist.gov/vuln/detail/CVE-2022-3524),[CVE-2022-3526](https://nvd.nist.gov/vuln/detail/CVE-2022-3526),[CVE-2022-3534](https://nvd.nist.gov/vuln/detail/CVE-2022-3534),[CVE-2022-3541](https://nvd.nist.gov/vuln/detail/CVE-2022-3541),[CVE-2022-3543](https://nvd.nist.gov/vuln/detail/CVE-2022-3543),[CVE-2022-3564](https://nvd.nist.gov/vuln/detail/CVE-2022-3564),[CVE-2022-3565](https://nvd.nist.gov/vuln/detail/CVE-2022-3565),[CVE-2022-3577](https://nvd.nist.gov/vuln/detail/CVE-2022-3577),[CVE-2022-3586](https://nvd.nist.gov/vuln/detail/CVE-2022-3586),[CVE-2022-3594](https://nvd.nist.gov/vuln/detail/CVE-2022-3594),[CVE-2022-3595](https://nvd.nist.gov/vuln/detail/CVE-2022-3595),[CVE-2022-36123](https://nvd.nist.gov/vuln/detail/CVE-2022-36123),[CVE-2022-3619](https://nvd.nist.gov/vuln/detail/CVE-2022-3619),[CVE-2022-3621](https://nvd.nist.gov/vuln/detail/CVE-2022-3621),[CVE-2022-3623](https://nvd.nist.gov/vuln/detail/CVE-2022-3623),[CVE-2022-3625](https://nvd.nist.gov/vuln/detail/CVE-2022-3625),[CVE-2022-3628](https://nvd.nist.gov/vuln/detail/CVE-2022-3628),[CVE-2022-36280](https://nvd.nist.gov/vuln/detail/CVE-2022-36280),[CVE-2022-3635](https://nvd.nist.gov/vuln/detail/CVE-2022-3635),[CVE-2022-3640](https://nvd.nist.gov/vuln/detail/CVE-2022-3640),[CVE-2022-3643](https://nvd.nist.gov/vuln/detail/CVE-2022-3643),[CVE-2022-3646](https://nvd.nist.gov/vuln/detail/CVE-2022-3646),[CVE-2022-3649](https://nvd.nist.gov/vuln/detail/CVE-2022-3649),[CVE-2022-36879](https://nvd.nist.gov/vuln/detail/CVE-2022-36879),[CVE-2022-36946](https://nvd.nist.gov/vuln/detail/CVE-2022-36946),[CVE-2022-3707](https://nvd.nist.gov/vuln/detail/CVE-2022-3707),[CVE-2022-38457](https://nvd.nist.gov/vuln/detail/CVE-2022-38457),[CVE-2022-3910](https://nvd.nist.gov/vuln/detail/CVE-2022-3910),[CVE-2022-39189](https://nvd.nist.gov/vuln/detail/CVE-2022-39189),[CVE-2022-39190](https://nvd.nist.gov/vuln/detail/CVE-2022-39190),[CVE-2022-3977](https://nvd.nist.gov/vuln/detail/CVE-2022-3977),[CVE-2022-40133](https://nvd.nist.gov/vuln/detail/CVE-2022-40133),[CVE-2022-40307](https://nvd.nist.gov/vuln/detail/CVE-2022-40307),[CVE-2022-40768](https://nvd.nist.gov/vuln/detail/CVE-2022-40768),[CVE-2022-4095](https://nvd.nist.gov/vuln/detail/CVE-2022-4095),[CVE-2022-40982](https://nvd.nist.gov/vuln/detail/CVE-2022-40982),[CVE-2022-41218](https://nvd.nist.gov/vuln/detail/CVE-2022-41218),[CVE-2022-4128](https://nvd.nist.gov/vuln/detail/CVE-2022-4128),[CVE-2022-4139](https://nvd.nist.gov/vuln/detail/CVE-2022-4139),[CVE-2022-41674](https://nvd.nist.gov/vuln/detail/CVE-2022-41674),[CVE-2022-41849](https://nvd.nist.gov/vuln/detail/CVE-2022-41849),[CVE-2022-41850](https://nvd.nist.gov/vuln/detail/CVE-2022-41850),[CVE-2022-41858](https://nvd.nist.gov/vuln/detail/CVE-2022-41858),[CVE-2022-42328](https://nvd.nist.gov/vuln/detail/CVE-2022-42328),[CVE-2022-42329](https://nvd.nist.gov/vuln/detail/CVE-2022-42329),[CVE-2022-42432](https://nvd.nist.gov/vuln/detail/CVE-2022-42432),[CVE-2022-4269](https://nvd.nist.gov/vuln/detail/CVE-2022-4269),[CVE-2022-42703](https://nvd.nist.gov/vuln/detail/CVE-2022-42703),[CVE-2022-42719](https://nvd.nist.gov/vuln/detail/CVE-2022-42719),[CVE-2022-42720](https://nvd.nist.gov/vuln/detail/CVE-2022-42720),[CVE-2022-42721](https://nvd.nist.gov/vuln/detail/CVE-2022-42721),[CVE-2022-42722](https://nvd.nist.gov/vuln/detail/CVE-2022-42722),[CVE-2022-42895](https://nvd.nist.gov/vuln/detail/CVE-2022-42895),[CVE-2022-42896](https://nvd.nist.gov/vuln/detail/CVE-2022-42896),[CVE-2022-43750](https://nvd.nist.gov/vuln/detail/CVE-2022-43750),[CVE-2022-4378](https://nvd.nist.gov/vuln/detail/CVE-2022-4378),[CVE-2022-4379](https://nvd.nist.gov/vuln/detail/CVE-2022-4379),[CVE-2022-4382](https://nvd.nist.gov/vuln/detail/CVE-2022-4382),[CVE-2022-43945](https://nvd.nist.gov/vuln/detail/CVE-2022-43945),[CVE-2022-45869](https://nvd.nist.gov/vuln/detail/CVE-2022-45869),[CVE-2022-45886](https://nvd.nist.gov/vuln/detail/CVE-2022-45886),[CVE-2022-45887](https://nvd.nist.gov/vuln/detail/CVE-2022-45887),[CVE-2022-45919](https://nvd.nist.gov/vuln/detail/CVE-2022-45919),[CVE-2022-45934](https://nvd.nist.gov/vuln/detail/CVE-2022-45934),[CVE-2022-4662](https://nvd.nist.gov/vuln/detail/CVE-2022-4662),[CVE-2022-47518](https://nvd.nist.gov/vuln/detail/CVE-2022-47518),[CVE-2022-47519](https://nvd.nist.gov/vuln/detail/CVE-2022-47519),[CVE-2022-47520](https://nvd.nist.gov/vuln/detail/CVE-2022-47520),[CVE-2022-47521](https://nvd.nist.gov/vuln/detail/CVE-2022-47521),[CVE-2022-47929](https://nvd.nist.gov/vuln/detail/CVE-2022-47929),[CVE-2022-47938](https://nvd.nist.gov/vuln/detail/CVE-2022-47938),[CVE-2022-47939](https://nvd.nist.gov/vuln/detail/CVE-2022-47939),[CVE-2022-47940](https://nvd.nist.gov/vuln/detail/CVE-2022-47940),[CVE-2022-47941](https://nvd.nist.gov/vuln/detail/CVE-2022-47941),[CVE-2022-47942](https://nvd.nist.gov/vuln/detail/CVE-2022-47942),[CVE-2022-47943](https://nvd.nist.gov/vuln/detail/CVE-2022-47943),[CVE-2022-4842](https://nvd.nist.gov/vuln/detail/CVE-2022-4842),[CVE-2022-48423](https://nvd.nist.gov/vuln/detail/CVE-2022-48423),[CVE-2022-48424](https://nvd.nist.gov/vuln/detail/CVE-2022-48424),[CVE-2022-48425](https://nvd.nist.gov/vuln/detail/CVE-2022-48425),[CVE-2022-48502](https://nvd.nist.gov/vuln/detail/CVE-2022-48502),[CVE-2023-0045](https://nvd.nist.gov/vuln/detail/CVE-2023-0045),[CVE-2023-0160](https://nvd.nist.gov/vuln/detail/CVE-2023-0160),[CVE-2023-0179](https://nvd.nist.gov/vuln/detail/CVE-2023-0179),[CVE-2023-0210](https://nvd.nist.gov/vuln/detail/CVE-2023-0210),[CVE-2023-0266](https://nvd.nist.gov/vuln/detail/CVE-2023-0266),[CVE-2023-0386](https://nvd.nist.gov/vuln/detail/CVE-2023-0386),[CVE-2023-0394](https://nvd.nist.gov/vuln/detail/CVE-2023-0394),[CVE-2023-0458](https://nvd.nist.gov/vuln/detail/CVE-2023-0458),[CVE-2023-0459](https://nvd.nist.gov/vuln/detail/CVE-2023-0459),[CVE-2023-0461](https://nvd.nist.gov/vuln/detail/CVE-2023-0461),[CVE-2023-0468](https://nvd.nist.gov/vuln/detail/CVE-2023-0468),[CVE-2023-0469](https://nvd.nist.gov/vuln/detail/CVE-2023-0469),[CVE-2023-0590](https://nvd.nist.gov/vuln/detail/CVE-2023-0590),[CVE-2023-0615](https://nvd.nist.gov/vuln/detail/CVE-2023-0615),[CVE-2023-1032](https://nvd.nist.gov/vuln/detail/CVE-2023-1032),[CVE-2023-1073](https://nvd.nist.gov/vuln/detail/CVE-2023-1073),[CVE-2023-1074](https://nvd.nist.gov/vuln/detail/CVE-2023-1074),[CVE-2023-1075](https://nvd.nist.gov/vuln/detail/CVE-2023-1075),[CVE-2023-1076](https://nvd.nist.gov/vuln/detail/CVE-2023-1076),[CVE-2023-1077](https://nvd.nist.gov/vuln/detail/CVE-2023-1077),[CVE-2023-1078](https://nvd.nist.gov/vuln/detail/CVE-2023-1078),[CVE-2023-1079](https://nvd.nist.gov/vuln/detail/CVE-2023-1079),[CVE-2023-1095](https://nvd.nist.gov/vuln/detail/CVE-2023-1095),[CVE-2023-1118](https://nvd.nist.gov/vuln/detail/CVE-2023-1118),[CVE-2023-1192](https://nvd.nist.gov/vuln/detail/CVE-2023-1192),[CVE-2023-1194](https://nvd.nist.gov/vuln/detail/CVE-2023-1194),[CVE-2023-1206](https://nvd.nist.gov/vuln/detail/CVE-2023-1206),[CVE-2023-1249](https://nvd.nist.gov/vuln/detail/CVE-2023-1249),[CVE-2023-1281](https://nvd.nist.gov/vuln/detail/CVE-2023-1281),[CVE-2023-1380](https://nvd.nist.gov/vuln/detail/CVE-2023-1380),[CVE-2023-1382](https://nvd.nist.gov/vuln/detail/CVE-2023-1382),[CVE-2023-1513](https://nvd.nist.gov/vuln/detail/CVE-2023-1513),[CVE-2023-1582](https://nvd.nist.gov/vuln/detail/CVE-2023-1582),[CVE-2023-1583](https://nvd.nist.gov/vuln/detail/CVE-2023-1583),[CVE-2023-1611](https://nvd.nist.gov/vuln/detail/CVE-2023-1611),[CVE-2023-1637](https://nvd.nist.gov/vuln/detail/CVE-2023-1637),[CVE-2023-1652](https://nvd.nist.gov/vuln/detail/CVE-2023-1652),[CVE-2023-1670](https://nvd.nist.gov/vuln/detail/CVE-2023-1670),[CVE-2023-1829](https://nvd.nist.gov/vuln/detail/CVE-2023-1829),[CVE-2023-1838](https://nvd.nist.gov/vuln/detail/CVE-2023-1838),[CVE-2023-1855](https://nvd.nist.gov/vuln/detail/CVE-2023-1855),[CVE-2023-1859](https://nvd.nist.gov/vuln/detail/CVE-2023-1859),[CVE-2023-1872](https://nvd.nist.gov/vuln/detail/CVE-2023-1872),[CVE-2023-1989](https://nvd.nist.gov/vuln/detail/CVE-2023-1989),[CVE-2023-1990](https://nvd.nist.gov/vuln/detail/CVE-2023-1990),[CVE-2023-1998](https://nvd.nist.gov/vuln/detail/CVE-2023-1998),[CVE-2023-2002](https://nvd.nist.gov/vuln/detail/CVE-2023-2002),[CVE-2023-2006](https://nvd.nist.gov/vuln/detail/CVE-2023-2006),[CVE-2023-2008](https://nvd.nist.gov/vuln/detail/CVE-2023-2008),[CVE-2023-2019](https://nvd.nist.gov/vuln/detail/CVE-2023-2019),[CVE-2023-20569](https://nvd.nist.gov/vuln/detail/CVE-2023-20569),[CVE-2023-20588](https://nvd.nist.gov/vuln/detail/CVE-2023-20588),[CVE-2023-20593](https://nvd.nist.gov/vuln/detail/CVE-2023-20593),[CVE-2023-20928](https://nvd.nist.gov/vuln/detail/CVE-2023-20928),[CVE-2023-20938](https://nvd.nist.gov/vuln/detail/CVE-2023-20938),[CVE-2023-21102](https://nvd.nist.gov/vuln/detail/CVE-2023-21102),[CVE-2023-21106](https://nvd.nist.gov/vuln/detail/CVE-2023-21106),[CVE-2023-2124](https://nvd.nist.gov/vuln/detail/CVE-2023-2124),[CVE-2023-21255](https://nvd.nist.gov/vuln/detail/CVE-2023-21255),[CVE-2023-2156](https://nvd.nist.gov/vuln/detail/CVE-2023-2156),[CVE-2023-2162](https://nvd.nist.gov/vuln/detail/CVE-2023-2162),[CVE-2023-2163](https://nvd.nist.gov/vuln/detail/CVE-2023-2163),[CVE-2023-2166](https://nvd.nist.gov/vuln/detail/CVE-2023-2166),[CVE-2023-2177](https://nvd.nist.gov/vuln/detail/CVE-2023-2177),[CVE-2023-2194](https://nvd.nist.gov/vuln/detail/CVE-2023-2194),[CVE-2023-2235](https://nvd.nist.gov/vuln/detail/CVE-2023-2235),[CVE-2023-2236](https://nvd.nist.gov/vuln/detail/CVE-2023-2236),[CVE-2023-2269](https://nvd.nist.gov/vuln/detail/CVE-2023-2269),[CVE-2023-22996](https://nvd.nist.gov/vuln/detail/CVE-2023-22996),[CVE-2023-22997](https://nvd.nist.gov/vuln/detail/CVE-2023-22997),[CVE-2023-22998](https://nvd.nist.gov/vuln/detail/CVE-2023-22998),[CVE-2023-22999](https://nvd.nist.gov/vuln/detail/CVE-2023-22999),[CVE-2023-23001](https://nvd.nist.gov/vuln/detail/CVE-2023-23001),[CVE-2023-23002](https://nvd.nist.gov/vuln/detail/CVE-2023-23002),[CVE-2023-23454](https://nvd.nist.gov/vuln/detail/CVE-2023-23454),[CVE-2023-23455](https://nvd.nist.gov/vuln/detail/CVE-2023-23455),[CVE-2023-23559](https://nvd.nist.gov/vuln/detail/CVE-2023-23559),[CVE-2023-2430](https://nvd.nist.gov/vuln/detail/CVE-2023-2430),[CVE-2023-25012](https://nvd.nist.gov/vuln/detail/CVE-2023-25012),[CVE-2023-2513](https://nvd.nist.gov/vuln/detail/CVE-2023-2513),[CVE-2023-25775](https://nvd.nist.gov/vuln/detail/CVE-2023-25775),[CVE-2023-26544](https://nvd.nist.gov/vuln/detail/CVE-2023-26544),[CVE-2023-26545](https://nvd.nist.gov/vuln/detail/CVE-2023-26545),[CVE-2023-26606](https://nvd.nist.gov/vuln/detail/CVE-2023-26606),[CVE-2023-26607](https://nvd.nist.gov/vuln/detail/CVE-2023-26607),[CVE-2023-28327](https://nvd.nist.gov/vuln/detail/CVE-2023-28327),[CVE-2023-28328](https://nvd.nist.gov/vuln/detail/CVE-2023-28328),[CVE-2023-28410](https://nvd.nist.gov/vuln/detail/CVE-2023-28410),[CVE-2023-28466](https://nvd.nist.gov/vuln/detail/CVE-2023-28466),[CVE-2023-28866](https://nvd.nist.gov/vuln/detail/CVE-2023-28866),[CVE-2023-2898](https://nvd.nist.gov/vuln/detail/CVE-2023-2898),[CVE-2023-2985](https://nvd.nist.gov/vuln/detail/CVE-2023-2985),[CVE-2023-3006](https://nvd.nist.gov/vuln/detail/CVE-2023-3006),[CVE-2023-30456](https://nvd.nist.gov/vuln/detail/CVE-2023-30456),[CVE-2023-30772](https://nvd.nist.gov/vuln/detail/CVE-2023-30772),[CVE-2023-3090](https://nvd.nist.gov/vuln/detail/CVE-2023-3090),[CVE-2023-3111](https://nvd.nist.gov/vuln/detail/CVE-2023-3111),[CVE-2023-31248](https://nvd.nist.gov/vuln/detail/CVE-2023-31248),[CVE-2023-3141](https://nvd.nist.gov/vuln/detail/CVE-2023-3141),[CVE-2023-31436](https://nvd.nist.gov/vuln/detail/CVE-2023-31436),[CVE-2023-3159](https://nvd.nist.gov/vuln/detail/CVE-2023-3159),[CVE-2023-3161](https://nvd.nist.gov/vuln/detail/CVE-2023-3161),[CVE-2023-3212](https://nvd.nist.gov/vuln/detail/CVE-2023-3212),[CVE-2023-3220](https://nvd.nist.gov/vuln/detail/CVE-2023-3220),[CVE-2023-32233](https://nvd.nist.gov/vuln/detail/CVE-2023-32233),[CVE-2023-32247](https://nvd.nist.gov/vuln/detail/CVE-2023-32247),[CVE-2023-32248](https://nvd.nist.gov/vuln/detail/CVE-2023-32248),[CVE-2023-32250](https://nvd.nist.gov/vuln/detail/CVE-2023-32250),[CVE-2023-32252](https://nvd.nist.gov/vuln/detail/CVE-2023-32252),[CVE-2023-32254](https://nvd.nist.gov/vuln/detail/CVE-2023-32254),[CVE-2023-32257](https://nvd.nist.gov/vuln/detail/CVE-2023-32257),[CVE-2023-32258](https://nvd.nist.gov/vuln/detail/CVE-2023-32258),[CVE-2023-32269](https://nvd.nist.gov/vuln/detail/CVE-2023-32269),[CVE-2023-3268](https://nvd.nist.gov/vuln/detail/CVE-2023-3268),[CVE-2023-3269](https://nvd.nist.gov/vuln/detail/CVE-2023-3269),[CVE-2023-33203](https://nvd.nist.gov/vuln/detail/CVE-2023-33203),[CVE-2023-33288](https://nvd.nist.gov/vuln/detail/CVE-2023-33288),[CVE-2023-3355](https://nvd.nist.gov/vuln/detail/CVE-2023-3355),[CVE-2023-3357](https://nvd.nist.gov/vuln/detail/CVE-2023-3357),[CVE-2023-3358](https://nvd.nist.gov/vuln/detail/CVE-2023-3358),[CVE-2023-3359](https://nvd.nist.gov/vuln/detail/CVE-2023-3359),[CVE-2023-3390](https://nvd.nist.gov/vuln/detail/CVE-2023-3390),[CVE-2023-33951](https://nvd.nist.gov/vuln/detail/CVE-2023-33951),[CVE-2023-33952](https://nvd.nist.gov/vuln/detail/CVE-2023-33952),[CVE-2023-34319](https://nvd.nist.gov/vuln/detail/CVE-2023-34319),[CVE-2023-3439](https://nvd.nist.gov/vuln/detail/CVE-2023-3439),[CVE-2023-35001](https://nvd.nist.gov/vuln/detail/CVE-2023-35001),[CVE-2023-3567](https://nvd.nist.gov/vuln/detail/CVE-2023-3567),[CVE-2023-35788](https://nvd.nist.gov/vuln/detail/CVE-2023-35788),[CVE-2023-35823](https://nvd.nist.gov/vuln/detail/CVE-2023-35823),[CVE-2023-35824](https://nvd.nist.gov/vuln/detail/CVE-2023-35824),[CVE-2023-35826](https://nvd.nist.gov/vuln/detail/CVE-2023-35826),[CVE-2023-35828](https://nvd.nist.gov/vuln/detail/CVE-2023-35828),[CVE-2023-35829](https://nvd.nist.gov/vuln/detail/CVE-2023-35829),[CVE-2023-3609](https://nvd.nist.gov/vuln/detail/CVE-2023-3609),[CVE-2023-3610](https://nvd.nist.gov/vuln/detail/CVE-2023-3610),[CVE-2023-3611](https://nvd.nist.gov/vuln/detail/CVE-2023-3611),[CVE-2023-3772](https://nvd.nist.gov/vuln/detail/CVE-2023-3772),[CVE-2023-3773](https://nvd.nist.gov/vuln/detail/CVE-2023-3773),[CVE-2023-3776](https://nvd.nist.gov/vuln/detail/CVE-2023-3776),[CVE-2023-3777](https://nvd.nist.gov/vuln/detail/CVE-2023-3777),[CVE-2023-3812](https://nvd.nist.gov/vuln/detail/CVE-2023-3812),[CVE-2023-38409](https://nvd.nist.gov/vuln/detail/CVE-2023-38409),[CVE-2023-38426](https://nvd.nist.gov/vuln/detail/CVE-2023-38426),[CVE-2023-38427](https://nvd.nist.gov/vuln/detail/CVE-2023-38427),[CVE-2023-38428](https://nvd.nist.gov/vuln/detail/CVE-2023-38428),[CVE-2023-38429](https://nvd.nist.gov/vuln/detail/CVE-2023-38429),[CVE-2023-38430](https://nvd.nist.gov/vuln/detail/CVE-2023-38430),[CVE-2023-38431](https://nvd.nist.gov/vuln/detail/CVE-2023-38431),[CVE-2023-38432](https://nvd.nist.gov/vuln/detail/CVE-2023-38432),[CVE-2023-3863](https://nvd.nist.gov/vuln/detail/CVE-2023-3863),[CVE-2023-3865](https://nvd.nist.gov/vuln/detail/CVE-2023-3865),[CVE-2023-3866](https://nvd.nist.gov/vuln/detail/CVE-2023-3866),[CVE-2023-3867](https://nvd.nist.gov/vuln/detail/CVE-2023-3867),[CVE-2023-4004](https://nvd.nist.gov/vuln/detail/CVE-2023-4004),[CVE-2023-4015](https://nvd.nist.gov/vuln/detail/CVE-2023-4015),[CVE-2023-40283](https://nvd.nist.gov/vuln/detail/CVE-2023-40283),[CVE-2023-4128](https://nvd.nist.gov/vuln/detail/CVE-2023-4128),[CVE-2023-4132](https://nvd.nist.gov/vuln/detail/CVE-2023-4132),[CVE-2023-4147](https://nvd.nist.gov/vuln/detail/CVE-2023-4147),[CVE-2023-4155](https://nvd.nist.gov/vuln/detail/CVE-2023-4155),[CVE-2023-4206](https://nvd.nist.gov/vuln/detail/CVE-2023-4206),[CVE-2023-4207](https://nvd.nist.gov/vuln/detail/CVE-2023-4207),[CVE-2023-4208](https://nvd.nist.gov/vuln/detail/CVE-2023-4208),[CVE-2023-4273](https://nvd.nist.gov/vuln/detail/CVE-2023-4273),[CVE-2023-42752](https://nvd.nist.gov/vuln/detail/CVE-2023-42752),[CVE-2023-42753](https://nvd.nist.gov/vuln/detail/CVE-2023-42753),[CVE-2023-42755](https://nvd.nist.gov/vuln/detail/CVE-2023-42755),[CVE-2023-4385](https://nvd.nist.gov/vuln/detail/CVE-2023-4385),[CVE-2023-4387](https://nvd.nist.gov/vuln/detail/CVE-2023-4387),[CVE-2023-4389](https://nvd.nist.gov/vuln/detail/CVE-2023-4389),[CVE-2023-4394](https://nvd.nist.gov/vuln/detail/CVE-2023-4394),[CVE-2023-4459](https://nvd.nist.gov/vuln/detail/CVE-2023-4459),[CVE-2023-4569](https://nvd.nist.gov/vuln/detail/CVE-2023-4569),[CVE-2023-4623](https://nvd.nist.gov/vuln/detail/CVE-2023-4623),[CVE-2023-4921](https://nvd.nist.gov/vuln/detail/CVE-2023-4921), [CVE-2022-40982](https://nvd.nist.gov/vuln/detail/CVE-2022-40982), [CVE-2022-41804](https://nvd.nist.gov/vuln/detail/CVE-2022-41804), [CVE-2023-20569](https://nvd.nist.gov/vuln/detail/CVE-2023-20569), [CVE-2023-23908](https://nvd.nist.gov/vuln/detail/CVE-2023-23908))<br> - Go ([CVE-2023-29402](https://nvd.nist.gov/vuln/detail/CVE-2023-29402), [CVE-2023-29403](https://nvd.nist.gov/vuln/detail/CVE-2023-29403), [CVE-2023-29404](https://nvd.nist.gov/vuln/detail/CVE-2023-29404), [CVE-2023-29405](https://nvd.nist.gov/vuln/detail/CVE-2023-29405), [CVE-2023-29406](https://nvd.nist.gov/vuln/detail/CVE-2023-29406),[CVE-2023-29409](https://nvd.nist.gov/vuln/detail/CVE-2023-29409),[CVE-2023-39318](https://nvd.nist.gov/vuln/detail/CVE-2023-39318), [CVE-2023-39319](https://nvd.nist.gov/vuln/detail/CVE-2023-39319), [CVE-2023-39320](https://nvd.nist.gov/vuln/detail/CVE-2023-39320), [CVE-2023-39321](https://nvd.nist.gov/vuln/detail/CVE-2023-39321), [CVE-2023-39322](https://nvd.nist.gov/vuln/detail/CVE-2023-39322))<br> - binutils ([CVE-2022-38533](https://nvd.nist.gov/vuln/detail/CVE-2022-38533), [CVE-2022-4285](https://nvd.nist.gov/vuln/detail/CVE-2022-4285), [CVE-2023-1579](https://nvd.nist.gov/vuln/detail/CVE-2023-1579))<br> - c-ares ([CVE-2023-31124](https://nvd.nist.gov/vuln/detail/CVE-2023-31124), [CVE-2023-31130](https://nvd.nist.gov/vuln/detail/CVE-2023-31130), [CVE-2023-31147](https://nvd.nist.gov/vuln/detail/CVE-2023-31147), [CVE-2023-32067](https://nvd.nist.gov/vuln/detail/CVE-2023-32067))<br> - curl ([CVE-2023-28319](https://nvd.nist.gov/vuln/detail/CVE-2023-28319), [CVE-2023-28320](https://nvd.nist.gov/vuln/detail/CVE-2023-28320), [CVE-2023-28321](https://nvd.nist.gov/vuln/detail/CVE-2023-28321), [CVE-2023-28322](https://nvd.nist.gov/vuln/detail/CVE-2023-28322))<br> - git ([CVE-2023-25652](https://nvd.nist.gov/vuln/detail/CVE-2023-25652), [CVE-2023-25815](https://nvd.nist.gov/vuln/detail/CVE-2023-25815), [CVE-2023-29007](https://nvd.nist.gov/vuln/detail/CVE-2023-29007))<br> - grub ([CVE-2020-10713](https://nvd.nist.gov/vuln/detail/CVE-2020-10713), [CVE-2020-14372](https://nvd.nist.gov/vuln/detail/CVE-2020-14372), [CVE-2020-25632](https://nvd.nist.gov/vuln/detail/CVE-2020-25632), [CVE-2020-25647](https://nvd.nist.gov/vuln/detail/CVE-2020-25647), [CVE-2020-27749](https://nvd.nist.gov/vuln/detail/CVE-2020-27749), [CVE-2020-27779](https://nvd.nist.gov/vuln/detail/CVE-2020-27779), [CVE-2021-20225](https://nvd.nist.gov/vuln/detail/CVE-2021-20225), [CVE-2021-20233](https://nvd.nist.gov/vuln/detail/CVE-2021-20233), [CVE-2021-3981](https://nvd.nist.gov/vuln/detail/CVE-2021-3981), [CVE-2021-3695](https://nvd.nist.gov/vuln/detail/CVE-2021-3695), [CVE-2021-3696](https://nvd.nist.gov/vuln/detail/CVE-2021-3696), [CVE-2021-3697](https://nvd.nist.gov/vuln/detail/CVE-2021-3697), [CVE-2022-28733](https://nvd.nist.gov/vuln/detail/CVE-2022-28733), [CVE-2022-28734](https://nvd.nist.gov/vuln/detail/CVE-2022-28734), [CVE-2022-28735](https://nvd.nist.gov/vuln/detail/CVE-2022-28735), [CVE-2022-28736](https://nvd.nist.gov/vuln/detail/CVE-2022-28736), [CVE-2022-28737](https://nvd.nist.gov/vuln/detail/CVE-2022-28737), [CVE-2022-2601](https://nvd.nist.gov/vuln/detail/CVE-2022-2601), [CVE-2022-3775](https://nvd.nist.gov/vuln/detail/CVE-2022-3775))<br> - intel-microcode ([CVE-2022-40982](https://nvd.nist.gov/vuln/detail/CVE-2022-40982), [CVE-2022-41804](https://nvd.nist.gov/vuln/detail/CVE-2022-41804), [CVE-2023-23908](https://nvd.nist.gov/vuln/detail/CVE-2023-23908))<br> - libarchive ([libarchive-20230729](https://github.com/libarchive/libarchive/releases/tag/v3.7.1))<br> - libcap ([CVE-2023-2602](https://nvd.nist.gov/vuln/detail/CVE-2023-2602), [CVE-2023-2603](https://nvd.nist.gov/vuln/detail/CVE-2023-2603))<br> - libmicrohttpd ([CVE-2023-27371](https://nvd.nist.gov/vuln/detail/CVE-2023-27371))<br> - libxml2 ([libxml2-20230428](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.4))<br> - ncurses ([CVE-2023-29491](https://nvd.nist.gov/vuln/detail/CVE-2023-29491))<br> - nvidia-drivers ([CVE-2023-25515](https://nvd.nist.gov/vuln/detail/CVE-2023-25515), [CVE-2023-25516](https://nvd.nist.gov/vuln/detail/CVE-2023-25516))<br> - openldap ([CVE-2023-2953](https://nvd.nist.gov/vuln/detail/CVE-2023-2953))<br> - OpenSSL ([CVE-2023-2650](https://nvd.nist.gov/vuln/detail/CVE-2023-2650), [CVE-2023-2975](https://nvd.nist.gov/vuln/detail/CVE-2023-2975), [CVE-2023-3446](https://nvd.nist.gov/vuln/detail/CVE-2023-3446))<br> - protobuf ([CVE-2022-1941](https://nvd.nist.gov/vuln/detail/CVE-2022-1941))<br> - shadow ([CVE-2023-29383](https://nvd.nist.gov/vuln/detail/CVE-2023-29383))<br> - sudo ([CVE-2023-27320](https://nvd.nist.gov/vuln/detail/CVE-2023-27320), [CVE-2023-28486](https://nvd.nist.gov/vuln/detail/CVE-2023-28486), [CVE-2023-28487](https://nvd.nist.gov/vuln/detail/CVE-2023-28487))<br> - torcx ([CVE-2022-28948](https://nvd.nist.gov/vuln/detail/CVE-2022-28948))<br> - vim ([CVE-2023-2609](https://nvd.nist.gov/vuln/detail/CVE-2023-2609), [CVE-2023-2610](https://nvd.nist.gov/vuln/detail/CVE-2023-2610), [CVE-2023-2426](https://nvd.nist.gov/vuln/detail/CVE-2023-2426))<br> - SDK: Python ([CVE-2023-40217](https://nvd.nist.gov/vuln/detail/CVE-2023-40217), [CVE-2023-41105](https://nvd.nist.gov/vuln/detail/CVE-2023-41105))<br> - SDK: qemu ([CVE-2023-0330](https://nvd.nist.gov/vuln/detail/CVE-2023-0330), [CVE-2023-2861](https://nvd.nist.gov/vuln/detail/CVE-2023-2861))<br> - SDK: Rust ([CVE-2023-38497](https://nvd.nist.gov/vuln/detail/CVE-2023-38497))<br> - VMware: open-vm-tools ([CVE-2023-20867](https://nvd.nist.gov/vuln/detail/CVE-2023-20867), [CVE-2023-20900](https://nvd.nist.gov/vuln/detail/CVE-2023-20900))<br> <br> #### Bug fixes:<br> <br> - Fix the RemainAfterExit clause in nvidia.service ([Flatcar#1169](https://github.com/flatcar/Flatcar/issues/1169))<br> - Fixed bug in handling renamed network interfaces when generating login issue ([init#102](https://github.com/flatcar/init/pull/102))<br> - Triggered re-reading of partition table to fix adding partitions to the boot disk ([scripts#1202](https://github.com/flatcar/scripts/pull/1202))<br> <br> #### Changes:<br> <br> - :warning: Dropped support for niftycloud and interoute. For interoute we haven't been generating the images for some time already. ([scripts#971](https://github.com/flatcar/scripts/pull/971)) :warning:<br> - Added TLS Kernel module ([scripts#865](https://github.com/flatcar/scripts/pull/865))<br> - Added support for multipart MIME userdata in coreos-cloudinit. Ignition now detects multipart userdata and delegates execution to coreos-cloudinit. ([scripts#873](https://github.com/flatcar/scripts/pull/873))<br> - Azure and QEMU OEM images now use systemd-sysext images for layering additional platform-specific software on top of `/usr`. For Azure images this also means that the image has a normal Python installation available through the sysext image. The OEM software is still not updated but this will be added soon.<br> - Change nvidia.service to type oneshot (from the default "simple") so the subsequent services (configured with "Requires/After") are executed after the driver installation is successfully finished ([flatcar/Flatcar#1136](https://github.com/flatcar/Flatcar/issues/1136))<br> - Enabled the virtio GPU driver ([scripts#830](https://github.com/flatcar/scripts/pull/830))<br> - Migrate to Type=notify in containerd.service. Changed the unit to Type=notify, utilizing the existing containerd support for sd_notify call after socket setup.<br> - Migrated the NVIDIA installer from the Azure/AWS OEM partition to `/usr` to make it available on all platforms ([scripts#932](https://github.com/flatcar/scripts/pull/932/), [Flatcar#1077](https://github.com/flatcar/Flatcar/issues/1077))<br> - Moved a mountpoint of the OEM partition from `/usr/share/oem` to `/oem`. `/usr/share/oem` became a symlink to `/oem` for backward compatibility. Despite the move, the initrd images providing files through `/usr/share/oem` should keep using `/usr/share/oem`. The move was done to enable activating the OEM sysext images that are placed in the OEM partition.<br> - OEM vendor tools are now A/B updated if they are shipped as systemd-sysext images, the migration happens when both partitions require a systemd-sysext OEM image - note that this will delete the `nvidia.service` from `/etc` on Azure because it's now part of `/usr` ([Flatcar#60](https://github.com/flatcar/Flatcar/issues/60))<br> - Updated locksmith to use non-deprecated resource control options in the systemd unit ([Locksmith#20](https://github.com/flatcar/locksmith/pull/20))<br> - Use qcow2 compressed format instead of additional compression layer in Qemu images ([Flatcar#1135](https://github.com/flatcar/Flatcar/issues/1135), [scripts#1132](https://github.com/flatcar/scripts/pull/1132))<br> <br> #### Updates:<br> <br> - Linux ([6.1.55](https://lwn.net/Articles/945379) (includes [6.1.54](https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tag/?h=v6.1.54), [6.1.53](https://lwn.net/Articles/944358),[6.1.52](https://lwn.net/Articles/943754), [6.1.51](https://lwn.net/Articles/943403), [6.1.50](https://lwn.net/Articles/943112), [6.1.49](https://lwn.net/Articles/942880), [6.1.48](https://lwn.net/Articles/942865), [6.1.47](https://lwn.net/Articles/942531), [6.1.46](https://lwn.net/Articles/941774), [6.1.45](https://lwn.net/Articles/941273), [6.1.44](https://lwn.net/Articles/940800), [6.1.43](https://lwn.net/Articles/940338), [6.1.42](https://lwn.net/Articles/939423), [6.1.41](https://lwn.net/Articles/939103), [6.1.40](https://lwn.net/Articles/939015), [6.1.39](https://lwn.net/Articles/938619), [6.1.38](https://lwn.net/Articles/937403), [6.1.37](https://lwn.net/Articles/937082), [6.1.36](https://lwn.net/Articles/936674), [6.1.35](https://lwn.net/Articles/935588), [6.1.34](https://lwn.net/Articles/934623), [6.1.33](https://lwn.net/Articles/934319), [6.1.32](https://lwn.net/Articles/933908), [6.1.31](https://lwn.net/Articles/933281), [6.1.30](https://lwn.net/Articles/932882), [6.1.29](https://lwn.net/Articles/932133), [6.1.28](https://lwn.net/Articles/931651), [6.1.27](https://lwn.net/Articles/930597/), [6.1](https://kernelnewbies.org/Linux_6.1)))<br> - Linux Firmware ([20230804](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20230804) (includes [20230625](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20230625), [20230515](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20230515)))<br> - Go ([1.20.8](https://go.dev/doc/devel/release#go1.20.8) (includes [1.20.7](https://go.dev/doc/devel/release#go1.20.7), [1.20.6](https://go.dev/doc/devel/release#go1.20.6), [1.20.5](https://go.dev/doc/devel/release#go1.20.5), [1.20.4](https://go.dev/doc/devel/release#go1.20.4), [1.19.13](https://go.dev/doc/devel/release#go1.19.13), [1.19.12](https://go.dev/doc/devel/release#go1.19.12), [1.19.11](https://go.dev/doc/devel/release#go1.19.11), [1.19.10](https://go.dev/doc/devel/release#go1.19.10)))<br> - bind tools ([9.16.41](https://bind9.readthedocs.io/en/v9.16.41/notes.html#notes-for-bind-9-16-41))<br> - binutils ([2.40](https://lists.gnu.org/archive/html/info-gnu/2023-01/msg00003.html))<br> - bpftool ([6.3](https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/log/tools/bpf/bpftool?h=v6.3))<br> - c-ares ([1.19.1](https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1))<br> - cJSON ([1.7.16](https://github.com/DaveGamble/cJSON/releases/tag/v1.7.16))<br> - cifs-utils ([7.0](https://lists.samba.org/archive/samba-technical/2022-August/137528.html))<br> - containerd ([1.7.6](https://github.com/containerd/containerd/releases/tag/v1.7.6) (includes [1.7.5](https://github.com/containerd/containerd/releases/tag/v1.7.5),[1.7.4](https://github.com/containerd/containerd/releases/tag/v1.7.4), [1.7.3](https://github.com/containerd/containerd/releases/tag/v1.7.3), [1.7.2](https://github.com/containerd/containerd/releases/tag/v1.7.2)))<br> - coreutils ([9.3](https://lists.gnu.org/archive/html/info-gnu/2023-04/msg00006.html) (includes [9.1](https://git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?h=v9.1)))<br> - cryptsetup ([2.6.1](https://gitlab.com/cryptsetup/cryptsetup/-/blob/v2.6.1/docs/v2.6.1-ReleaseNotes) (includes [2.6.0](https://gitlab.com/cryptsetup/cryptsetup/-/blob/v2.6.0/docs/v2.6.0-ReleaseNotes) and [2.5.0](https://gitlab.com/cryptsetup/cryptsetup/-/blob/v2.5.0/docs/v2.5.0-ReleaseNotes)))<br> - curl ([8.2.1](https://curl.se/changes.html#8_2_1) (includes [8.2.0](https://curl.se/changes.html#8_2_0), [8.1.2](https://curl.se/changes.html#8_1_2), [8.1.0](https://curl.se/changes.html#8_1_0)))<br> - debianutils ([5.7](https://metadata.ftp-master.debian.org/changelogs//main/d/debianutils/debianutils_5.7-0.4_changelog))<br> - diffutils ([3.10](https://lists.gnu.org/archive/html/info-gnu/2023-05/msg00009.html))<br> - elfutils ([0.189](https://sourceware.org/pipermail/elfutils-devel/2023q1/006023.html))<br> - ethtool ([6.4](https://git.kernel.org/pub/scm/network/ethtool/ethtool.git/tree/NEWS?h=v6.4) (includes [6.3](https://git.kernel.org/pub/scm/network/ethtool/ethtool.git/commit/?id=7bdf78f0d2a9ae1571fe9444e552490130e573fd), [6.2](https://git.kernel.org/pub/scm/network/ethtool/ethtool.git/tree/NEWS?h=v6.2)))<br> - gawk ([5.2.2](https://lists.gnu.org/archive/html/info-gnu/2023-05/msg00008.html))<br> - gdb ([13.2](https://lists.gnu.org/archive/html/info-gnu/2023-05/msg00011.html))<br> - gdbm ([1.23](https://lists.gnu.org/archive/html/info-gnu/2022-02/msg00004.html))<br> - git ([2.41.0](https://lore.kernel.org/git/xmqqleh3a3wm.fsf@gitster.g/) (includes [2.39.3](https://github.com/git/git/blob/v2.39.3/Documentation/RelNotes/2.39.3.txt)))<br> - glib ([2.76.4](https://gitlab.gnome.org/GNOME/glib/-/releases/2.76.4) (includes [2.76.3](https://gitlab.gnome.org/GNOME/glib/-/releases/2.76.3), [2.76.2](https://gitlab.gnome.org/GNOME/glib/-/releases/2.76.2)))<br> - glibc ([2.37](https://sourceware.org/git/?p=glibc.git;a=tag;h=refs/tags/glibc-2.37))<br> - gmp ([6.3.0](https://gmplib.org/gmp6.3))<br> - gptfdisk ([1.0.9](https://sourceforge.net/p/gptfdisk/code/ci/1d46f3723bc25f5598266f7d9a3548af3cee0c77/tree/NEWS))<br> - grep ([3.11](https://lists.gnu.org/archive/html/info-gnu/2023-05/msg00004.html) (includes [3.8](http://savannah.gnu.org/forum/forum.php?forum_id=10227)))<br> - grub ([2.06](https://lists.gnu.org/archive/html/grub-devel/2021-06/msg00022.html))<br> - hwdata ([0.373](https://github.com/vcrhonek/hwdata/commits/v0.373) (includes [0.372](https://github.com/vcrhonek/hwdata/commits/v0.372), [0.371](https://github.com/vcrhonek/hwdata/commits/v0.371), [0.367](https://github.com/vcrhonek/hwdata/releases/tag/v0.367)))<br> - inih ([57](https://github.com/benhoyt/inih/releases/tag/r57) (includes [56](https://github.com/benhoyt/inih/releases/tag/r56)))<br> - intel-microcode ([20230808](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230808) (includes [20230613](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230613), [20230512](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230512)))<br> - iperf ([3.14](https://github.com/esnet/iperf/blob/master/RELNOTES.md#iperf-314-2023-07-07))<br> - iproute2 ([6.4.0](https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/log/?h=v6.4.0) (includes [6.3.0](https://lwn.net/Articles/930473/), [6.2](https://lwn.net/Articles/923952/)))<br> - ipset ([7.17](https://git.netfilter.org/ipset/tree/ChangeLog?id=186f9b57c60bb53aae5f6633eff1e9d5e9095c3e))<br> - kbd ([2.6.1](https://github.com/legionus/kbd/releases/tag/v2.6.1) (includes [2.6.0](https://github.com/legionus/kbd/releases/tag/v2.6.0), [2.5.1](https://github.com/legionus/kbd/releases/tag/v2.5.1)))<br> - kmod ([30](https://lwn.net/Articles/899526/))<br> - ldb ([2.4.4](https://gitlab.com/samba-team/samba/-/commit/b686ef00da46d4a0c0aba0c61b1866cbc9b462b6) (includes [2.4.3](https://gitlab.com/samba-team/samba/-/commit/604f94704f30e90ef960aa2be62a14d2e614a002), [2.4.2](https://gitlab.com/samba-team/samba/-/commit/d93892d2e8ed69758c15ab18bc03bba09e715bc6)))<br> - less ([633](http://www.greenwoodsoftware.com/less/news.633.html) (includes [632](http://www.greenwoodsoftware.com/less/news.632.html)))<br> - libarchive ([3.7.1](https://github.com/libarchive/libarchive/releases/tag/v3.7.1) (includes [3.7.0](https://github.com/libarchive/libarchive/releases/tag/v3.7.0)))<br> - libassuan ([2.5.6](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libassuan.git;a=blob;f=NEWS;h=e52bb5dd36ac93ea227e53e89f82af9ccf38f339;hb=6b50ee6bcdd6aa81bd7cc3fb2379864c3ed479b8))<br> - libbsd ([0.11.7](https://lists.freedesktop.org/archives/libbsd/2022-October/000337.html))<br> - libcap ([2.69](https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.iuvg7sbjg8pe))<br> - libgcrypt ([1.10.1](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=blob;f=NEWS;h=03132c2a115e35783a782c64777cf5f5b1a2825f;hb=ae0e567820c37f9640440b3cff77d7c185aa6742))<br> - libgpg-error ([1.47](https://dev.gnupg.org/T6231) (includes [1.46](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgpg-error.git;a=blob;f=NEWS;h=14b0ba97d6ba2b10b3178f2e4a3e24bfc2355bb3;hb=ea031873aa9642831017937fd33e9009d514ee07)))<br> - libksba ([1.6.4](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=blob;f=NEWS;h=f640523209c1c9ce9855040e53914a79d24d6a67;hb=557999424ebd13e70d6fc17e648a5dd2a06f440b))<br> - libmd ([1.1.0](https://git.hadrons.org/cgit/libmd.git/log/?h=1.1.0))<br> - libmicrohttpd ([0.9.77](https://gitlab.com/libmicrohttpd/libmicrohttpd/-/releases/v0.9.77) (includes [0.9.76](https://lists.gnu.org/archive/html/libmicrohttpd/2023-02/msg00000.html)))<br> - libnftnl ([1.2.6](https://git.netfilter.org/libnftnl/log/?h=libnftnl-1.2.6) (includes [1.2.5](https://git.netfilter.org/libnftnl/log/?h=libnftnl-1.2.5)))<br> - libnvme ([1.5](https://github.com/linux-nvme/libnvme/releases/tag/v1.5))<br> - libpcap ([1.10.4](https://github.com/the-tcpdump-group/libpcap/blob/24832dd2728bd95ed9b9464ef27b47a943c38003/CHANGES#L51))<br> - libpcre (8.45)<br> - libpipeline ([1.5.7](https://gitlab.com/libpipeline/libpipeline/-/tags/1.5.7))<br> - libusb ([1.0.26](https://github.com/libusb/libusb/blob/v1.0.26/ChangeLog))<br> - libuv ([1.46.0](https://github.com/libuv/libuv/releases/tag/v1.46.0) (includes [1.45.0](https://github.com/libuv/libuv/releases/tag/v1.45.0)))<br> - libxml2 ([2.11.4](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.4))<br> - libxslt ([1.1.38](https://gitlab.gnome.org/GNOME/libxslt/-/releases/v1.1.38))<br> - lsof ([4.98.0](https://github.com/lsof-org/lsof/blob/4.98.0/00DIST#L5471))<br> - lua ([5.4.4](https://www.lua.org/manual/5.4/readme.html#changes))<br> - multipath-tools ([0.9.5](https://github.com/opensvc/multipath-tools/commits/0.9.5))<br> - ncurses ([6.4](https://invisible-island.net/ncurses/announce.html#h2-release-notes))<br> - nettle ([3.9.1](https://git.lysator.liu.se/nettle/nettle/-/blob/nettle_3.9.1_release_20230601/ChangeLog))<br> - nmap ([7.94](https://nmap.org/changelog.html#7.94))<br> - nvidia-drivers ([535.104.05](https://docs.nvidia.com/datacenter/tesla/tesla-release-notes-535-104-05/index.html))<br> - nvme-cli ([2.5](https://github.com/linux-nvme/nvme-cli/releases/tag/v2.5) (includes [2.3](https://github.com/linux-nvme/nvme-cli/releases/tag/v2.3)))<br> - open-isns ([0.102](https://github.com/open-iscsi/open-isns/blob/v0.102/ChangeLog))<br> - openldap ([2.6.4](https://git.openldap.org/openldap/openldap/-/blob/OPENLDAP_REL_ENG_2_6_4/CHANGES) (includes [2.6.3](https://lists.openldap.org/hyperkitty/list/openldap-announce@openldap.org/thread/FQJM2JSSSOMLQH7XC7Q5IZJYOGCTV2LK/), [2.6](https://lists.openldap.org/hyperkitty/list/openldap-announce@openldap.org/thread/IHS5V46H6NFNFUERMC6AWMPHTWRVNLFA/), [2.5.14](https://lists.openldap.org/hyperkitty/list/openldap-announce@openldap.org/thread/TZQHR4SIWUA5BZTKDAKSFDOOGDVU4TU7/), [2.5](https://lists.openldap.org/hyperkitty/list/openldap-announce@openldap.org/thread/BH3VDPG6IYYF5L5U6LZGHHKMJY5HFA3L/)))<br> - OpenSSL ([3.0.9](https://github.com/openssl/openssl/blob/openssl-3.0.9/NEWS.md#major-changes-between-openssl-308-and-openssl-309-30-may-2023))<br> - parted ([3.6](https://git.savannah.gnu.org/gitweb/?p=parted.git;a=blob;f=NEWS;h=52bb11697039f70e55120c571750f9ee761a75aa;hb=3b5f327b213d21e9adb9ba933c78dd898fee5b1d))<br> - pax-utils ([1.3.7](https://gitweb.gentoo.org/proj/pax-utils.git/log/?h=v1.3.7))<br> - pciutils ([3.10.0](https://github.com/pciutils/pciutils/blob/v3.10.0/ChangeLog) (includes [3.9.0](https://github.com/pciutils/pciutils/releases/tag/v3.9.0)))<br> - popt ([1.19](https://github.com/rpm-software-management/popt/releases/tag/popt-1.19-release))<br> - protobuf ([21.9](https://github.com/protocolbuffers/protobuf/releases/tag/v21.9))<br> - psmisc ([23.6](https://gitlab.com/psmisc/psmisc/-/blob/v23.6/ChangeLog))<br> - qemu guest agent ([8.0.3](https://wiki.qemu.org/ChangeLog/8.0#Guest_agent) (includes [8.0.0](https://wiki.qemu.org/ChangeLog/8.0#Guest_agent)))<br> - quota ([4.09](https://sourceforge.net/p/linuxquota/code/ci/87d2fd7635e4bca54fa2a00b8d5b073ba9ca521b/tree/Changelog))<br> - runc ([1.1.9](https://github.com/opencontainers/runc/releases/tag/v1.1.9) (includes [1.1.8](https://github.com/opencontainers/runc/releases/tag/v1.1.8)))<br> - sed ([4.9](https://lists.gnu.org/archive/html/info-gnu/2022-11/msg00001.html))<br> - smartmontools ([7.3](https://github.com/smartmontools/smartmontools/releases/tag/RELEASE_7_3))<br> - sqlite ([3.42.0](https://sqlite.org/releaselog/3_42_0.html))<br> - strace ([6.3](https://github.com/strace/strace/releases/tag/v6.3) (includes [6.2](https://github.com/strace/strace/releases/tag/v6.2)))<br> - sudo ([1.9.13p3](https://www.sudo.ws/releases/stable/#1.9.13p3))<br> - talloc ([2.4.0](https://gitlab.com/samba-team/samba/-/commit/5224ed98eeba43f22b5f5f87de5947fbb1c1c7c1) (includes [2.3.4](https://gitlab.com/samba-team/samba/-/commit/0189ccf9fc3d2a77cc83cffe180e307bcdccebb4)))<br> - tar ([1.35](https://lists.gnu.org/archive/html/info-gnu/2023-07/msg00005.html))<br> - tdb ([1.4.8](https://gitlab.com/samba-team/samba/-/commit/eab796a4f9172e602dc262f3c99ead35b35929e7) (includes [1.4.7](https://gitlab.com/samba-team/samba/-/commit/27ceb1c3ad786386e746a5e2968780d791393b9e), [1.4.6](https://gitlab.com/samba-team/samba/-/commit/1c776e54cf33b46b2ed73263f093d596a0cdbb2f)))<br> - tevent ([0.14.1](https://gitlab.com/samba-team/samba/-/commit/d80f28b081e515e32a480daf80b42cf782447a9c) (includes [0.14.0](https://gitlab.com/samba-team/samba/-/commit/3c6d28ebae27dba8e40558ae37ae8138ea0b4bdc), [0.13.0](https://gitlab.com/samba-team/samba/-/commit/63d4db63feda920c8020f8484a8b31065b7f1380), [0.12.1](https://gitlab.com/samba-team/samba/-/commit/53692735c733d01acbd953641f831a1f5e0cf6c5), 0.12.0))<br> - usbutils ([015](https://github.com/gregkh/usbutils/blob/79b796f945ea7d5c2b0e2a74f9b8819cb7948680/NEWS))<br> - userspace-rcu ([0.14.0](https://github.com/urcu/userspace-rcu/blob/v0.13.2/ChangeLog))<br> - util-linux ([2.38.1](https://github.com/util-linux/util-linux/releases/tag/v2.38.1))<br> - vim ([9.0.1678](https://github.com/vim/vim/commits/v9.0.1678) includes ([9.0.1677](https://github.com/vim/vim/commits/v9.0.1677), [9.0.1503](https://github.com/vim/vim/commits/v9.0.1503)))<br> - wget ([1.21.4](https://lists.gnu.org/archive/html/info-gnu/2023-05/msg00003.html))<br> - whois ([5.5.17](https://github.com/rfc1036/whois/commit/bac7108b01cfd54c517444efa1239e10e6edd5a4))<br> - xfsprogs ([6.4.0](https://git.kernel.org/pub/scm/fs/xfs/xfsprogs-dev.git/tree/doc/CHANGES?h=v6.4.0) (includes ([6.3.0](https://git.kernel.org/pub/scm/fs/xfs/xfsprogs-dev.git/tree/doc/CHANGES?h=v6.3.0)))<br> - XZ utils ([5.4.3](https://git.tukaani.org/?p=xz.git;a=blob;f=NEWS;h=2f4d35adca6198671434d2988803cc9316ad1ec8;hb=dbb3a536ed9873ffa0870321f6873e564c6a9da8))<br> - zstandard ([1.5.5](https://github.com/facebook/zstd/releases/tag/v1.5.5))<br> - AWS: amazon-ssm-agent ([3.2.985.0](https://github.com/aws/amazon-ssm-agent/releases/tag/3.2.985.0))<br> - SDK: file ([5.45](https://github.com/file/file/blob/FILE5_45/ChangeLog))<br> - SDK: gnuconfig ([20230731](https://git.savannah.gnu.org/cgit/config.git/log/?id=d4e37b5868ef910e3e52744c34408084bb13051c))<br> - SDK: kexec-tools ([2.0.24](https://github.com/horms/kexec-tools/releases/tag/v2.0.24))<br> - SDK: man-db ([2.11.2](https://gitlab.com/man-db/man-db/-/tags/2.11.2))<br> - SDK: man-pages ([6.03](https://lore.kernel.org/lkml/d56662b2-538c-7252-9052-8afbf325f843@gmail.com/T/))<br> - SDK: pahole ([1.25](https://github.com/acmel/dwarves/blob/master/changes-v1.25))<br> - SDK: perf ([6.3](https://kernelnewbies.org/LinuxChanges#Linux_6.3.Tracing.2C_perf_and_BPF))<br> - SDK: perl ([5.36.1](https://perldoc.perl.org/perl5361delta))<br> - SDK: portage ([3.0.49](https://gitweb.gentoo.org/proj/portage.git/tree/NEWS?h=portage-3.0.49) (includes [3.0.46](https://gitweb.gentoo.org/proj/portage.git/tree/NEWS?h=portage-3.0.46)))<br> - SDK: python ([3.11.5](https://www.python.org/downloads/release/python-3115/) (includes [3.11.3](https://www.python.org/downloads/release/python-3113/), [3.10.12](https://www.python.org/downloads/release/python-31012/), [3.10.11](https://www.python.org/downloads/release/python-31011/)))<br> - SDK: qemu ([8.0.4](https://wiki.qemu.org/ChangeLog/8.0) (includes [8.0.3](https://wiki.qemu.org/ChangeLog/8.0), [7.2.3](https://wiki.qemu.org/ChangeLog/7.2)))<br> - SDK: Rust ([1.72.0](https://github.com/rust-lang/rust/releases/tag/1.72.0) (includes ([1.71.1](https://github.com/rust-lang/rust/releases/tag/1.71.1), [1.71.0](https://github.com/rust-lang/rust/releases/tag/1.71.0), [1.70.0](https://github.com/rust-lang/rust/releases/tag/1.70.0)))<br> - VMware: open-vm-tools ([12.3.0](https://github.com/vmware/open-vm-tools/releases/tag/stable-12.3.0) (includes [12.2.5](https://github.com/vmware/open-vm-tools/releases/tag/stable-12.2.5)))<br>Packages:<br>- containerd 1.7.6<br>- docker 20.10.24<br>- ignition 2.15.0<br>- kernel 6.1.55<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-10-05T10:00:33+00:00 @@ -1414,7 +1430,7 @@ https://github.com/flatcar/scripts/releases/tag/beta-3602.1.6 3602.1.6 - 2023-10-25T10:20:43.713375+00:00 + 2023-11-22T09:59:33.611690+00:00 _Changes since **Beta 3602.1.5**_<br> <br> #### Changes:<br> <br> - Azure: Add support for Microsoft Azure Network Adapter (MANA) NICs on Azure ([scripts#1131](https://github.com/flatcar/scripts/pull/1131))<br> <br> #### Updates:<br> <br> - Linux ([5.15.132](https://lwn.net/Articles/944877) (includes [5.15.131](https://lwn.net/Articles/943755), [5.15.130](https://lwn.net/Articles/943404)))<br> - ca-certificates ([3.93](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_93.html))<br>Packages:<br>- containerd 1.6.21<br>- docker 20.10.24<br>- ignition 2.15.0<br>- kernel 5.15.132<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-09-21T11:36:01+00:00 @@ -1422,7 +1438,7 @@ https://github.com/flatcar/scripts/releases/tag/beta-3602.1.5 3602.1.5 - 2023-10-25T10:20:43.708688+00:00 + 2023-11-22T09:59:33.607005+00:00 _Changes since **Beta 3602.1.4**_<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2022-40982](https://nvd.nist.gov/vuln/detail/CVE-2022-40982), [CVE-2022-41804](https://nvd.nist.gov/vuln/detail/CVE-2022-41804), [CVE-2023-20569](https://nvd.nist.gov/vuln/detail/CVE-2023-20569), [CVE-2023-20588](https://nvd.nist.gov/vuln/detail/CVE-2023-20588), [CVE-2023-40283](https://nvd.nist.gov/vuln/detail/CVE-2023-40283), [CVE-2023-4128](https://nvd.nist.gov/vuln/detail/CVE-2023-4128), [CVE-2023-23908](https://nvd.nist.gov/vuln/detail/CVE-2023-23908))<br> <br> #### Bug fixes:<br> <br> - Fixed the restart of Systemd services when the main process is being killed by a SIGHUP signal ([flatcar#1157](https://github.com/flatcar/Flatcar/issues/1157))<br> <br> #### Updates:<br> <br> - Linux ([5.15.129](https://lwn.net/Articles/943113) (includes [5.15.128](https://lwn.net/Articles/942866), [5.15.127](https://lwn.net/Articles/941775), [5.15.126](https://lwn.net/Articles/941296), [5.15.125](https://lwn.net/Articles/940801)))<br>Packages:<br>- containerd 1.6.21<br>- docker 20.10.24<br>- ignition 2.15.0<br>- kernel 5.15.129<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-09-06T13:18:11+00:00 @@ -1430,7 +1446,7 @@ https://github.com/flatcar/scripts/releases/tag/beta-3602.1.4 3602.1.4 - 2023-10-25T10:20:43.703730+00:00 + 2023-11-22T09:59:33.601986+00:00 _Changes since **Beta 3602.1.3**_<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2022-48502](https://nvd.nist.gov/vuln/detail/CVE-2022-48502), [CVE-2023-20593](https://nvd.nist.gov/vuln/detail/CVE-2023-20593), [CVE-2023-2898](https://nvd.nist.gov/vuln/detail/CVE-2023-2898), [CVE-2023-31248](https://nvd.nist.gov/vuln/detail/CVE-2023-31248), [CVE-2023-35001](https://nvd.nist.gov/vuln/detail/CVE-2023-35001), [CVE-2023-3611](https://nvd.nist.gov/vuln/detail/CVE-2023-3611), [CVE-2023-3776](https://nvd.nist.gov/vuln/detail/CVE-2023-3776), [CVE-2023-38432](https://nvd.nist.gov/vuln/detail/CVE-2023-38432), [CVE-2023-3863](https://nvd.nist.gov/vuln/detail/CVE-2023-3863))<br> - OpenSSH ([CVE-2023-38408](https://nvd.nist.gov/vuln/detail/CVE-2023-38408))<br> - linux-firmware ([CVE-2023-20593](https://nvd.nist.gov/vuln/detail/CVE-2023-20593))<br><br> #### Updates:<br> <br> - Linux ([5.15.124](https://lwn.net/Articles/940339) (includes [5.15.123](https://lwn.net/Articles/939424), [5.15.122](https://lwn.net/Articles/939104), [5.15.121](https://lwn.net/Articles/939016)))<br> - ca-certificates ([3.92](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_92.html))<br> - linux-firmware ([20230625](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20230625))<br><br>Packages:<br>- containerd 1.6.21<br>- docker 20.10.24<br>- ignition 2.15.0<br>- kernel 5.15.124<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-08-09T11:43:20+00:00 @@ -1438,7 +1454,7 @@ https://github.com/flatcar/scripts/releases/tag/beta-3602.1.3 3602.1.3 - 2023-10-25T10:20:43.698680+00:00 + 2023-11-22T09:59:33.596901+00:00 _Changes since **Beta 3602.1.2**_<br><br> #### Updates:<br> <br> - Linux ([5.15.120](https://lwn.net/Articles/937404))<br>Packages:<br>- containerd 1.6.21<br>- docker 20.10.24<br>- ignition 2.15.0<br>- kernel 5.15.120<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-07-18T08:59:31+00:00 @@ -1446,7 +1462,7 @@ https://github.com/flatcar/scripts/releases/tag/beta-3602.1.2 3602.1.2 - 2023-10-25T10:20:43.694314+00:00 + 2023-11-22T09:59:33.592468+00:00 _Changes since **Beta 3602.1.1**_<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2023-3338](https://nvd.nist.gov/vuln/detail/CVE-2023-3338), [CVE-2023-3390](https://nvd.nist.gov/vuln/detail/CVE-2023-3390))<br> <br> #### Bug fixes:<br> <br> - Ensured that the folder `/var/log/sssd` is created if it doesn't exist, required for `sssd.service` ([Flatcar#1096](https://github.com/flatcar/Flatcar/issues/1096))<br> - Worked around a bash regression in `flatcar-install` and added error reporting for disk write failures ([Flatcar#1059](https://github.com/flatcar/Flatcar/issues/1059))<br> <br> #### Changes:<br> <br> - Changed ext4 inode size of root partition to 256 bytes. This improves compatibility with applications and is necessary for 2038 readiness ([Flatcar#1082](https://github.com/flatcar/Flatcar/issues/1082))<br> <br> #### Updates:<br> <br> - Linux ([5.15.119](https://lwn.net/Articles/936675) (includes [5.15.118](https://lwn.net/Articles/935584)))<br> - ca-certificates ([3.91](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_91.html))<br>Packages:<br>- containerd 1.6.21<br>- docker 20.10.24<br>- ignition 2.15.0<br>- kernel 5.15.119<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-07-06T12:15:43+00:00 @@ -1454,7 +1470,7 @@ https://github.com/flatcar/scripts/releases/tag/beta-3602.1.1 3602.1.1 - 2023-10-25T10:20:43.689176+00:00 + 2023-11-22T09:59:33.587348+00:00 _Changes since **Beta 3602.1.0**_<br> <br>#### Bug fixes:<br> <br>- Resolved the conflicting FD usage of libselinux and systemd which caused, e.g., a systemd crash on certain watchdog interaction during shutdown (patch in systemd 252.11)<br> <br>#### Updates:<br> <br>- Linux ([5.15.117](https://lwn.net/Articles/934622) (includes [5.15.116](https://lwn.net/Articles/934320), [5.15.115](https://lwn.net/Articles/933909), [5.15.114](https://lwn.net/Articles/933280)))<br>- ca-certificates ([3.90](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_90.html))<br>- systemd ([252.11](https://github.com/systemd/systemd-stable/releases/tag/v252.11) (from 252.5))<br>Packages:<br>- containerd 1.6.21<br>- docker 20.10.24<br>- ignition 2.15.0<br>- kernel 5.15.117<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-06-21T12:17:56+00:00 @@ -1462,7 +1478,7 @@ https://github.com/flatcar/scripts/releases/tag/beta-3602.1.0 3602.1.0 - 2023-10-25T10:20:43.684365+00:00 + 2023-11-22T09:59:33.582512+00:00 _Changes since **Beta 3572.1.0**_<br> <br>#### Security fixes:<br> <br> - Linux ([CVE-2022-48425](https://nvd.nist.gov/vuln/detail/CVE-2022-48425))<br> - Go ([CVE-2023-24539](https://nvd.nist.gov/vuln/detail/CVE-2023-24539), [CVE-2023-24540](https://nvd.nist.gov/vuln/detail/CVE-2023-24540), [CVE-2023-29400](https://nvd.nist.gov/vuln/detail/CVE-2023-29400))<br> - OpenSSH ([CVE-2023-28531](https://nvd.nist.gov/vuln/detail/CVE-2023-28531))<br> - OpenSSL ([CVE-2023-0464](https://nvd.nist.gov/vuln/detail/CVE-2023-0464), [CVE-2023-0465](https://nvd.nist.gov/vuln/detail/CVE-2023-0465), [CVE-2023-0466](https://nvd.nist.gov/vuln/detail/CVE-2023-0466), [CVE-2023-1255](https://nvd.nist.gov/vuln/detail/CVE-2023-1255))<br> - bash ([CVE-2022-3715](https://nvd.nist.gov/vuln/detail/CVE-2022-3715))<br> - c-ares ([CVE-2022-4904](https://nvd.nist.gov/vuln/detail/CVE-2022-4904))<br> - curl ([CVE-2023-27533](https://nvd.nist.gov/vuln/detail/CVE-2023-27533), [CVE-2023-27534](https://nvd.nist.gov/vuln/detail/CVE-2023-27534), [CVE-2023-27535](https://nvd.nist.gov/vuln/detail/CVE-2023-27535), [CVE-2023-27536](https://nvd.nist.gov/vuln/detail/CVE-2023-27536), [CVE-2023-27537](https://nvd.nist.gov/vuln/detail/CVE-2023-27537), [CVE-2023-27538](https://nvd.nist.gov/vuln/detail/CVE-2023-27538))<br> - libxml2 ([CVE-2023-28484](https://nvd.nist.gov/vuln/detail/CVE-2023-28484), [CVE-2023-29469](https://nvd.nist.gov/vuln/detail/CVE-2023-29469))<br> <br>#### Bug fixes:<br> <br> - Restored the reboot warning and delay for non-SSH console sessions ([locksmith#21](https://github.com/flatcar/locksmith/pull/21))<br> <br>#### Changes:<br> <br> - Changed coreos-cloudinit to now set the short hostname instead of the FQDN when fetched from the metadata service ([coreos-cloudinit#19](https://github.com/flatcar/coreos-cloudinit/pull/19))<br> <br>#### Updates:<br> <br> - Linux ([5.15.113](https://lwn.net/Articles/932883) (includes [5.15.112](https://lwn.net/Articles/932134)))<br> - Go ([1.19.9](https://go.dev/doc/devel/release#go1.19.9))<br> - OpenSSH ([9.3](http://www.openssh.com/releasenotes.html#9.3))<br> - bash ([5.2](https://lists.gnu.org/archive/html/bash-announce/2022-09/msg00000.html))<br> - bpftool ([6.2.1](https://kernelnewbies.org/LinuxChanges#Linux_6.2.Tracing.2C_perf_and_BPF))<br> - c-ares ([1.19.0](https://c-ares.org/changelog.html#1_19_0))<br> - containerd ([1.6.21](https://github.com/containerd/containerd/releases/tag/v1.6.21))<br> - curl ([8.0.1](https://curl.se/changes.html#8_0_1))<br> - e2fsprogs ([1.47.0](https://e2fsprogs.sourceforge.net/e2fsprogs-release.html##1.47.0))<br> - gdb ([13.1.90](https://lwn.net/Articles/923819/))<br> - GLib ([2.74.6](https://gitlab.gnome.org/GNOME/glib/-/tags/2.74.6))<br> - libarchive ([3.6.2](https://github.com/libarchive/libarchive/releases/tag/v3.6.2))<br> - libxml2 ([2.10.4](https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.4))<br> - multipath-tools ([0.9.4](https://github.com/opensvc/multipath-tools/commits/0.9.4))<br> - pinentry ([1.2.1](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=pinentry.git;a=blob;f=NEWS;h=c080b34e57d01a6ccca9d2996d7096c42b1a3f84;hb=8ab1682e80a2b4185ee9ef66cbb44340245966fc))<br> - readline ([8.2](https://lists.gnu.org/archive/html/info-gnu/2022-09/msg00013.html))<br> - runc ([1.1.7](https://github.com/opencontainers/runc/releases/tag/v1.1.7))<br> - sqlite ([3.41.2](https://sqlite.org/releaselog/3_41_2.html))<br> - XZ utils ([5.4.2](https://github.com/tukaani-project/xz/releases/tag/v5.4.2))<br> - SDK: nano ([7.2](https://git.savannah.gnu.org/cgit/nano.git/tree/NEWS?h=v7.2))<br><br>_Changes since **Alpha 3602.0.0**_<br> <br>#### Security fixes:<br> <br> - Linux ([CVE-2022-48425](https://nvd.nist.gov/vuln/detail/CVE-2022-48425))<br> <br>#### Bug fixes:<br> <br> <br>#### Changes:<br> <br> <br>#### Updates:<br> <br> - Linux ([5.15.113](https://lwn.net/Articles/932883) (includes [5.15.112](https://lwn.net/Articles/932134)))<br><br>Packages:<br>- containerd 1.6.21<br>- docker 20.10.24<br>- ignition 2.15.0<br>- kernel 5.15.113<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-06-01T11:51:22+00:00 @@ -1470,7 +1486,7 @@ https://github.com/flatcar/scripts/releases/tag/beta-3572.1.0 3572.1.0 - 2023-10-25T10:20:43.677483+00:00 + 2023-11-22T09:59:33.575593+00:00 _Changes since **Beta 3549.1.1**_<br> <br>#### Security fixes:<br> <br>- Linux ([CVE-2023-1380](https://nvd.nist.gov/vuln/detail/CVE-2023-1380), [CVE-2023-2002](https://nvd.nist.gov/vuln/detail/CVE-2023-2002), [CVE-2023-31436](https://nvd.nist.gov/vuln/detail/CVE-2023-31436))<br>- Docker ([CVE-2023-28840](https://nvd.nist.gov/vuln/detail/CVE-2023-28840), [CVE-2023-28841](https://nvd.nist.gov/vuln/detail/CVE-2023-28841), [CVE-2023-28842](https://nvd.nist.gov/vuln/detail/CVE-2023-28842))<br>- Go ([CVE-2023-24534](https://nvd.nist.gov/vuln/detail/CVE-2023-24534), [CVE-2023-24536](https://nvd.nist.gov/vuln/detail/CVE-2023-24536), [CVE-2023-24537](https://nvd.nist.gov/vuln/detail/CVE-2023-24537), [CVE-2023-24538](https://nvd.nist.gov/vuln/detail/CVE-2023-24538))<br>- runc ([CVE-2023-25809](https://nvd.nist.gov/vuln/detail/CVE-2023-25809), [CVE-2023-27561](https://nvd.nist.gov/vuln/detail/CVE-2023-27561), [CVE-2023-28642](https://nvd.nist.gov/vuln/detail/CVE-2023-28642))<br>- tar ([CVE-2022-48303](https://nvd.nist.gov/vuln/detail/CVE-2022-48303))<br>- vim ([CVE-2023-1127](https://nvd.nist.gov/vuln/detail/CVE-2023-1127), [CVE-2023-1175](https://nvd.nist.gov/vuln/detail/CVE-2023-1175), [CVE-2023-1170](https://nvd.nist.gov/vuln/detail/CVE-2023-1170))<br> <br>#### Bug fixes:<br> <br>- Fixed a miscompilation of getfacl causing it to dump core when executed ([scripts#809](https://github.com/flatcar/scripts/pull/809))<br> <br>#### Changes:<br> <br>- Improved the OS reset tool to offer preview, backup and restore ([init#94](https://github.com/flatcar/init/pull/94))<br> <br>#### Updates:<br> <br>- Linux ([5.15.111](https://lwn.net/Articles/931680) (includes [5.15.110](https://lwn.net/Articles/930600), [5.15.109](https://lwn.net/Articles/930263)))<br>- Linux Firmware ([20230404](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20230404))<br>- ca-certificates ([3.89.1](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_89_1.html))<br>- containerd ([1.6.20](https://github.com/containerd/containerd/releases/tag/v1.6.20))<br>- docker ([20.10.24](https://docs.docker.com/engine/release-notes/20.10/#201024))<br>- go ([1.19.8](https://go.dev/doc/devel/release#go1.19.8))<br>- iperf ([3.13](https://github.com/esnet/iperf/blob/3.13/RELNOTES.md))<br>- runc ([1.1.5](https://github.com/opencontainers/runc/releases/tag/v1.1.5))<br>- vim ([9.0.1403](https://github.com/vim/vim/releases/tag/v9.0.1403))<br>- zstandard ([1.5.4](https://github.com/facebook/zstd/releases/tag/v1.5.4))<br>- SDK: pahole ([1.24](https://github.com/acmel/dwarves/releases/tag/v1.24)) <br>- SDK: rust ([1.68.2](https://github.com/rust-lang/rust/releases/tag/1.68.2))<br> <br>_Changes since **Alpha 3572.0.1**_<br> <br>#### Security fixes:<br> <br>- Linux ([CVE-2023-1380](https://nvd.nist.gov/vuln/detail/CVE-2023-1380), [CVE-2023-2002](https://nvd.nist.gov/vuln/detail/CVE-2023-2002), [CVE-2023-31436](https://nvd.nist.gov/vuln/detail/CVE-2023-31436))<br> <br>#### Bug fixes:<br> <br>- Fixed a miscompilation of getfacl causing it to dump core when executed ([scripts#809](https://github.com/flatcar/scripts/pull/809))<br> <br>#### Updates:<br> <br>- Linux ([5.15.111](https://lwn.net/Articles/931680) (includes [5.15.110](https://lwn.net/Articles/930600), [5.15.109](https://lwn.net/Articles/930263)))<br>- ca-certificates ([3.89.1](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_89_1.html))<br><br>Packages:<br>- containerd 1.6.20<br>- docker 20.10.24<br>- ignition 2.15.0<br>- kernel 5.15.111<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-05-16T10:20:20+00:00 @@ -1478,7 +1494,7 @@ https://github.com/flatcar/scripts/releases/tag/beta-3549.1.1 3549.1.1 - 2023-10-25T10:20:43.670959+00:00 + 2023-11-22T09:59:33.569032+00:00 _Changes since **Beta 3549.1.0**_<br><br>#### Security fixes:<br><br>- nvidia-drivers ([CVE-2022-31607](https://nvd.nist.gov/vuln/detail/CVE-2022-31607), [CVE-2022-31608](https://nvd.nist.gov/vuln/detail/CVE-2022-31608), [CVE-2022-31615](https://nvd.nist.gov/vuln/detail/CVE-2022-31615), [CVE-2022-34665](https://nvd.nist.gov/vuln/detail/CVE-2022-34665), [CVE-2022-34666](https://nvd.nist.gov/vuln/detail/CVE-2022-34666), [CVE-2022-34670](https://nvd.nist.gov/vuln/detail/CVE-2022-34670), [CVE-2022-34673](https://nvd.nist.gov/vuln/detail/CVE-2022-34673), [CVE-2022-34674](https://nvd.nist.gov/vuln/detail/CVE-2022-34674), [CVE-2022-34676](https://nvd.nist.gov/vuln/detail/CVE-2022-34676), [CVE-2022-34677](https://nvd.nist.gov/vuln/detail/CVE-2022-34677), [CVE-2022-34678](https://nvd.nist.gov/vuln/detail/CVE-2022-34678), [CVE-2022-34679](https://nvd.nist.gov/vuln/detail/CVE-2022-34679), [CVE-2022-34680](https://nvd.nist.gov/vuln/detail/CVE-2022-34680), [CVE-2022-34682](https://nvd.nist.gov/vuln/detail/CVE-2022-34682), [CVE-2022-34684](https://nvd.nist.gov/vuln/detail/CVE-2022-34684), [CVE-2022-42254](https://nvd.nist.gov/vuln/detail/CVE-2022-42254), [CVE-2022-42255](https://nvd.nist.gov/vuln/detail/CVE-2022-42255), [CVE-2022-42256](https://nvd.nist.gov/vuln/detail/CVE-2022-42256), [CVE-2022-42257](https://nvd.nist.gov/vuln/detail/CVE-2022-42257), [CVE-2022-42258](https://nvd.nist.gov/vuln/detail/CVE-2022-42258), [CVE-2022-42259](https://nvd.nist.gov/vuln/detail/CVE-2022-42259), [CVE-2022-42260](https://nvd.nist.gov/vuln/detail/CVE-2022-42260), [CVE-2022-42261](https://nvd.nist.gov/vuln/detail/CVE-2022-42261), [CVE-2022-42263](https://nvd.nist.gov/vuln/detail/CVE-2022-42263), [CVE-2022-42264](https://nvd.nist.gov/vuln/detail/CVE-2022-42264), [CVE-2022-42265](https://nvd.nist.gov/vuln/detail/CVE-2022-42265))<br><br>#### Bug fixes:<br>- Fixed systemd journal logs persistency on the first boot ([flatcar#1005](https://github.com/flatcar/Flatcar/issues/1005))<br>- Fixed the broken emerge-gitclone in the dev-container owing to the missing migration action around the unification of the Flatcar core repositories<br><br>#### Changes:<br>- The package upgrade for nvidia-drivers might result in not supporting a few of the older NVIDIA Tesla GPUs. If you are facing issues, set `NVIDIA_DRIVER_VERSION=460.106.00` in `/etc/flatcar/nvidia-metadata`<br><br><br>#### Updates:<br><br>- Linux ([5.15.108](https://lwn.net/Articles/929679/) (includes [5.15.107](https://lwn.net/Articles/929015/)))<br>- nvidia-drivers ([525.105.17](https://docs.nvidia.com/datacenter/tesla/tesla-release-notes-525-105-17/index.html))<br><br>Packages:<br>- containerd 1.6.19<br>- docker 20.10.23<br>- ignition 2.15.0<br>- kernel 5.15.108<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-04-25T13:37:33+00:00 @@ -1486,7 +1502,7 @@ https://github.com/flatcar/scripts/releases/tag/beta-3549.1.0 3549.1.0 - 2023-10-25T10:20:43.665014+00:00 + 2023-11-22T09:59:33.563042+00:00 _Changes since **Beta 3510.1.0**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-4269](https://nvd.nist.gov/vuln/detail/CVE-2022-4269), [CVE-2022-4379](https://nvd.nist.gov/vuln/detail/CVE-2022-4379), [CVE-2023-1076](https://nvd.nist.gov/vuln/detail/CVE-2023-1076), [CVE-2023-1077](https://nvd.nist.gov/vuln/detail/CVE-2023-1077), [CVE-2023-1079](https://nvd.nist.gov/vuln/detail/CVE-2023-1079), [CVE-2023-1118](https://nvd.nist.gov/vuln/detail/CVE-2023-1118), [CVE-2023-1611](https://nvd.nist.gov/vuln/detail/CVE-2023-1611), [CVE-2023-1670](https://nvd.nist.gov/vuln/detail/CVE-2023-1670), [CVE-2023-1829](https://nvd.nist.gov/vuln/detail/CVE-2023-1829), [CVE-2023-1855](https://nvd.nist.gov/vuln/detail/CVE-2023-1855), [CVE-2023-1989](https://nvd.nist.gov/vuln/detail/CVE-2023-1989), [CVE-2023-1990](https://nvd.nist.gov/vuln/detail/CVE-2023-1990), [CVE-2023-23004](https://nvd.nist.gov/vuln/detail/CVE-2023-23004), [CVE-2023-25012](https://nvd.nist.gov/vuln/detail/CVE-2023-25012), [CVE-2023-28466](https://nvd.nist.gov/vuln/detail/CVE-2023-28466), [CVE-2023-30456](https://nvd.nist.gov/vuln/detail/CVE-2023-30456), [CVE-2023-30772](https://nvd.nist.gov/vuln/detail/CVE-2023-30772))<br>- containerd ([CVE-2023-25153](https://nvd.nist.gov/vuln/detail/CVE-2023-25153), [CVE-2023-25173](https://nvd.nist.gov/vuln/detail/CVE-2023-25173))<br>- curl ([CVE-2023-23914](https://nvd.nist.gov/vuln/detail/CVE-2023-23914), [CVE-2023-23915](https://nvd.nist.gov/vuln/detail/CVE-2023-23915), [CVE-2023-23916](https://nvd.nist.gov/vuln/detail/CVE-2023-23916))<br>- e2fsprogs ([CVE-2022-1304](https://nvd.nist.gov/vuln/detail/CVE-2022-1304))<br>- git ([CVE-2023-22490](https://nvd.nist.gov/vuln/detail/CVE-2023-22490), [CVE-2023-23946](https://nvd.nist.gov/vuln/detail/CVE-2023-23946))<br>- GnuTLS ([CVE-2023-0361](https://nvd.nist.gov/vuln/detail/CVE-2023-0361))<br>- Go ([CVE-2022-41723](https://nvd.nist.gov/vuln/detail/CVE-2022-41723), [CVE-2022-41724](https://nvd.nist.gov/vuln/detail/CVE-2022-41724), [CVE-2022-41725](https://nvd.nist.gov/vuln/detail/CVE-2022-41725), [CVE-2023-24532](https://nvd.nist.gov/vuln/detail/CVE-2023-24532))<br>- intel-microcode ([CVE-2022-21216](https://nvd.nist.gov/vuln/detail/CVE-2022-21216), [CVE-2022-33196](https://nvd.nist.gov/vuln/detail/CVE-2022-33196), [CVE-2022-38090](https://nvd.nist.gov/vuln/detail/CVE-2022-38090))<br>- less ([CVE-2022-46663](https://nvd.nist.gov/vuln/detail/CVE-2022-46663))<br>- OpenSSH ([CVE-2023-25136](https://nvd.nist.gov/vuln/detail/CVE-2023-25136))<br>- OpenSSL ([CVE-2022-4203](https://nvd.nist.gov/vuln/detail/CVE-2022-4203), [CVE-2022-4304](https://nvd.nist.gov/vuln/detail/CVE-2022-4304), [CVE-2022-4450](https://nvd.nist.gov/vuln/detail/CVE-2022-4450), [CVE-2023-0215](https://nvd.nist.gov/vuln/detail/CVE-2023-0215), [CVE-2023-0216](https://nvd.nist.gov/vuln/detail/CVE-2023-0216), [CVE-2023-0217](https://nvd.nist.gov/vuln/detail/CVE-2023-0217), [CVE-2023-0286](https://nvd.nist.gov/vuln/detail/CVE-2023-0286), [CVE-2023-0401](https://nvd.nist.gov/vuln/detail/CVE-2023-0401))<br>- torcx ([CVE-2022-32149](https://nvd.nist.gov/vuln/detail/CVE-2022-32149))<br>- vim ([CVE-2023-0288](https://nvd.nist.gov/vuln/detail/CVE-2023-0288), [CVE-2023-0433](https://nvd.nist.gov/vuln/detail/CVE-2023-0433))<br>- SDK: dnsmasq ([CVE-2022-0934](https://nvd.nist.gov/vuln/detail/CVE-2022-0934))<br>- SDK: pkgconf ([CVE-2023-24056](https://nvd.nist.gov/vuln/detail/CVE-2023-24056))<br>- SDK: python ([CVE-2023-24329](https://nvd.nist.gov/vuln/detail/CVE-2023-24329))<br><br>#### Bug fixes:<br><br>- Ensured that `/var/log/journal/` is created early enough for systemd-journald to persist the logs on first boot ([bootengine#60](https://github.com/flatcar/bootengine/pull/60), [baselayout#29](https://github.com/flatcar/baselayout/pull/29))<br>- Fixed `journalctl --user` permission issue ([Flatcar#989](https://github.com/flatcar/Flatcar/issues/989))<br>- Restored the support to specify OEM partition files in Ignition when `/usr/share/oem` is given as initrd mount point ([bootengine#58](https://github.com/flatcar/bootengine/pull/58))<br><br>#### Changes:<br><br>- Added a new `flatcar-reset` tool and boot logic for selective OS resets to reconfigure the system with Ignition while avoiding config drift ([bootengine#55](https://github.com/flatcar/bootengine/pull/55), [init#91](https://github.com/flatcar/init/pull/91))<br>- Added new image signing pub key to `flatcar-install`, needed for download verification of releases built from July 2023 onwards, if you have copies of `flatcar-install` or the image signing pub key, you need to update them as well ([init#92](https://github.com/flatcar/init/pull/92))<br>- Added `pigz` to the image, a parallel gzip implementation, which is useful to speed up the (de)compression for large container image imports/exports ([coreos-overlay#2504](https://github.com/flatcar/coreos-overlay/pull/2504))<br>- Enabled elfutils support in systemd-coredump. A backtrace will now appear in the journal for any program that dumps core ([coreos-overlay#2489](https://github.com/flatcar/coreos-overlay/pull/2489))<br>- `/etc` is now set up as overlayfs with the original `/etc` folder being the store for changed files/directories and `/usr/share/flatcar/etc` providing the lower default directory tree ([bootengine#53](https://github.com/flatcar/bootengine/pull/53), [scripts#666](https://github.com/flatcar/scripts/pull/666))<br>- On boot any files in `/etc` that are the same as provided by the booted `/usr/share/flatcar/etc` default for the overlay mount on `/etc` are deleted to ensure that future updates of `/usr/share/flatcar/etc` are propagated - to opt out create `/etc/.no-dup-update` in case you want to keep an unmodified config file as is or because you fear that a future Flatcar version may use the same file as you at which point your copy is cleaned up and any other future Flatcar changes would be applied ([bootengine#54](https://github.com/flatcar/bootengine/pull/54))<br>- Specifying the OEM filesystem in Ignition to write files to `/usr/share/oem` is not needed anymore ([bootengine#58](https://github.com/flatcar/bootengine/pull/58))<br>- Switched systemd log reporting to the combined format of both unit description, as before, and now the unit name to easily find the unit ([coreos-overlay#2436](https://github.com/flatcar/coreos-overlay/pull/2436))<br><br>#### Updates:<br><br>- Linux ([5.15.106](https://lwn.net/Articles/928343) (includes [5.15.105](https://lwn.net/Articles/927860), [5.15.104](https://lwn.net/Articles/926873), [5.15.103](https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tag/?h=v5.15.103) [5.15.102](https://lwn.net/Articles/925991), [5.15.101](https://lwn.net/Articles/925939), [5.15.100](https://lwn.net/Articles/925913), [5.15.99](https://lwn.net/Articles/925844)))<br>- Linux Firmware ([20230310](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20230310) (includes [20230210](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20230210)))<br>- bind tools ([9.16.37](https://bind9.readthedocs.io/en/v9_16_37/notes.html#notes-for-bind-9-16-37))<br>- btrfs-progs ([6.0.2](https://btrfs.readthedocs.io/en/latest/CHANGES.html#btrfs-progs-6-0-2-2022-11-24) (includes [6.0](https://btrfs.readthedocs.io/en/latest/CHANGES.html#btrfs-progs-6-0-2022-10-11)))<br>- ca-certificates ([3.89](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_89.html))<br>- containerd ([1.6.19](https://github.com/containerd/containerd/releases/tag/v1.6.19) (includes [1.6.18](https://github.com/containerd/containerd/releases/tag/v1.6.18)))<br>- curl ([7.88.1](https://curl.se/changes.html#7_88_1) (includes [7.88.0](https://curl.se/changes.html#7_88_0)))<br>- diffutils ([3.9](https://savannah.gnu.org/forum/forum.php?forum_id=10282))<br>- e2fsprogs ([1.46.6](https://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.46.6))<br>- findutils ([4.9.0](https://lists.gnu.org/archive/html/info-gnu/2022-02/msg00003.html))<br>- Go ([1.19.7](https://go.dev/doc/devel/release#go1.19.7) (includes [1.19.6](https://go.dev/doc/devel/release#go1.19.6)))<br>- gcc ([12.2.1](https://gcc.gnu.org/gcc-12/changes.html))<br>- git ([2.39.2](https://github.com/git/git/blob/v2.39.2/Documentation/RelNotes/2.39.2.txt))<br>- GLib ([2.74.5](https://gitlab.gnome.org/GNOME/glib/-/tags/2.74.5))<br>- GnuTLS ([3.8.0](https://gitlab.com/gnutls/gnutls/-/blob/3.8.0/NEWS))<br>- ignition ([2.15.0](https://coreos.github.io/ignition/release-notes/#ignition-2150-2023-02-21))<br>- intel-microcode ([20230214](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230214))<br>- iputils ([20221126](https://github.com/iputils/iputils/releases/tag/20221126))<br>- less ([608](http://www.greenwoodsoftware.com/less/news.608.html))<br>- libpcap ([1.10.3](https://git.tcpdump.org/libpcap/blob/refs/tags/libpcap-1.10.3:/CHANGES) (includes [1.10.2](https://git.tcpdump.org/libpcap/blob/refs/tags/libpcap-1.10.2:/CHANGES)))<br>- libpcre2 ([10.42](https://github.com/PCRE2Project/pcre2/blob/pcre2-10.42/NEWS))<br>- OpenSSH ([9.2](http://www.openssh.com/releasenotes.html#9.2))<br>- OpenSSL ([3.0.8](https://github.com/openssl/openssl/blob/openssl-3.0.8/NEWS.md#major-changes-between-openssl-307-and-openssl-308-7-feb-2023))<br>- qemu guest agent ([7.1.0](https://wiki.qemu.org/ChangeLog/7.1#Guest_agent))<br>- socat ([1.7.4.4](https://repo.or.cz/socat.git/blob/refs/tags/tag-1.7.4.4:/CHANGES))<br>- strace ([6.1](https://github.com/strace/strace/releases/tag/v6.1))<br>- traceroute (2.1.1)<br>- vim ([9.0.1363](https://github.com/vim/vim/releases/tag/v9.0.1363))<br>- SDK: cmake ([3.25.2](https://cmake.org/cmake/help/v3.25/release/3.25.html))<br>- SDK: dnsmasq ([2.89](https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2023q1/016859.html))<br>- SDK: portage ([3.0.44](https://gitweb.gentoo.org/proj/portage.git/tree/NEWS?h=portage-3.0.44))<br>- SDK: python ([3.10.10](https://docs.python.org/3.10/whatsnew/changelog.html#python-3-10-10-final) (includes [3.10.9](https://docs.python.org/3.10/whatsnew/changelog.html#python-3-10-9-final), [3.10](https://www.python.org/downloads/release/python-3100/)))<br>- SDK: Rust ([1.68.0](https://github.com/rust-lang/rust/releases/tag/1.68.0) (includes [1.67.1](https://github.com/rust-lang/rust/releases/tag/1.67.1)))<br>- VMware: open-vm-tools ([12.2.0](https://github.com/vmware/open-vm-tools/releases/tag/stable-12.2.0))<br><br><br>_Changes since **Alpha 3549.0.0**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-4269](https://nvd.nist.gov/vuln/detail/CVE-2022-4269), [CVE-2022-4379](https://nvd.nist.gov/vuln/detail/CVE-2022-4379), [CVE-2023-1611](https://nvd.nist.gov/vuln/detail/CVE-2023-1611), [CVE-2023-1670](https://nvd.nist.gov/vuln/detail/CVE-2023-1670), [CVE-2023-1855](https://nvd.nist.gov/vuln/detail/CVE-2023-1855), [CVE-2023-1989](https://nvd.nist.gov/vuln/detail/CVE-2023-1989), [CVE-2023-1990](https://nvd.nist.gov/vuln/detail/CVE-2023-1990), [CVE-2023-28466](https://nvd.nist.gov/vuln/detail/CVE-2023-28466), [CVE-2023-30456](https://nvd.nist.gov/vuln/detail/CVE-2023-30456), [CVE-2023-30772](https://nvd.nist.gov/vuln/detail/CVE-2023-30772))<br><br>#### Bug fixes:<br><br>- Ensured that `/var/log/journal/` is created early enough for systemd-journald to persist the logs on first boot ([bootengine#60](https://github.com/flatcar/bootengine/pull/60), [baselayout#29](https://github.com/flatcar/baselayout/pull/29))<br>- Fixed `journalctl --user` permission issue ([Flatcar#989](https://github.com/flatcar/Flatcar/issues/989))<br><br>#### Changes:<br><br><br>#### Updates:<br><br>- Linux ([5.15.106](https://lwn.net/Articles/928343) (includes [5.15.105](https://lwn.net/Articles/927860), [5.15.104](https://lwn.net/Articles/926873)))<br><br>Packages:<br>- containerd 1.6.19<br>- docker 20.10.23<br>- ignition 2.15.0<br>- kernel 5.15.106<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-04-17T13:18:23+00:00 @@ -1494,7 +1510,7 @@ https://github.com/flatcar/scripts/releases/tag/beta-3510.1.0 3510.1.0 - 2023-10-25T10:20:43.653012+00:00 + 2023-11-22T09:59:33.550990+00:00 _Changes since **Beta 3493.1.0**_<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2022-2196](https://nvd.nist.gov/vuln/detail/CVE-2022-2196), [CVE-2022-27672](https://nvd.nist.gov/vuln/detail/CVE-2022-27672), [CVE-2022-3707](https://nvd.nist.gov/vuln/detail/CVE-2022-3707), [CVE-2023-1078](https://nvd.nist.gov/vuln/detail/CVE-2023-1078), [CVE-2023-26545](https://nvd.nist.gov/vuln/detail/CVE-2023-26545))<br> - curl ([CVE-2022-43551](https://nvd.nist.gov/vuln/detail/CVE-2022-43551), [CVE-2022-43552](https://nvd.nist.gov/vuln/detail/CVE-2022-43552))<br> - sudo ([CVE-2023-22809](https://nvd.nist.gov/vuln/detail/CVE-2023-22809))<br> - vim ([CVE-2023-0049](https://nvd.nist.gov/vuln/detail/CVE-2023-0049), [CVE-2023-0051](https://nvd.nist.gov/vuln/detail/CVE-2023-0051), [CVE-2023-0054](https://nvd.nist.gov/vuln/detail/CVE-2023-0054))<br> - SDK: qemu ([CVE-2022-4172](https://nvd.nist.gov/vuln/detail/CVE-2022-4172))<br> <br> #### Bug fixes:<br> <br> - Excluded the special Kubernetes network interfaces `nodelocaldns` and `kube-ipvs0` from being managed with systemd-networkd which interfered with the setup ([init#89](https://github.com/flatcar/init/pull/89)).<br> <br> #### Updates:<br> <br> - Linux ([5.15.98](https://lwn.net/Articles/925080) (includes [5.15.97](https://lwn.net/Articles/925064), [5.15.96](https://lwn.net/Articles/924441), [5.15.95](https://lwn.net/Articles/924073), [5.15.94](https://lwn.net/Articles/923308), [5.15.93](https://lwn.net/Articles/922814)))<br> - Docker ([20.10.23](https://docs.docker.com/engine/release-notes/#201023))<br> - bind tools ([9.16.36](https://bind9.readthedocs.io/en/v9_16_36/notes.html#notes-for-bind-9-16-36) (includes [9.16.34](https://bind9.readthedocs.io/en/v9_16_35/notes.html#notes-for-bind-9-16-34) and [9.16.35](https://bind9.readthedocs.io/en/v9_16_34/notes.html#notes-for-bind-9-16-35)))<br> - bpftool ([5.19.12](https://lwn.net/Articles/909678/))<br> - ca-certificates ([3.88.1](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_88_1.html))<br> - containerd ([1.6.16](https://github.com/containerd/containerd/releases/tag/v1.6.16))<br> - curl ([7.87.0](https://curl.se/changes.html#7_87_0))<br> - git ([2.39.1](https://github.com/git/git/blob/v2.39.1/Documentation/RelNotes/2.39.1.txt) (includes [2.39.0](https://github.com/git/git/blob/v2.39.0/Documentation/RelNotes/2.39.0.txt)))<br> - iptables ([1.8.8](https://www.netfilter.org/projects/iptables/files/changes-iptables-1.8.8.txt))<br> - sudo ([1.9.12_p2](https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_12p2))<br> - systemd ([252.5](https://github.com/systemd/systemd-stable/releases/tag/v252.5))<br> - vim ([9.0.1157](https://github.com/vim/vim/releases/tag/v9.0.1157))<br> - XZ utils ([5.4.1](https://github.com/tukaani-project/xz/releases/tag/v5.4.1) (includes [5.4.0](https://github.com/tukaani-project/xz/releases/tag/v5.4.0)))<br> - SDK: boost ([1.81.0](https://www.boost.org/users/history/version_1_81_0.html))<br> - SDK: file ([5.44](https://github.com/file/file/blob/FILE5_44/ChangeLog))<br> - SDK: portage ([3.0.43](https://github.com/gentoo/portage/blob/portage-3.0.43/NEWS) (includes [3.0.42](https://github.com/gentoo/portage/blob/portage-3.0.42/NEWS)))<br> - SDK: qemu ([7.2.0](https://wiki.qemu.org/ChangeLog/7.2))<br> - SDK: Rust ([1.67.0](https://github.com/rust-lang/rust/releases/tag/1.67.0))<br> <br> _Changes since **Alpha 3510.0.0**_<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2022-2196](https://nvd.nist.gov/vuln/detail/CVE-2022-2196), [CVE-2022-27672](https://nvd.nist.gov/vuln/detail/CVE-2022-27672), [CVE-2022-3707](https://nvd.nist.gov/vuln/detail/CVE-2022-3707), [CVE-2023-1078](https://nvd.nist.gov/vuln/detail/CVE-2023-1078), [CVE-2023-26545](https://nvd.nist.gov/vuln/detail/CVE-2023-26545))<br> <br> #### Bug fixes:<br> <br> - Excluded the special Kubernetes network interfaces `nodelocaldns` and `kube-ipvs0` from being managed with systemd-networkd which interfered with the setup ([init#89](https://github.com/flatcar/init/pull/89)).<br> <br> #### Updates:<br> <br> - Linux ([5.15.98](https://lwn.net/Articles/925080) (includes [5.15.97](https://lwn.net/Articles/925064), [5.15.96](https://lwn.net/Articles/924441), [5.15.95](https://lwn.net/Articles/924073), [5.15.94](https://lwn.net/Articles/923308), [5.15.93](https://lwn.net/Articles/922814)))<br>Packages:<br>- containerd 1.6.16<br>- docker 20.10.23<br>- ignition 2.14.0<br>- kernel 5.15.98<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-03-07T15:23:17+00:00 @@ -1502,7 +1518,7 @@ https://github.com/flatcar/scripts/releases/tag/beta-3493.1.0 3493.1.0 - 2023-10-25T10:20:43.645870+00:00 + 2023-11-22T09:59:33.543834+00:00 _Changes since **Beta 3446.1.1**_<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2022-4129](https://nvd.nist.gov/vuln/detail/CVE-2022-4129), [CVE-2022-4382](https://nvd.nist.gov/vuln/detail/CVE-2022-4382), [CVE-2022-4842](https://nvd.nist.gov/vuln/detail/CVE-2022-4842), [CVE-2023-23559](https://nvd.nist.gov/vuln/detail/CVE-2023-23559))<br> - Go ([CVE-2022-41717](https://nvd.nist.gov/vuln/detail/CVE-2022-41717))<br> - containerd ([CVE-2022-23471](https://nvd.nist.gov/vuln/detail/CVE-2022-23471))<br> - git ([CVE-2022-23521](https://nvd.nist.gov/vuln/detail/CVE-2022-23521), [CVE-2022-41903](https://nvd.nist.gov/vuln/detail/CVE-2022-41903))<br> - glib ([fixes to normal form handling in GVariant](https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835))<br> - libarchive ([CVE-2022-36227](https://nvd.nist.gov/vuln/detail/CVE-2022-36227))<br> - systemd ([CVE-2022-3821](https://nvd.nist.gov/vuln/detail/CVE-2022-3821), [CVE-2022-4415](https://nvd.nist.gov/vuln/detail/CVE-2022-4415))<br> - vim ([CVE-2022-3491](https://nvd.nist.gov/vuln/detail/CVE-2022-3491), [CVE-2022-3520](https://nvd.nist.gov/vuln/detail/CVE-2022-3520), [CVE-2022-3591](https://nvd.nist.gov/vuln/detail/CVE-2022-3591), [CVE-2022-4141](https://nvd.nist.gov/vuln/detail/CVE-2022-4141), [CVE-2022-4292](https://nvd.nist.gov/vuln/detail/CVE-2022-4292), [CVE-2022-4293](https://nvd.nist.gov/vuln/detail/CVE-2022-4293))<br> - SDK: Python ([CVE-2015-20107](https://nvd.nist.gov/vuln/detail/CVE-2015-20107), [CVE-2020-10735](https://nvd.nist.gov/vuln/detail/CVE-2020-10735), [CVE-2021-3654](https://nvd.nist.gov/vuln/detail/CVE-2021-3654), [CVE-2022-37454](https://nvd.nist.gov/vuln/detail/CVE-2022-37454), [CVE-2022-42919](https://nvd.nist.gov/vuln/detail/CVE-2022-42919), [CVE-2022-45061](https://nvd.nist.gov/vuln/detail/CVE-2022-45061))<br> - SDK: qemu ([CVE-2020-14394](https://nvd.nist.gov/vuln/detail/CVE-2020-14394), [CVE-2022-0216](https://nvd.nist.gov/vuln/detail/CVE-2022-0216), [CVE-2022-3872](https://nvd.nist.gov/vuln/detail/CVE-2022-3872))<br> - SDK: rust ([CVE-2022-46176](https://nvd.nist.gov/vuln/detail/CVE-2022-46176))<br><br> <br> #### Updates:<br> - Linux ([5.15.92](https://lwn.net/Articles/922340) (includes [5.15.91](https://lwn.net/Articles/921851), [5.15.90](https://lwn.net/Articles/921029)))<br> - Linux Firmware ([20230117](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20230117))<br> - Docker ([20.10.22](https://docs.docker.com/engine/release-notes/20.10/#201022))<br> - adcli ([0.9.2](https://gitlab.freedesktop.org/realmd/adcli/-/commits/8e88e3590a19006362ea8b8dfdc18bb88b3cb3b5/))<br> - binutils ([2.39](https://sourceware.org/pipermail/binutils/2022-August/122246.html))<br> - containerd ([1.6.15](https://github.com/containerd/containerd/releases/tag/v1.6.15) (includes [1.6.14](https://github.com/containerd/containerd/releases/tag/v1.6.14), [1.6.13](https://github.com/containerd/containerd/releases/tag/v1.6.13), [1.6.12](https://github.com/containerd/containerd/releases/tag/v1.6.12)))<br> - cri-tools ([1.24.2](https://github.com/kubernetes-sigs/cri-tools/releases/tag/v1.24.2))<br> - elfutils ([0.188](https://sourceware.org/pipermail/elfutils-devel/2022q4/005561.html) (includes [0.187](https://sourceware.org/pipermail/elfutils-devel/2022q2/004978.html))<br> - file ([5.43](https://mailman.astron.com/pipermail/file/2022-September/000857.html))<br> - gawk ([5.2.1](https://lists.gnu.org/archive/html/help-gawk/2022-11/msg00008.html) (includes [5.2.0](https://lists.gnu.org/archive/html/help-gawk/2022-09/msg00000.html)))<br> - git ([2.38.3](https://github.com/git/git/blob/v2.38.3/Documentation/RelNotes/2.38.3.txt))<br> - glib ([2.74.4](https://gitlab.gnome.org/GNOME/glib/-/tags/2.74.4))<br> - GNU C Library ([2.36](https://sourceware.org/pipermail/libc-alpha/2022-August/141193.html))<br> - Go ([1.19.5](https://go.dev/doc/devel/release#go1.19.5))<br> - I2C tools ([4.3](https://git.kernel.org/pub/scm/utils/i2c-tools/i2c-tools.git/tree/CHANGES?id=d8bc1f1ff4b00a6bd988aa114100ae9b787f50d8))<br> - Intel Microcode Package ([20221108](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20221108))<br> - libcap-ng ([0.8.3](https://people.redhat.com/sgrubb/libcap-ng/ChangeLog))<br> - libseccomp ([2.5.4](https://github.com/seccomp/libseccomp/releases/tag/v2.5.4) (includes [2.5.2](https://github.com/seccomp/libseccomp/releases/tag/v2.5.2), [2.5.3](https://github.com/seccomp/libseccomp/releases/tag/v2.5.3)))<br> - MIT Kerberos V ([1.20.1](https://web.mit.edu/kerberos/krb5-1.20/krb5-1.20.1.html))<br> - nettle ([3.8.1](https://git.lysator.liu.se/nettle/nettle/-/blob/990abad16ceacd070747dcc76ed16a39c129321e/ChangeLog))<br> - rsync ([3.2.7](https://download.samba.org/pub/rsync/NEWS#3.2.7))<br> - shadow ([4.13](https://github.com/shadow-maint/shadow/releases/tag/4.13))<br> - sqlite ([3.40.1](https://www.sqlite.org/releaselog/3_40_1.html) (includes [3.40.0](https://www.sqlite.org/releaselog/3_40_0.html)))<br> - systemd ([251.10](https://github.com/systemd/systemd-stable/commits/v251.10) (includes [251](https://github.com/systemd/systemd/releases/tag/v251)))<br> - vim ([9.0.1000](https://github.com/vim/vim/releases/tag/v9.0.1000))<br> - XZ utils ([5.2.10](https://git.tukaani.org/?p=xz.git;a=blob;f=NEWS;h=d92fa88a835180af5d6ff22ad0e240d6468f81af;hb=f7c2cc55618b9af3318f0c908cf8db0df1e28e7c))<br> - OEM: python-oem ([3.9.16](https://www.python.org/downloads/release/python-3916/))<br> - SDK: libpng ([1.6.39](http://www.libpng.org/pub/png/src/libpng-1.6.39-README.txt) (includes [1.6.38](http://www.libpng.org/pub/png/src/libpng-1.6.38-README.txt)))<br> - SDK: perl ([5.36.0](https://perldoc.perl.org/5.36.0/perldelta))<br> - SDK: portage ([3.0.41](https://gitweb.gentoo.org/proj/portage.git/tree/NEWS?h=portage-3.0.41))<br> - SDK: qemu ([7.1.0](https://wiki.qemu.org/ChangeLog/7.1))<br> - SDK: Rust ([1.66.1](https://github.com/rust-lang/rust/releases/tag/1.66.1))<br><br>_Changes since **Alpha 3493.0.0**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-4129](https://nvd.nist.gov/vuln/detail/CVE-2022-4129), [CVE-2022-4382](https://nvd.nist.gov/vuln/detail/CVE-2022-4382), [CVE-2022-4842](https://nvd.nist.gov/vuln/detail/CVE-2022-4842), [CVE-2023-23559](https://nvd.nist.gov/vuln/detail/CVE-2023-23559))<br><br>#### Bug fixes:<br><br><br>#### Changes:<br><br><br>#### Updates:<br><br>- Linux ([5.15.92](https://lwn.net/Articles/922340) (includes [5.15.91](https://lwn.net/Articles/921851), [5.15.90](https://lwn.net/Articles/921029)))<br>- cri-tools ([1.24.2](https://github.com/kubernetes-sigs/cri-tools/releases/tag/v1.24.2))<br><br>Packages:<br>- containerd 1.6.15<br>- docker 20.10.22<br>- ignition 2.14.0<br>- kernel 5.15.92<br>- systemd 251<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-02-16T13:07:54+00:00 @@ -1510,7 +1526,7 @@ https://github.com/flatcar/scripts/releases/tag/beta-3446.1.1 3446.1.1 - 2023-10-25T10:20:43.637455+00:00 + 2023-11-22T09:59:33.535386+00:00 _Changes since **Beta 3446.1.0**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-36280](https://nvd.nist.gov/vuln/detail/CVE-2022-36280), [CVE-2022-41218](https://nvd.nist.gov/vuln/detail/CVE-2022-41218), [CVE-2022-47929](https://nvd.nist.gov/vuln/detail/CVE-2022-47929), [CVE-2023-0210](https://nvd.nist.gov/vuln/detail/CVE-2023-0210), [CVE-2023-0266](https://nvd.nist.gov/vuln/detail/CVE-2023-0266), [CVE-2023-0394](https://nvd.nist.gov/vuln/detail/CVE-2023-0394), [CVE-2023-23454](https://nvd.nist.gov/vuln/detail/CVE-2023-23454), [CVE-2023-23455](https://nvd.nist.gov/vuln/detail/CVE-2023-23455))<br>- git ([CVE-2022-23521](https://nvd.nist.gov/vuln/detail/CVE-2022-23521), [CVE-2022-41903](https://nvd.nist.gov/vuln/detail/CVE-2022-41903))<br><br>#### Bug fixes:<br><br>- Fixed a regression (in Alpha/Beta) where machines failed to boot if they didn't have the `core` user or group in `/etc/passwd` or `/etc/group` ([baselayout#26](https://github.com/flatcar/baselayout/pull/26))<br><br>#### Changes:<br><br><br>#### Updates:<br><br>- Linux ([5.15.89](https://lwn.net/Articles/920321) (includes [5.15.88](https://lwn.net/Articles/920012), [5.15.87](https://lwn.net/Articles/919793)))<br>- git ([2.37.5](https://github.com/git/git/blob/v2.37.5/Documentation/RelNotes/2.37.5.txt))<br><br>Packages:<br>- containerd 1.6.10<br>- docker 20.10.21<br>- ignition 2.14.0<br>- kernel 5.15.89<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-01-24T13:16:19+00:00 @@ -1518,7 +1534,7 @@ https://github.com/flatcar/scripts/releases/tag/beta-3446.1.0 3446.1.0 - 2023-10-25T10:20:43.632350+00:00 + 2023-11-22T09:59:33.530221+00:00 _Changes since **Beta 3432.1.0**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-3424](https://nvd.nist.gov/vuln/detail/CVE-2022-3424), [CVE-2022-3534](https://nvd.nist.gov/vuln/detail/CVE-2022-3534), [CVE-2022-3545](https://nvd.nist.gov/vuln/detail/CVE-2022-3545), [CVE-2022-3643](https://nvd.nist.gov/vuln/detail/CVE-2022-3643), [CVE-2022-4378](https://nvd.nist.gov/vuln/detail/CVE-2022-4378), [CVE-2022-45869](https://nvd.nist.gov/vuln/detail/CVE-2022-45869), [CVE-2022-45934](https://nvd.nist.gov/vuln/detail/CVE-2022-45934))<br>- sudo ([CVE-2022-43995](https://nvd.nist.gov/vuln/detail/CVE-2022-43995))<br>- libksba ([CVE-2022-47629](https://nvd.nist.gov/vuln/detail/CVE-2022-47629))<br><br>#### Bug fixes:<br><br>- Added back Ignition support for Vagrant ([coreos-overlay#2351](https://github.com/flatcar/coreos-overlay/pull/2351))<br>- The rootfs setup in the initrd now runs systemd-tmpfiles on every boot, not only when Ignition runs, to fix a dbus failure due to missing files ([Flatcar#944](https://github.com/flatcar/Flatcar/issues/944))<br><br>#### Updates:<br><br>- Linux ([5.15.86](https://lwn.net/Articles/918808) (includes [5.15.85](https://lwn.net/Articles/918329), [5.15.84](https://lwn.net/Articles/918206), [5.15.83](https://lwn.net/Articles/917896), [5.15.82](https://lwn.net/Articles/917400)))<br>- ca-certificates ([3.87](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_87.html))<br>- sudo ([1.9.12_p1](https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_12p1))<br>- GnuTLS ([3.7.8](https://lists.gnupg.org/pipermail/gnutls-help/2022-September/004765.html))<br>- XZ utils ([5.2.8](https://git.tukaani.org/?p=xz.git;a=blob;f=NEWS;h=c244b42a6771a6e8af206318dfc500d78929fd6f;hb=5476089d9c42b9b04e92b80e1800b384a98265cb))<br>- gettext ([0.21.1](https://git.savannah.gnu.org/gitweb/?p=gettext.git;a=blob;f=NEWS;h=cdbb16746c23555e70bb1e16917f5c349ce92d9e;hb=8b38ee827251cadbb90cb6cb576ae98702566288))<br>- libksba ([1.6.3](https://dev.gnupg.org/T6304))<br>- VMware: open-vm-tools ([12.1.5](https://github.com/vmware/open-vm-tools/releases/tag/stable-12.1.5))<br><br>_Changes since **Alpha 3446.0.0**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-3424](https://nvd.nist.gov/vuln/detail/CVE-2022-3424), [CVE-2022-3534](https://nvd.nist.gov/vuln/detail/CVE-2022-3534), [CVE-2022-3545](https://nvd.nist.gov/vuln/detail/CVE-2022-3545), [CVE-2022-3643](https://nvd.nist.gov/vuln/detail/CVE-2022-3643), [CVE-2022-4378](https://nvd.nist.gov/vuln/detail/CVE-2022-4378), [CVE-2022-45869](https://nvd.nist.gov/vuln/detail/CVE-2022-45869), [CVE-2022-45934](https://nvd.nist.gov/vuln/detail/CVE-2022-45934))<br>- libksba ([CVE-2022-47629](https://nvd.nist.gov/vuln/detail/CVE-2022-47629))<br><br>#### Bug fixes:<br><br>- Added back Ignition support for Vagrant ([coreos-overlay#2351](https://github.com/flatcar/coreos-overlay/pull/2351))<br>- The rootfs setup in the initrd now runs systemd-tmpfiles on every boot, not only when Ignition runs, to fix a dbus failure due to missing files ([Flatcar#944](https://github.com/flatcar/Flatcar/issues/944))<br><br>#### Updates:<br><br>- Linux ([5.15.86](https://lwn.net/Articles/918808) (includes [5.15.85](https://lwn.net/Articles/918329), [5.15.84](https://lwn.net/Articles/918206), [5.15.83](https://lwn.net/Articles/917896), [5.15.82](https://lwn.net/Articles/917400)))<br>- ca-certificates ([3.87](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_87.html))<br>- libksba ([1.6.3](https://dev.gnupg.org/T6304))<br><br>Packages:<br>- containerd 1.6.10<br>- docker 20.10.21<br>- ignition 2.14.0<br>- kernel 5.15.86<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-01-11T13:32:59+00:00 @@ -1526,7 +1542,7 @@ https://github.com/flatcar/scripts/releases/tag/beta-3432.1.0 3432.1.0 - 2023-10-25T10:20:43.625805+00:00 + 2023-11-22T09:59:33.523646+00:00 _Changes since **Beta 3417.1.0**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-3169](https://nvd.nist.gov/vuln/detail/CVE-2022-169), [CVE-2022-3521](https://nvd.nist.gov/vuln/detail/CVE-2022-521))<br>- cpio ([CVE-2021-38185](https://nvd.nist.gov/vuln/detail/CVE-2021-8185))<br>- curl ([CVE-2022-32221](https://nvd.nist.gov/vuln/detail/CVE-2022-2221), [CVE-2022-35260](https://nvd.nist.gov/vuln/detail/CVE-2022-2221), [CVE-2022-42915](https://nvd.nist.gov/vuln/detail/CVE-2022-2221), [CVE-2022-42916](https://nvd.nist.gov/vuln/detail/CVE-2022-2221))<br>- expat ([CVE-2022-43680](https://nvd.nist.gov/vuln/detail/CVE-2022-3680))<br>- libksba ([CVE-2022-3515](https://nvd.nist.gov/vuln/detail/CVE-2022-515))<br>- vim ([CVE-2022-3705](https://nvd.nist.gov/vuln/detail/CVE-2022-705))<br><br>#### Bug fixes:<br><br>- Added support for hardware security keys in update-ssh-keys ([update-ssh-keys#7](https://github.com/flatcar/update-ssh-eys/pull/7))<br>- Fix "ext4 deadlock under heavy I/O load" kernel issue. The patch for this is included provisionally while we wait for it to be merged pstream ([Flatcar#847](https://github.com/flatcar/Flatcar/issues/847), [coreos-overlay#2315](https://github.com/flatcar/coreos-overlay/pull/2315))<br><br>#### Updates:<br><br>- Linux ([5.15.81](https://lwn.net/Articles/916763) (includes [5.15.80](https://lwn.net/Articles/916003)))<br>- Linux Firmware ([20221109](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20221109))<br>- OpenSSH ([9.1](http://www.openssh.com/releasenotes.html#9.1))<br>- containerd ([1.6.10](https://github.com/containerd/containerd/releases/tag/v1.6.10))<br>- cpio ([2.13](https://lists.gnu.org/archive/html/bug-cpio/2019-11/msg00000.html))<br>- curl ([7.86](https://curl.se/changes.html#7_86_0))<br>- Expat ([2.5.0](https://github.com/libexpat/libexpat/blob/R_2_5_0/expat/Changes))<br>- glib ([2.74.1](https://gitlab.gnome.org/GNOME/glib/-/tags/2.74.1))<br>- libcap ([2.66](https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.d9ygdose5kw))<br>- libksba ([1.6.2](https://dev.gnupg.org/T6230))<br>- sqlite ([3.39.4](https://sqlite.org/releaselog/3_39_4.html))<br>- vim ([9.0.0828](https://github.com/vim/vim/releases/tag/v9.0.0828))<br>- whois ([5.5.14](https://github.com/rfc1036/whois/commit/ab10466cf2e1ec4887f6a44375c3e29c1720157f))<br>- XZ utils ([5.2.7](https://git.tukaani.org/?p=xz.git;a=blob;f=NEWS;h=0205423e79ce8297102096b0fc8b030ddf5b2023;hb=d24a57b7fc7e5e9267b84367cb0788d3acf7f569))<br>- SDK: Rust ([1.65.0](https://github.com/rust-ang/rust/releases/tag/1.65.0))<br><br>_Changes since **Alpha 3432.0.0**_<br> <br>#### Security fixes:<br> <br>- Linux ([CVE-2022-3169](https://nvd.nist.gov/vuln/detail/CVE-2022-3169), [CVE-2022-3521](https://nvd.nist.gov/vuln/detail/CVE-2022-3521))<br> <br>#### Bug fixes:<br> <br>- Fix "ext4 deadlock under heavy I/O load" kernel issue. The patch for this is included provisionally while we wait for it to be merged upstream ([Flatcar#847](https://github.com/flatcar/Flatcar/issues/847), [coreos-overlay#2315](https://github.com/flatcar/coreos-overlay/pull/2315))<br> <br> #### Updates:<br> <br>- Linux ([5.15.81](https://lwn.net/Articles/916763) (includes [5.15.80](https://lwn.net/Articles/916003)))<br>Packages:<br>- containerd 1.6.10<br>- docker 20.10.21<br>- ignition 2.14.0<br>- kernel 5.15.81<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-12-09T09:47:46+00:00 @@ -1534,7 +1550,7 @@ https://github.com/flatcar/scripts/releases/tag/beta-3417.1.0 3417.1.0 - 2023-10-25T10:20:43.619369+00:00 + 2023-11-22T09:59:33.517043+00:00 _Changes since **Beta 3402.1.0**_<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2022-3543](https://nvd.nist.gov/vuln/detail/CVE-2022-3543), [CVE-2022-3564](https://nvd.nist.gov/vuln/detail/CVE-2022-3564), [CVE-2022-3619](https://nvd.nist.gov/vuln/detail/CVE-2022-3619), [CVE-2022-3623](https://nvd.nist.gov/vuln/detail/CVE-2022-3623), [CVE-2022-3628](https://nvd.nist.gov/vuln/detail/CVE-2022-3628), [CVE-2022-42895](https://nvd.nist.gov/vuln/detail/CVE-2022-42895), [CVE-2022-42896](https://nvd.nist.gov/vuln/detail/CVE-2022-42896))<br> - git ([CVE-2022-39253](https://nvd.nist.gov/vuln/detail/CVE-2022-39253), [CVE-2022-39260](https://nvd.nist.gov/vuln/detail/CVE-2022-39260))<br> - multipath-tools ([CVE-2022-41973](https://nvd.nist.gov/vuln/detail/CVE-2022-41973), [CVE-2022-41974](https://nvd.nist.gov/vuln/detail/CVE-2022-41974))<br> <br> #### Bug fixes:<br> <br> - Fixed Ignition btrfs forced formatting for OEM partition ([coreos-overlay#2277](https://github.com/flatcar/coreos-overlay/pull/2277))<br> <br> #### Changes:<br> <br> - Toolbox now uses containerd to download and mount the image ([toolbox#7](https://github.com/flatcar/toolbox/pull/7))<br> <br> #### Updates:<br> <br> - Linux ([5.15.79](https://lwn.net/Articles/915100) (includes [5.15.78](https://lwn.net/Articles/914423)))<br> - Docker ([20.10.21](https://docs.docker.com/engine/release-notes/#201021))<br> - Go ([1.19.3](https://go.dev/doc/devel/release#go1.19.3))<br> - ca-certificates ([3.85](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_85.html))<br> - containerd ([1.6.9](https://github.com/containerd/containerd/releases/tag/v1.6.9))<br> - glibc ([2.35](https://savannah.gnu.org/forum/forum.php?forum_id=10111))<br> - bpftool ([5.19.8](https://lwn.net/Articles/907523/))<br> - git ([2.37.4](https://github.com/git/git/blob/master/Documentation/RelNotes/2.37.4.txt))<br> - iputils ([20211215](https://github.com/iputils/iputils/releases/tag/20211215))<br> - libcap ([2.65](https://sites.google.com/site/fullycapable/release-notes-for-libcap?authuser=0#h.wfblevfzkj0))<br> - multipath-tools ([0.9.3](https://github.com/opensvc/multipath-tools/releases/tag/0.9.3))<br> - wget ([1.21.3](https://lists.gnu.org/archive/html/info-gnu/2022-02/msg00017.html))<br> - whois ([5.5.13](https://github.com/rfc1036/whois/blob/v5.5.13/debian/changelog))<br> - xz-utils ([5.2.6](https://git.tukaani.org/?p=xz.git;a=blob;f=NEWS;h=4c79b18ff26a1c479a920b21f07d050599c04c9e;hb=8dfed05bdaa4873833ba24279f02ad2db25effea))<br><br>_Changes since **Alpha 3417.0.0**_<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2022-3543](https://nvd.nist.gov/vuln/detail/CVE-2022-3543), [CVE-2022-3564](https://nvd.nist.gov/vuln/detail/CVE-2022-3564), [CVE-2022-3619](https://nvd.nist.gov/vuln/detail/CVE-2022-3619), [CVE-2022-3623](https://nvd.nist.gov/vuln/detail/CVE-2022-3623), [CVE-2022-3628](https://nvd.nist.gov/vuln/detail/CVE-2022-3628), [CVE-2022-42895](https://nvd.nist.gov/vuln/detail/CVE-2022-42895), [CVE-2022-42896](https://nvd.nist.gov/vuln/detail/CVE-2022-42896))<br> <br> #### Bug fixes:<br> <br> - Fixed Ignition btrfs forced formatting for OEM partition ([coreos-overlay#2277](https://github.com/flatcar/coreos-overlay/pull/2277))<br> <br> #### Updates:<br> <br> - Linux ([5.15.79](https://lwn.net/Articles/915100) (includes [5.15.78](https://lwn.net/Articles/914423)))<br> - ca-certificates ([3.85](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_85.html))<br><br>Packages:<br>- containerd 1.6.9<br>- docker 20.10.21<br>- ignition 2.14.0<br>- kernel 5.15.79<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-11-24T15:10:53+00:00 @@ -1542,7 +1558,7 @@ https://github.com/flatcar/scripts/releases/tag/beta-3402.1.0 3402.1.0 - 2023-10-25T10:20:43.612777+00:00 + 2023-11-22T09:59:33.510409+00:00 _Changes since **Beta 3374.1.1**_<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2022-2602](https://nvd.nist.gov/vuln/detail/CVE-2022-2602), [CVE-2022-3535](https://nvd.nist.gov/vuln/detail/CVE-2022-3535), [CVE-2022-3542](https://nvd.nist.gov/vuln/detail/CVE-2022-3542), [CVE-2022-3565](https://nvd.nist.gov/vuln/detail/CVE-2022-3565), [CVE-2022-3594](https://nvd.nist.gov/vuln/detail/CVE-2022-3594))<br> - bind tools ([CVE-2022-2795](https://nvd.nist.gov/vuln/detail/CVE-2022-2795), [CVE-2022-2881](https://nvd.nist.gov/vuln/detail/CVE-2022-2881), [CVE-2022-2906](https://nvd.nist.gov/vuln/detail/CVE-2022-2906), [CVE-2022-3080](https://nvd.nist.gov/vuln/detail/CVE-2022-3080), [CVE-2022-38177](https://nvd.nist.gov/vuln/detail/CVE-2022-38177), [CVE-2022-38178](https://nvd.nist.gov/vuln/detail/CVE-2022-38178))<br> - curl ([CVE-2022-35252](https://nvd.nist.gov/vuln/detail/CVE-2022-35252))<br> - dbus ([CVE-2022-42010](https://nvd.nist.gov/vuln/detail/CVE-2022-42010), [CVE-2022-42011](https://nvd.nist.gov/vuln/detail/CVE-2022-42011), [CVE-2022-42012](https://nvd.nist.gov/vuln/detail/CVE-2022-42012))<br> - go ([CVE-2022-41715](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41715), [CVE-2022-2880](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880), [CVE-2022-2879](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879))<br> - libxml2 ([CVE-2022-40303](https://nvd.nist.gov/vuln/detail/CVE-2022-40303), [CVE-2022-40304](https://nvd.nist.gov/vuln/detail/CVE-2022-40304))<br> - logrotate ([CVE-2022-1348](https://nvd.nist.gov/vuln/detail/CVE-2022-1348))<br> - vim ([CVE-2022-1725](https://nvd.nist.gov/vuln/detail/CVE-2022-1725), [CVE-2022-2042](https://nvd.nist.gov/vuln/detail/CVE-2022-2042), [CVE-2022-2124](https://nvd.nist.gov/vuln/detail/CVE-2022-2124), [CVE-2022-2125](https://nvd.nist.gov/vuln/detail/CVE-2022-2125), [CVE-2022-2126](https://nvd.nist.gov/vuln/detail/CVE-2022-2126), [CVE-2022-2129](https://nvd.nist.gov/vuln/detail/CVE-2022-2129), [CVE-2022-2175](https://nvd.nist.gov/vuln/detail/CVE-2022-2175), [CVE-2022-2182](https://nvd.nist.gov/vuln/detail/CVE-2022-2182), [CVE-2022-2183](https://nvd.nist.gov/vuln/detail/CVE-2022-2183), [CVE-2022-2206](https://nvd.nist.gov/vuln/detail/CVE-2022-2206), [CVE-2022-2207](https://nvd.nist.gov/vuln/detail/CVE-2022-2207), [CVE-2022-2208](https://nvd.nist.gov/vuln/detail/CVE-2022-2208), [CVE-2022-2210](https://nvd.nist.gov/vuln/detail/CVE-2022-2210), [CVE-2022-2231](https://nvd.nist.gov/vuln/detail/CVE-2022-2231), [CVE-2022-2257](https://nvd.nist.gov/vuln/detail/CVE-2022-2257), [CVE-2022-2264](https://nvd.nist.gov/vuln/detail/CVE-2022-2264), [CVE-2022-2284](https://nvd.nist.gov/vuln/detail/CVE-2022-2284), [CVE-2022-2285](https://nvd.nist.gov/vuln/detail/CVE-2022-2285), [CVE-2022-2286](https://nvd.nist.gov/vuln/detail/CVE-2022-2286), [CVE-2022-2287](https://nvd.nist.gov/vuln/detail/CVE-2022-2287), [CVE-2022-2288](https://nvd.nist.gov/vuln/detail/CVE-2022-2288), [CVE-2022-2289](https://nvd.nist.gov/vuln/detail/CVE-2022-2289), [CVE-2022-2304](https://nvd.nist.gov/vuln/detail/CVE-2022-2304), [CVE-2022-2343](https://nvd.nist.gov/vuln/detail/CVE-2022-2343), [CVE-2022-2344](https://nvd.nist.gov/vuln/detail/CVE-2022-2344), [CVE-2022-2345](https://nvd.nist.gov/vuln/detail/CVE-2022-2345), [CVE-2022-2522](https://nvd.nist.gov/vuln/detail/CVE-2022-2522), [CVE-2022-2816](https://nvd.nist.gov/vuln/detail/CVE-2022-2816), [CVE-2022-2817](https://nvd.nist.gov/vuln/detail/CVE-2022-2817), [CVE-2022-2819](https://nvd.nist.gov/vuln/detail/CVE-2022-2819), [CVE-2022-2845](https://nvd.nist.gov/vuln/detail/CVE-2022-2845), [CVE-2022-2849](https://nvd.nist.gov/vuln/detail/CVE-2022-2849), [CVE-2022-2862](https://nvd.nist.gov/vuln/detail/CVE-2022-2862), [CVE-2022-2874](https://nvd.nist.gov/vuln/detail/CVE-2022-2874), [CVE-2022-2889](https://nvd.nist.gov/vuln/detail/CVE-2022-2889), [CVE-2022-2923](https://nvd.nist.gov/vuln/detail/CVE-2022-2923), [CVE-2022-2946](https://nvd.nist.gov/vuln/detail/CVE-2022-2946), [CVE-2022-2980](https://nvd.nist.gov/vuln/detail/CVE-2022-2980), [CVE-2022-2982](https://nvd.nist.gov/vuln/detail/CVE-2022-2982), [CVE-2022-3016](https://nvd.nist.gov/vuln/detail/CVE-2022-3016), [CVE-2022-3099](https://nvd.nist.gov/vuln/detail/CVE-2022-3099), [CVE-2022-3134](https://nvd.nist.gov/vuln/detail/CVE-2022-3134), [CVE-2022-3153](https://nvd.nist.gov/vuln/detail/CVE-2022-3153), [CVE-2022-3234](https://nvd.nist.gov/vuln/detail/CVE-2022-3234), [CVE-2022-3235](https://nvd.nist.gov/vuln/detail/CVE-2022-3235), [CVE-2022-3278](https://nvd.nist.gov/vuln/detail/CVE-2022-3278), [CVE-2022-3256](https://nvd.nist.gov/vuln/detail/CVE-2022-3256), [CVE-2022-3296](https://nvd.nist.gov/vuln/detail/CVE-2022-3296), [CVE-2022-3297](https://nvd.nist.gov/vuln/detail/CVE-2022-3297), [CVE-2022-3324](https://nvd.nist.gov/vuln/detail/CVE-2022-3324), [CVE-2022-3352](https://nvd.nist.gov/vuln/detail/CVE-2022-3352))<br> - SDK: rust ([CVE-2022-36113](https://nvd.nist.gov/vuln/detail/CVE-2022-36113), [CVE-2022-36114](https://nvd.nist.gov/vuln/detail/CVE-2022-36114))<br><br> #### Bug fixes:<br> <br> - Enabled IOMMU on arm64 kernels, the lack of which prevented some systems from booting ([coreos-overlay#2235](https://github.com/flatcar/coreos-overlay/pull/2235))<br> <br> #### Changes:<br> <br> - Added `CONFIG_NF_CONNTRACK_BRIDGE` (for nf_conntrack_bridge) and `CONFIG_NFT_BRIDGE_META` (for nft_meta_bridge) to the kernel config to allow using conntrack rules for bridges in nftables and to match on bridge interface names ([coreos-overlay#2207](https://github.com/flatcar/coreos-overlay/pull/2207))<br> - Change CONFIG_WIREGUARD kernel option to module to save space on boot partition ([coreos-overlay#2239](https://github.com/flatcar/coreos-overlay/pull/2239))<br> - Disable several arch specific arm64 kernel config options for unsupported platforms to save space on boot partition ([coreos-overlay#2239](https://github.com/flatcar/coreos-overlay/pull/2239))<br> - Switched from `--strip-unneeded` to `--strip-debug` when installing kernel modules, which makes kernel stacktraces more accurate and makes debugging issues easier ([coreos-overlay#2196](https://github.com/flatcar/coreos-overlay/pull/2196))<br> - The flatcar-update tool got two new flags to customize ports used on the host while updating flatcar ([init#81](https://github.com/flatcar/init/pull/81))<br> - Add qemu-guest-agent to all amd64 images, it will be automatically enabled when qemu-ga virtio-port is detected ([coreos-overlay#2240](https://github.com/flatcar/coreos-overlay/pull/2240), [portage-stable#373](https://github.com/flatcar/portage-stable/pull/373))<br> <br> #### Updates:<br> <br> - Linux ([5.15.77](https://lwn.net/Articles/913681) (includes [5.15.76](https://lwn.net/Articles/912997), [5.15.75](https://lwn.net/Articles/912500)))<br> - Linux Firmware ([20221012](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20221012))<br> - Docker ([20.10.20](https://docs.docker.com/engine/release-notes/#201020))<br> - Go ([1.18.7](https://go.dev/doc/devel/release#1.18.7))<br> - OpenSSL ([3.0.7](https://www.openssl.org/news/openssl-3.0-notes.html))<br> - bind tools ([9.16.33](https://gitlab.isc.org/isc-projects/bind9/-/raw/v9_16_33/CHANGES))<br> - bpftool ([5.19.2](https://lwn.net/Articles/904957/))<br> - curl ([7.85](https://curl.se/mail/archive-2022-08/0012.html))<br> - dbus ([1.14.4](https://gitlab.freedesktop.org/dbus/dbus/-/raw/dbus-1.14.4/NEWS))<br> - git ([2.37.3](https://github.com/git/git/blob/v2.37.3/Documentation/RelNotes/2.37.3.txt))<br> - glibc ([2.34](https://sourceware.org/pipermail/libc-alpha/2021-August/129718.html))<br> - libxml2 ([2.10.3](https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3))<br> - logrotate ([3.20.1](https://github.com/logrotate/logrotate/releases/tag/3.20.1))<br> - nmap ([7.93](https://nmap.org/changelog.html#7.93))<br> - pahole ([1.23](https://git.kernel.org/pub/scm/devel/pahole/pahole.git/tag/?h=v1.23))<br> - strace ([5.19](https://github.com/strace/strace/releases/tag/v5.19))<br> - vim ([9.0.0655](https://github.com/vim/vim/releases/tag/v9.0.0655))<br> - wireguard-tools ([1.0.20210914](https://github.com/WireGuard/wireguard-tools/releases/tag/v1.0.20210914))<br> - zlib ([1.2.13](https://github.com/madler/zlib/releases/tag/v1.2.13))<br> - SDK: catalyst ([3.0.21](https://gitweb.gentoo.org/proj/catalyst.git/log/?h=3.0.21))<br> - SDK: cmake ([3.23.3](https://cmake.org/cmake/help/v3.23/release/3.23.html))<br> - SDK: libxslt ([1.1.37](https://gitlab.gnome.org/GNOME/libxslt/-/tags/v1.1.37))<br> - SDK: meson ([0.62.2](https://mesonbuild.com/Release-notes-for-0-62-0.html))<br> - SDK: ninja ([1.11.0](https://groups.google.com/g/ninja-build/c/R2oCyDctDf8/m/-U94Y5I8AgAJ?pli=1))<br> - SDK: Rust ([1.64.0](https://github.com/rust-lang/rust/releases/tag/1.64.0))<br> <br> _Changes since **Alpha 3402.0.1**_<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2022-2602](https://nvd.nist.gov/vuln/detail/CVE-2022-2602), [CVE-2022-3535](https://nvd.nist.gov/vuln/detail/CVE-2022-3535), [CVE-2022-3542](https://nvd.nist.gov/vuln/detail/CVE-2022-3542), [CVE-2022-3565](https://nvd.nist.gov/vuln/detail/CVE-2022-3565), [CVE-2022-3594](https://nvd.nist.gov/vuln/detail/CVE-2022-3594))<br><br> #### Updates:<br> <br> - Linux ([5.15.77](https://lwn.net/Articles/913681) (includes [5.15.76](https://lwn.net/Articles/912997), [5.15.75](https://lwn.net/Articles/912500)))<br> - OpenSSL ([3.0.7](https://www.openssl.org/news/openssl-3.0-notes.html))<br><br>Packages:<br>- containerd 1.6.8<br>- docker 20.10.20<br>- ignition 2.14.0<br>- kernel 5.15.77<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-11-09T12:52:43+00:00 @@ -1550,7 +1566,7 @@ https://github.com/flatcar/scripts/releases/tag/beta-3374.1.1 3374.1.1 - 2023-10-25T10:20:43.602568+00:00 + 2023-11-22T09:59:33.500161+00:00 _Changes since **Beta 3374.1.0**_<br> <br>#### Security fixes:<br> - OpenSSL ([CVE-2022-3602](https://nvd.nist.gov/vuln/detail/CVE-2022-3602), [CVE-2022-3786](https://nvd.nist.gov/vuln/detail/CVE-2022-3786))<br><br>Packages:<br>- containerd 1.6.8<br>- docker 20.10.18<br>- ignition 2.14.0<br>- kernel 5.15.74<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-11-01T13:15:45+00:00 @@ -1558,7 +1574,7 @@ https://github.com/flatcar/scripts/releases/tag/beta-3374.1.0 3374.1.0 - 2023-10-25T10:20:43.598143+00:00 + 2023-11-22T09:59:33.495731+00:00 New **Beta** Release **3374.1.0**<br><br>_Changes since **Beta 3346.1.0**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-2308](https://nvd.nist.gov/vuln/detail/CVE-2022-2308), [CVE-2022-40768](https://nvd.nist.gov/vuln/detail/CVE-2022-40768), [CVE-2022-41674](https://nvd.nist.gov/vuln/detail/CVE-2022-41674), [CVE-2022-42719](https://nvd.nist.gov/vuln/detail/CVE-2022-42719), [CVE-2022-42720](https://nvd.nist.gov/vuln/detail/CVE-2022-42720), [CVE-2022-42721](https://nvd.nist.gov/vuln/detail/CVE-2022-42721), [CVE-2022-42722](https://nvd.nist.gov/vuln/detail/CVE-2022-42722))<br>- Docker ([CVE-2022-36109](https://nvd.nist.gov/vuln/detail/CVE-2022-36109))<br>- GNU Libtasn1 ([Gentoo#866237](https://bugs.gentoo.org/866237))<br>- intel-microcode ([CVE-2022-21233](https://nvd.nist.gov/vuln/detail/CVE-2022-21233))<br>- libxml2 ([CVE-2016-3709](https://nvd.nist.gov/vuln/detail/CVE-2016-3709), [CVE-2022-2309](https://nvd.nist.gov/vuln/detail/CVE-2022-2309))<br>- polkit ([CVE-2021-4115](https://nvd.nist.gov/vuln/detail/CVE-2021-4115))<br>- rsync ([CVE-2022-29154](https://nvd.nist.gov/vuln/detail/CVE-2022-29154))<br>- unzip ([CVE-2022-0529](https://nvd.nist.gov/vuln/detail/CVE-2022-0529), [CVE-2022-0530](https://nvd.nist.gov/vuln/detail/CVE-2022-0530), [CVE-2021-4217](https://nvd.nist.gov/vuln/detail/CVE-2021-4217))<br>- zlib ([CVE-2022-37434](https://nvd.nist.gov/vuln/detail/CVE-2022-37434))<br><br>#### Changes:<br><br>- OpenStack: enabled `coreos-metadata-sshkeys@.service` to provision SSH keys from metadata. ([Flatcar#817](https://github.com/flatcar/Flatcar/issues/817), [coreos-overlay#2246](https://github.com/flatcar/coreos-overlay/pull/2246))<br><br>#### Updates:<br><br>- Linux ([5.15.74](https://lwn.net/Articles/911275/) (includes [5.15.71](https://lwn.net/Articles/909679), [5.15.72](https://lwn.net/Articles/910398), [5.15.73](https://lwn.net/Articles/910957)))<br>- Linux Firmware ([20220913](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20220913))<br>- ca-certificates ([3.84](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_84.html))<br>- Docker ([20.10.18](https://docs.docker.com/engine/release-notes/#201018))<br>- GNU Libtasn1 ([4.19.0](https://lists.gnu.org/archive/html/help-libtasn1/2022-08/msg00001.html))<br>- intel-microcode ([20220809](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20220809))<br>- libxml2 ([2.10.2](https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.2))<br>- polkit ([121](https://gitlab.freedesktop.org/polkit/polkit/-/commit/827b0ddac5b1ef00a47fca4526fcf057bee5f1db))<br>- rsync ([3.2.6](https://github.com/WayneD/rsync/releases/tag/v3.2.6))<br>- runc ([1.1.4](https://github.com/opencontainers/runc/releases/tag/v1.1.4))<br>- unzip ([6.0_p27](https://metadata.ftp-master.debian.org/changelogs//main/u/unzip/unzip_6.0-27_changelog))<br>- SDK: libxslt ([1.1.35](https://gitlab.gnome.org/GNOME/libxslt/-/tags/v1.1.35))<br><br>_Changes since **Alpha 3374.0.0**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-2308](https://nvd.nist.gov/vuln/detail/CVE-2022-2308), [CVE-2022-40768](https://nvd.nist.gov/vuln/detail/CVE-2022-40768), [CVE-2022-41674](https://nvd.nist.gov/vuln/detail/CVE-2022-41674), [CVE-2022-42719](https://nvd.nist.gov/vuln/detail/CVE-2022-42719), [CVE-2022-42720](https://nvd.nist.gov/vuln/detail/CVE-2022-42720), [CVE-2022-42721](https://nvd.nist.gov/vuln/detail/CVE-2022-42721), [CVE-2022-42722](https://nvd.nist.gov/vuln/detail/CVE-2022-42722))<br><br>#### Changes:<br><br>- OpenStack: enabled `coreos-metadata-sshkeys@.service` to provision SSH keys from metadata. ([Flatcar#817](https://github.com/flatcar/Flatcar/issues/817), [coreos-overlay#2246](https://github.com/flatcar/coreos-overlay/pull/2246))<br><br>#### Updates:<br><br>- Linux ([5.15.74](https://lwn.net/Articles/911275/) (includes [5.15.71](https://lwn.net/Articles/909679), [5.15.72](https://lwn.net/Articles/910398), [5.15.73](https://lwn.net/Articles/910957)))<br>- ca-certificates ([3.84](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_84.html))<br>Packages:<br>- containerd 1.6.8<br>- docker 20.10.18<br>- ignition 2.14.0<br>- kernel 5.15.74<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-10-26T09:26:18+00:00 @@ -1566,7 +1582,7 @@ https://github.com/flatcar/scripts/releases/tag/beta-3346.1.0 3346.1.0 - 2023-10-25T10:20:43.591134+00:00 + 2023-11-22T09:59:33.488802+00:00 _Changes since **Beta 3277.1.2**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-0171](https://nvd.nist.gov/vuln/detail/CVE-2022-0171), [CVE-2022-2663](https://nvd.nist.gov/vuln/detail/CVE-2022-2663), [CVE-2022-2905](https://nvd.nist.gov/vuln/detail/CVE-2022-2905), [CVE-2022-3028](https://nvd.nist.gov/vuln/detail/CVE-2022-3028), [CVE-2022-3061](https://nvd.nist.gov/vuln/detail/CVE-2022-3061), [CVE-2022-3176](https://nvd.nist.gov/vuln/detail/CVE-2022-3176), [CVE-2022-3303](https://nvd.nist.gov/vuln/detail/CVE-2022-3303), [CVE-2022-39190](https://nvd.nist.gov/vuln/detail/CVE-2022-39190), [CVE-2022-39842](https://nvd.nist.gov/vuln/detail/CVE-2022-39842), [CVE-2022-40307](https://nvd.nist.gov/vuln/detail/CVE-2022-40307))<br>- Go ([CVE-2022-27664](https://nvd.nist.gov/vuln/detail/CVE-2022-27664), [CVE-2022-32190](https://nvd.nist.gov/vuln/detail/CVE-2022-32190), ([CVE-2022-32189](https://nvd.nist.gov/vuln/detail/CVE-2022-32189)))<br>- binutils ([CVE-2021-45078](https://nvd.nist.gov/vuln/detail/CVE-2021-45078))<br>- cifs-utils ([CVE-2022-27239](https://nvd.nist.gov/vuln/detail/CVE-2022-27239), [CVE-2022-29869](https://nvd.nist.gov/vuln/detail/CVE-2022-29869))<br>- curl ([CVE-2022-32205](https://nvd.nist.gov/vuln/detail/CVE-2022-32205), [CVE-2022-32206](https://nvd.nist.gov/vuln/detail/CVE-2022-32206), [CVE-2022-32207](https://nvd.nist.gov/vuln/detail/CVE-2022-32207), [CVE-2022-32208](https://nvd.nist.gov/vuln/detail/CVE-2022-32208))<br>- expat ([CVE-2022-40674](https://nvd.nist.gov/vuln/detail/CVE-2022-40674))<br>- git ([CVE-2022-29187](https://nvd.nist.gov/vuln/detail/CVE-2022-29187))<br>- gnupg ([CVE-2022-34903](https://nvd.nist.gov/vuln/detail/CVE-2022-34903))<br>- gnutls ([CVE-2022-2509](https://nvd.nist.gov/vuln/detail/CVE-2022-2509))<br>- libtirpc ([CVE-2021-46828](https://nvd.nist.gov/vuln/detail/CVE-2021-46828))<br>- oniguruma ([oniguruma-20220430](https://bugs.gentoo.org/841893))<br>- open-vm-tools ([CVE-2022-31676](https://nvd.nist.gov/vuln/detail/CVE-2022-31676))<br>- shadow ([CVE-2013-4235](https://nvd.nist.gov/vuln/detail/CVE-2013-4235))<br>- vim ([CVE-2022-0629](https://nvd.nist.gov/vuln/detail/CVE-2022-0629), [CVE-2022-0685](https://nvd.nist.gov/vuln/detail/CVE-2022-0685), [CVE-2022-0714](https://nvd.nist.gov/vuln/detail/CVE-2022-0714), [CVE-2022-0729](https://nvd.nist.gov/vuln/detail/CVE-2022-0729), [CVE-2022-0943](https://nvd.nist.gov/vuln/detail/CVE-2022-0943), [CVE-2022-1154](https://nvd.nist.gov/vuln/detail/CVE-2022-1154), [CVE-2022-1160](https://nvd.nist.gov/vuln/detail/CVE-2022-1160), [CVE-2022-1381](https://nvd.nist.gov/vuln/detail/CVE-2022-1381), [CVE-2022-1420](https://nvd.nist.gov/vuln/detail/CVE-2022-1420), [CVE-2022-1616](https://nvd.nist.gov/vuln/detail/CVE-2022-1616), [CVE-2022-1619](https://nvd.nist.gov/vuln/detail/CVE-2022-1619), [CVE-2022-1620](https://nvd.nist.gov/vuln/detail/CVE-2022-1620), [CVE-2022-1621](https://nvd.nist.gov/vuln/detail/CVE-2022-1621), [CVE-2022-1629](https://nvd.nist.gov/vuln/detail/CVE-2022-1629), [CVE-2022-1674](https://nvd.nist.gov/vuln/detail/CVE-2022-1674), [CVE-2022-1733](https://nvd.nist.gov/vuln/detail/CVE-2022-1733), [CVE-2022-1735](https://nvd.nist.gov/vuln/detail/CVE-2022-1735), [CVE-2022-1769](https://nvd.nist.gov/vuln/detail/CVE-2022-1769), [CVE-2022-1771](https://nvd.nist.gov/vuln/detail/CVE-2022-1771), [CVE-2022-1785](https://nvd.nist.gov/vuln/detail/CVE-2022-1785), [CVE-2022-1796](https://nvd.nist.gov/vuln/detail/CVE-2022-1796), [CVE-2022-1897](https://nvd.nist.gov/vuln/detail/CVE-2022-1897), [CVE-2022-1898](https://nvd.nist.gov/vuln/detail/CVE-2022-1898), [CVE-2022-1886](https://nvd.nist.gov/vuln/detail/CVE-2022-1886), [CVE-2022-1851](https://nvd.nist.gov/vuln/detail/CVE-2022-1851), [CVE-2022-1927](https://nvd.nist.gov/vuln/detail/CVE-2022-1927), [CVE-2022-1942](https://nvd.nist.gov/vuln/detail/CVE-2022-1942), [CVE-2022-1968](https://nvd.nist.gov/vuln/detail/CVE-2022-1968), [CVE-2022-2000](https://nvd.nist.gov/vuln/detail/CVE-2022-2000))<br><br>#### Bug fixes:<br><br>- Added back `gettext` to the OS ([Flatcar#849](https://github.com/flatcar-linux/Flatcar/issues/849))<br>- Added merging of Ignition systemd duplicated units when auto-translating from Ignition 2 to Ignition 3. ([coreos-overlay#2187](https://github.com/flatcar/coreos-overlay/pull/2187))<br>- Equinix Metal: Fixed serial console settings for the `m3.small.x86` instance by expanding the GRUB check for `i386` to `x86_64` ([coreos-overlay#2122](https://github.com/flatcar-linux/coreos-overlay/pull/2122))<br>- Removed outdated LTS channel information printed on login ([init#75](https://github.com/flatcar-linux/init/pull/75))<br><br>#### Changes:<br><br>- Added symlink from `nc` to `ncat`. `-q` option is [not yet supported](https://github.com/nmap/nmap/issues/2422) ([flatcar#545](https://github.com/flatcar-linux/Flatcar/issues/545))<br>- emerge-gitclone: Migrate emerge-gitclone to use scripts repo tags and submodule refs<br><br>#### Updates:<br><br>- Linux ([5.15.70](https://lwn.net/Articles/909212) (includes [5.15.69](https://lwn.net/Articles/908782), [5.15.68](https://lwn.net/Articles/908140), [5.15.67](https://lwn.net/Articles/907526), [5.15.66](https://lwn.net/Articles/907524), [5.15.65](https://lwn.net/Articles/907204), [5.15.64](https://lwn.net/Articles/906630), [5.15.51](https://lwn.net/Articles/899370)))<br>- Linux Firmware ([20220815](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20220815) (includes [20220708](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20220708)))<br>- Go ([1.18.6](https://go.dev/doc/devel/release#go1.18.6))<br>- adcli ([0.9.1](https://gitlab.freedesktop.org/realmd/adcli/-/releases#0.9.1))<br>- automake ([1.16.5](https://savannah.gnu.org/forum/forum.php?forum_id=10055))<br>- binutils ([2.38](https://lwn.net/Articles/884264/))<br>- bison ([3.8.2](https://lists.gnu.org/archive/html/bug-bison/2021-09/msg00056.html))<br>- boost ([1.79](https://www.boost.org/users/history/version_1_79_0.html))<br>- ca-certificates ([3.83](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_83.html))<br>- cifs-utils ([6.15](https://lists.samba.org/archive/samba-technical/2022-April/137335.html))<br>- containerd ([1.6.8](https://github.com/containerd/containerd/releases/tag/v1.6.8) (includes [1.6.7](https://github.com/containerd/containerd/releases/tag/v1.6.7)))<br>- curl ([7.84.0](https://github.com/curl/curl/releases/tag/curl-7_84_0))<br>- Cyrus SASL ([2.1.28](https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28))<br>- expat ([2.4.9](https://github.com/libexpat/libexpat/blob/R_2_4_9/expat/Changes))<br>- gcc ([11.3.0](https://gcc.gnu.org/gcc-11/changes.html))<br>- gdb ([11.2](https://lists.gnu.org/archive/html/info-gnu/2022-01/msg00009.html))<br>- gettext ([0.21](https://www.gnu.org/software/gettext/))<br>- git ([2.37.1](https://github.com/git/git/blob/v2.37.1/Documentation/RelNotes/2.37.1.txt))<br>- glib ([2.72.3](https://gitlab.gnome.org/GNOME/glib/-/tags/2.73.3))<br>- gnupg ([2.2.35](https://dev.gnupg.org/T5928))<br>- gnutls ([3.7.7](https://gitlab.com/gnutls/gnutls/-/tags/3.7.7))<br>- libtool ([2.4.7](https://savannah.gnu.org/forum/forum.php?forum_id=10139))<br>- locksmith([0.7.0](https://github.com/flatcar/locksmith/blob/v0.7.0/CHANGELOG.md#v070--30112021))<br>- oniguruma ([6.9.8](https://github.com/kkos/oniguruma/releases/tag/v6.9.8))<br>- perl ([5.34.1](https://perldoc.perl.org/5.34.1/perldelta))<br>- pkgconf ([1.8.0](https://gitea.treehouse.systems/ariadne/pkgconf/src/tag/pkgconf-1.8.0/NEWS))<br>- shadow ([4.12.3](https://github.com/shadow-maint/shadow/releases/tag/4.12.3))<br>- sudo ([1.9.10](https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_10))<br>- vim ([8.2.5066](https://github.com/vim/vim/releases/tag/v8.2.5066))<br>- SDK: Rust ([1.63.0](https://github.com/rust-lang/rust/releases/tag/1.63.0) (includes [1.62.1](https://github.com/rust-lang/rust/releases/tag/1.62.1), [1.62.0](https://github.com/rust-lang/rust/releases/tag/1.62.0)))<br>- VMware: open-vm-tools ([12.1.0](https://github.com/vmware/open-vm-tools/releases/tag/stable-12.1.0))<br><br>_Changes since **Alpha 3346.0.0**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-0171](https://nvd.nist.gov/vuln/detail/CVE-2022-0171), [CVE-2022-2663](https://nvd.nist.gov/vuln/detail/CVE-2022-2663), [CVE-2022-2905](https://nvd.nist.gov/vuln/detail/CVE-2022-2905), [CVE-2022-3028](https://nvd.nist.gov/vuln/detail/CVE-2022-3028), [CVE-2022-3061](https://nvd.nist.gov/vuln/detail/CVE-2022-3061), [CVE-2022-3176](https://nvd.nist.gov/vuln/detail/CVE-2022-3176), [CVE-2022-3303](https://nvd.nist.gov/vuln/detail/CVE-2022-3303), [CVE-2022-39190](https://nvd.nist.gov/vuln/detail/CVE-2022-39190), [CVE-2022-39842](https://nvd.nist.gov/vuln/detail/CVE-2022-39842), [CVE-2022-40307](https://nvd.nist.gov/vuln/detail/CVE-2022-40307))<br>- Go ([CVE-2022-27664](https://nvd.nist.gov/vuln/detail/CVE-2022-27664), [CVE-2022-32190](https://nvd.nist.gov/vuln/detail/CVE-2022-32190))<br>- expat ([CVE-2022-40674](https://nvd.nist.gov/vuln/detail/CVE-2022-40674))<br><br>#### Bug fixes:<br><br>- Added back `gettext` to the OS ([Flatcar#849](https://github.com/flatcar-linux/Flatcar/issues/849))<br>- Added merging of Ignition systemd duplicated units when auto-translating from Ignition 2 to Ignition 3. ([coreos-overlay#2187](https://github.com/flatcar/coreos-overlay/pull/2187))<br>- Equinix Metal: Fixed serial console settings for the `m3.small.x86` instance by expanding the GRUB check for `i386` to `x86_64` ([coreos-overlay#2122](https://github.com/flatcar-linux/coreos-overlay/pull/2122))<br><br>#### Changes:<br><br>- emerge-gitclone: Migrate emerge-gitclone to use scripts repo tags and submodule refs<br><br>#### Updates:<br><br>- Linux ([5.15.70](https://lwn.net/Articles/909212) (includes [5.15.69](https://lwn.net/Articles/908782), [5.15.68](https://lwn.net/Articles/908140), [5.15.67](https://lwn.net/Articles/907526), [5.15.66](https://lwn.net/Articles/907524), [5.15.65](https://lwn.net/Articles/907204), [5.15.64](https://lwn.net/Articles/906630)))<br>- Go ([1.18.6](https://go.dev/doc/devel/release#go1.18.6))<br>- ca-certificates ([3.83](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_83.html))<br>- gettext ([0.21](https://www.gnu.org/software/gettext/))<br>- locksmith([0.7.0](https://github.com/flatcar/locksmith/blob/v0.7.0/CHANGELOG.md#v070--30112021))<br>- expat ([2.4.9](https://github.com/libexpat/libexpat/blob/R_2_4_9/expat/Changes))<br><br>Packages:<br>- containerd 1.6.8<br>- docker 20.10.17<br>- ignition 2.14.0<br>- kernel 5.15.70<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-10-04T12:19:52+00:00 @@ -1574,7 +1590,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3277.1.2 3277.1.2 - 2023-10-25T10:20:43.580236+00:00 + 2023-11-22T09:59:33.478089+00:00 _Changes since **Beta 3277.1.1**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-1679](https://nvd.nist.gov/vuln/detail/CVE-2022-1679), [CVE-2022-2585](https://nvd.nist.gov/vuln/detail/CVE-2022-2585), [CVE-2022-2586](https://nvd.nist.gov/vuln/detail/CVE-2022-2586), [CVE-2022-2588](https://nvd.nist.gov/vuln/detail/CVE-2022-2588), [CVE-2022-26373](https://nvd.nist.gov/vuln/detail/CVE-2022-26373), [CVE-2022-36946](https://nvd.nist.gov/vuln/detail/CVE-2022-36946))<br><br>#### Bug fixes:<br><br>- AWS: added EKS support for version 1.22 and 1.23. ([coreos-overlay#2110](https://github.com/flatcar/coreos-overlay/pull/2110), [Flatcar#829](https://github.com/flatcar/Flatcar/issues/829))<br>- VMWare: excluded `wireguard` (and others) from `systemd-networkd` management. ([init#80](https://github.com/flatcar/init/pull/80))<br><br>#### Changes:<br><br>- The new image signing subkey was added to the public key embedded into `flatcar-install` (the old expired on 10th August 2022), only an updated `flatcar-install` script can verify releases signed with the new key ([init#79](https://github.com/flatcar/init/pull/79))<br>- AWS: Added AWS IMDSv2 support to coreos-cloudinit ([flatcar-linux/coreos-cloudinit#13](https://github.com/flatcar/coreos-cloudinit/pull/13))<br><br>#### Updates:<br><br>- Linux ([5.15.63](https://lwn.net/Articles/906061) (includes [5.15.62](https://lwn.net/Articles/905533), [5.15.61](https://lwn.net/Articles/904959), [5.15.60](https://lwn.net/Articles/904461), [5.15.59](https://lwn.net/Articles/903688))<br>- ca-certificates ([3.82](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_82.html))<br><br>Packages:<br>- containerd 1.6.6<br>- docker 20.10.17<br>- ignition 2.14.0<br>- kernel 5.15.63<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-09-01T13:01:56+00:00 @@ -1582,7 +1598,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3277.1.1 3277.1.1 - 2023-10-25T10:20:43.574834+00:00 + 2023-11-22T09:59:33.472629+00:00 New Beta Release 3277.1.1<br><br>Changes since Beta 3277.1.0<br><br>## Security fixes:<br><br>- Linux ([CVE-2022-23816](https://nvd.nist.gov/vuln/detail/CVE-2022-23816), [CVE-2022-23825](https://nvd.nist.gov/vuln/detail/CVE-2022-23825), [CVE-2022-29900](https://nvd.nist.gov/vuln/detail/CVE-2022-29900), [CVE-2022-29901](https://nvd.nist.gov/vuln/detail/CVE-2022-29901))<br><br>## Bug fixes:<br><br>- Added support for Openstack for cloud-init activation ([flatcar-linux/init#76](https://github.com/flatcar/init/pull/76))<br>- Excluded Wireguard interface from `systemd-networkd` default management ([Flatcar#808](https://github.com/flatcar/Flatcar/issues/808))<br>- Fixed `/etc/resolv.conf` symlink by pointing it at `resolv.conf` instead of `stub-resolv.conf`. This bug was present since the update to systemd v250 ([coreos-overlay#2057](https://github.com/flatcar/coreos-overlay/pull/2057))<br>- Fixed excluded interface type from default systemd-networkd configuration ([flatcar-linux/init#78](https://github.com/flatcar/init/pull/78))<br>- Fixed space escaping in the `networkd` Ignition translation ([Flatcar#812](https://github.com/flatcar/Flatcar/issues/812))<br><br>## Changes:<br><br><br>## Updates:<br><br>- Linux ([5.15.58](https://lwn.net/Articles/902917) (includes [5.15.57](https://lwn.net/Articles/902317), [5.15.56](https://lwn.net/Articles/902101)))<br>- ca-certificates ([3.81](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_81.html))<br><br>Packages:<br>- containerd 1.6.6<br>- docker 20.10.17<br>- ignition 2.14.0<br>- kernel 5.15.58<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-08-04T12:08:33+00:00 @@ -1590,7 +1606,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3277.1.0 3277.1.0 - 2023-10-25T10:20:43.569534+00:00 + 2023-11-22T09:59:33.467272+00:00 New **Beta** Release **3277.1.0**<br><br>_Changes since **Alpha 3277.0.0**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2021-33655](https://nvd.nist.gov/vuln/detail/CVE-2021-33655), [CVE-2022-2318](https://nvd.nist.gov/vuln/detail/CVE-2022-2318), [CVE-2022-26365](https://nvd.nist.gov/vuln/detail/CVE-2022-26365), [CVE-2022-33740](https://nvd.nist.gov/vuln/detail/CVE-2022-33740), [CVE-2022-33741](https://nvd.nist.gov/vuln/detail/CVE-2022-33741), [CVE-2022-33742](https://nvd.nist.gov/vuln/detail/CVE-2022-33742), [CVE-2022-33743](https://nvd.nist.gov/vuln/detail/CVE-2022-33743), [CVE-2022-33744](https://nvd.nist.gov/vuln/detail/CVE-2022-33744), [CVE-2022-34918](https://nvd.nist.gov/vuln/detail/CVE-2022-34918))<br>- Go ([CVE-2022-1705](https://nvd.nist.gov/vuln/detail/CVE-2022-1705), [CVE-2022-1962](https://nvd.nist.gov/vuln/detail/CVE-2022-1962), [CVE-2022-28131](https://nvd.nist.gov/vuln/detail/CVE-2022-28131), [CVE-2022-30630](https://nvd.nist.gov/vuln/detail/CVE-2022-30630), [CVE-2022-30631](https://nvd.nist.gov/vuln/detail/CVE-2022-30631), [CVE-2022-30632](https://nvd.nist.gov/vuln/detail/CVE-2022-30632), [CVE-2022-30633](https://nvd.nist.gov/vuln/detail/CVE-2022-30633), [CVE-2022-30635](https://nvd.nist.gov/vuln/detail/CVE-2022-30635), [CVE-2022-32148](https://nvd.nist.gov/vuln/detail/CVE-2022-32148))<br><br>#### Bug fixes:<br><br>- The Ignition v3 kargs directive failed before when used with the generic image where no `grub.cfg` exists, this was fixed by creating it first ([bootengine#47](https://github.com/flatcar/bootengine/pull/47))<br><br>#### Updates:<br>- Linux ([5.15.55](https://lwn.net/Articles/901380) (includes [5.15.54](https://lwn.net/Articles/900911), [5.15.53](https://lwn.net/Articles/900321), [5.15.52](https://lwn.net/Articles/899788), [5.15.51](https://lwn.net/Articles/899370), [5.15.50](https://lwn.net/Articles/899091), [5.15.49](https://lwn.net/Articles/898622)))<br>- ca-certificates ([3.80](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_80.html))<br>- Go ([1.18.4](https://go.dev/doc/devel/release#go1.18.4))<br><br><br><br>_Changes since **Beta 3227.1.1**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2021-33655](https://nvd.nist.gov/vuln/detail/CVE-2021-33655), [CVE-2022-2318](https://nvd.nist.gov/vuln/detail/CVE-2022-2318), [CVE-2022-26365](https://nvd.nist.gov/vuln/detail/CVE-2022-26365), [CVE-2022-33740](https://nvd.nist.gov/vuln/detail/CVE-2022-33740), [CVE-2022-33741](https://nvd.nist.gov/vuln/detail/CVE-2022-33741), [CVE-2022-33742](https://nvd.nist.gov/vuln/detail/CVE-2022-33742), [CVE-2022-33743](https://nvd.nist.gov/vuln/detail/CVE-2022-33743), [CVE-2022-33744](https://nvd.nist.gov/vuln/detail/CVE-2022-33744), [CVE-2022-34918](https://nvd.nist.gov/vuln/detail/CVE-2022-34918))<br>- curl ([CVE-2022-22576](https://nvd.nist.gov/vuln/detail/CVE-2022-22576), [CVE-2022-27774](https://nvd.nist.gov/vuln/detail/CVE-2022-27774), [CVE-2022-27775](https://nvd.nist.gov/vuln/detail/CVE-2022-27775), [CVE-2022-27776](https://nvd.nist.gov/vuln/detail/CVE-2022-27776), [CVE-2022-27778](https://nvd.nist.gov/vuln/detail/CVE-2022-27778), [CVE-2022-27779](https://nvd.nist.gov/vuln/detail/CVE-2022-27779), [CVE-2022-27780](https://nvd.nist.gov/vuln/detail/CVE-2022-27780), [CVE-2022-27781](https://nvd.nist.gov/vuln/detail/CVE-2022-27781), [CVE-2022-27782](https://nvd.nist.gov/vuln/detail/CVE-2022-27782), [CVE-2022-30115](https://nvd.nist.gov/vuln/detail/CVE-2022-30115))<br>- docker ([CVE-2022-29526](https://nvd.nist.gov/vuln/detail/CVE-2022-29526))<br>- git ([CVE-2022-24765](https://nvd.nist.gov/vuln/detail/CVE-2022-24765))<br>- go ([CVE-2022-1705](https://nvd.nist.gov/vuln/detail/CVE-2022-1705), [CVE-2022-1962](https://nvd.nist.gov/vuln/detail/CVE-2022-1962), [CVE-2022-28131](https://nvd.nist.gov/vuln/detail/CVE-2022-28131), [CVE-2022-30630](https://nvd.nist.gov/vuln/detail/CVE-2022-30630), [CVE-2022-30631](https://nvd.nist.gov/vuln/detail/CVE-2022-30631), [CVE-2022-30632](https://nvd.nist.gov/vuln/detail/CVE-2022-30632), [CVE-2022-30633](https://nvd.nist.gov/vuln/detail/CVE-2022-30633), [CVE-2022-30635](https://nvd.nist.gov/vuln/detail/CVE-2022-30635), [CVE-2022-32148](https://nvd.nist.gov/vuln/detail/CVE-2022-32148), [CVE-2022-29526](https://nvd.nist.gov/vuln/detail/CVE-2022-29526))<br>- ignition ([CVE-2022-1706](https://nvd.nist.gov/vuln/detail/CVE-2022-1706))<br>- intel-microcode ([CVE-2022-21151](https://nvd.nist.gov/vuln/detail/CVE-2022-21151)) <br>- libxml2 ([CVE-2022-29824](https://nvd.nist.gov/vuln/detail/CVE-2022-29824))<br>- ncurses ([CVE-2022-29458](https://nvd.nist.gov/vuln/detail/CVE-2022-29458))<br>- openssl ([CVE-2022-1292](https://nvd.nist.gov/vuln/detail/CVE-2022-1292), [CVE-2022-1343](https://nvd.nist.gov/vuln/detail/CVE-2022-1343), [CVE-2022-1434](https://nvd.nist.gov/vuln/detail/CVE-2022-1434), [CVE-2022-1473](https://nvd.nist.gov/vuln/detail/CVE-2022-1473))<br>- rsync ([CVE-2018-25032](https://nvd.nist.gov/vuln/detail/CVE-2018-25032))<br>- runc ([CVE-2022-29162](https://nvd.nist.gov/vuln/detail/CVE-2022-29162))<br>- torcx ([CVE-2022-27191](https://nvd.nist.gov/vuln/detail/CVE-2022-27191))<br>- SDK: qemu ([CVE-2021-20203](https://nvd.nist.gov/vuln/detail/CVE-2021-20203), [CVE-2021-3713](https://nvd.nist.gov/vuln/detail/CVE-2021-3713), [CVE-2021-3930](https://nvd.nist.gov/vuln/detail/CVE-2021-3930), [CVE-2021-3947](https://nvd.nist.gov/vuln/detail/CVE-2021-3947), [CVE-2021-4145](https://nvd.nist.gov/vuln/detail/CVE-2021-4145), [CVE-2022-26353](https://nvd.nist.gov/vuln/detail/CVE-2022-26353), [CVE-2022-26354](https://nvd.nist.gov/vuln/detail/CVE-2022-26354))<br><br>#### Bug fixes:<br><br>- The Ignition v3 kargs directive failed before when used with the generic image where no `grub.cfg` exists, this was fixed by creating it first ([bootengine#47](https://github.com/flatcar/bootengine/pull/47))<br><br>#### Changes:<br><br>- Added efibootmgr binary to the image ([coreos-overlay#1955](https://github.com/flatcar/coreos-overlay/pull/1955))<br>- Added VMware networking configuration in the initramfs via guestinfo settings ([bootengine#44](https://github.com/flatcar/bootengine/pull/44), [flatcar#717](https://github.com/flatcar/Flatcar/issues/717))<br>- Enabled `containerd.service` unit, `br_netfilter` and `overlay` modules by default to follow Kubernetes requirements ([coreos-overlay#1944](https://github.com/flatcar/coreos-overlay/pull/1944), [init#72](https://github.com/flatcar/init/pull/72))<br>- flatcar-install: Added option to create UEFI boot entry ([init#74](https://github.com/flatcar/init/pull/74))<br>- VMWare: Added `ignition-delete-config.service` to remove Ignition config from VM metadata, see also [here](https://coreos.github.io/ignition/operator-notes/#automatic-config-deletion) ([coreos-overlay#1948](https://github.com/flatcar/coreos-overlay/pull/1948))<br><br>#### Updates:<br><br>- Linux ([5.15.55](https://lwn.net/Articles/901380) (includes [5.15.54](https://lwn.net/Articles/900911), [5.15.53](https://lwn.net/Articles/900321), [5.15.52](https://lwn.net/Articles/899788), [5.15.51](https://lwn.net/Articles/899370), [5.15.50](https://lwn.net/Articles/899091), [5.15.49](https://lwn.net/Articles/898622)))<br>- Linux Firmware ([20220610](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20220610))<br>- Docker ([20.10.17](https://docs.docker.com/engine/release-notes/#201017))<br>- Go ([1.18.4](https://go.dev/doc/devel/release#go1.18.4))<br>- ca-certificates ([3.80](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_80.html))<br>- curl [7.83.1](https://curl.se/mail/lib-2022-05/0010.html)<br>- dbus ([1.12.22](https://gitlab.freedesktop.org/dbus/dbus/-/blob/177ab044bc87cbc4ded75d21b900795a6fefef76/NEWS))<br>- e2fsprogs ([1.46.5](http://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.46.5))<br>- gdbm ([1.22](https://lists.gnu.org/archive/html/info-gnu/2021-10/msg00006.html))<br>- git ([2.35.3](https://github.com/git/git/blob/v2.35.3/Documentation/RelNotes/2.35.3.txt))<br>- ignition ([2.14.0](https://github.com/coreos/ignition/releases/tag/v2.14.0))<br>- intel-microcode ([20220510](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20220510)) <br>- ldb ([2.4.1](https://gitlab.com/samba-team/samba/-/commit/a795e0c84597aa045d011e663dbad3cdabf0f1e6))<br>- libxml2 ([2.9.14](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.9.14))<br>- ncurses ([6.3_p20220423](https://lists.gnu.org/archive/html/info-gnu/2021-11/msg00001.html))<br>- open-vm-tools ([12.0.5](https://github.com/vmware/open-vm-tools/releases/tag/stable-12.0.5))<br>- openssl ([3.0.3](https://www.openssl.org/news/changelog.html#openssl-30))<br>- python ([3.9.12](https://www.python.org/downloads/release/python-3912/))<br>- rsync ([3.2.4](https://download.samba.org/pub/rsync/NEWS.html#3.2.4))<br>- runc ([1.1.3](https://github.com/opencontainers/runc/releases/tag/v1.1.3))<br>- samba ([4.15.4](https://www.samba.org/samba/history/samba-4.15.4.html))<br>- sqlite ([3.38.1](https://www.sqlite.org/releaselog/3_38_1.html))<br>- talloc ([2.3.3](https://gitlab.com/samba-team/samba/-/commit/bc1ee7ca0640f0136e5af7dcc4ca8ed0a5893053))<br>- tevent ([0.11.0](https://gitlab.com/samba-team/samba/-/commit/de4e8a1af9564f6056f9af90867c2f013449051c))<br>- new: acpid ([2.0.33](https://sourceforge.net/p/acpid2/code/ci/2.0.33/tree/Changelog))<br>- OEM: distro ([1.7.0](https://github.com/python-distro/distro/releases/tag/v1.7.0))<br>- OEM: python ([3.9.12](https://www.python.org/downloads/release/python-3912/))<br>- SDK: qemu ([7.0.0](https://wiki.qemu.org/ChangeLog/7.0))<br>- SDK: Rust ([1.61.0](https://github.com/rust-lang/rust/releases/tag/1.61.0))<br>Packages:<br>- containerd 1.6.6<br>- docker 20.10.17<br>- ignition 2.14.0<br>- kernel 5.15.55<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-07-21T15:29:48+00:00 @@ -1598,7 +1614,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3227.1.1 3227.1.1 - 2023-10-25T10:20:43.559299+00:00 + 2023-11-22T09:59:33.457007+00:00 New **Beta** Release **3227.1.1**<br><br>Changes since **Beta 3227.1.0**<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-1789](https://nvd.nist.gov/vuln/detail/CVE-2022-1789), [CVE-2022-1852](https://nvd.nist.gov/vuln/detail/CVE-2022-1852), [CVE-2022-1972](https://nvd.nist.gov/vuln/detail/CVE-2022-1972), [CVE-2022-1973](https://nvd.nist.gov/vuln/detail/CVE-2022-1973), [CVE-2022-2078](https://nvd.nist.gov/vuln/detail/CVE-2022-2078), [CVE-2022-32250](https://nvd.nist.gov/vuln/detail/CVE-2022-32250), [CVE-2022-32981](https://nvd.nist.gov/vuln/detail/CVE-2022-32981))<br>- containerd ([CVE-2022-31030](https://nvd.nist.gov/vuln/detail/CVE-2022-31030))<br>- libpcre2 ([CVE-2022-1586](https://nvd.nist.gov/vuln/detail/CVE-2022-1586), [CVE-2022-1587](https://nvd.nist.gov/vuln/detail/CVE-2022-1587))<br><br>#### Changes:<br><br>- ARM64: Added [cifs-utils](https://wiki.samba.org/index.php/LinuxCIFS_utils) for ARM64<br>- ARM64: Added [sssd](https://sssd.io/), [adcli](https://www.freedesktop.org/software/realmd/adcli/adcli.html) and realmd for ARM64<br>- SDK / ARM64: Added [go-tspi](https://pkg.go.dev/github.com/coreos/go-tspi) bindings for ARM64<br><br>#### Updates:<br><br>- Linux ([5.15.48](https://lwn.net/Articles/898124) (includes [5.15.47](https://lwn.net/Articles/897904), [5.15.46](https://lwn.net/Articles/897377), [5.15.45](https://lwn.net/Articles/897167), [5.15.44](https://lwn.net/Articles/896647)))<br>- ca-certificates ([3.79](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_79.html))<br>- containerd ([1.6.6](https://github.com/containerd/containerd/releases/tag/v1.6.6))<br>- libpcre2 ([10.40](https://github.com/PCRE2Project/pcre2/blob/pcre2-10.40/NEWS))<br>Packages:<br>- containerd 1.6.6<br>- docker 20.10.14<br>- ignition 2.13.0<br>- kernel 5.15.48<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-06-23T11:46:15+00:00 @@ -1606,7 +1622,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3227.1.0 3227.1.0 - 2023-10-25T10:20:43.553939+00:00 + 2023-11-22T09:59:33.451537+00:00 New **Beta** Release **3227.1.0**<br><br>_Changes since **Beta 3185.1.1**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-1734](https://nvd.nist.gov/vuln/detail/CVE-2022-1734), [CVE-2022-28893](https://nvd.nist.gov/vuln/detail/CVE-2022-28893), [CVE-2022-1012](https://nvd.nist.gov/vuln/detail/CVE-2022-1012), [CVE-2022-1729](https://nvd.nist.gov/vuln/detail/CVE-2022-1729))<br>- Go ([CVE-2022-29526](https://nvd.nist.gov/vuln/detail/CVE-2022-29526))<br>- containerd ([CVE-2022-24769](https://nvd.nist.gov/vuln/detail/CVE-2022-24769))<br>- gnutls ([CVE-2021-4209](https://nvd.nist.gov/vuln/detail/CVE-2021-4209), [GNUTLS-SA-2022-01-17](https://gitlab.com/gnutls/gnutls/-/issues/1277))<br>- gzip,xz-utils ([CVE-2022-1271](https://nvd.nist.gov/vuln/detail/CVE-2022-1271))<br>- libarchive ([CVE-2022-26280](https://nvd.nist.gov/vuln/detail/CVE-2022-26280))<br>- nvidia-drivers ([CVE-2022-28181](https://nvd.nist.gov/vuln/detail/CVE-2022-28181), [CVE-2022-28183](https://nvd.nist.gov/vuln/detail/CVE-2022-28183), [CVE-2022-28184](https://nvd.nist.gov/vuln/detail/CVE-2022-28184), [CVE-2022-28185](https://nvd.nist.gov/vuln/detail/CVE-2022-28185))<br>- util-linux ([CVE-2021-3995](https://nvd.nist.gov/vuln/detail/CVE-2021-3995), [CVE-2021-3996](https://nvd.nist.gov/vuln/detail/CVE-2021-3996), [CVE-2022-0563](https://nvd.nist.gov/vuln/detail/CVE-2022-0563))<br>- zlib ([CVE-2018-25032](https://nvd.nist.gov/vuln/detail/CVE-2018-25032))<br><br>#### Bug fixes:<br><br>- Ensured `/etc/flatcar/update.conf` exists because it happens to be used as flag file for Ansible ([init#71](https://github.com/flatcar/init/pull/71))<br>- Fixed Ignition's OEM ID to be `metal` to follow the Ignition upstream change which otherwise resulted in a broken boot when the Flatcar OEM ID `pxe` was used ([bootengine#45](https://github.com/flatcar/bootengine/pull/45))<br>- Added `networkd` translation to `files` section when converting from Ignition 2.x to Ignition 3.x ([coreos-overlay#1910](https://github.com/flatcar/coreos-overlay/pull/1910), [flatcar#741](https://github.com/flatcar/Flatcar/issues/741))<br>- GCP: Fixed shutdown script execution ([coreos-overlay#1912](https://github.com/flatcar/coreos-overlay/pull/1912), [flatcar#743](https://github.com/flatcar/Flatcar/issues/743))<br><br>#### Changes:<br><br>- Enabled `CONFIG_INTEL_RAPL` on AMD64 Kernel config to compile `intel_rapl_common` module in order to allow power monitoring on modern Intel processors ([flatcar#coreos-overlay#1801](https://github.com/flatcar/coreos-overlay/pull/1801))<br><br>#### Updates:<br><br>- Linux ([5.15.43](https://lwn.net/Articles/896231/) (includes [5.15.42](https://lwn.net/Articles/896226), [5.15.41](https://lwn.net/Articles/895645), [5.15.40](https://lwn.net/Articles/895318), [5.15.39](https://lwn.net/Articles/895070), [5.15.38](https://lwn.net/Articles/894357)))<br>- Linux Firmware ([20220411](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20220411))<br>- Go ([1.17.10](https://go.googlesource.com/go/+/refs/tags/go1.17.10))<br>- afterburn ([5.2.0](https://github.com/coreos/afterburn/releases/tag/v5.2.0))<br>- bind-tools ([9.16.27](https://gitlab.isc.org/isc-projects/bind9/-/blob/v9_16_27/CHANGES))<br>- conntrack-tools ([1.4.6](https://lists.netfilter.org/pipermail/netfilter-announce/2020/000240.html))<br>- containerd ([1.6.3](https://github.com/containerd/containerd/releases/tag/v1.6.3) (includes [1.6.2](https://github.com/containerd/containerd/releases/tag/v1.6.2)))<br>- Docker ([20.10.14](https://docs.docker.com/engine/release-notes/#201014))<br>- e2fsprogs ([1.46.4](http://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.46.4))<br>- elfutils ([0.186](https://sourceware.org/git/?p=elfutils.git;a=blob;f=NEWS;h=490932ae4ef9b5a3af01d2c8c616f14d57586046;hb=983e86fd89e8bf02f2d27ba5dce5bf078af4ceda))<br>- gnutls ([3.7.3](https://gitlab.com/gnutls/gnutls/-/merge_requests/1517))<br>- gzip ([1.12](https://savannah.gnu.org/forum/forum.php?forum_id=10157) (includes [1.11](https://lists.gnu.org/archive/html/info-gnu/2021-09/msg00002.html)))<br>- jansson ([2.14](https://github.com/akheron/jansson/blob/v2.14/CHANGES))<br>- libarchive [3.6.1](https://github.com/libarchive/libarchive/releases/tag/v3.6.1)<br>- libbsd ([0.11.3](https://gitlab.freedesktop.org/libbsd/libbsd/-/commits/0.11.3/))<br>- libnetfilter_queue ([1.0.5](https://git.netfilter.org/libnetfilter_queue/log/?h=libnetfilter_queue-1.0.5))<br>- libpcap ([1.10.1](https://git.tcpdump.org/libpcap/blob/c7642e2cc0c5bd65754685b160d25dc23c76c6bd:/CHANGES))<br>- libtasn1 ([4.17.0](https://gitlab.com/gnutls/libtasn1/-/blob/v4.17.0/NEWS))<br>- liburing ([2.1](https://github.com/axboe/liburing/commits/liburing-2.1))<br>- mdadm ([4.2](https://lore.kernel.org/all/28fdbc45-96ca-7cdb-3ced-a5f65d978048@trained-monkey.org/T/))<br>- multipath-tools ([0.8.7](https://github.com/opensvc/multipath-tools/commits/0.8.7))<br>- nghttp2 ([1.45.1](https://github.com/nghttp2/nghttp2/releases/tag/v1.45.1))<br>- nvidia-drivers ([510.73.05](https://docs.nvidia.com/datacenter/tesla/tesla-release-notes-510-73-05/index.html))<br>- oniguruma ([6.9.7.1](https://github.com/kkos/oniguruma/releases/tag/v6.9.7.1))<br>- open-isns ([0.101](https://github.com/open-iscsi/open-isns/blob/v0.101/ChangeLog))<br>- pcre2 ([10.39](https://github.com/PhilipHazel/pcre2/blob/pcre2-10.39/NEWS))<br>- runc ([1.1.1](https://github.com/opencontainers/runc/releases/tag/v1.1.1))<br>- tcpdump ([4.99.1](https://git.tcpdump.org/tcpdump/blob/5f552b5e6e9fe05f7ad9681d51d0303233daba6a:/CHANGES))<br>- unzip ([6.0_p26](https://metadata.ftp-master.debian.org/changelogs//main/u/unzip/unzip_6.0-26_changelog))<br>- util-linux ([2.37.4](https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.4-ChangeLog))<br>- zlib ([1.2.12](https://github.com/madler/zlib/blob/21767c654d31d2dccdde4330529775c6c5fd5389/ChangeLog#L4)) <br>- SDK: Rust ([1.60.0](https://github.com/rust-lang/rust/releases/tag/1.60.0))<br><br><br>_Changes since **Alpha 3227.0.0**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-1734](https://nvd.nist.gov/vuln/detail/CVE-2022-1734), [CVE-2022-28893](https://nvd.nist.gov/vuln/detail/CVE-2022-28893), [CVE-2022-1012](https://nvd.nist.gov/vuln/detail/CVE-2022-1012), [CVE-2022-1729](https://nvd.nist.gov/vuln/detail/CVE-2022-1729))<br>- Go ([CVE-2022-29526](https://nvd.nist.gov/vuln/detail/CVE-2022-29526))<br>- nvidia-drivers ([CVE-2022-28181](https://nvd.nist.gov/vuln/detail/CVE-2022-28181), [CVE-2022-28183](https://nvd.nist.gov/vuln/detail/CVE-2022-28183), [CVE-2022-28184](https://nvd.nist.gov/vuln/detail/CVE-2022-28184), [CVE-2022-28185](https://nvd.nist.gov/vuln/detail/CVE-2022-28185))<br><br>#### Bug fixes:<br><br>- Ensured `/etc/flatcar/update.conf` exists because it happens to be used as flag file for Ansible ([init#71](https://github.com/flatcar/init/pull/71))<br>- Fixed Ignition's OEM ID to be `metal` to follow the Ignition upstream change which otherwise resulted in a broken boot when the Flatcar OEM ID `pxe` was used ([bootengine#45](https://github.com/flatcar/bootengine/pull/45))<br>- Added `networkd` translation to `files` section when converting from Ignition 2.x to Ignition 3.x ([coreos-overlay#1910](https://github.com/flatcar/coreos-overlay/pull/1910), [flatcar#741](https://github.com/flatcar/Flatcar/issues/741))<br>- GCP: Fixed shutdown script execution ([coreos-overlay#1912](https://github.com/flatcar/coreos-overlay/pull/1912), [flatcar#743](https://github.com/flatcar/Flatcar/issues/743))<br><br><br>#### Updates:<br><br>- Linux ([5.15.43](https://lwn.net/Articles/896231/) (includes [5.15.42](https://lwn.net/Articles/896226), [5.15.41](https://lwn.net/Articles/895645), [5.15.40](https://lwn.net/Articles/895318), [5.15.39](https://lwn.net/Articles/895070), [5.15.38](https://lwn.net/Articles/894357)))<br>- Go ([1.17.10](https://go.googlesource.com/go/+/refs/tags/go1.17.10))<br>- nvidia-drivers ([510.73.05](https://docs.nvidia.com/datacenter/tesla/tesla-release-notes-510-73-05/index.html))<br><br>Packages:<br>- docker 20.10.14<br>- ignition 2.13.0<br>- kernel 5.15.43<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-06-02T15:06:28+00:00 @@ -1614,7 +1630,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3185.1.1 3185.1.1 - 2023-10-25T10:20:43.544551+00:00 + 2023-11-22T09:59:33.441934+00:00 New **Beta** Release **3185.1.1**<br><br>_Changes since **Beta 3185.1.0**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-28390](https://nvd.nist.gov/vuln/detail/CVE-2022-28390), [CVE-2022-0168](https://nvd.nist.gov/vuln/detail/CVE-2022-0168), [CVE-2022-1158](https://nvd.nist.gov/vuln/detail/CVE-2022-1158), [CVE-2022-1353](https://nvd.nist.gov/vuln/detail/CVE-2022-1353), [CVE-2022-1198](https://nvd.nist.gov/vuln/detail/CVE-2022-1198), [CVE-2022-28389](https://nvd.nist.gov/vuln/detail/CVE-2022-28389), [CVE-2022-28388](https://nvd.nist.gov/vuln/detail/CVE-2022-28388), [CVE-2022-1516](https://nvd.nist.gov/vuln/detail/CVE-2022-1516), [CVE-2022-1263](https://nvd.nist.gov/vuln/detail/CVE-2022-1263), [CVE-2022-29582](https://nvd.nist.gov/vuln/detail/CVE-2022-29582), [CVE-2022-1204](https://nvd.nist.gov/vuln/detail/CVE-2022-1204), [CVE-2022-1205](https://nvd.nist.gov/vuln/detail/CVE-2022-1205), [CVE-2022-0500](https://nvd.nist.gov/vuln/detail/CVE-2022-0500), [CVE-2022-23222](https://nvd.nist.gov/vuln/detail/CVE-2022-23222))<br>- Go ([CVE-2022-24675](https://nvd.nist.gov/vuln/detail/CVE-2022-24675))<br><br>#### Bug fixes:<br><br>- GCE: Restored oem-gce.service functionality on GCP ([coreos-overlay#1813](https://github.com/flatcar/coreos-overlay/pull/1813))<br>- Skipped starting `ensure-sysext.service` if `systemd-sysext.service` won't be started, to prevent reporting a dependency failure ([Flatcar#710](https://github.com/flatcar/Flatcar/issues/710))<br>- Added a remount action as `systemd-sysext.service` drop-in unit to restore the OEM partition mount after the overlay mounts in `/usr` are done ([init#69](https://github.com/flatcar/init/pull/69))<br>- Added pahole to developer container, without it kernel modules built against /usr/src/linux may fail to probe with an 'invalid relocation target' error ([coreos-overlay#1839](https://github.com/flatcar/coreos-overlay/pull/1839))<br><br>#### Changes:<br><br>- GCE: Enabled GVE kernel driver, which adds support for Google Virtual NIC on GCP ([coreos-overlay#1802](https://github.com/flatcar/coreos-overlay/pull/1802))<br>- Azure: Set up `/etc/hostname` from instance metadata with Afterburn<br>- AWS EC2: Removed the setup of `/etc/hostname` from the instance metadata because it used a long FQDN but we can just use use the hostname set via DHCP ([Flatcar#707](https://github.com/flatcar/Flatcar/issues/707))<br>- SDK: Dropped the mantle binaries (kola, ore, etc.) from the SDK, they are now provided by the `ghcr.io/flatcar/mantle` image ([coreos-overlay#1827](https://github.com/flatcar/coreos-overlay/pull/1827), [scripts#275](https://github.com/flatcar/scripts/pull/275))<br><br>#### Updates:<br><br>- Linux ([5.15.37](https://lwn.net/Articles/893264) (includes [5.15.36](https://lwn.net/Articles/892812), [5.15.35](https://lwn.net/Articles/892002), [5.15.34](https://lwn.net/Articles/891251), [5.15.33](https://lwn.net/Articles/890722)))<br>- Go ([1.17.9](https://go.googlesource.com/go/+/refs/tags/go1.17.9))<br>- ca-certificates ([3.78](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_78.html))<br>- GCE: google compute-image-packages ([20190124](https://github.com/GoogleCloudPlatform/compute-image-packages/releases/tag/20190124))<br>Packages:<br>- docker 20.10.13<br>- ignition 2.13.0<br>- kernel 5.15.37<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-05-09T14:42:03+00:00 @@ -1622,7 +1638,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3185.1.0 3185.1.0 - 2023-10-25T10:20:43.538117+00:00 + 2023-11-22T09:59:33.435358+00:00 New **Beta** Release **3185.1.0**<br><br>_Changes since **Beta 3139.1.1**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-1015](https://nvd.nist.gov/vuln/detail/CVE-2022-1015), [CVE-2022-1016](https://nvd.nist.gov/vuln/detail/CVE-2022-1016))<br>- cifs-utils ([CVE-2021-20208](https://nvd.nist.gov/vuln/detail/CVE-2021-20208))<br>- containerd ([CVE-2022-23648](https://nvd.nist.gov/vuln/detail/CVE-2022-23648))<br>- cryptsetup ([CVE-2021-4122](https://nvd.nist.gov/vuln/detail/CVE-2021-4122))<br>- duktape ([CVE-2021-46322](https://nvd.nist.gov/vuln/detail/CVE-2021-46322))<br>- intel-microcode ([CVE-2021-0127](https://nvd.nist.gov/vuln/detail/CVE-2021-0127), [CVE-2021-0146](https://nvd.nist.gov/vuln/detail/CVE-2021-0146))<br>- libarchive ([CVE-2021-31566](https://nvd.nist.gov/vuln/detail/CVE-2021-31566), [CVE-2021-36976](https://nvd.nist.gov/vuln/detail/CVE-2021-36976))<br>- libxml2 ([CVE-2022-23308](https://nvd.nist.gov/vuln/detail/CVE-2022-23308))<br>- nvidia-drivers ([CVE-2022-21814](https://nvd.nist.gov/vuln/detail/CVE-2022-21814), [CVE-2022-21813](https://nvd.nist.gov/vuln/detail/CVE-2022-21813))<br>- shadow ([CVE-2013-4235](https://nvd.nist.gov/vuln/detail/CVE-2013-4235))<br>- systemd ([CVE-2021-3997](https://nvd.nist.gov/vuln/detail/CVE-2021-3997))<br>- vim ([CVE-2021-3984](https://nvd.nist.gov/vuln/detail/CVE-2021-3984), [CVE-2021-4019](https://nvd.nist.gov/vuln/detail/CVE-2021-4019), [CVE-2021-4069](https://nvd.nist.gov/vuln/detail/CVE-2021-4069), [CVE-2021-4136](https://nvd.nist.gov/vuln/detail/CVE-2021-4136), [CVE-2021-4173](https://nvd.nist.gov/vuln/detail/CVE-2021-4173),[ CVE-2021-4166](https://nvd.nist.gov/vuln/detail/CVE-2021-4166), [CVE-2021-4187](https://nvd.nist.gov/vuln/detail/CVE-2021-4187), [CVE-2021-4192](https://nvd.nist.gov/vuln/detail/CVE-2021-4192), [CVE-2021-4193](https://nvd.nist.gov/vuln/detail/CVE-2021-4193), [CVE-2022-0128](https://nvd.nist.gov/vuln/detail/CVE-2022-0128), [CVE-2022-0156](https://nvd.nist.gov/vuln/detail/CVE-2022-0156), [CVE-2022-0158](https://nvd.nist.gov/vuln/detail/CVE-2022-0158), [CVE-2022-0213](https://nvd.nist.gov/vuln/detail/CVE-2022-0213), [CVE-2022-0261](https://nvd.nist.gov/vuln/detail/CVE-2022-0261), [CVE-2022-0318](https://nvd.nist.gov/vuln/detail/CVE-2022-0318), [CVE-2022-0319](https://nvd.nist.gov/vuln/detail/CVE-2022-0319), [CVE-2022-0351](https://nvd.nist.gov/vuln/detail/CVE-2022-0351), [CVE-2022-0359](https://nvd.nist.gov/vuln/detail/CVE-2022-0359), [CVE-2022-0361](https://nvd.nist.gov/vuln/detail/CVE-2022-0361), [CVE-2022-0368](https://nvd.nist.gov/vuln/detail/CVE-2022-0368), [CVE-2022-0392](https://nvd.nist.gov/vuln/detail/CVE-2022-0392), [CVE-2022-0393](https://nvd.nist.gov/vuln/detail/CVE-2022-0393), [CVE-2022-0407](https://nvd.nist.gov/vuln/detail/CVE-2022-0407), [CVE-2022-0408](https://nvd.nist.gov/vuln/detail/CVE-2022-0408), [CVE-2022-0413](https://nvd.nist.gov/vuln/detail/CVE-2022-0413), [CVE-2022-0417](https://nvd.nist.gov/vuln/detail/CVE-2022-0417), [CVE-2022-0443](https://nvd.nist.gov/vuln/detail/CVE-2022-0443))<br>- SDK: squashfs-tools ([CVE-2021-40153](https://nvd.nist.gov/vuln/detail/CVE-2021-40153), [CVE-2021-41072](https://nvd.nist.gov/vuln/detail/CVE-2021-41072))<br><br>#### Bug fixes:<br><br>- AWS: specify correct console (ttyS0) on kernel command line for ARM64 instances ([coreos-overlay#1628](https://github.com/flatcar/coreos-overlay/pull/1628))<br>- Made Ignition write the SSH keys into a file under `authorized_keys.d/ignition` again and added a call to `update-ssh-keys` after Ignition ran to create the merged `authorized_keys` file, which fixes the problem that keys added by Ignition get lost when `update-ssh-keys` runs ([init#66](https://github.com/flatcar/init/pull/66))<br><br>#### Changes:<br><br>- Added `auditd.service` but left it disabled by default, a custom configuration can be created by removing `/etc/audit/auditd.conf` and replacing it with an own file ([coreos-overlay#1636](https://github.com/flatcar/coreos-overlay/pull/1636))<br>- The systemd-networkd `ManageForeignRoutes` and `ManageForeignRoutingPolicyRules` settings are now disabled through a drop-in file and thus can only be enabled again by a drop-in file under `/etc/systemd/networkd.conf.d/` because drop-in files take precedence over `/etc/systemd/networkd.conf` ([init#61](https://github.com/flatcar/init/pull/61))<br>- Bring in dependencies for NFS4 with Kerberos both in kernel and userspace. Tested against NFS4.1 server. ([coreos-overlay#1664](https://github.com/flatcar/coreos-overlay/pull/1664))<br>- Merge the Flatcar Pro features into the regular Flatcar images ([coreos-overlay#1679](https://github.com/flatcar/coreos-overlay/pull/1679))<br>- Besides Ignition v1 and v2 configurations, Ignition configurations with specification v3 (up to 3.3.0) are now supported, see the [docs section for details](https://www.flatcar.org/docs/latest/provisioning/ignition/specification/#ignition-v3)<br>- Made SELinux enabled by default in default containerd configuration file. ([coreos-overlay#1699](https://github.com/flatcar/coreos-overlay/pull/1699))<br>- Removed rngd.service because it is not essential anymore for the kernel to boot fast in VM environments ([coreos-overlay#1700](https://github.com/flatcar/coreos-overlay/pull/1700))<br>- Enabled `systemd-sysext.service` to activate systemd-sysext images on boot, to disable you will need to mask it. Also added a helper service `ensure-sysext.service` which reloads the systemd units to reevaluate the `sockets`, `timers`, and `multi-user` targets when `systemd-sysext.service` is (re)started, making it possible to enable units that are part of a sysext image ([coreos-overlay#65](https://github.com/flatcar/init/pull/65))<br>- For amd64 `/usr/lib` used to be a symlink to `/usr/lib64` but now they became two separate folders as common in other distributions (and was the case for arm64 already). Compatibility symlinks exist in case `/usr/lib64` was used to access, e.g., the `modules` folder or the `systemd` folder ([coreos-overlay#1713](https://github.com/flatcar/coreos-overlay/pull/1713), [scripts#255](https://github.com/flatcar/scripts/pull/255))<br>- Enabled FIPS mode for cryptsetup ([coreos-overlay#1747](https://github.com/flatcar/coreos-overlay/pull/1747))<br>- Added `cryptsetup` to the initramfs for the Ignition `luks` directive ([flatcar-linux/coreos-overlay#1760](https://github.com/flatcar/coreos-overlay/pull/1760))<br>- Enabled FIPS mode for cryptsetup ([portage-stable#312](https://github.com/flatcar/portage-stable/pull/312))<br>- Defined a systemd-sysext level that sysext images can match for instead of the OS version when they don't have a strong coupling, meaning the only metadata required is `SYSEXT_LEVEL=1.0` and `ID=flatcar` ([Flatcar#643](https://github.com/flatcar/Flatcar/issues/643))<br>- Azure: Azure VHD disks are now created using subformat=fixed, which makes them suitable for immediate upload to Azure using any tool.<br>- DigitalOcean: In addition to the `bz2` image, a `gz` compressed image is published. This helps against hitting the compression timeout that sometimes lets the image import fail.<br>- OpenStack: In addition to the `bz2` image, a `gz` compressed image is published. This allows Glance to directly consume the images by simply passing in the URL of the image.<br>- SDK: The image compression format is now configurable. Supported formats are: `bz2`, `gz`, `zip`, `none`, `zst`. Selecting the image format can now be done by passing the `--image_compression_formats` option. This flag gets a comma separated list of formats.<br><br>#### Updates:<br><br>- Linux ([5.15.32](https://lwn.net/Articles/889438)) (from 5.15.30)<br>- Linux Firmware ([20220310](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20220310))<br>- Docker ([20.10.13](https://docs.docker.com/engine/release-notes/#201013))<br>- bpftool ([5.15.8](https://lwn.net/Articles/878631/))<br>- bridge-utils ([1.7.1](https://git.kernel.org/pub/scm/network/bridge/bridge-utils.git/log/?h=v1.7.1))<br>- ca-certificates ([3.77](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_77.html))<br>- cifs-utils ([6.13](https://lkml.kernel.org/linux-cifs/CAKywueSqRGSFmeDHQacyu831BNUeGFxGg3vgBmozzhkGBCjyXQ@mail.gmail.com/T/))<br>- containerd ([1.6.1](https://github.com/containerd/containerd/releases/tag/v1.6.1))<br>- cryptsetup ([2.4.3](https://lore.kernel.org/all/572c18a7bf60cb1b0f67c3a03c531d7e7ed31832.camel@scientia.net/T/))<br>- dosfstools ([4.2](https://github.com/dosfstools/dosfstools/releases/tag/v4.2))<br>- duktape ([2.7.0](https://github.com/svaarala/duktape/releases/tag/v2.7.0))<br>- gcc ([10.3.0](https://gcc.gnu.org/gcc-10/changes.html))<br>- grep ([3.7](https://savannah.gnu.org/forum/forum.php?forum_id=10037))<br>- ignition ([2.13.0](https://github.com/coreos/ignition/releases/tag/v2.13.0))<br>- intel-microcode ([20220207_p20220207](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20220207))<br>- iperf ([3.10.1](https://github.com/esnet/iperf/blob/master/RELNOTES.md#iperf-3101-2021-06-03))<br>- kexec-tools ([2.0.22](https://www.spinics.net/lists/kexec/msg26864.html))<br>- less ([590](https://www.greenwoodsoftware.com/less/news.590.html))<br>- libarchive ([3.5.3](https://github.com/libarchive/libarchive/releases/tag/v3.5.3))<br>- libmspack ([0.10.1_alpha](https://github.com/kyz/libmspack/blob/v0.10.1alpha/libmspack/ChangeLog))<br>- libxml2 ([2.9.13](http://www.xmlsoft.org/news.html))<br>- lsscsi ([0.32](https://sg.danny.cz/scsi/lsscsi.ChangeLog))<br>- nfs-utils ([2.5.4](https://lore.kernel.org/linux-fsdevel/c8795653-7728-18a4-93dc-58943ad0fe09@redhat.com/))<br>- nvidia-drivers ([510.47.03](https://docs.nvidia.com/datacenter/tesla/tesla-release-notes-510-47-03/index.html))<br>- nvme-cli ([1.16](https://github.com/linux-nvme/nvme-cli/commits/deee9cae1ac94760deebd71f8e5449061338666c))<br>- pam ([1.5.1_p20210622](https://github.com/linux-pam/linux-pam/commit/fe1307512fb8892b5ceb3d884c793af8dbd4c16a))<br>- pambase (20220214)<br>- pinentry ([1.2.0](https://dev.gnupg.org/T5566))<br>- quota ([4.06](https://sourceforge.net/p/linuxquota/code/ci/0acd4cc6275122fd9864cb7b5d349e65a2622920/))<br>- rpcbind ([1.2.6](https://git.linux-nfs.org/?p=steved/rpcbind.git;a=shortlog;h=refs/tags/rpcbind-1_2_6))<br>- shadow ([4.11.1](https://github.com/shadow-maint/shadow/releases/tag/v4.11.1))<br>- socat ([1.7.4.3](https://repo.or.cz/socat.git/blob/refs/tags/tag-1.7.4.3:/CHANGES))<br>- systemd ([250.3](https://github.com/systemd/systemd-stable/releases/tag/v250.3))<br>- thin-provisioning-tools ([0.9.0](https://github.com/jthornber/thin-provisioning-tools/blob/d6d93c3157631b242a13a81d30f75453e576c55a/CHANGES#L1-L9))<br>- timezone-data ([2021a](https://mm.icann.org/pipermail/tz-announce/2021-January/000065.html))<br>- vim ([8.2.4328](https://github.com/vim/vim/releases/tag/v8.2.4328))<br>- whois ([5.5.11](https://github.com/rfc1036/whois/commit/5f5ba8312c04a759dad05723c035549273d07461))<br>- xfsprogs ([5.14.2](https://marc.info/?l=linux-xfs&m=163883318025390&w=2))<br>- Azure: WALinuxAgent ([2.6.0.2](https://github.com/Azure/WALinuxAgent/releases/tag/v2.6.0.2))<br>- VMWare: open-vm-tools ([12.0.0](https://github.com/vmware/open-vm-tools/releases/tag/stable-12.0.0))<br>- SDK: gcc-config ([2.5](https://gitweb.gentoo.org/proj/gcc-config.git/tag/?h=v2.5))<br>- SDK: iasl ([20200717](https://www.acpica.org/node/183))<br>- SDK: man-db ([2.9.4](https://gitlab.com/cjwatson/man-db/-/tags/2.9.4))<br>- SDK: man-pages ([5.12-r2](https://man7.org/linux/man-pages/changelog.html#release_5.12))<br>- SDK: netperf ([2.7.0](https://github.com/HewlettPackard/netperf/blob/netperf-2.7.0/Release_Notes))<br>- SDK: Rust ([1.59.0](https://github.com/rust-lang/rust/releases/tag/1.59.0))<br>- SDK: squashfs-tools ([4.5_p20210914](https://lore.kernel.org/lkml/CAB3woddJss+ziGp-RjJ-yiax6pc_HLMdxk3Qk5nJdRgjpEYWBg@mail.gmail.com/))<br><br>_Changes since **Alpha 3185.0.0**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-1015](https://nvd.nist.gov/vuln/detail/CVE-2022-1015), [CVE-2022-1016](https://nvd.nist.gov/vuln/detail/CVE-2022-1016))<br><br>#### Bug fixes:<br><br>- Made Ignition write the SSH keys into a file under `authorized_keys.d/ignition` again and added a call to `update-ssh-keys` after Ignition ran to create the merged `authorized_keys` file, which fixes the problem that keys added by Ignition get lost when `update-ssh-keys` runs ([init#66](https://github.com/flatcar/init/pull/66))<br><br>#### Changes:<br><br>- Enabled FIPS mode for cryptsetup ([flatcar-linux/coreos-overlay#1747](https://github.com/flatcar/coreos-overlay/pull/1747))<br>- Added `cryptsetup` to the initramfs for the Ignition `luks` directive ([flatcar-linux/coreos-overlay#1760](https://github.com/flatcar/coreos-overlay/pull/1760))<br>- Enabled FIPS mode for cryptsetup ([portage-stable#312](https://github.com/flatcar/portage-stable/pull/312))<br><br>#### Updates:<br><br>- Linux ([5.15.32](https://lwn.net/Articles/889438)) (from 5.15.30)<br>- ca-certificates ([3.77](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_77.html))<br><br>Packages:<br>- docker 20.10.13<br>- ignition 2.13.0<br>- kernel 5.15.32<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-04-07T12:04:52+00:00 @@ -1630,7 +1646,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3139.1.1 3139.1.1 - 2023-10-25T10:20:43.524914+00:00 + 2023-11-22T09:59:33.421930+00:00 New **Beta** Release **3139.1.1**<br><br>**Changes since Beta-3139.1.0**<br><br>#### Security fixes<br>- Linux ([CVE-2022-25636](https://nvd.nist.gov/vuln/detail/CVE-2022-25636))<br>- Go ([CVE-2022-24921](https://nvd.nist.gov/vuln/detail/CVE-2022-24921))<br>- systemd ([CVE-2021-3997](https://nvd.nist.gov/vuln/detail/CVE-2021-3997))<br>- containerd ([CVE-2022-23648](https://nvd.nist.gov/vuln/detail/CVE-2022-23648))<br>- openssl ([CVE-2022-0778](https://nvd.nist.gov/vuln/detail/CVE-2022-0778))<br><br>#### Bug fixes<br>- Reverted the Linux kernel commit which broke networking on AWS instances which use Intel 82559 NIC (c4/m4) ([Flatcar#665](https://github.com/flatcar/Flatcar/issues/665), [coreos-overlay#1723](https://github.com/flatcar/coreos-overlay/pull/1723))<br>- Re-added the `brd drbd nbd rbd xen-blkfront zram libarc4 lru_cache zsmalloc` kernel modules to the initramfs since they were missing compared to the Flatcar 3033.2.x releases where the 5.10 kernel is used ([bootengine#40](https://github.com/flatcar/bootengine/pull/40))<br><br>#### Changes<br>- (none)<br><br>#### Updates<br>- Linux ([5.15.30](https://lwn.net/Articles/888521) (from 5.15.25, includes [5.15.26](https://lwn.net/Articles/886569), [5.15.27](https://lwn.net/Articles/887219), [5.15.28](https://lwn.net/Articles/887638), [5.15.29](https://lwn.net/Articles/888116)))<br>- Go ([1.17.8](https://go.googlesource.com/go/+/refs/tags/go1.17.8))<br>- systemd ([249.10](https://github.com/systemd/systemd-stable/releases/tag/v249.10))<br>- ca-certificates ([3.76](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_76.html))<br>- containerd ([1.5.10](https://github.com/containerd/containerd/releases/tag/v1.5.10))<br>- openssl ([3.0.2](https://www.openssl.org/news/changelog.html#openssl-30))<br><br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.15.30<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-03-23T13:34:49+00:00 @@ -1638,7 +1654,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3139.1.0 3139.1.0 - 2023-10-25T10:20:43.519478+00:00 + 2023-11-22T09:59:33.416353+00:00 New **Beta** Release **3139.1.0**<br><br>_Changes since **Alpha 3139.0.0**_<br><br>#### Security fixes<br>- Linux ([CVE-2022-0492](https://nvd.nist.gov/vuln/detail/CVE-2022-0492), [CVE-2022-0516](https://nvd.nist.gov/vuln/detail/CVE-2022-0516), [CVE-2022-0435](https://nvd.nist.gov/vuln/detail/CVE-2022-0435), [CVE-2022-0487](https://nvd.nist.gov/vuln/detail/CVE-2022-0487), [CVE-2022-25375](https://nvd.nist.gov/vuln/detail/CVE-2022-25375), [CVE-2022-25258](https://nvd.nist.gov/vuln/detail/CVE-2022-25258), [CVE-2022-0847](https://nvd.nist.gov/vuln/detail/CVE-2022-0847))<br>- go ([CVE-2022-23806](https://nvd.nist.gov/vuln/detail/CVE-2022-23806), [CVE-2022-23772](https://nvd.nist.gov/vuln/detail/CVE-2022-23772), [CVE-2022-23773](https://nvd.nist.gov/vuln/detail/CVE-2022-23773))<br>- expat ([CVE-2022-25235](https://nvd.nist.gov/vuln/detail/CVE-2022-25235), [CVE-2022-25236](https://nvd.nist.gov/vuln/detail/CVE-2022-25236), [CVE-2022-25313](https://nvd.nist.gov/vuln/detail/CVE-2022-25313), [CVE-2022-25314](https://nvd.nist.gov/vuln/detail/CVE-2022-25314), [CVE-2022-25315](https://nvd.nist.gov/vuln/detail/CVE-2022-25315))<br><br>#### Bug fixes<br>- Disabled the systemd-networkd settings `ManageForeignRoutes` and `ManageForeignRoutingPolicyRules` by default to ensure that CNIs like Cilium don't get their routes or routing policy rules discarded on network reconfiguration events ([Flatcar#620](https://github.com/flatcar/Flatcar/issues/620)).<br>- Prevented hitting races when creating filesystems in Ignition, these races caused boot failures like `fsck[1343]: Failed to stat /dev/disk/by-label/ROOT: No such file or directory` when creating a btrfs root filesystem ([ignition#35](https://github.com/flatcar/ignition/pull/35))<br>- Reverted the Linux kernel change to forbid xfrm id 0 for IPSec state because it broke Cilium ([Flatcar#626](https://github.com/flatcar/Flatcar/issues/626), [coreos-overlay#1682](https://github.com/flatcar/coreos-overlay/pull/1682))<br><br>#### Changes<br>- Added support for switching back to CGroupsV1 without requiring a reboot. Create `/etc/flatcar-cgroupv1` through ignition. ([coreos-overlay#1666](https://github.com/flatcar/coreos-overlay/pull/1666))<br><br>#### Updates<br>- Linux ([5.15.25](https://lwn.net/Articles/885896)) (from 5.15.19)<br>- ca-certificates ([3.75](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_75.html))<br>- Go ([1.17.7](https://go.googlesource.com/go/+/refs/tags/go1.17.7))<br>- expat ([2.4.6](https://github.com/libexpat/libexpat/blob/R_2_4_6/expat/Changes))<br><br>_Changes since **Beta 3066.1.2**_<br><br>#### Security fixes<br>- GCC ([CVE-2020-13844](https://nvd.nist.gov/vuln/detail/CVE-2020-13844))<br>- Go ([CVE-2021-44716](https://nvd.nist.gov/vuln/detail/CVE-2021-44716), [CVE-2021-44717](https://nvd.nist.gov/vuln/detail/CVE-2021-44717), [CVE-2022-23806](https://nvd.nist.gov/vuln/detail/CVE-2022-23806), [CVE-2022-23772](https://nvd.nist.gov/vuln/detail/CVE-2022-23772), [CVE-2022-23773](https://nvd.nist.gov/vuln/detail/CVE-2022-23773))<br>- containerd ([CVE-2021-43816](https://nvd.nist.gov/vuln/detail/CVE-2021-43816))<br>- expat ([CVE-2022-25235](https://nvd.nist.gov/vuln/detail/CVE-2022-25235), [CVE-2022-25236](https://nvd.nist.gov/vuln/detail/CVE-2022-25236), [CVE-2022-25313](https://nvd.nist.gov/vuln/detail/CVE-2022-25313), [CVE-2022-25314](https://nvd.nist.gov/vuln/detail/CVE-2022-25314), [CVE-2022-25315](https://nvd.nist.gov/vuln/detail/CVE-2022-25315))<br>- ignition ([CVE-2020-14040](https://nvd.nist.gov/vuln/detail/CVE-2020-14040), [CVE-2021-38561](https://nvd.nist.gov/vuln/detail/CVE-2021-38561))<br>- krb5 ([CVE-2021-37750](https://nvd.nist.gov/vuln/detail/CVE-2021-37750))<br>- libarchive ([libarchive-1565](https://github.com/libarchive/libarchive/issues/1565), [libarchive-1566](https://github.com/libarchive/libarchive/issues/1566))<br>- openssh ([CVE-2021-41617](https://nvd.nist.gov/vuln/detail/CVE-2021-41617))<br>- openssl ([CVE-2021-4044](https://nvd.nist.gov/vuln/detail/CVE-2021-4044))<br>- torcx ([CVE-2021-38561](https://nvd.nist.gov/vuln/detail/CVE-2021-38561), [CVE-2021-43565](https://nvd.nist.gov/vuln/detail/CVE-2021-43565))<br>- vim ([CVE-2021-3872](https://nvd.nist.gov/vuln/detail/CVE-2021-3872), [CVE-2021-3875](https://nvd.nist.gov/vuln/detail/CVE-2021-3875), [CVE-2021-3903](https://nvd.nist.gov/vuln/detail/CVE-2021-3903), [CVE-2021-3927](https://nvd.nist.gov/vuln/detail/CVE-2021-3927), [CVE-2021-3928](https://nvd.nist.gov/vuln/detail/CVE-2021-3928), [CVE-2021-3968](https://nvd.nist.gov/vuln/detail/CVE-2021-3968), [CVE-2021-3973](https://nvd.nist.gov/vuln/detail/CVE-2021-3973), [CVE-2021-3974](https://nvd.nist.gov/vuln/detail/CVE-2021-3974))<br>- SDK: edk2-ovmf ([CVE-2019-14584](https://nvd.nist.gov/vuln/detail/CVE-2019-14584), [CVE-2021-28210](https://nvd.nist.gov/vuln/detail/CVE-2021-28210), [CVE-2021-28211](https://nvd.nist.gov/vuln/detail/CVE-2021-28211), [CVE-2021-28213](https://nvd.nist.gov/vuln/detail/CVE-2021-28213))<br>- SDK: libxslt ([CVE-2021-30560](https://nvd.nist.gov/vuln/detail/CVE-2021-30560))<br>- SDK: mantle ([CVE-2021-3121](https://nvd.nist.gov/vuln/detail/CVE-2021-3121), [CVE-2021-38561](https://nvd.nist.gov/vuln/detail/CVE-2021-38561), [CVE-2021-43565](https://nvd.nist.gov/vuln/detail/CVE-2021-43565))<br>- SDK: Rust ([CVE-2022-21658](https://nvd.nist.gov/vuln/detail/CVE-2022-21658))<br>- SDK: QEMU ([CVE-2020-35504](https://nvd.nist.gov/vuln/detail/CVE-2020-35504), [CVE-2020-35505](https://nvd.nist.gov/vuln/detail/CVE-2020-35505), [CVE-2020-35506](https://nvd.nist.gov/vuln/detail/CVE-2020-35506), [CVE-2020-35517](https://nvd.nist.gov/vuln/detail/CVE-2020-35517), [CVE-2021-20203](https://nvd.nist.gov/vuln/detail/CVE-2021-20203), [CVE-2021-20255](https://nvd.nist.gov/vuln/detail/CVE-2021-20255), [CVE-2021-20257](https://nvd.nist.gov/vuln/detail/CVE-2021-20257), [CVE-2021-20263](https://nvd.nist.gov/vuln/detail/CVE-2021-20263), [CVE-2021-3409](https://nvd.nist.gov/vuln/detail/CVE-2021-3409), [CVE-2021-3416](https://nvd.nist.gov/vuln/detail/CVE-2021-3416), [CVE-2021-3527](https://nvd.nist.gov/vuln/detail/CVE-2021-3527), [CVE-2021-3544](https://nvd.nist.gov/vuln/detail/CVE-2021-3544), [CVE-2021-3545](https://nvd.nist.gov/vuln/detail/CVE-2021-3545), [CVE-2021-3546](https://nvd.nist.gov/vuln/detail/CVE-2021-3546), [CVE-2021-3582](https://nvd.nist.gov/vuln/detail/CVE-2021-3582), [CVE-2021-3607](https://nvd.nist.gov/vuln/detail/CVE-2021-3607), [CVE-2021-3608](https://nvd.nist.gov/vuln/detail/CVE-2021-3608), [CVE-2021-3682](https://nvd.nist.gov/vuln/detail/CVE-2021-3682))<br><br>#### Bug fixes<br>- Excluded the Kubenet cbr0 interface from networkd's DHCP config and set it to Unmanaged to prevent interference and ensure that it is not part of the network online check ([init#55](https://github.com/flatcar/init/pull/55))<br>- Fixed the dracut emergency Ignition log printing that had a scripting error causing the cat command to fail ([bootengine#33](https://github.com/flatcar/bootengine/pull/33))<br>- network: Accept ICMPv6 Router Advertisements to fix IPv6 address assignment in the default DHCP setting ([init#51](https://github.com/flatcar/init/pull/51), [coreos-cloudinit#12](https://github.com/flatcar/coreos-cloudinit/pull/12), [bootengine#30](https://github.com/flatcar/bootengine/pull/30))<br>- flatcar-update: Stopped checking for the `USER` environment variable which may not be set in all environments, causing the script to fail unless a workaround was used like prepending an additional `sudo` invocation ([init#58](https://github.com/flatcar/init/pull/58))<br>- Disabled the systemd-networkd settings `ManageForeignRoutes` and `ManageForeignRoutingPolicyRules` by default to ensure that CNIs like Cilium don't get their routes or routing policy rules discarded on network reconfiguration events ([Flatcar#620](https://github.com/flatcar/Flatcar/issues/620)).<br>- Prevented hitting races when creating filesystems in Ignition, these races caused boot failures like `fsck[1343]: Failed to stat /dev/disk/by-label/ROOT: No such file or directory` when creating a btrfs root filesystem ([ignition#35](https://github.com/flatcar/ignition/pull/35))<br>- Reverted the Linux kernel change to forbid xfrm id 0 for IPSec state because it broke Cilium ([Flatcar#626](https://github.com/flatcar/Flatcar/issues/626), [coreos-overlay#1682](https://github.com/flatcar/coreos-overlay/pull/1682))<br><br>#### Changes<br>- Update-engine now creates the `/run/reboot-required` flag file for [kured](https://github.com/weaveworks/kured) ([update_engine#15](https://github.com/flatcar/update_engine/pull/15))<br>- Excluded special network interface devices like bridge, tunnel, vxlan, and veth devices from the default DHCP configuration to prevent networkd interference ([init#56](https://github.com/flatcar/init/pull/56))<br>- Added CONFIG_NF_CT_NETLINK_HELPER (for libnetfilter_cthelper), CONFIG_NET_VRF (for virtual routing and forwarding) and CONFIG_KEY_DH_OPERATIONS (for keyutils) to the kernel config ([coreos-overlay#1524](https://github.com/flatcar/coreos-overlay/pull/1524))<br>- Enabled the FIPS support for the Linux kernel, which users can now choose through a kernel parameter in `grub.cfg` (check it taking effect with `cat /proc/sys/crypto/fips_enabled`) ([coreos-overlay#1602](https://github.com/flatcar/coreos-overlay/pull/1602))<br>- Added support for switching back to CGroupsV1 without requiring a reboot. Create `/etc/flatcar-cgroupv1` through ignition. ([coreos-overlay#1666](https://github.com/flatcar/coreos-overlay/pull/1666))<br>- Removed the pre-shipped `/etc/flatcar/update.conf` file, leaving it totally to the user to define the contents as it was unnecessarily overwriting the `/use/share/flatcar/update.conf` ([flatcar-linux/scripts#212](https://github.com/flatcar/scripts/pull/212))<br><br>#### Updates<br>- Linux ([5.15.25](https://lwn.net/Articles/885895)) (from 5.10.96)<br>- GCC ([9.4.0](https://lists.gnu.org/archive/html/info-gnu/2021-06/msg00000.html))<br>- Go ([1.17.7](https://go.googlesource.com/go/+/refs/tags/go1.17.7))<br>- ca-certificates ([3.75](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_75.html))<br>- systemd ([249.7](https://github.com/systemd/systemd-stable/blob/v249.7/NEWS))<br>- acl ([2.3.1](https://git.savannah.nongnu.org/cgit/acl.git/log/?h=v2.3.1))<br>- attr ([2.5.1](https://git.savannah.nongnu.org/cgit/attr.git/log/?h=v2.5.1))<br>- audit ([3.0.6](https://listman.redhat.com/archives/linux-audit/2021-October/msg00000.html))<br>- boost ([1.76.0](https://www.boost.org/users/history/version_1_76_0.html))<br>- btrfs-progs ([5.15.1](https://btrfs.wiki.kernel.org/index.php/Changelog#btrfs-progs_v5.15_.28Nov_2021.29))<br>- coreutils ([8.32](https://lists.gnu.org/archive/html/coreutils-announce/2020-03/msg00000.html))<br>- diffutils ([3.8](https://lists.gnu.org/archive/html/info-gnu/2021-08/msg00000.html))<br>- ethtool ([5.10](https://git.kernel.org/pub/scm/network/ethtool/ethtool.git/tree/NEWS?h=v5.10))<br>- expat ([2.4.6](https://github.com/libexpat/libexpat/blob/R_2_4_6/expat/Changes))<br>- findutils ([4.8.0](https://savannah.gnu.org/forum/forum.php?forum_id=9914))<br>- glib ([2.68.4](https://gitlab.gnome.org/GNOME/glib/-/releases/2.68.4))<br>- i2c-tools ([4.2](https://git.kernel.org/pub/scm/utils/i2c-tools/i2c-tools.git/log/?h=v4.2))<br>- iproute2 ([5.15](https://lwn.net/ml/linux-kernel/20211101164705.6f4f2e41%40hermes.local/))<br>- ipset ([7.11](https://ipset.netfilter.org/changelog.html))<br>- ipvsadm ([1.27](http://archive.linuxvirtualserver.org/html/lvs-devel/2013-09/msg00011.html))<br>- iputils ([20210722](https://github.com/iputils/iputils/releases/tag/20210722))<br>- kmod ([29](https://git.kernel.org/pub/scm/utils/kernel/kmod/kmod.git/commit/?id=b6ecfc916a17eab8f93be5b09f4e4f845aabd3d1))<br>- libarchive ([3.5.2](https://github.com/libarchive/libarchive/releases/tag/v3.5.2))<br>- libcap-ng ([0.8.2](https://github.com/stevegrubb/libcap-ng/releases/tag/v0.8.2))<br>- libseccomp ([2.5.1](https://github.com/seccomp/libseccomp/releases/tag/v2.5.1))<br>- lshw ([02.19.2b_p20210121](https://www.ezix.org/project/wiki/HardwareLiSter#Changes))<br>- lsof ([4.94.0](https://github.com/lsof-org/lsof/releases/tag/4.94.0))<br>- openssh ([8.8](http://www.openssh.com/txt/release-8.8))<br>- openssl ([3.0.1](https://www.openssl.org/news/changelog.html#openssl-30))<br>- parted ([3.4](https://savannah.gnu.org/forum/forum.php?forum_id=9924) (includes [3.3](https://savannah.gnu.org/forum/forum.php?forum_id=9569)))<br>- pciutils ([3.7.0](https://github.com/pciutils/pciutils/commit/864aecdea9c7db626856d8d452f6c784316a878c))<br>- polkit ([0.120](https://gitlab.freedesktop.org/polkit/polkit/-/blob/0.120/NEWS))<br>- runc ([1.1.0](https://github.com/opencontainers/runc/releases/tag/v1.1.0))<br>- sbsigntools ([0.9.4](https://git.kernel.org/pub/scm/linux/kernel/git/jejb/sbsigntools.git/tag/?h=v0.9.4))<br>- sed ([4.8](https://savannah.gnu.org/forum/forum.php?forum_id=9647))<br>- usbutils ([014](https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usbutils.git/commit/?id=57fb18e59cce31a50a1ca62d1e192512c905ba00))<br>- vim ([8.2.3582](https://github.com/vim/vim/releases/tag/v8.2.3582))<br>- Azure: Python for OEM images ([3.9.8](https://www.python.org/downloads/release/python-398/))<br>- SDK: Linux headers ([5.15](https://lwn.net/Articles/876611/))<br>- SDK: edk2-ovmf ([202105](https://github.com/tianocore/edk2/releases/tag/edk2-stable202105))<br>- SDK: file ([5.40](https://mailman.astron.com/pipermail/file/2021-March/000478.html))<br>- SDK: ipxe ([1.21.1](https://github.com/ipxe/ipxe/releases/tag/v1.21.1))<br>- SDK: mantle ([0.18.0](https://github.com/flatcar/mantle/releases/tag/v0.18.0))<br>- SDK: perf ([5.15](https://kernelnewbies.org/LinuxChanges#Linux_5.15.Tracing.2C_perf_and_BPF))<br>- SDK: Python ([3.9.8](https://www.python.org/downloads/release/python-398/))<br>- SDK: Rust ([1.58.1](https://github.com/rust-lang/rust/releases/tag/1.58.1))<br>- SDK: QEMU ([6.1.0](https://wiki.qemu.org/ChangeLog/6.1))<br>- SDK: seabios ([1.14.0](https://seabios.org/Releases#SeaBIOS_1.14.0))<br>- SDK: sgabios ([0.1_pre10](https://git.qemu.org/?p=sgabios.git;a=tree;h=a85446adb0e0))<br><br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.15.25<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-03-07T13:13:36+00:00 @@ -1646,7 +1662,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3066.1.2 3066.1.2 - 2023-10-25T10:20:43.505977+00:00 + 2023-11-22T09:59:33.402545+00:00 New **Beta** Release **3066.1.2**<br><br>_Changes since **Beta 3066.1.1**_<br><br>#### Security fixes<br>- Linux ([CVE-2021-43976](https://nvd.nist.gov/vuln/detail/CVE-2021-43976), [CVE-2022-0330](https://nvd.nist.gov/vuln/detail/CVE-2022-0330), [CVE-2022-22942](https://nvd.nist.gov/vuln/detail/CVE-2022-22942))<br>- expat ([CVE-2022-23852](https://nvd.nist.gov/vuln/detail/CVE-2022-23852), [CVE-2022-23990](https://nvd.nist.gov/vuln/detail/CVE-2022-23990))<br>- glibc ([CVE-2021-3998](https://nvd.nist.gov/vuln/detail/CVE-2021-3998), [CVE-2021-3999](https://nvd.nist.gov/vuln/detail/CVE-2021-3999), [CVE-2022-23218](https://nvd.nist.gov/vuln/detail/CVE-2022-23218), [CVE-2022-23219](https://nvd.nist.gov/vuln/detail/CVE-2022-23219))<br>- polkit ([CVE-2021-4034](https://nvd.nist.gov/vuln/detail/CVE-2021-4034))<br><br><br>#### Bug fixes<br>- SDK: Fixed build error popping up in the new SDK Container because `policycoreutils` used the wrong ROOT to update the SELinux store ([flatcar-linux/coreos-overlay#1502](https://github.com/flatcar/coreos-overlay/pull/1502))<br>- Fixed leak of SELinux policy store to the root filesystem top directory due to wrong store path in `policycoreutils` instead of `/var/lib/selinux` ([flatcar-linux/Flatcar#596](https://github.com/flatcar/Flatcar/issues/596))<br><br>#### Updates<br>- Linux ([5.10.96](https://lwn.net/Articles/883442)) (from 5.10.93)<br>- Linux Firmware ([20211216](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20211216))<br>- expat ([2.4.4](https://github.com/libexpat/libexpat/blob/R_2_4_4/expat/Changes))<br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.10.96<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-02-09T10:02:57+00:00 @@ -1654,7 +1670,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3066.1.1 3066.1.1 - 2023-10-25T10:20:43.500652+00:00 + 2023-11-22T09:59:33.397047+00:00 New **Beta** release **3066.1.1**<br><br>_Changes since **Beta 3066.1.0**_<br><br>#### Known issues:<br>- The SELinux policy store update fix resulted in some files leaked to the root filesystem top directory ([flatcar-linux/Flatcar#596](https://github.com/flatcar/Flatcar/issues/596))<br><br>#### Security fixes:<br><br>- Linux ([CVE-2021-4135](https://nvd.nist.gov/vuln/detail/CVE-2021-4135), [CVE-2021-4155](https://nvd.nist.gov/vuln/detail/CVE-2021-4155), [CVE-2021-28711](https://nvd.nist.gov/vuln/detail/CVE-2021-28711), [CVE-2021-28712](https://nvd.nist.gov/vuln/detail/CVE-2021-28712), [CVE-2021-28713](https://nvd.nist.gov/vuln/detail/CVE-2021-28713), [CVE-2021-28714](https://nvd.nist.gov/vuln/detail/CVE-2021-28714), [CVE-2021-28715](https://nvd.nist.gov/vuln/detail/CVE-2021-28715), [CVE-2021-39685](https://nvd.nist.gov/vuln/detail/CVE-2021-39685), [CVE-2021-44733](https://nvd.nist.gov/vuln/detail/CVE-2021-44733), [CVE-2021-45095](https://nvd.nist.gov/vuln/detail/CVE-2021-45095), [CVE-2022-0185](https://nvd.nist.gov/vuln/detail/CVE-2022-0185))<br>- ca-certificates ([CVE-2021-43527](https://nvd.nist.gov/vuln/detail/CVE-2021-43527))<br>- containerd ([CVE-2021-43816](https://nvd.nist.gov/vuln/detail/CVE-2021-43816))<br>- expat ([CVE-2021-45960](https://nvd.nist.gov/vuln/detail/CVE-2021-45960), [CVE-2021-46143](https://nvd.nist.gov/vuln/detail/CVE-2021-46143), [CVE-2022-22822](https://nvd.nist.gov/vuln/detail/CVE-2022-22822), [CVE-2022-22823](https://nvd.nist.gov/vuln/detail/CVE-2022-22823), [CVE-2022-22824](https://nvd.nist.gov/vuln/detail/CVE-2022-22824), [CVE-2022-22825](https://nvd.nist.gov/vuln/detail/CVE-2022-22825), [CVE-2022-22826](https://nvd.nist.gov/vuln/detail/CVE-2022-22826), [CVE-2022-22827](https://nvd.nist.gov/vuln/detail/CVE-2022-22827))<br><br>#### Bug fixes:<br><br>- Ensured that the `/run/xtables.lock` coordination file exists for modifications of the xtables backend from containers (must be bind-mounted) or the `iptables-legacy` binaries on the host ([flatcar-linux/init#57](https://github.com/flatcar/init/pull/57))<br>- Excluded the Kubenet cbr0 interface from networkd’s DHCP config and set it to Unmanaged to prevent interference and ensure that it is not part of the network online check ([flatcar-linux/init#55](https://github.com/flatcar/init/pull/55))<br>- dev container: Fix github URL for coreos-overlay and portage-stable to use repos from flatcar-linux org directly instead of relying on redirects from the kinvolk org. This fixes checkouts with emerge-gitclone inside dev-container. ([flatcar-linux/scripts#194](https://github.com/flatcar/scripts/pull/194))<br>- SDK: Fixed build error popping up in the new SDK Container because `policycoreutils` used the wrong ROOT to update the SELinux store ([flatcar-linux/coreos-overlay#1502](https://github.com/flatcar/coreos-overlay/pull/1502))<br><br>#### Changes:<br><br>- Backported `elf` support for `iproute2` ([flatcar-linux/coreos-overlay#1256](https://github.com/flatcar/coreos-overlay/pull/1526))<br><br>#### Updates:<br><br>- Linux ([5.10.93](https://lwn.net/Articles/881964)) (from 5.10.84)<br>- ca-certificates ([3.74](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_74.html))<br>- Docker ([20.10.12](https://docs.docker.com/engine/release-notes/#201012))<br>- containerd ([1.5.9](https://github.com/containerd/containerd/releases/tag/v1.5.9))<br>- expat ([2.4.3](https://github.com/libexpat/libexpat/blob/R_2_4_3/expat/Changes))<br><br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.10.93<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-01-26T08:13:36+00:00 @@ -1662,7 +1678,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3066.1.0 3066.1.0 - 2023-10-25T10:20:43.494011+00:00 + 2023-11-22T09:59:33.390093+00:00 New **Beta** release **3066.1.0**<br><br>_Changes since **Alpha 3066.0.0**_<br><br>**Security fixes**<br><br><br><br>* Linux ([CVE-2021-4002](https://nvd.nist.gov/vuln/detail/CVE-2021-4002), [CVE-2020-27820](https://nvd.nist.gov/vuln/detail/CVE-2020-27820), [CVE-2021-4001](https://nvd.nist.gov/vuln/detail/CVE-2021-4001), [CVE-2021-43975](https://nvd.nist.gov/vuln/detail/CVE-2021-43975))<br>* Go ([CVE-2021-44716](https://nvd.nist.gov/vuln/detail/CVE-2021-44716), [CVE-2021-44717](https://nvd.nist.gov/vuln/detail/CVE-2021-44717))<br>* ca-certificates ([CVE-2021-43527](https://nvd.nist.gov/vuln/detail/CVE-2021-43527))<br><br>**Bug Fixes**<br><br><br><br>* Added configuration files for logrotate ([flatcar-linux/coreos-overlay#1442](https://github.com/flatcar/coreos-overlay/pull/1442))<br>* Fixed `ETCD_NAME` conflicting with `--name` for `etcd-member` to start ([flatcar-linux/coreos-overlay#1444](https://github.com/flatcar/coreos-overlay/pull/1444))<br>* The Torcx profile docker-1.12-no got fixed to reference the current Docker version instead of 19.03 which wasn't found on the image, causing Torcx to fail to provide Docker [flatcar-linux/coreos-overlay#1456](https://github.com/flatcar/coreos-overlay/pull/1456)<br>* Fix vim warnings on missing file, when built with USE=”minimal” ([portage-stable#260](https://github.com/flatcar/portage-stable/pull/260))<br><br>**Changes**<br><br><br><br>* Added a new `flatcar-update` tool to the image to ease manual updates, rollbacks, channel/release jumping, and airgapped updates ([flatcar-linux/init#53](https://github.com/flatcar/init/pull/53))<br><br>**Updates**<br><br><br><br>* ca-certificates ([3.73](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_73.html))<br>* runc ([1.0.3](https://github.com/opencontainers/runc/releases/tag/v1.0.3))<br>* Go ([1.17.5](https://go.googlesource.com/go/+/refs/tags/go1.17.5))<br>* Linux ([5.10.84](https://lwn.net/Articles/878041))<br><br>_Changes since **Beta 3033.1.1**_<br><br>**Security fixes**<br><br><br><br>* Linux ([CVE-2021-4002](https://nvd.nist.gov/vuln/detail/CVE-2021-4002), [CVE-2020-27820](https://nvd.nist.gov/vuln/detail/CVE-2020-27820), [CVE-2021-4001](https://nvd.nist.gov/vuln/detail/CVE-2021-4001), [CVE-2021-43975](https://nvd.nist.gov/vuln/detail/CVE-2021-43975))<br>* Go ([CVE-2021-44716](https://nvd.nist.gov/vuln/detail/CVE-2021-44716), [CVE-2021-44717](https://nvd.nist.gov/vuln/detail/CVE-2021-44717))<br>* ca-certificates ([CVE-2021-43527](https://nvd.nist.gov/vuln/detail/CVE-2021-43527))<br>* Docker, containerd ([CVE-2021-41190](https://nvd.nist.gov/vuln/detail/CVE-2021-41190))<br>* rsync ([CVE-2020-14387](https://nvd.nist.gov/vuln/detail/CVE-2020-14387))<br>* SDK: u-boot-tools ([CVE-2021-27097](https://nvd.nist.gov/vuln/detail/CVE-2021-27097),[CVE-2021-27138](https://nvd.nist.gov/vuln/detail/CVE-2021-27138))<br><br>**Changes:**<br><br><br><br>* Added sgx group to /etc/group in baselayout ([baselayout#20](https://github.com/flatcar/baselayout/pull/20))<br>* Added missing SELinux rule as initial step to resolve Torcx unpacking issue ([coreos-overlay#1426](https://github.com/flatcar/coreos-overlay/pull/1426))<br><br>**Bug Fixes**<br><br><br><br>* Skip `tcsd` for machine with TPM 2.0 ([flatcar-linux/coreos-overlay#1364](https://github.com/flatcar/coreos-overlay/pull/1364),[flatcar-linux/coreos-overlay#1365](https://github.com/flatcar/coreos-overlay/pull/1365))<br>* Fix vim warnings on missing file, when built with USE=”minimal” ([portage-stable#260](https://github.com/flatcar/portage-stable/pull/260))<br>* SDK: Add missing arm64 SDK keywords to profiles ([coreos-overlay#1407](https://github.com/flatcar/coreos-overlay/pull/1407))<br><br>**Updates**<br><br><br><br>* Openssl ([3.0.0](https://www.openssl.org/news/cl30.txt))<br>* Docker ([20.10.11](https://docs.docker.com/engine/release-notes/#20111))<br>* containerd ([1.5.8](https://github.com/containerd/containerd/releases/tag/v1.5.8))<br>* btrfs-progs ([5.10.1](https://btrfs.wiki.kernel.org/index.php/Changelog#btrfs-progs_v5.10_.28Jan_2021.29))<br>* dbus-glib ([0.112](https://gitlab.freedesktop.org/dbus/dbus-glib/-/tags/dbus-glib-0.112))<br>* gmp ([6.2.1](https://gmplib.org/gmp6.2))<br>* ignition ([0.36.1](https://github.com/flatcar/ignition/releases/tag/v0.36.1))<br>* json-c ([0.15](https://github.com/json-c/json-c/wiki/Notes-for-v0.15-release))<br>* libgpg-error ([1.42](https://dev.gnupg.org/T5194))<br>* logrotate ([3.18.1](https://github.com/logrotate/logrotate/releases/tag/3.18.1))<br>* p11-kit ([0.23.22](https://github.com/p11-glue/p11-kit/releases/tag/0.23.22))<br>* popt ([1.18](https://github.com/rpm-software-management/popt/releases/tag/popt-1.18-release))<br>* rpcsvc-proto ([1.4.2](https://github.com/thkukuk/rpcsvc-proto/releases/tag/v1.4.2))<br>* SDK: crossdev ([20210621](https://gitweb.gentoo.org/proj/crossdev.git/commit/?id=b40ebcdb89f19d2fd0c563590f30d7574cfe0755))<br>* SDK: gdbm ([1.20](https://lists.gnu.org/archive/html/info-gnu/2021-06/msg00008.html))<br>* SDK: man-pages-posix ([2017a](https://www.mail-archive.com/cygwin-announce@cygwin.com/msg09598.html))<br>* SDK: miscfiles ([1.5](https://lists.gnu.org/archive/html/info-gnu/2010-11/msg00009.html))<br>* SDK: pkgconf ([1.7.4](https://git.sr.ht/~kaniini/pkgconf/tree/458101e787a47378d2fc74c64f649fd3a5f75e55/item/NEWS))<br>* SDK: swig ([4.0.2](https://sourceforge.net/p/swig/news/2020/06/swig-402-released/))<br>* SDK: u-boot-tools ([2021.04_rc2](https://source.denx.de/u-boot/u-boot/-/tags/v2021.04-rc2))<br>Packages:<br>- docker 20.10.11<br>- ignition 0.36.1<br>- kernel 5.10.84<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2021-12-15T19:40:26+00:00 @@ -1670,7 +1686,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3033.1.1 3033.1.1 - 2023-10-25T10:20:43.486147+00:00 + 2023-11-22T09:59:33.381995+00:00 New **Beta** Release **3033.1.1**<br><br>_Changes since **Beta 3033.1.0**_<br><br>**Security fixes**<br><br>* Linux ([CVE-2021-42739](https://nvd.nist.gov/vuln/detail/CVE-2021-42739))<br>* Docker, containerd ([CVE-2021-41190](https://nvd.nist.gov/vuln/detail/CVE-2021-41190))<br><br>**Updates**<br><br>* Linux ([5.10.80](https://lwn.net/Articles/876426/))<br>* Docker ([20.10.11](https://docs.docker.com/engine/release-notes/#20111))<br>* containerd ([1.5.8](https://github.com/containerd/containerd/releases/tag/v1.5.8))<br>* ca-certificates ([3.72](https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/7O6a4NlaI2A))<br><br>**Changes**<br><br>* Added missing SELinux rule as initial step to resolve Torcx unpacking issue ([coreos-overlay#1426](https://github.com/flatcar/coreos-overlay/pull/1426))<br>Packages:<br>- docker 20.10.11<br>- ignition 0.34.0<br>- kernel 5.10.80<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2021-11-25T11:11:55+00:00 @@ -1678,7 +1694,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3033.1.0 3033.1.0 - 2023-10-25T10:20:43.481332+00:00 + 2023-11-22T09:59:33.377045+00:00 New **Beta** release **3033.1.0**<br><br>_Changes since **Alpha 3033.0.0**_<br><br>**Security fixes**<br><br><br><br>* Linux ([CVE-2021-3760](https://nvd.nist.gov/vuln/detail/CVE-2021-3760), [CVE-2021-3772](https://nvd.nist.gov/vuln/detail/CVE-2021-3772), [CVE-2021-42327](https://nvd.nist.gov/vuln/detail/CVE-2021-42327), [CVE-2021-43056](https://nvd.nist.gov/vuln/detail/CVE-2021-43056), [CVE-2021-43267](https://nvd.nist.gov/vuln/detail/CVE-2021-43267), [CVE-2021-43389](https://nvd.nist.gov/vuln/detail/CVE-2021-43389))<br>* Docker ([CVE-2021-41092](https://nvd.nist.gov/vuln/detail/CVE-2021-41092), [CVE-2021-41089](https://nvd.nist.gov/vuln/detail/CVE-2021-41089),[ CVE-2021-41091](https://nvd.nist.gov/vuln/detail/CVE-2021-41091))<br>* Go ([CVE-2021-41771](https://nvd.nist.gov/vuln/detail/CVE-2021-41771),[ CVE-2021-41772](https://nvd.nist.gov/vuln/detail/CVE-2021-41772))<br><br>**Changes**<br><br><br><br>* Use https protocol instead of git for Github URLs ([flatcar-linux/coreos-overlay#1394](https://github.com/flatcar/coreos-overlay/pull/1394))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.77](https://lwn.net/Articles/874852/))<br>* docker ([20.10.10](https://docs.docker.com/engine/release-notes/#201010))<br>* Go ([1.17.3](https://go.googlesource.com/go/+/refs/tags/go1.17.3))<br><br>_Changes since **Beta 2983.1.2**_<br><br>**Security fixes**<br><br><br><br>* Linux ([CVE-2021-3739](https://nvd.nist.gov/vuln/detail/CVE-2021-3739), [CVE-2021-3744](https://nvd.nist.gov/vuln/detail/CVE-2021-3744), [CVE-2021-3753](https://nvd.nist.gov/vuln/detail/CVE-2021-3753),[ CVE-2021-3760](https://nvd.nist.gov/vuln/detail/CVE-2021-3739), [CVE-2021-3764](https://nvd.nist.gov/vuln/detail/CVE-2021-3764), [CVE-2021-3772](https://nvd.nist.gov/vuln/detail/CVE-2021-3772), [CVE-2021-20321](https://nvd.nist.gov/vuln/detail/CVE-2021-20321), [CVE-2021-38300](https://nvd.nist.gov/vuln/detail/CVE-2021-38300), [CVE-2021-40490](https://nvd.nist.gov/vuln/detail/CVE-2021-40490), [CVE-2021-41864](https://nvd.nist.gov/vuln/detail/CVE-2021-41864), [CVE-2021-42327](https://nvd.nist.gov/vuln/detail/CVE-2021-42327), [CVE-2021-43056](https://nvd.nist.gov/vuln/detail/CVE-2021-43056), [CVE-2021-43267](https://nvd.nist.gov/vuln/detail/CVE-2021-43267), [CVE-2021-43389](https://nvd.nist.gov/vuln/detail/CVE-2021-43389))<br>* Go ([CVE-2021-29923](https://nvd.nist.gov/vuln/detail/CVE-2021-29923), [CVE-2021-38297](https://nvd.nist.gov/vuln/detail/CVE-2021-38297), [CVE-2021-39293](https://nvd.nist.gov/vuln/detail/CVE-2021-39293), [CVE-2021-41771](https://nvd.nist.gov/vuln/detail/CVE-2021-41771),[ CVE-2021-41772](https://nvd.nist.gov/vuln/detail/CVE-2021-41772))<br>* Docker ([CVE-2021-41092](https://nvd.nist.gov/vuln/detail/CVE-2021-41092), [CVE-2021-41089](https://nvd.nist.gov/vuln/detail/CVE-2021-41089),[ CVE-2021-41091](https://nvd.nist.gov/vuln/detail/CVE-2021-41091))<br>* bash ([CVE-2019-9924](https://nvd.nist.gov/vuln/detail/CVE-2019-9924),[ CVE-2019-18276](https://nvd.nist.gov/vuln/detail/CVE-2019-18276))<br>* binutils ([CVE-2021-3530](https://nvd.nist.gov/vuln/detail/CVE-2021-3530),[ CVE-2021-3549](https://nvd.nist.gov/vuln/detail/CVE-2021-3549))<br>* containerd ([CVE-2021-41103](https://nvd.nist.gov/vuln/detail/CVE-2021-41103))<br>* curl ([CVE-2021-22945](https://nvd.nist.gov/vuln/detail/CVE-2021-22945),[ CVE-2021-22946](https://nvd.nist.gov/vuln/detail/CVE-2021-22946),[ CVE-2021-22947](https://nvd.nist.gov/vuln/detail/CVE-2021-22947))<br>* git ([CVE-2021-40330](https://nvd.nist.gov/vuln/detail/CVE-2021-40330))<br>* glibc ([CVE-2021-38604](https://nvd.nist.gov/vuln/detail/CVE-2021-38604))<br>* gnuPG ([CVE-2020-25125](https://nvd.nist.gov/vuln/detail/CVE-2020-25125))<br>* libgcrypt ([CVE-2021-40528](https://nvd.nist.gov/vuln/detail/CVE-2021-40528))<br>* nettle ([CVE-2021-20305](https://nvd.nist.gov/vuln/detail/CVE-2021-20305), [CVE-2021-3580](https://nvd.nist.gov/vuln/detail/CVE-2021-3580))<br>* polkit ([CVE-2021-3560](https://nvd.nist.gov/vuln/detail/CVE-2021-3560))<br>* sssd ([CVE-2018-16883](https://nvd.nist.gov/vuln/detail/CVE-2018-16883), [CVE-2019-3811](https://nvd.nist.gov/vuln/detail/CVE-2019-3811), [CVE-2018-16838](https://nvd.nist.gov/vuln/detail/CVE-2018-16838))<br>* util-linux ([CVE-2021-37600](https://nvd.nist.gov/vuln/detail/CVE-2021-37600))<br>* vim ([CVE-2021-3770](https://nvd.nist.gov/vuln/detail/CVE-2021-3770), [CVE-2021-3778](https://nvd.nist.gov/vuln/detail/CVE-2021-3778), [CVE-2021-3796](https://nvd.nist.gov/vuln/detail/CVE-2021-3796))<br>* SDK: bison ([CVE-2020-14150](https://nvd.nist.gov/vuln/detail/CVE-2020-14150),[ CVE-2020-24240](https://nvd.nist.gov/vuln/detail/CVE-2020-24240))<br>* SDK: perl ([CVE-2020-10878](https://nvd.nist.gov/vuln/detail/CVE-2020-10878))<br><br>**Bug fixes**<br><br><br><br>* toolbox: fixed support for multi-layered docker images ([flatcar-linux/toolbox#5](https://github.com/flatcar/toolbox/pull/5))<br>* arm64: the Polkit service does not crash anymore. ([flatcar-linux/Flatcar#156](https://github.com/flatcar/Flatcar/issues/156))<br>* The tcsd service for TPM 1 is not started on machines with TPM 2 anymore where it fails and isn’t necessary. ([flatcar-linux/coreos-overlay#1365](https://github.com/flatcar/coreos-overlay/pull/1365))<br>* Skip tcsd.service for TPM2 devices to fix failures on c3.small.x86 instances of Equinix Metal ([Flatcar#208](https://github.com/flatcar/Flatcar/issues/208))<br>* Fixed locksmith adhering to reboot window when getting the etcd lock ([flatcar-linux/locksmith#10](https://github.com/flatcar/locksmith/pull/10))<br>* Run emergency.target on `ignition/torcx` service unit failure in dracut ([bootengine#28](https://github.com/flatcar/bootengine/pull/28))<br><br>**Changes**<br><br><br><br>* Added GPIO support ([coreos-overlay#1236](https://github.com/flatcar/coreos-overlay/pull/1236))<br>* Enabled SELinux in permissive mode on ARM64 ([coreos-overlay#1245](https://github.com/flatcar/coreos-overlay/pull/1245))<br>* Added support for some alias commands from `bcc` ([flatcar-linux/coreos-overlay#1278](https://github.com/flatcar/coreos-overlay/pull/1278))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.77](https://lwn.net/Articles/874852/))<br>* Linux firmware ([20210919](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20210919))<br>* Go ([1.17.3](https://go.googlesource.com/go/+/refs/tags/go1.17.3))<br>* bash ([5.1_p8](https://lists.gnu.org/archive/html/info-gnu/2020-12/msg00003.html))<br>* binutils ([2.37](https://sourceware.org/pipermail/binutils/2021-July/117384.html))<br>* ca-certificates ([3.69.1](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_69_1.html#nss-3-69-1-release-notes))<br>* containerd ([1.5.7](https://github.com/containerd/containerd/releases/tag/v1.5.7))<br>* curl ([7.79.1](https://curl.se/changes.html#7_79_1))<br>* duktape ([2.6.0](https://github.com/svaarala/duktape/blob/master/doc/release-notes-v2-6.rst))<br>* ebtables ([2.0.11](https://lwn.net/Articles/806179/))<br>* gawk ([5.1.0](https://lists.gnu.org/archive/html/info-gnu/2020-04/msg00007.html))<br>* git ([2.32.0](https://github.com/git/git/blob/master/Documentation/RelNotes/2.32.0.txt))<br>* gnuPG ([2.2.29](https://lists.gnupg.org/pipermail/gnupg-announce/2021q3/000461.html))<br>* iptables ([1.8.7](https://lwn.net/Articles/843069/))<br>* keyutils ([1.6.1](https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/keyutils.git/tag/?h=v1.6.1))<br>* libdnet ([1.14](https://github.com/ofalk/libdnet/releases/tag/libdnet-1.14))<br>* libgcrypt ([1.9.4](https://dev.gnupg.org/T5402))<br>* libmnl ([1.0.4](https://marc.info/?l=netfilter-devel&m=146745072727070&w=2))<br>* libnftnl ([1.2.0](https://marc.info/?l=netfilter&m=162194376520385&w=2))<br>* libtirpc ([1.3.2](https://www.spinics.net/lists/linux-nfs/msg84129.html))<br>* ldb ([2.3.0](https://gitlab.com/samba-team/samba/-/tags/ldb-2.3.0))<br>* lvm2 ([2.02.188](https://github.com/lvmteam/lvm2/releases/tag/v2_02_188))<br>* nettle ([3.7.3](https://git.lysator.liu.se/nettle/nettle/-/blob/master/NEWS#L1-37))<br>* net-tools ([2.10](https://sourceforge.net/p/net-tools/news/2021/01/net-tools-210-released/))<br>* nftables ([0.9.9](https://lwn.net/Articles/857369/))<br>* openssh ([8.7_p1-r1](https://www.openssh.com/txt/release-8.7))<br>* polkit ([0.119](https://gitlab.freedesktop.org/polkit/polkit/-/blob/0.119/NEWS))<br>* realmd ([0.17.0](https://gitlab.freedesktop.org/realmd/realmd/-/tags/0.17.0))<br>* sssd (2.3.1)<br>* systemd ([249.4](https://github.com/systemd/systemd-stable/blob/v249.4/NEWS))<br>* talloc ([2.3.2](https://gitlab.com/samba-team/samba/-/tags/talloc-2.3.2))<br>* util-linux ([2.37.2](https://github.com/karelzak/util-linux/blob/v2.37.2/NEWS))<br>* vim ([8.2.3428](https://github.com/vim/vim/releases/tag/v8.2.3428))<br>* xenstore ([4.14.2](https://xenproject.org/downloads/xen-project-archives/xen-project-4-14-series/xen-project-4-14-2/))<br>* SDK: bison (3.7.6)<br>* SDK: perl ([5.34.0](https://perldoc.perl.org/perl5340delta))<br>* SDK: rust ([1.55](https://github.com/rust-lang/rust/releases/tag/1.55.0))<br>* VMWare: open-vm-tools ([11.3.5](https://github.com/vmware/open-vm-tools/releases/tag/stable-11.3.5))<br>Packages:<br>- docker 20.10.10<br>- ignition 0.34.0<br>- kernel 5.10.77<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2021-11-09T06:39:46+00:00 @@ -1686,7 +1702,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2983.1.2 2983.1.2 - 2023-10-25T10:20:43.471352+00:00 + 2023-11-22T09:59:33.366528+00:00 **Update to CGroupsV2**<br><br>As of Alpha version 2969.0.0, Flatcar Container Linux migrates to the unified cgroup hierarchy (aka CGroupsV2)! New nodes will utilize CGroupsV2 by default. Existing nodes remain on CGroupsV1 and need to be manually migrated to CGroupsV2. To learn more about CGroupsV2 on Flatcar Container Linux and the migration guide, please refer to[ https://flatcar-linux.org/docs/latest/container-runtimes/switching-to-unified-cgroups/](https://flatcar-linux.org/docs/latest/container-runtimes/switching-to-unified-cgroups/)<br><br>New **Beta** release **2983.1.2**<br><br>_Changes since **Beta 2983.1.1**_<br><br>**Security fixes**<br><br><br><br>* Linux ([CVE-2021-3764](https://nvd.nist.gov/vuln/detail/CVE-2021-3764), [CVE-2021-3744](https://nvd.nist.gov/vuln/detail/CVE-2021-3744), [CVE-2021-38300](https://nvd.nist.gov/vuln/detail/CVE-2021-38300), [CVE-2021-20321](https://nvd.nist.gov/vuln/detail/CVE-2021-20321), [CVE-2021-41864](https://nvd.nist.gov/vuln/detail/CVE-2021-41864))<br>* Docker ([CVE-2021-41092](https://nvd.nist.gov/vuln/detail/CVE-2021-41092), [CVE-2021-41089](https://nvd.nist.gov/vuln/detail/CVE-2021-41089),[ CVE-2021-41091](https://nvd.nist.gov/vuln/detail/CVE-2021-41091))<br>* containerd ([CVE-2021-41103](https://nvd.nist.gov/vuln/detail/CVE-2021-41103))<br><br>**Bux fixes**<br><br><br><br>* The tcsd service for TPM 1 is not started on machines with TPM 2 anymore where it fails and isn’t necessary ([flatcar-linux/coreos-overlay#1364](https://github.com/flatcar/coreos-overlay/pull/1364))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.75](https://lwn.net/Articles/873465/))<br>* Docker ([20.10.9](https://docs.docker.com/engine/release-notes/#20109))<br>* ca-certificates ([3.69.1](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_69_1.html#nss-3-69-1-release-notes))<br>* containerd ([1.5.7](https://github.com/containerd/containerd/releases/tag/v1.5.7))<br>Packages:<br>- docker 20.10.9<br>- ignition 0.34.0<br>- kernel 5.10.75<br>- systemd 247<br><br>Architectures:<br>- amd64<br> 2021-10-25T15:56:14+00:00 @@ -1694,7 +1710,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2983.1.1 2983.1.1 - 2023-10-25T10:20:43.465789+00:00 + 2023-11-22T09:59:33.360775+00:00 New **Beta** release **2983.1.1**<br><br>_Changes since **Beta 2983.1.0**_<br><br>**Security fixes**<br><br>* Linux ([CVE-2021-41073](https://nvd.nist.gov/vuln/detail/CVE-2021-41073), [CVE-2020-16119](https://nvd.nist.gov/vuln/detail/CVE-2020-16119))<br><br>**Updates**<br><br>* Linux ([5.10.69](https://lwn.net/Articles/870544/))<br>Packages:<br>- docker 20.10.8<br>- ignition 0.34.0<br>- kernel 5.10.69<br>- systemd 247<br><br>Architectures:<br>- amd64<br> 2021-09-30T16:22:00+00:00 @@ -1702,7 +1718,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2983.1.0 2983.1.0 - 2023-10-25T10:20:43.461400+00:00 + 2023-11-22T09:59:33.356121+00:00 New **Beta** release **2983.1.0**<br><br>_Changes since **Beta 2942.1.2**_<br><br>**Update to CGroupsV2**<br><br>As of Alpha version 2969.0.0, Flatcar Container Linux migrates to the unified cgroup hierarchy (aka CGroupsV2)! New nodes will utilize CGroupsV2 by default. Existing nodes remain on CGroupsV1 and need to be manually migrated to CGroupsV2. To learn more about CGroupsV2 on Flatcar Container Linux and the migration guide, please refer to [https://flatcar-linux.org/docs/latest/container-runtimes/switching-to-unified-cgroups/](https://flatcar-linux.org/docs/latest/container-runtimes/switching-to-unified-cgroups/) <br><br>**Security fixes**<br><br><br><br>* dnsmasq ([CVE-2021-3448](https://nvd.nist.gov/vuln/detail/CVE-2021-3448))<br>* glibc ([CVE-2021-35942](https://nvd.nist.gov/vuln/detail/CVE-2021-35942))<br>* Go ([CVE-2021-36221](https://nvd.nist.gov/vuln/detail/CVE-2021-36221))<br>* libuv ([CVE-2021-22918](https://nvd.nist.gov/vuln/detail/CVE-2021-22918))<br>* mit-krb5 ([CVE-2021-36222](https://nvd.nist.gov/vuln/detail/CVE-2021-36222))<br>* tar ([CVE-2021-20193](https://nvd.nist.gov/vuln/detail/CVE-2021-20193))<br>* expat ([CVE-2013-0340](https://nvd.nist.gov/vuln/detail/CVE-2013-0340))<br>* Linux ([CVE-2021-3753](https://nvd.nist.gov/vuln/detail/CVE-2021-3753), [CVE-2021-3739](https://nvd.nist.gov/vuln/detail/CVE-2021-3739))<br><br>**Bug Fixes**<br><br><br><br>* Fixed containerd config after introduction of CGroupsV2 ([coreos-overlay#1214](https://github.com/kinvolk/coreos-overlay/pull/1214))<br>* Fixed path for amazon-ssm-agent in base-ec2.ign ([coreos-overlay#1228](https://github.com/kinvolk/coreos-overlay/pull/1228))<br>* Fixed locksmith adhering to reboot window when getting the etcd lock ([locksmith#10](https://github.com/kinvolk/locksmith/pull/10))<br>* Disabled SELinux by default on dockerd wrapper script ([coreos-overlay#1149](https://github.com/kinvolk/coreos-overlay/pull/1149))<br>* Let network-cleanup.service finish before entering rootfs ([coreos-overlay#1182](https://github.com/kinvolk/coreos-overlay/pull/1182))<br><br>**Changes**<br><br><br><br>* Added Azure [Generation 2 VM](https://docs.microsoft.com/en-us/azure/virtual-machines/generation-2) support ([coreos-overlay#1198](https://github.com/kinvolk/coreos-overlay/pull/1198))<br>* cgroups v2 by default for new nodes ([coreos-overlay#931](https://github.com/kinvolk/coreos-overlay/pull/931)).<br>* Upgrade Docker to 20.10 ([coreos-overlay#931](https://github.com/kinvolk/coreos-overlay/pull/931))<br>* Switched Docker ecosystem packages to go1.16 ([coreos-overlay#1217](https://github.com/kinvolk/coreos-overlay/pull/1217))<br>* Added lbzip2 binary to the image ([coreos-overlay#1221](https://github.com/kinvolk/coreos-overlay/pull/1221))<br>* flatcar-install uses lbzip2 if present, falls back on bzip2 if not ([init#46](https://github.com/kinvolk/init/pull/46))<br>* Added Intel E800 series network adapter driver ([coreos-overlay#1237](https://github.com/kinvolk/coreos-overlay/pull/1237))<br>* Enabled 'audit' use flag for sys-libs/pam ([coreos-overlay#1233](https://github.com/kinvolk/coreos-overlay/pull/1233))<br>* Bumped etcd and flannel to respectively `3.5.0`, `0.14.0` to get multiarch images for arm64 support. _Note for users of the old etcd v2 support_: `ETCDCTL_API=2` must be set to use v2 store as well as `ETCD_ENABLE_V2=true` in the `etcd-member.service` - this support will be removed in `3.6.0` ([coreos-overlay#1179](https://github.com/kinvolk/coreos-overlay/pull/1179))<br>* Switched to zstd compression for the initramfs ([coreos-overlay#1136](https://github.com/kinvolk/coreos-overlay/pull/1136))<br>* Support BTRFS in OEM and /usr partitions, but only used it for the OEM partition for now. Ignition configurations that refer to the OEM partition will work with any filesystem format specified, a mismatch is not resulting in a boot error. ([coreos-overlay#1106](https://github.com/kinvolk/coreos-overlay/pull/1106))<br>* Switched the arm64 kernel to use a 4k page size instead of 64k<br>* Switched dm-verity corruption detection to issue a kernel panic (a panic results in a reboot after 1 minute, this was the case before already) instead of merely failing certain syscalls that try to use the corrupted data<br>* Support BTRFS in OEM and /usr partitions, but only used it for the OEM partition for now. Ignition configurations that refer to the OEM partition will work with any filesystem format specified, a mismatch is not resulting in a boot error. ([coreos-overlay#1106](https://github.com/kinvolk/coreos-overlay/pull/1106))<br>* Enabled zstd compression for the initramfs and for amd64 also for the kernel because we hit the vmlinuz size limit on the /boot partition<br>* Deleted the unused kernel+initramfs vmlinuz file from the /usr partition<br>* devcontainer: added support to run on arm64 by switching to an architecture-agnostic partition UUID<br>* Enabled ARM64 SDK bootstrap ([scripts#134](https://github.com/kinvolk/flatcar-scripts/pull/134))<br>* SDK: enabled experimental ARM64 SDK usage ([flatcar-scripts#134](https://github.com/kinvolk/flatcar-scripts/pull/134)) ([flatcar-scripts#141](https://github.com/kinvolk/flatcar-scripts/pull/141))<br>* AWS: Added amazon-ssm-agent ([coreos-overlay#1162](https://github.com/kinvolk/coreos-overlay/pull/1162))<br>* Azure: Compile OEM contents for all architectures ([coreos-overlay#1196](https://github.com/kinvolk/coreos-overlay/pull/1196))<br>* update_engine: add postinstall hook to stay on cgroupv1 ([update_engine#13](https://github.com/kinvolk/update_engine/pull/13))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.63](https://lwn.net/Articles/868663/))<br>* Linux firmware ([20210818](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20210818))<br>* c-ares ([1.17.2](https://c-ares.haxx.se/changelog.html#1_17_2))<br>* docker ([20.10.8](https://docs.docker.com/engine/release-notes/#20108))<br>* docker CLI ([20.10.8](https://github.com/docker/cli/releases/tag/v20.10.8))<br>* docker proxy ([0.8.0_p20210525](https://github.com/moby/libnetwork/commit/64b7a4574d1426139437d20e81c0b6d391130ec8))<br>* Go ([1.16.7](https://golang.org/doc/devel/release#go1.16.minor))<br>* glibc ([2.33-r5](https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7dfddd056de5f23bc29591d212f4051ed9d0634e))<br>* etcd ([3.5.0](https://github.com/etcd-io/etcd/releases/tag/v3.5.0))<br>* flannel ([0.14.0](https://github.com/flannel-io/flannel/releases/tag/v0.14.0))<br>* runc ([1.0.2](https://github.com/opencontainers/runc/releases/tag/v1.0.2))<br>* strace ([5.12](https://github.com/strace/strace/releases/tag/v5.12))<br>* wa-linux-agent ([2.3.1.1](https://github.com/Azure/WALinuxAgent/releases/tag/v2.3.1.1))<br>* cryptsetup ([2.3.6](https://gitlab.com/cryptsetup/cryptsetup/-/tags/v2.3.6))<br>* expat ([2.4.1](https://www.xml.com/news/2021-05-expat-240-and-241/))<br>* portage-utils ([0.90](https://github.com/gentoo/portage-utils/releases/tag/v0.90))<br>* libarchive ([3.5.1](https://github.com/libarchive/libarchive/releases/tag/3.5.1))<br>* xz-utils ([5.2.5](https://git.tukaani.org/?p=xz.git;a=blob;f=NEWS;h=aade49443ad7ddba13bbfd9da188c99664736d80;hb=3247e95115acb95bc27f41e8cf4501db5b0b4309#l16))<br>* tar ([1.34](https://savannah.gnu.org/forum/forum.php?forum_id=9935))<br>* libuv ([1.41.1](https://github.com/libuv/libuv/releases/tag/v1.41.1))<br>* tini ([0.19](https://github.com/krallin/tini/releases/tag/v0.19.0))<br>* mit-krb5 ([1.19.2](https://github.com/krb5/krb5/tree/krb5-1.19.2-final))<br>* SDK: dnsmasq ([2.85](https://thekelleys.org.uk/dnsmasq/CHANGELOG))<br>* SDK: rust ([1.54](https://github.com/rust-lang/rust/releases/tag/1.54.0))<br><br>_Changes since **Alpha 2983.0.0**_<br><br>**Security fixes**<br><br><br><br>* Linux([CVE-2021-3753](https://nvd.nist.gov/vuln/detail/CVE-2021-3753), [CVE-2021-3739](https://nvd.nist.gov/vuln/detail/CVE-2021-3739))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.63](https://lwn.net/Articles/868663/))<br>Packages:<br>- docker 20.10.8<br>- ignition 0.34.0<br>- kernel 5.10.63<br>- systemd 247<br><br>Architectures:<br>- amd64<br> 2021-09-16T14:56:46+00:00 @@ -1710,7 +1726,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2942.1.2 2942.1.2 - 2023-10-25T10:20:43.451356+00:00 + 2023-11-22T09:59:33.345860+00:00 New **Beta** release **2942.1.2**<br><br>_Changes since **Beta 2942.1.1**_<br><br>**Security fixes**<br><br><br><br>* Linux ([CVE-2021-3653](https://nvd.nist.gov/vuln/detail/CVE-2021-3653), [CVE-2021-3656](https://nvd.nist.gov/vuln/detail/CVE-2021-3656), [CVE-2021-38166](https://nvd.nist.gov/vuln/detail/CVE-2021-38166)) <br>* openssl ([CVE-2021-3711](https://nvd.nist.gov/vuln/detail/CVE-2021-3711), [CVE-2021-3712](https://nvd.nist.gov/vuln/detail/CVE-2021-3712))<br><br>**Bug Fixes**<br><br><br><br>* Re-enabled kernel config FS_ENCRYPTION ([coreos-overlay#1212](https://github.com/kinvolk/coreos-overlay/pull/1212/))<br>* Fixed Perl in dev-container ([coreos-overlay#1238](https://github.com/kinvolk/coreos-overlay/pull/1238))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.61](https://lwn.net/Articles/867497/))<br>* openssl ([1.1.1l](https://mta.openssl.org/pipermail/openssl-announce/2021-August/000206.html))<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.10.61<br>- systemd 247<br><br>Architectures:<br>- amd64<br> 2021-09-01T14:14:50+00:00 @@ -1718,7 +1734,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2942.1.1 2942.1.1 - 2023-10-25T10:20:43.446544+00:00 + 2023-11-22T09:59:33.340961+00:00 _Changes since **Beta 2942.1.0**_<br><br>**Security fixes**<br><br><br><br>* Linux ([CVE-2021-34556](https://nvd.nist.gov/vuln/detail/CVE-2021-34556), [CVE-2021-35477](https://nvd.nist.gov/vuln/detail/CVE-2021-35477), [CVE-2021-38205](https://nvd.nist.gov/vuln/detail/CVE-2021-38205))<br>* NVIDIA Drivers ([CVE-2021-1090](https://nvd.nist.gov/vuln/detail/CVE-2021-1090), [CVE-2021-1093](https://nvd.nist.gov/vuln/detail/CVE-2021-1093), [CVE-2021-1094](https://nvd.nist.gov/vuln/detail/CVE-2021-1094), [CVE-2021-1095](https://nvd.nist.gov/vuln/detail/CVE-2021-1095))<br>* Go ([CVE-2021-36221](https://nvd.nist.gov/vuln/detail/CVE-2021-36221))<br>* Systemd ([CVE-2020-13529](https://nvd.nist.gov/vuln/detail/CVE-2020-13529), [CVE-2021-33910](https://nvd.nist.gov/vuln/detail/CVE-2021-33910))<br><br>**Bug Fixes**<br><br><br><br>* Fixed `pam.d` sssd LDAP auth with sudo ([coreos-overlay#1170](https://github.com/kinvolk/coreos-overlay/pull/1170))<br>* Let network-cleanup.service finish before entering rootfs ([coreos-overlay#1182](https://github.com/kinvolk/coreos-overlay/pull/1182))<br>* Fixed SELinux policy for Flannel CNI ([coreos-overlay#1181](https://github.com/kinvolk/coreos-overlay/pull/1181))<br><br>**Changes**<br><br><br><br>* Switched to zstd for the initramfs ([coreos-overlay#1136](https://github.com/kinvolk/coreos-overlay/pull/1136))<br>* Embedded new subkey in flatcar-install ([coreos-overlay#1180](https://github.com/kinvolk/coreos-overlay/pull/1180))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.59](https://lwn.net/Articles/866302/))<br>* NVIDIA Drivers ([470.57.02](https://docs.nvidia.com/datacenter/tesla/tesla-release-notes-470-57-02/index.html))<br>* Systemd ([247.9](https://github.com/systemd/systemd-stable/releases/tag/v247.9))<br>* Go ([1.16.7](https://golang.org/doc/devel/release#go1.16.minor))<br>* portage-utils ([0.90](https://github.com/gentoo/portage-utils/releases/tag/v0.90))<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.10.59<br>- systemd 247<br><br>Architectures:<br>- amd64<br> 2021-08-19T13:36:00+00:00 @@ -1726,7 +1742,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2942.1.0 2942.1.0 - 2023-10-25T10:20:43.441127+00:00 + 2023-11-22T09:59:33.335173+00:00 _Changes since **Beta 2920.1.0**_<br><br>**Security Fixes**<br><br>* Linux ([CVE-2021-37576](https://nvd.nist.gov/vuln/detail/CVE-2021-37576))<br>* containerd ([CVE-2021-32760](https://nvd.nist.gov/vuln/detail/CVE-2021-32760))<br>* glibc ([CVE-2020-29562](https://nvd.nist.gov/vuln/detail/CVE-2020-29562), [CVE-2019-25013](https://nvd.nist.gov/vuln/detail/CVE-2019-25013), [CVE-2020-27618](https://nvd.nist.gov/vuln/detail/https://cve.circl.lu/cve/CVE-2020-27618), [CVE-2021-27645](https://nvd.nist.gov/vuln/detail/CVE-2021-27645), [CVE-2021-33574](https://nvd.nist.gov/vuln/detail/CVE-2021-33574))<br>* Go ([CVE-2021-34558](https://nvd.nist.gov/vuln/detail/CVE-2021-34558))<br>* libgcrypt ([CVE-2021-33560](https://nvd.nist.gov/vuln/detail/CVE-2021-33560))<br>* libpcre ([CVE-2019-20838](https://nvd.nist.gov/vuln/detail/CVE-2019-20838), [CVE-2020-14155](https://nvd.nist.gov/vuln/detail/CVE-2020-14155))<br><br>**Bug Fixes**<br><br>* Added the systemd tag in udev for Azure storage devices, to fix /boot automount ([init#41](https://github.com/kinvolk/init/pull/41))<br>* Disabled SELinux by default on `dockerd` wrapper script ([coreos-overlay#1149](https://github.com/kinvolk/coreos-overlay/pull/1149))<br>* Set the cilium_vxlan interface to be not managed by networkd's default setup with DHCP as it's managed by Cilium. ([init#43](https://github.com/kinvolk/init/pull/43))<br>* update_engine_client: Improve feedback when an update is not needed([update_engine#10](https://github.com/kinvolk/update_engine/pull/10))<br>* GCE: Granted CAP_NET_ADMIN to set routes for the TCP LB when starting oem-gce.service ([coreos-overlay#1146](https://github.com/kinvolk/coreos-overlay/pull/1146))<br><br>**Changes**<br><br>* Enabled telnet support for curl ([coreos-overlay#1099](https://github.com/kinvolk/coreos-overlay/pull/1099))<br>* Enabled ssl USE flag for wget ([coreos-overlay#932](https://github.com/kinvolk/coreos-overlay/pull/932))<br>* Enabled MDIO_BCM_UNIMAC for arm64 ([coreos-overlay#929](https://github.com/kinvolk/coreos-overlay/pull/929))<br><br>**Updates**<br><br>* Linux ([5.10.55](https://lwn.net/Articles/864901/))<br>* containerd ([1.5.4](https://github.com/containerd/containerd/releases/tag/v1.5.4))<br>* dbus ([1.12.20](https://github.com/freedesktop/dbus/blob/ab88811768f750777d1a8b9d9ab12f13390bfd3a/NEWS#L1))<br>* dracut ([053](https://github.com/dracutdevs/dracut/releases/tag/053))<br>* glibc ([2.33](https://sourceware.org/pipermail/libc-alpha/2021-February/122207.html))<br>* go ([1.16.6](https://golang.org/doc/devel/release#go1.16.minor)) <br>* libev (4.33)<br>* libgcrypt ([1.9.3](https://github.com/gpg/libgcrypt/blob/cb78627203705365d24b48ec4fc4cf2fc804b277/NEWS#L1))<br>* libpcre (8.44)<br>* libverto ([0.3.1](https://github.com/latchset/libverto/releases/tag/0.3.1))<br>* pax-utils (1.3.1)<br>* readline ([8.1_p1](https://tiswww.case.edu/php/chet/readline/CHANGES))<br>* rust ([1.53.0](https://blog.rust-lang.org/2021/06/17/Rust-1.53.0.html))<br>* selinux ([3.1](https://github.com/SELinuxProject/selinux/releases/tag/20200710))<br>* selinux-refpolicy ([2.20200818](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20200818))<br>* systemd ([247.7](https://github.com/systemd/systemd-stable/releases/tag/v247.7))<br>* VMWare: open-vm-tools ([11.3.0](https://github.com/vmware/open-vm-tools/releases/tag/stable-11.3.0))<br><br>_Changes since **Alpha 2942.0.0**_<br><br>**Security fixes**<br><br>* Linux ([CVE-2021-37576](https://nvd.nist.gov/vuln/detail/CVE-2021-37576))<br><br>**Bug fixes**<br><br>* Set the cilium_vxlan interface to be not managed by networkd's default setup with DHCP as it's managed by Cilium. ([init#43](https://github.com/kinvolk/init/pull/43))<br>* Disabled SELinux by default on `dockerd` wrapper script ([coreos-overlay#1149](https://github.com/kinvolk/coreos-overlay/pull/1149))<br>* GCE: Granted CAP_NET_ADMIN to set routes for the TCP LB when starting oem-gce.service ([coreos-overlay#1146](https://github.com/kinvolk/coreos-overlay/pull/1146))<br><br>**Updates**<br><br>* Linux ([5.10.55](https://lwn.net/Articles/864901/))<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.10.55<br>- systemd 247<br><br>Architectures:<br>- amd64<br> 2021-08-04T13:23:23+00:00 @@ -1734,7 +1750,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2920.1.0 2920.1.0 - 2023-10-25T10:20:43.434045+00:00 + 2023-11-22T09:59:33.327970+00:00 _Changes since **Alpha 2920.0.0**_<br><br>**Security Fixes**<br><br><br><br>* containerd ([CVE-2021-32760](https://nvd.nist.gov/vuln/detail/CVE-2021-32760))<br>* curl (CVE-2021-22922, CVE-2021-22923, CVE-2021-22924, CVE-2021-22925, CVE-2021-22926)<br>* linux ([CVE-2020-26541](https://nvd.nist.gov/vuln/detail/CVE-2020-26541), [CVE-2021-35039](https://nvd.nist.gov/vuln/detail/CVE-2021-35039), [CVE-2021-22543](https://nvd.nist.gov/vuln/detail/CVE-2021-22543), CVE-2021-3609, CVE-2021-3655, [CVE-2021-33909](https://nvd.nist.gov/vuln/detail/CVE-2021-33909))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.52](https://lwn.net/Articles/863648/))<br>* curl ([7.78](https://curl.se/changes.html#7_78_0))<br>* containerd ([1.5.4](https://github.com/containerd/containerd/releases/tag/v1.5.4))<br><br>_Changes since **Beta 2905.1.0**_<br><br>**Updates**<br><br><br><br>* Linux ([5.10.52](https://lwn.net/Articles/863648/))<br>* lz4 ([1.9.3-r1](https://github.com/lz4/lz4/releases/tag/v1.9.3))<br>* curl ([7.78](https://curl.se/changes.html#7_78_0))<br>* gptfdisk (1.0.7)<br>* gettext ([0.21-r1](https://lists.gnu.org/archive/html/info-gnu/2020-07/msg00009.html))<br>* intel-microcode ([20210608_p20210608](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20210608))<br>* runc ([1.0.0](https://github.com/opencontainers/runc/releases/tag/v1.0.0))<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.10.52<br>- systemd 247<br><br>Architectures:<br>- amd64<br> 2021-07-28T08:21:00+00:00 @@ -1742,7 +1758,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2905.1.0 2905.1.0 - 2023-10-25T10:20:43.428981+00:00 + 2023-11-22T09:59:33.322504+00:00 _Changes since **Alpha** **2905.0.0**:_<br>**Security fixes**<br><br>* Linux ([CVE-2021-34693](https://nvd.nist.gov/vuln/detail/CVE-2021-34693), [CVE-2021-33624](https://nvd.nist.gov/vuln/detail/CVE-2021-33624))<br><br>**Changes**<br><br>* NVIDIA GPU Support added in the AWS Pro images ([coreos-overlay#1078](https://github.com/kinvolk/coreos-overlay/pull/1078)) <br><br>**Updates**<br><br>* Linux ([5.10.46](https://lwn.net/Articles/860655/))<br><br><br><br>_Changes since **Beta** **2823.1.3**:_<br>**Security fixes**<br><br><br><br>* Linux ([CVE-2021-34693](https://nvd.nist.gov/vuln/detail/CVE-2021-34693), [CVE-2021-33624](https://nvd.nist.gov/vuln/detail/CVE-2021-33624))<br>* binutils ([CVE-2021-20197](https://nvd.nist.gov/vuln/detail/CVE-2021-20197),[CVE-2021-3487](https://nvd.nist.gov/vuln/detail/CVE-2021-3487))<br>* openldap ([CVE-2021-27212](https://nvd.nist.gov/vuln/detail/CVE-2021-27212))<br>* sqlite ([CVE-2021-20227](https://nvd.nist.gov/vuln/detail/CVE-2021-20227))<br>* Go (CVE-2021-33195,CVE-2021-33196,CVE-2021-33197,CVE-2021-33198)<br>* libxml2 ([CVE-2021-3516](https://nvd.nist.gov/vuln/detail/CVE-2021-3516),[CVE-2021-3517](https://nvd.nist.gov/vuln/detail/CVE-2021-3517),[CVE-2021-3518](https://nvd.nist.gov/vuln/detail/CVE-2021-3518),CVE-2021-3541)<br>* qemu ([CVE-2020-10717](https://nvd.nist.gov/vuln/detail/CVE-2020-10717),[ CVE-2020-13754](https://nvd.nist.gov/vuln/detail/CVE-2020-13754),[ CVE-2020-15859](https://nvd.nist.gov/vuln/detail/CVE-2020-15859),[ CVE-2020-15863](https://nvd.nist.gov/vuln/detail/CVE-2020-15863),[ CVE-2020-16092](https://nvd.nist.gov/vuln/detail/CVE-2020-16092),[ CVE-2020-25741](https://nvd.nist.gov/vuln/detail/CVE-2020-25741),[ CVE-2020-25742](https://nvd.nist.gov/vuln/detail/CVE-2020-25742),[ CVE-2020-25743](https://nvd.nist.gov/vuln/detail/CVE-2020-25743))<br>* git ([CVE-2021-21300](https://nvd.nist.gov/vuln/detail/CVE-2021-21300))<br>* gnutls ([CVE-2021-20231](https://nvd.nist.gov/vuln/detail/CVE-2021-20231),[ CVE-2021-20232](https://nvd.nist.gov/vuln/detail/CVE-2021-20232))<br>* curl ([CVE-2021-22876](https://nvd.nist.gov/vuln/detail/CVE-2021-22876),[ CVE-2021-22890](https://nvd.nist.gov/vuln/detail/CVE-2021-22890))<br><br>**Bug Fixes**<br><br><br><br>* NVIDIA GPU Support added in the AWS Pro images ([coreos-overlay#1078](https://github.com/kinvolk/coreos-overlay/pull/1078)) <br><br>**Updates**<br><br><br><br>* Linux ([5.10.46](https://lwn.net/Articles/860655/))<br>* dbus ([1.10.32](https://github.com/freedesktop/dbus/releases/tag/dbus-1.10.32))<br>* openssh ([8.6_p1](https://www.openssh.com/txt/release-8.6))<br>* openldap ([2.4.58](https://www.openldap.org/software/release/announce.html))<br>* curl ([7.76.1](https://curl.se/changes.html#7_76_1))<br>* gnutls ([3.7.1](https://gitlab.com/gnutls/gnutls/-/tags/3.7.1))<br>* git ([2.26.3](https://raw.githubusercontent.com/git/git/v2.26.3/Documentation/RelNotes/2.26.3.txt))<br>* go ([1.16.4](https://go.googlesource.com/go/+/refs/tags/go1.16.4))<br>* dnsmasq ([2.83](https://thekelleys.org.uk/dnsmasq/CHANGELOG))<br>* libxml2 ([2.9.12](https://github.com/GNOME/libxml2/releases/tag/v2.9.12))<br>* sqlite ([3.34.1](https://www.sqlite.org/releaselog/3_34_1.html))<br>* SDK: binutils ([2.36.1](https://sourceware.org/pipermail/binutils/2021-February/115240.html))<br>* SDK: QEMU ([5.2.0](https://wiki.qemu.org/ChangeLog/5.2))<br><br>**Deprecation**<br><br><br><br>* rkt and kubelet-wrapper are deprecated and removed from Beta, also from subsequent channels in the future. Please read the[ removal announcement](https://groups.google.com/g/flatcar-linux-user/c/MeinndLqJO4) to know more.<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.10.46<br>- systemd 247<br><br>Architectures:<br>- amd64<br> 2021-07-02T07:37:53+00:00 @@ -1750,7 +1766,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2823.1.3 2823.1.3 - 2023-10-25T10:20:43.422461+00:00 + 2023-11-22T09:59:33.315910+00:00 **Security fixes**<br><br><br><br>* Linux ([CVE-2020-26558](https://nvd.nist.gov/vuln/detail/CVE-2020-26558), [CVE-2021-0129](https://nvd.nist.gov/vuln/detail/CVE-2021-0129), [CVE-2020-24587](https://nvd.nist.gov/vuln/detail/CVE-2020-24587), [CVE-2020-24586](https://nvd.nist.gov/vuln/detail/CVE-2020-24586), [CVE-2020-24588](https://nvd.nist.gov/vuln/detail/CVE-2020-24588), [CVE-2020-26139](https://nvd.nist.gov/vuln/detail/CVE-2020-26139), [CVE-2020-26145](https://nvd.nist.gov/vuln/detail/CVE-2020-26145), [CVE-2020-26147](https://nvd.nist.gov/vuln/detail/CVE-2020-26147), [CVE-2020-26141](https://nvd.nist.gov/vuln/detail/CVE-2020-26141), [CVE-2021-3564](https://nvd.nist.gov/vuln/detail/CVE-2021-3564), [CVE-2021-28691](https://nvd.nist.gov/vuln/detail/CVE-2021-28691), [CVE-2021-3587](https://nvd.nist.gov/vuln/detail/CVE-2021-3587), [CVE-2021-3573](https://nvd.nist.gov/vuln/detail/CVE-2021-3573))<br><br>**Bug fixes**<br><br><br><br>* Update-engine sent empty requests when restarted before a pending reboot ([Flatcar#388](https://github.com/kinvolk/Flatcar/issues/388))<br><br>**Changes**<br><br><br><br>* Disabled SELinux for Docker ([coreos-overlay#1055](https://github.com/kinvolk/coreos-overlay/pull/1055))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.43](https://lwn.net/Articles/859022/))<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.10.43<br>- systemd 247<br><br>Architectures:<br>- amd64<br> 2021-06-17T10:30:54+00:00 @@ -1758,7 +1774,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2823.1.2 2823.1.2 - 2023-10-25T10:20:43.417359+00:00 + 2023-11-22T09:59:33.310753+00:00 **Bug fixes**<br><br>* The Linux kernel IOMMU-related crash introduced in the 5.10.37 update got fixed through the 5.10.38 update ([Flatcar#400](https://github.com/kinvolk/Flatcar/issues/400))<br><br>**Updates**<br><br>* Linux ([5.10.38](https://lwn.net/Articles/856654/))<br><br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.10.38<br>- systemd 247<br><br>Architectures:<br>- amd64<br> 2021-05-21T12:08:31+00:00 @@ -1766,7 +1782,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2823.1.1 2823.1.1 - 2023-10-25T10:20:43.412285+00:00 + 2023-11-22T09:59:33.305989+00:00 **Security fixes**<br><br>* Linux ([CVE-2021-3491](https://nvd.nist.gov/vuln/detail/CVE-2021-3491), [CVE-2021-31440](https://nvd.nist.gov/vuln/detail/CVE-2021-31440), [CVE-2021-31829](https://nvd.nist.gov/vuln/detail/CVE-2021-31829))<br>* nvidia-drivers ([CVE-2021-1052](https://nvd.nist.gov/vuln/detail/CVE-2021-1052), [CVE-2021-1053](https://nvd.nist.gov/vuln/detail/CVE-2021-1053), [CVE-2021-1056](https://nvd.nist.gov/vuln/detail/CVE-2021-1056), [CVE-2021-1076](https://nvd.nist.gov/vuln/detail/CVE-2021-1076), [CVE-2021-1077](https://nvd.nist.gov/vuln/detail/CVE-2021-1077))<br>* runc ([CVE-2021-30465](https://nvd.nist.gov/vuln/detail/CVE-2021-30465))<br><br>**Updates**<br><br>* Linux ([5.10.37](https://lwn.net/Articles/856269/))<br>* nvidia-drivers ([460.73.01](https://www.nvidia.com/Download/driverResults.aspx/172376/en-us))<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.10.37<br>- systemd 247<br><br>Architectures:<br>- amd64<br> 2021-05-19T11:39:05+00:00 @@ -1774,7 +1790,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2823.1.0 2823.1.0 - 2023-10-25T10:20:43.407567+00:00 + 2023-11-22T09:59:33.300517+00:00 _Changes since **Alpha** **2823.0.0**:_<br><br><br>**Security fixes**<br><br><br><br>* Linux ([CVE-2021-28964](https://nvd.nist.gov/vuln/detail/CVE-2021-28964), [CVE-2021-28972](https://nvd.nist.gov/vuln/detail/CVE-2021-28972), [CVE-2021-28971](https://nvd.nist.gov/vuln/detail/CVE-2021-28971), [CVE-2021-28951](https://nvd.nist.gov/vuln/detail/CVE-2021-28951), [CVE-2021-28952](https://nvd.nist.gov/vuln/detail/CVE-2021-28952), [CVE-2021-29266](https://nvd.nist.gov/vuln/detail/CVE-2021-29266), [CVE-2021-28688](https://nvd.nist.gov/vuln/detail/CVE-2021-28688), [CVE-2021-29264](https://nvd.nist.gov/vuln/detail/CVE-2021-29264), [CVE-2021-29649](https://nvd.nist.gov/vuln/detail/CVE-2021-29649), [CVE-2021-29650](https://nvd.nist.gov/vuln/detail/CVE-2021-29650), [CVE-2021-29646](https://nvd.nist.gov/vuln/detail/CVE-2021-29646), [CVE-2021-29647](https://nvd.nist.gov/vuln/detail/CVE-2021-29647), [CVE-2021-29154](https://nvd.nist.gov/vuln/detail/CVE-2021-29154), [CVE-2021-29155](https://nvd.nist.gov/vuln/detail/CVE-2021-29155), [CVE-2021-23133](https://nvd.nist.gov/vuln/detail/CVE-2021-23133))<br><br>**Bug fixes**<br><br><br><br>* Fix the patch to update DefaultTasksMax in systemd ([coreos-overlay#971](https://github.com/kinvolk/coreos-overlay/pull/971))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.32](https://lwn.net/Articles/853762/))<br>* systemd ([247.6](https://github.com/systemd/systemd-stable/releases/tag/v247.6))<br><br>_Changes since **Beta** **2801.1.0**:_<br><br>**Security fixes**<br><br><br><br>* Linux ([CVE-2021-28964](https://nvd.nist.gov/vuln/detail/CVE-2021-28964), [CVE-2021-28972](https://nvd.nist.gov/vuln/detail/CVE-2021-28972), [CVE-2021-28971](https://nvd.nist.gov/vuln/detail/CVE-2021-28971), [CVE-2021-28951](https://nvd.nist.gov/vuln/detail/CVE-2021-28951), [CVE-2021-28952](https://nvd.nist.gov/vuln/detail/CVE-2021-28952), [CVE-2021-29266](https://nvd.nist.gov/vuln/detail/CVE-2021-29266), [CVE-2021-28688](https://nvd.nist.gov/vuln/detail/CVE-2021-28688), [CVE-2021-29264](https://nvd.nist.gov/vuln/detail/CVE-2021-29264), [CVE-2021-29649](https://nvd.nist.gov/vuln/detail/CVE-2021-29649), [CVE-2021-29650](https://nvd.nist.gov/vuln/detail/CVE-2021-29650), [CVE-2021-29646](https://nvd.nist.gov/vuln/detail/CVE-2021-29646), [CVE-2021-29647](https://nvd.nist.gov/vuln/detail/CVE-2021-29647), [CVE-2021-29154](https://nvd.nist.gov/vuln/detail/CVE-2021-29154), [CVE-2021-29155](https://nvd.nist.gov/vuln/detail/CVE-2021-29155), [CVE-2021-23133](https://nvd.nist.gov/vuln/detail/CVE-2021-23133))<br>* Go ([CVE-2021-27918](https://nvd.nist.gov/vuln/detail/CVE-2021-27918),[ CVE-2021-27919](https://nvd.nist.gov/vuln/detail/CVE-2021-27919)) <br>* glib ([CVE-2021-28153](https://nvd.nist.gov/vuln/detail/CVE-2021-28153),[ CVE-2021-27218](https://nvd.nist.gov/vuln/detail/CVE-2021-27218),[ CVE-2021-27219](https://nvd.nist.gov/vuln/detail/CVE-2021-27219)) <br>* boost ([CVE-2012-2677](https://nvd.nist.gov/vuln/detail/CVE-2012-2677))<br>* ncurses ([CVE-2019-17594](https://nvd.nist.gov/vuln/detail/CVE-2019-17594),[ CVE-2019-17595](https://nvd.nist.gov/vuln/detail/CVE-2019-17595))<br>* zstd ([CVE-2021-24032](https://nvd.nist.gov/vuln/detail/CVE-2021-24032))<br><br>**Bug Fixes**<br><br><br><br>* Fix the patch to update DefaultTasksMax in systemd ([coreos-overlay#971](https://github.com/kinvolk/coreos-overlay/pull/971))<br><br>**Changes**<br><br><br><br>* The pam_faillock PAM module was enabled as replacement for the removed pam_tally2 module and will temporarily lock an account if there were login attempts with a wrong password. The faillock command can be used to show the current state. With pam_tally2 there was no limit for wrong password login attempts but with faillock the default is already restricting the attempts. The default behavior was relaxed to allow 5 wrong passwords per two minutes, and a one minute account lock time. This does not apply to logins with an SSH key. ([baselayout#17](https://github.com/kinvolk/baselayout/pull/17))<br>* The etcd and flannel services are now run with Docker and any rkt-based customizations of the etcd-member and flanneld services not supported anymore. Also, because the flanneld service relies on Docker and will restart Docker after applying the new configuration, it is not possible anymore to set Requires=flanneld.service for docker.service and instead it’s enough to have flanneld.service enabled. ([coreos-overlay#857](https://github.com/kinvolk/coreos-overlay/pull/857))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.32](https://lwn.net/Articles/853762/))<br>* Linux firmware ([20210315](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20210315))<br>* systemd ([247.6](https://github.com/systemd/systemd-stable/releases/tag/v247.6))<br>* Go ([1.15.10](https://go.googlesource.com/go/+/refs/tags/go1.15.10))<br>* boost ([1.75.0](https://www.boost.org/users/history/version_1_75_0.html))<br>* glib ([2.66.8](https://gitlab.gnome.org/GNOME/glib/-/releases/2.66.8))<br>* ncurses ([6.2](https://invisible-island.net/ncurses/announce-6.2.html))<br>* zstd ([1.4.9](https://github.com/facebook/zstd/releases/tag/v1.4.9))<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.10.32<br>- systemd 247<br><br>Architectures:<br>- amd64<br> 2021-04-28T13:33:49+00:00 @@ -1782,7 +1798,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2801.1.0 2801.1.0 - 2023-10-25T10:20:43.399430+00:00 + 2023-11-22T09:59:33.292617+00:00 **Security fixes**<br><br><br><br>* Linux ([CVE-2021-27365](https://nvd.nist.gov/vuln/detail/CVE-2021-27365), [CVE-2021-27364](https://nvd.nist.gov/vuln/detail/CVE-2021-27364), [CVE-2021-27363](https://nvd.nist.gov/vuln/detail/CVE-2021-27363), [CVE-2021-28038](https://nvd.nist.gov/vuln/detail/CVE-2021-28038), [CVE-2021-28039](https://nvd.nist.gov/vuln/detail/CVE-2021-28039), [CVE-2021-28375](https://nvd.nist.gov/vuln/detail/CVE-2021-28375), [CVE-2021-28660](https://nvd.nist.gov/vuln/detail/CVE-2021-28660), [CVE-2021-27218](https://nvd.nist.gov/vuln/detail/CVE-2021-27218), [CVE-2021-27219](https://nvd.nist.gov/vuln/detail/CVE-2021-27219), [CVE-2021-3444](https://nvd.nist.gov/vuln/detail/CVE-2021-3444))<br>* openssl ([CVE-2021-23840](https://nvd.nist.gov/vuln/detail/CVE-2021-23840),[ CVE-2021-23841](https://nvd.nist.gov/vuln/detail/CVE-2021-23841), [CVE-2020-1971](https://nvd.nist.gov/vuln/detail/CVE-2020-1971),[ CVE-2021-23840](https://nvd.nist.gov/vuln/detail/CVE-2021-23840),[ CVE-2021-23841](https://nvd.nist.gov/vuln/detail/CVE-2021-23841), [CVE-2021-3449](https://nvd.nist.gov/vuln/detail/CVE-2021-3449),[ CVE-2021-3450](https://nvd.nist.gov/vuln/detail/CVE-2021-3450))<br><br>**Bug Fixes**<br><br><br><br>* GCE: The old interface name ens4v1 which was replaced by eth0 due to a broken udev rule was restored, but now as alternative interface name, and eth0 will stay the primary name for consistency across cloud environments. ([init#38](https://github.com/kinvolk/init/pull/38))<br><br>**Changes**<br><br><br><br>* The virtio network interfaces got predictable interface names as alternative interface names, and thus these names can also be used to match for a specific interface in case there is more than one and the eth0 and eth1 name assignment is not stable. ([init#38](https://github.com/kinvolk/init/pull/38))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.25](https://lwn.net/Articles/849951/))<br>* openssl ([1.1.1k](https://mta.openssl.org/pipermail/openssl-announce/2021-March/000197.html))<br>* open-iscsi ([2.1.4](https://github.com/open-iscsi/open-iscsi/releases/tag/2.1.4))<br><br>**Deprecation**<br><br><br><br>* dhcpcd and containerd-stress are deprecated and removed from Beta, also from subsequent channels in the future. Users that relied on dhcpd should either migrate to systemd-networkd as a DHCP server or run dhcpd from a container.<br>* Docker 1.12 is deprecated and removed from Beta, also from subsequent channels in the future.<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.10.25<br>- systemd 247<br><br>Architectures:<br>- amd64<br> 2021-03-25T15:38:18+00:00 @@ -1790,7 +1806,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2765.1.0 2765.1.0 - 2023-10-25T10:20:43.392346+00:00 + 2023-11-22T09:59:33.286319+00:00 **Security fixes**<br><br><br><br>* Linux ([CVE-2021-3347](https://nvd.nist.gov/vuln/detail/CVE-2021-3347), [CVE-2021-3348](https://nvd.nist.gov/vuln/detail/CVE-2021-3348), [CVE-2021-26708](https://nvd.nist.gov/vuln/detail/CVE-2021-26708), [CVE-2021-20194](https://nvd.nist.gov/vuln/detail/CVE-2021-20194))<br>* Docker ([CVE-2021-21285](https://nvd.nist.gov/vuln/detail/CVE-2021-21285), [CVE-2021-21284](https://nvd.nist.gov/vuln/detail/CVE-2021-21284))<br>* NVIDIA ([CVE-2021-1052](https://nvd.nist.gov/vuln/detail/CVE-2021-1052),[ CVE-2021-1053](https://nvd.nist.gov/vuln/detail/CVE-2021-1053),[ CVE-2021-1056](https://nvd.nist.gov/vuln/detail/CVE-2021-1056))<br><br>**Bug Fixes**<br><br><br><br>* app-crypt/trousers: use correct file permissions ([coreos-overlay#809](https://github.com/kinvolk/coreos-overlay/pull/809))<br>* x11-drivers/nvidia-drivers: Handle NVIDIA Version upgrades ([https://github.com/kinvolk/coreos-overlay/pull/762](https://github.com/kinvolk/coreos-overlay/pull/762))<br>* flatcar-eks: add missing mkdir and update to latest versions ([https://github.com/kinvolk/coreos-overlay/pull/817](https://github.com/kinvolk/coreos-overlay/pull/817))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.16](https://lwn.net/Articles/846116/))<br>* Docker ([19.03.15](https://docs.docker.com/engine/release-notes/19.03/#190315))<br>* NVIDIA Tesla Driver ([460.32.03](https://docs.nvidia.com/datacenter/tesla/tesla-release-notes-460-32-03/index.html))<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.10.16<br>- systemd 247<br><br>Architectures:<br>- amd64<br> 2021-02-18T12:44:47+00:00 @@ -1798,7 +1814,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2705.1.2 2705.1.2 - 2023-10-25T10:20:43.386468+00:00 + 2023-11-22T09:59:33.281068+00:00 **Security fixes**<br><br>* go - [CVE-2021-3114](https://github.com/golang/go/issues/43786)<br>* sudo - [CVE-2021-3156](https://nvd.nist.gov/vuln/detail/CVE-2021-3156), [CVE-2021-23239](https://nvd.nist.gov/vuln/detail/CVE-2021-23239)<br><br>**Bug fixes**<br><br>* `/etc/iscsi/initiatorname.iscsi` is generated by the iscsi-init service ([#321](https://github.com/kinvolk/Flatcar/issues/321))<br>* Prevent iscsiadm buffer overflow ([#318](https://github.com/kinvolk/Flatcar/issues/318))<br><br>**Changes**<br><br>* Revert to building docker and containerd with go1.13 instead of go1.15. This reduces the SIGURG log spam ([Issue #315](https://github.com/kinvolk/Flatcar/issues/315) [PR #774](https://github.com/kinvolk/coreos-overlay/pull/774))<br>* The containerd socket is now available in the default location (`/run/containerd/containerd.sock`) and also as a symlink in the previous location (`/run/docker/libcontainerd/docker-containerd.sock`) ([#771](https://github.com/kinvolk/coreos-overlay/pull/771))<br>* With the iscsi update, the service unit has changed from iscsid to iscsi ([#791](https://github.com/kinvolk/coreos-overlay/pull/791))<br>* AWS Pro: include scripts to facilitate setup of EKS workers ([#794](https://github.com/kinvolk/coreos-overlay/pull/794)).<br>* Missed from earlier notes: with the previous open-iscsi update to 2.1.2, the service unit name changed from iscsid to iscsi ([#682](https://github.com/kinvolk/coreos-overlay/pull/682))<br><br>**Updates**<br><br>* open-iscsi ([2.1.3](https://github.com/open-iscsi/open-iscsi/releases/tag/2.1.3))<br>* go ([1.15.7](https://go.googlesource.com/go/+/refs/tags/go1.15.7))<br>* sudo ([1.9.5p2](https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_5p2))<br>Packages:<br>- docker 19.03.14<br>- ignition 0.34.0<br>- kernel 5.9.16<br>- systemd 246<br><br>Architectures:<br>- amd64<br> 2021-01-28T11:01:35+00:00 @@ -1806,7 +1822,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2705.1.1 2705.1.1 - 2023-10-25T10:20:43.380485+00:00 + 2023-11-22T09:59:33.275395+00:00 **Security fixes**<br><br>* Linux<br> - [CVE-2020-27835](https://nvd.nist.gov/vuln/detail/CVE-2020-27835)<br> - [CVE-2020-29661](https://nvd.nist.gov/vuln/detail/CVE-2020-29661)<br> - [CVE-2020-29660](https://nvd.nist.gov/vuln/detail/CVE-2020-29660)<br> - [CVE-2020-27830](https://www.openwall.com/lists/oss-security/2020/12/07/1)<br> - [CVE-2020-28588](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4f134b89a24b965991e7c345b9a4591821f7c2a6)<br><br>**Bug fixes**<br><br>* The sysctl `net.ipv4.conf.*.rp_filter` is set to `0` for the Cilium CNI plugin to work ([kinvolk/Flatcar#181](https://github.com/kinvolk/Flatcar/issues/181))<br>* Package downloads in the developer container now use the correct URL again ([kinvolk/Flatcar#298](https://github.com/kinvolk/Flatcar/issues/298))<br>* networkd: avoid managing MAC addresses for veth devices ([kinvolk/init#33](https://github.com/kinvolk/init/pull/33))<br><br>**Changes**<br><br>* The sysctl default config file is now applied under the prefix 60 which allows for custom sysctl config files to take effect when they start with a prefix of 70, 80, or 90 ([kinvolk/baselayout#13](https://github.com/kinvolk/baselayout/pull/13))<br>* Containerd CRI plugin got enabled by default, only the containerd socket path needs to be specified as kubelet parameter for Kubernetes 1.20 to use containerd instead of Docker ([kinvolk/Flatcar#283](https://github.com/kinvolk/Flatcar/issues/283))<br>* For users with a custom update server a machine alias setting in update-engine allows to give human-friendly names to client instances ([kinvolk/update-engine#8](https://github.com/kinvolk/update_engine/pull/8))<br><br>**Updates**<br><br>* Linux ([5.9.16](https://lwn.net/Articles/840977/))<br>* containerd ([1.4.3](https://github.com/containerd/containerd/releases/tag/v1.4.3))<br>* Docker ([19.03.14](https://github.com/docker/docker-ce/releases/tag/v19.03.14))<br><br>Packages:<br>- docker 19.03.14<br>- ignition 0.34.0<br>- kernel 5.9.16<br>- systemd 246<br><br>Architectures:<br>- amd64<br> 2021-01-12T17:00:58+00:00 @@ -1814,7 +1830,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2705.1.0 2705.1.0 - 2023-10-25T10:20:43.374295+00:00 + 2023-11-22T09:59:33.269546+00:00 Security fixes:<br>* No changes since Alpha 2705.0.0<br><br>Bug fixes:<br>* No changes since Alpha 2705.0.0<br><br>Changes:<br>* No changes since Alpha 2705.0.0<br><br>Updates:<br>* No changes since Alpha 2705.0.0<br><br>Packages:<br>- docker 19.03.13<br>- ignition 0.34.0<br>- kernel 5.9.11<br>- systemd 246<br><br>Architectures:<br>- amd64<br> 2020-12-01T13:28:41+00:00 @@ -1822,7 +1838,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2643.1.1 2643.1.1 - 2023-10-25T10:20:43.369443+00:00 + 2023-11-22T09:59:33.265039+00:00 Security fixes:<br><br>* Linux - [CVE-2020-27194](https://nvd.nist.gov/vuln/detail/CVE-2020-27194), [CVE-2020-27152](https://nvd.nist.gov/vuln/detail/CVE-2020-27152)<br>* Go - [CVE-2020-28362](https://nvd.nist.gov/vuln/detail/CVE-2020-28362), [CVE-2020-28367](https://nvd.nist.gov/vuln/detail/CVE-2020-28367), [CVE-2020-28366](https://nvd.nist.gov/vuln/detail/CVE-2020-28366)<br><br>Bug fixes:<br><br>* network: Restore KeepConfiguration=dhcp-on-stop ([kinvolk/init#30](https://github.com/kinvolk/init/pull/30))<br><br>Updates:<br><br>* Linux ([5.8.18](https://lwn.net/Articles/835763/))<br>* Go ([1.15.5](https://go.googlesource.com/go/+/refs/tags/go1.15.5))<br><br>Packages:<br>- docker 19.03.13<br>- ignition 0.34.0<br>- kernel 5.8.18<br>- systemd 245<br><br>Architectures:<br>- amd64<br> 2020-11-19T15:42:05+00:00 @@ -1830,7 +1846,7 @@ https://github.com/flatcar/manifest/releases/tag/v2643.1.0 2643.1.0 - 2023-10-25T10:20:43.364382+00:00 + 2023-11-22T09:59:33.260369+00:00 Security fixes:<br>- Linux - [CVE-2020-25645](https://nvd.nist.gov/vuln/detail/CVE-2020-25645), [CVE-2020-25643](https://nvd.nist.gov/vuln/detail/CVE-2020-25643), [CVE-2020-25211](https://nvd.nist.gov/vuln/detail/CVE-2020-25211)<br><br>Bug fixes:<br>- Ensured that the `/etc/coreos` to `/etc/flatcar` symlink always exists, relevant for the Container Linux Config transpiler (ct) when specifying directives for `update:` or `locksmith:` while also reformatting the rootfs ([baselayout PR#7](https://github.com/flatcar/baselayout/pull/7))<br><br>Updates:<br>- Linux [5.8.14](https://lwn.net/Articles/833689/)<br>Packages:<br>- docker 19.03.13<br>- ignition 0.34.0<br>- kernel 5.8.14<br>- systemd 245<br><br>Architectures:<br>- amd64<br> 2020-10-16T08:05:22+00:00 @@ -1838,7 +1854,7 @@ https://github.com/flatcar/manifest/releases/tag/v2632.1.0 2632.1.0 - 2023-10-25T10:20:43.359325+00:00 + 2023-11-22T09:59:33.255436+00:00 Security fixes:<br>- Linux: [CVE-2020-25284](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25284), [CVE-2020-14390](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14390)<br><br>Bug fixes:<br><br>- Enabled missing systemd services ([#191](https://github.com/flatcar/Flatcar/issues/191), [PR #612](https://github.com/flatcar/coreos-overlay/pull/612))<br>- Fixed Docker torcx image unpacking error on machines with less than ~600 MB total RAM ([#32](https://github.com/flatcar/Flatcar/issues/32))<br>- Solved adcli Kerberos Active Directory incompatibility ([#194](https://github.com/flatcar/Flatcar/issues/194))<br>- Fixed the makefile path when building kernel modules with the developer container ([#195](https://github.com/flatcar/Flatcar/issues/195))<br>- Removed the `/etc/portage/savedconfig/` folder that contained a dump of the firmware config [flatcar-linux/coreos-overlay#613](https://github.com/flatcar/coreos-overlay/pull/613)<br><br>Changes:<br><br>- GCE: Improved oslogin support and added shell aliases to run a Python Docker image ([PR #592](https://github.com/flatcar/coreos-overlay/pull/592))<br><br>Updates:<br><br>- Linux [5.8.11](https://lwn.net/Articles/832305/)<br>- adcli [0.9.0](https://cgit.freedesktop.org/realmd/adcli/tree/NEWS?h=0.9.0)<br>- GCE: oslogin [20200910.00](https://github.com/GoogleCloudPlatform/guest-oslogin/releases/tag/20200910.00)<br>Packages:<br>- docker 19.03.12<br>- ignition 0.34.0<br>- kernel 5.8.11<br>- rkt 1.30.0<br>- systemd 245<br><br>Architectures:<br>- amd64<br> 2020-09-30T12:22:40+00:00 @@ -1846,7 +1862,7 @@ https://github.com/flatcar/manifest/releases/tag/v2605.4.0 2605.4.0 - 2023-10-25T10:20:43.353390+00:00 + 2023-11-22T09:59:33.250020+00:00 Bug fixes:<br><br>- Fix resetting of DNS nameservers in systemd-networkd units ([PR#12](https://github.com/flatcar/systemd/pull/12))<br><br>Changes:<br><br>- Disable TX checksum offloading for the IP-in-IP tunl0 interface used by Calico ([PR#26](https://github.com/flatcar/init/pull/26)). This is a workaround for a Mellanox driver issue, currently tracked in [Flatcar#183](https://github.com/flatcar/Flatcar/issues/183)<br>- Set `sysctl net.ipv4.conf.(all|*).rp_filter` to 0 (instead of the systemd upstream value 2) to be less restrictive which some network solutions rely on ([PR#11](https://github.com/flatcar/systemd/pull/11))<br>- `flatcar-install` allows installation to a multipath drive ([PR#24](https://github.com/flatcar/init/pull/24))<br><br>Updates:<br><br>- Linux [5.4.65](https://lwn.net/Articles/831366/)<br><br>Packages:<br>- docker 19.03.12<br>- ignition 0.34.0<br>- kernel 5.4.65<br>- rkt 1.30.0<br>- systemd 245<br><br>Architectures:<br>- amd64<br> 2020-09-16T06:13:42+00:00 @@ -1854,7 +1870,7 @@ https://github.com/flatcar/manifest/releases/tag/v2605.3.0 2605.3.0 - 2023-10-25T10:20:43.347570+00:00 + 2023-11-22T09:59:33.244967+00:00 Security fixes:<br>- Linux kernel: Fix AF_PACKET overflow in tpacket_rcv [CVE-2020-14386](https://seclists.org/oss-sec/2020/q3/146)<br><br>Updates:<br>- Linux [5.4.62](https://lwn.net/Articles/830502/)<br>Packages:<br>- docker 19.03.12<br>- ignition 0.34.0<br>- kernel 5.4.62<br>- rkt 1.30.0<br>- systemd 245<br><br>Architectures:<br>- amd64<br> 2020-09-07T15:37:41+00:00 @@ -1862,7 +1878,7 @@ https://github.com/flatcar/manifest/releases/tag/v2605.2.0 2605.2.0 - 2023-10-25T10:20:43.343153+00:00 + 2023-11-22T09:59:33.240264+00:00 Changes from Alpha release 2605.1.0<br><br>Changes:<br>- Update public key to include [new subkey](https://github.com/flatcar/init/pull/25)<br>Packages:<br>- docker 19.03.12<br>- ignition 0.34.0<br>- kernel 5.4.61<br>- rkt 1.30.0<br>- systemd 245<br><br>Architectures:<br>- amd64<br> 2020-09-03T12:48:56+00:00 @@ -1870,7 +1886,7 @@ https://github.com/flatcar/manifest/releases/tag/v2513.3.0 2513.3.0 - 2023-10-25T10:20:43.338761+00:00 + 2023-11-22T09:59:33.235771+00:00 Security fixes:<br><br>* Bind: fixes for [CVE-2020-8616](https://nvd.nist.gov/vuln/detail/CVE-2020-8616), [CVE-2020-8617](https://nvd.nist.gov/vuln/detail/CVE-2020-8617), [CVE-2020-8620](https://nvd.nist.gov/vuln/detail/CVE-2020-8620), [CVE-2020-8621](https://nvd.nist.gov/vuln/detail/CVE-2020-8621), [CVE-2020-8622](https://nvd.nist.gov/vuln/detail/CVE-2020-8622), [CVE-2020-8623](https://nvd.nist.gov/vuln/detail/CVE-2020-8623), [CVE-2020-8624](https://nvd.nist.gov/vuln/detail/CVE-2020-8624)<br><br>Bug fixes:<br><br>* etcd-wrapper: Adjust data dir permissions ([flatcar-linux/coreos-overlay#536](https://github.com/flatcar/coreos-overlay/pull/536))<br><br>Updates:<br><br>* Linux [5.4.59](https://lwn.net/Articles/829106/)<br>* bind-tools [9.11.22](https://ftp.isc.org/isc/bind9/cur/9.11/RELEASE-NOTES-bind-9.11.22.txt)<br>* etcd-wrapper [3.3.24](https://github.com/etcd-io/etcd/releases/tag/v3.3.24)<br><br>Packages:<br>- docker 19.03.11<br>- ignition 0.34.0<br>- kernel 5.4.59<br>- rkt 1.30.0<br>- systemd 243<br><br>Architectures:<br>- amd64<br> 2020-08-20T21:46:48+00:00 @@ -1878,7 +1894,7 @@ https://github.com/flatcar/manifest/releases/tag/v2513.2.0 2513.2.0 - 2023-10-25T10:20:43.333986+00:00 + 2023-11-22T09:59:33.230780+00:00 Changes since the Alpha release 2513.1.0<br><br>Bug Fixes:<br>- The [static IP address configuration in the initramfs](https://docs.flatcar-linux.org/ignition/network-configuration/#using-static-ip-addresses-with-ignition) works again in the format `ip=<ip>::<gateway>:<netmask>:<hostname>:<iface>:none[:<dns1>[:<dns2>]]` https://github.com/flatcar/bootengine/pull/15<br><br><br>Updates:<br>- Linux [5.4.52](https://lwn.net/Articles/826291/)<br><br>Packages:<br>- docker 19.03.11<br>- ignition 0.34.0<br>- kernel 5.4.52<br>- rkt 1.30.0<br>- systemd 243<br><br>Architectures:<br>- amd64<br> 2020-07-23T09:44:10+00:00 @@ -1886,7 +1902,7 @@ https://github.com/flatcar/manifest/releases/tag/v2512.1.1 2512.1.1 - 2023-10-25T10:20:43.329492+00:00 + 2023-11-22T09:59:33.226012+00:00 ## Flatcar updates<br><br>Security fixes:<br>- Fix the Intel Microcode vulnerabilities ([CVE-2020-0543](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0543))<br><br>Changes:<br>- A source code and licensing overview is available under `/usr/share/licenses/INFO`<br><br>Updates:<br>- Linux [4.19.128](https://lwn.net/Articles/822841/)<br>- intel-microcode [20200609](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20200609)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.34.0<br>- kernel 4.19.128<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2020-06-17T15:46:09+00:00 @@ -1894,7 +1910,7 @@ https://github.com/flatcar/manifest/releases/tag/v2512.1.0 2512.1.0 - 2023-10-25T10:20:43.324916+00:00 + 2023-11-22T09:59:33.221057+00:00 ## Flatcar updates<br><br>Security fixes:<br>- Fix e2fsprogs arbitrary code execution via crafted filesystem ([CVE-2019-5094](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094))<br>- Fix Git arbitrary path overwrite, credential leak from credential helpers, remote code execution in recursive clones, and arbitrary command execution via submodules ([CVE-2019-1348](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1348), [CVE-2019-1387](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1387), [CVE-2019-19604](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19604), [CVE-2020-11008](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11008), [CVE-2020-5260](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5260))<br>- Fix libarchive crash or use-after-free via crafted RAR file ([CVE-2019-18408](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18408), [CVE-2020-9308](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9308))<br>- Fix libgcrypt ECDSA timing attack ([CVE-2019-13627](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13627))<br>- Fix libidn2 domain impersonation ([CVE-2019-12290](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12290))<br>- Fix NSS crashes and heap corruption ([CVE-2017-11695](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11695), [CVE-2017-11696](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11696), [CVE-2017-11697](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11697), [CVE-2017-11698](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11698), [CVE-2018-18508](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18508), [CVE-2019-11745](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745))<br>- Fix OpenSSL overflow in Montgomery squaring procedure ([CVE-2019-1551](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551))<br>- Fix SQLite crash and heap corruption ([CVE-2019-16168](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16168), [CVE-2019-5827](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5827))<br>- Fix unzip heap overflow or excessive resource consumption via crafted archive ([CVE-2018-1000035](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000035), [CVE-2019-13232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13232))<br>- Fix vim arbitrary command execution via crafted file ([CVE-2019-12735](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12735))<br><br>Bug fixes:<br>- When writing the update kernel, prefer `/boot/coreos` only if `/boot/coreos/vmlinux-*` exists (https://github.com/flatcar/update_engine/pull/5)<br>- Fixed sysroot-boot initramfs service race which resulted in a warning that this service failed<br>- Use the correct `BINHOST` URLs in the development container to download binary packages<br><br>Changes:<br>- Support the CoreOS GRUB `/boot/coreos/first_boot` flag file (https://github.com/flatcar/bootengine/pull/13)<br>- Fetch container images in docker format rather than ACI by default in `etcd-member.service`, `flanneld.service`, and `kubelet-wrapper`<br>- Use `flatcar.autologin` kernel command line parameter on Azure and VMware for auto login on the serial console<br>- Include `conntrack` ([conntrack-tools](http://conntrack-tools.netfilter.org/))<br>- Include `journalctl` output, `pstore` kernel crash logs, and `coredumpctl list` output in the `mayday` report<br>- Update wa-linux-agent to 2.2.46 on Azure<br>- Support both `coreos.config.*` and `flatcar.config.*` guestinfo variables on VMware OEM<br><br>Updates:<br>- e2fsprogs [1.45.5](http://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.45.5)<br>- etcd [3.3.20](https://github.com/etcd-io/etcd/releases/tag/v3.3.20)<br>- etcdctl [3.3.20](https://github.com/etcd-io/etcd/releases/tag/v3.3.20)<br>- Git [2.24.1](https://raw.githubusercontent.com/git/git/v2.24.1/Documentation/RelNotes/2.24.1.txt)<br>- Linux [4.19.124](https://lwn.net/Articles/820974/)<br>- OpenSSL [1.0.2u](https://www.openssl.org/news/openssl-1.0.2-notes.html)<br>- vim [8.2.0360](http://ftp.vim.org/pub/vim/patches/8.2/README)<br><br>Packages:<br>- docker 18.06.3<br>- ignition 0.34.0<br>- kernel 4.19.124<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2020-05-26T16:58:31+00:00 @@ -1902,7 +1918,7 @@ https://github.com/flatcar/manifest/releases/tag/v2411.1.1 2411.1.1 - 2023-10-25T10:20:43.317824+00:00 + 2023-11-22T09:59:33.213702+00:00 ## Flatcar updates<br><br>Bug fixes:<br><br>- Use newest network interface naming scheme (https://github.com/flatcar/Flatcar/issues/36)<br> - It is a possible breaking change for some persistent network interface names<br>- Fix URL scheme in emerge-gitclone (https://github.com/flatcar/coreos-overlay/issues/223)<br>- Fix coreos-cloudinit variable names (https://github.com/flatcar/coreos-overlay/pull/206)<br>- Prefer /boot/coreos to write updates (https://github.com/flatcar/update_engine/pull/2)<br>- Remove /boot/coreos/first_boot after a Ignition rerun on migration (https://github.com/flatcar/bootengine/pull/10)<br>- Support coreos.config.url as kernel command line parameter for Ignition (https://github.com/flatcar/ignition/pull/10)<br><br>Changes:<br><br>- Add kernel config for QEDE driver (https://github.com/flatcar/coreos-overlay/pull/198)<br>- Add `tracepath` alongside `traceroute6` (https://github.com/flatcar/Flatcar/issues/50)<br><br>Updates:<br><br>- Linux [4.19.112](https://lwn.net/Articles/815677/)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.34.0<br>- kernel 4.19.112<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2020-03-31T16:25:22+00:00 @@ -1910,7 +1926,7 @@ https://github.com/flatcar/manifest/releases/tag/v2411.1.0 2411.1.0 - 2023-10-25T10:20:43.312821+00:00 + 2023-11-22T09:59:33.208359+00:00 ## Flatcar updates<br>Bug fixes:<br>- Enable persistent network interface names already in the initramfs to fix https://github.com/coreos/bugs/issues/1767<br>- Fix backwards compatibility issues for users to migrate from CoreOS Container Linux. Support the kernel command line parameters `coreos.oem.*`, `coreos.autologin`, `coreos.first_boot`, and the QEMU firmware config path `opt/com.coreos/config` (https://github.com/flatcar/Flatcar/issues/16 https://github.com/flatcar/afterburn/pull/7 https://github.com/flatcar/bootengine/pull/7 https://github.com/flatcar/bootengine/pull/8 https://github.com/flatcar/init/pull/16 https://github.com/flatcar/init/pull/17 https://github.com/flatcar/ignition/pull/8)<br><br>## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2411.1.0)<br>Updates:<br>- Linux [4.19.106](https://lwn.net/Articles/813157/)<br><br>Packages:<br>- docker 18.06.3<br>- ignition 0.34.0<br>- kernel 4.19.106<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2020-03-02T11:57:48+00:00 @@ -1918,7 +1934,7 @@ https://github.com/flatcar/manifest/releases/tag/v2345.2.0 2345.2.0 - 2023-10-25T10:20:43.307974+00:00 + 2023-11-22T09:59:33.202474+00:00 ## Flatcar updates<br><br>Bug fixes:<br>- Fix DNS resolution for the GCE metadata server (https://github.com/flatcar/coreos-overlay/pull/160)<br>- Create symlink for /run/metadata/coreos (https://github.com/flatcar/coreos-overlay/pull/166)<br>- Create symlink for flatcar-install (https://github.com/flatcar/init/pull/14)<br><br>## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2345.2.0):<br><br>Security fixes:<br>- Fix systemd use-after-free upon receiving crafted D-Bus message from local unprivileged attacker ([CVE-2020-1712](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1712))<br><br>Changes:<br>- Enable `qede` kernel module<br><br>Updates:<br>- Linux [4.19.102](https://lwn.net/Articles/811638/)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.102<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2020-02-10T11:11:29+00:00 @@ -1926,7 +1942,7 @@ https://github.com/flatcar/manifest/releases/tag/v2345.1.0 2345.1.0 - 2023-10-25T10:20:43.303156+00:00 + 2023-11-22T09:59:33.197629+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2345.1.0):<br><br>Security fixes:<br><br>- Fix multiple Git [vulnerabilities](https://marc.info/?l=git&m=157600115215285&w=2) ([CVE-2019-1348](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1348), [CVE-2019-1349](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1349), [CVE-2019-1350](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1350), [CVE-2019-1351](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1351), [CVE-2019-1352](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1352), [CVE-2019-1353](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1353), [CVE-2019-1354](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1354), [CVE-2019-1387](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1387), [CVE-2019-19604](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19604))<br><br>Updates:<br><br>- Git [2.24.1](https://github.com/git/git/blob/master/Documentation/RelNotes/2.24.1.txt)<br>- Linux [4.19.95](https://lwn.net/Articles/809258/)<br><br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.95<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2020-01-17T13:33:11+00:00 @@ -1934,7 +1950,7 @@ https://github.com/flatcar/manifest/releases/tag/v2331.1.1 2331.1.1 - 2023-10-25T10:20:43.298325+00:00 + 2023-11-22T09:59:33.192550+00:00 ## Flatcar updates<br><br>Bug fixes:<br><br>- Fix a bug when creating RAID0 arrays by setting the default layout (https://github.com/flatcar/baselayout/pull/2)<br>- Fix bug of unpacking tarballs failing when xattr is not supported (https://github.com/flatcar/torcx/pull/2)<br><br>Updates:<br><br>- ldb [1.3.6](https://gitlab.com/samba-team/samba/-/tags/ldb-1.3.6)<br>- samba [4.8.6](https://gitlab.com/samba-team/samba/-/tags/samba-4.8.6)<br>- talloc [2.1.11](https://gitlab.com/samba-team/samba/-/tags/talloc-2.1.11)<br>- tdb [1.3.15](https://gitlab.com/samba-team/samba/-/tags/tdb-1.3.15)<br>- tevent [0.9.37](https://gitlab.com/samba-team/samba/-/tags/tevent-0.9.37)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.87<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-12-18T09:49:53+00:00 @@ -1942,7 +1958,7 @@ https://github.com/flatcar/manifest/releases/tag/v2331.1.0 2331.1.0 - 2023-10-25T10:20:43.293601+00:00 + 2023-11-22T09:59:33.187613+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2331.1.0):<br><br>Updates:<br> - Linux [4.19.87](https://lwn.net/Articles/805923/)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.87<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-12-05T06:34:11+00:00 @@ -1950,7 +1966,7 @@ https://github.com/flatcar/manifest/releases/tag/v2303.2.0 2303.2.0 - 2023-10-25T10:20:43.289258+00:00 + 2023-11-22T09:59:33.183126+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2303.2.0):<br><br>Security fixes:<br><br>- Fix Intel CPU disclosure of memory to user process. Complete mitigation requires [manually disabling TSX or SMT](https://docs.flatcar-linux.org/os/disabling-smt/) on affected processors. ([CVE-2019-11135](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11135), [TAA](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00270.html))<br>- Fix Intel CPU denial of service by a malicious guest VM ([CVE-2018-12207](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12207))<br><br>Bug fixes:<br><br>- Fix CFS scheduler throttling highly-threaded I/O-bound applications ([#2623](https://github.com/coreos/bugs/issues/2623))<br><br>Updates:<br><br>- intel-microcode [20191115](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/blob/microcode-20191115/releasenote)<br>- Linux [4.19.84](https://lwn.net/Articles/804465/)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.84<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-11-21T09:28:13+00:00 @@ -1958,7 +1974,7 @@ https://github.com/flatcar/manifest/releases/tag/v2303.1.1 2303.1.1 - 2023-10-25T10:20:43.284397+00:00 + 2023-11-22T09:59:33.178032+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2303.1.1):<br><br>Bug fixes:<br><br>- Fix time zone for Brazil ([#2627](https://github.com/coreos/bugs/issues/2627))<br><br>Updates:<br><br>- Linux [4.19.81](https://lwn.net/Articles/803384/)<br>- timezone-data [2019c](http://mm.icann.org/pipermail/tz-announce/2019-September/000057.html)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.81<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-11-11T14:13:02+00:00 @@ -1966,7 +1982,7 @@ https://github.com/flatcar/manifest/releases/tag/v2275.2.0 2275.2.0 - 2023-10-25T10:20:43.279892+00:00 + 2023-11-22T09:59:33.173345+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2275.2.0):<br><br>Updates:<br>- Linux [4.19.79](https://lwn.net/Articles/802169/)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.79<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-10-17T18:54:07+00:00 @@ -1974,7 +1990,7 @@ https://github.com/flatcar/manifest/releases/tag/v2247.4.0 2247.4.0 - 2023-10-25T10:20:43.275543+00:00 + 2023-11-22T09:59:33.168823+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2247.4.0):<br><br>Bug fixes:<br>- Fix kernel crash with CephFS mounts, introduced in 2247.3.0 ([#2616](https://github.com/coreos/bugs/issues/2616))<br><br>Updates:<br>- Linux [4.19.78](https://lwn.net/Articles/801700/)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.78<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-10-16T15:09:03+00:00 @@ -1982,7 +1998,7 @@ https://github.com/flatcar/manifest/releases/tag/v2247.3.0 2247.3.0 - 2023-10-25T10:20:43.271096+00:00 + 2023-11-22T09:59:33.164275+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2247.3.0):<br><br>Security fixes:<br><br>- Fix kernel KVM guest escape ([CVE-2019-14835](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14835))<br>- Fix race condition in Intel microprocessors ([CVE-2019-11184](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11184))<br><br>Updates:<br><br>- intel-microcode [20190918](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/blob/microcode-20190918/releasenote)<br>- Linux [4.19.75](https://lwn.net/Articles/800247/)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.75<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-09-25T09:32:22+00:00 @@ -1990,7 +2006,7 @@ https://github.com/flatcar/manifest/releases/tag/v2247.2.0 2247.2.0 - 2023-10-25T10:20:43.266500+00:00 + 2023-11-22T09:59:33.159423+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2247.2.0):<br><br>Updates:<br><br>- Linux [4.19.71](https://lwn.net/Articles/798627/)<br><br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.71<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-09-13T10:53:37+00:00 @@ -1998,7 +2014,7 @@ https://github.com/flatcar/manifest/releases/tag/v2219.3.0 2219.3.0 - 2023-10-25T10:20:43.262185+00:00 + 2023-11-22T09:59:33.155058+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2219.3.0):<br><br>Security fixes:<br><br>- Fix pam_systemd bug allowing authenticated remote users to perform polkit actions as if locally logged in ([CVE-2019-3842](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3842))<br>- Fix systemd-resolved bug allowing unprivileged users to change DNS settings ([CVE-2019-15718](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15718))<br><br>Bug fixes:<br><br>- Fix GCE agent crash loop in new installs ([#2608](https://github.com/coreos/bugs/issues/2608))<br><br>Updates:<br><br>- Linux [4.19.69](https://lwn.net/Articles/797815/)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.69<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-09-05T08:53:14+00:00 @@ -2006,7 +2022,7 @@ https://github.com/flatcar/manifest/releases/tag/v2219.2.1 2219.2.1 - 2023-10-25T10:20:43.257432+00:00 + 2023-11-22T09:59:33.150291+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2219.2.1):<br><br>Security fixes:<br>- Fix wget buffer overflow allowing arbitrary code execution ([CVE-2019-5953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5953))<br><br>Updates:<br>- Linux [4.19.68](https://lwn.net/Articles/797250/)<br>- wget [1.20.3](http://git.savannah.gnu.org/cgit/wget.git/tree/NEWS?h=v1.20.3&id=a220ead43505bc3e0ea8efb1572919111dbbf6dc#n8)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.68<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-08-30T07:37:15+00:00 @@ -2014,7 +2030,7 @@ https://github.com/flatcar/manifest/releases/tag/v2219.2.0 2219.2.0 - 2023-10-25T10:20:43.252904+00:00 + 2023-11-22T09:59:33.145687+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2219.2.0):<br><br>Security fixes:<br>- Use secure_getenv to fix a vulnerability around XDG_SEAT in pam_systemd (https://github.com/coreos/systemd/pull/118) ([CVE-2019-3842](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3842))<br><br>Updates:<br>- Linux [4.19.65](https://lwn.net/Articles/795525/)<br><br>## Flatcar updates<br><br>Bug fixes:<br>- Fix wrong key name for fw_cfg in ignition with QEMU (https://github.com/flatcar/ignition/issues/2)<br>- Get SELinux context included in torcx tarballs (https://github.com/flatcar/scripts/pull/16)<br>- Enable XattrPrivileged for untar to fix SELinux issue (https://github.com/flatcar/torcx/pull/1)<br><br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.65<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-08-16T09:44:16+00:00 @@ -2022,7 +2038,7 @@ https://github.com/flatcar/manifest/releases/tag/v2191.3.0 2191.3.0 - 2023-10-25T10:20:43.248141+00:00 + 2023-11-22T09:59:33.140854+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2191.3.0):<br><br>Security fixes:<br>- Fix Linux information leak attack vector via speculative side channel ([CVE-2019-1125](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1125))<br><br>Updates:<br>- Linux [4.19.65](https://lwn.net/Articles/795525/)<br><br>## Flatcar updates<br><br>Changes:<br>- Add "-s" flag in flatcar-install to install to smallest disk (https://github.com/flatcar/init/pull/7)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.65<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-08-08T08:18:09+00:00 @@ -2030,7 +2046,7 @@ https://github.com/flatcar/manifest/releases/tag/v2191.2.0 2191.2.0 - 2023-10-25T10:20:43.243524+00:00 + 2023-11-22T09:59:33.136221+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2191.2.0):<br>- Linux [4.19.62](https://lwn.net/Articles/794807/)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.62<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-08-01T09:15:48+00:00 @@ -2038,7 +2054,7 @@ https://github.com/flatcar/manifest/releases/tag/v2191.1.0 2191.1.0 - 2023-10-25T10:20:43.239256+00:00 + 2023-11-22T09:59:33.131856+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2191.1.0):<br><br>No changes for beta promotion<br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.56<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-07-17T13:51:51+00:00 @@ -2046,7 +2062,7 @@ https://github.com/flatcar/manifest/releases/tag/v2163.4.0 2163.4.0 - 2023-10-25T10:20:43.234969+00:00 + 2023-11-22T09:59:33.127497+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2163.4.0):<br><br>Bug fixes:<br><br> * Fix Ignition panic when no `guestinfo.(coreos|ignition).config` parameters are specified on VMware (coreos/ignition#821)<br><br>Updates:<br><br> * Ignition [0.33.0](https://github.com/coreos/ignition/releases/tag/v0.33.0)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.55<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-07-03T08:02:30+00:00 @@ -2054,7 +2070,7 @@ https://github.com/flatcar/manifest/releases/tag/v2163.3.0 2163.3.0 - 2023-10-25T10:20:43.230483+00:00 + 2023-11-22T09:59:33.122988+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2163.3.0):<br><br>Updates:<br><br>- Linux [4.19.53](https://lwn.net/Articles/791468/)<br><br>Packages:<br>- docker 18.06.3<br>- ignition 0.32.0<br>- kernel 4.19.55<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-07-01T10:45:57+00:00 @@ -2062,7 +2078,7 @@ https://github.com/flatcar/manifest/releases/tag/v2135.3.1 2135.3.1 - 2023-10-25T10:20:43.226109+00:00 + 2023-11-22T09:59:33.118616+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2135.3.1):<br><br>Security fixes:<br><br>- Fix Linux TCP remotely-triggerable kernel panic and excessive resource consumption ([CVE-2019-11477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11477), [CVE-2019-11478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11478), [CVE-2019-11479](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11479))<br><br>Bug fixes:<br><br>- Fix invalid bzip2 compression of Container Linux release images ([#2589](https://github.com/coreos/bugs/issues/2589))<br><br>Updates:<br><br>- Linux [4.19.50](https://lwn.net/Articles/790878/)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.32.0<br>- kernel 4.19.50<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-06-19T08:16:10+00:00 @@ -2070,7 +2086,7 @@ https://github.com/flatcar/manifest/releases/tag/v2135.2.0 2135.2.0 - 2023-10-25T10:20:43.221434+00:00 + 2023-11-22T09:59:33.113877+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2135.2.0):<br><br>Updates:<br>- Linux [4.19.44](https://lwn.net/Articles/788778/)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.32.0<br>- kernel 4.19.44<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-05-21T20:28:25+00:00 @@ -2078,7 +2094,7 @@ https://github.com/flatcar/manifest/releases/tag/v2107.3.0 2107.3.0 - 2023-10-25T10:20:43.217109+00:00 + 2023-11-22T09:59:33.109485+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2107.3.0):<br><br>Security fixes:<br>- Fix Intel CPU disclosure of memory to user process. Complete mitigation requires [manually disabling SMT](https://docs.flatcar-linux.org/os/disabling-smt/) on affected processors. ([CVE-2019-11091](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11091), [CVE-2018-12126](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12126), [CVE-2018-12127](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12127), [CVE-2018-12130](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12130), [MDS](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html))<br><br>Updates:<br>- intel-microcode [20190514](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/blob/microcode-20190514/releasenote)<br>- Linux [4.19.43](https://lwn.net/Articles/788388/)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.31.0<br>- kernel 4.19.43<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-05-16T10:57:15+00:00 @@ -2086,7 +2102,7 @@ https://github.com/flatcar/manifest/releases/tag/v2107.2.0 2107.2.0 - 2023-10-25T10:20:43.212321+00:00 + 2023-11-22T09:59:33.104660+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2107.2.0):<br><br>Bug fixes:<br><br>- Fix systemd `MountFlags=shared` option ([#2579](https://github.com/coreos/bugs/issues/2579))<br><br>Changes:<br><br>- Pin network interface naming to systemd v238 scheme ([#2578](https://github.com/coreos/bugs/issues/2578))<br>Packages:<br>- docker 18.06.3<br>- ignition 0.31.0<br>- kernel 4.19.36<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-05-08T07:07:32+00:00 @@ -2094,7 +2110,7 @@ https://github.com/flatcar/manifest/releases/tag/v2107.1.0 2107.1.0 - 2023-10-25T10:20:43.207857+00:00 + 2023-11-22T09:59:33.100134+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2107.1.0):<br><br>Bug fixes:<br> - Disable new sticky directory protections for backward compatibility ([#2577](https://github.com/coreos/bugs/issues/2577))<br><br>Changes:<br> - Enable `atlantic` kernel module ([#2576](https://github.com/coreos/bugs/issues/2576))<br><br>Updates:<br> - Linux [4.19.36](https://lwn.net/Articles/786361/)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.31.0<br>- kernel 4.19.36<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-04-24T10:01:19+00:00 @@ -2102,7 +2118,7 @@ https://github.com/flatcar/manifest/releases/tag/v2079.2.0 2079.2.0 - 2023-10-25T10:20:43.203278+00:00 + 2023-11-22T09:59:33.095489+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2079.2.0):<br><br>Bug fixes:<br>- Disable new sticky directory protections for backwards compatibility ([#2577](https://github.com/coreos/bugs/issues/2577))<br><br>Changes:<br>- Enable `atlantic` kernel module ([#2576](https://github.com/coreos/bugs/issues/2576))<br><br>Updates:<br>- Linux [4.19.34](https://lwn.net/Articles/786050/)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.31.0<br>- kernel 4.19.34<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-04-17T07:53:14+00:00 @@ -2110,7 +2126,7 @@ https://github.com/flatcar/manifest/releases/tag/v2079.1.0 2079.1.0 - 2023-10-25T10:20:43.198770+00:00 + 2023-11-22T09:59:33.090892+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2079.1.0):<br><br>Bug fixes:<br>- Fix systemd presets incorrectly handling escaped unit names ([#2569](https://github.com/coreos/bugs/issues/2569))<br><br>Updates:<br>- Linux [4.19.31](https://lwn.net/Articles/783858/)<br><br>Packages:<br>- docker 18.06.3<br>- ignition 0.31.0<br>- kernel 4.19.31<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-03-26T13:08:57+00:00 @@ -2118,7 +2134,7 @@ https://github.com/flatcar/manifest/releases/tag/v2051.2.0 2051.2.0 - 2023-10-25T10:20:43.194315+00:00 + 2023-11-22T09:59:33.086326+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2051.2.0):<br><br>Bug fixes:<br>- Fix systemd-journald memory leak ([#2564](https://github.com/coreos/bugs/issues/2564))<br><br>Updates:<br>- Linux [4.19.28](https://lwn.net/Articles/782719/)<br>Packages:<br>- docker 18.06.1<br>- ignition 0.30.0<br>- kernel 4.19.28<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2019-03-12T14:37:08+00:00 @@ -2126,7 +2142,7 @@ https://github.com/flatcar/manifest/releases/tag/v2051.1.0 2051.1.0 - 2023-10-25T10:20:43.189886+00:00 + 2023-11-22T09:59:33.081807+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2051.1.0):<br><br>Security fixes:<br>- Fix Linux use-after-free in `sockfs_setattr` ([CVE-2019-8912](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8912))<br>- Fix systemd crash from a specially-crafted D-Bus message ([CVE-2019-6454](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6454))<br><br>Updates:<br>- Linux [4.19.25](https://lwn.net/Articles/780611/)<br>Packages:<br>- docker 18.06.1<br>- ignition 0.30.0<br>- kernel 4.19.25<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2019-02-27T08:53:46+00:00 @@ -2134,7 +2150,7 @@ https://github.com/flatcar/manifest/releases/tag/v2023.3.0 2023.3.0 - 2023-10-25T10:20:43.185401+00:00 + 2023-11-22T09:59:33.077209+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2023.3.0):<br><br>Updates:<br>- Linux [4.19.23](https://lwn.net/Articles/779940/)<br>Packages:<br>- docker 18.06.1<br>- ignition 0.30.0<br>- kernel 4.19.23<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2019-02-21T08:41:36+00:00 @@ -2142,7 +2158,7 @@ https://github.com/flatcar/manifest/releases/tag/v2023.2.0 2023.2.0 - 2023-10-25T10:20:43.181078+00:00 + 2023-11-22T09:59:33.072741+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2023.2.0):<br>Security fixes:<br> - Fix runc container breakout ([CVE-2019-5736](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5736))<br><br>Changes:<br> - Revert `/sys/bus/rbd/add` to Linux 4.14 behavior ([#2544](https://github.com/coreos/bugs/issues/2544))<br><br>Updates:<br> - etcd [3.3.12](https://github.com/etcd-io/etcd/releases/tag/v3.3.12)<br> - etcdctl [3.3.12](https://github.com/etcd-io/etcd/releases/tag/v3.3.12)<br> - Linux [4.19.20](https://lwn.net/Articles/779132/)<br><br>Packages:<br>- docker 18.06.1<br>- ignition 0.30.0<br>- kernel 4.19.20<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2019-02-14T10:31:00+00:00 @@ -2150,7 +2166,7 @@ https://github.com/flatcar/manifest/releases/tag/v2023.1.0 2023.1.0 - 2023-10-25T10:20:43.176432+00:00 + 2023-11-22T09:59:33.068037+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2023.1.0):<br><br>Security fixes:<br>- Fix Go CPU denial of service in ECC ([CVE-2019-6486](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6486))<br><br>Updates:<br>- Go [1.10.8](https://golang.org/doc/devel/release.html#go1.10.minor)<br>- Go [1.11.5](https://golang.org/doc/devel/release.html#go1.11.minor)<br>- Linux [4.19.18](https://lwn.net/Articles/777580/)<br>Packages:<br>- docker 18.06.1<br>- ignition 0.30.0<br>- kernel 4.19.18<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2019-01-30T13:45:28+00:00 @@ -2158,7 +2174,7 @@ https://github.com/flatcar/manifest/releases/tag/v1995.1.0 1995.1.0 - 2023-10-25T10:20:43.171953+00:00 + 2023-11-22T09:59:33.063293+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1995.1.0):<br><br>Updates:<br>- Linux [4.19.13](https://lwn.net/Articles/775720/)<br>Packages:<br>- docker 18.06.1<br>- ignition 0.29.1<br>- kernel 4.19.13<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2019-01-18T09:10:26+00:00 @@ -2166,7 +2182,7 @@ https://github.com/flatcar/manifest/releases/tag/v1967.2.0 1967.2.0 - 2023-10-25T10:20:43.167605+00:00 + 2023-11-22T09:59:33.058880+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1967.2.0):<br><br>Security fixes:<br>- Fix Go CPU denial of service in X.509 verification ([CVE-2018-16875](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16875))<br>- Fix PolicyKit always authorizing UIDs greater than `INT_MAX` ([CVE-2018-19788](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19788))<br><br>Updates:<br>- Go [1.10.6](https://golang.org/doc/devel/release.html#go1.10.minor)<br>- Go [1.11.3](https://golang.org/doc/devel/release.html#go1.11.minor)<br>- Linux [4.14.88](https://lwn.net/Articles/774848/)<br>Packages:<br>- docker 18.06.1<br>- ignition 0.28.0<br>- kernel 4.14.88<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-12-21T09:08:43+00:00 @@ -2174,7 +2190,7 @@ https://github.com/flatcar/manifest/releases/tag/v1967.1.0 1967.1.0 - 2023-10-25T10:20:43.162945+00:00 + 2023-11-22T09:59:33.054130+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1967.1.0):<br><br>Changes:<br> - Switch to the LTS Linux version [4.14.84](https://lwn.net/Articles/773114/) for the beta channel<br>Packages:<br>- docker 18.06.1<br>- ignition 0.28.0<br>- kernel 4.14.84<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-12-06T09:43:43+00:00 @@ -2182,7 +2198,7 @@ https://github.com/flatcar/manifest/releases/tag/v1939.2.1 1939.2.1 - 2023-10-25T10:20:43.158569+00:00 + 2023-11-22T09:59:33.049694+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1939.2.1):<br><br>Security fixes:<br>- Disable containerd CRI plugin to stop it from listening on a TCP port ([#2524](https://github.com/coreos/bugs/issues/2524))<br><br>Updates:<br>- Linux [4.14.81](https://lwn.net/Articles/771885/)<br>Packages:<br>- docker 18.06.1<br>- ignition 0.28.0<br>- kernel 4.14.81<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-11-21T10:57:13+00:00 @@ -2190,7 +2206,7 @@ https://github.com/flatcar/manifest/releases/tag/v1939.1.0 1939.1.0 - 2023-10-25T10:20:43.154137+00:00 + 2023-11-22T09:59:33.045155+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1939.1.0):<br><br>Security fixes:<br>- Fix systemd re-executing with arbitrary supplied state ([CVE-2018-15686](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15686))<br>- Fix systemd race allowing changing file permissions ([CVE-2018-15687](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15687))<br>- Fix systemd-networkd buffer overflow in the dhcp6 client ([CVE-2018-15688](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15688))<br><br>Changes:<br>- Switch to the LTS Linux version [4.14.79](https://lwn.net/Articles/770749/) for the beta channel<br>Packages:<br>- docker 18.06.1<br>- ignition 0.28.0<br>- kernel 4.14.79<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-11-08T16:14:38+00:00 @@ -2198,7 +2214,7 @@ https://github.com/flatcar/manifest/releases/tag/v1911.2.0 1911.2.0 - 2023-10-25T10:20:43.149437+00:00 + 2023-11-22T09:59:33.040397+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1911.2.0):<br><br>Security fixes:<br>- Fix Git remote code execution during recursive clone ([CVE-2018-17456](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17456))<br><br>Bug fixes:<br>- Fix missing kernel headers ([#2505](https://github.com/coreos/bugs/issues/2505))<br><br>Updates:<br>- Git [2.16.5](https://raw.githubusercontent.com/git/git/v2.16.5/Documentation/RelNotes/2.16.5.txt)<br>- Linux [4.14.78](https://lwn.net/Articles/769051/)<br>Packages:<br>- docker 18.06.1<br>- ignition 0.28.0<br>- kernel 4.14.78<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-10-26T10:14:36+00:00 @@ -2206,7 +2222,7 @@ https://github.com/flatcar/manifest/releases/tag/v1911.1.1 1911.1.1 - 2023-10-25T10:20:43.144828+00:00 + 2023-11-22T09:59:33.035720+00:00 ## Flatcar updates<br><br>Changes:<br><br>* Add new image signing subkey to `flatcar-install` ([flatcar-linux/init#4](https://github.com/flatcar/init/pull/4))<br><br>Bug fixes:<br><br>* Fix `/usr/lib/coreos` symlink for Container Linux compatibility ([flatcar-linux/coreos-overlay#8](https://github.com/flatcar/coreos-overlay/pull/8))<br><br>## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1911.1.1):<br><br>Changes:<br>- Switch to the LTS Linux version [4.14.74](https://lwn.net/Articles/767628/) for the beta channel<br><br>Packages:<br>- docker 18.06.1<br>- ignition 0.28.0<br>- kernel 4.14.74<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-10-11T13:18:49+00:00 @@ -2214,7 +2230,7 @@ https://github.com/flatcar/manifest/releases/tag/v1883.1.0 1883.1.0 - 2023-10-25T10:20:43.140181+00:00 + 2023-11-22T09:59:33.031032+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1883.1.0):<br><br>Bug fixes:<br>- Fix Docker mounting named volumes ([#2497](https://github.com/coreos/bugs/issues/2497))<br><br>Changes:<br>- Switch to the LTS Linux version [4.14.69](https://lwn.net/Articles/764513/) for the beta channel<br><br>Updates:<br>- intel-microcode [20180807a](https://downloadcenter.intel.com/download/28087)<br>Packages:<br>- docker 18.06.1<br>- ignition 0.28.0<br>- kernel 4.14.69<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-09-14T09:59:48+00:00 @@ -2222,7 +2238,7 @@ https://github.com/flatcar/manifest/releases/tag/v1855.3.0 1855.3.0 - 2023-10-25T10:20:43.135696+00:00 + 2023-11-22T09:59:33.026452+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1855.3.0):<br><br>Changes:<br>- Drop AWS PV images from regions which do not support PV<br><br>Updates:<br>- containerd [1.1.2](https://github.com/containerd/containerd/releases/tag/v1.1.2)<br>- Docker [18.06.1-ce](https://github.com/docker/docker-ce/releases/tag/v18.06.1-ce)<br>- intel-microcode [20180807a](https://downloadcenter.intel.com/download/28087/Linux-Processor-Microcode-Data-File)<br>- Linux [4.14.67](https://lwn.net/Articles/763433/)<br>Packages:<br>- docker 18.06.1<br>- ignition 0.26.0<br>- kernel 4.14.67<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-09-05T08:43:19+00:00 @@ -2230,7 +2246,7 @@ https://github.com/flatcar/manifest/releases/tag/v1855.2.0 1855.2.0 - 2023-10-25T10:20:43.131097+00:00 + 2023-11-22T09:59:33.021799+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1855.2.0):<br><br>Security fixes:<br>- Fix Linux remote denial of service ([FragmentSmack](https://access.redhat.com/security/cve/cve-2018-5391), [CVE-2018-5391](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5391))<br>- Fix Linux privileged memory access via speculative execution ([L1TF/Foreshadow](https://foreshadowattack.eu/), [CVE-2018-3620](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3620), [CVE-2018-3646](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3646))<br><br>Bug fixes:<br>- Fix PXE systems attempting to mount an ESP ([#2491](https://github.com/coreos/bugs/issues/2491))<br><br>Changes:<br>- Switch to the LTS Linux version [4.14.63](https://lwn.net/Articles/762808/) for the beta channel<br>Packages:<br>- docker 18.06.0<br>- ignition 0.26.0<br>- kernel 4.14.63<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-08-17T12:09:29+00:00 @@ -2238,7 +2254,7 @@ https://github.com/flatcar/manifest/releases/tag/v1828.3.0 1828.3.0 - 2023-10-25T10:20:43.126267+00:00 + 2023-11-22T09:59:33.016958+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1828.3.0):<br><br>Security fixes:<br>- Fix Linux local denial of service as Xen PV guest ([CVE-2018-14678](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14678))<br><br>Bug fixes:<br>- Fix failure to mount large ext4 filesystems ([#2485](https://github.com/coreos/bugs/issues/2485))<br><br>Updates:<br>- Linux [4.14.60](https://lwn.net/Articles/761767/)<br>Packages:<br>- docker 18.03.1<br>- ignition 0.26.0<br>- kernel 4.14.60<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-08-08T10:49:50+00:00 @@ -2246,7 +2262,7 @@ https://github.com/flatcar/manifest/releases/tag/v1828.2.0 1828.2.0 - 2023-10-25T10:20:43.121764+00:00 + 2023-11-22T09:59:33.012375+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1828.2.0):<br><br>Bug fixes:<br>- Fix kernel CIFS client ([#2480](https://github.com/coreos/bugs/issues/2480))<br><br>Updates:<br>- Linux [4.14.59](https://lwn.net/Articles/761180/)<br>Packages:<br>- docker 18.03.1<br>- ignition 0.26.0<br>- kernel 4.14.59<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-07-31T09:16:00+00:00 @@ -2254,7 +2270,7 @@ https://github.com/flatcar/manifest/releases/tag/v1828.1.0 1828.1.0 - 2023-10-25T10:20:43.117349+00:00 + 2023-11-22T09:59:33.007975+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1828.1.0):<br><br>Changes:<br>- Switch to the LTS Docker version [18.03.1-ce](https://github.com/docker/docker-ce/releases/tag/v18.03.1-ce) for the beta channel<br>- Switch to the LTS Linux version [4.14.57](https://lwn.net/Articles/760500/) for the beta channel<br><br>Packages:<br>- docker 18.03.1<br>- ignition 0.26.0<br>- kernel 4.14.57<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-07-26T09:40:11+00:00 @@ -2262,7 +2278,7 @@ https://github.com/flatcar/manifest/releases/tag/v1800.3.0 1800.3.0 - 2023-10-25T10:20:43.112842+00:00 + 2023-11-22T09:59:33.003440+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1800.3.0):<br><br>Updates:<br>- Linux [4.14.55](https://lwn.net/Articles/759535/)<br>Packages:<br>- docker 18.03.1<br>- ignition 0.25.1<br>- kernel 4.14.55<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-07-13T15:43:19+00:00 @@ -2270,7 +2286,7 @@ https://github.com/flatcar/manifest/releases/tag/v1800.2.0 1800.2.0 - 2023-10-25T10:20:43.108545+00:00 + 2023-11-22T09:59:32.999007+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1800.2.0):<br><br>Changes:<br>- Switch to the LTS Docker version [18.03.1-ce](https://github.com/docker/docker-ce/releases/tag/v18.03.1-ce) for the beta channel<br>- Switch to the LTS Linux version [4.14.50](https://lwn.net/Articles/757680/) for the beta channel<br>Packages:<br>- docker 18.03.1<br>- ignition 0.25.1<br>- kernel 4.14.50<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-06-22T10:17:31+00:00 @@ -2278,7 +2294,7 @@ https://github.com/flatcar/manifest/releases/tag/v1772.4.0 1772.4.0 - 2023-10-25T10:20:43.104062+00:00 + 2023-11-22T09:59:32.994480+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1772.4.0):<br><br>Bug fixes:<br>- Fix TCP connection stalls ([#2457](https://github.com/coreos/bugs/issues/2457))<br><br>Updates:<br>- Linux [4.14.49](https://lwn.net/Articles/757308/)<br>Packages:<br>- docker 18.03.1<br>- ignition 0.24.1<br>- kernel 4.14.49<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-06-15T14:51:22+00:00 @@ -2286,7 +2302,7 @@ https://github.com/flatcar/manifest/releases/tag/v1772.3.0 1772.3.0 - 2023-10-25T10:20:43.099651+00:00 + 2023-11-22T09:59:32.990015+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1772.3.0):<br><br>Bug fixes:<br>- Fix Hyper-V network driver regression ([#2454](https://github.com/coreos/bugs/issues/2454))<br><br>Updates:<br>- Linux [4.14.48](https://lwn.net/Articles/756652/)<br>Packages:<br>- docker 18.03.1<br>- ignition 0.24.1<br>- kernel 4.14.48<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-06-13T13:22:40+00:00 @@ -2294,7 +2310,7 @@ https://github.com/flatcar/manifest/releases/tag/v1772.2.0 1772.2.0 - 2023-10-25T10:20:43.095222+00:00 + 2023-11-22T09:59:32.985504+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1772.2.0):<br><br>Security fixes:<br>- Fix Git arbitrary code execution when cloning untrusted repositories ([CVE-2018-11235](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11235))<br><br>Bug fixes:<br>- Fix inadvertent change of network interface names ([#2437](https://github.com/coreos/bugs/issues/2437))<br>- Fix failure to set network interface MTU ([#2443](https://github.com/coreos/bugs/issues/2443))<br><br>Updates:<br>- Git [2.16.4](https://raw.githubusercontent.com/git/git/v2.16.4/Documentation/RelNotes/2.16.4.txt)<br>- Linux [4.14.47](https://lwn.net/Articles/756055/)<br>Packages:<br>- docker 18.03.1<br>- ignition 0.24.1<br>- kernel 4.14.47<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-06-01T13:23:43+00:00 @@ -2302,7 +2318,7 @@ https://github.com/flatcar/manifest/releases/tag/v1772.1.1 1772.1.1 - 2023-10-25T10:20:43.090545+00:00 + 2023-11-22T09:59:32.980754+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1772.1.1):<br><br>Changes:<br>- Switch to the LTS Docker version [18.03.1-ce](https://github.com/docker/docker-ce/releases/tag/v18.03.1-ce) for the beta channel<br>- Switch to the LTS Linux version [4.14.42](https://lwn.net/Articles/754972/) for the beta channel<br><br>Updates:<br>- Ignition [0.24.1](https://github.com/coreos/ignition/releases/tag/v0.24.1)<br>Packages:<br>- docker 18.03.1<br>- ignition 0.24.1<br>- kernel 4.14.42<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-05-26T15:29:49+00:00 @@ -2310,7 +2326,7 @@ https://github.com/flatcar/manifest/releases/tag/v1745.2.0 1745.2.0 - 2023-10-25T10:20:43.086004+00:00 + 2023-11-22T09:59:32.976156+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1745.2.0):<br><br>Security fixes:<br> - Fix ntp clock manipulation from ephemeral connections ([CVE-2016-1549](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549), [CVE-2018-7170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7170))<br> - Fix ntp denial of service from out of bounds read ([CVE-2018-7182](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7182)) <br> - Fix ntp denial of service from packets with timestamp 0 ([CVE-2018-7184](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7184), [CVE-2018-7185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7185))<br> - Fix ntp remote code execution ([CVE-2018-7183](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7183))<br><br>Updates:<br> - containerd [1.0.3](https://github.com/containerd/containerd/releases/tag/v1.0.3)<br> - Docker [18.03.1-ce](https://github.com/docker/docker-ce/releases/tag/v18.03.1-ce)<br> - Linux [4.14.39](https://lwn.net/Articles/753349/)<br> - ntp [4.2.8p11](https://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ChangeLog-stable)<br><br>Packages:<br>- docker 18.03.1<br>- ignition 0.24.0<br>- kernel 4.14.39<br>- rkt 1.29.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-05-11T11:40:35+00:00 @@ -2318,7 +2334,7 @@ https://github.com/flatcar/manifest/releases/tag/v1745.1.0 1745.1.0 - 2023-10-25T10:20:43.080993+00:00 + 2023-11-22T09:59:32.971011+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1745.1.0):<br><br>Bug fixes:<br> - Fix docker2aci tar conversion ([#2402](https://github.com/coreos/bugs/issues/2402))<br><br>Changes:<br> - Switch to the LTS Linux version [4.14.35](https://lwn.net/Articles/752328/) for the beta channel<br>Packages:<br>- docker 18.03.0<br>- ignition 0.24.0<br>- kernel 4.14.35<br>- rkt 1.29.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-04-26T09:58:55+00:00 @@ -2326,15 +2342,23 @@ https://github.com/flatcar/manifest/releases/tag/v1722.2.0 1722.2.0 - 2023-10-25T10:20:43.076562+00:00 + 2023-11-22T09:59:32.966462+00:00 ## Flatcar updates<br><br>Initial Flatcar release.<br><br>Bug fixes:<br>- Fix GRUB crash at boot ([#2284](https://github.com/coreos/bugs/issues/2284))<br>- Fix [poweroff problems](https://groups.google.com/forum/#!topic/coreos-user/YcGkRHU9SvQ) ([#8080](https://github.com/systemd/systemd/pull/8080))<br><br>Notes:<br>- Previous test images have been removed from the release servers. This is due to a new update key being generated using our updated security policy which we [included](https://github.com/flatcar/coreos-overlay/pull/6) in the first public image.<br><br>## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1722.2.0):<br><br>Bug fixes:<br>- Fix kernel panic with vxlan ([#2382](https://github.com/coreos/bugs/issues/2382))<br>Packages:<br>- docker 17.12.1<br>- ignition 0.23.0<br>- kernel 4.14.30<br>- rkt 1.29.0<br>- systemd 237<br><br>Architectures:<br>- amd64<br> 2018-04-25T14:36:40+00:00 + + https://github.com/flatcar/scripts/releases/tag/alpha-3794.0.0 + 3794.0.0 + 2023-11-22T09:59:32.950614+00:00 + **This release removes the legacy "torcx" image customisation and replaces this feature with systemd-sysext. Torcx enabled users to deploy custom docker versions; however, it required special packaging using the Flatcar SDK.** Please refer to the "Changes" section below for details.<br><br>**This release ships a major Docker update: Docker was upgraded to version 24 (from version 20 in the previous release). Please see the "Changes" section below for details.**<br><br> _Changes since **Alpha 3760.0.0**_<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2023-35827](https://nvd.nist.gov/vuln/detail/CVE-2023-35827), [CVE-2023-46813](https://nvd.nist.gov/vuln/detail/CVE-2023-46813), [CVE-2023-46862](https://nvd.nist.gov/vuln/detail/CVE-2023-46862), [CVE-2023-5178](https://nvd.nist.gov/vuln/detail/CVE-2023-5178), [CVE-2023-5717](https://nvd.nist.gov/vuln/detail/CVE-2023-5717))<br> - VMWare: open-vm-tools ([CVE-2023-34058](https://nvd.nist.gov/vuln/detail/CVE-2023-34058), [CVE-2023-34059](https://nvd.nist.gov/vuln/detail/CVE-2023-34059))<br> - nghttp2 ([CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487))<br> - samba ([CVE-2023-4091](https://nvd.nist.gov/vuln/detail/CVE-2023-4091))<br> - zlib ([CVE-2023-45853](https://nvd.nist.gov/vuln/detail/CVE-2023-45853))<br> <br> #### Bug fixes:<br> <br> - Fixed iterating over the OEM update payload signatures which prevented the AWS OEM update to 3745.x.y ([update-engine#31](https://github.com/flatcar/update_engine/pull/31))<br> - Made `sshkeys.service` more robust to only run `coreos-metadata-sshkeys@core.service` when not masked and also retry on failure ([init#112](https://github.com/flatcar/init/pull/112))<br> - Set TTY used for fetching server_context to RAW mode before running cloudinit on cloudsigma ([scripts#1280](https://github.com/flatcar/scripts/pull/1280))<br><br><br> #### Known issues:<br><br>- docker and containerd packages information are missing from `flatcar_production_image_packages.txt` ([flatcar#1260](https://github.com/flatcar/Flatcar/issues/1260))<br> <br> #### Changes:<br> <br> - **Torcx, the mechanism to provide a custom Docker version, was replaced by systemd-sysext in the OS image**. Learn more about sysext and how to customise OS images [here](https://www.flatcar.org/docs/latest/provisioning/sysext/).<br> - Torcx entered deprecation 2 years ago in favour of [deploying plain Docker binaries](https://www.flatcar.org/docs/latest/container-runtimes/use-a-custom-docker-or-containerd-version/)<br> (which is now also a legacy option because systemd-sysext offers a more robust and better structured way of customisation, including OS independent updates).<br> - Torcx has been removed entirely; if you use Torcx to extend the Flatcar base OS image, please refer to our [conversion script](https://www.flatcar.org/docs/latest/provisioning/sysext/#torcx-deprecation) and to the sysext documentation mentioned above for migrating.<br> - Consequently, `update_engine` will not perform torcx sanity checks post-update anymore.<br> - Relevant changes: [scripts#1216](https://github.com/flatcar/scripts/pull/1216), [update_engine#30](https://github.com/flatcar/update_engine/pull/30), [Mantle#466](https://github.com/flatcar/mantle/pull/466), [Mantle#465](https://github.com/flatcar/mantle/pull/465).<br>- cri-tools, runc, containerd, docker, and docker-cli are now built from Gentoo upstream ebuilds. Docker received a major version upgrade - it was updated to Docker 24 (from Docker 20; see "updates").<br> - **NOTE:** The docker btrfs storage driver has been de-prioritised; BTRFS backed storage will now default to the `overlay2` driver<br> ([changelog](https://docs.docker.com/engine/release-notes/23.0/#bug-fixes-and-enhancements-6), [upstream pr](https://github.com/moby/moby/pull/42661)).<br> Using the btrfs driver can still be enforced by creating a respective [docker config](https://docs.docker.com/storage/storagedriver/btrfs-driver/#configure-docker-to-use-the-btrfs-storage-driver) at `/etc/docker/daemon.json`.<br> - **NOTE:** If you are already using btrfs-backed Docker storage and are upgrading to this new version, Docker will automatically use the `btrfs` storage driver for backwards-compatibility with your deployment.<br> - **Docker will remove the `btrfs` driver entirely in a future version. Please consider migrating your deployments to the `overlay2` driver.**<br> - Brightbox: The regular OpenStack image should now be used, it includes Afterburn for instance metadata attributes<br> - OpenStack: An uncompressed image is provided for simpler import (since the images use qcow2 inline compression, there is no benefit in using the `.gz` or `.bz2` images)<br><br> #### Updates:<br> <br> - Azure: WALinuxAgent ([v2.9.1.1](https://github.com/Azure/WALinuxAgent/releases/tag/v2.9.1.1))<br> - DEV, AZURE: python ([3.11.6](https://docs.python.org/release/3.11.6/whatsnew/changelog.html#python-3-11-6))<br> - DEV: iperf ([3.15](https://github.com/esnet/iperf/releases/tag/3.15))<br> - DEV: smartmontools ([7.4](https://www.smartmontools.org/browser/tags/RELEASE_7_4/smartmontools/NEWS))<br> - Go ([1.20.11](https://go.dev/doc/devel/release#go1.20.11))<br> - Linux ([6.1.62](https://lwn.net/Articles/950700) (includes [6.1.61](https://lwn.net/Articles/949826), [6.1.60](https://lwn.net/Articles/948817) and [6.1.59](https://lwn.net/Articles/948297)))<br> - Linux Firmware ([20231111](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20231111) (includes [20231030](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20231030)))<br> - SDK: Rust ([1.73.0](https://github.com/rust-lang/rust/releases/tag/1.73.0))<br> - SDK: python packaging ([23.2](https://github.com/pypa/packaging/releases/tag/23.2)), platformdirs ([3.11.0](https://github.com/platformdirs/platformdirs/releases/tag/3.11.0)) <br> - VMWare: open-vm-tools ([12.3.5](https://github.com/vmware/open-vm-tools/releases/tag/stable-12.3.5))<br> - containerd ([1.7.9](https://github.com/containerd/containerd/releases/tag/v1.7.9) (includes [1.7.8](https://github.com/containerd/containerd/releases/tag/v1.7.8)))<br> - cri-tools ([1.27.0](https://github.com/kubernetes-sigs/cri-tools/releases/tag/v1.27.0))<br> - ding-libs ([0.6.2](https://github.com/SSSD/ding-libs/releases/tag/0.6.2))<br> - docker ([24.0.6](https://docs.docker.com/engine/release-notes/24.0/), includes changes from [23.0](https://docs.docker.com/engine/release-notes/23.0/))<br> - ethtool ([6.5](https://git.kernel.org/pub/scm/network/ethtool/ethtool.git/tree/NEWS?h=v6.5))<br> - hwdata ([v0.375](https://github.com/vcrhonek/hwdata/releases/tag/v0.375) (includes [0.374](https://github.com/vcrhonek/hwdata/commits/v0.374)))<br> - iproute2 ([6.5.0](https://marc.info/?l=linux-netdev&m=169401822317373&w=2))<br> - json-c ([0.17](https://github.com/json-c/json-c/blob/json-c-0.17-20230812/ChangeLog))<br> - libffi ([3.4.4](https://github.com/libffi/libffi/releases/tag/v3.4.4) (includes [3.4.2](https://github.com/libffi/libffi/releases/tag/v3.4.2) and [3.4.3](https://github.com/libffi/libffi/releases/tag/v3.4.3)))<br> - liblinear (246)<br> - libsodium ([1.0.19](https://github.com/jedisct1/libsodium/releases/tag/1.0.19-RELEASE))<br> - libunistring ([1.1](https://git.savannah.gnu.org/gitweb/?p=libunistring.git;a=blob;f=NEWS;h=5a43ddd7011d62a952733f6c0b7ad52aa4f385c7;hb=8006860b710aae2e8442088c3ddc7d819dfa8ac7))<br> - mpc ([1.3.1](https://sympa.inria.fr/sympa/arc/mpc-discuss/2022-12/msg00049.html) (includes [1.3.0](https://sympa.inria.fr/sympa/arc/mpc-discuss/2022-12/msg00028.html))<br> - mpfr ([4.2.1](https://gitlab.inria.fr/mpfr/mpfr/-/blob/4.2.1/NEWS))<br> - nghttp2 ([1.57.0](https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0) (includes [1.52.0](https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0), [1.53.0](https://github.com/nghttp2/nghttp2/releases/tag/v1.53.0), [1.54.0](https://github.com/nghttp2/nghttp2/releases/tag/v1.54.0), [1.55.0](https://github.com/nghttp2/nghttp2/releases/tag/v1.55.0), [1.55.1](https://github.com/nghttp2/nghttp2/releases/tag/v1.55.1) and [1.56.0](https://github.com/nghttp2/nghttp2/releases/tag/v1.56.0)))<br> - nspr ([4.35](https://hg.mozilla.org/projects/nspr/log/b563bfc16c887c48b038b7b441fcc4e40a126d3b))<br> - ntp ([4.2.8p17](https://www.ntp.org/support/securitynotice/4_2_8p17-release-announcement/))<br> - nvme-cli ([v2.6](https://github.com/linux-nvme/nvme-cli/releases/tag/v2.6), libnvme [v1.6](https://github.com/linux-nvme/libnvme/releases/tag/v1.6))<br> - protobuf ([21.12](https://github.com/protocolbuffers/protobuf/releases/tag/v21.12) (includes [21.10](https://github.com/protocolbuffers/protobuf/releases/tag/v21.10) and [21.11](https://github.com/protocolbuffers/protobuf/releases/tag/v21.11)))<br> - samba ([4.18.8](https://www.samba.org/samba/history/samba-4.18.8.html))<br> - sqlite ([3.43.2](https://www.sqlite.org/releaselog/3_43_2.html))<br> - thin-provisioning-tools ([1.0.6](https://github.com/jthornber/thin-provisioning-tools/blob/v1.0.6/CHANGES))<br>Packages:<br>- ignition 2.15.0<br>- kernel 6.1.62<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> + + 2023-11-22T07:53:31+00:00 + https://github.com/flatcar/scripts/releases/tag/alpha-3760.0.0 3760.0.0 - 2023-10-25T10:20:43.065524+00:00 + 2023-11-22T09:59:32.939334+00:00 _Changes since **Alpha 3745.0.0**_<br> <br> #### Security fixes:<br> <br> - Go ([CVE-2023-39323](https://nvd.nist.gov/vuln/detail/CVE-2023-39323), [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325))<br> - curl ([CVE-2023-38545](https://nvd.nist.gov/vuln/detail/CVE-2023-38545), [CVE-2023-38546](https://nvd.nist.gov/vuln/detail/CVE-2023-38546))<br> - glibc ([CVE-2023-4911](https://nvd.nist.gov/vuln/detail/CVE-2023-4911))<br> - grub ([CVE-2023-4692](https://nvd.nist.gov/vuln/detail/CVE-2023-4692), [CVE-2023-4693](https://nvd.nist.gov/vuln/detail/CVE-2023-4693))<br> - libtirpc ([libtirpc-rhbg-2138317](http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=4a2d85c64110ee9e21a8c4f9dafd6b0ae621506d), [libtirpc-rhbg-2150611](http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=f7f0abdf267698de3f74a0285405b1b01f40893b), [libtirpc-rhbg-2224666](http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=1d2e10afb2ffc35cb3623f57a15f712359f18e75))<br> <br> #### Bug fixes:<br> <br> - Added AWS EKS support for versions 1.24-1.28. Fixed `/usr/share/amazon/eks/download-kubelet.sh` to include download paths for these versions. ([scripts#1210](https://github.com/flatcar/scripts/pull/1210))<br> - Disabled systemd-networkd's RoutesToDNS setting by default to fix provisioning failures observed in VMs with multiple network interfaces on Azure ([scripts#1206](https://github.com/flatcar/scripts/pull/1206))<br> - Fixed quotes handling for update-engine ([Flatcar#1209](https://github.com/flatcar/Flatcar/issues/1209))<br> - Fixed the postinstall hook failure when updating from Azure instances without OEM systemd-sysext images to Flatcar Alpha 3745.x.y ([update_engine#29](https://github.com/flatcar/update_engine/pull/29))<br> <br> #### Changes:<br> <br> - To make Kubernetes work by default, `/usr/libexec/kubernetes/kubelet-plugins/volume/exec` is now a symlink to the writable folder `/var/kubernetes/kubelet-plugins/volume/exec` ([Flatcar#1193](https://github.com/flatcar/Flatcar/issues/1193))<br> <br> #### Updates:<br> <br> - Go ([1.20.10](https://go.dev/doc/devel/release#go1.20.10) (includes [1.20.9](https://go.dev/doc/devel/release#go1.20.9)))<br> - Linux ([6.1.58](https://lwn.net/Articles/947820) (includes [6.1.57](https://lwn.net/Articles/947298), [6.1.56](https://lwn.net/Articles/946854)))<br> - ca-certificates ([3.94](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_94.html))<br> - containerd ([1.7.7](https://github.com/containerd/containerd/releases/tag/v1.7.7))<br> - curl ([8.4.0](https://curl.se/changes.html#8_4_0))<br> - libnl ([3.8.0](https://github.com/thom311/libnl/compare/libnl3_7_0...libnl3_8_0))<br> - libtirpc ([1.3.4](https://marc.info/?l=linux-nfs&m=169667640909830&w=2))<br> - libxml2 ([2.11.5](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.5))<br> - openssh ([9.5p1](https://www.openssh.com/releasenotes.html#9.5p1))<br> - pigz ([2.8](https://zlib.net/pipermail/pigz-announce_zlib.net/2023-August/000018.html))<br> - strace ([6.4](https://github.com/strace/strace/releases/tag/v6.4))<br> - whois ([5.5.18](https://github.com/rfc1036/whois/blob/v5.5.18/debian/changelog))<br>Packages:<br>- containerd 1.7.7<br>- docker 20.10.24<br>- ignition 2.15.0<br>- kernel 6.1.58<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-10-25T08:37:38+00:00 @@ -2342,7 +2366,7 @@ https://github.com/flatcar/scripts/releases/tag/alpha-3745.0.0 3745.0.0 - 2023-10-25T10:20:43.059155+00:00 + 2023-11-22T09:59:32.931684+00:00 _Changes since **Alpha 3732.0.0**_<br><br> #### Security fixes:<br> <br> - Linux ([CVE-2023-42755](https://nvd.nist.gov/vuln/detail/CVE-2023-42755))<br> - curl ([CVE-2023-38039](https://nvd.nist.gov/vuln/detail/CVE-2023-38039))<br> - glibc ([CVE-2023-4527](https://nvd.nist.gov/vuln/detail/CVE-2023-4527), [CVE-2023-4806](https://nvd.nist.gov/vuln/detail/CVE-2023-4806))<br> - lua ([CVE-2022-33099](https://nvd.nist.gov/vuln/detail/CVE-2022-33099))<br> - mit-krb5 ([CVE-2023-36054](https://nvd.nist.gov/vuln/detail/CVE-2023-36054))<br> - procps ([CVE-2023-4016](https://nvd.nist.gov/vuln/detail/CVE-2023-4016))<br> - samba ([CVE-2021-44142](https://nvd.nist.gov/vuln/detail/CVE-2021-44142), [CVE-2022-1615](https://nvd.nist.gov/vuln/detail/CVE-2022-1615))<br> <br> #### Bug fixes:<br> <br> - Triggered re-reading of partition table to fix adding partitions to the boot disk ([scripts#1202](https://github.com/flatcar/scripts/pull/1202))<br> <br> #### Changes:<br> <br> - Reworked the VMware OEM software to be shipped as A/B updated systemd-sysext image<br> - Started shipping default ssh client and ssh daemon configs in `/etc/ssh/ssh_config` and `/etc/ssh/sshd_config` which include config snippets in `/etc/ssh/ssh_config.d` and `/etc/ssh/sshd_config.d`, respectively.<br> - Use qcow2 compressed format instead of additional compression layer in Qemu images ([Flatcar#1135](https://github.com/flatcar/Flatcar/issues/1135), [scripts#1132](https://github.com/flatcar/scripts/pull/1132))<br> - AWS: AWS OEM images now use a systemd-sysext image for layering additional platform-specific software on top of `/usr`<br> - SDK: Experimental support for [prefix builds](https://github.com/flatcar/scripts/blob/main/PREFIX.md) to create distro independent, portable, self-contained applications w/ all dependencies included. With contributions from [chewi](https://github.com/chewi) and [HappyTobi](https://github.com/HappyTobi).<br> - VMware: The open-vm-tools package in VMware OEM now comes with vmhgfs-fuse, udev rules, pam and vgauth<br> <br> #### Updates:<br> <br> - Linux ([6.1.55](https://lwn.net/Articles/945379))<br> - Linux Firmware ([20230919](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20230919))<br> - bind-tools ([9.16.42](https://bind9.readthedocs.io/en/v9.16.42/notes.html#notes-for-bind-9-16-42))<br> - checkpolicy ([3.5](https://github.com/SELinuxProject/selinux/releases/tag/3.5))<br> - curl ([8.3.0](https://curl.se/changes.html#8_3_0))<br> - gcc ([13.2](https://gcc.gnu.org/gcc-13/changes.html))<br> - gzip ([1.13](https://savannah.gnu.org/news/?id=10501))<br> - libgcrypt ([1.10.2](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=blob;f=NEWS;h=c9a239615f8070427a96688b1be40a81e59e9b8a;hb=1c5cbacf3d88dded5063e959ee68678ff7d0fa56))<br> - libselinux ([3.5](https://github.com/SELinuxProject/selinux/releases/tag/3.5))<br> - libsemanage ([3.5](https://github.com/SELinuxProject/selinux/releases/tag/3.5))<br> - libsepol ([3.5](https://github.com/SELinuxProject/selinux/releases/tag/3.5))<br> - lua ([5.4.6](https://www.lua.org/manual/5.4/readme.html#changes))<br> - mit-krb5 ([1.21.2](http://web.mit.edu/kerberos/krb5-1.21/))<br> - openssh ([9.4p1](https://www.openssh.com/releasenotes.html#9.4p1))<br> - policycoreutils ([3.5](https://github.com/SELinuxProject/selinux/releases/tag/3.5))<br> - procps ([4.0.4](https://gitlab.com/procps-ng/procps/-/releases/v4.0.4) (includes [4.0.3](https://gitlab.com/procps-ng/procps/-/releases/v4.0.3) and [4.0.0](https://gitlab.com/procps-ng/procps/-/releases/v4.0.0)))<br> - rpcsvc-proto ([1.4.4](https://github.com/thkukuk/rpcsvc-proto/releases/tag/v1.4.4))<br> - samba ([4.18.4](https://wiki.samba.org/index.php/Samba_4.18_Features_added/changed#Samba_4.18.4))<br> - selinux-base ([2.20221101](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20221101))<br> - selinux-base-policy ([2.20221101](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20221101))<br> - selinux-container ([2.20221101](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20221101))<br> - selinux-sssd ([2.20221101](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20221101))<br> - selinux-unconfined ([2.20221101](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20221101))<br> - semodule-utils ([3.5](https://github.com/SELinuxProject/selinux/releases/tag/3.5))<br> - SDK: Rust ([1.72.1](https://github.com/rust-lang/rust/releases/tag/1.72.1))<br> - VMWARE: libdnet ([1.16.2](https://github.com/ofalk/libdnet/releases/tag/libdnet-1.16.2) (includes [1.16](https://github.com/ofalk/libdnet/releases/tag/libdnet-1.16)))<br>Packages:<br>- containerd 1.7.6<br>- docker 20.10.24<br>- ignition 2.15.0<br>- kernel 6.1.55<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-10-05T09:58:43+00:00 @@ -2350,7 +2374,7 @@ https://github.com/flatcar/scripts/releases/tag/alpha-3732.0.0 3732.0.0 - 2023-10-25T10:20:43.051671+00:00 + 2023-11-22T09:59:32.924105+00:00 _Changes since **Alpha 3717.0.0**_<br> <br> #### Known issues:<br> - Regression in Kernel 6.1.54, so that a specific cgroupv1 sysfs entry for reading Kernel memory limit disappeared. Container runtimes like runc are mainly affected. The issue was already reported to the upstream Kernel community.<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2023-25775](https://nvd.nist.gov/vuln/detail/CVE-2023-25775), [CVE-2023-4623](https://nvd.nist.gov/vuln/detail/CVE-2023-4623))<br> - Go ([CVE-2023-39318](https://nvd.nist.gov/vuln/detail/CVE-2023-39318), [CVE-2023-39319](https://nvd.nist.gov/vuln/detail/CVE-2023-39319), [CVE-2023-39320](https://nvd.nist.gov/vuln/detail/CVE-2023-39320), [CVE-2023-39321](https://nvd.nist.gov/vuln/detail/CVE-2023-39321), [CVE-2023-39322](https://nvd.nist.gov/vuln/detail/CVE-2023-39322))<br> - nvidia-drivers ([CVE-2023-25515](https://nvd.nist.gov/vuln/detail/CVE-2023-25515), [CVE-2023-25516](https://nvd.nist.gov/vuln/detail/CVE-2023-25516))<br> - torcx ([CVE-2022-28948](https://nvd.nist.gov/vuln/detail/CVE-2022-28948))<br> - SDK: Python ([CVE-2023-40217](https://nvd.nist.gov/vuln/detail/CVE-2023-40217), [CVE-2023-41105](https://nvd.nist.gov/vuln/detail/CVE-2023-41105))<br> <br> #### Bug fixes:<br> <br> - Fix the RemainAfterExit clause in nvidia.service ([Flatcar#1169](https://github.com/flatcar/Flatcar/issues/1169))<br> - Fixed bug in handling renamed network interfaces when generating login issue ([init#102](https://github.com/flatcar/init/pull/102))<br> <br> #### Changes:<br> <br> - OEM vendor tools are now A/B updated if they are shipped as systemd-sysext images, the migration happens when both partitions require a systemd-sysext OEM image - note that this will delete the `nvidia.service` from `/etc` on Azure because it's now part of `/usr` ([Flatcar#60](https://github.com/flatcar/Flatcar/issues/60))<br> - Azure: Add support for Microsoft Azure Network Adapter (MANA) NICs on Azure ([scripts#1131](https://github.com/flatcar/scripts/pull/1131))<br> <br> #### Updates:<br><br> - Linux ([6.1.54](https://lwn.net/Articles/944876) (includes [6.1.53](https://lwn.net/Articles/944358), [6.1.52](https://lwn.net/Articles/943754), [6.1.51](https://lwn.net/Articles/943403)))<br> - Go ([1.19.13](https://go.dev/doc/devel/release#go1.19.13))<br> - Go ([1.20.8](https://go.dev/doc/devel/release#go1.20.8))<br> - cJSON ([1.7.16](https://github.com/DaveGamble/cJSON/releases/tag/v1.7.16))<br> - ca-certificates ([3.93](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_93.html))<br> - containerd ([1.7.6](https://github.com/containerd/containerd/releases/tag/v1.7.6))<br> - ethtool ([6.4](https://git.kernel.org/pub/scm/network/ethtool/ethtool.git/tree/NEWS?h=v6.4))<br> - glib ([2.76.4](https://gitlab.gnome.org/GNOME/glib/-/releases/2.76.4))<br> - glibc ([2.37](https://sourceware.org/git/?p=glibc.git;a=tag;h=refs/tags/glibc-2.37))<br> - gmp ([6.3.0](https://gmplib.org/gmp6.3))<br> - hwdata ([0.373](https://github.com/vcrhonek/hwdata/commits/v0.373) (includes [0.372](https://github.com/vcrhonek/hwdata/commits/v0.372)))<br> - inih ([57](https://github.com/benhoyt/inih/releases/tag/r57))<br> - iproute2 ([6.4.0](https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/log/?h=v6.4.0))<br> - libmicrohttpd ([0.9.77](https://gitlab.com/libmicrohttpd/libmicrohttpd/-/releases/v0.9.77))<br> - libnftnl ([1.2.6](https://git.netfilter.org/libnftnl/log/?h=libnftnl-1.2.6))<br> - libnvme ([1.5](https://github.com/linux-nvme/libnvme/releases/tag/v1.5))<br> - nvidia-drivers ([535.104.05](https://docs.nvidia.com/datacenter/tesla/tesla-release-notes-535-104-05/index.html))<br> - nvme-cli ([2.5](https://github.com/linux-nvme/nvme-cli/releases/tag/v2.5))<br> - openldap ([2.6.4](https://git.openldap.org/openldap/openldap/-/blob/OPENLDAP_REL_ENG_2_6_4/CHANGES))<br> - tar ([1.35](https://lists.gnu.org/archive/html/info-gnu/2023-07/msg00005.html))<br> - xfsprogs ([6.4.0](https://git.kernel.org/pub/scm/fs/xfs/xfsprogs-dev.git/tree/doc/CHANGES?h=v6.4.0))<br> - SDK: file ([5.45](https://github.com/file/file/blob/FILE5_45/ChangeLog))<br> - SDK: gnuconfig ([20230731](https://git.savannah.gnu.org/cgit/config.git/log/?id=d4e37b5868ef910e3e52744c34408084bb13051c))<br> - SDK: kbd ([2.6.1](https://github.com/legionus/kbd/releases/tag/v2.6.1) (includes [2.6.0](https://github.com/legionus/kbd/releases/tag/v2.6.0)))<br> - SDK: python ([3.11.5](https://www.python.org/downloads/release/python-3115/))<br> - SDK: qemu ([8.0.4](https://wiki.qemu.org/ChangeLog/8.0))<br>Packages:<br>- containerd 1.7.6<br>- docker 20.10.24<br>- ignition 2.15.0<br>- kernel 6.1.54<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-09-21T11:35:29+00:00 @@ -2358,7 +2382,7 @@ https://github.com/flatcar/scripts/releases/tag/alpha-3717.0.0 3717.0.0 - 2023-10-25T10:20:43.044268+00:00 + 2023-11-22T09:59:32.916603+00:00 _Changes since **Alpha 3689.0.0**_<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2022-40982](https://nvd.nist.gov/vuln/detail/CVE-2022-40982), [CVE-2022-41804](https://nvd.nist.gov/vuln/detail/CVE-2022-41804), [CVE-2023-20569](https://nvd.nist.gov/vuln/detail/CVE-2023-20569), [CVE-2023-20588](https://nvd.nist.gov/vuln/detail/CVE-2023-20588), [CVE-2023-34319](https://nvd.nist.gov/vuln/detail/CVE-2023-34319), [CVE-2023-3772](https://nvd.nist.gov/vuln/detail/CVE-2023-3772), [CVE-2023-3773](https://nvd.nist.gov/vuln/detail/CVE-2023-3773), [CVE-2023-40283](https://nvd.nist.gov/vuln/detail/CVE-2023-40283), [CVE-2023-4128](https://nvd.nist.gov/vuln/detail/CVE-2023-4128), [CVE-2023-4155](https://nvd.nist.gov/vuln/detail/CVE-2023-4155), [CVE-2023-4273](https://nvd.nist.gov/vuln/detail/CVE-2023-4273), [CVE-2023-23908](https://nvd.nist.gov/vuln/detail/CVE-2023-23908))<br> - grub ([CVE-2020-10713](https://nvd.nist.gov/vuln/detail/CVE-2020-10713), [CVE-2020-14372](https://nvd.nist.gov/vuln/detail/CVE-2020-14372), [CVE-2020-25632](https://nvd.nist.gov/vuln/detail/CVE-2020-25632), [CVE-2020-25647](https://nvd.nist.gov/vuln/detail/CVE-2020-25647), [CVE-2020-27749](https://nvd.nist.gov/vuln/detail/CVE-2020-27749), [CVE-2020-27779](https://nvd.nist.gov/vuln/detail/CVE-2020-27779), [CVE-2021-20225](https://nvd.nist.gov/vuln/detail/CVE-2021-20225), [CVE-2021-20233](https://nvd.nist.gov/vuln/detail/CVE-2021-20233), [CVE-2021-3981](https://nvd.nist.gov/vuln/detail/CVE-2021-3981), [CVE-2021-3695](https://nvd.nist.gov/vuln/detail/CVE-2021-3695), [CVE-2021-3696](https://nvd.nist.gov/vuln/detail/CVE-2021-3696), [CVE-2021-3697](https://nvd.nist.gov/vuln/detail/CVE-2021-3697), [CVE-2022-28733](https://nvd.nist.gov/vuln/detail/CVE-2022-28733), [CVE-2022-28734](https://nvd.nist.gov/vuln/detail/CVE-2022-28734), [CVE-2022-28735](https://nvd.nist.gov/vuln/detail/CVE-2022-28735), [CVE-2022-28736](https://nvd.nist.gov/vuln/detail/CVE-2022-28736), [CVE-2022-28737](https://nvd.nist.gov/vuln/detail/CVE-2022-28737), [CVE-2022-2601](https://nvd.nist.gov/vuln/detail/CVE-2022-2601), [CVE-2022-3775](https://nvd.nist.gov/vuln/detail/CVE-2022-3775))<br> - intel-microcode ([CVE-2022-40982](https://nvd.nist.gov/vuln/detail/CVE-2022-40982), [CVE-2022-41804](https://nvd.nist.gov/vuln/detail/CVE-2022-41804), [CVE-2023-23908](https://nvd.nist.gov/vuln/detail/CVE-2023-23908))<br> - libarchive ([libarchive-20230729](https://github.com/libarchive/libarchive/releases/tag/v3.7.1))<br> - vim ([CVE-2023-2609](https://nvd.nist.gov/vuln/detail/CVE-2023-2609), [CVE-2023-2610](https://nvd.nist.gov/vuln/detail/CVE-2023-2610))<br> - VMware: open-vm-tools ([CVE-2023-20900](https://nvd.nist.gov/vuln/detail/CVE-2023-20900))<br> - SDK: qemu ([CVE-2023-0330](https://nvd.nist.gov/vuln/detail/CVE-2023-0330), [CVE-2023-2861](https://nvd.nist.gov/vuln/detail/CVE-2023-2861))<br> - SDK: Rust ([CVE-2023-38497](https://nvd.nist.gov/vuln/detail/CVE-2023-38497))<br><br> #### Bug fixes:<br> <br> - Fixed the restart of Systemd services when the main process is being killed by a SIGHUP signal ([Flatcar#1157](https://github.com/flatcar/Flatcar/issues/1157))<br> <br> #### Changes:<br> <br> - Change nvidia.service to type oneshot (from the default "simple") so the subsequent services (configured with "Requires/After") are executed after the driver installation is successfully finished ([Flatcar#1136](https://github.com/flatcar/Flatcar/issues/1136))<br> <br> #### Updates:<br> <br> - Linux ([6.1.50](https://lwn.net/Articles/943112) (includes [6.1.49](https://lwn.net/Articles/942880), [6.1.48](https://lwn.net/Articles/942865), [6.1.47](https://lwn.net/Articles/942531), [6.1.46](https://lwn.net/Articles/941774), [6.1.45](https://lwn.net/Articles/941275), [6.1.44](https://lwn.net/Articles/940800)))<br> - Linux Firmware ([20230804](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20230804))<br> - cifs-utils ([7.0](https://lists.samba.org/archive/samba-technical/2022-August/137528.html))<br> - containerd ([1.7.5](https://github.com/containerd/containerd/releases/tag/v1.7.5) (includes [1.7.4](https://github.com/containerd/containerd/releases/tag/v1.7.4)))<br> - cryptsetup ([2.6.1](https://gitlab.com/cryptsetup/cryptsetup/-/blob/v2.6.1/docs/v2.6.1-ReleaseNotes) (includes [2.6.0](https://gitlab.com/cryptsetup/cryptsetup/-/blob/v2.6.0/docs/v2.6.0-ReleaseNotes) and [2.5.0](https://gitlab.com/cryptsetup/cryptsetup/-/blob/v2.5.0/docs/v2.5.0-ReleaseNotes)))<br> - curl ([8.2.1](https://curl.se/changes.html#8_2_1) (includes [8.2.0](https://curl.se/changes.html#8_2_0)))<br> - gdbm ([1.23](https://lists.gnu.org/archive/html/info-gnu/2022-02/msg00004.html))<br> - grub ([2.06](https://lists.gnu.org/archive/html/grub-devel/2021-06/msg00022.html))<br> - intel-microcode ([20230808](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230808) (includes [20230613](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230613)))<br> - libarchive ([3.7.1](https://github.com/libarchive/libarchive/releases/tag/v3.7.1) (includes [3.7.0](https://github.com/libarchive/libarchive/releases/tag/v3.7.0)))<br> - libassuan ([2.5.6](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libassuan.git;a=blob;f=NEWS;h=e52bb5dd36ac93ea227e53e89f82af9ccf38f339;hb=6b50ee6bcdd6aa81bd7cc3fb2379864c3ed479b8))<br> - libksba ([1.6.4](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=blob;f=NEWS;h=f640523209c1c9ce9855040e53914a79d24d6a67;hb=557999424ebd13e70d6fc17e648a5dd2a06f440b))<br> - libmd ([1.1.0](https://git.hadrons.org/cgit/libmd.git/log/?h=1.1.0))<br> - libuv ([1.46.0](https://github.com/libuv/libuv/releases/tag/v1.46.0) (includes [1.45.0](https://github.com/libuv/libuv/releases/tag/v1.45.0)))<br> - lsof ([4.98.0](https://github.com/lsof-org/lsof/blob/4.98.0/00DIST#L5471))<br> - open-isns ([0.102](https://github.com/open-iscsi/open-isns/blob/v0.102/ChangeLog))<br> - openldap ([2.6.3](https://lists.openldap.org/hyperkitty/list/openldap-announce@openldap.org/thread/FQJM2JSSSOMLQH7XC7Q5IZJYOGCTV2LK/) (includes [2.6](https://lists.openldap.org/hyperkitty/list/openldap-announce@openldap.org/thread/IHS5V46H6NFNFUERMC6AWMPHTWRVNLFA/)))<br> - parted ([3.6](https://git.savannah.gnu.org/gitweb/?p=parted.git;a=blob;f=NEWS;h=52bb11697039f70e55120c571750f9ee761a75aa;hb=3b5f327b213d21e9adb9ba933c78dd898fee5b1d))<br> - psmisc ([23.6](https://gitlab.com/psmisc/psmisc/-/blob/v23.6/ChangeLog))<br> - qemu guest agent ([8.0.3](https://wiki.qemu.org/ChangeLog/8.0#Guest_agent))<br> - quota ([4.09](https://sourceforge.net/p/linuxquota/code/ci/87d2fd7635e4bca54fa2a00b8d5b073ba9ca521b/tree/Changelog))<br> - runc ([1.1.9](https://github.com/opencontainers/runc/releases/tag/v1.1.9))<br> - vim ([9.0.1678](https://github.com/vim/vim/commits/v9.0.1678) (includes [9.0.1677](https://github.com/vim/vim/commits/v9.0.1677)))<br> - xfsprogs ([6.3.0](https://git.kernel.org/pub/scm/fs/xfs/xfsprogs-dev.git/tree/doc/CHANGES?h=v6.3.0))<br> - VMware: open-vm-tools ([12.3.0](https://github.com/vmware/open-vm-tools/releases/tag/stable-12.3.0))<br> - SDK: portage ([3.0.49](https://gitweb.gentoo.org/proj/portage.git/tree/NEWS?h=portage-3.0.49))<br> - SDK: Rust ([1.72.0](https://github.com/rust-lang/rust/releases/tag/1.72.0) (includes [1.71.1](https://github.com/rust-lang/rust/releases/tag/1.71.1)))<br> - SDK: qemu ([8.0.3](https://wiki.qemu.org/ChangeLog/8.0))<br><br>Packages:<br>- containerd 1.7.5<br>- docker 20.10.24<br>- ignition 2.15.0<br>- kernel 6.1.50<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-09-06T13:17:39+00:00 @@ -2366,7 +2390,7 @@ https://github.com/flatcar/scripts/releases/tag/alpha-3689.0.0 3689.0.0 - 2023-10-25T10:20:43.035405+00:00 + 2023-11-22T09:59:32.907712+00:00 _Changes since **Alpha 3665.0.0**_<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2022-48502](https://nvd.nist.gov/vuln/detail/CVE-2022-48502), [CVE-2023-20593](https://nvd.nist.gov/vuln/detail/CVE-2023-20593), [CVE-2023-2898](https://nvd.nist.gov/vuln/detail/CVE-2023-2898), [CVE-2023-31248](https://nvd.nist.gov/vuln/detail/CVE-2023-31248), [CVE-2023-35001](https://nvd.nist.gov/vuln/detail/CVE-2023-35001), [CVE-2023-3611](https://nvd.nist.gov/vuln/detail/CVE-2023-3611), [CVE-2023-3776](https://nvd.nist.gov/vuln/detail/CVE-2023-3776), [CVE-2023-3863](https://nvd.nist.gov/vuln/detail/CVE-2023-3863))<br> - Go ([CVE-2023-29406](https://nvd.nist.gov/vuln/detail/CVE-2023-29406), [CVE-2023-29409](https://nvd.nist.gov/vuln/detail/CVE-2023-29409))<br> - OpenSSH ([CVE-2023-38408](https://nvd.nist.gov/vuln/detail/CVE-2023-38408))<br> - OpenSSL ([CVE-2023-2975](https://nvd.nist.gov/vuln/detail/CVE-2023-2975), [CVE-2023-3446](https://nvd.nist.gov/vuln/detail/CVE-2023-3446))<br> - libxml2 ([libxml2-20230428](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.4))<br> - linux-firmware ([CVE-2023-20593](https://nvd.nist.gov/vuln/detail/CVE-2023-20593))<br> - openldap ([CVE-2023-2953](https://nvd.nist.gov/vuln/detail/CVE-2023-2953))<br> - shadow ([CVE-2023-29383](https://nvd.nist.gov/vuln/detail/CVE-2023-29383))<br> <br> #### Updates:<br> <br> - Linux ([6.1.43](https://lwn.net/Articles/940338) (includes [6.1.42](https://lwn.net/Articles/939423), [6.1.41](https://lwn.net/Articles/939103), [6.1.40](https://lwn.net/Articles/939015), [6.1.39](https://lwn.net/Articles/938619)))<br> - Go ([1.20.7](https://go.dev/doc/devel/release#go1.20.7))<br> - ca-certificates ([3.92](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_92.html))<br> - containerd ([1.7.3](https://github.com/containerd/containerd/releases/tag/v1.7.3))<br> - git ([2.41.0](https://lore.kernel.org/git/xmqqleh3a3wm.fsf@gitster.g/))<br> - iperf ([3.14](https://github.com/esnet/iperf/blob/master/RELNOTES.md#iperf-314-2023-07-07))<br> - libxml2 ([2.11.4](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.4))<br> - libxslt ([1.1.38](https://gitlab.gnome.org/GNOME/libxslt/-/releases/v1.1.38))<br> - openldap ([2.5.14](https://lists.openldap.org/hyperkitty/list/openldap-announce@openldap.org/thread/TZQHR4SIWUA5BZTKDAKSFDOOGDVU4TU7/) (includes [2.5](https://lists.openldap.org/hyperkitty/list/openldap-announce@openldap.org/thread/BH3VDPG6IYYF5L5U6LZGHHKMJY5HFA3L/)))<br> - runc ([1.1.8](https://github.com/opencontainers/runc/releases/tag/v1.1.8))<br> - SDK: pahole ([1.25](https://github.com/acmel/dwarves/blob/master/changes-v1.25))<br> - SDK: Rust ([1.71.0](https://github.com/rust-lang/rust/releases/tag/1.71.0))<br><br>Packages:<br>- containerd 1.7.3<br>- docker 20.10.24<br>- ignition 2.15.0<br>- kernel 6.1.43<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-08-09T11:44:42+00:00 @@ -2374,7 +2398,7 @@ https://github.com/flatcar/scripts/releases/tag/alpha-3665.0.0 3665.0.0 - 2023-10-25T10:20:43.029418+00:00 + 2023-11-22T09:59:32.901644+00:00 _Changes since **Alpha 3654.0.0**_<br> <br> #### Security fixes:<br> <br> - binutils ([CVE-2022-38533](https://nvd.nist.gov/vuln/detail/CVE-2022-38533), [CVE-2022-4285](https://nvd.nist.gov/vuln/detail/CVE-2022-4285), [CVE-2023-1579](https://nvd.nist.gov/vuln/detail/CVE-2023-1579), [CVE-2023-2222](https://nvd.nist.gov/vuln/detail/CVE-2023-2222))<br> - ncurses ([CVE-2023-29491](https://nvd.nist.gov/vuln/detail/CVE-2023-29491))<br> - protobuf ([CVE-2022-1941](https://nvd.nist.gov/vuln/detail/CVE-2022-1941))<br> <br> #### Changes:<br> <br> - :warning: Dropped support for niftycloud and interoute. For interoute we haven't been generating the images for some time already.<br> <br> #### Updates:<br> <br> - Linux ([6.1.38](https://lwn.net/Articles/937403))<br> - Linux Firmware ([20230625](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20230625))<br> - binutils ([2.40](https://lists.gnu.org/archive/html/info-gnu/2023-01/msg00003.html))<br> - containerd ([1.7.2](https://github.com/containerd/containerd/releases/tag/v1.7.2))<br> - elfutils ([0.189](https://sourceware.org/pipermail/elfutils-devel/2023q1/006023.html))<br> - glib ([2.76.3](https://gitlab.gnome.org/GNOME/glib/-/releases/2.76.3))<br> - ldb ([2.4.4](https://gitlab.com/samba-team/samba/-/commit/b686ef00da46d4a0c0aba0c61b1866cbc9b462b6) (includes [2.4.3](https://gitlab.com/samba-team/samba/-/commit/604f94704f30e90ef960aa2be62a14d2e614a002), [2.4.2](https://gitlab.com/samba-team/samba/-/commit/d93892d2e8ed69758c15ab18bc03bba09e715bc6)))<br> - lua ([5.4.4](https://www.lua.org/manual/5.4/readme.html#changes))<br> - ncurses ([6.4](https://invisible-island.net/ncurses/announce.html#h2-release-notes))<br> - nettle ([3.9.1](https://git.lysator.liu.se/nettle/nettle/-/blob/nettle_3.9.1_release_20230601/ChangeLog))<br> - nmap ([7.94](https://nmap.org/changelog.html#7.94))<br> - pax-utils ([1.3.7](https://gitweb.gentoo.org/proj/pax-utils.git/log/?h=v1.3.7))<br> - protobuf ([21.9](https://github.com/protocolbuffers/protobuf/releases/tag/v21.9))<br> - python ([3.11.3](https://www.python.org/downloads/release/python-3113/))<br> - talloc ([2.4.0](https://gitlab.com/samba-team/samba/-/commit/5224ed98eeba43f22b5f5f87de5947fbb1c1c7c1) (includes [2.3.4](https://gitlab.com/samba-team/samba/-/commit/0189ccf9fc3d2a77cc83cffe180e307bcdccebb4)))<br> - tdb ([1.4.8](https://gitlab.com/samba-team/samba/-/commit/eab796a4f9172e602dc262f3c99ead35b35929e7) (includes [1.4.7](https://gitlab.com/samba-team/samba/-/commit/27ceb1c3ad786386e746a5e2968780d791393b9e), [1.4.6](https://gitlab.com/samba-team/samba/-/commit/1c776e54cf33b46b2ed73263f093d596a0cdbb2f)))<br> - tevent ([0.14.1](https://gitlab.com/samba-team/samba/-/commits/tevent-0.14.1?ref_type=tags) (includes [0.14.0](https://gitlab.com/samba-team/samba/-/commits/tevent-0.14.0?ref_type=tags), [0.13.0](https://gitlab.com/samba-team/samba/-/commits/tevent-0.13.0?ref_type=tags), [0.12.1](https://gitlab.com/samba-team/samba/-/commits/tevent-0.12.1?ref_type=tags), [0.12.0](https://gitlab.com/samba-team/samba/-/commits/tevent-0.12.0?ref_type=tags)))<br> - SDK: perf ([6.3](https://kernelnewbies.org/LinuxChanges#Linux_6.3.Tracing.2C_perf_and_BPF))<br> - SDK: perl ([5.36.1](https://perldoc.perl.org/perl5361delta))<br> - SDK: qemu ([7.2.3](https://wiki.qemu.org/ChangeLog/7.2))<br>Packages:<br>- containerd 1.7.2<br>- docker 20.10.24<br>- ignition 2.15.0<br>- kernel 6.1.38<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-07-18T08:59:19+00:00 @@ -2382,7 +2406,7 @@ https://github.com/flatcar/scripts/releases/tag/alpha-3654.0.0 3654.0.0 - 2023-10-25T10:20:43.023040+00:00 + 2023-11-22T09:59:32.895136+00:00 _Changes since **Alpha 3637.0.0**_<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2023-3269](https://nvd.nist.gov/vuln/detail/CVE-2023-3269), [CVE-2023-3390](https://nvd.nist.gov/vuln/detail/CVE-2023-3390))<br> - OpenSSL ([CVE-2023-2650](https://nvd.nist.gov/vuln/detail/CVE-2023-2650))<br> - libmicrohttpd ([CVE-2023-27371](https://nvd.nist.gov/vuln/detail/CVE-2023-27371))<br> - vim ([CVE-2023-2426](https://nvd.nist.gov/vuln/detail/CVE-2023-2426))<br> <br> #### Bug fixes:<br> <br> - Ensured that the folder `/var/log/sssd` is created if it doesn't exist, required for `sssd.service` ([Flatcar#1096](https://github.com/flatcar/Flatcar/issues/1096))<br> - Worked around a bash regression in `flatcar-install` and added error reporting for disk write failures ([Flatcar#1059](https://github.com/flatcar/Flatcar/issues/1059))<br> <br> #### Changes:<br> <br> - Changed ext4 inode size of root partition to 256 bytes. This improves compatibility with applications and is necessary for 2038 readiness ([Flatcar#1082](https://github.com/flatcar/Flatcar/issues/1082))<br> - Updated locksmith to use non-deprecated resource control options in the systemd unit ([Locksmith#20](https://github.com/flatcar/locksmith/pull/20))<br> - SDK: Added the `build_sysext` script to ease building systemd-sysext images for Flatcar ([Flatcar#1052](https://github.com/flatcar/Flatcar/issues/1052), [scripts#920](https://github.com/flatcar/scripts/pull/920))<br> <br> #### Updates:<br> <br> - Linux ([6.1.37](https://lwn.net/Articles/937082) (includes [6.1.36](https://lwn.net/Articles/936674), [6.1.35](https://lwn.net/Articles/935588)))<br> - OpenSSL ([3.0.9](https://github.com/openssl/openssl/blob/openssl-3.0.9/NEWS.md#major-changes-between-openssl-308-and-openssl-309-30-may-2023))<br> - XZ utils ([5.4.3](https://git.tukaani.org/?p=xz.git;a=blob;f=NEWS;h=2f4d35adca6198671434d2988803cc9316ad1ec8;hb=dbb3a536ed9873ffa0870321f6873e564c6a9da8))<br> - bind tools ([9.16.41](https://bind9.readthedocs.io/en/v9.16.41/notes.html#notes-for-bind-9-16-41))<br> - bpftool ([6.3](https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/log/tools/bpf/bpftool?h=v6.3))<br> - ca-certificates ([3.91](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_91.html))<br> - coreutils ([9.3](https://lists.gnu.org/archive/html/info-gnu/2023-04/msg00006.html))<br> - curl ([8.1.2](https://curl.se/changes.html#8_1_2))<br> - diffutils ([3.10](https://lists.gnu.org/archive/html/info-gnu/2023-05/msg00009.html))<br> - ethtool ([6.3](https://git.kernel.org/pub/scm/network/ethtool/ethtool.git/commit/?id=7bdf78f0d2a9ae1571fe9444e552490130e573fd))<br> - gawk ([5.2.2](https://lists.gnu.org/archive/html/info-gnu/2023-05/msg00008.html))<br> - gdb ([13.2](https://lists.gnu.org/archive/html/info-gnu/2023-05/msg00011.html))<br> - grep ([3.11](https://lists.gnu.org/archive/html/info-gnu/2023-05/msg00004.html))<br> - hwdata ([0.371](https://github.com/vcrhonek/hwdata/commits/v0.371))<br> - intel-microcode ([20230512](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230512))<br> - iproute ([6.3.0](https://lwn.net/Articles/930473/))<br> - less ([633](http://www.greenwoodsoftware.com/less/news.633.html))<br> - libgpg-error ([1.47](https://dev.gnupg.org/T6231))<br> - libmicrohttpd ([0.9.76](https://lists.gnu.org/archive/html/libmicrohttpd/2023-02/msg00000.html))<br> - libpcap ([1.10.4](https://github.com/the-tcpdump-group/libpcap/blob/24832dd2728bd95ed9b9464ef27b47a943c38003/CHANGES#L51))<br> - multipath-tools ([0.9.5](https://github.com/opensvc/multipath-tools/commits/0.9.5))<br> - pciutils ([3.10.0](https://github.com/pciutils/pciutils/blob/v3.10.0/ChangeLog))<br> - sqlite ([3.42.0](https://sqlite.org/releaselog/3_42_0.html))<br> - strace ([6.3](https://github.com/strace/strace/releases/tag/v6.3))<br> - vim ([9.0.1503](https://github.com/vim/vim/commits/v9.0.1503))<br> - wget ([1.21.4](https://lists.gnu.org/archive/html/info-gnu/2023-05/msg00003.html))<br> - whois ([5.5.17](https://github.com/rfc1036/whois/commit/bac7108b01cfd54c517444efa1239e10e6edd5a4))<br> - SDK: portage ([3.0.46](https://gitweb.gentoo.org/proj/portage.git/tree/NEWS?h=portage-3.0.46))<br> - SDK: python ([3.10.12](https://www.python.org/downloads/release/python-31012/))<br><br>Packages:<br>- containerd 1.6.21<br>- docker 20.10.24<br>- ignition 2.15.0<br>- kernel 6.1.37<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-07-06T12:15:07+00:00 @@ -2390,7 +2414,7 @@ https://github.com/flatcar/scripts/releases/tag/alpha-3637.0.0 3637.0.0 - 2023-10-25T10:20:43.015821+00:00 + 2023-11-22T09:59:32.887866+00:00 _Changes since **Alpha 3619.0.0**_<br> <br>#### Security fixes:<br> <br>- Go ([CVE-2023-29402](https://nvd.nist.gov/vuln/detail/CVE-2023-29402), [CVE-2023-29403](https://nvd.nist.gov/vuln/detail/CVE-2023-29403), [CVE-2023-29404](https://nvd.nist.gov/vuln/detail/CVE-2023-29404), [CVE-2023-29405](https://nvd.nist.gov/vuln/detail/CVE-2023-29405))<br>- c-ares ([CVE-2023-31124](https://nvd.nist.gov/vuln/detail/CVE-2023-31124), [CVE-2023-31130](https://nvd.nist.gov/vuln/detail/CVE-2023-31130), [CVE-2023-31147](https://nvd.nist.gov/vuln/detail/CVE-2023-31147), [CVE-2023-32067](https://nvd.nist.gov/vuln/detail/CVE-2023-32067))<br>- sudo ([CVE-2023-27320](https://nvd.nist.gov/vuln/detail/CVE-2023-27320), [CVE-2023-28486](https://nvd.nist.gov/vuln/detail/CVE-2023-28486), [CVE-2023-28487](https://nvd.nist.gov/vuln/detail/CVE-2023-28487))<br>- VMware: open-vm-tools ([CVE-2023-20867](https://nvd.nist.gov/vuln/detail/CVE-2023-20867))<br> <br>#### Bug fixes:<br> <br>- Resolved the conflicting FD usage of libselinux and systemd which caused, e.g., a systemd crash on certain watchdog interaction during shutdown (patch in systemd 252.11)<br> <br>#### Changes:<br> <br>- Added TLS Kernel module ([scripts#865](https://github.com/flatcar/scripts/pull/865))<br>- Added support for multipart MIME userdata in coreos-cloudinit. Ignition now detects multipart userdata and delegates execution to coreos-cloudinit. ([scripts#873](https://github.com/flatcar/scripts/pull/873))<br>- Enabled the virtio GPU driver ([scripts#830](https://github.com/flatcar/scripts/pull/830))<br>- Migrate to Type=notify in containerd.service. Changed the unit to Type=notify, utilizing the existing containerd support for sd_notify call after socket setup. ([scripts#866](https://github.com/flatcar/scripts/pull/866))<br>- Migrated the NVIDIA installer from the Azure/AWS OEM partition to `/usr` to make it available on all platforms ([scripts#932](https://github.com/flatcar/scripts/pull/932/), [Flatcar#1077](https://github.com/flatcar/Flatcar/issues/1077))<br>- Azure and QEMU OEM images now use systemd-sysext images for layering additional platform-specific software on top of `/usr`. For Azure images this also means that the image has a normal Python installation available through the sysext image. The OEM software is still not updated but this will be added soon.<br>- Moved a mountpoint of the OEM partition from `/usr/share/oem` to `/oem`. `/usr/share/oem` became a symlink to `/oem` for backward compatibility. Despite the move, the initrd images providing files through `/usr/share/oem` should keep using `/usr/share/oem`. The move was done to enable activating the OEM sysext images that are placed in the OEM partition.<br> <br>#### Updates:<br> <br>- Linux ([6.1.34](https://lwn.net/Articles/934623) (includes [6.1.33](https://lwn.net/Articles/934319), [6.1.32](https://lwn.net/Articles/933908), [6.1.31](https://lwn.net/Articles/933281)))<br>- Go ([1.20.5](https://go.dev/doc/devel/release#go1.20.5))<br>- c-ares ([1.19.1](https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1))<br>- ca-certificates ([3.90](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_90.html))<br>- coreutils ([9.1](https://git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?h=v9.1))<br>- debianutils ([5.7](https://metadata.ftp-master.debian.org/changelogs//main/d/debianutils/debianutils_5.7-0.4_changelog))<br>- ethtool ([6.2](https://git.kernel.org/pub/scm/network/ethtool/ethtool.git/tree/NEWS?h=v6.2))<br>- grep ([3.8](http://savannah.gnu.org/forum/forum.php?forum_id=10227))<br>- hwdata ([0.367](https://github.com/vcrhonek/hwdata/releases/tag/v0.367))<br>- iproute ([6.2](https://lwn.net/Articles/923952/))<br>- kbd ([2.5.1](https://github.com/legionus/kbd/releases/tag/v2.5.1))<br>- kexec-tools ([2.0.24](https://github.com/horms/kexec-tools/releases/tag/v2.0.24))<br>- kmod ([30](https://lwn.net/Articles/899526/))<br>- less ([632](http://www.greenwoodsoftware.com/less/news.632.html))<br>- nvme-cli ([2.3](https://github.com/linux-nvme/nvme-cli/releases/tag/v2.3))<br>- pciutils ([3.9.0](https://github.com/pciutils/pciutils/releases/tag/v3.9.0))<br>- sed ([4.9](https://lists.gnu.org/archive/html/info-gnu/2022-11/msg00001.html))<br>- smartmontools ([7.3](https://github.com/smartmontools/smartmontools/releases/tag/RELEASE_7_3))<br>- strace ([6.2](https://github.com/strace/strace/releases/tag/v6.2))<br>- sudo ([1.9.13p3](https://www.sudo.ws/releases/stable/#1.9.13p3))<br>- systemd ([252.11](https://github.com/systemd/systemd-stable/releases/tag/v252.11) (from 252.5))<br>- usbutils ([015](https://github.com/gregkh/usbutils/blob/79b796f945ea7d5c2b0e2a74f9b8819cb7948680/NEWS))<br>- util-linux ([2.38.1](https://github.com/util-linux/util-linux/releases/tag/v2.38.1))<br>- SDK: Rust ([1.70.0](https://github.com/rust-lang/rust/releases/tag/1.70.0))<br>- SDK: man-db ([2.11.2](https://gitlab.com/man-db/man-db/-/tags/2.11.2))<br>- SDK: man-pages ([6.03](https://lore.kernel.org/lkml/d56662b2-538c-7252-9052-8afbf325f843@gmail.com/T/))<br>- VMware: open-vm-tools ([12.2.5](https://github.com/vmware/open-vm-tools/releases/tag/stable-12.2.5))<br><br>Packages:<br>- containerd 1.6.21<br>- docker 20.10.24<br>- ignition 2.15.0<br>- kernel 6.1.34<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-06-21T12:17:26+00:00 @@ -2398,7 +2422,7 @@ https://github.com/flatcar/scripts/releases/tag/alpha-3619.0.0 3619.0.0 - 2023-10-25T10:20:43.007858+00:00 + 2023-11-22T09:59:32.879779+00:00 *NOTE*: this release has an issue with Equinix Metal arm64. Specific instances like c3.large.arm64 (Ampere Altra systems) do not boot with Kernel 6.1, due to soft lockup. In case of the systems, please stay with the previous version 3602.0.0 with Kernel 5.15. No other cloud provider is affected by the issue. The amd64 systems are also not affected.<br><br>_Changes since **Alpha 3602.0.0**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2020-36516](https://nvd.nist.gov/vuln/detail/CVE-2020-36516), [CVE-2021-26401](https://nvd.nist.gov/vuln/detail/CVE-2021-26401), [CVE-2021-33135](https://nvd.nist.gov/vuln/detail/CVE-2021-33135), [CVE-2021-33655](https://nvd.nist.gov/vuln/detail/CVE-2021-33655), [CVE-2021-3923](https://nvd.nist.gov/vuln/detail/CVE-2021-3923), [CVE-2021-4155](https://nvd.nist.gov/vuln/detail/CVE-2021-4155), [CVE-2021-4197](https://nvd.nist.gov/vuln/detail/CVE-2021-4197), [CVE-2021-43976](https://nvd.nist.gov/vuln/detail/CVE-2021-43976), [CVE-2021-44879](https://nvd.nist.gov/vuln/detail/CVE-2021-44879), [CVE-2021-45469](https://nvd.nist.gov/vuln/detail/CVE-2021-45469), [CVE-2022-0001](https://nvd.nist.gov/vuln/detail/CVE-2022-0001), [CVE-2022-0002](https://nvd.nist.gov/vuln/detail/CVE-2022-0002), [CVE-2022-0168](https://nvd.nist.gov/vuln/detail/CVE-2022-0168), [CVE-2022-0185](https://nvd.nist.gov/vuln/detail/CVE-2022-0185), [CVE-2022-0330](https://nvd.nist.gov/vuln/detail/CVE-2022-0330), [CVE-2022-0382](https://nvd.nist.gov/vuln/detail/CVE-2022-0382), [CVE-2022-0433](https://nvd.nist.gov/vuln/detail/CVE-2022-0433), [CVE-2022-0435](https://nvd.nist.gov/vuln/detail/CVE-2022-0435), [CVE-2022-0487](https://nvd.nist.gov/vuln/detail/CVE-2022-0487), [CVE-2022-0492](https://nvd.nist.gov/vuln/detail/CVE-2022-0492), [CVE-2022-0494](https://nvd.nist.gov/vuln/detail/CVE-2022-0494), [CVE-2022-0500](https://nvd.nist.gov/vuln/detail/CVE-2022-0500), [CVE-2022-0516](https://nvd.nist.gov/vuln/detail/CVE-2022-0516), [CVE-2022-0617](https://nvd.nist.gov/vuln/detail/CVE-2022-0617), [CVE-2022-0742](https://nvd.nist.gov/vuln/detail/CVE-2022-0742), [CVE-2022-0847](https://nvd.nist.gov/vuln/detail/CVE-2022-0847), [CVE-2022-0995](https://nvd.nist.gov/vuln/detail/CVE-2022-0995), [CVE-2022-1011](https://nvd.nist.gov/vuln/detail/CVE-2022-1011), [CVE-2022-1012](https://nvd.nist.gov/vuln/detail/CVE-2022-1012), [CVE-2022-1015](https://nvd.nist.gov/vuln/detail/CVE-2022-1015), [CVE-2022-1016](https://nvd.nist.gov/vuln/detail/CVE-2022-1016), [CVE-2022-1048](https://nvd.nist.gov/vuln/detail/CVE-2022-1048), [CVE-2022-1055](https://nvd.nist.gov/vuln/detail/CVE-2022-1055), [CVE-2022-1158](https://nvd.nist.gov/vuln/detail/CVE-2022-1158), [CVE-2022-1184](https://nvd.nist.gov/vuln/detail/CVE-2022-1184), [CVE-2022-1198](https://nvd.nist.gov/vuln/detail/CVE-2022-1198), [CVE-2022-1199](https://nvd.nist.gov/vuln/detail/CVE-2022-1199), [CVE-2022-1204](https://nvd.nist.gov/vuln/detail/CVE-2022-1204), [CVE-2022-1205](https://nvd.nist.gov/vuln/detail/CVE-2022-1205), [CVE-2022-1263](https://nvd.nist.gov/vuln/detail/CVE-2022-1263), [CVE-2022-1353](https://nvd.nist.gov/vuln/detail/CVE-2022-1353), [CVE-2022-1462](https://nvd.nist.gov/vuln/detail/CVE-2022-1462), [CVE-2022-1516](https://nvd.nist.gov/vuln/detail/CVE-2022-1516), [CVE-2022-1651](https://nvd.nist.gov/vuln/detail/CVE-2022-1651), [CVE-2022-1652](https://nvd.nist.gov/vuln/detail/CVE-2022-1652), [CVE-2022-1671](https://nvd.nist.gov/vuln/detail/CVE-2022-1671), [CVE-2022-1679](https://nvd.nist.gov/vuln/detail/CVE-2022-1679), [CVE-2022-1729](https://nvd.nist.gov/vuln/detail/CVE-2022-1729), [CVE-2022-1734](https://nvd.nist.gov/vuln/detail/CVE-2022-1734), [CVE-2022-1789](https://nvd.nist.gov/vuln/detail/CVE-2022-1789), [CVE-2022-1852](https://nvd.nist.gov/vuln/detail/CVE-2022-1852), [CVE-2022-1882](https://nvd.nist.gov/vuln/detail/CVE-2022-1882), [CVE-2022-1943](https://nvd.nist.gov/vuln/detail/CVE-2022-1943), [CVE-2022-1973](https://nvd.nist.gov/vuln/detail/CVE-2022-1973), [CVE-2022-1974](https://nvd.nist.gov/vuln/detail/CVE-2022-1974), [CVE-2022-1975](https://nvd.nist.gov/vuln/detail/CVE-2022-1975), [CVE-2022-1976](https://nvd.nist.gov/vuln/detail/CVE-2022-1976), [CVE-2022-1998](https://nvd.nist.gov/vuln/detail/CVE-2022-1998), [CVE-2022-20008](https://nvd.nist.gov/vuln/detail/CVE-2022-20008), [CVE-2022-20158](https://nvd.nist.gov/vuln/detail/CVE-2022-20158), [CVE-2022-20368](https://nvd.nist.gov/vuln/detail/CVE-2022-20368), [CVE-2022-20369](https://nvd.nist.gov/vuln/detail/CVE-2022-20369), [CVE-2022-20421](https://nvd.nist.gov/vuln/detail/CVE-2022-20421), [CVE-2022-20422](https://nvd.nist.gov/vuln/detail/CVE-2022-20422), [CVE-2022-20423](https://nvd.nist.gov/vuln/detail/CVE-2022-20423), [CVE-2022-20566](https://nvd.nist.gov/vuln/detail/CVE-2022-20566), [CVE-2022-20572](https://nvd.nist.gov/vuln/detail/CVE-2022-20572), [CVE-2022-2078](https://nvd.nist.gov/vuln/detail/CVE-2022-2078), [CVE-2022-21123](https://nvd.nist.gov/vuln/detail/CVE-2022-21123), [CVE-2022-21125](https://nvd.nist.gov/vuln/detail/CVE-2022-21125), [CVE-2022-21166](https://nvd.nist.gov/vuln/detail/CVE-2022-21166), [CVE-2022-21499](https://nvd.nist.gov/vuln/detail/CVE-2022-21499), [CVE-2022-21505](https://nvd.nist.gov/vuln/detail/CVE-2022-21505), [CVE-2022-2153](https://nvd.nist.gov/vuln/detail/CVE-2022-2153), [CVE-2022-2196](https://nvd.nist.gov/vuln/detail/CVE-2022-2196), [CVE-2022-22942](https://nvd.nist.gov/vuln/detail/CVE-2022-22942), [CVE-2022-23036](https://nvd.nist.gov/vuln/detail/CVE-2022-23036), [CVE-2022-23037](https://nvd.nist.gov/vuln/detail/CVE-2022-23037), [CVE-2022-23038](https://nvd.nist.gov/vuln/detail/CVE-2022-23038), [CVE-2022-23039](https://nvd.nist.gov/vuln/detail/CVE-2022-23039), [CVE-2022-23040](https://nvd.nist.gov/vuln/detail/CVE-2022-23040), [CVE-2022-23041](https://nvd.nist.gov/vuln/detail/CVE-2022-23041), [CVE-2022-23042](https://nvd.nist.gov/vuln/detail/CVE-2022-23042), [CVE-2022-2308](https://nvd.nist.gov/vuln/detail/CVE-2022-2308), [CVE-2022-2318](https://nvd.nist.gov/vuln/detail/CVE-2022-2318), [CVE-2022-23222](https://nvd.nist.gov/vuln/detail/CVE-2022-23222), [CVE-2022-2380](https://nvd.nist.gov/vuln/detail/CVE-2022-2380), [CVE-2022-23960](https://nvd.nist.gov/vuln/detail/CVE-2022-23960), [CVE-2022-24448](https://nvd.nist.gov/vuln/detail/CVE-2022-24448), [CVE-2022-24958](https://nvd.nist.gov/vuln/detail/CVE-2022-24958), [CVE-2022-24959](https://nvd.nist.gov/vuln/detail/CVE-2022-24959), [CVE-2022-2503](https://nvd.nist.gov/vuln/detail/CVE-2022-2503), [CVE-2022-25258](https://nvd.nist.gov/vuln/detail/CVE-2022-25258), [CVE-2022-25375](https://nvd.nist.gov/vuln/detail/CVE-2022-25375), [CVE-2022-25636](https://nvd.nist.gov/vuln/detail/CVE-2022-25636), [CVE-2022-2585](https://nvd.nist.gov/vuln/detail/CVE-2022-2585), [CVE-2022-2586](https://nvd.nist.gov/vuln/detail/CVE-2022-2586), [CVE-2022-2588](https://nvd.nist.gov/vuln/detail/CVE-2022-2588), [CVE-2022-2590](https://nvd.nist.gov/vuln/detail/CVE-2022-2590), [CVE-2022-2602](https://nvd.nist.gov/vuln/detail/CVE-2022-2602), [CVE-2022-26365](https://nvd.nist.gov/vuln/detail/CVE-2022-26365), [CVE-2022-26373](https://nvd.nist.gov/vuln/detail/CVE-2022-26373), [CVE-2022-2639](https://nvd.nist.gov/vuln/detail/CVE-2022-2639), [CVE-2022-26490](https://nvd.nist.gov/vuln/detail/CVE-2022-26490), [CVE-2022-2663](https://nvd.nist.gov/vuln/detail/CVE-2022-2663), [CVE-2022-26966](https://nvd.nist.gov/vuln/detail/CVE-2022-26966), [CVE-2022-27223](https://nvd.nist.gov/vuln/detail/CVE-2022-27223), [CVE-2022-27666](https://nvd.nist.gov/vuln/detail/CVE-2022-27666), [CVE-2022-27672](https://nvd.nist.gov/vuln/detail/CVE-2022-27672), [CVE-2022-2785](https://nvd.nist.gov/vuln/detail/CVE-2022-2785), [CVE-2022-27950](https://nvd.nist.gov/vuln/detail/CVE-2022-27950), [CVE-2022-28356](https://nvd.nist.gov/vuln/detail/CVE-2022-28356), [CVE-2022-28388](https://nvd.nist.gov/vuln/detail/CVE-2022-28388), [CVE-2022-28389](https://nvd.nist.gov/vuln/detail/CVE-2022-28389), [CVE-2022-28390](https://nvd.nist.gov/vuln/detail/CVE-2022-28390), [CVE-2022-2873](https://nvd.nist.gov/vuln/detail/CVE-2022-2873), [CVE-2022-28796](https://nvd.nist.gov/vuln/detail/CVE-2022-28796), [CVE-2022-28893](https://nvd.nist.gov/vuln/detail/CVE-2022-28893), [CVE-2022-2905](https://nvd.nist.gov/vuln/detail/CVE-2022-2905), [CVE-2022-29156](https://nvd.nist.gov/vuln/detail/CVE-2022-29156), [CVE-2022-2938](https://nvd.nist.gov/vuln/detail/CVE-2022-2938), [CVE-2022-29581](https://nvd.nist.gov/vuln/detail/CVE-2022-29581), [CVE-2022-29582](https://nvd.nist.gov/vuln/detail/CVE-2022-29582), [CVE-2022-2959](https://nvd.nist.gov/vuln/detail/CVE-2022-2959), [CVE-2022-2964](https://nvd.nist.gov/vuln/detail/CVE-2022-2964), [CVE-2022-2977](https://nvd.nist.gov/vuln/detail/CVE-2022-2977), [CVE-2022-2978](https://nvd.nist.gov/vuln/detail/CVE-2022-2978), [CVE-2022-29900](https://nvd.nist.gov/vuln/detail/CVE-2022-29900), [CVE-2022-29901](https://nvd.nist.gov/vuln/detail/CVE-2022-29901), [CVE-2022-29968](https://nvd.nist.gov/vuln/detail/CVE-2022-29968), [CVE-2022-3028](https://nvd.nist.gov/vuln/detail/CVE-2022-3028), [CVE-2022-30594](https://nvd.nist.gov/vuln/detail/CVE-2022-30594), [CVE-2022-3077](https://nvd.nist.gov/vuln/detail/CVE-2022-3077), [CVE-2022-3078](https://nvd.nist.gov/vuln/detail/CVE-2022-3078), [CVE-2022-3104](https://nvd.nist.gov/vuln/detail/CVE-2022-3104), [CVE-2022-3105](https://nvd.nist.gov/vuln/detail/CVE-2022-3105), [CVE-2022-3107](https://nvd.nist.gov/vuln/detail/CVE-2022-3107), [CVE-2022-3108](https://nvd.nist.gov/vuln/detail/CVE-2022-3108), [CVE-2022-3110](https://nvd.nist.gov/vuln/detail/CVE-2022-3110), [CVE-2022-3111](https://nvd.nist.gov/vuln/detail/CVE-2022-3111), [CVE-2022-3112](https://nvd.nist.gov/vuln/detail/CVE-2022-3112), [CVE-2022-3113](https://nvd.nist.gov/vuln/detail/CVE-2022-3113), [CVE-2022-3115](https://nvd.nist.gov/vuln/detail/CVE-2022-3115), [CVE-2022-3169](https://nvd.nist.gov/vuln/detail/CVE-2022-3169), [CVE-2022-3202](https://nvd.nist.gov/vuln/detail/CVE-2022-3202), [CVE-2022-32250](https://nvd.nist.gov/vuln/detail/CVE-2022-32250), [CVE-2022-32296](https://nvd.nist.gov/vuln/detail/CVE-2022-32296), [CVE-2022-3239](https://nvd.nist.gov/vuln/detail/CVE-2022-3239), [CVE-2022-32981](https://nvd.nist.gov/vuln/detail/CVE-2022-32981), [CVE-2022-3303](https://nvd.nist.gov/vuln/detail/CVE-2022-3303), [CVE-2022-3344](https://nvd.nist.gov/vuln/detail/CVE-2022-3344), [CVE-2022-33740](https://nvd.nist.gov/vuln/detail/CVE-2022-33740), [CVE-2022-33741](https://nvd.nist.gov/vuln/detail/CVE-2022-33741), [CVE-2022-33742](https://nvd.nist.gov/vuln/detail/CVE-2022-33742), [CVE-2022-33743](https://nvd.nist.gov/vuln/detail/CVE-2022-33743), [CVE-2022-33744](https://nvd.nist.gov/vuln/detail/CVE-2022-33744), [CVE-2022-33981](https://nvd.nist.gov/vuln/detail/CVE-2022-33981), [CVE-2022-3424](https://nvd.nist.gov/vuln/detail/CVE-2022-3424), [CVE-2022-3435](https://nvd.nist.gov/vuln/detail/CVE-2022-3435), [CVE-2022-34494](https://nvd.nist.gov/vuln/detail/CVE-2022-34494), [CVE-2022-34495](https://nvd.nist.gov/vuln/detail/CVE-2022-34495), [CVE-2022-34918](https://nvd.nist.gov/vuln/detail/CVE-2022-34918), [CVE-2022-3521](https://nvd.nist.gov/vuln/detail/CVE-2022-3521), [CVE-2022-3524](https://nvd.nist.gov/vuln/detail/CVE-2022-3524), [CVE-2022-3526](https://nvd.nist.gov/vuln/detail/CVE-2022-3526), [CVE-2022-3534](https://nvd.nist.gov/vuln/detail/CVE-2022-3534), [CVE-2022-3541](https://nvd.nist.gov/vuln/detail/CVE-2022-3541), [CVE-2022-3543](https://nvd.nist.gov/vuln/detail/CVE-2022-3543), [CVE-2022-3564](https://nvd.nist.gov/vuln/detail/CVE-2022-3564), [CVE-2022-3565](https://nvd.nist.gov/vuln/detail/CVE-2022-3565), [CVE-2022-3577](https://nvd.nist.gov/vuln/detail/CVE-2022-3577), [CVE-2022-3586](https://nvd.nist.gov/vuln/detail/CVE-2022-3586), [CVE-2022-3594](https://nvd.nist.gov/vuln/detail/CVE-2022-3594), [CVE-2022-3595](https://nvd.nist.gov/vuln/detail/CVE-2022-3595), [CVE-2022-36123](https://nvd.nist.gov/vuln/detail/CVE-2022-36123), [CVE-2022-3619](https://nvd.nist.gov/vuln/detail/CVE-2022-3619), [CVE-2022-3621](https://nvd.nist.gov/vuln/detail/CVE-2022-3621), [CVE-2022-3623](https://nvd.nist.gov/vuln/detail/CVE-2022-3623), [CVE-2022-3625](https://nvd.nist.gov/vuln/detail/CVE-2022-3625), [CVE-2022-3628](https://nvd.nist.gov/vuln/detail/CVE-2022-3628), [CVE-2022-36280](https://nvd.nist.gov/vuln/detail/CVE-2022-36280), [CVE-2022-3635](https://nvd.nist.gov/vuln/detail/CVE-2022-3635), [CVE-2022-3640](https://nvd.nist.gov/vuln/detail/CVE-2022-3640), [CVE-2022-3643](https://nvd.nist.gov/vuln/detail/CVE-2022-3643), [CVE-2022-3646](https://nvd.nist.gov/vuln/detail/CVE-2022-3646), [CVE-2022-3649](https://nvd.nist.gov/vuln/detail/CVE-2022-3649), [CVE-2022-36879](https://nvd.nist.gov/vuln/detail/CVE-2022-36879), [CVE-2022-36946](https://nvd.nist.gov/vuln/detail/CVE-2022-36946), [CVE-2022-3707](https://nvd.nist.gov/vuln/detail/CVE-2022-3707), [CVE-2022-38457](https://nvd.nist.gov/vuln/detail/CVE-2022-38457), [CVE-2022-3910](https://nvd.nist.gov/vuln/detail/CVE-2022-3910), [CVE-2022-39189](https://nvd.nist.gov/vuln/detail/CVE-2022-39189), [CVE-2022-39190](https://nvd.nist.gov/vuln/detail/CVE-2022-39190), [CVE-2022-3977](https://nvd.nist.gov/vuln/detail/CVE-2022-3977), [CVE-2022-40133](https://nvd.nist.gov/vuln/detail/CVE-2022-40133), [CVE-2022-40307](https://nvd.nist.gov/vuln/detail/CVE-2022-40307), [CVE-2022-40768](https://nvd.nist.gov/vuln/detail/CVE-2022-40768), [CVE-2022-41218](https://nvd.nist.gov/vuln/detail/CVE-2022-41218), [CVE-2022-4128](https://nvd.nist.gov/vuln/detail/CVE-2022-4128), [CVE-2022-4139](https://nvd.nist.gov/vuln/detail/CVE-2022-4139), [CVE-2022-41674](https://nvd.nist.gov/vuln/detail/CVE-2022-41674), [CVE-2022-41849](https://nvd.nist.gov/vuln/detail/CVE-2022-41849), [CVE-2022-41850](https://nvd.nist.gov/vuln/detail/CVE-2022-41850), [CVE-2022-41858](https://nvd.nist.gov/vuln/detail/CVE-2022-41858), [CVE-2022-42328](https://nvd.nist.gov/vuln/detail/CVE-2022-42328), [CVE-2022-42329](https://nvd.nist.gov/vuln/detail/CVE-2022-42329), [CVE-2022-42432](https://nvd.nist.gov/vuln/detail/CVE-2022-42432), [CVE-2022-4269](https://nvd.nist.gov/vuln/detail/CVE-2022-4269), [CVE-2022-42703](https://nvd.nist.gov/vuln/detail/CVE-2022-42703), [CVE-2022-42719](https://nvd.nist.gov/vuln/detail/CVE-2022-42719), [CVE-2022-42720](https://nvd.nist.gov/vuln/detail/CVE-2022-42720), [CVE-2022-42721](https://nvd.nist.gov/vuln/detail/CVE-2022-42721), [CVE-2022-42722](https://nvd.nist.gov/vuln/detail/CVE-2022-42722), [CVE-2022-42895](https://nvd.nist.gov/vuln/detail/CVE-2022-42895), [CVE-2022-42896](https://nvd.nist.gov/vuln/detail/CVE-2022-42896), [CVE-2022-43750](https://nvd.nist.gov/vuln/detail/CVE-2022-43750), [CVE-2022-4378](https://nvd.nist.gov/vuln/detail/CVE-2022-4378), [CVE-2022-4379](https://nvd.nist.gov/vuln/detail/CVE-2022-4379), [CVE-2022-4382](https://nvd.nist.gov/vuln/detail/CVE-2022-4382), [CVE-2022-43945](https://nvd.nist.gov/vuln/detail/CVE-2022-43945), [CVE-2022-45869](https://nvd.nist.gov/vuln/detail/CVE-2022-45869), [CVE-2022-45934](https://nvd.nist.gov/vuln/detail/CVE-2022-45934), [CVE-2022-47518](https://nvd.nist.gov/vuln/detail/CVE-2022-47518), [CVE-2022-47519](https://nvd.nist.gov/vuln/detail/CVE-2022-47519), [CVE-2022-47520](https://nvd.nist.gov/vuln/detail/CVE-2022-47520), [CVE-2022-47521](https://nvd.nist.gov/vuln/detail/CVE-2022-47521), [CVE-2022-47929](https://nvd.nist.gov/vuln/detail/CVE-2022-47929), [CVE-2022-47938](https://nvd.nist.gov/vuln/detail/CVE-2022-47938), [CVE-2022-47939](https://nvd.nist.gov/vuln/detail/CVE-2022-47939), [CVE-2022-47940](https://nvd.nist.gov/vuln/detail/CVE-2022-47940), [CVE-2022-47941](https://nvd.nist.gov/vuln/detail/CVE-2022-47941), [CVE-2022-47942](https://nvd.nist.gov/vuln/detail/CVE-2022-47942), [CVE-2022-47943](https://nvd.nist.gov/vuln/detail/CVE-2022-47943), [CVE-2022-4842](https://nvd.nist.gov/vuln/detail/CVE-2022-4842), [CVE-2022-48423](https://nvd.nist.gov/vuln/detail/CVE-2022-48423), [CVE-2022-48424](https://nvd.nist.gov/vuln/detail/CVE-2022-48424), [CVE-2022-48425](https://nvd.nist.gov/vuln/detail/CVE-2022-48425), [CVE-2023-0045](https://nvd.nist.gov/vuln/detail/CVE-2023-0045), [CVE-2023-0179](https://nvd.nist.gov/vuln/detail/CVE-2023-0179), [CVE-2023-0210](https://nvd.nist.gov/vuln/detail/CVE-2023-0210), [CVE-2023-0266](https://nvd.nist.gov/vuln/detail/CVE-2023-0266), [CVE-2023-0386](https://nvd.nist.gov/vuln/detail/CVE-2023-0386), [CVE-2023-0394](https://nvd.nist.gov/vuln/detail/CVE-2023-0394), [CVE-2023-0458](https://nvd.nist.gov/vuln/detail/CVE-2023-0458), [CVE-2023-0459](https://nvd.nist.gov/vuln/detail/CVE-2023-0459), [CVE-2023-0461](https://nvd.nist.gov/vuln/detail/CVE-2023-0461), [CVE-2023-0468](https://nvd.nist.gov/vuln/detail/CVE-2023-0468), [CVE-2023-0469](https://nvd.nist.gov/vuln/detail/CVE-2023-0469), [CVE-2023-0590](https://nvd.nist.gov/vuln/detail/CVE-2023-0590), [CVE-2023-1032](https://nvd.nist.gov/vuln/detail/CVE-2023-1032), [CVE-2023-1073](https://nvd.nist.gov/vuln/detail/CVE-2023-1073), [CVE-2023-1074](https://nvd.nist.gov/vuln/detail/CVE-2023-1074), [CVE-2023-1075](https://nvd.nist.gov/vuln/detail/CVE-2023-1075), [CVE-2023-1076](https://nvd.nist.gov/vuln/detail/CVE-2023-1076), [CVE-2023-1077](https://nvd.nist.gov/vuln/detail/CVE-2023-1077), [CVE-2023-1078](https://nvd.nist.gov/vuln/detail/CVE-2023-1078), [CVE-2023-1079](https://nvd.nist.gov/vuln/detail/CVE-2023-1079), [CVE-2023-1095](https://nvd.nist.gov/vuln/detail/CVE-2023-1095), [CVE-2023-1118](https://nvd.nist.gov/vuln/detail/CVE-2023-1118), [CVE-2023-1249](https://nvd.nist.gov/vuln/detail/CVE-2023-1249), [CVE-2023-1281](https://nvd.nist.gov/vuln/detail/CVE-2023-1281), [CVE-2023-1380](https://nvd.nist.gov/vuln/detail/CVE-2023-1380), [CVE-2023-1382](https://nvd.nist.gov/vuln/detail/CVE-2023-1382), [CVE-2023-1513](https://nvd.nist.gov/vuln/detail/CVE-2023-1513), [CVE-2023-1582](https://nvd.nist.gov/vuln/detail/CVE-2023-1582), [CVE-2023-1583](https://nvd.nist.gov/vuln/detail/CVE-2023-1583), [CVE-2023-1611](https://nvd.nist.gov/vuln/detail/CVE-2023-1611), [CVE-2023-1637](https://nvd.nist.gov/vuln/detail/CVE-2023-1637), [CVE-2023-1652](https://nvd.nist.gov/vuln/detail/CVE-2023-1652), [CVE-2023-1670](https://nvd.nist.gov/vuln/detail/CVE-2023-1670), [CVE-2023-1829](https://nvd.nist.gov/vuln/detail/CVE-2023-1829), [CVE-2023-1838](https://nvd.nist.gov/vuln/detail/CVE-2023-1838), [CVE-2023-1855](https://nvd.nist.gov/vuln/detail/CVE-2023-1855), [CVE-2023-1859](https://nvd.nist.gov/vuln/detail/CVE-2023-1859), [CVE-2023-1872](https://nvd.nist.gov/vuln/detail/CVE-2023-1872), [CVE-2023-1989](https://nvd.nist.gov/vuln/detail/CVE-2023-1989), [CVE-2023-1990](https://nvd.nist.gov/vuln/detail/CVE-2023-1990), [CVE-2023-1998](https://nvd.nist.gov/vuln/detail/CVE-2023-1998), [CVE-2023-2002](https://nvd.nist.gov/vuln/detail/CVE-2023-2002), [CVE-2023-2006](https://nvd.nist.gov/vuln/detail/CVE-2023-2006), [CVE-2023-2008](https://nvd.nist.gov/vuln/detail/CVE-2023-2008), [CVE-2023-2019](https://nvd.nist.gov/vuln/detail/CVE-2023-2019), [CVE-2023-20928](https://nvd.nist.gov/vuln/detail/CVE-2023-20928), [CVE-2023-20938](https://nvd.nist.gov/vuln/detail/CVE-2023-20938), [CVE-2023-21102](https://nvd.nist.gov/vuln/detail/CVE-2023-21102), [CVE-2023-21106](https://nvd.nist.gov/vuln/detail/CVE-2023-21106), [CVE-2023-2162](https://nvd.nist.gov/vuln/detail/CVE-2023-2162), [CVE-2023-2166](https://nvd.nist.gov/vuln/detail/CVE-2023-2166), [CVE-2023-2177](https://nvd.nist.gov/vuln/detail/CVE-2023-2177), [CVE-2023-2194](https://nvd.nist.gov/vuln/detail/CVE-2023-2194), [CVE-2023-2235](https://nvd.nist.gov/vuln/detail/CVE-2023-2235), [CVE-2023-2236](https://nvd.nist.gov/vuln/detail/CVE-2023-2236), [CVE-2023-2269](https://nvd.nist.gov/vuln/detail/CVE-2023-2269), [CVE-2023-22996](https://nvd.nist.gov/vuln/detail/CVE-2023-22996), [CVE-2023-22997](https://nvd.nist.gov/vuln/detail/CVE-2023-22997), [CVE-2023-22998](https://nvd.nist.gov/vuln/detail/CVE-2023-22998), [CVE-2023-22999](https://nvd.nist.gov/vuln/detail/CVE-2023-22999), [CVE-2023-23001](https://nvd.nist.gov/vuln/detail/CVE-2023-23001), [CVE-2023-23002](https://nvd.nist.gov/vuln/detail/CVE-2023-23002), [CVE-2023-23454](https://nvd.nist.gov/vuln/detail/CVE-2023-23454), [CVE-2023-23455](https://nvd.nist.gov/vuln/detail/CVE-2023-23455), [CVE-2023-23559](https://nvd.nist.gov/vuln/detail/CVE-2023-23559), [CVE-2023-25012](https://nvd.nist.gov/vuln/detail/CVE-2023-25012), [CVE-2023-2513](https://nvd.nist.gov/vuln/detail/CVE-2023-2513), [CVE-2023-26544](https://nvd.nist.gov/vuln/detail/CVE-2023-26544), [CVE-2023-26545](https://nvd.nist.gov/vuln/detail/CVE-2023-26545), [CVE-2023-26606](https://nvd.nist.gov/vuln/detail/CVE-2023-26606), [CVE-2023-26607](https://nvd.nist.gov/vuln/detail/CVE-2023-26607), [CVE-2023-28327](https://nvd.nist.gov/vuln/detail/CVE-2023-28327), [CVE-2023-28328](https://nvd.nist.gov/vuln/detail/CVE-2023-28328), [CVE-2023-28410](https://nvd.nist.gov/vuln/detail/CVE-2023-28410), [CVE-2023-28466](https://nvd.nist.gov/vuln/detail/CVE-2023-28466), [CVE-2023-28866](https://nvd.nist.gov/vuln/detail/CVE-2023-28866), [CVE-2023-30456](https://nvd.nist.gov/vuln/detail/CVE-2023-30456), [CVE-2023-30772](https://nvd.nist.gov/vuln/detail/CVE-2023-30772), [CVE-2023-31436](https://nvd.nist.gov/vuln/detail/CVE-2023-31436), [CVE-2023-32233](https://nvd.nist.gov/vuln/detail/CVE-2023-32233), [CVE-2023-32250](https://nvd.nist.gov/vuln/detail/CVE-2023-32250), [CVE-2023-32254](https://nvd.nist.gov/vuln/detail/CVE-2023-32254), [CVE-2023-32269](https://nvd.nist.gov/vuln/detail/CVE-2023-32269), [CVE-2023-33203](https://nvd.nist.gov/vuln/detail/CVE-2023-33203), [CVE-2023-33288](https://nvd.nist.gov/vuln/detail/CVE-2023-33288))<br>- curl ([CVE-2023-28319](https://nvd.nist.gov/vuln/detail/CVE-2023-28319), [CVE-2023-28320](https://nvd.nist.gov/vuln/detail/CVE-2023-28320), [CVE-2023-28321](https://nvd.nist.gov/vuln/detail/CVE-2023-28321), [CVE-2023-28322](https://nvd.nist.gov/vuln/detail/CVE-2023-28322))<br>- git ([CVE-2023-25652](https://nvd.nist.gov/vuln/detail/CVE-2023-25652), [CVE-2023-25815](https://nvd.nist.gov/vuln/detail/CVE-2023-25815), [CVE-2023-29007](https://nvd.nist.gov/vuln/detail/CVE-2023-29007))<br>- libcap ([CVE-2023-2602](https://nvd.nist.gov/vuln/detail/CVE-2023-2602), [CVE-2023-2603](https://nvd.nist.gov/vuln/detail/CVE-2023-2603))<br><br>#### Bug fixes:<br><br><br>#### Changes:<br><br><br>#### Updates:<br><br>- Linux ([6.1.30](https://lwn.net/Articles/932882) (includes [6.1.29](https://lwn.net/Articles/932133), [6.1.28](https://lwn.net/Articles/931651), [6.1.27](https://lwn.net/Articles/930597/), [6.1](https://kernelnewbies.org/Linux_6.1)))<br>- Linux Firmware ([20230515](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20230515))<br>- Go ([1.20.4](https://go.dev/doc/devel/release#go1.20.4))<br>- curl ([8.1.0](https://curl.se/changes.html#8_1_0))<br>- git ([2.39.3](https://github.com/git/git/blob/v2.39.3/Documentation/RelNotes/2.39.3.txt))<br>- glib ([2.76.2](https://gitlab.gnome.org/GNOME/glib/-/releases/2.76.2))<br>- gptfdisk ([1.0.9](https://sourceforge.net/p/gptfdisk/code/ci/1d46f3723bc25f5598266f7d9a3548af3cee0c77/tree/NEWS))<br>- inih ([56](https://github.com/benhoyt/inih/releases/tag/r56))<br>- ipset ([7.17](https://git.netfilter.org/ipset/tree/ChangeLog?id=186f9b57c60bb53aae5f6633eff1e9d5e9095c3e))<br>- libbsd ([0.11.7](https://lists.freedesktop.org/archives/libbsd/2022-October/000337.html))<br>- libcap ([2.69](https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.iuvg7sbjg8pe))<br>- libgcrypt ([1.10.1](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=blob;f=NEWS;h=03132c2a115e35783a782c64777cf5f5b1a2825f;hb=ae0e567820c37f9640440b3cff77d7c185aa6742))<br>- libgpg-error ([1.46](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgpg-error.git;a=blob;f=NEWS;h=14b0ba97d6ba2b10b3178f2e4a3e24bfc2355bb3;hb=ea031873aa9642831017937fd33e9009d514ee07))<br>- libnftnl ([1.2.5](https://git.netfilter.org/libnftnl/log/?h=libnftnl-1.2.5))<br>- libpcre (8.45)<br>- libpipeline ([1.5.7](https://gitlab.com/libpipeline/libpipeline/-/tags/1.5.7))<br>- libusb ([1.0.26](https://github.com/libusb/libusb/blob/v1.0.26/ChangeLog))<br>- popt ([1.19](https://github.com/rpm-software-management/popt/releases/tag/popt-1.19-release))<br>- qemu guest agent ([8.0.0](https://wiki.qemu.org/ChangeLog/8.0#Guest_agent))<br>- sed ([4.9](https://lists.gnu.org/archive/html/info-gnu/2022-11/msg00001.html))<br>- userspace-rcu ([0.14.0](https://github.com/urcu/userspace-rcu/blob/v0.13.2/ChangeLog))<br>- zstandard ([1.5.5](https://github.com/facebook/zstd/releases/tag/v1.5.5))<br>- AWS: amazon-ssm-agent ([3.2.985.0](https://github.com/aws/amazon-ssm-agent/releases/tag/3.2.985.0))<br>- SDK: python ([3.10.11](https://www.python.org/downloads/release/python-31011/))<br><br>Packages:<br>- containerd 1.6.21<br>- docker 20.10.24<br>- ignition 2.15.0<br>- kernel 6.1.30<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-06-01T11:53:20+00:00 @@ -2406,7 +2430,7 @@ https://github.com/flatcar/scripts/releases/tag/alpha-3602.0.0 3602.0.0 - 2023-10-25T10:20:42.989943+00:00 + 2023-11-22T09:59:32.861578+00:00 _Changes since **Alpha 3572.0.1**_<br> <br> #### Security fixes:<br> <br>- Linux ([CVE-2023-1380](https://nvd.nist.gov/vuln/detail/CVE-2023-1380), [CVE-2023-2002](https://nvd.nist.gov/vuln/detail/CVE-2023-2002), [CVE-2023-31436](https://nvd.nist.gov/vuln/detail/CVE-2023-31436))<br>- Go ([CVE-2023-24539](https://nvd.nist.gov/vuln/detail/CVE-2023-24539), [CVE-2023-24540](https://nvd.nist.gov/vuln/detail/CVE-2023-24540), [CVE-2023-29400](https://nvd.nist.gov/vuln/detail/CVE-2023-29400))<br>- OpenSSH ([CVE-2023-28531](https://nvd.nist.gov/vuln/detail/CVE-2023-28531))<br>- OpenSSL ([CVE-2023-0464](https://nvd.nist.gov/vuln/detail/CVE-2023-0464), [CVE-2023-0465](https://nvd.nist.gov/vuln/detail/CVE-2023-0465), [CVE-2023-0466](https://nvd.nist.gov/vuln/detail/CVE-2023-0466), [CVE-2023-1255](https://nvd.nist.gov/vuln/detail/CVE-2023-1255))<br>- bash ([CVE-2022-3715](https://nvd.nist.gov/vuln/detail/CVE-2022-3715))<br>- c-ares ([CVE-2022-4904](https://nvd.nist.gov/vuln/detail/CVE-2022-4904))<br>- curl ([CVE-2023-27533](https://nvd.nist.gov/vuln/detail/CVE-2023-27533), [CVE-2023-27534](https://nvd.nist.gov/vuln/detail/CVE-2023-27534), [CVE-2023-27535](https://nvd.nist.gov/vuln/detail/CVE-2023-27535), [CVE-2023-27536](https://nvd.nist.gov/vuln/detail/CVE-2023-27536), [CVE-2023-27537](https://nvd.nist.gov/vuln/detail/CVE-2023-27537), [CVE-2023-27538](https://nvd.nist.gov/vuln/detail/CVE-2023-27538))<br>- libxml2 ([CVE-2023-28484](https://nvd.nist.gov/vuln/detail/CVE-2023-28484), [CVE-2023-29469](https://nvd.nist.gov/vuln/detail/CVE-2023-29469))<br> <br>#### Bug fixes:<br> <br>- Fixed a miscompilation of getfacl causing it to dump core when executed ([scripts#809](https://github.com/flatcar/scripts/pull/809))<br>- Restored the reboot warning and delay for non-SSH console sessions ([locksmith#21](https://github.com/flatcar/locksmith/pull/21))<br> <br>#### Changes:<br> <br>- Changed coreos-cloudinit to now set the short hostname instead of the FQDN when fetched from the metadata service ([coreos-cloudinit#19](https://github.com/flatcar/coreos-cloudinit/pull/19))<br> <br>#### Updates:<br><br>- Linux ([5.15.111](https://lwn.net/Articles/931680) (includes [5.15.110](https://lwn.net/Articles/930600), [5.15.109](https://lwn.net/Articles/930263)))<br>- bash ([5.2](https://lists.gnu.org/archive/html/bash-announce/2022-09/msg00000.html))<br>- bpftool ([6.2.1](https://kernelnewbies.org/LinuxChanges#Linux_6.2.Tracing.2C_perf_and_BPF))<br>- c-ares ([1.19.0](https://c-ares.org/changelog.html#1_19_0))<br>- ca-certificates ([3.89.1](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_89_1.html))<br>- containerd ([1.6.21](https://github.com/containerd/containerd/releases/tag/v1.6.21))<br>- curl ([8.0.1](https://curl.se/changes.html#8_0_1))<br>- e2fsprogs ([1.47.0](https://e2fsprogs.sourceforge.net/e2fsprogs-release.html##1.47.0))<br>- gdb ([13.1.90](https://lwn.net/Articles/923819/))<br>- glib ([2.74.6](https://gitlab.gnome.org/GNOME/glib/-/tags/2.74.6))<br>- go ([1.19.9](https://go.dev/doc/devel/release#go1.19.9))<br>- libarchive ([3.6.2](https://github.com/libarchive/libarchive/releases/tag/v3.6.2))<br>- libxml2 ([2.10.4](https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.4))<br>- multipath-tools ([0.9.4](https://github.com/opensvc/multipath-tools/commits/0.9.4))<br>- openSSH ([9.3](http://www.openssh.com/releasenotes.html#9.3))<br>- pinentry ([1.2.1](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=pinentry.git;a=blob;f=NEWS;h=c080b34e57d01a6ccca9d2996d7096c42b1a3f84;hb=8ab1682e80a2b4185ee9ef66cbb44340245966fc))<br>- readline ([8.2](https://lists.gnu.org/archive/html/info-gnu/2022-09/msg00013.html))<br>- runc ([1.1.7](https://github.com/opencontainers/runc/releases/tag/v1.1.7))<br>- sqlite ([3.41.2](https://sqlite.org/releaselog/3_41_2.html))<br>- xz-utils ([5.4.2](https://github.com/tukaani-project/xz/releases/tag/v5.4.2))<br>- SDK: nano ([7.2](https://git.savannah.gnu.org/cgit/nano.git/tree/NEWS?h=v7.2))<br><br>Packages:<br>- containerd 1.6.21<br>- docker 20.10.24<br>- ignition 2.15.0<br>- kernel 5.15.111<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-05-16T10:18:44+00:00 @@ -2414,7 +2438,7 @@ https://github.com/flatcar/scripts/releases/tag/alpha-3572.0.1 3572.0.1 - 2023-10-25T10:20:42.983149+00:00 + 2023-11-22T09:59:32.854438+00:00 _Changes since **Alpha 3572.0.0**_<br><br>#### Security fixes:<br><br>- nvidia-drivers ([CVE-2022-31607](https://nvd.nist.gov/vuln/detail/CVE-2022-31607), [CVE-2022-31608](https://nvd.nist.gov/vuln/detail/CVE-2022-31608), [CVE-2022-31615](https://nvd.nist.gov/vuln/detail/CVE-2022-31615), [CVE-2022-34665](https://nvd.nist.gov/vuln/detail/CVE-2022-34665), [CVE-2022-34666](https://nvd.nist.gov/vuln/detail/CVE-2022-34666), [CVE-2022-34670](https://nvd.nist.gov/vuln/detail/CVE-2022-34670), [CVE-2022-34673](https://nvd.nist.gov/vuln/detail/CVE-2022-34673), [CVE-2022-34674](https://nvd.nist.gov/vuln/detail/CVE-2022-34674), [CVE-2022-34676](https://nvd.nist.gov/vuln/detail/CVE-2022-34676), [CVE-2022-34677](https://nvd.nist.gov/vuln/detail/CVE-2022-34677), [CVE-2022-34678](https://nvd.nist.gov/vuln/detail/CVE-2022-34678), [CVE-2022-34679](https://nvd.nist.gov/vuln/detail/CVE-2022-34679), [CVE-2022-34680](https://nvd.nist.gov/vuln/detail/CVE-2022-34680), [CVE-2022-34682](https://nvd.nist.gov/vuln/detail/CVE-2022-34682), [CVE-2022-34684](https://nvd.nist.gov/vuln/detail/CVE-2022-34684), [CVE-2022-42254](https://nvd.nist.gov/vuln/detail/CVE-2022-42254), [CVE-2022-42255](https://nvd.nist.gov/vuln/detail/CVE-2022-42255), [CVE-2022-42256](https://nvd.nist.gov/vuln/detail/CVE-2022-42256), [CVE-2022-42257](https://nvd.nist.gov/vuln/detail/CVE-2022-42257), [CVE-2022-42258](https://nvd.nist.gov/vuln/detail/CVE-2022-42258), [CVE-2022-42259](https://nvd.nist.gov/vuln/detail/CVE-2022-42259), [CVE-2022-42260](https://nvd.nist.gov/vuln/detail/CVE-2022-42260), [CVE-2022-42261](https://nvd.nist.gov/vuln/detail/CVE-2022-42261), [CVE-2022-42263](https://nvd.nist.gov/vuln/detail/CVE-2022-42263), [CVE-2022-42264](https://nvd.nist.gov/vuln/detail/CVE-2022-42264), [CVE-2022-42265](https://nvd.nist.gov/vuln/detail/CVE-2022-42265))<br><br>#### Bug fixes:<br>- Fixed the broken emerge-gitclone in the dev-container owing to the missing migration action around the unification of the Flatcar core repositories<br><br>#### Changes:<br>- The package upgrade for nvidia-drivers might result in not supporting a few of the older NVIDIA Tesla GPUs. If you are facing issues, set `NVIDIA_DRIVER_VERSION=460.106.00` in `/etc/flatcar/nvidia-metadata`<br><br>#### Updates:<br><br>- Linux ([5.15.108](https://lwn.net/Articles/929679/) (includes [5.15.107](https://lwn.net/Articles/929015/)))<br>- nvidia-drivers ([525.105.17](https://docs.nvidia.com/datacenter/tesla/tesla-release-notes-525-105-17/index.html))<br><br>Packages:<br>- containerd 1.6.20<br>- docker 20.10.24<br>- ignition 2.15.0<br>- kernel 5.15.108<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-04-25T13:37:07+00:00 @@ -2422,7 +2446,7 @@ https://github.com/flatcar/scripts/releases/tag/alpha-3572.0.0 3572.0.0 - 2023-10-25T10:20:42.977294+00:00 + 2023-11-22T09:59:32.847386+00:00 _Changes since **Alpha 3549.0.0**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-4269](https://nvd.nist.gov/vuln/detail/CVE-2022-4269), [CVE-2022-4379](https://nvd.nist.gov/vuln/detail/CVE-2022-4379), [CVE-2023-1611](https://nvd.nist.gov/vuln/detail/CVE-2023-1611), [CVE-2023-1670](https://nvd.nist.gov/vuln/detail/CVE-2023-1670), [CVE-2023-1855](https://nvd.nist.gov/vuln/detail/CVE-2023-1855), [CVE-2023-1989](https://nvd.nist.gov/vuln/detail/CVE-2023-1989), [CVE-2023-1990](https://nvd.nist.gov/vuln/detail/CVE-2023-1990), [CVE-2023-28466](https://nvd.nist.gov/vuln/detail/CVE-2023-28466), [CVE-2023-30456](https://nvd.nist.gov/vuln/detail/CVE-2023-30456), [CVE-2023-30772](https://nvd.nist.gov/vuln/detail/CVE-2023-30772))<br>- Docker ([CVE-2023-28840](https://nvd.nist.gov/vuln/detail/CVE-2023-28840), [CVE-2023-28841](https://nvd.nist.gov/vuln/detail/CVE-2023-28841), [CVE-2023-28842](https://nvd.nist.gov/vuln/detail/CVE-2023-28842))<br>- Go ([CVE-2023-24534](https://nvd.nist.gov/vuln/detail/CVE-2023-24534), [CVE-2023-24536](https://nvd.nist.gov/vuln/detail/CVE-2023-24536), [CVE-2023-24537](https://nvd.nist.gov/vuln/detail/CVE-2023-24537), [CVE-2023-24538](https://nvd.nist.gov/vuln/detail/CVE-2023-24538))<br>- runc ([CVE-2023-25809](https://nvd.nist.gov/vuln/detail/CVE-2023-25809), [CVE-2023-27561](https://nvd.nist.gov/vuln/detail/CVE-2023-27561), [CVE-2023-28642](https://nvd.nist.gov/vuln/detail/CVE-2023-28642))<br>- tar ([CVE-2022-48303](https://nvd.nist.gov/vuln/detail/CVE-2022-48303))<br>- vim ([CVE-2023-1127](https://nvd.nist.gov/vuln/detail/CVE-2023-1127), [CVE-2023-1175](https://nvd.nist.gov/vuln/detail/CVE-2023-1175), [CVE-2023-1170](https://nvd.nist.gov/vuln/detail/CVE-2023-1170))<br><br>#### Bug fixes:<br><br>- Ensured that `/var/log/journal/` is created early enough for systemd-journald to persist the logs on first boot ([bootengine#60](https://github.com/flatcar/bootengine/pull/60), [baselayout#29](https://github.com/flatcar/baselayout/pull/29))<br>- Fixed `journalctl --user` permission issue ([Flatcar#989](https://github.com/flatcar/Flatcar/issues/989))<br><br>#### Changes:<br><br>- Improved the OS reset tool to offer preview, backup and restore ([init#94](https://github.com/flatcar/init/pull/94))<br><br>#### Updates:<br><br>- Linux ([5.15.106](https://lwn.net/Articles/928343) (includes [5.15.105](https://lwn.net/Articles/927860), [5.15.104](https://lwn.net/Articles/926873)))<br>- Linux Firmware ([20230404](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20230404))<br>- containerd ([1.6.20](https://github.com/containerd/containerd/releases/tag/v1.6.20))<br>- Docker ([20.10.24](https://docs.docker.com/engine/release-notes/20.10/#201024))<br>- Go ([1.19.8](https://go.dev/doc/devel/release#go1.19.8))<br>- iperf ([3.13](https://github.com/esnet/iperf/blob/3.13/RELNOTES.md))<br>- runc ([1.1.5](https://github.com/opencontainers/runc/releases/tag/v1.1.5))<br>- vim ([9.0.1403](https://github.com/vim/vim/releases/tag/v9.0.1403))<br>- Zstandard ([1.5.4](https://github.com/facebook/zstd/releases/tag/v1.5.4)) (includes [1.5.3](https://github.com/facebook/zstd/releases/tag/v1.5.3), [1.5.2](https://github.com/facebook/zstd/releases/tag/v1.5.2), [1.5.1](https://github.com/facebook/zstd/releases/tag/v1.5.1) and [1.5.0](https://github.com/facebook/zstd/releases/tag/v1.5.0)))<br>- SDK: pahole ([1.24](https://github.com/acmel/dwarves/releases/tag/v1.24))<br>- SDK: Rust ([1.68.2](https://github.com/rust-lang/rust/releases/tag/1.68.2))<br>Packages:<br>- containerd 1.6.20<br>- docker 20.10.24<br>- ignition 2.15.0<br>- kernel 5.15.106<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-04-17T13:17:26+00:00 @@ -2430,7 +2454,7 @@ https://github.com/flatcar/scripts/releases/tag/alpha-3549.0.0 3549.0.0 - 2023-10-25T10:20:42.970865+00:00 + 2023-11-22T09:59:32.835801+00:00 _Changes since **Alpha 3535.0.0**_<br><br>#### Security fixes:<br><br>- Go ([CVE-2023-24532](https://nvd.nist.gov/vuln/detail/CVE-2023-24532))<br>- GnuTLS ([CVE-2023-0361](https://nvd.nist.gov/vuln/detail/CVE-2023-0361))<br>- curl ([CVE-2023-23914](https://nvd.nist.gov/vuln/detail/CVE-2023-23914), [CVE-2023-23915](https://nvd.nist.gov/vuln/detail/CVE-2023-23915), [CVE-2023-23916](https://nvd.nist.gov/vuln/detail/CVE-2023-23916))<br>- git ([CVE-2023-22490](https://nvd.nist.gov/vuln/detail/CVE-2023-22490), [CVE-2023-23946](https://nvd.nist.gov/vuln/detail/CVE-2023-23946))<br>- pkgconf ([CVE-2023-24056](https://nvd.nist.gov/vuln/detail/CVE-2023-24056))<br>- python ([CVE-2023-24329](https://nvd.nist.gov/vuln/detail/CVE-2023-24329))<br>- vim ([CVE-2023-0288](https://nvd.nist.gov/vuln/detail/CVE-2023-0288), [CVE-2023-0433](https://nvd.nist.gov/vuln/detail/CVE-2023-0433))<br><br>#### Bug fixes:<br><br>- Restored the support to specify OEM partition files in Ignition when `/usr/share/oem` is given as initrd mount point ([bootengine#58](https://github.com/flatcar/bootengine/pull/58))<br><br>#### Changes:<br><br>- Added `pigz` to the image, a parallel gzip implementation, which is useful to speed up the (de)compression for large container image imports/exports ([coreos-overlay#2504](https://github.com/flatcar/coreos-overlay/pull/2504))<br>- Added new image signing pub key to `flatcar-install`, needed for download verification of releases built from July 2023 onwards, if you have copies of `flatcar-install` or the image signing pub key, you need to update them as well ([init#92](https://github.com/flatcar/init/pull/92))<br>- Enabled elfutils support in systemd-coredump. A backtrace will now appear in the journal for any program that dumps core ([coreos-overlay#2489](https://github.com/flatcar/coreos-overlay/pull/2489))<br>- Specifying the OEM filesystem in Ignition to write files to `/usr/share/oem` is not needed anymore ([bootengine#58](https://github.com/flatcar/bootengine/pull/58))<br> <br>#### Updates:<br> <br>- Go ([1.19.7](https://go.dev/doc/devel/release#go1.19.7))<br>- Linux ([5.15.103](https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tag/?h=v5.15.103) (includes [5.15.102](https://lwn.net/Articles/925991), [5.15.101](https://lwn.net/Articles/925939), [5.15.100](https://lwn.net/Articles/925913), [5.15.99](https://lwn.net/Articles/925844)))<br>- Linux Firmware ([20230310](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20230310))<br>- Rust ([1.68.0](https://github.com/rust-lang/rust/releases/tag/1.68.0))<br>- ca-certificates ([3.89](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_89.html))<br>- open-vm-tools ([12.2.0](https://github.com/vmware/open-vm-tools/releases/tag/stable-12.2.0))<br>- GLib ([2.74.5](https://gitlab.gnome.org/GNOME/glib/-/tags/2.74.5))<br>- GnuTLS ([3.8.0](https://gitlab.com/gnutls/gnutls/-/blob/3.8.0/NEWS))<br>- SDK: portage ([3.0.44](https://gitweb.gentoo.org/proj/portage.git/tree/NEWS?h=portage-3.0.44))<br>- SDK: python ([3.10.10](https://docs.python.org/3.10/whatsnew/changelog.html#python-3-10-10-final))<br>- bind tools ([9.16.37](https://bind9.readthedocs.io/en/v9_16_37/notes.html#notes-for-bind-9-16-37))<br>- curl ([7.88.1](https://curl.se/changes.html#7_88_1) (includes [7.88.0](https://curl.se/changes.html#7_88_0)))<br>- diffutils ([3.9](https://savannah.gnu.org/forum/forum.php?forum_id=10282))<br>- gcc ([12.2.1](https://gcc.gnu.org/gcc-12/changes.html))<br>- git ([2.39.2](https://github.com/git/git/blob/v2.39.2/Documentation/RelNotes/2.39.2.txt))<br>- libpcap ([1.10.3](https://git.tcpdump.org/libpcap/blob/refs/tags/libpcap-1.10.3:/CHANGES) (includes [1.10.2](https://git.tcpdump.org/libpcap/blob/refs/tags/libpcap-1.10.2:/CHANGES)))<br>- qemu guest agent ([7.1.0](https://wiki.qemu.org/ChangeLog/7.1#Guest_agent))<br>- socat ([1.7.4.4](https://repo.or.cz/socat.git/blob/refs/tags/tag-1.7.4.4:/CHANGES))<br>- traceroute (2.1.1)<br>- vim ([9.0.1363](https://github.com/vim/vim/releases/tag/v9.0.1363))<br>Packages:<br>- containerd 1.6.19<br>- docker 20.10.23<br>- ignition 2.15.0<br>- kernel 5.15.103<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-03-21T11:30:17+00:00 @@ -2438,7 +2462,7 @@ https://github.com/flatcar/scripts/releases/tag/alpha-3535.0.0 3535.0.0 - 2023-10-25T10:20:42.963815+00:00 + 2023-11-22T09:59:32.816703+00:00 _Changes since **Alpha 3510.0.0**_<br> <br>#### Security fixes:<br> <br> - Linux ([CVE-2022-2196](https://nvd.nist.gov/vuln/detail/CVE-2022-2196), [CVE-2022-27672](https://nvd.nist.gov/vuln/detail/CVE-2022-27672), [CVE-2022-3707](https://nvd.nist.gov/vuln/detail/CVE-2022-3707), [CVE-2023-1078](https://nvd.nist.gov/vuln/detail/CVE-2023-1078), [CVE-2023-26545](https://nvd.nist.gov/vuln/detail/CVE-2023-26545))<br> - Go ([CVE-2022-41723](https://nvd.nist.gov/vuln/detail/CVE-2022-41723), [CVE-2022-41724](https://nvd.nist.gov/vuln/detail/CVE-2022-41724), [CVE-2022-41725](https://nvd.nist.gov/vuln/detail/CVE-2022-41725))<br> - OpenSSH ([CVE-2023-25136](https://nvd.nist.gov/vuln/detail/CVE-2023-25136))<br> - OpenSSL ([CVE-2022-4203](https://nvd.nist.gov/vuln/detail/CVE-2022-4203), [CVE-2022-4304](https://nvd.nist.gov/vuln/detail/CVE-2022-4304), [CVE-2022-4450](https://nvd.nist.gov/vuln/detail/CVE-2022-4450), [CVE-2023-0215](https://nvd.nist.gov/vuln/detail/CVE-2023-0215), [CVE-2023-0216](https://nvd.nist.gov/vuln/detail/CVE-2023-0216), [CVE-2023-0217](https://nvd.nist.gov/vuln/detail/CVE-2023-0217), [CVE-2023-0286](https://nvd.nist.gov/vuln/detail/CVE-2023-0286), [CVE-2023-0401](https://nvd.nist.gov/vuln/detail/CVE-2023-0401))<br> - containerd ([CVE-2023-25153](https://nvd.nist.gov/vuln/detail/CVE-2023-25153), [CVE-2023-25173](https://nvd.nist.gov/vuln/detail/CVE-2023-25173))<br> - e2fsprogs ([CVE-2022-1304](https://nvd.nist.gov/vuln/detail/CVE-2022-1304))<br> - intel-microcode ([CVE-2022-21216](https://nvd.nist.gov/vuln/detail/CVE-2022-21216), [CVE-2022-33196](https://nvd.nist.gov/vuln/detail/CVE-2022-33196), [CVE-2022-38090](https://nvd.nist.gov/vuln/detail/CVE-2022-38090))<br> - less ([CVE-2022-46663](https://nvd.nist.gov/vuln/detail/CVE-2022-46663))<br> - torcx ([CVE-2022-32149](https://nvd.nist.gov/vuln/detail/CVE-2022-32149))<br> - SDK: dnsmasq ([CVE-2022-0934](https://nvd.nist.gov/vuln/detail/CVE-2022-0934))<br> <br> #### Bug fixes:<br> <br> - Excluded the special Kubernetes network interfaces `nodelocaldns` and `kube-ipvs0` from being managed with systemd-networkd which interfered with the setup ([init#89](https://github.com/flatcar/init/pull/89)).<br> <br> #### Changes:<br> <br> - Added a new `flatcar-reset` tool and boot logic for selective OS resets to reconfigure the system with Ignition while avoiding config drift ([bootengine#55](https://github.com/flatcar/bootengine/pull/55), [init#91](https://github.com/flatcar/init/pull/91))<br> - On boot any files in `/etc` that are the same as provided by the booted `/usr/share/flatcar/etc` default for the overlay mount on `/etc` are deleted to ensure that future updates of `/usr/share/flatcar/etc` are propagated - to opt out create `/etc/.no-dup-update` in case you want to keep an unmodified config file as is or because you fear that a future Flatcar version may use the same file as you at which point your copy is cleaned up and any other future Flatcar changes would be applied ([bootengine#54](https://github.com/flatcar/bootengine/pull/54))<br> - Switched systemd log reporting to the combined format of both unit description, as before, and now the unit name to easily find the unit ([coreos-overlay#2436](https://github.com/flatcar/coreos-overlay/pull/2436))<br> - `/etc` is now set up as overlayfs with the original `/etc` folder being the store for changed files/directories and `/usr/share/flatcar/etc` providing the lower default directory tree ([bootengine#53](https://github.com/flatcar/bootengine/pull/53), [scripts#666](https://github.com/flatcar/scripts/pull/666))<br> <br> #### Updates:<br> <br> - Linux ([5.15.98](https://lwn.net/Articles/925080) (includes [5.15.97](https://lwn.net/Articles/925064), [5.15.96](https://lwn.net/Articles/924441), [5.15.95](https://lwn.net/Articles/924073), [5.15.94](https://lwn.net/Articles/923308), [5.15.93](https://lwn.net/Articles/922814)))<br> - Go ([1.19.6](https://go.dev/doc/devel/release#go1.19.6))<br> - Linux Firmware ([20230210](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20230210))<br> - OpenSSH ([9.2](http://www.openssh.com/releasenotes.html#9.2))<br> - OpenSSL ([3.0.8](https://github.com/openssl/openssl/blob/openssl-3.0.8/NEWS.md#major-changes-between-openssl-307-and-openssl-308-7-feb-2023))<br> - btrfs-progs ([6.0.2](https://btrfs.readthedocs.io/en/latest/CHANGES.html#btrfs-progs-6-0-2-2022-11-24), includes [6.0](https://btrfs.readthedocs.io/en/latest/CHANGES.html#btrfs-progs-6-0-2022-10-11))<br> - containerd ([1.6.19](https://github.com/containerd/containerd/releases/tag/v1.6.19) (includes [1.6.18](https://github.com/containerd/containerd/releases/tag/v1.6.18)))<br> - e2fsprogs ([1.46.6](https://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.46.6))<br> - findutils ([4.9.0](https://lists.gnu.org/archive/html/info-gnu/2022-02/msg00003.html))<br> - ignition ([2.15.0](https://coreos.github.io/ignition/release-notes/#ignition-2150-2023-02-21))<br> - intel-microcode ([20230214](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230214))<br> - iputils ([20221126](https://github.com/iputils/iputils/releases/tag/20221126))<br> - less ([608](http://www.greenwoodsoftware.com/less/news.608.html))<br> - libpcre2 ([10.42](https://github.com/PCRE2Project/pcre2/blob/pcre2-10.42/NEWS))<br> - strace ([6.1](https://github.com/strace/strace/releases/tag/v6.1))<br> - SDK: cmake ([3.25.2](https://cmake.org/cmake/help/v3.25/release/3.25.html))<br> - SDK: dnsmasq ([2.89](https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2023q1/016859.html))<br> - SDK: python ([3.10.9](https://docs.python.org/3.10/whatsnew/changelog.html#python-3-10-9-final) (includes [3.10](https://www.python.org/downloads/release/python-3100/)))<br> - SDK: Rust ([1.67.1](https://github.com/rust-lang/rust/releases/tag/1.67.1))<br>Packages:<br>- containerd 1.6.19<br>- docker 20.10.23<br>- ignition 2.15.0<br>- kernel 5.15.98<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-03-07T15:22:31+00:00 @@ -2446,7 +2470,7 @@ https://github.com/flatcar/scripts/releases/tag/alpha-3510.0.0 3510.0.0 - 2023-10-25T10:20:42.955509+00:00 + 2023-11-22T09:59:32.801654+00:00 _Changes since **Alpha 3493.0.0**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-4842](https://nvd.nist.gov/vuln/detail/CVE-2022-4842))<br>- curl ([CVE-2022-43551](https://nvd.nist.gov/vuln/detail/CVE-2022-43551), [CVE-2022-43552](https://nvd.nist.gov/vuln/detail/CVE-2022-43552))<br>- sudo ([CVE-2023-22809](https://nvd.nist.gov/vuln/detail/CVE-2023-22809))<br>- vim ([CVE-2023-0049](https://nvd.nist.gov/vuln/detail/CVE-2023-0049), [CVE-2023-0051](https://nvd.nist.gov/vuln/detail/CVE-2023-0051), [CVE-2023-0054](https://nvd.nist.gov/vuln/detail/CVE-2023-0054))<br>- SDK: qemu ([CVE-2022-4172](https://nvd.nist.gov/vuln/detail/CVE-2022-4172))<br><br>#### Bug fixes:<br><br><br>#### Changes:<br><br><br>#### Updates:<br><br>- Linux ([5.15.92](https://lwn.net/Articles/922340) (includes [5.15.91](https://lwn.net/Articles/921851), [5.15.90](https://lwn.net/Articles/921029)))<br>- bind tools ([9.16.36](https://bind9.readthedocs.io/en/v9_16_36/notes.html#notes-for-bind-9-16-36) (includes [9.16.34](https://bind9.readthedocs.io/en/v9_16_35/notes.html#notes-for-bind-9-16-34) and [9.16.35](https://bind9.readthedocs.io/en/v9_16_34/notes.html#notes-for-bind-9-16-35)))<br>- bpftool ([5.19.12](https://lwn.net/Articles/909678/))<br>- containerd ([1.6.16](https://github.com/containerd/containerd/releases/tag/v1.6.16))<br>- cri-tools ([1.24.2](https://github.com/kubernetes-sigs/cri-tools/releases/tag/v1.24.2))<br>- curl ([7.87.0](https://curl.se/changes.html#7_87_0))<br>- Docker ([20.10.23](https://docs.docker.com/engine/release-notes/20.10/#201023))<br>- git ([2.39.1](https://github.com/git/git/blob/v2.39.1/Documentation/RelNotes/2.39.1.txt) (includes [2.39.0](https://github.com/git/git/blob/v2.39.0/Documentation/RelNotes/2.39.0.txt)))<br>- iptables ([1.8.8](https://www.netfilter.org/projects/iptables/files/changes-iptables-1.8.8.txt))<br>- sudo ([1.9.12_p2](https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_12p2))<br>- systemd ([252.5](https://github.com/systemd/systemd-stable/releases/tag/v252.5) (includes [252](https://github.com/systemd/systemd/releases/tag/v252)))<br>- XZ utils ([5.4.1](https://github.com/tukaani-project/xz/releases/tag/v5.4.1) (includes [5.4.0](https://github.com/tukaani-project/xz/releases/tag/v5.4.0)))<br>- vim ([9.0.1157](https://github.com/vim/vim/releases/tag/v9.0.1157))<br>- SDK: boost ([1.81.0](https://www.boost.org/users/history/version_1_81_0.html))<br>- SDK: file ([5.44](https://github.com/file/file/blob/FILE5_44/ChangeLog))<br>- SDK: portage ([3.0.43](https://github.com/gentoo/portage/blob/portage-3.0.43/NEWS) (includes [3.0.42](https://github.com/gentoo/portage/blob/portage-3.0.42/NEWS)))<br>- SDK: qemu ([7.2.0](https://wiki.qemu.org/ChangeLog/7.2))<br>- SDK: Rust ([1.67.0](https://github.com/rust-lang/rust/releases/tag/1.67.0))<br><br>Packages:<br>- containerd 1.6.16<br>- docker 20.10.23<br>- ignition 2.14.0<br>- kernel 5.15.92<br>- systemd 252<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-02-16T13:25:23+00:00 @@ -2454,7 +2478,7 @@ https://github.com/flatcar/scripts/releases/tag/alpha-3493.0.0 3493.0.0 - 2023-10-25T10:20:42.949433+00:00 + 2023-11-22T09:59:32.795553+00:00 _Changes since **Alpha 3480.0.0**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-36280](https://nvd.nist.gov/vuln/detail/CVE-2022-36280), [CVE-2022-41218](https://nvd.nist.gov/vuln/detail/CVE-2022-41218), [CVE-2022-47929](https://nvd.nist.gov/vuln/detail/CVE-2022-47929), [CVE-2023-0210](https://nvd.nist.gov/vuln/detail/CVE-2023-0210), [CVE-2023-0266](https://nvd.nist.gov/vuln/detail/CVE-2023-0266), [CVE-2023-0394](https://nvd.nist.gov/vuln/detail/CVE-2023-0394), [CVE-2023-23454](https://nvd.nist.gov/vuln/detail/CVE-2023-23454), [CVE-2023-23455](https://nvd.nist.gov/vuln/detail/CVE-2023-23455))<br>- git ([CVE-2022-23521](https://nvd.nist.gov/vuln/detail/CVE-2022-23521), [CVE-2022-41903](https://nvd.nist.gov/vuln/detail/CVE-2022-41903))<br>- glib ([fixes to normal form handling in GVariant](https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835))<br>- vim ([CVE-2022-3491](https://nvd.nist.gov/vuln/detail/CVE-2022-3491), [CVE-2022-3520](https://nvd.nist.gov/vuln/detail/CVE-2022-3520), [CVE-2022-3591](https://nvd.nist.gov/vuln/detail/CVE-2022-3591), [CVE-2022-4141](https://nvd.nist.gov/vuln/detail/CVE-2022-4141), [CVE-2022-4292](https://nvd.nist.gov/vuln/detail/CVE-2022-4292), [CVE-2022-4293](https://nvd.nist.gov/vuln/detail/CVE-2022-4293))<br>- SDK: qemu ([CVE-2020-14394](https://nvd.nist.gov/vuln/detail/CVE-2020-14394), [CVE-2022-0216](https://nvd.nist.gov/vuln/detail/CVE-2022-0216), [CVE-2022-3872](https://nvd.nist.gov/vuln/detail/CVE-2022-3872))<br>- SDK: Rust ([CVE-2022-46176](https://nvd.nist.gov/vuln/detail/CVE-2022-46176))<br><br>#### Bug fixes:<br><br>- Fixed a regression (in Alpha/Beta) where machines failed to boot if they didn't have the `core` user or group in `/etc/passwd` or `/etc/group` ([baselayout#26](https://github.com/flatcar/baselayout/pull/26))<br><br>#### Changes:<br><br><br>#### Updates:<br><br>- Linux ([5.15.89](https://lwn.net/Articles/920321) (includes [5.15.88](https://lwn.net/Articles/920012), [5.15.87](https://lwn.net/Articles/919793)))<br>- Linux Firmware ([20230117](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20230117))<br>- Go ([1.19.5](https://go.dev/doc/devel/release#go1.19.5), [1.18.10](https://go.dev/doc/devel/release#go1.18.10))<br>- adcli ([0.9.2](https://gitlab.freedesktop.org/realmd/adcli/-/commits/8e88e3590a19006362ea8b8dfdc18bb88b3cb3b5/))<br>- binutils ([2.39](https://sourceware.org/pipermail/binutils/2022-August/122246.html))<br>- elfutils ([0.188](https://sourceware.org/pipermail/elfutils-devel/2022q4/005561.html) (includes [0.187](https://sourceware.org/pipermail/elfutils-devel/2022q2/004978.html)))<br>- file ([5.43](https://mailman.astron.com/pipermail/file/2022-September/000857.html))<br>- gawk ([5.2.1](https://lists.gnu.org/archive/html/help-gawk/2022-11/msg00008.html) (contains [5.2.0](https://lists.gnu.org/archive/html/help-gawk/2022-09/msg00000.html)))<br>- git ([2.38.3](https://github.com/git/git/blob/v2.38.3/Documentation/RelNotes/2.38.3.txt))<br>- glib ([2.74.4](https://gitlab.gnome.org/GNOME/glib/-/tags/2.74.4))<br>- I2C tools ([4.3](https://git.kernel.org/pub/scm/utils/i2c-tools/i2c-tools.git/tree/CHANGES?id=d8bc1f1ff4b00a6bd988aa114100ae9b787f50d8))<br>- Intel Microcode Package ([20221108](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20221108))<br>- libcap-ng ([0.8.3](https://people.redhat.com/sgrubb/libcap-ng/ChangeLog))<br>- libseccomp ([2.5.4](https://github.com/seccomp/libseccomp/releases/tag/v2.5.4) (contains [2.5.2](https://github.com/seccomp/libseccomp/releases/tag/v2.5.2), [2.5.3](https://github.com/seccomp/libseccomp/releases/tag/v2.5.3)))<br>- nettle ([3.8.1](https://git.lysator.liu.se/nettle/nettle/-/blob/990abad16ceacd070747dcc76ed16a39c129321e/ChangeLog))<br>- rsync ([3.2.7](https://download.samba.org/pub/rsync/NEWS#3.2.7))<br>- shadow ([4.13](https://github.com/shadow-maint/shadow/releases/tag/4.13))<br>- sqlite ([3.40.1](https://www.sqlite.org/releaselog/3_40_1.html) (contains [3.40.0](https://www.sqlite.org/releaselog/3_40_0.html)))<br>- vim ([9.0.1000](https://github.com/vim/vim/releases/tag/v9.0.1000))<br>- XZ utils ([5.2.10](https://git.tukaani.org/?p=xz.git;a=blob;f=NEWS;h=d92fa88a835180af5d6ff22ad0e240d6468f81af;hb=f7c2cc55618b9af3318f0c908cf8db0df1e28e7c))<br>- Azure: python-oem ([3.9.16](https://www.python.org/downloads/release/python-3916/))<br>- SDK: libpng ([1.6.39](http://www.libpng.org/pub/png/src/libpng-1.6.39-README.txt) (includes [1.6.38](http://www.libpng.org/pub/png/src/libpng-1.6.38-README.txt)))<br>- SDK: perl ([5.36.0](https://perldoc.perl.org/5.36.0/perldelta))<br>- SDK: portage ([3.0.41](https://gitweb.gentoo.org/proj/portage.git/tree/NEWS?h=portage-3.0.41))<br>- SDK: qemu ([7.1.0](https://wiki.qemu.org/ChangeLog/7.1))<br>- SDK: Rust ([1.66.1](https://github.com/rust-lang/rust/releases/tag/1.66.1))<br><br>Packages:<br>- containerd 1.6.15<br>- docker 20.10.22<br>- ignition 2.14.0<br>- kernel 5.15.89<br>- systemd 251<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-01-24T13:17:19+00:00 @@ -2462,7 +2486,7 @@ https://github.com/flatcar/scripts/releases/tag/alpha-3480.0.0 3480.0.0 - 2023-10-25T10:20:42.942154+00:00 + 2023-11-22T09:59:32.788039+00:00 _Changes since **Alpha 3446.0.0**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-3424](https://nvd.nist.gov/vuln/detail/CVE-2022-3424), [CVE-2022-3534](https://nvd.nist.gov/vuln/detail/CVE-2022-3534), [CVE-2022-3545](https://nvd.nist.gov/vuln/detail/CVE-2022-3545), [CVE-2022-3643](https://nvd.nist.gov/vuln/detail/CVE-2022-3643), [CVE-2022-4378](https://nvd.nist.gov/vuln/detail/CVE-2022-4378), [CVE-2022-45869](https://nvd.nist.gov/vuln/detail/CVE-2022-45869), [CVE-2022-45934](https://nvd.nist.gov/vuln/detail/CVE-2022-45934))<br>- Go ([CVE-2022-41717](https://nvd.nist.gov/vuln/detail/CVE-2022-41717))<br>- containerd ([CVE-2022-23471](https://nvd.nist.gov/vuln/detail/CVE-2022-23471))<br>- systemd ([CVE-2022-3821](https://nvd.nist.gov/vuln/detail/CVE-2022-3821), [CVE-2022-4415](https://nvd.nist.gov/vuln/detail/CVE-2022-4415))<br>- Python ([CVE-2015-20107](https://nvd.nist.gov/vuln/detail/CVE-2015-20107), [CVE-2020-10735](https://nvd.nist.gov/vuln/detail/CVE-2020-10735), [CVE-2021-3654](https://nvd.nist.gov/vuln/detail/CVE-2021-3654), [CVE-2022-37454](https://nvd.nist.gov/vuln/detail/CVE-2022-37454), [CVE-2022-42919](https://nvd.nist.gov/vuln/detail/CVE-2022-42919), [CVE-2022-45061](https://nvd.nist.gov/vuln/detail/CVE-2022-45061))<br>- libarchive ([CVE-2022-36227](https://nvd.nist.gov/vuln/detail/CVE-2022-36227))<br>- libksba ([CVE-2022-47629](https://nvd.nist.gov/vuln/detail/CVE-2022-47629))<br><br>#### Bug fixes:<br><br>- Added back Ignition support for Vagrant ([coreos-overlay#2351](https://github.com/flatcar/coreos-overlay/pull/2351))<br>- The rootfs setup in the initrd now runs systemd-tmpfiles on every boot, not only when Ignition runs, to fix a dbus failure due to missing files ([Flatcar#944](https://github.com/flatcar/Flatcar/issues/944))<br><br><br>#### Updates:<br><br>- Linux ([5.15.86](https://lwn.net/Articles/918808) (includes [5.15.85](https://lwn.net/Articles/918329), [5.15.84](https://lwn.net/Articles/918206), [5.15.83](https://lwn.net/Articles/917896), [5.15.82](https://lwn.net/Articles/917400)))<br>- Linux Firmware ([20221214](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20221214))<br>- Docker ([20.10.22](https://docs.docker.com/engine/release-notes/#201022))<br>- GNU C Library ([2.36](https://sourceware.org/pipermail/libc-alpha/2022-August/141193.html))<br>- Go ([1.19.4](https://go.dev/doc/devel/release#go1.19.4))<br>- Rust ([1.66.0](https://github.com/rust-lang/rust/releases/tag/1.66.0))<br>- ca-certificates ([3.87](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_87.html))<br>- containerd ([1.6.15](https://github.com/containerd/containerd/releases/tag/v1.6.15))<br>- systemd ([251.10](https://github.com/systemd/systemd-stable/commits/v251.10) (includes [251](https://github.com/systemd/systemd/releases/tag/v251)))<br>- MIT Kerberos V ([1.20.1](https://web.mit.edu/kerberos/krb5-1.20/krb5-1.20.1.html))<br>- XZ utils ([5.2.9](https://git.tukaani.org/?p=xz.git;a=blob;f=NEWS;h=ebb303084403445088ec97dfedf0461a6e5b5077;hb=d8a898eb9974683bc725c49ec76722f9a8758f48))<br>- libksba ([1.6.3](https://dev.gnupg.org/T6304))<br><br>Packages:<br>- containerd 1.6.15<br>- docker 20.10.22<br>- ignition 2.14.0<br>- kernel 5.15.86<br>- systemd 251<br><br>Architectures:<br>- amd64<br>- arm64<br> 2023-01-11T13:33:59+00:00 @@ -2470,7 +2494,7 @@ https://github.com/flatcar/scripts/releases/tag/alpha-3446.0.0 3446.0.0 - 2023-10-25T10:20:42.935841+00:00 + 2023-11-22T09:59:32.781740+00:00 _Changes since **Alpha 3432.0.0**_<br> <br>#### Security fixes:<br> <br>- Linux ([CVE-2022-3169](https://nvd.nist.gov/vuln/detail/CVE-2022-3169), [CVE-2022-3521](https://nvd.nist.gov/vuln/detail/CVE-2022-3521))<br>- sudo ([CVE-2022-43995](https://nvd.nist.gov/vuln/detail/CVE-2022-43995))<br> <br>#### Bug fixes:<br> <br>- Fix "ext4 deadlock under heavy I/O load" kernel issue. The patch for this is included provisionally while we wait for it to be merged upstream ([Flatcar#847](https://github.com/flatcar/Flatcar/issues/847), [coreos-overlay#2315](https://github.com/flatcar/coreos-overlay/pull/2315))<br> <br>#### Updates:<br> <br>- Linux ([5.15.81](https://lwn.net/Articles/916763) (includes [5.15.80](https://lwn.net/Articles/916003)))<br>- gettext ([0.21.1](https://git.savannah.gnu.org/gitweb/?p=gettext.git;a=blob;f=NEWS;h=cdbb16746c23555e70bb1e16917f5c349ce92d9e;hb=8b38ee827251cadbb90cb6cb576ae98702566288))<br>- GnuTLS ([3.7.8](https://lists.gnupg.org/pipermail/gnutls-help/2022-September/004765.html))<br>- sudo ([1.9.12_p1](https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_12p1))<br>- XZ utils ([5.2.8](https://git.tukaani.org/?p=xz.git;a=blob;f=NEWS;h=c244b42a6771a6e8af206318dfc500d78929fd6f;hb=5476089d9c42b9b04e92b80e1800b384a98265cb))<br>- VMware: open-vm-tools ([12.1.5](https://github.com/vmware/open-vm-tools/releases/tag/stable-12.1.5))<br>Packages:<br>- containerd 1.6.10<br>- docker 20.10.21<br>- ignition 2.14.0<br>- kernel 5.15.81<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-12-09T09:48:16+00:00 @@ -2478,7 +2502,7 @@ https://github.com/flatcar/scripts/releases/tag/alpha-3432.0.0 3432.0.0 - 2023-10-25T10:20:42.930654+00:00 + 2023-11-22T09:59:32.776496+00:00 _Changes since **Alpha 3417.0.0**_<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2022-3543](https://nvd.nist.gov/vuln/detail/CVE-2022-3543), [CVE-2022-3564](https://nvd.nist.gov/vuln/detail/CVE-2022-3564), [CVE-2022-3619](https://nvd.nist.gov/vuln/detail/CVE-2022-3619), [CVE-2022-3623](https://nvd.nist.gov/vuln/detail/CVE-2022-3623), [CVE-2022-3628](https://nvd.nist.gov/vuln/detail/CVE-2022-3628), [CVE-2022-42895](https://nvd.nist.gov/vuln/detail/CVE-2022-42895), [CVE-2022-42896](https://nvd.nist.gov/vuln/detail/CVE-2022-42896))<br> - cpio ([CVE-2021-38185](https://nvd.nist.gov/vuln/detail/CVE-2021-38185))<br> - curl ([CVE-2022-32221](https://nvd.nist.gov/vuln/detail/CVE-2022-32221), [CVE-2022-35260](https://nvd.nist.gov/vuln/detail/CVE-2022-32221), [CVE-2022-42915](https://nvd.nist.gov/vuln/detail/CVE-2022-32221), [CVE-2022-42916](https://nvd.nist.gov/vuln/detail/CVE-2022-32221))<br> - expat ([CVE-2022-43680](https://nvd.nist.gov/vuln/detail/CVE-2022-43680))<br> - libksba ([CVE-2022-3515](https://nvd.nist.gov/vuln/detail/CVE-2022-3515))<br> - vim ([CVE-2022-3705](https://nvd.nist.gov/vuln/detail/CVE-2022-3705))<br> <br> #### Bug fixes:<br> <br> - Added support for hardware security keys in update-ssh-keys ([update-ssh-keys#7](https://github.com/flatcar/update-ssh-keys/pull/7))<br> - Fixed Ignition btrfs forced formatting for OEM partition ([coreos-overlay#2277](https://github.com/flatcar/coreos-overlay/pull/2277))<br> <br> #### Updates:<br> <br> - Linux ([5.15.79](https://lwn.net/Articles/915100) (includes [5.15.78](https://lwn.net/Articles/914423)))<br> - Linux Firmware ([20221109](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20221109))<br> - ca-certificates ([3.85](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_85.html))<br> - containerd ([1.6.10](https://github.com/containerd/containerd/releases/tag/v1.6.10))<br> - Expat ([2.5.0](https://github.com/libexpat/libexpat/blob/R_2_5_0/expat/Changes))<br> - cpio ([2.13](https://lists.gnu.org/archive/html/bug-cpio/2019-11/msg00000.html))<br> - curl ([7.86](https://curl.se/changes.html#7_86_0))<br> - glib ([2.74.1](https://gitlab.gnome.org/GNOME/glib/-/tags/2.74.1))<br> - libcap ([2.66](https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.d9ygdose5kw))<br> - libksba ([1.6.2](https://dev.gnupg.org/T6230))<br> - openssh ([9.1](http://www.openssh.com/releasenotes.html#9.1))<br> - sqlite ([3.39.4](https://sqlite.org/releaselog/3_39_4.html))<br> - vim ([9.0.0828](https://github.com/vim/vim/releases/tag/v9.0.0828))<br> - whois ([5.5.14](https://github.com/rfc1036/whois/commit/ab10466cf2e1ec4887f6a44375c3e29c1720157f))<br> - XZ utils ([5.2.7](https://git.tukaani.org/?p=xz.git;a=blob;f=NEWS;h=0205423e79ce8297102096b0fc8b030ddf5b2023;hb=d24a57b7fc7e5e9267b84367cb0788d3acf7f569))<br> - SDK: Rust ([1.65.0](https://github.com/rust-lang/rust/releases/tag/1.65.0))<br>Packages:<br>- containerd 1.6.10<br>- docker 20.10.21<br>- ignition 2.14.0<br>- kernel 5.15.79<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-11-24T15:10:03+00:00 @@ -2486,7 +2510,7 @@ https://github.com/flatcar/scripts/releases/tag/alpha-3417.0.0 3417.0.0 - 2023-10-25T10:20:42.924506+00:00 + 2023-11-22T09:59:32.770222+00:00 _Changes since **Alpha 3402.0.1**_<br> <br> #### Security fixes:<br> <br> - Linux ([CVE-2022-2602](https://nvd.nist.gov/vuln/detail/CVE-2022-2602), [CVE-2022-3535](https://nvd.nist.gov/vuln/detail/CVE-2022-3535), [CVE-2022-3542](https://nvd.nist.gov/vuln/detail/CVE-2022-3542), [CVE-2022-3565](https://nvd.nist.gov/vuln/detail/CVE-2022-3565), [CVE-2022-3594](https://nvd.nist.gov/vuln/detail/CVE-2022-3594))<br> - git ([CVE-2022-39253](https://nvd.nist.gov/vuln/detail/CVE-2022-39253), [CVE-2022-39260](https://nvd.nist.gov/vuln/detail/CVE-2022-39260))<br> - multipath-tools ([CVE-2022-41973](https://nvd.nist.gov/vuln/detail/CVE-2022-41973), [CVE-2022-41974](https://nvd.nist.gov/vuln/detail/CVE-2022-41974))<br> <br> <br> #### Changes:<br> <br> - Toolbox now uses containerd to download and mount the image ([toolbox#7](https://github.com/flatcar/toolbox/pull/7))<br> <br> #### Updates:<br> <br> - Linux ([5.15.77](https://lwn.net/Articles/913681) (includes [5.15.76](https://lwn.net/Articles/912997), [5.15.75](https://lwn.net/Articles/912500)))<br> - Docker ([20.10.21](https://docs.docker.com/engine/release-notes/#201021))<br> - Go ([1.19.3](https://go.dev/doc/devel/release#go1.19.3))<br> - OpenSSL ([3.0.7](https://www.openssl.org/news/openssl-3.0-notes.html))<br> - containerd ([1.6.9](https://github.com/containerd/containerd/releases/tag/v1.6.9))<br> - glibc ([2.35](https://savannah.gnu.org/forum/forum.php?forum_id=10111))<br> - bpftool ([5.19.8](https://lwn.net/Articles/907523/))<br> - git ([2.37.4](https://github.com/git/git/blob/master/Documentation/RelNotes/2.37.4.txt))<br> - iputils ([20211215](https://github.com/iputils/iputils/releases/tag/20211215))<br> - libcap ([2.65](https://sites.google.com/site/fullycapable/release-notes-for-libcap?authuser=0#h.wfblevfzkj0))<br> - multipath-tools ([0.9.3](https://github.com/opensvc/multipath-tools/releases/tag/0.9.3)<br> - wget ([1.21.3](https://lists.gnu.org/archive/html/info-gnu/2022-02/msg00017.html))<br> - whois ([5.5.13](https://github.com/rfc1036/whois/blob/v5.5.13/debian/changelog))<br> - xz-utils ([5.2.6](https://git.tukaani.org/?p=xz.git;a=blob;f=NEWS;h=4c79b18ff26a1c479a920b21f07d050599c04c9e;hb=8dfed05bdaa4873833ba24279f02ad2db25effea))<br><br>Packages:<br>- containerd 1.6.9<br>- docker 20.10.21<br>- ignition 2.14.0<br>- kernel 5.15.77<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-11-09T12:52:02+00:00 @@ -2494,7 +2518,7 @@ https://github.com/flatcar/scripts/releases/tag/alpha-3402.0.1 3402.0.1 - 2023-10-25T10:20:42.918744+00:00 + 2023-11-22T09:59:32.764442+00:00 _Changes since **Alpha 3402.0.0**_<br><br>#### Security fixes:<br>- OpenSSL ([CVE-2022-3602](https://nvd.nist.gov/vuln/detail/CVE-2022-3602), [CVE-2022-3786](https://nvd.nist.gov/vuln/detail/CVE-2022-3786))<br><br>Packages:<br>- containerd 1.6.8<br>- docker 20.10.20<br>- ignition 2.14.0<br>- kernel 5.15.74<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-11-01T13:16:15+00:00 @@ -2502,7 +2526,7 @@ https://github.com/flatcar/scripts/releases/tag/alpha-3402.0.0 3402.0.0 - 2023-10-25T10:20:42.914377+00:00 + 2023-11-22T09:59:32.759974+00:00 New **Alpha** Release **3402.0.0**<br><br>_Changes since **Alpha 3374.0.0**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-2308](https://nvd.nist.gov/vuln/detail/CVE-2022-2308), [CVE-2022-3621](https://nvd.nist.gov/vuln/detail/CVE-2022-3621), [CVE-2022-3646](https://nvd.nist.gov/vuln/detail/CVE-2022-3646), [CVE-2022-3649](https://nvd.nist.gov/vuln/detail/CVE-2022-3649), [CVE-2022-40768](https://nvd.nist.gov/vuln/detail/CVE-2022-40768), [CVE-2022-41674](https://nvd.nist.gov/vuln/detail/CVE-2022-41674), [CVE-2022-42719](https://nvd.nist.gov/vuln/detail/CVE-2022-42719), [CVE-2022-42720](https://nvd.nist.gov/vuln/detail/CVE-2022-42720), [CVE-2022-42721](https://nvd.nist.gov/vuln/detail/CVE-2022-42721), [CVE-2022-42722](https://nvd.nist.gov/vuln/detail/CVE-2022-42722))<br>- bind-tools ([CVE-2022-2795](https://nvd.nist.gov/vuln/detail/CVE-2022-2795), [CVE-2022-2881](https://nvd.nist.gov/vuln/detail/CVE-2022-2881), [CVE-2022-2906](https://nvd.nist.gov/vuln/detail/CVE-2022-2906), [CVE-2022-3080](https://nvd.nist.gov/vuln/detail/CVE-2022-3080), [CVE-2022-38177](https://nvd.nist.gov/vuln/detail/CVE-2022-38177), [CVE-2022-38178](https://nvd.nist.gov/vuln/detail/CVE-2022-38178))<br>- curl ([CVE-2022-35252](https://nvd.nist.gov/vuln/detail/CVE-2022-35252))<br>- dbus ([CVE-2022-42010](https://nvd.nist.gov/vuln/detail/CVE-2022-42010), [CVE-2022-42011](https://nvd.nist.gov/vuln/detail/CVE-2022-42011), [CVE-2022-42012](https://nvd.nist.gov/vuln/detail/CVE-2022-42012))<br>- go ([CVE-2022-41715](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41715), [CVE-2022-2880](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880), [CVE-2022-2879](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879))<br>- libxml2 ([CVE-2022-40303](https://nvd.nist.gov/vuln/detail/CVE-2022-40303), [CVE-2022-40304](https://nvd.nist.gov/vuln/detail/CVE-2022-40304))<br>- logrotate ([CVE-2022-1348](https://nvd.nist.gov/vuln/detail/CVE-2022-1348))<br>- vim ([CVE-2022-2042](https://nvd.nist.gov/vuln/detail/CVE-2022-2042), [CVE-2022-2124](https://nvd.nist.gov/vuln/detail/CVE-2022-2124), [CVE-2022-2125](https://nvd.nist.gov/vuln/detail/CVE-2022-2125), [CVE-2022-2126](https://nvd.nist.gov/vuln/detail/CVE-2022-2126), [CVE-2022-2129](https://nvd.nist.gov/vuln/detail/CVE-2022-2129), [CVE-2022-2175](https://nvd.nist.gov/vuln/detail/CVE-2022-2175), [CVE-2022-2182](https://nvd.nist.gov/vuln/detail/CVE-2022-2182), [CVE-2022-2183](https://nvd.nist.gov/vuln/detail/CVE-2022-2183), [CVE-2022-2206](https://nvd.nist.gov/vuln/detail/CVE-2022-2206), [CVE-2022-2207](https://nvd.nist.gov/vuln/detail/CVE-2022-2207), [CVE-2022-2208](https://nvd.nist.gov/vuln/detail/CVE-2022-2208), [CVE-2022-2210](https://nvd.nist.gov/vuln/detail/CVE-2022-2210), [CVE-2022-2231](https://nvd.nist.gov/vuln/detail/CVE-2022-2231), [CVE-2022-2257](https://nvd.nist.gov/vuln/detail/CVE-2022-2257), [CVE-2022-2264](https://nvd.nist.gov/vuln/detail/CVE-2022-2264), [CVE-2022-2284](https://nvd.nist.gov/vuln/detail/CVE-2022-2284), [CVE-2022-2285](https://nvd.nist.gov/vuln/detail/CVE-2022-2285), [CVE-2022-2286](https://nvd.nist.gov/vuln/detail/CVE-2022-2286), [CVE-2022-2287](https://nvd.nist.gov/vuln/detail/CVE-2022-2287), [CVE-2022-2288](https://nvd.nist.gov/vuln/detail/CVE-2022-2288), [CVE-2022-2289](https://nvd.nist.gov/vuln/detail/CVE-2022-2289), [CVE-2022-2304](https://nvd.nist.gov/vuln/detail/CVE-2022-2304), [CVE-2022-2343](https://nvd.nist.gov/vuln/detail/CVE-2022-2343), [CVE-2022-2344](https://nvd.nist.gov/vuln/detail/CVE-2022-2344), [CVE-2022-2345](https://nvd.nist.gov/vuln/detail/CVE-2022-2345), [CVE-2022-2522](https://nvd.nist.gov/vuln/detail/CVE-2022-2522), [CVE-2022-2816](https://nvd.nist.gov/vuln/detail/CVE-2022-2816), [CVE-2022-2817](https://nvd.nist.gov/vuln/detail/CVE-2022-2817), [CVE-2022-2819](https://nvd.nist.gov/vuln/detail/CVE-2022-2819), [CVE-2022-2845](https://nvd.nist.gov/vuln/detail/CVE-2022-2845), [CVE-2022-2849](https://nvd.nist.gov/vuln/detail/CVE-2022-2849), [CVE-2022-2862](https://nvd.nist.gov/vuln/detail/CVE-2022-2862), [CVE-2022-2874](https://nvd.nist.gov/vuln/detail/CVE-2022-2874), [CVE-2022-2889](https://nvd.nist.gov/vuln/detail/CVE-2022-2889), [CVE-2022-2923](https://nvd.nist.gov/vuln/detail/CVE-2022-2923), [CVE-2022-2946](https://nvd.nist.gov/vuln/detail/CVE-2022-2946), [CVE-2022-2980](https://nvd.nist.gov/vuln/detail/CVE-2022-2980), [CVE-2022-2982](https://nvd.nist.gov/vuln/detail/CVE-2022-2982), [CVE-2022-3016](https://nvd.nist.gov/vuln/detail/CVE-2022-3016), [CVE-2022-3099](https://nvd.nist.gov/vuln/detail/CVE-2022-3099), [CVE-2022-3134](https://nvd.nist.gov/vuln/detail/CVE-2022-3134), [CVE-2022-3153](https://nvd.nist.gov/vuln/detail/CVE-2022-3153), [CVE-2022-1725](https://nvd.nist.gov/vuln/detail/CVE-2022-1725), [CVE-2022-3234](https://nvd.nist.gov/vuln/detail/CVE-2022-3234), [CVE-2022-3235](https://nvd.nist.gov/vuln/detail/CVE-2022-3235), [CVE-2022-3278](https://nvd.nist.gov/vuln/detail/CVE-2022-3278), [CVE-2022-3256](https://nvd.nist.gov/vuln/detail/CVE-2022-3256), [CVE-2022-3296](https://nvd.nist.gov/vuln/detail/CVE-2022-3296), [CVE-2022-3297](https://nvd.nist.gov/vuln/detail/CVE-2022-3297), [CVE-2022-3324](https://nvd.nist.gov/vuln/detail/CVE-2022-3324), [CVE-2022-3352](https://nvd.nist.gov/vuln/detail/CVE-2022-3352))<br>- SDK: rust ([CVE-2022-36113](https://nvd.nist.gov/vuln/detail/CVE-2022-36113), [CVE-2022-36114](https://nvd.nist.gov/vuln/detail/CVE-2022-36114))<br><br>#### Bug fixes:<br><br>- Enabled IOMMU on arm64 kernels, the lack of which prevented some systems from booting ([coreos-overlay#2235](https://github.com/flatcar/coreos-overlay/pull/2235))<br><br>#### Changes:<br><br>- Added `CONFIG_NF_CONNTRACK_BRIDGE` (for nf_conntrack_bridge) and `CONFIG_NFT_BRIDGE_META` (for nft_meta_bridge) to the kernel config to allow using conntrack rules for bridges in nftables and to match on bridge interface names ([coreos-overlay#2207](https://github.com/flatcar/coreos-overlay/pull/2207))<br>- Change CONFIG_WIREGUARD kernel option to module to save space on boot partition ([coreos-overlay#2239](https://github.com/flatcar/coreos-overlay/pull/2239))<br>- Disable several arch specific arm64 kernel config options for unsupported platforms to save space on boot partition ([coreos-overlay#2239](https://github.com/flatcar/coreos-overlay/pull/2239))<br>- OpenStack: enabled `coreos-metadata-sshkeys@.service` to provision SSH keys from metadata. ([Flatcar#817](https://github.com/flatcar/Flatcar/issues/817), [coreos-overlay#2246](https://github.com/flatcar/coreos-overlay/pull/2246))<br>- Switched from `--strip-unneeded` to `--strip-debug` when installing kernel modules, which makes kernel stacktraces more accurate and makes debugging issues easier ([coreos-overlay#2196](https://github.com/flatcar/coreos-overlay/pull/2196))<br>- The flatcar-update tool got two new flags to customize ports used on the host while updating flatcar ([init#81](https://github.com/flatcar/init/pull/81))<br>- Add qemu-guest-agent to all amd64 images, it will be automatically enabled when qemu-ga virtio-port is detected ([coreos-overlay#2240](https://github.com/flatcar/coreos-overlay/pull/2240), [portage-stable#373](https://github.com/flatcar/portage-stable/pull/373))<br><br>#### Updates:<br><br>- Linux ([5.15.74](https://lwn.net/Articles/911275/) (includes [5.15.71](https://lwn.net/Articles/909679), [5.15.72](https://lwn.net/Articles/910398), [5.15.73](https://lwn.net/Articles/910957)))<br>- Linux Firmware ([20221012](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20221012))<br>- bind-tools ([9.16.33](https://gitlab.isc.org/isc-projects/bind9/-/raw/v9_16_33/CHANGES))<br>- bpftool ([5.19.2](https://lwn.net/Articles/904957/))<br>- ca-certificates ([3.84](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_84.html))<br>- curl ([7.85](https://curl.se/mail/archive-2022-08/0012.html))<br>- dbus ([1.14.4](https://gitlab.freedesktop.org/dbus/dbus/-/raw/dbus-1.14.4/NEWS))<br>- Docker ([20.10.20](https://docs.docker.com/engine/release-notes/#201020))<br>- git ([2.37.3](https://github.com/git/git/blob/v2.37.3/Documentation/RelNotes/2.37.3.txt))<br>- glibc ([2.34](https://sourceware.org/pipermail/libc-alpha/2021-August/129718.html))<br>- Go ([1.18.7](https://go.dev/doc/devel/release#1.18.7))<br>- libxml2 ([2.10.3](https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3))<br>- logrotate ([3.20.1](https://github.com/logrotate/logrotate/releases/tag/3.20.1))<br>- nmap ([7.93](https://nmap.org/changelog.html#7.93))<br>- pahole ([1.23](https://git.kernel.org/pub/scm/devel/pahole/pahole.git/tag/?h=v1.23))<br>- strace ([5.19](https://github.com/strace/strace/releases/tag/v5.19))<br>- vim ([9.0.0655](https://github.com/vim/vim/releases/tag/v9.0.0655))<br>- wireguard-tools ([1.0.20210914](https://github.com/WireGuard/wireguard-tools/releases/tag/v1.0.20210914))<br>- zlib ([1.2.13](https://github.com/madler/zlib/releases/tag/v1.2.13))<br>- SDK: catalyst ([3.0.21](https://gitweb.gentoo.org/proj/catalyst.git/log/?h=3.0.21))<br>- SDK: cmake ([3.23.3](https://cmake.org/cmake/help/v3.23/release/3.23.html))<br>- SDK: libxslt ([1.1.37](https://gitlab.gnome.org/GNOME/libxslt/-/tags/v1.1.37))<br>- SDK: meson ([0.62.2](https://mesonbuild.com/Release-notes-for-0-62-0.html))<br>- SDK: ninja ([1.11.0](https://groups.google.com/g/ninja-build/c/R2oCyDctDf8/m/-U94Y5I8AgAJ?pli=1))<br>- SDK: Rust ([1.64.0](https://github.com/rust-lang/rust/releases/tag/1.64.0))<br>Packages:<br>- containerd 1.6.8<br>- docker 20.10.20<br>- ignition 2.14.0<br>- kernel 5.15.74<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-10-26T09:25:00+00:00 @@ -2510,7 +2534,7 @@ https://github.com/flatcar/scripts/releases/tag/alpha-3374.0.0 3374.0.0 - 2023-10-25T10:20:42.904303+00:00 + 2023-11-22T09:59:32.749730+00:00 _Changes since **Alpha 3346.0.0**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-0171](https://nvd.nist.gov/vuln/detail/CVE-2022-0171), [CVE-2022-2663](https://nvd.nist.gov/vuln/detail/CVE-2022-2663), [CVE-2022-2905](https://nvd.nist.gov/vuln/detail/CVE-2022-2905), [CVE-2022-3028](https://nvd.nist.gov/vuln/detail/CVE-2022-3028), [CVE-2022-3061](https://nvd.nist.gov/vuln/detail/CVE-2022-3061), [CVE-2022-3176](https://nvd.nist.gov/vuln/detail/CVE-2022-3176), [CVE-2022-3303](https://nvd.nist.gov/vuln/detail/CVE-2022-3303), [CVE-2022-39190](https://nvd.nist.gov/vuln/detail/CVE-2022-39190), [CVE-2022-39842](https://nvd.nist.gov/vuln/detail/CVE-2022-39842), [CVE-2022-40307](https://nvd.nist.gov/vuln/detail/CVE-2022-40307))<br>- Go ([CVE-2022-27664](https://nvd.nist.gov/vuln/detail/CVE-2022-27664), [CVE-2022-32190](https://nvd.nist.gov/vuln/detail/CVE-2022-32190))<br>- Docker ([CVE-2022-36109](https://nvd.nist.gov/vuln/detail/CVE-2022-36109))<br>- expat ([CVE-2022-40674](https://nvd.nist.gov/vuln/detail/CVE-2022-40674))<br>- intel-microcode ([CVE-2022-21233](https://nvd.nist.gov/vuln/detail/CVE-2022-21233))<br>- GNU Libtasn1 ([Gentoo#866237](https://bugs.gentoo.org/866237))<br>- libxml2 ([CVE-2016-3709](https://nvd.nist.gov/vuln/detail/CVE-2016-3709), [CVE-2022-2309](https://nvd.nist.gov/vuln/detail/CVE-2022-2309))<br>- polkit ([CVE-2021-4115](https://nvd.nist.gov/vuln/detail/CVE-2021-4115))<br>- rsync ([CVE-2022-29154](https://nvd.nist.gov/vuln/detail/CVE-2022-29154))<br>- unzip ([CVE-2022-0529](https://nvd.nist.gov/vuln/detail/CVE-2022-0529), [CVE-2022-0530](https://nvd.nist.gov/vuln/detail/CVE-2022-0530), [CVE-2021-4217](https://nvd.nist.gov/vuln/detail/CVE-2021-4217))<br>- zlib ([CVE-2022-37434](https://nvd.nist.gov/vuln/detail/CVE-2022-37434))<br><br>#### Bug fixes:<br><br>- Added back `gettext` to the OS ([Flatcar#849](https://github.com/flatcar-linux/Flatcar/issues/849))<br>- Added merging of Ignition systemd duplicated units when auto-translating from Ignition 2 to Ignition 3. ([coreos-overlay#2187](https://github.com/flatcar/coreos-overlay/pull/2187))<br>- Equinix Metal: Fixed serial console settings for the `m3.small.x86` instance by expanding the GRUB check for `i386` to `x86_64` ([coreos-overlay#2122](https://github.com/flatcar-linux/coreos-overlay/pull/2122))<br><br>#### Changes:<br><br>- emerge-gitclone: Migrate emerge-gitclone to use scripts repo tags and submodule refs<br><br>#### Updates:<br><br>- Linux ([5.15.70](https://lwn.net/Articles/909212) (includes [5.15.69](https://lwn.net/Articles/908782), [5.15.68](https://lwn.net/Articles/908140), [5.15.67](https://lwn.net/Articles/907526), [5.15.66](https://lwn.net/Articles/907524), [5.15.65](https://lwn.net/Articles/907204), [5.15.64](https://lwn.net/Articles/906630)))<br>- Linux Firmware ([20220913](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20220913))<br>- Go ([1.18.6](https://go.dev/doc/devel/release#go1.18.6))<br>- ca-certificates ([3.83](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_83.html))<br>- Docker ([20.10.18](https://docs.docker.com/engine/release-notes/#201018))<br>- expat ([2.4.9](https://github.com/libexpat/libexpat/blob/R_2_4_9/expat/Changes))<br>- gettext ([0.21](https://www.gnu.org/software/gettext/))<br>- intel-microcode ([20220809](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20220809))<br>- GNU Libtasn1 ([4.19.0](https://lists.gnu.org/archive/html/help-libtasn1/2022-08/msg00001.html))<br>- libxml2 ([2.10.2](https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.2))<br>- locksmith([0.7.0](https://github.com/flatcar/locksmith/blob/v0.7.0/CHANGELOG.md#v070--30112021))<br>- polkit ([121](https://gitlab.freedesktop.org/polkit/polkit/-/commit/827b0ddac5b1ef00a47fca4526fcf057bee5f1db))<br>- rsync ([3.2.6](https://github.com/WayneD/rsync/releases/tag/v3.2.6))<br>- runc ([1.1.4](https://github.com/opencontainers/runc/releases/tag/v1.1.4))<br>- unzip ([6.0_p27](https://metadata.ftp-master.debian.org/changelogs//main/u/unzip/unzip_6.0-27_changelog))<br>- SDK: libxslt ([1.1.35](https://gitlab.gnome.org/GNOME/libxslt/-/tags/v1.1.35))<br><br>Packages:<br>- containerd 1.6.8<br>- docker 20.10.18<br>- ignition 2.14.0<br>- kernel 5.15.70<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-10-04T12:18:51+00:00 @@ -2518,7 +2542,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3346.0.0 3346.0.0 - 2023-10-25T10:20:42.897396+00:00 + 2023-11-22T09:59:32.742545+00:00 _Changes since **Alpha 3305.0.1**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-1679](https://nvd.nist.gov/vuln/detail/CVE-2022-1679), [CVE-2022-2585](https://nvd.nist.gov/vuln/detail/CVE-2022-2585), [CVE-2022-2586](https://nvd.nist.gov/vuln/detail/CVE-2022-2586), [CVE-2022-2588](https://nvd.nist.gov/vuln/detail/CVE-2022-2588), [CVE-2022-26373](https://nvd.nist.gov/vuln/detail/CVE-2022-26373), [CVE-2022-36946](https://nvd.nist.gov/vuln/detail/CVE-2022-36946))<br>- Go ([CVE-2022-32189](https://nvd.nist.gov/vuln/detail/CVE-2022-32189))<br>- binutils ([CVE-2021-45078](https://nvd.nist.gov/vuln/detail/CVE-2021-45078))<br>- git ([CVE-2022-29187](https://nvd.nist.gov/vuln/detail/CVE-2022-29187))<br>- gnutls ([CVE-2022-2509](https://nvd.nist.gov/vuln/detail/CVE-2022-2509))<br>- libtirpc ([CVE-2021-46828](https://nvd.nist.gov/vuln/detail/CVE-2021-46828))<br>- oniguruma ([oss-fuzz issues fixed 2022-04-30](https://bugs.gentoo.org/841893))<br>- shadow ([CVE-2013-4235](https://nvd.nist.gov/vuln/detail/CVE-2013-4235))<br>- vim ([CVE-2022-0629](https://nvd.nist.gov/vuln/detail/CVE-2022-0629), [CVE-2022-0685](https://nvd.nist.gov/vuln/detail/CVE-2022-0685), [CVE-2022-0714](https://nvd.nist.gov/vuln/detail/CVE-2022-0714), [CVE-2022-0729](https://nvd.nist.gov/vuln/detail/CVE-2022-0729), [CVE-2022-0943](https://nvd.nist.gov/vuln/detail/CVE-2022-0943), [CVE-2022-1154](https://nvd.nist.gov/vuln/detail/CVE-2022-1154), [CVE-2022-1160](https://nvd.nist.gov/vuln/detail/CVE-2022-1160), [CVE-2022-1381](https://nvd.nist.gov/vuln/detail/CVE-2022-1381), [CVE-2022-1420](https://nvd.nist.gov/vuln/detail/CVE-2022-1420), [CVE-2022-1616](https://nvd.nist.gov/vuln/detail/CVE-2022-1616), [CVE-2022-1619](https://nvd.nist.gov/vuln/detail/CVE-2022-1619), [CVE-2022-1620](https://nvd.nist.gov/vuln/detail/CVE-2022-1620), [CVE-2022-1621](https://nvd.nist.gov/vuln/detail/CVE-2022-1621), [CVE-2022-1629](https://nvd.nist.gov/vuln/detail/CVE-2022-1629), [CVE-2022-1674](https://nvd.nist.gov/vuln/detail/CVE-2022-1674), [CVE-2022-1733](https://nvd.nist.gov/vuln/detail/CVE-2022-1733), [CVE-2022-1735](https://nvd.nist.gov/vuln/detail/CVE-2022-1735), [CVE-2022-1769](https://nvd.nist.gov/vuln/detail/CVE-2022-1769), [CVE-2022-1771](https://nvd.nist.gov/vuln/detail/CVE-2022-1771), [CVE-2022-1785](https://nvd.nist.gov/vuln/detail/CVE-2022-1785), [CVE-2022-1796](https://nvd.nist.gov/vuln/detail/CVE-2022-1796), [CVE-2022-1897](https://nvd.nist.gov/vuln/detail/CVE-2022-1897), [CVE-2022-1898](https://nvd.nist.gov/vuln/detail/CVE-2022-1898), [CVE-2022-1886](https://nvd.nist.gov/vuln/detail/CVE-2022-1886), [CVE-2022-1851](https://nvd.nist.gov/vuln/detail/CVE-2022-1851), [CVE-2022-1927](https://nvd.nist.gov/vuln/detail/CVE-2022-1927), [CVE-2022-1942](https://nvd.nist.gov/vuln/detail/CVE-2022-1942), [CVE-2022-1968](https://nvd.nist.gov/vuln/detail/CVE-2022-1968), [CVE-2022-2000](https://nvd.nist.gov/vuln/detail/CVE-2022-2000))<br>- VMware: open-vm-tools ([CVE-2022-31676](https://nvd.nist.gov/vuln/detail/CVE-2022-31676))<br><br>#### Bug fixes:<br><br>- AWS: added EKS support for version 1.22 and 1.23. ([coreos-overlay#2110](https://github.com/flatcar/coreos-overlay/pull/2110), [Flatcar#829](https://github.com/flatcar/Flatcar/issues/829))<br>- VMWare: excluded `wireguard` (and others) from `systemd-networkd` management. ([init#80](https://github.com/flatcar/init/pull/80))<br><br>#### Changes:<br><br>- Added symlink from `nc` to `ncat`. `-q` option is [not yet supported](https://github.com/nmap/nmap/issues/2422) ([flatcar#545](https://github.com/flatcar/Flatcar/issues/545))<br>- The new image signing subkey was added to the public key embedded into `flatcar-install` (the old expired on 10th August 2022), only an updated `flatcar-install` script can verify releases signed with the new key ([init#79](https://github.com/flatcar/init/pull/79))<br>- AWS: Added AWS IMDSv2 support to coreos-cloudinit ([flatcar-linux/coreos-cloudinit#13](https://github.com/flatcar/coreos-cloudinit/pull/13))<br><br>#### Updates:<br><br>- Linux ([5.15.63](https://lwn.net/Articles/906061) (includes [5.15.62](https://lwn.net/Articles/905533), [5.15.61](https://lwn.net/Articles/904959), [5.15.60](https://lwn.net/Articles/904461), [5.15.59](https://lwn.net/Articles/903688))<br>- Linux Firmware ([20220815](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20220815))<br>- binutils ([2.38](https://lwn.net/Articles/884264/))<br>- boost ([1.79](https://www.boost.org/users/history/version_1_79_0.html))<br>- ca-certificates ([3.82](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_82.html))<br>- containerd ([1.6.8](https://github.com/containerd/containerd/releases/tag/v1.6.8))<br>- Cyrus SASL ([2.1.28](https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28))<br>- gcc ([11.3.0](https://gcc.gnu.org/gcc-11/changes.html))<br>- git ([2.37.1](https://github.com/git/git/blob/v2.37.1/Documentation/RelNotes/2.37.1.txt))<br>- glib ([2.72.3](https://gitlab.gnome.org/GNOME/glib/-/tags/2.73.3))<br>- gnutls ([3.7.7](https://gitlab.com/gnutls/gnutls/-/tags/3.7.7))<br>- oniguruma ([6.9.8](https://github.com/kkos/oniguruma/releases/tag/v6.9.8))<br>- shadow ([4.12.3](https://github.com/shadow-maint/shadow/releases/tag/4.12.3))<br>- vim ([8.2.5066](https://github.com/vim/vim/releases/tag/v8.2.5066))<br>- SDK: automake ([1.16.5](https://savannah.gnu.org/forum/forum.php?forum_id=10055))<br>- SDK: bison ([3.8.2](https://lists.gnu.org/archive/html/bug-bison/2021-09/msg00056.html))<br>- SDK: libtool ([2.4.7](https://savannah.gnu.org/forum/forum.php?forum_id=10139))<br>- SDK: perl ([5.34.1](https://perldoc.perl.org/5.34.1/perldelta))<br>- SDK: pkgconf ([1.8.0](https://gitea.treehouse.systems/ariadne/pkgconf/src/tag/pkgconf-1.8.0/NEWS))<br>- SDK: Rust ([1.63.0](https://github.com/rust-lang/rust/releases/tag/1.63.0))<br>- VMware: open-vm-tools ([12.1.0](https://github.com/vmware/open-vm-tools/releases/tag/stable-12.1.0))<br><br>Packages:<br>- containerd 1.6.8<br>- docker 20.10.17<br>- ignition 2.14.0<br>- kernel 5.15.63<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-09-01T13:03:03+00:00 @@ -2526,7 +2550,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3305.0.1 3305.0.1 - 2023-10-25T10:20:42.889408+00:00 + 2023-11-22T09:59:32.734300+00:00 New Alpha Release 3305.0.1<br><br>Changes since Alpha 3305.0.0<br><br>## Security fixes:<br><br>- Linux ([CVE-2022-23816](https://nvd.nist.gov/vuln/detail/CVE-2022-23816), [CVE-2022-23825](https://nvd.nist.gov/vuln/detail/CVE-2022-23825), [CVE-2022-29900](https://nvd.nist.gov/vuln/detail/CVE-2022-29900), [CVE-2022-29901](https://nvd.nist.gov/vuln/detail/CVE-2022-29901))<br><br>## Bug fixes:<br><br>- Added support for Openstack for cloud-init activation ([flatcar-linux/init#76](https://github.com/flatcar/init/pull/76))<br>- Excluded Wireguard interface from `systemd-networkd` default management ([Flatcar#808](https://github.com/flatcar/Flatcar/issues/808))<br>- Fixed `/etc/resolv.conf` symlink by pointing it at `resolv.conf` instead of `stub-resolv.conf`. This bug was present since the update to systemd v250 ([coreos-overlay#2057](https://github.com/flatcar/coreos-overlay/pull/2057))<br>- Fixed excluded interface type from default systemd-networkd configuration ([flatcar-linux/init#78](https://github.com/flatcar/init/pull/78))<br>- Fixed space escaping in the `networkd` Ignition translation ([Flatcar#812](https://github.com/flatcar/Flatcar/issues/812))<br><br>## Changes:<br><br><br>## Updates:<br><br>- Linux ([5.15.58](https://lwn.net/Articles/902917) (includes [5.15.57](https://lwn.net/Articles/902317), [5.15.56](https://lwn.net/Articles/902101)))<br>- ca-certificates ([3.81](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_81.html))<br><br>Packages:<br>- containerd 1.6.6<br>- docker 20.10.17<br>- ignition 2.14.0<br>- kernel 5.15.58<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-08-04T12:09:27+00:00 @@ -2534,7 +2558,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3305.0.0 3305.0.0 - 2023-10-25T10:20:42.884153+00:00 + 2023-11-22T09:59:32.728322+00:00 New **Alpha** Release **3305.0.0**<br><br>_Changes since **Alpha 3277.0.0**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2021-33655](https://nvd.nist.gov/vuln/detail/CVE-2021-33655), [CVE-2022-2318](https://nvd.nist.gov/vuln/detail/CVE-2022-2318), [CVE-2022-26365](https://nvd.nist.gov/vuln/detail/CVE-2022-26365), [CVE-2022-33740](https://nvd.nist.gov/vuln/detail/CVE-2022-33740), [CVE-2022-33741](https://nvd.nist.gov/vuln/detail/CVE-2022-33741), [CVE-2022-33742](https://nvd.nist.gov/vuln/detail/CVE-2022-33742), [CVE-2022-33743](https://nvd.nist.gov/vuln/detail/CVE-2022-33743), [CVE-2022-33744](https://nvd.nist.gov/vuln/detail/CVE-2022-33744), [CVE-2022-34918](https://nvd.nist.gov/vuln/detail/CVE-2022-34918))<br>- cifs-utils ([CVE-2022-27239](https://nvd.nist.gov/vuln/detail/CVE-2022-27239), [CVE-2022-29869](https://nvd.nist.gov/vuln/detail/CVE-2022-29869))<br>- curl ([CVE-2022-32205](https://nvd.nist.gov/vuln/detail/CVE-2022-32205), [CVE-2022-32206](https://nvd.nist.gov/vuln/detail/CVE-2022-32206), [CVE-2022-32207](https://nvd.nist.gov/vuln/detail/CVE-2022-32207), [CVE-2022-32208](https://nvd.nist.gov/vuln/detail/CVE-2022-32208))<br>- gnupg ([CVE-2022-34903](https://nvd.nist.gov/vuln/detail/CVE-2022-34903))<br>- Go ([CVE-2022-1705](https://nvd.nist.gov/vuln/detail/CVE-2022-1705), [CVE-2022-1962](https://nvd.nist.gov/vuln/detail/CVE-2022-1962), [CVE-2022-28131](https://nvd.nist.gov/vuln/detail/CVE-2022-28131), [CVE-2022-30630](https://nvd.nist.gov/vuln/detail/CVE-2022-30630), [CVE-2022-30631](https://nvd.nist.gov/vuln/detail/CVE-2022-30631), [CVE-2022-30632](https://nvd.nist.gov/vuln/detail/CVE-2022-30632), [CVE-2022-30633](https://nvd.nist.gov/vuln/detail/CVE-2022-30633), [CVE-2022-30635](https://nvd.nist.gov/vuln/detail/CVE-2022-30635), [CVE-2022-32148](https://nvd.nist.gov/vuln/detail/CVE-2022-32148))<br><br>#### Bug fixes:<br><br>- Removed outdated LTS channel information printed on login ([init#75](https://github.com/flatcar/init/pull/75))<br>- The Ignition v3 kargs directive failed before when used with the generic image where no `grub.cfg` exists, this was fixed by creating it first ([bootengine#47](https://github.com/flatcar/bootengine/pull/47))<br><br>#### Updates:<br><br>- Linux ([5.15.54](https://lwn.net/Articles/900911) (includes [5.15.53](https://lwn.net/Articles/900321), [5.15.52](https://lwn.net/Articles/899788), [5.15.51](https://lwn.net/Articles/899370), [5.15.50](https://lwn.net/Articles/899091), [5.15.49](https://lwn.net/Articles/898622)))<br>- Linux Firmware ([20220708](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20220708))<br>- adcli ([0.9.1](https://gitlab.freedesktop.org/realmd/adcli/-/releases#0.9.1))<br>- ca-certificates ([3.80](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_80.html))<br>- cifs-utils ([6.15](https://lists.samba.org/archive/samba-technical/2022-April/137335.html))<br>- curl ([7.84.0](https://github.com/curl/curl/releases/tag/curl-7_84_0))<br>- gdb ([11.2](https://lists.gnu.org/archive/html/info-gnu/2022-01/msg00009.html))<br>- gnupg ([2.2.35](https://dev.gnupg.org/T5928))<br>- Go ([1.18.4](https://go.dev/doc/devel/release#go1.18.4))<br>- sudo ([1.9.10](https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_10))<br>- SDK: Rust ([1.62.0](https://github.com/rust-lang/rust/releases/tag/1.62.0))<br>Packages:<br>- containerd 1.6.6<br>- docker 20.10.17<br>- ignition 2.14.0<br>- kernel 5.15.54<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-07-21T15:28:28+00:00 @@ -2542,7 +2566,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3277.0.0 3277.0.0 - 2023-10-25T10:20:42.877822+00:00 + 2023-11-22T09:59:32.721722+00:00 New **Alpha** Release **3277.0.0**<br><br>Changes since **Alpha 3255.0.0**<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-1789](https://nvd.nist.gov/vuln/detail/CVE-2022-1789), [CVE-2022-1852](https://nvd.nist.gov/vuln/detail/CVE-2022-1852), [CVE-2022-1972](https://nvd.nist.gov/vuln/detail/CVE-2022-1972), [CVE-2022-1973](https://nvd.nist.gov/vuln/detail/CVE-2022-1973), [CVE-2022-2078](https://nvd.nist.gov/vuln/detail/CVE-2022-2078), [CVE-2022-32250](https://nvd.nist.gov/vuln/detail/CVE-2022-32250), [CVE-2022-32981](https://nvd.nist.gov/vuln/detail/CVE-2022-32981))<br>- containerd ([CVE-2022-31030](https://nvd.nist.gov/vuln/detail/CVE-2022-31030))<br>- ignition ([CVE-2022-1706](https://nvd.nist.gov/vuln/detail/CVE-2022-1706))<br>- intel-microcode ([CVE-2022-21151](https://nvd.nist.gov/vuln/detail/CVE-2022-21151)) <br>- libpcre2 ([CVE-2022-1586](https://nvd.nist.gov/vuln/detail/CVE-2022-1586), [CVE-2022-1587](https://nvd.nist.gov/vuln/detail/CVE-2022-1587))<br>- libxml2 ([CVE-2022-29824](https://nvd.nist.gov/vuln/detail/CVE-2022-29824))<br><br>#### Changes:<br><br>- Added efibootmgr binary to the image ([coreos-overlay#1955](https://github.com/flatcar/coreos-overlay/pull/1955))<br>- Enabled `containerd.service` unit, `br_netfilter` and `overlay` modules by default to follow Kubernetes requirements ([coreos-overlay#1944](https://github.com/flatcar/coreos-overlay/pull/1944), [init#72](https://github.com/flatcar/init/pull/72))<br>- flatcar-install: Added option to create UEFI boot entry ([init#74](https://github.com/flatcar/init/pull/74))<br>- ARM64: Added [cifs-utils](https://wiki.samba.org/index.php/LinuxCIFS_utils) for ARM64<br>- ARM64: Added [sssd](https://sssd.io/), [adcli](https://www.freedesktop.org/software/realmd/adcli/adcli.html) and realmd for ARM64<br>- SDK / ARM64: Added [go-tspi](https://pkg.go.dev/github.com/coreos/go-tspi) bindings for ARM64<br>- VMWare: Added `ignition-delete-config.service` to remove Ignition config from VM metadata, see also [here](https://coreos.github.io/ignition/operator-notes/#automatic-config-deletion) ([coreos-overlay#1948](https://github.com/flatcar/coreos-overlay/pull/1948))<br><br>#### Updates:<br><br>- Linux ([5.15.48](https://lwn.net/Articles/898124) (includes [5.15.47](https://lwn.net/Articles/897904), [5.15.46](https://lwn.net/Articles/897377), [5.15.45](https://lwn.net/Articles/897167), [5.15.44](https://lwn.net/Articles/896647)))<br>- Linux Firmware ([20220610](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20220610))<br>- Docker ([20.10.17](https://docs.docker.com/engine/release-notes/#201017))<br>- ca-certificates ([3.79](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_79.html))<br>- containerd ([1.6.6](https://github.com/containerd/containerd/releases/tag/v1.6.6))<br>- ignition ([2.14.0](https://github.com/coreos/ignition/releases/tag/v2.14.0))<br>- intel-microcode ([20220510](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20220510)) <br>- runc ([1.1.3](https://github.com/opencontainers/runc/releases/tag/v1.1.3))<br>- libpcre2 ([10.40](https://github.com/PCRE2Project/pcre2/blob/pcre2-10.40/NEWS))<br>- libxml2 ([2.9.14](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.9.14))<br>Packages:<br>- containerd 1.6.6<br>- docker 20.10.17<br>- ignition 2.14.0<br>- kernel 5.15.48<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-06-23T11:43:06+00:00 @@ -2550,7 +2574,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3255.0.0 3255.0.0 - 2023-10-25T10:20:42.871360+00:00 + 2023-11-22T09:59:32.715087+00:00 New **Alpha** Release **3255.0.0**<br><br>_Changes since **Alpha 3227.0.0**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-1734](https://nvd.nist.gov/vuln/detail/CVE-2022-1734), [CVE-2022-28893](https://nvd.nist.gov/vuln/detail/CVE-2022-28893), [CVE-2022-1012](https://nvd.nist.gov/vuln/detail/CVE-2022-1012), [CVE-2022-1729](https://nvd.nist.gov/vuln/detail/CVE-2022-1729))<br>- Go ([CVE-2022-29526](https://nvd.nist.gov/vuln/detail/CVE-2022-29526))<br>- curl ([CVE-2022-22576](https://nvd.nist.gov/vuln/detail/CVE-2022-22576), [CVE-2022-27774](https://nvd.nist.gov/vuln/detail/CVE-2022-27774), [CVE-2022-27775](https://nvd.nist.gov/vuln/detail/CVE-2022-27775), [CVE-2022-27776](https://nvd.nist.gov/vuln/detail/CVE-2022-27776), [CVE-2022-27778](https://nvd.nist.gov/vuln/detail/CVE-2022-27778), [CVE-2022-27779](https://nvd.nist.gov/vuln/detail/CVE-2022-27779), [CVE-2022-27780](https://nvd.nist.gov/vuln/detail/CVE-2022-27780), [CVE-2022-27781](https://nvd.nist.gov/vuln/detail/CVE-2022-27781), [CVE-2022-27782](https://nvd.nist.gov/vuln/detail/CVE-2022-27782), [CVE-2022-30115](https://nvd.nist.gov/vuln/detail/CVE-2022-30115))<br>- Docker ([CVE-2022-29526](https://nvd.nist.gov/vuln/detail/CVE-2022-29526))<br>- git ([CVE-2022-24765](https://nvd.nist.gov/vuln/detail/CVE-2022-24765))<br>- ncurses ([CVE-2022-29458](https://nvd.nist.gov/vuln/detail/CVE-2022-29458))<br>- openssl ([CVE-2022-1292](https://nvd.nist.gov/vuln/detail/CVE-2022-1292), [CVE-2022-1343](https://nvd.nist.gov/vuln/detail/CVE-2022-1343), [CVE-2022-1434](https://nvd.nist.gov/vuln/detail/CVE-2022-1434), [CVE-2022-1473](https://nvd.nist.gov/vuln/detail/CVE-2022-1473))<br>- nvidia-drivers ([CVE-2022-28181](https://nvd.nist.gov/vuln/detail/CVE-2022-28181), [CVE-2022-28183](https://nvd.nist.gov/vuln/detail/CVE-2022-28183), [CVE-2022-28184](https://nvd.nist.gov/vuln/detail/CVE-2022-28184), [CVE-2022-28185](https://nvd.nist.gov/vuln/detail/CVE-2022-28185))<br>- rsync ([CVE-2018-25032](https://nvd.nist.gov/vuln/detail/CVE-2018-25032))<br>- runc ([CVE-2022-29162](https://nvd.nist.gov/vuln/detail/CVE-2022-29162))<br>- Torcx ([CVE-2022-27191](https://nvd.nist.gov/vuln/detail/CVE-2022-27191))<br>- SDK: qemu ([CVE-2021-20203](https://nvd.nist.gov/vuln/detail/CVE-2021-20203), [CVE-2021-3713](https://nvd.nist.gov/vuln/detail/CVE-2021-3713), [CVE-2021-3930](https://nvd.nist.gov/vuln/detail/CVE-2021-3930), [CVE-2021-3947](https://nvd.nist.gov/vuln/detail/CVE-2021-3947), [CVE-2021-4145](https://nvd.nist.gov/vuln/detail/CVE-2021-4145), [CVE-2022-26353](https://nvd.nist.gov/vuln/detail/CVE-2022-26353), [CVE-2022-26354](https://nvd.nist.gov/vuln/detail/CVE-2022-26354))<br><br>#### Bug fixes:<br><br>- Ensured `/etc/flatcar/update.conf` exists because it happens to be used as flag file for Ansible ([init#71](https://github.com/flatcar/init/pull/71))<br>- Fixed Ignition's OEM ID to be `metal` to follow the Ignition upstream change which otherwise resulted in a broken boot when the Flatcar OEM ID `pxe` was used ([bootengine#45](https://github.com/flatcar/bootengine/pull/45))<br>- Added `networkd` translation to `files` section when converting from Ignition 2.x to Ignition 3.x ([coreos-overlay#1910](https://github.com/flatcar/coreos-overlay/pull/1910), [flatcar#741](https://github.com/flatcar/Flatcar/issues/741))<br>- GCP: Fixed shutdown script execution ([coreos-overlay#1912](https://github.com/flatcar/coreos-overlay/pull/1912), [flatcar#743](https://github.com/flatcar/Flatcar/issues/743))<br><br>#### Changes:<br><br>- VMware: Added VMware networking configuration in the initramfs via guestinfo settings ([bootengine#44](https://github.com/flatcar/bootengine/pull/44), [flatcar#717](https://github.com/flatcar/Flatcar/issues/717))<br><br>#### Updates:<br><br>- Linux ([5.15.43](https://lwn.net/Articles/896231/) (includes [5.15.42](https://lwn.net/Articles/896226), [5.15.41](https://lwn.net/Articles/895645), [5.15.40](https://lwn.net/Articles/895318), [5.15.39](https://lwn.net/Articles/895070), [5.15.38](https://lwn.net/Articles/894357)))<br>- Linux Firmware ([20220509](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20220509))<br>- Go ([1.18.2](https://go.googlesource.com/go/+/refs/tags/go1.18.2))<br>- Docker ([20.10.16](https://docs.docker.com/engine/release-notes/#201016) (includes [20.10.15](https://docs.docker.com/engine/release-notes/#201015)))<br>- containerd ([1.6.4](https://github.com/containerd/containerd/releases/tag/v1.6.4))<br>- curl ([7.83.1](https://curl.se/mail/lib-2022-05/0010.html))<br>- dbus ([1.12.22](https://gitlab.freedesktop.org/dbus/dbus/-/blob/177ab044bc87cbc4ded75d21b900795a6fefef76/NEWS))<br>- e2fsprogs ([1.46.5](http://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.46.5))<br>- git ([2.35.3](https://github.com/git/git/blob/v2.35.3/Documentation/RelNotes/2.35.3.txt))<br>- ldb ([2.4.1](https://gitlab.com/samba-team/samba/-/commit/a795e0c84597aa045d011e663dbad3cdabf0f1e6))<br>- ncurses ([6.3_p20220423](https://lists.gnu.org/archive/html/info-gnu/2021-11/msg00001.html))<br>- nvidia-drivers ([510.73.05](https://docs.nvidia.com/datacenter/tesla/tesla-release-notes-510-73-05/index.html))<br>- openssl ([3.0.3](https://www.openssl.org/news/changelog.html#openssl-30))<br>- rsync ([3.2.4](https://download.samba.org/pub/rsync/NEWS.html#3.2.4))<br>- runc ([1.1.2](https://github.com/opencontainers/runc/releases/tag/v1.1.2))<br>- samba ([4.15.4](https://www.samba.org/samba/history/samba-4.15.4.html))<br>- sqlite ([3.38.1](https://www.sqlite.org/releaselog/3_38_1.html))<br>- talloc ([2.3.3](https://gitlab.com/samba-team/samba/-/commit/bc1ee7ca0640f0136e5af7dcc4ca8ed0a5893053))<br>- tevent ([0.11.0](https://gitlab.com/samba-team/samba/-/commit/de4e8a1af9564f6056f9af90867c2f013449051c))<br>- gdbm ([1.22](https://lists.gnu.org/archive/html/info-gnu/2021-10/msg00006.html))<br>- new: acpid ([2.0.33](https://sourceforge.net/p/acpid2/code/ci/2.0.33/tree/Changelog))<br>- OEM: python ([3.9.12](https://www.python.org/downloads/release/python-3912/))<br>- OEM: python-distro ([1.7.0](https://github.com/python-distro/distro/releases/tag/v1.7.0))<br>- SDK: python ([3.9.12](https://www.python.org/downloads/release/python-3912/))<br>- SDK: qemu ([7.0.0](https://wiki.qemu.org/ChangeLog/7.0))<br>- SDK: Rust ([1.61.0](https://github.com/rust-lang/rust/releases/tag/1.61.0))<br>- VMware: open-vm-tools ([12.0.5](https://github.com/vmware/open-vm-tools/releases/tag/stable-12.0.5))<br><br>Packages:<br>- docker 20.10.16<br>- ignition 2.13.0<br>- kernel 5.15.43<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-06-02T15:01:44+00:00 @@ -2558,7 +2582,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3227.0.0 3227.0.0 - 2023-10-25T10:20:42.863076+00:00 + 2023-11-22T09:59:32.706006+00:00 New **Alpha** Release **3227.0.0**<br><br>_Changes since **Alpha 3200.0.0**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-28390](https://nvd.nist.gov/vuln/detail/CVE-2022-28390), [CVE-2022-0168](https://nvd.nist.gov/vuln/detail/CVE-2022-0168), [CVE-2022-1158](https://nvd.nist.gov/vuln/detail/CVE-2022-1158), [CVE-2022-1353](https://nvd.nist.gov/vuln/detail/CVE-2022-1353), [CVE-2022-1198](https://nvd.nist.gov/vuln/detail/CVE-2022-1198), [CVE-2022-28389](https://nvd.nist.gov/vuln/detail/CVE-2022-28389), [CVE-2022-28388](https://nvd.nist.gov/vuln/detail/CVE-2022-28388), [CVE-2022-1516](https://nvd.nist.gov/vuln/detail/CVE-2022-1516), [CVE-2022-1263](https://nvd.nist.gov/vuln/detail/CVE-2022-1263), [CVE-2022-29582](https://nvd.nist.gov/vuln/detail/CVE-2022-29582), [CVE-2022-1204](https://nvd.nist.gov/vuln/detail/CVE-2022-1204), [CVE-2022-1205](https://nvd.nist.gov/vuln/detail/CVE-2022-1205), [CVE-2022-0500](https://nvd.nist.gov/vuln/detail/CVE-2022-0500), [CVE-2022-23222](https://nvd.nist.gov/vuln/detail/CVE-2022-23222))<br>- Go ([CVE-2022-24675](https://nvd.nist.gov/vuln/detail/CVE-2022-24675))<br>- libarchive ([CVE-2022-26280](https://nvd.nist.gov/vuln/detail/CVE-2022-26280))<br>- gzip,xz-utils ([CVE-2022-1271](https://nvd.nist.gov/vuln/detail/CVE-2022-1271))<br><br>#### Bug fixes:<br><br>- GCE: Restored oem-gce.service functionality on GCP ([coreos-overlay#1813](https://github.com/flatcar/coreos-overlay/pull/1813))<br>- Skipped starting `ensure-sysext.service` if `systemd-sysext.service` won't be started, to prevent reporting a dependency failure ([Flatcar#710](https://github.com/flatcar/Flatcar/issues/710))<br>- Added a remount action as `systemd-sysext.service` drop-in unit to restore the OEM partition mount after the overlay mounts in `/usr` are done ([init#69](https://github.com/flatcar/init/pull/69))<br>- Added pahole to developer container, without it kernel modules built against /usr/src/linux may fail to probe with an 'invalid relocation target' error ([coreos-overlay#1839](https://github.com/flatcar/coreos-overlay/pull/1839))<br><br>#### Changes:<br><br>- GCE: Enabled GVE kernel driver, which adds support for Google Virtual NIC on GCP ([coreos-overlay#1802](https://github.com/flatcar/coreos-overlay/pull/1802))<br>- Enabled `CONFIG_INTEL_RAPL` on AMD64 Kernel config to compile `intel_rapl_common` module in order to allow power monitoring on modern Intel processors ([coreos-overlay#1801](https://github.com/flatcar/coreos-overlay/pull/1801))<br>- Azure: Set up `/etc/hostname` from instance metadata with Afterburn<br>- AWS EC2: Removed the setup of `/etc/hostname` from the instance metadata because it used a long FQDN but we can just use use the hostname set via DHCP ([Flatcar#707](https://github.com/flatcar/Flatcar/issues/707))<br>- SDK: Dropped the mantle binaries (kola, ore, etc.) from the SDK, they are now provided by the `ghcr.io/flatcar/mantle` image ([coreos-overlay#1827](https://github.com/flatcar/coreos-overlay/pull/1827), [scripts#275](https://github.com/flatcar/scripts/pull/275))<br><br>#### Updates:<br><br>- Linux ([5.15.37](https://lwn.net/Articles/893264) (includes [5.15.36](https://lwn.net/Articles/892812), [5.15.35](https://lwn.net/Articles/892002), [5.15.34](https://lwn.net/Articles/891251), [5.15.33](https://lwn.net/Articles/890722)))<br>- Linux Firmware ([20220411](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20220411))<br>- Go ([1.17.9](https://go.googlesource.com/go/+/refs/tags/go1.17.9))<br>- afterburn ([5.2.0](https://github.com/coreos/afterburn/releases/tag/v5.2.0))<br>- ca-certificates ([3.78](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_78.html))<br>- containerd ([1.6.3](https://github.com/containerd/containerd/releases/tag/v1.6.3))<br>- gzip ([1.12](https://savannah.gnu.org/forum/forum.php?forum_id=10157))<br>- libarchive ([3.6.1](https://github.com/libarchive/libarchive/releases/tag/v3.6.1))<br>- GCE: google compute-image-packages ([20190124](https://github.com/GoogleCloudPlatform/compute-image-packages/releases/tag/20190124))<br>- SDK: Rust ([1.60.0](https://github.com/rust-lang/rust/releases/tag/1.60.0))<br>Packages:<br>- docker 20.10.14<br>- ignition 2.13.0<br>- kernel 5.15.37<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-05-09T14:40:33+00:00 @@ -2566,7 +2590,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3200.0.0 3200.0.0 - 2023-10-25T10:20:42.855955+00:00 + 2023-11-22T09:59:32.698801+00:00 New **Alpha** Release **3200.0.0**<br><br>_Changes since **Alpha 3185.0.0**_<br><br>#### Security fixes:<br><br>- Linux ([CVE-2022-1015](https://nvd.nist.gov/vuln/detail/CVE-2022-1015), [CVE-2022-1016](https://nvd.nist.gov/vuln/detail/CVE-2022-1016))<br>- containerd ([CVE-2022-24769](https://nvd.nist.gov/vuln/detail/CVE-2022-24769))<br>- util-linux ([CVE-2021-3995](https://nvd.nist.gov/vuln/detail/CVE-2021-3995), [CVE-2021-3996](https://nvd.nist.gov/vuln/detail/CVE-2021-3996), [CVE-2022-0563](https://nvd.nist.gov/vuln/detail/CVE-2022-0563))<br>- gnutls ([CVE-2021-4209](https://nvd.nist.gov/vuln/detail/CVE-2021-4209), [GNUTLS-SA-2022-01-17](https://gitlab.com/gnutls/gnutls/-/issues/1277))<br>- zlib ([CVE-2018-25032](https://nvd.nist.gov/vuln/detail/CVE-2018-25032))<br><br>#### Bug fixes:<br><br>- Made Ignition write the SSH keys into a file under `authorized_keys.d/ignition` again and added a call to `update-ssh-keys` after Ignition ran to create the merged `authorized_keys` file, which fixes the problem that keys added by Ignition get lost when `update-ssh-keys` runs ([init#66](https://github.com/flatcar/init/pull/66))<br><br>#### Changes:<br><br>- Enabled FIPS mode for cryptsetup ([flatcar-linux/coreos-overlay#1747](https://github.com/flatcar/coreos-overlay/pull/1747))<br>- Added `cryptsetup` to the initramfs for the Ignition `luks` directive ([flatcar-linux/coreos-overlay#1760](https://github.com/flatcar/coreos-overlay/pull/1760))<br><br>#### Updates:<br><br>- Linux ([5.15.32](https://lwn.net/Articles/889438)) (from 5.15.30)<br>- Docker ([20.10.14](https://docs.docker.com/engine/release-notes/#201014))<br>- bind-tools ([9.16.27](https://gitlab.isc.org/isc-projects/bind9/-/blob/v9_16_27/CHANGES))<br>- ca-certificates ([3.77](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_77.html))<br>- conntrack-tools ([1.4.6](https://lists.netfilter.org/pipermail/netfilter-announce/2020/000240.html))<br>- containerd ([1.6.2](https://github.com/containerd/containerd/releases/tag/v1.6.2))<br>- e2fsprogs ([1.46.4](http://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.46.4))<br>- elfutils ([0.186](https://sourceware.org/git/?p=elfutils.git;a=blob;f=NEWS;h=490932ae4ef9b5a3af01d2c8c616f14d57586046;hb=983e86fd89e8bf02f2d27ba5dce5bf078af4ceda))<br>- gnutls ([3.7.3](https://gitlab.com/gnutls/gnutls/-/merge_requests/1517))<br>- gzip ([1.11](https://lists.gnu.org/archive/html/info-gnu/2021-09/msg00002.html))<br>- jansson ([2.14](https://github.com/akheron/jansson/blob/v2.14/CHANGES))<br>- libbsd ([0.11.3](https://gitlab.freedesktop.org/libbsd/libbsd/-/commits/0.11.3/))<br>- libnetfilter_queue ([1.0.5](https://git.netfilter.org/libnetfilter_queue/log/?h=libnetfilter_queue-1.0.5))<br>- libpcap ([1.10.1](https://git.tcpdump.org/libpcap/blob/c7642e2cc0c5bd65754685b160d25dc23c76c6bd:/CHANGES))<br>- libtasn1 ([4.17.0](https://gitlab.com/gnutls/libtasn1/-/blob/v4.17.0/NEWS))<br>- liburing ([2.1](https://github.com/axboe/liburing/commits/liburing-2.1))<br>- mdadm ([4.2](https://lore.kernel.org/all/28fdbc45-96ca-7cdb-3ced-a5f65d978048@trained-monkey.org/T/))<br>- multipath-tools ([0.8.7](https://github.com/opensvc/multipath-tools/commits/0.8.7))<br>- nghttp2 ([1.45.1](https://github.com/nghttp2/nghttp2/releases/tag/v1.45.1))<br>- oniguruma ([6.9.7.1](https://github.com/kkos/oniguruma/releases/tag/v6.9.7.1))<br>- open-isns ([0.101](https://github.com/open-iscsi/open-isns/blob/v0.101/ChangeLog))<br>- pcre2 ([10.39](https://github.com/PhilipHazel/pcre2/blob/pcre2-10.39/NEWS))<br>- runc ([1.1.1](https://github.com/opencontainers/runc/releases/tag/v1.1.1))<br>- tcpdump ([4.99.1](https://git.tcpdump.org/tcpdump/blob/5f552b5e6e9fe05f7ad9681d51d0303233daba6a:/CHANGES))<br>- unzip ([6.0_p26](https://metadata.ftp-master.debian.org/changelogs//main/u/unzip/unzip_6.0-26_changelog))<br>- util-linux ([2.37.4](https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.4-ChangeLog))<br>- zlib ([1.2.12](https://github.com/madler/zlib/blob/21767c654d31d2dccdde4330529775c6c5fd5389/ChangeLog#L4))<br><br>Packages:<br>- docker 20.10.14<br>- ignition 2.13.0<br>- kernel 5.15.32<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-04-07T12:03:58+00:00 @@ -2574,7 +2598,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3185.0.0 3185.0.0 - 2023-10-25T10:20:42.849114+00:00 + 2023-11-22T09:59:32.691840+00:00 New **Alpha** Release **3185.0.0**<br><br>**Changes since Alpha-3165.0.0**<br><br>#### Security fixes<br>- Linux ([CVE-2022-25636](https://nvd.nist.gov/vuln/detail/CVE-2022-25636))<br>- Go ([CVE-2022-24921](https://nvd.nist.gov/vuln/detail/CVE-2022-24921))<br>- containerd ([CVE-2022-23648](https://nvd.nist.gov/vuln/detail/CVE-2022-23648))<br>- cryptsetup ([CVE-2021-4122](https://nvd.nist.gov/vuln/detail/CVE-2021-4122))<br>- intel-microcode ([CVE-2021-0127](https://nvd.nist.gov/vuln/detail/CVE-2021-0127), [CVE-2021-0146](https://nvd.nist.gov/vuln/detail/CVE-2021-0146))<br>- nvidia-drivers ([CVE-2022-21814](https://nvd.nist.gov/vuln/detail/CVE-2022-21814), [CVE-2022-21813](https://nvd.nist.gov/vuln/detail/CVE-2022-21813))<br>- openssl ([CVE-2022-0778](https://nvd.nist.gov/vuln/detail/CVE-2022-0778))<br><br>#### Bug fixes<br>- Reverted the Linux kernel commit which broke networking on AWS instances which use Intel 82559 NIC (c4/m4) ([Flatcar#665](https://github.com/flatcar/Flatcar/issues/665), [coreos-overlay#1723](https://github.com/flatcar/coreos-overlay/pull/1723))<br>- Re-added the `brd drbd nbd rbd xen-blkfront zram libarc4 lru_cache zsmalloc` kernel modules to the initramfs since they were missing compared to the Flatcar 3033.2.x releases where the 5.10 kernel is used ([bootengine#40](https://github.com/flatcar/bootengine/pull/40))<br><br>#### Changes<br>- Merge the Flatcar Pro features into the regular Flatcar images ([coreos-overlay#1679](https://github.com/flatcar/coreos-overlay/pull/1679)) <br>- Besides Ignition v1 and v2 configurations, Ignition configurations with specification v3 (up to 3.3.0) are now supported, see the [docs section for details](https://www.flatcar.org/docs/latest/provisioning/ignition/specification/#ignition-v3)<br>- Made SELinux enabled by default in default containerd configuration file. ([coreos-overlay#1699](https://github.com/flatcar/coreos-overlay/pull/1699))<br>- Removed `rngd.service` because it is not essential anymore for the kernel to boot fast in VM environments ([coreos-overlay#1700](https://github.com/flatcar/coreos-overlay/pull/1700))<br>- Enabled `systemd-sysext.service` to activate systemd-sysext images on boot, to disable you will need to mask it. Also added a helper service `ensure-sysext.service` which reloads the systemd units to reevaluate the `sockets`, `timers`, and `multi-user` targets when `systemd-sysext.service` is (re)started, making it possible to enable units that are part of a sysext image ([init#65](https://github.com/flatcar/init/pull/65))<br>- For amd64 `/usr/lib` used to be a symlink to `/usr/lib64` but now they became two separate folders as common in other distributions (and was the case for arm64 already). Compatibility symlinks exist in case `/usr/lib64` was used to access, e.g., the `modules` folder or the `systemd` folder ([coreos-overlay#1713](https://github.com/flatcar/coreos-overlay/pull/1713), [flatcar-scripts#255](https://github.com/flatcar/scripts/pull/255))<br>- Defined a systemd-sysext level that sysext images can match for instead of the OS version when they don't have a strong coupling, meaning the only metadata required is `SYSEXT_LEVEL=1.0` and `ID=flatcar` ([#643](https://github.com/flatcar/Flatcar/issues/643))<br>- OpenStack: In addition to the `bz2` image, a `gz` compressed image is published. This allows Glance to directly consume the images by simply passing in the URL of the image.<br>- DigitalOcean: In addition to the `bz2` image, a `gz` compressed image is published. This helps against hitting the compression timeout that sometimes lets the image import fail.<br>- SDK: The image compression format is now configurable. Supported formats are: `bz2`, `gz`, `zip`, `none`, `zst`. Selecting the image format can now be done by passing the `--image_compression_formats` option. This flag gets a comma separated list of formats.<br><br>#### Updates<br>- Linux ([5.15.30](https://lwn.net/Articles/888521) (from 5.15.25, includes [5.15.26](https://lwn.net/Articles/886569), [5.15.27](https://lwn.net/Articles/887219), [5.15.28](https://lwn.net/Articles/887638), [5.15.29](https://lwn.net/Articles/888116)))<br>- Linux Firmware ([20220310](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20220310))<br>- Go ([1.17.8](https://go.googlesource.com/go/+/refs/tags/go1.17.8))<br>- ca-certificates ([3.76](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_76.html))<br>- containerd ([1.6.1](https://github.com/containerd/containerd/releases/tag/v1.6.1))<br>- cryptsetup ([2.4.3](https://lore.kernel.org/all/572c18a7bf60cb1b0f67c3a03c531d7e7ed31832.camel@scientia.net/T/))<br>- Docker ([20.10.13](https://docs.docker.com/engine/release-notes/#201013))<br>- dosfstools ([4.2](https://github.com/dosfstools/dosfstools/releases/tag/v4.2))<br>- grep ([3.7](https://savannah.gnu.org/forum/forum.php?forum_id=10037))<br>- ignition ([2.13.0](https://github.com/coreos/ignition/releases/tag/v2.13.0))<br>- intel-microcode ([20220207_p20220207](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20220207))<br>- iperf ([3.10.1](https://github.com/esnet/iperf/blob/master/RELNOTES.md#iperf-3101-2021-06-03))<br>- less ([590](https://www.greenwoodsoftware.com/less/news.590.html))<br>- lsscsi ([0.32](https://sg.danny.cz/scsi/lsscsi.ChangeLog))<br>- nvidia-drivers ([510.47.03](https://docs.nvidia.com/datacenter/tesla/tesla-release-notes-510-47-03/index.html)) <br>- nvme-cli ([1.16](https://github.com/linux-nvme/nvme-cli/commits/deee9cae1ac94760deebd71f8e5449061338666c))<br>- openssl ([3.0.2](https://www.openssl.org/news/changelog.html#openssl-30))<br>- pam ([1.5.1_p20210622](https://github.com/linux-pam/linux-pam/commit/fe1307512fb8892b5ceb3d884c793af8dbd4c16a))<br>- pambase (20220214)<br>- pinentry ([1.2.0](https://dev.gnupg.org/T5566))<br>- quota ([4.06](https://sourceforge.net/p/linuxquota/code/ci/0acd4cc6275122fd9864cb7b5d349e65a2622920/))<br>- rpcbind ([1.2.6](https://git.linux-nfs.org/?p=steved/rpcbind.git;a=shortlog;h=refs/tags/rpcbind-1_2_6))<br>- socat ([1.7.4.3](https://repo.or.cz/socat.git/blob/refs/tags/tag-1.7.4.3:/CHANGES))<br>- thin-provisioning-tools ([0.9.0](https://github.com/jthornber/thin-provisioning-tools/blob/d6d93c3157631b242a13a81d30f75453e576c55a/CHANGES#L1-L9))<br>- timezone-data ([2021a](https://mm.icann.org/pipermail/tz-announce/2021-January/000065.html))<br>- whois ([5.5.11](https://github.com/rfc1036/whois/commit/5f5ba8312c04a759dad05723c035549273d07461))<br>- xfsprogs ([5.14.2](https://marc.info/?l=linux-xfs&m=163883318025390&w=2))<br>- VMWare: open-vm-tools ([12.0.0](https://github.com/vmware/open-vm-tools/releases/tag/stable-12.0.0))<br>- SDK: man-db ([2.9.4](https://gitlab.com/cjwatson/man-db/-/tags/2.9.4))<br>- SDK: Rust ([1.59.0](https://github.com/rust-lang/rust/releases/tag/1.59.0))<br><br>Packages:<br>- docker 20.10.13<br>- ignition 2.13.0<br>- kernel 5.15.30<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-03-23T13:36:37+00:00 @@ -2582,7 +2606,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3165.0.0 3165.0.0 - 2023-10-25T10:20:42.839903+00:00 + 2023-11-22T09:59:32.682371+00:00 New **Alpha** Release **3165.0.0**<br><br>_Changes since **Alpha 3139.0.0**_<br><br>#### Security fixes<br>- Linux ([CVE-2022-0492](https://nvd.nist.gov/vuln/detail/CVE-2022-0492), [CVE-2022-0516](https://nvd.nist.gov/vuln/detail/CVE-2022-0516), [CVE-2022-0435](https://nvd.nist.gov/vuln/detail/CVE-2022-0435), [CVE-2022-0487](https://nvd.nist.gov/vuln/detail/CVE-2022-0487), [CVE-2022-25375](https://nvd.nist.gov/vuln/detail/CVE-2022-25375), [CVE-2022-25258](https://nvd.nist.gov/vuln/detail/CVE-2022-25258), [CVE-2022-0847](https://nvd.nist.gov/vuln/detail/CVE-2022-0847))<br>- Go ([CVE-2022-23806](https://nvd.nist.gov/vuln/detail/CVE-2022-23806), [CVE-2022-23772](https://nvd.nist.gov/vuln/detail/CVE-2022-23772), [CVE-2022-23773](https://nvd.nist.gov/vuln/detail/CVE-2022-23773))<br>- systemd ([CVE-2021-3997](https://nvd.nist.gov/vuln/detail/CVE-2021-3997))<br>- cifs-utils ([CVE-2021-20208](https://nvd.nist.gov/vuln/detail/CVE-2021-20208))<br>- expat ([CVE-2022-25235](https://nvd.nist.gov/vuln/detail/CVE-2022-25235), [CVE-2022-25236](https://nvd.nist.gov/vuln/detail/CVE-2022-25236), [CVE-2022-25313](https://nvd.nist.gov/vuln/detail/CVE-2022-25313), [CVE-2022-25314](https://nvd.nist.gov/vuln/detail/CVE-2022-25314), [CVE-2022-25315](https://nvd.nist.gov/vuln/detail/CVE-2022-25315))<br>- duktape ([CVE-2021-46322](https://nvd.nist.gov/vuln/detail/CVE-2021-46322))<br>- libarchive ([CVE-2021-31566](https://nvd.nist.gov/vuln/detail/CVE-2021-31566), [CVE-2021-36976](https://nvd.nist.gov/vuln/detail/CVE-2021-36976))<br>- libxml2 ([CVE-2022-23308](https://nvd.nist.gov/vuln/detail/CVE-2022-23308))<br>- shadow ([CVE-2013-4235](https://nvd.nist.gov/vuln/detail/CVE-2013-4235))<br>- vim ([CVE-2021-3984](https://nvd.nist.gov/vuln/detail/CVE-2021-3984), [CVE-2021-4019](https://nvd.nist.gov/vuln/detail/CVE-2021-4019), [CVE-2021-4069](https://nvd.nist.gov/vuln/detail/CVE-2021-4069), [CVE-2021-4136](https://nvd.nist.gov/vuln/detail/CVE-2021-4136), [CVE-2021-4173](https://nvd.nist.gov/vuln/detail/CVE-2021-4173),[ CVE-2021-4166](https://nvd.nist.gov/vuln/detail/CVE-2021-4166), [CVE-2021-4187](https://nvd.nist.gov/vuln/detail/CVE-2021-4187), [CVE-2021-4192](https://nvd.nist.gov/vuln/detail/CVE-2021-4192), [CVE-2021-4193](https://nvd.nist.gov/vuln/detail/CVE-2021-4193), [CVE-2022-0128](https://nvd.nist.gov/vuln/detail/CVE-2022-0128), [CVE-2022-0156](https://nvd.nist.gov/vuln/detail/CVE-2022-0156), [CVE-2022-0158](https://nvd.nist.gov/vuln/detail/CVE-2022-0158), [CVE-2022-0213](https://nvd.nist.gov/vuln/detail/CVE-2022-0213), [CVE-2022-0261](https://nvd.nist.gov/vuln/detail/CVE-2022-0261), [CVE-2022-0318](https://nvd.nist.gov/vuln/detail/CVE-2022-0318), [CVE-2022-0319](https://nvd.nist.gov/vuln/detail/CVE-2022-0319), [CVE-2022-0351](https://nvd.nist.gov/vuln/detail/CVE-2022-0351), [CVE-2022-0359](https://nvd.nist.gov/vuln/detail/CVE-2022-0359), [CVE-2022-0361](https://nvd.nist.gov/vuln/detail/CVE-2022-0361), [CVE-2022-0368](https://nvd.nist.gov/vuln/detail/CVE-2022-0368), [CVE-2022-0392](https://nvd.nist.gov/vuln/detail/CVE-2022-0392), [CVE-2022-0393](https://nvd.nist.gov/vuln/detail/CVE-2022-0393), [CVE-2022-0407](https://nvd.nist.gov/vuln/detail/CVE-2022-0407), [CVE-2022-0408](https://nvd.nist.gov/vuln/detail/CVE-2022-0408), [CVE-2022-0413](https://nvd.nist.gov/vuln/detail/CVE-2022-0413), [CVE-2022-0417](https://nvd.nist.gov/vuln/detail/CVE-2022-0417), [CVE-2022-0443](https://nvd.nist.gov/vuln/detail/CVE-2022-0443))<br>- SDK: squashfs-tools ([CVE-2021-40153](https://nvd.nist.gov/vuln/detail/CVE-2021-40153), [CVE-2021-41072](https://nvd.nist.gov/vuln/detail/CVE-2021-41072))<br><br>#### Bug fixes<br>- Disabled the systemd-networkd settings `ManageForeignRoutes` and `ManageForeignRoutingPolicyRules` by default to ensure that CNIs like Cilium don't get their routes or routing policy rules discarded on network reconfiguration events ([Flatcar#620](https://github.com/flatcar/Flatcar/issues/620)).<br>- AWS: specify correct console (ttyS0) on kernel command line for ARM64 instances ([coreos-overlay#1628](https://github.com/flatcar/coreos-overlay/pull/1628))<br>- Prevented hitting races when creating filesystems in Ignition, these races caused boot failures like `fsck[1343]: Failed to stat /dev/disk/by-label/ROOT: No such file or directory` when creating a btrfs root filesystem ([ignition#35](https://github.com/flatcar/ignition/pull/35))<br>- Reverted the Linux kernel change to forbid xfrm id 0 for IPSec state because it broke Cilium ([Flatcar#626](https://github.com/flatcar/Flatcar/issues/626), [coreos-overlay#1682](https://github.com/flatcar/coreos-overlay/pull/1682))<br>- Added `auditd.service` but left it disabled by default, a custom configuration can be created by removing `/etc/audit/auditd.conf` and replacing it with an own file ([coreos-overlay#1636](https://github.com/flatcar/coreos-overlay/pull/1636))<br><br>#### Changes<br>- The systemd-networkd `ManageForeignRoutes` and `ManageForeignRoutingPolicyRules` settings are now disabled through a drop-in file and thus can only be enabled again by a drop-in file under `/etc/systemd/networkd.conf.d/` because drop-in files take precedence over `/etc/systemd/networkd.conf` ([init#61](https://github.com/flatcar/init/pull/61))<br>- Bring in dependencies for NFS4 with Kerberos both in kernel and userspace. Tested against NFS4.1 server. ([coreos-overlay#1664](https://github.com/flatcar/coreos-overlay/pull/1664))<br>- Added support for switching back to CGroupsV1 without requiring a reboot. Create `/etc/flatcar-cgroupv1` through ignition. ([coreos-overlay#1666](https://github.com/flatcar/coreos-overlay/pull/1666))<br>- Azure VHD disks are now created using subformat=fixed, which makes them suitable for immediate upload to Azure using any tool.<br><br>#### Updates<br><br>- Linux ([5.15.25](https://lwn.net/Articles/885895)) (from 5.15.19)<br>- Linux Firmware ([20220209](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20220209))<br>- Go ([1.17.7](https://go.googlesource.com/go/+/refs/tags/go1.17.7))<br>- systemd ([250.3](https://github.com/systemd/systemd-stable/releases/tag/v250.3))<br>- bpftool ([5.15.8](https://lwn.net/Articles/878631/))<br>- bridge-utils ([1.7.1](https://git.kernel.org/pub/scm/network/bridge/bridge-utils.git/log/?h=v1.7.1))<br>- cifs-utils ([6.13](https://lkml.kernel.org/linux-cifs/CAKywueSqRGSFmeDHQacyu831BNUeGFxGg3vgBmozzhkGBCjyXQ@mail.gmail.com/T/))<br>- containerd ([1.6.0](https://github.com/containerd/containerd/releases/tag/v1.6.0))<br>- duktape ([2.7.0](https://github.com/svaarala/duktape/releases/tag/v2.7.0))<br>- expat ([2.4.6](https://github.com/libexpat/libexpat/blob/R_2_4_6/expat/Changes))<br>- kexec-tools ([2.0.22](https://www.spinics.net/lists/kexec/msg26864.html))<br>- libarchive ([3.5.3](https://github.com/libarchive/libarchive/releases/tag/v3.5.3))<br>- libmspack ([0.10.1_alpha](https://github.com/kyz/libmspack/blob/v0.10.1alpha/libmspack/ChangeLog))<br>- libxml2 ([2.9.13](http://www.xmlsoft.org/news.html))<br>- nfs-utils ([2.5.4](https://lore.kernel.org/linux-fsdevel/c8795653-7728-18a4-93dc-58943ad0fe09@redhat.com/))<br>- shadow ([4.11.1](https://github.com/shadow-maint/shadow/releases/tag/v4.11.1))<br>- vim ([8.2.4328](https://github.com/vim/vim/releases/tag/v8.2.4328))<br>- Azure: WALinuxAgent ([2.6.0.2](https://github.com/Azure/WALinuxAgent/releases/tag/v2.6.0.2))<br>- SDK: gcc-config ([2.5](https://gitweb.gentoo.org/proj/gcc-config.git/tag/?h=v2.5))<br>- SDK: iasl ([20200717](https://www.acpica.org/node/183))<br>- SDK: man-pages ([5.12-r2](https://man7.org/linux/man-pages/changelog.html#release_5.12))<br>- SDK: netperf ([2.7.0](https://github.com/HewlettPackard/netperf/blob/netperf-2.7.0/Release_Notes))<br>- SDK: squashfs-tools ([4.5_p20210914](https://lore.kernel.org/lkml/CAB3woddJss+ziGp-RjJ-yiax6pc_HLMdxk3Qk5nJdRgjpEYWBg@mail.gmail.com/))<br><br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.15.25<br>- systemd 250<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-03-07T13:14:29+00:00 @@ -2590,7 +2614,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3139.0.0 3139.0.0 - 2023-10-25T10:20:42.830668+00:00 + 2023-11-22T09:59:32.673003+00:00 New **Alpha** Release **3139.0.0**<br><br>_Changes since **Alpha 3127.0.0**_<br><br>#### Security fixes<br><br>- Linux ([CVE-2021-43976](https://nvd.nist.gov/vuln/detail/CVE-2021-43976), [CVE-2022-0330](https://nvd.nist.gov/vuln/detail/CVE-2022-0330), [CVE-2022-22942](https://nvd.nist.gov/vuln/detail/CVE-2022-22942))<br>- expat ([CVE-2022-23852](https://nvd.nist.gov/vuln/detail/CVE-2022-23852), [CVE-2022-23990](https://nvd.nist.gov/vuln/detail/CVE-2022-23990))<br>- glibc ([CVE-2021-3998](https://nvd.nist.gov/vuln/detail/CVE-2021-3998), [CVE-2021-3999](https://nvd.nist.gov/vuln/detail/CVE-2021-3999), [CVE-2022-23218](https://nvd.nist.gov/vuln/detail/CVE-2022-23218), [CVE-2022-23219](https://nvd.nist.gov/vuln/detail/CVE-2022-23219))<br>- polkit ([CVE-2021-4034](https://nvd.nist.gov/vuln/detail/CVE-2021-4034))<br>- SDK: Rust ([CVE-2022-21658](https://nvd.nist.gov/vuln/detail/CVE-2022-21658))<br><br><br>#### Bug fixes<br>- network: Accept ICMPv6 Router Advertisements to fix IPv6 address assignment in the default DHCP setting ([flatcar-linux/init#51](https://github.com/flatcar/init/pull/51), [flatcar-linux/cloudinit#12](https://github.com/flatcar/coreos-cloudinit/pull/12), [flatcar-linux/bootengine#30](https://github.com/flatcar/bootengine/pull/30))<br>- flatcar-update: Stopped checking for the `USER` environment variable which may not be set in all environments, causing the script to fail unless a workaround was used like prepending an additional `sudo` invocation ([flatcar-linux/init#58](https://github.com/flatcar/init/pull/58))<br><br>#### Changes<br>- Enabled the FIPS support for the Linux kernel, which users can now choose through a kernel parameter in `grub.cfg` (check it taking effect with `cat /proc/sys/crypto/fips_enabled`) ([flatcar-linux/coreos-overlay#1602](https://github.com/flatcar/coreos-overlay/pull/1602))<br><br>#### Updates<br>- Linux ([5.15.19](https://lwn.net/Articles/883441)) (from 5.15.16)<br>- expat ([2.4.4](https://github.com/libexpat/libexpat/blob/R_2_4_4/expat/Changes))<br>- polkit ([0.120](https://gitlab.freedesktop.org/polkit/polkit/-/blob/0.120/NEWS))<br>- sbsigntools ([0.9.4](https://git.kernel.org/pub/scm/linux/kernel/git/jejb/sbsigntools.git/tag/?h=v0.9.4))<br>- SDK: Rust ([1.58.1](https://github.com/rust-lang/rust/releases/tag/1.58.1))<br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.15.19<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-02-09T10:02:16+00:00 @@ -2598,7 +2622,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3127.0.0 3127.0.0 - 2023-10-25T10:20:42.824863+00:00 + 2023-11-22T09:59:32.667040+00:00 New **Alpha** release **3127.0.0**<br><br>__Changes since **Alpha 3115.0.0**__<br><br>#### Security fixes:<br><br>- Linux ([CVE-2021-4155](https://nvd.nist.gov/vuln/detail/CVE-2021-4155), [CVE-2021-4197](https://nvd.nist.gov/vuln/detail/CVE-2021-4197), [CVE-2021-45095](https://nvd.nist.gov/vuln/detail/CVE-2021-45095), [CVE-2022-0185](https://nvd.nist.gov/vuln/detail/CVE-2022-0185))<br>- expat ([CVE-2021-45960](https://nvd.nist.gov/vuln/detail/CVE-2021-45960), [CVE-2021-46143](https://nvd.nist.gov/vuln/detail/CVE-2021-46143), [CVE-2022-22822](https://nvd.nist.gov/vuln/detail/CVE-2022-22822), [CVE-2022-22823](https://nvd.nist.gov/vuln/detail/CVE-2022-22823), [CVE-2022-22824](https://nvd.nist.gov/vuln/detail/CVE-2022-22824), [CVE-2022-22825](https://nvd.nist.gov/vuln/detail/CVE-2022-22825), [CVE-2022-22826](https://nvd.nist.gov/vuln/detail/CVE-2022-22826), [CVE-2022-22827](https://nvd.nist.gov/vuln/detail/CVE-2022-22827))<br>- mit-krb5 ([CVE-2021-37750](https://nvd.nist.gov/vuln/detail/CVE-2021-37750))<br>- openssl ([CVE-2021-4044](https://nvd.nist.gov/vuln/detail/CVE-2021-4044))<br><br>#### Bug fixes:<br><br>- Fixed the dracut emergency Ignition log printing that had a scripting error causing the print command to fail ([flatcar-linux/bootengine#33](https://github.com/flatcar/bootengine/pull/33))<br>- Fixed leak of SELinux policy store to the root filesystem top directory due to wrong store path in `policycoreutils` instead of `/var/lib/selinux` ([flatcar-linux/Flatcar#596](https://github.com/flatcar/Flatcar/issues/596))<br><br>#### Changes:<br><br>- Removed the pre-shipped `/etc/flatcar/update.conf` file, leaving it totally to the user to define the contents as it was unnecessarily overwriting the `/use/share/flatcar/update.conf` ([flatcar-linux/scripts#212](https://github.com/flatcar/scripts/pull/212))<br>- Moved `tracepath` and `traceroute6` from `/usr/sbin` to `/usr/bin`<br><br>#### Updates:<br><br>- Linux ([5.15.16](https://lwn.net/Articles/881963)) (includes [5.15.14](https://lwn.net/Articles/881018), [5.15.15](https://lwn.net/Articles/881548))<br>- expat ([2.4.3](https://github.com/libexpat/libexpat/blob/R_2_4_3/expat/Changes))<br>- iputils ([20210722](https://github.com/iputils/iputils/releases/tag/20210722))<br>- openssl ([3.0.1](https://www.openssl.org/news/changelog.html#openssl-30))<br>- parted ([3.4](https://savannah.gnu.org/forum/forum.php?forum_id=9924)) (includes [3.3](https://savannah.gnu.org/forum/forum.php?forum_id=9569))<br>- pciutils ([3.7.0](https://github.com/pciutils/pciutils/releases/tag/v3.7.0))<br>- runc ([1.1.0](https://github.com/opencontainers/runc/releases/tag/v1.1.0))<br>- sed ([4.8](https://savannah.gnu.org/forum/forum.php?forum_id=9647))<br>- SDK: mantle ([0.18.0](https://github.com/flatcar/mantle/releases/tag/v0.18.0))<br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.15.16<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-01-26T08:12:08+00:00 @@ -2606,7 +2630,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3115.0.0 3115.0.0 - 2023-10-25T10:20:42.818759+00:00 + 2023-11-22T09:59:32.660760+00:00 New **Alpha** release **3115.0.0**<br><br>_Changes since **Alpha 3066.0.0**_<br><br>#### Known issues<br><br>- With Kubernetes 1.23 and Linux 5.15 outgoing connects from `calico` pods fail - it's recommended to switch over `iptables` instead of `ipvs` for `kube-proxy` mode. ([projectcalico/calico#5011](https://github.com/projectcalico/calico/issues/5011))<br>- The SELinux policy store update fix resulted in some files leaked to the root filesystem top directory ([Flatcar#596](https://github.com/flatcar/Flatcar/issues/596))<br><br>#### Security fixes<br>- Linux ([CVE-2020-27820](https://nvd.nist.gov/vuln/detail/CVE-2020-27820), [CVE-2021-4001](https://nvd.nist.gov/vuln/detail/CVE-2021-4001), [CVE-2021-4002](https://nvd.nist.gov/vuln/detail/CVE-2021-4002), [CVE-2021-4083](https://nvd.nist.gov/vuln/detail/CVE-2021-4083), [CVE-2021-4135](https://nvd.nist.gov/vuln/detail/CVE-2021-4135), [CVE-2021-4155](https://nvd.nist.gov/vuln/detail/CVE-2021-4155), [CVE-2021-28711](https://nvd.nist.gov/vuln/detail/CVE-2021-28711), [CVE-2021-28712](https://nvd.nist.gov/vuln/detail/CVE-2021-28712), [CVE-2021-28713](https://nvd.nist.gov/vuln/detail/CVE-2021-28713), [CVE-2021-28714](https://nvd.nist.gov/vuln/detail/CVE-2021-28714), [CVE-2021-28715](https://nvd.nist.gov/vuln/detail/CVE-2021-28715))<br>- GCC ([CVE-2020-13844](https://nvd.nist.gov/vuln/detail/CVE-2020-13844))<br>- Go ([CVE-2021-44716](https://nvd.nist.gov/vuln/detail/CVE-2021-44716), [CVE-2021-44717](https://nvd.nist.gov/vuln/detail/CVE-2021-44717))<br>- ca-certificates ([CVE-2021-43527](https://nvd.nist.gov/vuln/detail/CVE-2021-43527))<br>- containerd ([CVE-2021-43816](https://nvd.nist.gov/vuln/detail/CVE-2021-43816))<br>- ignition ([CVE-2020-14040](https://nvd.nist.gov/vuln/detail/CVE-2020-14040))<br>- libarchive ([libarchive-1565](https://github.com/libarchive/libarchive/issues/1565), [libarchive-1566](https://github.com/libarchive/libarchive/issues/1566))<br>- openssh ([CVE-2021-41617](https://nvd.nist.gov/vuln/detail/CVE-2021-41617))<br>- runc ([CVE-2021-43784](https://nvd.nist.gov/vuln/detail/CVE-2021-43784))<br>- torcx ([CVE-2021-38561](https://nvd.nist.gov/vuln/detail/CVE-2021-38561), [CVE-2021-43565](https://nvd.nist.gov/vuln/detail/CVE-2021-43565))<br>- vim ([CVE-2021-3872](https://nvd.nist.gov/vuln/detail/CVE-2021-3872), [CVE-2021-3875](https://nvd.nist.gov/vuln/detail/CVE-2021-3875), [CVE-2021-3903](https://nvd.nist.gov/vuln/detail/CVE-2021-3903), [CVE-2021-3927](https://nvd.nist.gov/vuln/detail/CVE-2021-3927), [CVE-2021-3928](https://nvd.nist.gov/vuln/detail/CVE-2021-3928), [CVE-2021-3968](https://nvd.nist.gov/vuln/detail/CVE-2021-3968), [CVE-2021-3973](https://nvd.nist.gov/vuln/detail/CVE-2021-3973), [CVE-2021-3974](https://nvd.nist.gov/vuln/detail/CVE-2021-3974))<br>- SDK: edk2-ovmf ([CVE-2019-14584](https://nvd.nist.gov/vuln/detail/CVE-2019-14584), [CVE-2021-28210](https://nvd.nist.gov/vuln/detail/CVE-2021-28210), [CVE-2021-28211](https://nvd.nist.gov/vuln/detail/CVE-2021-28211), [CVE-2021-28213](https://nvd.nist.gov/vuln/detail/CVE-2021-28213))<br>- SDK: libxslt ([CVE-2021-30560](https://nvd.nist.gov/vuln/detail/CVE-2021-30560))<br>- SDK: mantle ([CVE-2021-3121](https://nvd.nist.gov/vuln/detail/CVE-2021-3121), [CVE-2021-38561](https://nvd.nist.gov/vuln/detail/CVE-2021-38561), [CVE-2021-43565](https://nvd.nist.gov/vuln/detail/CVE-2021-43565))<br>- SDK: Python ([CVE-2018-20852](https://nvd.nist.gov/vuln/detail/CVE-2018-20852), [CVE-2019-5010](https://nvd.nist.gov/vuln/detail/CVE-2019-5010), [CVE-2019-9636](https://nvd.nist.gov/vuln/detail/CVE-2019-9636), [CVE-2019-9740](https://nvd.nist.gov/vuln/detail/CVE-2019-9740), [CVE-2019-9947](https://nvd.nist.gov/vuln/detail/CVE-2019-9947), [CVE-2019-9948](https://nvd.nist.gov/vuln/detail/CVE-2019-9948), [CVE-2019-20907](https://nvd.nist.gov/vuln/detail/CVE-2019-20907), [CVE-2020-8492](https://nvd.nist.gov/vuln/detail/CVE-2020-8492), [CVE-2020-14422](https://nvd.nist.gov/vuln/detail/CVE-2020-14422), [CVE-2020-26116](https://nvd.nist.gov/vuln/detail/CVE-2020-26116), [CVE-2021-3177](https://nvd.nist.gov/vuln/detail/CVE-2021-3177), [CVE-2021-3426](https://nvd.nist.gov/vuln/detail/CVE-2021-3426), [CVE-2021-23336](https://nvd.nist.gov/vuln/detail/CVE-2021-23336), [CVE-2021-29921](https://nvd.nist.gov/vuln/detail/CVE-2021-29921))<br>- SDK: QEMU ([CVE-2020-35504](https://nvd.nist.gov/vuln/detail/CVE-2020-35504), [CVE-2020-35505](https://nvd.nist.gov/vuln/detail/CVE-2020-35505), [CVE-2020-35506](https://nvd.nist.gov/vuln/detail/CVE-2020-35506), [CVE-2020-35517](https://nvd.nist.gov/vuln/detail/CVE-2020-35517), [CVE-2021-20255](https://nvd.nist.gov/vuln/detail/CVE-2021-20255), [CVE-2021-20257](https://nvd.nist.gov/vuln/detail/CVE-2021-20257), [CVE-2021-20263](https://nvd.nist.gov/vuln/detail/CVE-2021-20263), [CVE-2021-3409](https://nvd.nist.gov/vuln/detail/CVE-2021-3409), [CVE-2021-3416](https://nvd.nist.gov/vuln/detail/CVE-2021-3416), [CVE-2021-3527](https://nvd.nist.gov/vuln/detail/CVE-2021-3527), [CVE-2021-3544](https://nvd.nist.gov/vuln/detail/CVE-2021-3544), [CVE-2021-3545](https://nvd.nist.gov/vuln/detail/CVE-2021-3545), [CVE-2021-3546](https://nvd.nist.gov/vuln/detail/CVE-2021-3546), [CVE-2021-3582](https://nvd.nist.gov/vuln/detail/CVE-2021-3582), [CVE-2021-3607](https://nvd.nist.gov/vuln/detail/CVE-2021-3607), [CVE-2021-3608](https://nvd.nist.gov/vuln/detail/CVE-2021-3608), [CVE-2021-3682](https://nvd.nist.gov/vuln/detail/CVE-2021-3682))<br><br>#### Bug fixes<br>- Added configuration files for logrotate ([flatcar-linux/coreos-overlay#1442](https://github.com/flatcar/coreos-overlay/pull/1442))<br>- Fixed `ETCD_NAME` conflicting with `--name` for `etcd-member` to start ([flatcar-linux/coreos-overlay#1444](https://github.com/flatcar/coreos-overlay/pull/1444))<br>- The Torcx profile `docker-1.12-no` got fixed to reference the current Docker version instead of 19.03 which wasn't found on the image, causing Torcx to fail to provide Docker ([flatcar-linux/coreos-overlay#1456](https://github.com/flatcar/coreos-overlay/pull/1456))<br>- Fix vim warnings on missing file, when built with USE=”minimal” ([portage-stable#260](https://github.com/flatcar/portage-stable/pull/260))<br>- Excluded the Kubenet cbr0 interface from networkd's DHCP config and set it to Unmanaged to prevent interference and ensure that it is not part of the network online check ([flatcar-linux/init#55](https://github.com/flatcar/init/pull/55))<br>- Ensured that the `/run/xtables.lock` coordination file exists for modifications of the xtables backend from containers (must be bind-mounted) or the `iptables-legacy` binaries on the host ([flatcar-linux/init#57](https://github.com/flatcar/init/pull/57))<br>- AWS: Published missing arm64 AMIs for stable & beta ([flatcar-linux/scripts#188](https://github.com/flatcar/scripts/pull/188), [flatcar-linux/scripts#189](https://github.com/flatcar/scripts/pull/189))<br>- dev container: Fixed github URL for coreos-overlay and portage-stable to use repos from flatcar-linux org directly instead of relying on redirects from the kinvolk org. This fixes checkouts with emerge-gitclone inside dev-container. ([flatcar-linux/scripts#194](https://github.com/flatcar/scripts/pull/194))<br>- SDK: Fixed build error popping up in the new SDK Container because `policycoreutils` used the wrong ROOT to update the SELinux store ([flatcar-linux/coreos-overlay#1502](https://github.com/flatcar/coreos-overlay/pull/1502))<br><br>#### Changes<br>- Flatcar is in the NIST CPE dictionary. Programmatically build the `CPE_NAME` in the build process in order to be scanned ([flatcar-linux/Flatcar#536](https://github.com/flatcar/Flatcar/issues/536))<br>- Added a new flatcar-update tool to the image to ease manual updates, rollbacks, channel/release jumping, and airgapped updates ([flatcar-linux/init#53](https://github.com/flatcar/init/pull/53))<br>- Update-engine now creates the `/run/reboot-required` flag file for [kured](https://github.com/weaveworks/kured) ([flatcar-linux/update_engine#15](https://github.com/flatcar/update_engine/pull/15))<br>- Excluded special network interface devices like bridge, tunnel, vxlan, and veth devices from the default DHCP configuration to prevent networkd interference ([flatcar-linux/init#56](https://github.com/flatcar/init/pull/56))<br>- Backported `elf` support for `iproute2` ([flatcar-linux/coreos-overlay#1256](https://github.com/flatcar/coreos-overlay/pull/1526))<br>- Added CONFIG_NF_CT_NETLINK_HELPER (for libnetfilter_cthelper), CONFIG_NET_VRF (for virtual routing and forwarding) and CONFIG_KEY_DH_OPERATIONS (for keyutils) to the kernel config ([flatcar-linux/coreos-overlay#1524](https://github.com/flatcar/coreos-overlay/pull/1524))<br><br><br>#### Updates<br>- Linux ([5.15.13](https://lwn.net/Articles/880469))<br>- Linux Firmware ([20211216](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20211216))<br>- Linux Kernel headers ([5.15](https://lwn.net/Articles/874495/))<br>- Docker ([20.10.12](https://docs.docker.com/engine/release-notes/#201012))<br>- GCC ([9.4.0](https://lists.gnu.org/archive/html/info-gnu/2021-06/msg00000.html))<br>- Go ([1.17.6](https://go.googlesource.com/go/+/refs/tags/go1.17.6))<br>- acl ([2.3.1](https://git.savannah.nongnu.org/cgit/acl.git/log/?h=v2.3.1))<br>- attr ([2.5.1](https://git.savannah.nongnu.org/cgit/attr.git/log/?h=v2.5.1))<br>- audit ([3.0.6](https://listman.redhat.com/archives/linux-audit/2021-October/msg00000.html))<br>- boost ([1.76.0](https://www.boost.org/users/history/version_1_76_0.html))<br>- btrfs-progs ([5.15.1](https://btrfs.wiki.kernel.org/index.php/Changelog#btrfs-progs_v5.15_.28Nov_2021.29))<br>- ca-certificates ([3.74](https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/5cpT9SNXYSM))<br>- containerd ([1.5.9](https://github.com/containerd/containerd/releases/tag/v1.5.9))<br>- coreutils ([8.32](https://lists.gnu.org/archive/html/coreutils-announce/2020-03/msg00000.html))<br>- diffutils ([3.8](https://lists.gnu.org/archive/html/info-gnu/2021-08/msg00000.html))<br>- ethtool ([5.10](https://git.kernel.org/pub/scm/network/ethtool/ethtool.git/tree/NEWS?h=v5.10))<br>- findutils ([4.8.0](https://savannah.gnu.org/forum/forum.php?forum_id=9914))<br>- glib ([2.68.4](https://gitlab.gnome.org/GNOME/glib/-/releases/2.68.4))<br>- glog ([0.4.0](https://github.com/google/glog/releases/tag/v0.4.0))<br>- i2c-tools ([4.2](https://git.kernel.org/pub/scm/utils/i2c-tools/i2c-tools.git/log/?h=v4.2))<br>- iproute2 ([5.15](https://lwn.net/ml/linux-kernel/20211101164705.6f4f2e41%40hermes.local/))<br>- ipset ([7.11](https://ipset.netfilter.org/changelog.html))<br>- ipvsadm ([1.27](http://archive.linuxvirtualserver.org/html/lvs-devel/2013-09/msg00011.html))<br>- kmod ([29](https://git.kernel.org/pub/scm/utils/kernel/kmod/kmod.git/tree/NEWS?h=v29))<br>- libarchive ([3.5.2](https://github.com/libarchive/libarchive/releases/tag/v3.5.2))<br>- libcap ([2.49](https://git.kernel.org/pub/scm/libs/libcap/libcap.git/tag/?h=libcap-2.49))<br>- libcap-ng ([0.8.2](https://github.com/stevegrubb/libcap-ng/releases/tag/v0.8.2))<br>- libmicrohttpd ([0.9.73](https://lists.gnu.org/r/info-gnu/2021-04/msg00007.html))<br>- libnl ([3.5.0](https://github.com/thom311/libnl/releases/tag/libnl3_5_0))<br>- libseccomp ([2.5.1](https://github.com/seccomp/libseccomp/releases/tag/v2.5.1))<br>- lshw ([02.19.2b_p20210121](https://www.ezix.org/project/wiki/HardwareLiSter#Changes))<br>- lsof ([4.94.0](https://github.com/lsof-org/lsof/releases/tag/4.94.0))<br>- openssh ([8.8](http://www.openssh.com/txt/release-8.8))<br>- pax-utils ([1.3.3](https://gitweb.gentoo.org/proj/pax-utils.git/tree/?h=v1.3.3))<br>- psmisc ([23.4](https://gitlab.com/psmisc/psmisc/-/blob/v23.4/ChangeLog))<br>- runc ([1.0.3](https://github.com/opencontainers/runc/releases/tag/v1.0.3))<br>- systemd ([249.7](https://github.com/systemd/systemd-stable/blob/v249.7/NEWS))<br>- tdb (1.4.5)<br>- usbutils ([014](https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usbutils.git/commit/?id=57fb18e59cce31a50a1ca62d1e192512c905ba00))<br>- vim ([8.2.3582](https://github.com/vim/vim/releases/tag/v8.2.3582))<br>- which ([2.21](https://carlowood.github.io/which/cvslog-2.21.html))<br>- Azure: Python for OEM images ([3.9.8](https://www.python.org/downloads/release/python-398/))<br>- SDK: Python ([3.9.8](https://www.python.org/downloads/release/python-398/))<br>- SDK: Rust ([1.57.0](https://github.com/rust-lang/rust/releases/tag/1.57.0))<br>- SDK: edk2-ovmf ([202105](https://github.com/tianocore/edk2/releases/tag/edk2-stable202105))<br>- SDK: file ([5.40](https://mailman.astron.com/pipermail/file/2021-March/000478.html))<br>- SDK: ipxe ([1.21.1](https://github.com/ipxe/ipxe/releases/tag/v1.21.1))<br>- SDK: mantle ([0.17.0](https://github.com/flatcar/mantle/releases/tag/v0.17.0))<br>- SDK: ninja ([1.10.2](https://groups.google.com/g/ninja-build/c/oobwq_F0PpA/m/FeJC5LoRBgAJ))<br>- SDK: pahole ([1.20](https://git.kernel.org/pub/scm/devel/pahole/pahole.git/tag/?h=v1.20))<br>- SDK: perf ([5.15](https://kernelnewbies.org/LinuxChanges#Linux_5.15.Tracing.2C_perf_and_BPF))<br>- SDK: portage ([3.0.28](https://gitweb.gentoo.org/proj/portage.git/tag/?h=portage-3.0.28))<br>- SDK: qemu ([6.1.0](https://wiki.qemu.org/ChangeLog/6.1))<br>- SDK: seabios ([1.14.0](https://seabios.org/Releases#SeaBIOS_1.14.0))<br>Packages:<br>- docker 20.10.12<br>- ignition 0.36.1<br>- kernel 5.15.13<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2022-01-13T14:06:50+00:00 @@ -2614,7 +2638,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3066.0.0 3066.0.0 - 2023-10-25T10:20:42.805834+00:00 + 2023-11-22T09:59:32.647439+00:00 New **Alpha** Release **3066.0.0**<br><br>_Changes since **Alpha 3033.0.0**_<br><br>**Security fixes**<br><br>* Linux ([CVE-2021-42739](https://nvd.nist.gov/vuln/detail/CVE-2021-42739))<br>* Docker, containerd ([CVE-2021-41190](https://nvd.nist.gov/vuln/detail/CVE-2021-41190))<br>* rsync ([CVE-2020-14387](https://nvd.nist.gov/vuln/detail/CVE-2020-14387))<br>* SDK: u-boot-tools ([CVE-2021-27097](https://nvd.nist.gov/vuln/detail/CVE-2021-27097),[CVE-2021-27138](https://nvd.nist.gov/vuln/detail/CVE-2021-27138))<br><br>**Bug fixes**<br><br>* SDK: Add missing arm64 SDK keywords to profiles ([coreos-overlay#1407](https://github.com/flatcar/coreos-overlay/pull/1407))<br><br>**Changes**<br><br>* Added sgx group to /etc/group in baselayout ([baselayout#20](https://github.com/flatcar/baselayout/pull/20))<br>* Added missing SELinux rule as initial step to resolve Torcx unpacking issue ([coreos-overlay#1426](https://github.com/flatcar/coreos-overlay/pull/1426))<br><br>**Updates**<br><br>* Linux ([5.10.80](https://lwn.net/Articles/876426/))<br>* Docker ([20.10.11](https://docs.docker.com/engine/release-notes/#20111))<br>* containerd ([1.5.8](https://github.com/containerd/containerd/releases/tag/v1.5.8))<br>* ca-certificates ([3.72](https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/7O6a4NlaI2A))<br>* btrfs-progs ([5.10.1](https://btrfs.wiki.kernel.org/index.php/Changelog#btrfs-progs_v5.10_.28Jan_2021.29))<br>* dbus-glib ([0.112](https://gitlab.freedesktop.org/dbus/dbus-glib/-/tags/dbus-glib-0.112))<br>* gmp ([6.2.1](https://gmplib.org/gmp6.2))<br>* ignition ([0.36.1](https://github.com/flatcar/ignition/releases/tag/v0.36.1))<br>* json-c ([0.15](https://github.com/json-c/json-c/wiki/Notes-for-v0.15-release))<br>* libgpg-error ([1.42](https://dev.gnupg.org/T5194))<br>* logrotate ([3.18.1](https://github.com/logrotate/logrotate/releases/tag/3.18.1))<br>* p11-kit ([0.23.22](https://github.com/p11-glue/p11-kit/releases/tag/0.23.22))<br>* popt ([1.18](https://github.com/rpm-software-management/popt/releases/tag/popt-1.18-release))<br>* rpcsvc-proto ([1.4.2](https://github.com/thkukuk/rpcsvc-proto/releases/tag/v1.4.2))<br>* SDK: crossdev ([20210621](https://gitweb.gentoo.org/proj/crossdev.git/commit/?id=b40ebcdb89f19d2fd0c563590f30d7574cfe0755))<br>* SDK: gdbm ([1.20](https://lists.gnu.org/archive/html/info-gnu/2021-06/msg00008.html))<br>* SDK: man-pages-posix ([2017a](https://www.mail-archive.com/cygwin-announce@cygwin.com/msg09598.html))<br>* SDK: miscfiles ([1.5](https://lists.gnu.org/archive/html/info-gnu/2010-11/msg00009.html))<br>* SDK: pkgconf ([1.7.4](https://git.sr.ht/~kaniini/pkgconf/tree/458101e787a47378d2fc74c64f649fd3a5f75e55/item/NEWS))<br>* SDK: swig ([4.0.2](https://sourceforge.net/p/swig/news/2020/06/swig-402-released/))<br>* SDK: u-boot-tools ([2021.04_rc2](https://source.denx.de/u-boot/u-boot/-/tags/v2021.04-rc2))<br><br>**Known Issues**<br><br>* The logrotate.service is failing, a fix ([coreos-overlay#1442](https://github.com/flatcar/coreos-overlay/pull/1442)) is merged and will be included in a follow-up release<br>Packages:<br>- docker 20.10.11<br>- ignition 0.36.1<br>- kernel 5.10.80<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2021-11-25T11:13:07+00:00 @@ -2622,7 +2646,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3046.0.0 3046.0.0 - 2023-10-25T10:20:42.799673+00:00 + 2023-11-22T09:59:32.641190+00:00 New **Alpha** release **3046.0.0**<br><br>_Changes since **Alpha 3033.0.0**_<br><br>**Security fixes**<br><br><br><br>* Linux ([CVE-2021-3760](https://nvd.nist.gov/vuln/detail/CVE-2021-3760), [CVE-2021-3772](https://nvd.nist.gov/vuln/detail/CVE-2021-3772), [CVE-2021-42327](https://nvd.nist.gov/vuln/detail/CVE-2021-42327), [CVE-2021-43056](https://nvd.nist.gov/vuln/detail/CVE-2021-43056), [CVE-2021-43267](https://nvd.nist.gov/vuln/detail/CVE-2021-43267), [CVE-2021-43389](https://nvd.nist.gov/vuln/detail/CVE-2021-43389))<br>* Go ([CVE-2021-41771](https://nvd.nist.gov/vuln/detail/CVE-2021-41771),[ CVE-2021-41772](https://nvd.nist.gov/vuln/detail/CVE-2021-41772))<br>* ncurses ([CVE-2021-39537](https://nvd.nist.gov/vuln/detail/CVE-2021-39537))<br>* SDK: rust ([CVE-2021-42574](https://nvd.nist.gov/vuln/detail/CVE-2021-42574),[ CVE-2021-42694](https://nvd.nist.gov/vuln/detail/CVE-2021-42694))<br><br>**Bug fixes**<br><br><br><br>* Use https protocol instead of git for Github URLs ([flatcar-linux/coreos-overlay#1394](https://github.com/flatcar/coreos-overlay/pull/1394))<br>* Skip tcsd.service for TPM2 devices to fix failures on c3.small.x86 instances of Equinix Metal ([Flatcar#208](https://github.com/flatcar/Flatcar/issues/208))<br><br>**Changes**<br><br><br><br>* scripts: introduce `--setuponly` flag in update_chroot ([flatcar-linux/scripts#178](https://github.com/flatcar/scripts/pull/178))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.77](https://lwn.net/Articles/874852/))<br>* Linux Firmware ([20211027](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20211027))<br>* Docker ([20.10.10](https://docs.docker.com/engine/release-notes/#20110))<br>* Go ([1.17.3](https://go.googlesource.com/go/+/refs/tags/go1.17.3))<br>* ca-certificates ([3.70.0](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_70.html#nss-3-70-release-notes))<br>* cryptsetup ([2.4.1](https://www.spinics.net/lists/dm-crypt/msg08656.html))<br>* libidn2 ([2.3.2](https://gitlab.com/libidn/libidn2/-/tags/v2.3.2))<br>* mpc ([1.2.1](https://fossies.org/linux/misc/mpc-1.2.1.tar.gz/mpc-1.2.1/NEWS))<br>* mpfr ([4.1.0](https://www.mpfr.org/mpfr-current/#changes))<br>* ncurses ([6.2_p20210619](https://lists.gnu.org/archive/html/bug-ncurses/2021-06/msg00010.html))<br>* nmap ([7.92](https://nmap.org/changelog.html#7.92))<br>* openssl ([3.0.0](https://www.openssl.org/news/cl30.txt))<br>* procps ([3.3.17](https://gitlab.com/procps-ng/procps/-/tags/v3.3.17))<br>* wget ([1.21.2](https://lists.gnu.org/archive/html/info-gnu/2021-09/msg00003.html))<br>* SDK: rust ([1.56.1](https://github.com/rust-lang/rust/blob/master/RELEASES.md#version-1561-2021-11-01))<br>* SDK: yasm ([1.3.0](https://yasm.tortall.net/releases/Release1.3.0.html))<br>Packages:<br>- docker 20.10.10<br>- ignition 0.34.0<br>- kernel 5.10.77<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2021-11-09T06:38:38+00:00 @@ -2630,7 +2654,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3033.0.0 3033.0.0 - 2023-10-25T10:20:42.793612+00:00 + 2023-11-22T09:59:32.635114+00:00 **Update to CGroupsV2**<br><br>As of Alpha version 2969.0.0, Flatcar Container Linux migrates to the unified cgroup hierarchy (aka CGroupsV2)! New nodes will utilize CGroupsV2 by default. Existing nodes remain on CGroupsV1 and need to be manually migrated to CGroupsV2. To learn more about CGroupsV2 on Flatcar Container Linux and the migration guide, please refer to[ https://flatcar-linux.org/docs/latest/container-runtimes/switching-to-unified-cgroups/](https://flatcar-linux.org/docs/latest/container-runtimes/switching-to-unified-cgroups/)<br><br><br>New **Alpha** release **3033.0.0**<br><br>_Changes since **Alpha 3005.0.0**_<br><br>**Security fixes**<br><br><br><br>* Linux ([CVE-2021-3764](https://nvd.nist.gov/vuln/detail/CVE-2021-3764), [CVE-2021-3744](https://nvd.nist.gov/vuln/detail/CVE-2021-3744), [CVE-2021-38300](https://nvd.nist.gov/vuln/detail/CVE-2021-38300), [CVE-2021-20321](https://nvd.nist.gov/vuln/detail/CVE-2021-20321), [CVE-2021-41864](https://nvd.nist.gov/vuln/detail/CVE-2021-41864))<br>* Go ([CVE-2021-29923](https://nvd.nist.gov/vuln/detail/CVE-2021-29923), [CVE-2021-39293](https://nvd.nist.gov/vuln/detail/CVE-2021-39293), [CVE-2021-38297](https://nvd.nist.gov/vuln/detail/CVE-2021-38297))<br>* bash ([CVE-2019-9924](https://nvd.nist.gov/vuln/detail/CVE-2019-9924),[ CVE-2019-18276](https://nvd.nist.gov/vuln/detail/CVE-2019-18276))<br>* containerd ([CVE-2021-41103](https://nvd.nist.gov/vuln/detail/CVE-2021-41103))<br>* curl ([CVE-2021-22945](https://nvd.nist.gov/vuln/detail/CVE-2021-22945),[ CVE-2021-22946](https://nvd.nist.gov/vuln/detail/CVE-2021-22946),[ CVE-2021-22947](https://nvd.nist.gov/vuln/detail/CVE-2021-22947))<br>* Docker ([CVE-2021-41092](https://nvd.nist.gov/vuln/detail/CVE-2021-41092), [CVE-2021-41089](https://nvd.nist.gov/vuln/detail/CVE-2021-41089),[ CVE-2021-41091](https://nvd.nist.gov/vuln/detail/CVE-2021-41091))<br>* git ([CVE-2021-40330](https://nvd.nist.gov/vuln/detail/CVE-2021-40330))<br>* gnupg ([CVE-2020-25125](https://nvd.nist.gov/vuln/detail/CVE-2020-25125))<br>* libgcrypt ([CVE-2021-40528](https://nvd.nist.gov/vuln/detail/CVE-2021-40528))<br>* polkit ([CVE-2021-3560](https://nvd.nist.gov/vuln/detail/CVE-2021-3560))<br>* util-linux ([CVE-2021-37600](https://nvd.nist.gov/vuln/detail/CVE-2021-37600))<br>* vim ([CVE-2021-3770](https://nvd.nist.gov/vuln/detail/CVE-2021-3770),[ CVE-2021-3778](https://nvd.nist.gov/vuln/detail/CVE-2021-3778),[ CVE-2021-3796](https://nvd.nist.gov/vuln/detail/CVE-2021-3796))<br>* SDK: bison ([CVE-2020-14150](https://nvd.nist.gov/vuln/detail/CVE-2020-14150),[ CVE-2020-24240](https://nvd.nist.gov/vuln/detail/CVE-2020-24240))<br>* SDK: perl ([CVE-2020-10878](https://nvd.nist.gov/vuln/detail/CVE-2020-10878))<br><br>**Bux fixes**<br><br><br><br>* The tcsd service for TPM 1 is not started on machines with TPM 2 anymore where it fails and isn’t necessary. ([flatcar-linux/coreos-overlay#1365](https://github.com/flatcar/coreos-overlay/pull/1365))<br>* arm64: the Polkit service does not crash anymore. ([flatcar-linux/Flatcar#156](https://github.com/flatcar/Flatcar/issues/156))<br>* toolbox: fixed support for multi-layered docker images ([toolbox#5](https://github.com/flatcar/toolbox/pull/5))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.75](https://lwn.net/Articles/873465/))<br>* Linux Firmware ([20210919](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20210919))<br>* Docker ([20.10.9](https://docs.docker.com/engine/release-notes/#20109))<br>* Go ([1.17.2](https://go.googlesource.com/go/+/refs/tags/go1.17.2))<br>* systemd ([249.4](https://github.com/systemd/systemd-stable/blob/v249.4/NEWS))<br>* bash ([5.1_p8](https://lists.gnu.org/archive/html/info-gnu/2020-12/msg00003.html))<br>* ca-certificates ([3.69.1](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_69_1.html#nss-3-69-1-release-notes))<br>* containerd ([1.5.7](https://github.com/containerd/containerd/releases/tag/v1.5.7))<br>* curl ([7.79.1](https://curl.se/changes.html#7_79_1))<br>* duktape ([2.6.0](https://github.com/svaarala/duktape/blob/master/doc/release-notes-v2-6.rst))<br>* git ([2.32.0](https://github.com/git/git/blob/master/Documentation/RelNotes/2.32.0.txt))<br>* gnupg ([2.2.29](https://lists.gnupg.org/pipermail/gnupg-announce/2021q3/000461.html))<br>* keyutils ([1.6.1](https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/keyutils.git/tag/?h=v1.6.1))<br>* libgcrypt ([1.9.4](https://dev.gnupg.org/T5402))<br>* libtirpc ([1.3.2](https://www.spinics.net/lists/linux-nfs/msg84129.html))<br>* lvm2 ([2.02.188](https://github.com/lvmteam/lvm2/releases/tag/v2_02_188))<br>* net-tools ([2.10](https://sourceforge.net/p/net-tools/code/ci/v2.10/tree/))<br>* open-vm-tools ([11.3.5](https://github.com/vmware/open-vm-tools/releases/tag/stable-11.3.5))<br>* polkit ([0.119](https://gitlab.freedesktop.org/polkit/polkit/-/blob/0.119/NEWS))<br>* realmd ([0.17.0](https://gitlab.freedesktop.org/realmd/realmd/-/tags/0.17.0))<br>* util-linux ([2.37.2](https://github.com/karelzak/util-linux/blob/v2.37.2/NEWS))<br>* vim ([8.2.3428](https://github.com/vim/vim/releases/tag/v8.2.3428))<br>* SDK: bison (3.7.6)<br>* SDK: bc (1.07.1)<br>* SDK: gawk (5.1.0)<br>* SDK: gnuconfig (20210107)<br>* SDK: google-cloud-sdk ([355.0.0](https://groups.google.com/g/google-cloud-sdk-announce/c/HoJuttxnzNQ))<br>* SDK: meson (0.57.2)<br>* SDK: mtools (4.0.35)<br>* SDK: perl ([5.34.0](https://perldoc.perl.org/perl5340delta))<br>* SDK: texinfo ([6.8](https://github.com/debian-tex/texinfo/releases/tag/upstream%2F6.8))<br><br>Note: Please note that ARM images remain experimental for now.<br><br>Packages:<br>- docker 20.10.9<br>- ignition 0.34.0<br>- kernel 5.10.75<br>- systemd 249<br><br>Architectures:<br>- amd64<br>- arm64<br> 2021-10-25T15:54:45+00:00 @@ -2638,7 +2662,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3005.0.1 3005.0.1 - 2023-10-25T10:20:42.785707+00:00 + 2023-11-22T09:59:32.627170+00:00 **Update to CGroupsV2**<br><br>As of Alpha version 2969.0.0, Flatcar Container Linux migrates to the unified cgroup hierarchy (aka CGroupsV2)! New nodes will utilize CGroupsV2 by default. Existing nodes remain on CGroupsV1 and need to be manually migrated to CGroupsV2. To learn more about CGroupsV2 on Flatcar Container Linux and the migration guide, please refer to [https://flatcar-linux.org/docs/latest/container-runtimes/switching-to-unified-cgroups/](https://flatcar-linux.org/docs/latest/container-runtimes/switching-to-unified-cgroups/) <br><br>New **Alpha** release **3005.0.1**<br><br>_Changes since **Alpha 3005.0.0**_<br><br>**Security fixes**<br><br>* Linux ([CVE-2021-41073](https://nvd.nist.gov/vuln/detail/CVE-2021-41073), [CVE-2020-16119](https://nvd.nist.gov/vuln/detail/CVE-2020-16119))<br><br>**Bug fixes**<br><br>* The Mellanox NIC Linux driver issue introduced in the previous release was fixed ([Flatcar#520](https://github.com/flatcar/Flatcar/issues/520))<br><br>**Updates**<br><br>* Linux ([5.10.69](https://lwn.net/Articles/870544/))<br><br>Note: Please note that ARM images remain experimental for now.<br><br>Packages:<br>- docker 20.10.8<br>- ignition 0.34.0<br>- kernel 5.10.69<br>- systemd 247<br><br>Architectures:<br>- amd64<br>- arm64<br> 2021-09-30T16:22:29+00:00 @@ -2646,7 +2670,7 @@ https://github.com/kinvolk/manifest/releases/tag/v3005.0.0 3005.0.0 - 2023-10-25T10:20:42.780612+00:00 + 2023-11-22T09:59:32.622048+00:00 **Update to CGroupsV2**<br><br>As of Alpha version 2969.0.0, Flatcar Container Linux migrates to the unified cgroup hierarchy (aka CGroupsV2)! New nodes will utilize CGroupsV2 by default. Existing nodes remain on CGroupsV1 and need to be manually migrated to CGroupsV2. To learn more about CGroupsV2 on Flatcar Container Linux and the migration guide, please refer to [https://flatcar-linux.org/docs/latest/container-runtimes/switching-to-unified-cgroups/](https://flatcar-linux.org/docs/latest/container-runtimes/switching-to-unified-cgroups/) <br><br><br>New **Alpha** release **3005.0.0**<br><br>_Changes since **Alpha 2983.0.0**_<br><br>**Security fixes**<br><br><br><br>* Linux ([CVE-2021-3753](https://nvd.nist.gov/vuln/detail/CVE-2021-3753),[ CVE-2021-3739](https://nvd.nist.gov/vuln/detail/CVE-2021-3739), [CVE-2021-40490](https://nvd.nist.gov/vuln/detail/CVE-2021-40490))<br>* Go ([CVE-2021-39293](https://nvd.nist.gov/vuln/detail/CVE-2021-39293))<br>* binutils ([CVE-2021-3530](https://nvd.nist.gov/vuln/detail/CVE-2021-3530),[ CVE-2021-3549](https://nvd.nist.gov/vuln/detail/CVE-2021-3549))<br>* glibc ([CVE-2021-38604](https://nvd.nist.gov/vuln/detail/CVE-2021-38604))<br>* nettle ([CVE-2021-20305](https://nvd.nist.gov/vuln/detail/CVE-2021-20305),[ CVE-2021-3580](https://nvd.nist.gov/vuln/detail/CVE-2021-3580))<br>* sssd ([CVE-2021-3621](https://nvd.nist.gov/vuln/detail/CVE-2021-3621))<br><br>**Bug Fixes**<br><br><br><br>* Randomize OEM filesystem UUID if mounting fails ([init#47](https://github.com/flatcar/init/pull/47))<br>* Run emergency.target on ignition/torcx service unit failure in dracut ([bootengine#28](https://github.com/flatcar/bootengine/pull/28))<br><br>**Changes**<br><br><br><br>* Added GPIO support ([coreos-overlay#1236](https://github.com/flatcar/coreos-overlay/pull/1236))<br>* Enabled SELinux in permissive mode on ARM64 ([coreos-overlay#1245](https://github.com/flatcar/coreos-overlay/pull/1245))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.67](https://lwn.net/Articles/869749/))<br>* binutils ([2.37](https://sourceware.org/pipermail/binutils/2021-July/117384.html))<br>* ebtables ([2.0.11](https://lwn.net/Articles/806179/))<br>* iptables ([1.8.7](https://lwn.net/Articles/843069/))<br>* ldb ([2.3.0](https://gitlab.com/samba-team/samba/-/tags/ldb-2.3.0))<br>* libmnl ([1.0.4](https://marc.info/?l=netfilter-devel&m=146745072727070&w=2))<br>* libnftnl ([1.2.0](https://marc.info/?l=netfilter&m=162194376520385&w=2))<br>* nettle ([3.7.3](https://lists.gnu.org/archive/html/info-gnu/2021-06/msg00002.html))<br>* nftables ([0.9.9](https://lwn.net/Articles/857369/))<br>* openssh ([8.7_p1-r1](https://www.openssh.com/txt/release-8.7))<br>* talloc ([2.3.2](https://gitlab.com/samba-team/samba/-/tags/talloc-2.3.2))<br>* xenstore ([4.14.2](https://xenproject.org/downloads/xen-project-archives/xen-project-4-14-series/xen-project-4-14-2/))<br>* Go ([1.16.8](https://go.googlesource.com/go/+/refs/tags/go1.16.8))<br>* SDK: Rust ([1.55.0](https://blog.rust-lang.org/2021/09/09/Rust-1.55.0.html))<br><br>Note: Please note that ARM images remain experimental for now.<br>Packages:<br>- docker 20.10.8<br>- ignition 0.34.0<br>- kernel 5.10.67<br>- systemd 247<br><br>Architectures:<br>- amd64<br>- arm64<br> 2021-09-27T08:30:30+00:00 @@ -2654,7 +2678,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2983.0.0 2983.0.0 - 2023-10-25T10:20:42.774262+00:00 + 2023-11-22T09:59:32.615663+00:00 New **Alpha** release **2983.0.0**<br><br>**Update to CGroupsV2**<br><br>As of Alpha version 2969.0.0, Flatcar Container Linux migrates to the unified cgroup hierarchy (aka CGroupsV2)! New nodes will utilize CGroupsV2 by default. Existing nodes remain on CGroupsV1 and need to be manually migrated to CGroupsV2. To learn more about CGroupsV2 on Flatcar Container Linux and the migration guide, please refer to [https://flatcar-linux.org/docs/latest/container-runtimes/switching-to-unified-cgroups/](https://flatcar-linux.org/docs/latest/container-runtimes/switching-to-unified-cgroups/) <br><br>_Changes since **Alpha 2969.0.0**_<br><br>**Security fixes**<br><br><br><br>* Linux ([CVE-2021-3653](https://nvd.nist.gov/vuln/detail/CVE-2021-3653), [CVE-2021-3656](https://nvd.nist.gov/vuln/detail/CVE-2021-3656), [CVE-2021-38166](https://nvd.nist.gov/vuln/detail/CVE-2021-38166)) <br>* openssl ([CVE-2021-3711](https://nvd.nist.gov/vuln/detail/CVE-2021-3711), [CVE-2021-3712](https://nvd.nist.gov/vuln/detail/CVE-2021-3712))<br>* c-ares ([CVE-2021-3672](https://nvd.nist.gov/vuln/detail/CVE-2021-3672))<br><br>**Bug Fixes**<br><br><br><br>* Re-enabled kernel config FS_ENCRYPTION ([coreos-overlay#1212](https://github.com/kinvolk/coreos-overlay/pull/1212/))<br>* Fixed Perl in dev-container ([coreos-overlay#1238](https://github.com/kinvolk/coreos-overlay/pull/1238))<br>* Fixed containerd config after introduction of CGroupsV2 ([coreos-overlay#1214](https://github.com/kinvolk/coreos-overlay/pull/1214))<br>* Fixed path for amazon-ssm-agent in base-ec2.ign ([coreos-overlay#1228](https://github.com/kinvolk/coreos-overlay/pull/1228))<br>* flatcar-install: randomized OEM filesystem UUID if mounting fails ([init#47](https://github.com/kinvolk/init/pull/47))<br>* Fixed null-pointer deref crash in Ignition when specifying the OEM filesystem without a label ([ignition#25](https://github.com/kinvolk/ignition/pull/25))<br>* Fixed locksmith adhering to reboot window when getting the etcd lock ([locksmith#10](https://github.com/kinvolk/locksmith/pull/10))<br><br>**Changes**<br><br><br><br>* Added Azure Generation 2 VM support ([coreos-overlay#1198](https://github.com/kinvolk/coreos-overlay/pull/1198))<br>* Switched Docker ecosystem packages to go1.16 ([coreos-overlay#1217](https://github.com/kinvolk/coreos-overlay/pull/1217))<br>* Added lbzip2 binary to the image ([coreos-overlay#1221](https://github.com/kinvolk/coreos-overlay/pull/1221))<br>* flatcar-install uses lbzip2 if present, falls back on bzip2 if not ([init#46](https://github.com/kinvolk/init/pull/46))<br>* Added Intel E800 series network adapter driver ([coreos-overlay#1237](https://github.com/kinvolk/coreos-overlay/pull/1237))<br>* Enabled 'audit' use flag for sys-libs/pam ([coreos-overlay#1233](https://github.com/kinvolk/coreos-overlay/pull/1233))<br>* Bumped etcd and flannel to respectively `3.5.0`, `0.14.0` to get multiarch images for arm64 support. _Note for users of the old etcd v2 support_: `ETCDCTL_API=2` must be set to use v2 store as well as `ETCD_ENABLE_V2=true` in the `etcd-member.service` - this support will be removed in `3.6.0` ([coreos-overlay#1179](https://github.com/kinvolk/coreos-overlay/pull/1179))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.61](https://lwn.net/Articles/867497/))<br>* Linux firmware ([20210818](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20210818))<br>* openssl ([1.1.1l](https://mta.openssl.org/pipermail/openssl-announce/2021-August/000206.html))<br>* c-ares ([1.17.2](https://c-ares.haxx.se/changelog.html#1_17_2))<br>* docker ([20.10.8](https://docs.docker.com/engine/release-notes/#20108))<br>* etcd ([3.5.0](https://github.com/etcd-io/etcd/releases/tag/v3.5.0))<br>* flannel ([0.14.0](https://github.com/flannel-io/flannel/releases/tag/v0.14.0))<br>* runc ([1.0.2](https://github.com/opencontainers/runc/releases/tag/v1.0.2))<br>* strace ([5.12](https://github.com/strace/strace/releases/tag/v5.12))<br>* wa-linux-agent ([2.3.1.1](https://github.com/Azure/WALinuxAgent/releases/tag/v2.3.1.1))<br><br>Note: Please note that ARM images remain experimental for now.<br><br>Packages:<br>- docker 20.10.8<br>- ignition 0.34.0<br>- kernel 5.10.61<br>- systemd 247<br><br>Architectures:<br>- amd64<br>- arm64<br> 2021-09-01T14:14:01+00:00 @@ -2662,7 +2686,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2969.0.0 2969.0.0 - 2023-10-25T10:20:42.767091+00:00 + 2023-11-22T09:59:32.608444+00:00 **Update to CGroupsV2**<br><br>Flatcar Container Linux migrates to the unified cgroup hierarchy (aka cgroups v2)! New nodes will utilize cgroups v2 by default. Existing nodes remain on cgroups v1 and need to be manually migrated to cgroups v2. To learn more about the cgroups v2 on Flatcar Container Linux and the migration guide, please refer to [https://flatcar-linux.org/docs/latest/container-runtimes/switching-to-unified-cgroups/](https://flatcar-linux.org/docs/latest/container-runtimes/switching-to-unified-cgroups/)<br><br>**Security fixes**<br><br><br><br>* Linux ([CVE-2021-34556](https://nvd.nist.gov/vuln/detail/CVE-2021-34556), [CVE-2021-35477](https://nvd.nist.gov/vuln/detail/CVE-2021-35477), [CVE-2021-38205](https://nvd.nist.gov/vuln/detail/CVE-2021-38205))<br>* dnsmasq ([CVE-2021-3448](https://nvd.nist.gov/vuln/detail/CVE-2021-3448))<br>* glibc ([CVE-2021-35942](https://nvd.nist.gov/vuln/detail/CVE-2021-35942))<br>* Go ([CVE-2021-36221](https://nvd.nist.gov/vuln/detail/CVE-2021-36221))<br>* libuv ([CVE-2021-22918](https://nvd.nist.gov/vuln/detail/CVE-2021-22918))<br>* mit-krb5 ([CVE-2021-36222](https://nvd.nist.gov/vuln/detail/CVE-2021-36222))<br>* NVIDIA Drivers ([CVE-2021-1090](https://nvd.nist.gov/vuln/detail/CVE-2021-1090), [CVE-2021-1093](https://nvd.nist.gov/vuln/detail/CVE-2021-1093), [CVE-2021-1094](https://nvd.nist.gov/vuln/detail/CVE-2021-1094), [CVE-2021-1095](https://nvd.nist.gov/vuln/detail/CVE-2021-1095))<br>* systemd ([CVE-2020-13529](https://nvd.nist.gov/vuln/detail/CVE-2020-13529), [CVE-2021-33910](https://nvd.nist.gov/vuln/detail/CVE-2021-33910))<br>* tar ([CVE-2021-20193](https://nvd.nist.gov/vuln/detail/CVE-2021-20193))<br><br>**Bug fixes**<br><br><br><br>* Fixed `pam.d` sssd LDAP auth with sudo ([coreos-overlay#1170](https://github.com/kinvolk/coreos-overlay/pull/1170))<br>* Let network-cleanup.service finish before entering rootfs ([coreos-overlay#1182](https://github.com/kinvolk/coreos-overlay/pull/1182))<br>* Fixed SELinux policy for Flannel CNI ([coreos-overlay#1181](https://github.com/kinvolk/coreos-overlay/pull/1181))<br><br>**Changes**<br><br><br><br>* cgroups v2 by default for new nodes ([coreos-overlay#931](https://github.com/kinvolk/coreos-overlay/pull/931)). <br>* Upgrade Docker to 20.10 ([coreos-overlay#931](https://github.com/kinvolk/coreos-overlay/pull/931))<br>* update_engine: add postinstall hook to stay on cgroupv1 ([update_engine#13](https://github.com/kinvolk/update_engine/pull/13))<br>* Switched to zstd compression for the initramfs ([coreos-overlay#1136](https://github.com/kinvolk/coreos-overlay/pull/1136))<br>* Embedded new subkey in flatcar-install ([coreos-overlay#1180](https://github.com/kinvolk/coreos-overlay/pull/1180))<br>* Azure: Compile OEM contents for all architectures ([coreos-overlay#1196](https://github.com/kinvolk/coreos-overlay/pull/1196))<br>* AWS: Added amazon-ssm-agent ([coreos-overlay#1162](https://github.com/kinvolk/coreos-overlay/pull/1162))<br>* SDK: enabled experimental ARM64 SDK usage ([flatcar-scripts#134](https://github.com/kinvolk/flatcar-scripts/pull/134)) ([flatcar-scripts#141](https://github.com/kinvolk/flatcar-scripts/pull/141))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.59](https://lwn.net/Articles/866302/))<br>* containerd ([1.5.5](https://github.com/containerd/containerd/releases/tag/v1.5.5))<br>* docker ([20.10.7](https://github.com/moby/moby/releases/tag/v20.10.7))<br>* docker CLI ([20.10.7](https://github.com/docker/cli/releases/tag/v20.10.7))<br>* docker proxy ([0.8.0_p20210525](https://github.com/moby/libnetwork/commit/64b7a4574d1426139437d20e81c0b6d391130ec8))<br>* glibc ([2.33-r5](https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7dfddd056de5f23bc29591d212f4051ed9d0634e))<br>* Go ([1.16.7](https://golang.org/doc/devel/release#go1.16.minor))<br>* libuv ([1.41.1](https://github.com/libuv/libuv/releases/tag/v1.41.1))<br>* mit-krb5 ([1.19.2](https://github.com/krb5/krb5/tree/krb5-1.19.2-final))<br>* NVIDIA Drivers ([470.57.02](https://docs.nvidia.com/datacenter/tesla/tesla-release-notes-470-57-02/index.html))<br>* portage-utils ([0.90](https://github.com/gentoo/portage-utils/releases/tag/v0.90))<br>* runc ([1.0.1](https://github.com/opencontainers/runc/releases/tag/v1.0.1))<br>* systemd ([247.9](https://github.com/systemd/systemd-stable/releases/tag/v247.9))<br>* tar ([1.34](https://savannah.gnu.org/forum/forum.php?forum_id=9935))<br>* tini ([0.19](https://github.com/krallin/tini/releases/tag/v0.19.0))<br>* SDK: dnsmasq ([2.85](https://thekelleys.org.uk/dnsmasq/CHANGELOG))<br>* SDK: rust ([1.54](https://github.com/rust-lang/rust/releases/tag/1.54.0))<br><br>Note: Please note that ARM images remain experimental for now.<br><br>Packages:<br>- docker 20.10.7<br>- ignition 0.34.0<br>- kernel 5.10.59<br>- systemd 247<br><br>Architectures:<br>- amd64<br>- arm64<br> 2021-08-19T13:34:56+00:00 @@ -2670,7 +2694,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2955.0.0 2955.0.0 - 2023-10-25T10:20:42.759700+00:00 + 2023-11-22T09:59:32.601065+00:00 <br>**Security fixes**<br><br>* Linux ([CVE-2021-37576](https://nvd.nist.gov/vuln/detail/CVE-2021-37576))<br>* expat ([CVE-2013-0340](https://nvd.nist.gov/vuln/detail/CVE-2013-0340))<br><br>**Bug fixes**<br><br>* Set the cilium_vxlan interface to be not managed by networkd's default setup with DHCP as it's managed by Cilium. ([init#43](https://github.com/kinvolk/init/pull/43))<br>* Disabled SELinux by default on `dockerd` wrapper script ([coreos-overlay#1149](https://github.com/kinvolk/coreos-overlay/pull/1149))<br>* Fixed the network-cleanup service race in the initramfs which resulted in a failure being reported<br>* GCE: Granted CAP_NET_ADMIN to set routes for the TCP LB when starting oem-gce.service ([coreos-overlay#1146](https://github.com/kinvolk/coreos-overlay/pull/1146))<br><br>**Changes**<br><br>* Switched the arm64 kernel to use a 4k page size instead of 64k<br>* Switched dm-verity corruption detection to issue a kernel panic (a panic results in a reboot after 1 minute, this was the case before already) instead of merely failing certain syscalls that try to use the corrupted data<br>* Support BTRFS in OEM and /usr partitions, but only used it for the OEM partition for now. Ignition configurations that refer to the OEM partition will work with any filesystem format specified, a mismatch is not resulting in a boot error. ([coreos-overlay#1106](https://github.com/kinvolk/coreos-overlay/pull/1106))<br>* Enabled zstd compression for the initramfs and for amd64 also for the kernel because we hit the vmlinuz size limit on the /boot partition<br>* Deleted the unused kernel+initramfs vmlinuz file from the /usr partition<br>* devcontainer: added support to run on arm64 by switching to an architecture-agnostic partition UUID<br>* Enabled ARM64 SDK bootstrap ([scripts#134](https://github.com/kinvolk/flatcar-scripts/pull/134))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.55](https://lwn.net/Articles/864901/))<br>* Linux Firmware ([20210716](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20210716))<br>* expat ([2.4.1](https://www.xml.com/news/2021-05-expat-240-and-241/))<br>* libarchive ([3.5.1](https://github.com/libarchive/libarchive/releases/tag/3.5.1))<br>* xz-utils ([5.2.5](https://git.tukaani.org/?p=xz.git;a=blob;f=NEWS;h=aade49443ad7ddba13bbfd9da188c99664736d80;hb=3247e95115acb95bc27f41e8cf4501db5b0b4309#l16))<br>* cryptsetup ([2.3.6](https://gitlab.com/cryptsetup/cryptsetup/-/tags/v2.3.6))<br><br>Note: Please note that ARM images remain experimental for now.<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.10.55<br>- systemd 247<br><br>Architectures:<br>- amd64<br>- arm64<br> 2021-08-04T13:21:34+00:00 @@ -2678,7 +2702,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2942.0.0 2942.0.0 - 2023-10-25T10:20:42.753452+00:00 + 2023-11-22T09:59:32.594747+00:00 **Security Fixes**<br><br><br><br>* containerd ([CVE-2021-32760](https://nvd.nist.gov/vuln/detail/CVE-2021-32760))<br>* curl (CVE-2021-22922, CVE-2021-22923, CVE-2021-22924, CVE-2021-22925, CVE-2021-22926)<br>* glibc ([CVE-2020-29562](https://nvd.nist.gov/vuln/detail/CVE-2020-29562), [CVE-2019-25013](https://nvd.nist.gov/vuln/detail/CVE-2019-25013), [CVE-2020-27618](https://nvd.nist.gov/vuln/detail/https://cve.circl.lu/cve/CVE-2020-27618), [CVE-2021-27645](https://nvd.nist.gov/vuln/detail/CVE-2021-27645), [CVE-2021-33574](https://nvd.nist.gov/vuln/detail/CVE-2021-33574))<br>* Go ([CVE-2021-34558](https://nvd.nist.gov/vuln/detail/CVE-2021-34558))<br>* libgcrypt ([CVE-2021-33560](https://nvd.nist.gov/vuln/detail/CVE-2021-33560))<br>* libpcre ([CVE-2019-20838](https://nvd.nist.gov/vuln/detail/CVE-2019-20838), [CVE-2020-14155](https://nvd.nist.gov/vuln/detail/CVE-2020-14155))<br>* Linux ([CVE-2020-26541](https://nvd.nist.gov/vuln/detail/CVE-2020-26541), [CVE-2021-35039](https://nvd.nist.gov/vuln/detail/CVE-2021-35039), [CVE-2021-22543](https://nvd.nist.gov/vuln/detail/CVE-2021-22543), CVE-2021-3609, CVE-2021-3655, [CVE-2021-33909](https://nvd.nist.gov/vuln/detail/CVE-2021-33909))<br><br>**Bug Fixes**<br><br><br><br>* Add the systemd tag in udev for Azure storage devices, to fix /boot automount ([init#41](https://github.com/kinvolk/init/pull/41))<br><br>**Changes**<br><br><br><br>* Enable telnet support for curl ([coreos-overlay#1099](https://github.com/kinvolk/coreos-overlay/pull/1099))<br>* Enable ssl USE flag for wget ([coreos-overlay#932](https://github.com/kinvolk/coreos-overlay/pull/932))<br>* Enable MDIO_BCM_UNIMAC for arm64 ([coreos-overlay#929](https://github.com/kinvolk/coreos-overlay/pull/929))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.52](https://lwn.net/Articles/863648/))<br>* containerd ([1.5.4](https://github.com/containerd/containerd/releases/tag/v1.5.4))<br>* curl ([7.78](https://curl.se/changes.html#7_78_0))<br>* dbus ([1.12.20](https://github.com/freedesktop/dbus/blob/ab88811768f750777d1a8b9d9ab12f13390bfd3a/NEWS#L1))<br>* dracut ([053](https://github.com/dracutdevs/dracut/releases/tag/053))<br>* glibc ([2.33](https://sourceware.org/pipermail/libc-alpha/2021-February/122207.html))<br>* go ([1.16.6](https://golang.org/doc/devel/release#go1.16.minor)) <br>* libev (4.33)<br>* libgcrypt ([1.9.3](https://github.com/gpg/libgcrypt/blob/cb78627203705365d24b48ec4fc4cf2fc804b277/NEWS#L1))<br>* libpcre (8.44)<br>* libverto ([0.3.1](https://github.com/latchset/libverto/releases/tag/0.3.1))<br>* pax-utils (1.3.1)<br>* readline ([8.1_p1](https://tiswww.case.edu/php/chet/readline/CHANGES))<br>* rust ([1.53.0](https://blog.rust-lang.org/2021/06/17/Rust-1.53.0.html))<br>* selinux ([3.1](https://github.com/SELinuxProject/selinux/releases/tag/20200710))<br>* selinux-refpolicy ([2.20200818](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20200818))<br>* systemd ([247.7](https://github.com/systemd/systemd-stable/releases/tag/v247.7))<br>* VMWare: open-vm-tools ([11.3.0](https://github.com/vmware/open-vm-tools/releases/tag/stable-11.3.0))<br><br>Note: Please note that ARM images remain experimental for now.<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.10.52<br>- systemd 247<br><br>Architectures:<br>- amd64<br>- arm64<br> 2021-07-28T08:20:14+00:00 @@ -2686,7 +2710,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2920.0.0 2920.0.0 - 2023-10-25T10:20:42.747222+00:00 + 2023-11-22T09:59:32.588460+00:00 **Security fixes**<br><br><br><br>* Linux ([CVE-2021-34693](https://nvd.nist.gov/vuln/detail/CVE-2021-34693), [CVE-2021-33624](https://nvd.nist.gov/vuln/detail/CVE-2021-33624))<br>* lz4 ([CVE-2021-3520](https://nvd.nist.gov/vuln/detail/CVE-2021-3520))<br>* curl ([CVE-2021-22898](https://nvd.nist.gov/vuln/detail/CVE-2021-22898),[ CVE-2021-22901](https://nvd.nist.gov/vuln/detail/CVE-2021-22901))<br>* gptfdisk ([CVE-2021-0308](https://nvd.nist.gov/vuln/detail/CVE-2021-0308))<br>* gettext ([CVE-2020-12825](https://nvd.nist.gov/vuln/detail/CVE-2020-12825))<br>* intel-microcode ([CVE-2020-24489](https://nvd.nist.gov/vuln/detail/CVE-2020-24489),[ CVE-2020-24511](https://nvd.nist.gov/vuln/detail/CVE-2020-24511),[ CVE-2020-24513](https://nvd.nist.gov/vuln/detail/CVE-2020-24513))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.46](https://lwn.net/Articles/860655/))<br>* lz4 ([1.9.3-r1](https://github.com/lz4/lz4/releases/tag/v1.9.3)) <br>* curl ([7.77.0-r1](https://curl.se/changes.html#7_77_0)) <br>* gptfdisk (1.0.7)<br>* gettext ([0.21-r1](https://lists.gnu.org/archive/html/info-gnu/2020-07/msg00009.html))<br>* intel-microcode ([20210608_p20210608](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20210608))<br>* runc ([1.0.0](https://github.com/opencontainers/runc/releases/tag/v1.0.0))<br><br>Note: Please note that ARM images remain experimental for now.<br><br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.10.46<br>- systemd 247<br><br>Architectures:<br>- amd64<br>- arm64<br> 2021-07-02T07:38:53+00:00 @@ -2694,7 +2718,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2905.0.0 2905.0.0 - 2023-10-25T10:20:42.742083+00:00 + 2023-11-22T09:59:32.583314+00:00 **Security fixes**<br><br><br><br>* Linux ([CVE-2020-26558](https://nvd.nist.gov/vuln/detail/CVE-2020-26558), [CVE-2021-0129](https://nvd.nist.gov/vuln/detail/CVE-2021-0129), [CVE-2020-24587](https://nvd.nist.gov/vuln/detail/CVE-2020-24587), [CVE-2020-24586](https://nvd.nist.gov/vuln/detail/CVE-2020-24586), [CVE-2020-24588](https://nvd.nist.gov/vuln/detail/CVE-2020-24588), [CVE-2020-26139](https://nvd.nist.gov/vuln/detail/CVE-2020-26139), [CVE-2020-26145](https://nvd.nist.gov/vuln/detail/CVE-2020-26145), [CVE-2020-26147](https://nvd.nist.gov/vuln/detail/CVE-2020-26147), [CVE-2020-26141](https://nvd.nist.gov/vuln/detail/CVE-2020-26141), [CVE-2021-3564](https://nvd.nist.gov/vuln/detail/CVE-2021-3564), [CVE-2021-28691](https://nvd.nist.gov/vuln/detail/CVE-2021-28691), [CVE-2021-3587](https://nvd.nist.gov/vuln/detail/CVE-2021-3587), [CVE-2021-3573](https://nvd.nist.gov/vuln/detail/CVE-2021-3573))<br>* binutils ([CVE-2021-20197](https://nvd.nist.gov/vuln/detail/CVE-2021-20197),[CVE-2021-3487](https://nvd.nist.gov/vuln/detail/CVE-2021-3487))<br>* Go (CVE-2021-33195,CVE-2021-33196,CVE-2021-33197,CVE-2021-33198)<br>* libxml2 ([CVE-2021-3516](https://nvd.nist.gov/vuln/detail/CVE-2021-3516),[CVE-2021-3517](https://nvd.nist.gov/vuln/detail/CVE-2021-3517),[CVE-2021-3518](https://nvd.nist.gov/vuln/detail/CVE-2021-3518),CVE-2021-3541)<br><br>**Bug fixes**<br><br><br><br>* Update-engine sent empty requests when restarted before a pending reboot ([Flatcar#388](https://github.com/kinvolk/Flatcar/issues/388))<br><br>**Changes**<br><br><br><br>* Disabled SELinux for Docker ([coreos-overlay#1055](https://github.com/kinvolk/coreos-overlay/pull/1055))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.43](https://lwn.net/Articles/859022/))<br>* Linux Firmware ([20210511](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20210511))<br>* containerd ([1.5.2](https://github.com/containerd/containerd/releases/tag/v1.5.2))<br>* libxml2 ([2.9.12](https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.9.12))<br>* runc ([1.0.0_rc95](https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc95))<br>* openssh ([8.6_p1](https://www.openssh.com/txt/release-8.6))<br>* SDK: binutils ([2.36.1](https://sourceware.org/pipermail/binutils/2021-February/115240.html))<br><br>Note: Please note that ARM images remain experimental for now.<br><br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.10.43<br>- systemd 247<br><br>Architectures:<br>- amd64<br>- arm64<br> 2021-06-17T10:29:49+00:00 @@ -2702,7 +2726,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2879.0.1 2879.0.1 - 2023-10-25T10:20:42.736385+00:00 + 2023-11-22T09:59:32.577620+00:00 **Bug fixes**<br><br>* The Linux kernel IOMMU-related crash introduced in the 5.10.37 update got fixed through the 5.10.38 update ([Flatcar#400](https://github.com/kinvolk/Flatcar/issues/400))<br><br>**Updates**<br><br>* Linux ([5.10.38](https://lwn.net/Articles/856654/))<br><br>Note: Please note that ARM images remain experimental for now.<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.10.38<br>- systemd 247<br><br>Architectures:<br>- amd64<br>- arm64<br> 2021-05-21T12:08:01+00:00 @@ -2710,7 +2734,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2879.0.0 2879.0.0 - 2023-10-25T10:20:42.731941+00:00 + 2023-11-22T09:59:32.573091+00:00 **Security fixes**<br><br>* Linux ([CVE-2021-3491](https://nvd.nist.gov/vuln/detail/CVE-2021-3491), [CVE-2021-31440](https://nvd.nist.gov/vuln/detail/CVE-2021-31440), [CVE-2021-31829](https://nvd.nist.gov/vuln/detail/CVE-2021-31829))<br>* dbus ([CVE-2020-35512](https://nvd.nist.gov/vuln/detail/CVE-2020-35512))<br>* Go ([CVE-2021-31525](https://nvd.nist.gov/vuln/detail/CVE-2021-31525))<br>* nvidia-drivers ([CVE-2021-1052](https://nvd.nist.gov/vuln/detail/CVE-2021-1052), [CVE-2021-1053](https://nvd.nist.gov/vuln/detail/CVE-2021-1053), [CVE-2021-1056](https://nvd.nist.gov/vuln/detail/CVE-2021-1056), [CVE-2021-1076](https://nvd.nist.gov/vuln/detail/CVE-2021-1076), [CVE-2021-1077](https://nvd.nist.gov/vuln/detail/CVE-2021-1077))<br>* runc ([CVE-2021-30465](https://nvd.nist.gov/vuln/detail/CVE-2021-30465))<br>* Rust ([CVE-2020-36323](https://nvd.nist.gov/vuln/detail/CVE-2020-36323), [CVE-2021-28876](https://nvd.nist.gov/vuln/detail/CVE-2021-28876), [CVE-2021-28877](https://nvd.nist.gov/vuln/detail/CVE-2021-28877), [CVE-2021-28878](https://nvd.nist.gov/vuln/detail/CVE-2021-28878), [CVE-2021-28879](https://nvd.nist.gov/vuln/detail/CVE-2021-28879), [CVE-2021-31162](https://nvd.nist.gov/vuln/detail/CVE-2021-31162))<br><br>**Bug fixes**<br><br>* systemd-networkd: Do not manage loopback network interface ([bootengine#24](https://github.com/kinvolk/bootengine/pull/24) [init#40](https://github.com/kinvolk/init/pull/40))<br>* flatcar-install: Detect device mapper (e.g., LVM/LUKS) usage when searching for free drives with the -s flag ([Flatcar#332](https://github.com/kinvolk/Flatcar/issues/332))<br><br>**Changes**<br><br>* flatcar-install: Add -D flag to only download the image file ([Flatcar#248](https://github.com/kinvolk/Flatcar/issues/248))<br>* SDK: Drop jobs parameter in flatcar-scripts ([flatcar-scripts#121](https://github.com/kinvolk/flatcar-scripts/pull/121))<br><br>**Updates**<br><br>* Linux ([5.10.37](https://lwn.net/Articles/856269/))<br>* dbus ([1.10.32](https://lists.freedesktop.org/archives/ftp-release/2020-July/000759.html))<br>* nvidia-drivers ([460.73.01](https://www.nvidia.com/Download/driverResults.aspx/172376/en-us))<br>* SDK: cmake ([3.18.5](https://github.com/Kitware/CMake/releases/tag/v3.18.5))<br>* SDK: Go ([1.16.4](https://go.googlesource.com/go/+/refs/tags/go1.16.4))<br>* SDK: Rust ([1.52.1](https://blog.rust-lang.org/2021/05/10/Rust-1.52.1.html))<br><br>Note: Please note that ARM images remain experimental for now.<br><br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.10.37<br>- systemd 247<br><br>Architectures:<br>- amd64<br>- arm64<br> 2021-05-19T11:40:56+00:00 @@ -2718,7 +2742,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2857.0.0 2857.0.0 - 2023-10-25T10:20:42.726063+00:00 + 2023-11-22T09:59:32.567262+00:00 **Security fixes**<br><br><br><br>* Linux ([CVE-2021-28964](https://nvd.nist.gov/vuln/detail/CVE-2021-28964), [CVE-2021-28972](https://nvd.nist.gov/vuln/detail/CVE-2021-28972), [CVE-2021-28971](https://nvd.nist.gov/vuln/detail/CVE-2021-28971), [CVE-2021-28951](https://nvd.nist.gov/vuln/detail/CVE-2021-28951), [CVE-2021-28952](https://nvd.nist.gov/vuln/detail/CVE-2021-28952), [CVE-2021-29266](https://nvd.nist.gov/vuln/detail/CVE-2021-29266), [CVE-2021-28688](https://nvd.nist.gov/vuln/detail/CVE-2021-28688), [CVE-2021-29264](https://nvd.nist.gov/vuln/detail/CVE-2021-29264), [CVE-2021-29649](https://nvd.nist.gov/vuln/detail/CVE-2021-29649), [CVE-2021-29650](https://nvd.nist.gov/vuln/detail/CVE-2021-29650), [CVE-2021-29646](https://nvd.nist.gov/vuln/detail/CVE-2021-29646), [CVE-2021-29647](https://nvd.nist.gov/vuln/detail/CVE-2021-29647), [CVE-2021-29154](https://nvd.nist.gov/vuln/detail/CVE-2021-29154), [CVE-2021-29155](https://nvd.nist.gov/vuln/detail/CVE-2021-29155), [CVE-2021-23133](https://nvd.nist.gov/vuln/detail/CVE-2021-23133))<br>* dnsmasq ([CVE-2020-25681](https://nvd.nist.gov/vuln/detail/CVE-2020-25681), [CVE-2020-25682](https://nvd.nist.gov/vuln/detail/CVE-2020-25682), [CVE-2020-25683](https://nvd.nist.gov/vuln/detail/CVE-2020-25683), [CVE-2020-25684](https://nvd.nist.gov/vuln/detail/CVE-2020-25683), [CVE-2020-25685](https://nvd.nist.gov/vuln/detail/CVE-2020-25685), [CVE-2020-25686](https://nvd.nist.gov/vuln/detail/CVE-2020-25686), [CVE-2020-25687](https://nvd.nist.gov/vuln/detail/CVE-2020-25687))<br>* git ([CVE-2021-21300](https://nvd.nist.gov/vuln/detail/CVE-2021-21300))<br>* gnutls ([CVE-2021-20231](https://nvd.nist.gov/vuln/detail/CVE-2021-20231),[ CVE-2021-20232](https://nvd.nist.gov/vuln/detail/CVE-2021-20232))<br>* sqlite ([CVE-2021-20227](https://nvd.nist.gov/vuln/detail/CVE-2021-20227))<br>* qemu ([CVE-2020-10717](https://nvd.nist.gov/vuln/detail/CVE-2020-10717),[ CVE-2020-13754](https://nvd.nist.gov/vuln/detail/CVE-2020-13754),[ CVE-2020-15859](https://nvd.nist.gov/vuln/detail/CVE-2020-15859),[ CVE-2020-15863](https://nvd.nist.gov/vuln/detail/CVE-2020-15863),[ CVE-2020-16092](https://nvd.nist.gov/vuln/detail/CVE-2020-16092),[ CVE-2020-25741](https://nvd.nist.gov/vuln/detail/CVE-2020-25741),[ CVE-2020-25742](https://nvd.nist.gov/vuln/detail/CVE-2020-25742),[ CVE-2020-25743](https://nvd.nist.gov/vuln/detail/CVE-2020-25743))<br>* curl ([CVE-2021-22876](https://nvd.nist.gov/vuln/detail/CVE-2021-22876),[ CVE-2021-22890](https://nvd.nist.gov/vuln/detail/CVE-2021-22890))<br>* libxml2 ([CVE-2020-24977](https://nvd.nist.gov/vuln/detail/CVE-2020-24977))<br>* openldap ([CVE-2021-27212](https://nvd.nist.gov/vuln/detail/CVE-2021-27212))<br><br>**Bug fixes**<br><br><br><br>* Fix the patch to update DefaultTasksMax in systemd ([coreos-overlay#971](https://github.com/kinvolk/coreos-overlay/pull/971))<br><br>**Changes**<br><br><br><br>* Make the hostname setting units optional. Having the hostname units as required by the initrd.target meant that if the unit failed the machine wouldn't start, disrupting the whole boot. ([bootengine#23](https://github.com/kinvolk/bootengine/pull/23))<br>* Enable using iSCSI netroot devices on Flatcar ([bootengine#22](https://github.com/kinvolk/bootengine/pull/22))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.32](https://lwn.net/Articles/853762/))<br>* systemd ([247.6](https://github.com/systemd/systemd-stable/releases/tag/v247.6))<br>* openldap ([2.4.58](https://www.openldap.org/software/release/announce.html))<br>* curl ([7.76.1](https://curl.se/changes.html#7_76_1))<br>* gnutls ([3.7.1](https://gitlab.com/gnutls/gnutls/-/tags/3.7.1))<br>* git ([2.26.3](https://raw.githubusercontent.com/git/git/v2.26.3/Documentation/RelNotes/2.26.3.txt))<br>* libxml2 ([2.9.10](https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.9.10))<br>* sqlite ([3.34.1](https://www.sqlite.org/releaselog/3_34_1.html))<br>* dnsmasq ([2.83](https://thekelleys.org.uk/dnsmasq/CHANGELOG))<br>* go ([1.16.2](https://go.googlesource.com/go/+/refs/tags/go1.6.2))<br>* SDK: QEMU ([5.2.0](https://wiki.qemu.org/ChangeLog/5.2))<br>* SDK: Rust ([1.51.0](https://blog.rust-lang.org/2021/03/25/Rust-1.51.0.html))<br><br>**Deprecation**<br><br><br><br>* rkt and kubelet-wrapper are deprecated and removed from Alpha, also from subsequent channels in the future. Please read the [removal announcement](https://groups.google.com/g/flatcar-linux-user/c/MeinndLqJO4) to know more.<br><br>[Alpha only] Note: Please note that ARM images remain experimental for now.<br><br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.10.32<br>- systemd 247<br><br>Architectures:<br>- amd64<br>- arm64<br> 2021-04-28T13:32:01+00:00 @@ -2726,7 +2750,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2823.0.0 2823.0.0 - 2023-10-25T10:20:42.718928+00:00 + 2023-11-22T09:59:32.560091+00:00 **Security fixes**<br><br><br><br>* Linux ([CVE-2021-27365](https://nvd.nist.gov/vuln/detail/CVE-2021-27365), [CVE-2021-27364](https://nvd.nist.gov/vuln/detail/CVE-2021-27364), [CVE-2021-27363](https://nvd.nist.gov/vuln/detail/CVE-2021-27363), [CVE-2021-28038](https://nvd.nist.gov/vuln/detail/CVE-2021-28038), [CVE-2021-28039](https://nvd.nist.gov/vuln/detail/CVE-2021-28039), [CVE-2021-28375](https://nvd.nist.gov/vuln/detail/CVE-2021-28375), [CVE-2021-28660](https://nvd.nist.gov/vuln/detail/CVE-2021-28660), [CVE-2021-27218](https://nvd.nist.gov/vuln/detail/CVE-2021-27218), [CVE-2021-27219](https://nvd.nist.gov/vuln/detail/CVE-2021-27219))<br>* Go ([CVE-2021-27918](https://nvd.nist.gov/vuln/detail/CVE-2021-27918),[ CVE-2021-27919](https://nvd.nist.gov/vuln/detail/CVE-2021-27919)) <br>* boost ([CVE-2012-2677](https://nvd.nist.gov/vuln/detail/CVE-2012-2677))<br>* glib ([CVE-2021-28153](https://nvd.nist.gov/vuln/detail/CVE-2021-28153),[ CVE-2021-27218](https://nvd.nist.gov/vuln/detail/CVE-2021-27218),[ CVE-2021-27219](https://nvd.nist.gov/vuln/detail/CVE-2021-27219)) <br>* ncurses ([CVE-2019-17594](https://nvd.nist.gov/vuln/detail/CVE-2019-17594),[ CVE-2019-17595](https://nvd.nist.gov/vuln/detail/CVE-2019-17595))<br>* openssl ([CVE-2021-3449](https://nvd.nist.gov/vuln/detail/CVE-2021-3449),[ CVE-2021-3450](https://nvd.nist.gov/vuln/detail/CVE-2021-3450))<br>* zstd ([CVE-2021-24032](https://nvd.nist.gov/vuln/detail/CVE-2021-24032))<br><br>**Bug Fixes**<br><br><br><br>* GCE: The old interface name ens4v1 which was replaced by eth0 due to a broken udev rule was restored, but now as alternative interface name, and eth0 will stay the primary name for consistency across cloud environments. ([init#38](https://github.com/kinvolk/init/pull/38))<br><br>**Changes**<br><br><br><br>* The virtio network interfaces got predictable interface names as alternative interface names, and thus these names can also be used to match for a specific interface in case there is more than one and the eth0 and eth1 name assignment is not stable. ([init#38](https://github.com/kinvolk/init/pull/38))<br>* The pam_faillock PAM module was enabled as replacement for the removed pam_tally2 module and will temporarily lock an account if there were login attempts with a wrong password. The faillock command can be used to show the current state. With pam_tally2 there was no limit for wrong password login attempts but with faillock the default is already restricting the attempts. The default behavior was relaxed to allow 5 wrong passwords per two minutes, and a one minute account lock time. This does not apply to logins with an SSH key. ([baselayout#17](https://github.com/kinvolk/baselayout/pull/17))<br>* The etcd and flannel services are now run with Docker and any rkt-based customizations of the etcd-member and flanneld services not supported anymore. Also, because the flanneld service relies on Docker and will restart Docker after applying the new configuration, it is not possible anymore to set Requires=flanneld.service for docker.service and instead it’s enough to have flanneld.service enabled. ([coreos-overlay#857](https://github.com/kinvolk/coreos-overlay/pull/857))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.25](https://lwn.net/Articles/849951/))<br>* Linux firmware ([20210315](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20210315))<br>* Go ([1.15.10](https://go.googlesource.com/go/+/refs/tags/go1.15.10))<br>* boost ([1.75.0](https://www.boost.org/users/history/version_1_75_0.html))<br>* glib ([2.66.8](https://gitlab.gnome.org/GNOME/glib/-/releases/2.66.8))<br>* ncurses ([6.2](https://invisible-island.net/ncurses/announce-6.2.html))<br>* openssl ([1.1.1k](https://mta.openssl.org/pipermail/openssl-announce/2021-March/000197.html))<br>* open-iscsi ([2.1.4](https://github.com/open-iscsi/open-iscsi/releases/tag/2.1.4))<br>* zstd ([1.4.9](https://github.com/facebook/zstd/releases/tag/v1.4.9))<br><br>Note: Please note that ARM images remain experimental for now.<br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.10.25<br>- systemd 247<br><br>Architectures:<br>- amd64<br>- arm64<br> 2021-03-25T15:36:49+00:00 @@ -2734,7 +2758,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2801.0.1 2801.0.1 - 2023-10-25T10:20:42.711641+00:00 + 2023-11-22T09:59:32.552819+00:00 **Security fixes**<br><br>* Linux - ([CVE-2020-25639](https://nvd.nist.gov/vuln/detail/CVE-2020-25639), [CVE-2021-27365](https://nvd.nist.gov/vuln/detail/CVE-2021-27365), [CVE-2021-27364](https://nvd.nist.gov/vuln/detail/CVE-2021-27364), [CVE-2021-27363](https://nvd.nist.gov/vuln/detail/CVE-2021-27363), [CVE-2021-28038](https://nvd.nist.gov/vuln/detail/CVE-2021-28038), [CVE-2021-28039](https://nvd.nist.gov/vuln/detail/CVE-2021-28039))<br>* containerd ([GHSA-6g2q-w5j3-fwh4](https://github.com/containerd/containerd/security/advisories/GHSA-6g2q-w5j3-fwh4))<br><br>**Bug fixes**<br><br>* Include firmware files for all modules shipped in our image ([Issue #359](https://github.com/kinvolk/Flatcar/issues/359), [PR #887](https://github.com/kinvolk/coreos-overlay/pull/887))<br>* Add explicit path to the binary call in the coreos-metadata unit file ([Issue #360](https://github.com/kinvolk/Flatcar/issues/360))<br><br>**Updates**<br><br>* Linux ([5.10.21](https://lwn.net/Articles/848617/))<br>* Containerd ([1.4.4](https://github.com/containerd/containerd/releases/tag/v1.4.4))<br><br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.10.21<br>- systemd 247<br><br>Architectures:<br>- amd64<br>- arm64<br> 2021-03-11T09:20:29+00:00 @@ -2742,7 +2766,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2801.0.0 2801.0.0 - 2023-10-25T10:20:42.706702+00:00 + 2023-11-22T09:59:32.547877+00:00 **Security fixes**<br><br><br><br>* Linux ([CVE-2021-26931](https://nvd.nist.gov/vuln/detail/CVE-2021-26931), [CVE-2021-26930](https://nvd.nist.gov/vuln/detail/CVE-2021-26930), [CVE-2021-26932](https://nvd.nist.gov/vuln/detail/CVE-2021-26932))<br>* openssl ([CVE-2021-23840](https://nvd.nist.gov/vuln/detail/CVE-2021-23840),[ CVE-2021-23841](https://nvd.nist.gov/vuln/detail/CVE-2021-23841), [CVE-2020-1971](https://nvd.nist.gov/vuln/detail/CVE-2020-1971),[ CVE-2021-23840](https://nvd.nist.gov/vuln/detail/CVE-2021-23840),[ CVE-2021-23841](https://nvd.nist.gov/vuln/detail/CVE-2021-23841))<br>* intel-microcode ([CVE-2020-8696](https://nvd.nist.gov/vuln/detail/CVE-2020-8696),[ CVE-2020-8698](https://nvd.nist.gov/vuln/detail/CVE-2020-8698))<br><br>**Changes**<br><br><br><br>* sshd: use secure crypto algos only ([kinvolk/coreos-overlay#852](https://github.com/kinvolk/coreos-overlay/pull/852))<br>* samba: Update to EAPI=7, add new USE flags and remove deps on icu ([kinvolk/coreos-overlay#864](https://github.com/kinvolk/coreos-overlay/pull/864))<br>* kernel: enable kernel config CONFIG_BPF_LSM ([kinvolk/coreos-overlay#846](https://github.com/kinvolk/coreos-overlay/pull/846))<br>* bootengine: set hostname for EC2 and OpenStack from metadata ([kinvolk/coreos-overlay#848](https://github.com/kinvolk/coreos-overlay/pull/848))<br><br><br>**Updates**<br><br><br><br>* Linux ([5.10.19](https://lwn.net/Articles/847589/))<br>* systemd ([247.3](https://raw.githubusercontent.com/systemd/systemd-stable/v247.3/NEWS))<br>* intel-microcode ([20210216](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20210216))<br>* multipath-tools ([0.8.5](https://github.com/opensvc/multipath-tools/releases/tag/0.8.5))<br>* openssl ([1.1.1j](https://www.openssl.org/news/openssl-1.1.1-notes.html))<br>* runc ([1.0.0_rc93](https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc93))<br>* SDK: Rust ([1.50.0](https://blog.rust-lang.org/2021/02/11/Rust-1.50.0.html))<br><br>**Deprecation**<br><br><br><br>* dhcpcd and containerd-stress will be deprecated from Alpha, also from other channels in the future ([kinvolk/coreos-overlay#858](https://github.com/kinvolk/coreos-overlay/pull/858))<br><br>Note: Please note that ARM images remain experimental for now.<br><br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.10.19<br>- systemd 247<br><br>Architectures:<br>- amd64<br>- arm64<br> 2021-03-03T14:57:57+00:00 @@ -2750,7 +2774,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2783.0.0 2783.0.0 - 2023-10-25T10:20:42.700978+00:00 + 2023-11-22T09:59:32.542094+00:00 **Security fixes**<br><br><br><br>* Linux ([CVE-2021-3347](https://nvd.nist.gov/vuln/detail/CVE-2021-3347), [CVE-2021-3348](https://nvd.nist.gov/vuln/detail/CVE-2021-3348), [CVE-2021-26708](https://nvd.nist.gov/vuln/detail/CVE-2021-26708), [CVE-2021-20194](https://nvd.nist.gov/vuln/detail/CVE-2021-20194))<br>* Docker ([CVE-2021-21285](https://nvd.nist.gov/vuln/detail/CVE-2021-21285), [CVE-2021-21284](https://nvd.nist.gov/vuln/detail/CVE-2021-21284))<br>* samba ([CVE-2020-14318](https://nvd.nist.gov/vuln/detail/CVE-2020-14318), [CVE-2020-14323](https://nvd.nist.gov/vuln/detail/CVE-2020-14323), [CVE-2020-14383](https://nvd.nist.gov/vuln/detail/CVE-2020-14383))<br>* openldap ([CVE-2020-36221](https://nvd.nist.gov/vuln/detail/CVE-2020-36221),[ CVE-2020-36222](https://nvd.nist.gov/vuln/detail/CVE-2020-36222),[ CVE-2020-36223](https://nvd.nist.gov/vuln/detail/CVE-2020-36223),[ CVE-2020-36224](https://nvd.nist.gov/vuln/detail/-2020-36224),[ CVE-2020-36225](https://nvd.nist.gov/vuln/detail/CVE-2020-36225),[ CVE-2020-36226](https://nvd.nist.gov/vuln/detail/CVE-2020-36226),[ CVE-2020-36227](https://nvd.nist.gov/vuln/detail/CVE-2020-36227),[ CVE-2020-36228](https://nvd.nist.gov/vuln/detail/CVE-2020-36228),[ CVE-2020-36229](https://nvd.nist.gov/vuln/detail/CVE-2020-36229),[ CVE-2020-36230](https://nvd.nist.gov/vuln/detail/CVE-2020-36230))<br>* c-ares ([CVE-2020-8277](https://nvd.nist.gov/vuln/detail/CVE-2020-8277))<br>* coreutils ([CVE-2017-7476](https://nvd.nist.gov/vuln/detail/CVE-2017-7476))<br>* intel-microcode ([CVE-2020-8698](https://nvd.nist.gov/vuln/detail/CVE-2020-8698), [CVE-2020-8694](https://nvd.nist.gov/vuln/detail/CVE-2020-8694), [CVE-2020-8695](https://nvd.nist.gov/vuln/detail/CVE-2020-8695), [CVE-2020-8696](https://nvd.nist.gov/vuln/detail/CVE-2020-8696))<br><br>**Bug fixes**<br><br><br><br>* profile: filter out bullet point when parsing failed units ([baselayout#16](https://github.com/kinvolk/baselayout/pull/16))<br>* app-crypt/trousers: use correct file permissions ([coreos-overlay#809](https://github.com/kinvolk/coreos-overlay/pull/809))<br>* sys-apps/systemd: Fix unit installation ([coreos-overlay#810](https://github.com/kinvolk/coreos-overlay/pull/810))<br>* passwd: use correct GID for tss([baselayout#15](https://github.com/kinvolk/baselayout/pull/15))<br>* flatcar-eks: add missing mkdir and update to latest versions([coreos-overlay#817](https://github.com/kinvolk/coreos-overlay/pull/817))<br>* coreos-base/gmerge: Stop installing gmerge script ([coreos-overlay#828](https://github.com/kinvolk/coreos-overlay/pull/828))<br>* Update sys-apps/coreutils and make sure they have split-usr disabled for generic images ([coreos-overlay#829](https://github.com/kinvolk/coreos-overlay/pull/829))<br><br>**Changes**<br><br><br><br>* dev-lang/go: delete go 1.6 ([coreos-overlay#827](https://github.com/kinvolk/coreos-overlay/pull/827))<br>* sys-block/open-iscsi: Command substitution in iscsi-init system service ([coreos-overlay#801](https://github.com/kinvolk/coreos-overlay/pull/801))<br>* scripts/motdgen: Add OEM information to motd output ([init#34](https://github.com/kinvolk/init/pull/34))<br>* torcx: delete Docker 1.12 ([coreos-overlay#826](https://github.com/kinvolk/coreos-overlay/pull/826))<br>* portage update: update portage and related packages to newer versions ([coreos-overlay#840](https://github.com/kinvolk/coreos-overlay/pull/840))<br>* bin/flatcar-install: add parameters to make wget more resilient ([init#35](https://github.com/kinvolk/init/pull/35))<br><br>**Updates**<br><br><br><br>* Linux ([5.10.16](https://lwn.net/Articles/846116/))<br>* Docker ([19.03.15](https://docs.docker.com/engine/release-notes/19.03/#190315))<br>* go ([1.15.8](https://go.googlesource.com/go/+/refs/tags/go1.15.8))<br>* c-ares ([1.17.1](https://c-ares.haxx.se/changelog.html#1_17_1))<br>* cri-tools ([1.19.0](https://github.com/kubernetes-sigs/cri-tools/releases/tag/v1.19.0))<br>* samba ([4.12.9](https://www.samba.org/samba/history/samba-4.12.9.html))<br>* openldap ([2.4.57](https://www.openldap.org/software/release/announce.html))<br>* coreutils ([8.32](https://git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?h=v8.32))<br>* intel-microcode ([20201112](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20201112))<br><br>**Deprecation**<br><br><br><br>* Docker 1.12 will be deprecated from Alpha, also from other channels in the future.<br><br>Note: Please note that ARM images remain experimental for now.<br><br>Packages:<br>- docker 19.03.15<br>- ignition 0.34.0<br>- kernel 5.10.16<br>- systemd 247<br><br>Architectures:<br>- amd64<br>- arm64<br> 2021-02-18T12:43:43+00:00 @@ -2758,7 +2782,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2765.0.0 2765.0.0 - 2023-10-25T10:20:42.693746+00:00 + 2023-11-22T09:59:32.534870+00:00 **Security fixes**<br><br>* Linux - [CVE-2020-28374](https://nvd.nist.gov/vuln/detail/CVE-2020-28374), [CVE-2020-36158](https://nvd.nist.gov/vuln/detail/CVE-2020-36158)<br>* go - [CVE-2021-3114](https://github.com/golang/go/issues/43786)<br>* bsdiff - [CVE-2020-14315](https://nvd.nist.gov/vuln/detail/CVE-2020-14315)<br>* curl - [CVE-2020-8169](https://nvd.nist.gov/vuln/detail/CVE-2020-8169), [CVE-2020-8231](https://nvd.nist.gov/vuln/detail/CVE-2020-8231),[ CVE-2020-8284](https://curl.se/docs/CVE-2020-8285.html), [CVE-2020-8285](https://nvd.nist.gov/vuln/detail/CVE-2020-8285),[ CVE-2020-8286](https://nvd.nist.gov/vuln/detail/CVE-2020-8286)<br>* dhcpcd - [CVE-2019-11577](https://nvd.nist.gov/vuln/detail/CVE-2019-11577), [CVE-2019-11766](https://nvd.nist.gov/vuln/detail/CVE-2019-11766)<br>* mit-krb5 - [CVE-2020-28196](https://nvd.nist.gov/vuln/detail/CVE-2020-28196)<br>* sudo - [CVE-2021-3156](https://nvd.nist.gov/vuln/detail/CVE-2021-3156), [CVE-2021-23239](https://nvd.nist.gov/vuln/detail/CVE-2021-23239)<br><br>**Bug fixes**<br><br>* `/etc/iscsi/initiatorname.iscsi` is generated by the iscsi-init service ([#321](https://github.com/kinvolk/Flatcar/issues/321))<br>* Prevent iscsiadm buffer overflow ([#318](https://github.com/kinvolk/Flatcar/issues/318))<br><br>**Changes**<br><br>* Revert to building docker and containerd with go1.13 instead of go1.15. This reduces the SIGURG log spam ([Issue #315](https://github.com/kinvolk/Flatcar/issues/315) [PR #774](https://github.com/kinvolk/coreos-overlay/pull/774))<br>* The containerd socket is now available in the default location (`/run/containerd/containerd.sock`) and also as a symlink in the previous location (`/run/docker/libcontainerd/docker-containerd.sock`) ([#771](https://github.com/kinvolk/coreos-overlay/pull/771))<br>* AWS Pro: include scripts to facilitate setup of EKS workers ([#794](https://github.com/kinvolk/coreos-overlay/pull/794)).<br>* Missed from earlier notes: with the previous open-iscsi update to 2.1.2, the service unit name changed from iscsid to iscsi ([#682](https://github.com/kinvolk/coreos-overlay/pull/682))<br><br>**Updates**<br><br>* linux ([5.10.10](https://lwn.net/Articles/843686/))<br>* systemd ([247.2](https://raw.githubusercontent.com/systemd/systemd-stable/v247.2/NEWS))<br>* curl ([7.74.0](https://curl.se/changes.html#7_74_0))<br>* dhcpcd ([8.1.9](https://roy.marples.name/cgit/dhcpcd.git/tag/?h=dhcpcd-8.1.9))<br>* open-iscsi ([2.1.3](https://github.com/open-iscsi/open-iscsi/releases/tag/2.1.3))<br>* go ([1.15.7](https://go.googlesource.com/go/+/refs/tags/go1.15.7))<br>* mit-krb5 ([1.18.2-r2](https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7c6a41be59b79c996b2e0493399c035e35f8fed9))<br>* open-vm-tools ([11.2.5](https://github.com/vmware/open-vm-tools/releases/tag/stable-11.2.5))<br>* rust ([1.49.0](https://blog.rust-lang.org/2020/12/31/Rust-1.49.0.html))<br>* sudo ([1.9.5p2](https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_5p2))<br><br>**Note**: This alpha release includes only AMD64 images.<br><br>Packages:<br>- docker 19.03.14<br>- ignition 0.34.0<br>- kernel 5.10.10<br>- systemd 247<br><br>Architectures:<br>- amd64<br> 2021-01-28T11:00:29+00:00 @@ -2766,7 +2790,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2748.0.0 2748.0.0 - 2023-10-25T10:20:42.687493+00:00 + 2023-11-22T09:59:32.528513+00:00 **Security fixes**<br><br> * Linux<br> - [CVE-2020-27815](https://www.openwall.com/lists/oss-security/2020/11/30/5)<br> - [CVE-2020-27830](https://www.openwall.com/lists/oss-security/2020/12/07/1)<br> - [CVE-2020-27835](https://nvd.nist.gov/vuln/detail/CVE-2020-27835)<br> - [CVE-2020-28588](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4f134b89a24b965991e7c345b9a4591821f7c2a6)<br> - [CVE-2020-29568](https://nvd.nist.gov/vuln/detail/CVE-2020-29568)<br> - [CVE-2020-29569](https://nvd.nist.gov/vuln/detail/CVE-2020-29569)<br> - [CVE-2020-29660](https://nvd.nist.gov/vuln/detail/CVE-2020-29660)<br> - [CVE-2020-29661](https://nvd.nist.gov/vuln/detail/CVE-2020-29661)<br><br>**Bug fixes**<br><br>* afterburn (coreos-metadata): Restart on failure and keep coreos-metadata unit active ([kinvolk/coreos-overlay#768](https://github.com/kinvolk/coreos-overlay/pull/768))<br>* networkd: avoid managing MAC addresses for veth devices ([kinvolk/init#33](https://github.com/kinvolk/init/pull/33))<br><br>**Changes**<br><br>* Updated nsswitch.conf to use systemd-resolved ([kinvolk/baselayout#10](https://github.com/kinvolk/baselayout/pull/10))<br>* Enabled systemd-resolved stub listeners ([kinvolk/baselayout#11](https://github.com/kinvolk/baselayout/pull/11))<br>* systemd-resolved: Disabled DNSSEC for the mean time ([kinvolk/baselayout#14](https://github.com/kinvolk/baselayout/pull/14))<br>* kernel: enabled CONFIG_DEBUG_INFO_BTF ([kinvolk/coreos-overlay#753](https://github.com/kinvolk/coreos-overlay/pull/753))<br>* containerd: Switched to default upstream socket location while keeping a symlink for the previous location in Flatcar ([kinvolk/coreos-overlay#771](https://github.com/kinvolk/coreos-overlay/pull/771))<br>* containerd: Disabled shim debug logs ([kinvolk/coreos-overlay#766](https://github.com/kinvolk/coreos-overlay/pull/766))<br><br>**Updates**<br><br>* Linux ([5.10.4](https://lwn.net/Articles/841473/))<br>* Linux firmware ([20201218](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20201218))<br>* SDK: Rust ([1.48.0](https://github.com/rust-lang/rust/blob/master/RELEASES.md#version-1480-2020-11-19))<br><br>Note: Please note that ARM images remain experimental for now.<br>Packages:<br>- docker 19.03.14<br>- ignition 0.34.0<br>- kernel 5.10.4<br>- systemd 246<br><br>Architectures:<br>- amd64<br>- arm64<br> 2021-01-12T17:02:16+00:00 @@ -2774,7 +2798,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2723.0.0 2723.0.0 - 2023-10-25T10:20:42.681680+00:00 + 2023-11-22T09:59:32.522636+00:00 Security fixes<br><br>* bsdiff<br> * [CVE-2014-9862](https://nvd.nist.gov/vuln/detail/CVE-2014-9862)<br>* containerd<br> * [CVE-2020-15257](https://nvd.nist.gov/vuln/detail/CVE-2020-15257)<br>* pam<br> * [CVE-2020-27780](https://nvd.nist.gov/vuln/detail/CVE-2020-27780)<br>* Linux<br> * [CVE-2020-29661](https://nvd.nist.gov/vuln/detail/CVE-2020-29661)<br> * [CVE-2020-29660](https://nvd.nist.gov/vuln/detail/CVE-2020-29660)<br> * [CVE-2020-27830](https://nvd.nist.gov/vuln/detail/CVE-2020-27830)<br> * [CVE-2020-28588](https://nvd.nist.gov/vuln/detail/CVE-2020-28588) (only affects 32-bit systems, Flatcar Container Linux is not affected)<br> * [CVE-2020-27835](https://nvd.nist.gov/vuln/detail/CVE-2020-27835) (only affects systems with Infiniband HF1 driver, Flatcar Container Linux is not affected)<br><br>Bug fixes<br><br>* The sysctl net.ipv4.conf.*.rp_filter is set to 0 for the Cilium CNI plugin to work ([Flatcar#181](https://github.com/kinvolk/Flatcar/issues/181))<br>* Package downloads in the developer container now use the correct URL again ([Flatcar#298](https://github.com/kinvolk/Flatcar/issues/298))<br><br>Changes<br><br>* A symlink `vimdiff` should not be created, if the USE flag `minimal` is enabled. ([Flatcar/#221](https://github.com/kinvolk/Flatcar/issues/221))<br>* The sysctl default config file is now applied under the prefix 60 which allows for custom sysctl config files to take effect when they start with a prefix of 70, 80, or 90 ([baselayout#13](https://github.com/kinvolk/baselayout/pull/13))<br>* Containerd CRI plugin got enabled by default, only the containerd socket path needs to be specified as kubelet parameter for Kubernetes 1.20 to use containerd instead of Docker ([Flatcar#283](https://github.com/kinvolk/Flatcar/issues/283))<br>* For users with a custom update server a machine alias setting in update-engine allows to give human-friendly names to client instances ([update-engine#8](https://github.com/kinvolk/update_engine/pull/8))<br>* Enable BCMGENET as a module on arm64_defconfig-5.9 (c[oreos-overlay#717](https://github.com/kinvolk/coreos-overlay/pull/717))<br>* Enable BCM7XXX_PHY as a module on arm64_defconfig-5.9 for Raspberry Pi 4 ([coreos-overlay#716](https://github.com/kinvolk/coreos-overlay/pull/716))<br>* Disable jpeg USE flag from QEMU ([coreos-overlay#729](https://github.com/kinvolk/coreos-overlay/pull/729))<br>* flatcar_production_qemu.sh: Use more CPUs for ARM if available ([scripts#91](https://github.com/kinvolk/flatcar-scripts/pull/91))<br><br>Updates<br><br>* Linux ([5.9.14](https://lwn.net/Articles/839874/))<br>* Linux firmware ([20201118](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20201118))<br>* Docker ([19.03.14](https://github.com/docker/docker-ce/releases/tag/v19.03.14))<br>* containerd ([1.4.3](https://github.com/containerd/containerd/releases/tag/v1.4.3))<br>* pam ([1.5.1](https://github.com/linux-pam/linux-pam/releases/tag/v1.5.1))<br>* sqlite ([3.33](https://www.sqlite.org/releaselog/3_33_0.html))<br>* SDK: Rust ([1.47.0](https://github.com/rust-lang/rust/blob/master/RELEASES.md#version-1470-2020-10-08))<br>* SDK: Go ([1.15.6](https://go.googlesource.com/go/+/refs/tags/go1.15.6))<br>* SDK: repo (2.8)<br>* SDK: dwarves (1.19)<br><br>Note: Please note that ARM images remain experimental for now.<br><br>Packages:<br>- docker 19.03.14<br>- ignition 0.34.0<br>- kernel 5.9.14<br>- systemd 246<br><br>Architectures:<br>- amd64<br>- arm64<br> 2020-12-18T14:10:15+00:00 @@ -2782,7 +2806,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2705.0.0 2705.0.0 - 2023-10-25T10:20:42.674805+00:00 + 2023-11-22T09:59:32.515755+00:00 Security fixes<br><br>* glibc ([CVE-2019-9169](https://nvd.nist.gov/vuln/detail/CVE-2019-9169), [CVE-2019-6488](https://nvd.nist.gov/vuln/detail/CVE-2019-6488), [CVE-2019-7309](https://nvd.nist.gov/vuln/detail/CVE-2019-7309), [CVE-2020-10029](https://nvd.nist.gov/vuln/detail/CVE-2020-10029), [CVE-2020-1751](https://nvd.nist.gov/vuln/detail/CVE-2020-1751), [CVE-2020-6096](https://nvd.nist.gov/vuln/detail/CVE-2020-6096), [CVE-2018-20796](https://nvd.nist.gov/vuln/detail/CVE-2018-20796))<br><br>Bug fixes<br><br>* Added systemd-tmpfiles directives for /opt and /opt/bin to ensure that the folders have correct permissions even when /opt/ was once created by containerd ([Flatcar#279](https://github.com/kinvolk/Flatcar/issues/279))<br><br>Changes<br><br>* Enabled the kernel config HOTPLUG_PCI_ACPI for arm64 to support attaching EC2 volumes ([PR#705](https://github.com/kinvolk/coreos-overlay/pull/705))<br><br>Updates<br><br>* Linux ([5.9.11](https://lwn.net/Articles/838257/))<br>* glibc ([2.32](https://lwn.net/Articles/828210/))<br><br>Note: Please note that ARM images remain experimental for now.<br><br>Packages:<br>- docker 19.03.13<br>- ignition 0.34.0<br>- kernel 5.9.11<br>- systemd 246<br><br>Architectures:<br>- amd64<br>- arm64<br> 2020-11-27T10:48:14+00:00 @@ -2790,7 +2814,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2697.0.0 2697.0.0 - 2023-10-25T10:20:42.669714+00:00 + 2023-11-22T09:59:32.510435+00:00 Security fixes:<br><br>* Linux - ([CVE-2020-27673](https://nvd.nist.gov/vuln/detail/CVE-2020-27673), [CVE-2020-27675](https://nvd.nist.gov/vuln/detail/CVE-2020-27675))<br>* Go - ([CVE-2020-28362](https://nvd.nist.gov/vuln/detail/CVE-2020-28362), [CVE-2020-28367](https://nvd.nist.gov/vuln/detail/CVE-2020-28367), [CVE-2020-28366](https://nvd.nist.gov/vuln/detail/CVE-2020-28366))<br>* glib ([CVE-2019-12450](https://nvd.nist.gov/vuln/detail/CVE-2019-12450))<br>* open-iscsi ([CVE-2017-17840](https://nvd.nist.gov/vuln/detail/CVE-2017-17840))<br>* samba ([CVE-2019-10197](https://nvd.nist.gov/vuln/detail/CVE-2019-10197), [CVE-2020-10704](https://nvd.nist.gov/vuln/detail/CVE-2020-10704), [CVE-2020-10745](https://nvd.nist.gov/vuln/detail/CVE-2020-10745), [CVE-2019-3880](https://nvd.nist.gov/vuln/detail/CVE-2019-3880), [CVE-2019-10218](https://nvd.nist.gov/vuln/detail/CVE-2019-10218))<br>* shadow ([CVE-2019-19882](https://nvd.nist.gov/vuln/detail/CVE-2019-19882))<br>* sssd ([CVE-2018-16883](https://nvd.nist.gov/vuln/detail/CVE-2018-16883), [CVE-2019-3811](https://nvd.nist.gov/vuln/detail/CVE-2019-3811), [CVE-2018-16838](https://nvd.nist.gov/vuln/detail/CVE-2018-16838))<br>* trousers ([CVE-2020-24330](https://nvd.nist.gov/vuln/detail/CVE-2020-24330), [CVE-2020-24331](https://nvd.nist.gov/vuln/detail/CVE-2020-24331))<br>* cifs-utils ([CVE-2020-14342](https://nvd.nist.gov/vuln/detail/CVE-2020-14342))<br>* ntp ([CVE-2020-11868](https://nvd.nist.gov/vuln/detail/CVE-2020-11868), [CVE-2020-13817](https://nvd.nist.gov/vuln/detail/CVE-2020-13817), [CVE-2018-8956](https://nvd.nist.gov/vuln/detail/CVE-2018-8956), [CVE-2020-15025](https://nvd.nist.gov/vuln/detail/CVE-2020-15025))<br>* bzip2 ([CVE-2019-12900](https://nvd.nist.gov/vuln/detail/CVE-2019-12900))<br><br>Bug fixes:<br><br>* network: Restore KeepConfiguration=dhcp-on-stop ([kinvolk/init#30](https://github.com/kinvolk/init/pull/30))<br>* Make the automatic filesystem resizing more robust against a race and add more logging ([kinvolk/init#31](https://github.com/kinvolk/init/pull/31))<br>* Default again to waiting only for one network interface to be ready with systemd-networkd-wait-online which was missing in the initial systemd 246 update<br>* Default again to disabling IP Forwarding in systemd which was missing in the initial systemd 246 update<br>* Make systemd detect updates again when the /usr partition changes which was missing in the initial systemd 246 update<br>* Default again to set DefaultTasksMax=100% in systemd which was missing in the initial systemd 246 update<br>* Default again to disable SELinux permissions checks in systemd which was missing in the initial systemd 246 update<br><br>Changes:<br><br>* The zstd tools were added (version 1.4.4)<br>* The kernel config CONFIG_PSI was set to support [Pressure Stall Information](https://www.kernel.org/doc/html/latest/accounting/psi.html), more information also under [https://facebookmicrosites.github.io/psi/docs/overview](https://facebookmicrosites.github.io/psi/docs/overview) ([Flatcar#162](https://github.com/flatcar/Flatcar/issues/162))<br>* The kernel config CONFIG_BPF_JIT_ALWAYS_ON was set to use the BPF just-in-time compiler by default for faster execution<br>* The kernel config CONFIG_DEBUG_INFO_BTF was set to support BTF metadata (BPF Type Format), one important piece for portability of BPF programs (CO-RE: Compile Once - Run Everywhere) through relocation<br>* The kernel config CONFIG_POWER_SUPPLY was set<br>* The kernel configs CONFIG_OVERLAY_FS_METACOPY and CONFIG_OVERLAY_FS_REDIRECT_DIR were set. With the first overlayfs will only copy up metadata when a metadata-specific operation like chown/chmod is performed. The full file will be copied up later when the file is opened for write operations. With the second, which is equivalent to setting "redirect_dir=on" in the kernel command-line, overlayfs will copy up the directory first before the actual content ([Flatcar#170](https://github.com/kinvolk/Flatcar/issues/170)).<br><br>Updates:<br><br>* Linux ([5.9.8](https://lwn.net/Articles/836794/))<br>* Linux firmware ([20200918](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20200918))<br>* systemd ([246.6](https://github.com/systemd/systemd-stable/releases/tag/v246.6))<br>* bzip2 ([1.0.8](https://sourceware.org/git/?p=bzip2.git;a=blob;f=CHANGES;h=30afead2586b6d64f50988a41d394a0131b38949;hb=HEAD#l342))<br>* cifs-utils (6.11)<br>* dbus-glib (0.110)<br>* elfutils (0.178)<br>* glib (2.64.5)<br>* ntp (4.2.8_p15)<br>* open-iscsi (2.1.2)<br>* samba (4.11.13)<br>* shadow (4.8)<br>* sssd (2.3.1)<br>* strace (5.9)<br>* talloc (2.3.1)<br>* tdb (1.4.3)<br>* tevent (0.10.2)<br>* SDK/developer container: GCC (9.3.0), binutils (2.35), gdb (9.2)<br>* SDK: Go (1.15.5)<br>* VMware: open-vm-tools (11.2.0)<br><br>Packages:<br>- docker 19.03.13<br>- ignition 0.34.0<br>- kernel 5.9.8<br>- systemd 246<br><br>Architectures:<br>- amd64<br>- arm64<br> 2020-11-20T10:25:21+00:00 @@ -2798,7 +2822,7 @@ https://github.com/kinvolk/manifest/releases/tag/v2671.0.0 2671.0.0 - 2023-10-25T10:20:42.661909+00:00 + 2023-11-22T09:59:32.502315+00:00 Security fixes:<br><br>- Linux - [CVE-2020-27194](https://nvd.nist.gov/vuln/detail/CVE-2020-27194)<br>- c-ares - [CVE-2017-1000381](https://nvd.nist.gov/vuln/detail/CVE-2017-1000381)<br>- file - [CVE-2019-18218](https://nvd.nist.gov/vuln/detail/CVE-2019-18218)<br>- json-c - [CVE-2020-12762](https://nvd.nist.gov/vuln/detail/CVE-2020-12762)<br>- libuv - [CVE-2020-8252](https://nvd.nist.gov/vuln/detail/CVE-2020-8252)<br>- libxml2 - [CVE-2019-20388](https://nvd.nist.gov/vuln/detail/CVE-2019-20388) [CVE-2020-7595](https://nvd.nist.gov/vuln/detail/CVE-2020-7595)<br>- re2c - [CVE-2020-11958](https://nvd.nist.gov/vuln/detail/CVE-2020-11958)<br>- tar - [CVE-2019-9923](https://nvd.nist.gov/vuln/detail/CVE-2019-9923)<br><br>Bug fixes:<br><br>- Ensured that the `/etc/coreos` to `/etc/flatcar` symlink always exists, relevant for the Container Linux Config transpiler (ct) when specifying directives for `update:` or `locksmith:` while also reformatting the rootfs ([baselayout PR#7](https://github.com/flatcar/baselayout/pull/7))<br>- Allow inactive network interfaces to be bound to a bonding interface, by encoding additional configuration for systemd-networkd-wait-online ([afterburn PR #10](https://github.com/flatcar/afterburn/pull/10))<br>- Azure: Exclude bonded SR-IOV driver mlx5-core from network interfaces managed by systemd-networkd ([bootengine PR #19](https://github.com/flatcar/bootengine/pull/19)) ([init PR #29](https://github.com/flatcar/init/pull/29))<br>- Do not configure ccache in Jenkins ([scripts PR #100](https://github.com/flatcar/scripts/pull/100))<br><br>Changes:<br><br>- Remove unnecessary kernel module nf-conntrack-ipv4 ([overlay PR#649](https://github.com/flatcar/coreos-overlay/pull/649))<br><br>Updates:<br><br>- Linux [5.8.16](https://lwn.net/Articles/834536/)<br>- c-ares [1.61.1](https://github.com/c-ares/c-ares/releases/tag/cares-1_16_1)<br>- cryptsetup [2.3.2](https://gitlab.com/cryptsetup/cryptsetup/-/tags/v2.3.2)<br>- json-c [0.15](https://github.com/json-c/json-c/releases/tag/json-c-0.15-20200726)<br>- libuv [1.39.0](https://github.com/libuv/libuv/releases/tag/v1.39.0)<br>- libxml2 [2.9.10](https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.9.10)<br>- tar [1.32](https://git.savannah.gnu.org/cgit/tar.git/tag/?h=release_1_32)<br>- Go [1.15.3](https://go.googlesource.com/go/+/refs/tags/go1.15.3), [1.12.17](https://go.googlesource.com/go/+/refs/tags/go1.12.17) (only in SDK)<br>- file [5.39](https://github.com/file/file/tree/FILE5_39) (only in SDK)<br>- gdbus-codegen [2.64.5](https://gitlab.gnome.org/GNOME/glib/-/tags/2.64.5) (only in SDK)<br>- meson [0.55.3](https://github.com/mesonbuild/meson/releases/tag/0.55.3) (only in SDK)<br>- re2c [2.0.3](https://re2c.org/releases/release_notes.html#release-2-0-3) (only in SDK)<br><br>Note: Please note that ARM images remain experimental for now.<br><br>Packages:<br>- docker 19.03.13<br>- ignition 0.34.0<br>- kernel 5.8.16<br>- systemd 246<br><br>Architectures:<br>- amd64<br>- arm64<br> 2020-10-28T14:37:26+00:00 @@ -2806,7 +2830,7 @@ https://github.com/flatcar/manifest/releases/tag/v2661.0.0 2661.0.0 - 2023-10-25T10:20:42.655715+00:00 + 2023-11-22T09:59:32.496019+00:00 Security fixes:<br>- Linux - [CVE-2020-25645](https://nvd.nist.gov/vuln/detail/CVE-2020-25645), [CVE-2020-25643](https://nvd.nist.gov/vuln/detail/CVE-2020-25643), [CVE-2020-25211](https://nvd.nist.gov/vuln/detail/CVE-2020-25211)<br><br>Bug fixes:<br>- Ensured that the `/etc/coreos` to `/etc/flatcar` symlink always exists, relevant for the Container Linux Config transpiler (ct) when specifying directives for `update:` or `locksmith:` while also reformatting the rootfs ([baselayout PR#7](https://github.com/flatcar/baselayout/pull/7))<br>- Azure: Exclude bonded SR-IOV network interfaces with newer drivers from networkd (in addition to the old drivers) to prevent them being configured instead of just the bond interface ([init PR#29](https://github.com/flatcar/init/pull/29), [bootengine PR#19](https://github.com/flatcar/bootengine/pull/19))<br><br>Changes:<br>- Compress kernel modules with xz ([overlay PR#628](https://github.com/flatcar/coreos-overlay/pull/628))<br>- Add containerd-runc-shim-v* binaries required by kubelet custom CRI endpoints ([overlay PR#623](https://github.com/flatcar/coreos-overlay/pull/623))<br>- AWS arm64: Enable elastic network adapter module ([overlay PR#631](https://github.com/flatcar/coreos-overlay/pull/631))<br>- Equinix Metal (Packet): Exclude unused network interfaces from networkd, disregard the state of the bonded interfaces for the `network-online.target` and only require the bond interface itself to have at least one active link instead of `routable` which requires both links to be active ([afterburn PR#10](https://github.com/flatcar/afterburn/pull/10))<br>- QEMU: Use flatcar.autologin kernel command line parameter for auto login on the console ([Flatcar #71](https://github.com/flatcar/Flatcar/issues/71))<br><br>Updates:<br>- Linux [5.8.14](https://lwn.net/Articles/833689/)<br>- systemd [246](https://lwn.net/Articles/827675/)<br>- tini [0.18](https://github.com/krallin/tini/releases/tag/v0.18.0)<br>- libseccomp [2.5.0](https://github.com/seccomp/libseccomp/releases/tag/v2.5.0)<br>- audit [2.8.5](https://github.com/linux-audit/audit-userspace/releases/tag/v2.8.5)<br>- dracut [050](https://github.com/dracutdevs/dracut/releases/tag/050)<br>Packages:<br>- docker 19.03.13<br>- ignition 0.34.0<br>- kernel 5.8.14<br>- systemd 246<br><br>Architectures:<br>- amd64<br>- arm64<br> 2020-10-16T08:08:13+00:00 @@ -2814,7 +2838,7 @@ https://github.com/flatcar/manifest/releases/tag/v2643.0.0 2643.0.0 - 2023-10-25T10:20:42.649858+00:00 + 2023-11-22T09:59:32.490039+00:00 Security fixes:<br>- Linux: [CVE-2020-25284](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25284), [CVE-2020-14390](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14390)<br>- jq: [CVE-2015-8863](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8863), [CVE-2016-4074](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4074)<br>- sqlite: [CVE-2020-11656](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11656), [CVE-2020-9327](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9327), [CVE-2020-11655](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11655), [CVE-2020-13630](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13630), [CVE-2020-13435](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13435), [CVE-2020-13434](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13434), [CVE-2020-13631](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13631), [CVE-2020-13632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13632), [CVE-2020-15358](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15358)<br>- tcpdump and libpcap: [CVE-2018-10103](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10103), [CVE-2018-10105](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10105), [CVE-2018-16301](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16301), [CVE-2019-15163](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15163), [CVE-2018-14461](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14461), [CVE-2018-14462](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14462), [CVE-2018-14463](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14463), [CVE-2018-14464](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14464), [CVE-2018-14465](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14465), [CVE-2018-14466](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14466), [CVE-2018-14467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14467), [CVE-2018-14468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14468), [CVE-2018-14469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14469), [CVE-2018-14470](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14470), [CVE-2018-14880](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14880), [CVE-2018-14881](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14881), [CVE-2018-14882](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14882), [CVE-2018-16227](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16227), [CVE-2018-16228](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16228), [CVE-2018-16229](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16229), [CVE-2018-16230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16230), [CVE-2018-16300](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16300), [CVE-2018-16451](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16451), [CVE-2018-16452](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16452), [CVE-2019-15166](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15166), [CVE-2018-19325](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19325), [CVE-2018-14879](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14879), [CVE-2017-16808](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16808), [CVE-2018-19519](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19519), [CVE-2019-15161](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15161), [CVE-2019-15165](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15165), [CVE-2019-15164](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15164), [CVE-2019-1010220](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010220)<br>- libbsd: [CVE-2019-20367](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20367)<br>- rsync: [CVE-2016-9840](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9840), [CVE-2016-9841](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9841), [CVE-2016-9842](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9842), [CVE-2016-9843](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9843)<br><br><br>Bug fixes:<br><br>- Enabled missing systemd services ([#191](https://github.com/flatcar/Flatcar/issues/191), [PR #612](https://github.com/flatcar/coreos-overlay/pull/612))<br>- Fixed Docker torcx image unpacking error on machines with less than ~600 MB total RAM ([#32](https://github.com/flatcar/Flatcar/issues/32))<br>- Solved adcli Kerberos Active Directory incompatibility ([#194](https://github.com/flatcar/Flatcar/issues/194))<br>- Fixed the makefile path when building kernel modules with the developer container ([#195](https://github.com/flatcar/Flatcar/issues/195))<br>- Removed the `/etc/portage/savedconfig/` folder that contained a dump of the firmware config [flatcar-linux/coreos-overlay#613](https://github.com/flatcar/coreos-overlay/pull/613)<br><br><br>Changes:<br><br>- GCE: Improved oslogin support and added shell aliases to run a Python Docker image ([PR #592](https://github.com/flatcar/coreos-overlay/pull/592))<br><br>Updates:<br><br>- Linux [5.8.11](https://lwn.net/Articles/832305/)<br>- Docker [19.03.13](https://docs.docker.com/engine/release-notes/#190313)<br>- docker-runc [1.0.-rc92](https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc92)<br>- containerd [1.4.1](https://github.com/containerd/containerd/releases/tag/v1.4.1)<br>- adcli [0.9.0](https://cgit.freedesktop.org/realmd/adcli/tree/NEWS?h=0.9.0)<br>- GCE: oslogin [20200910.00](https://github.com/GoogleCloudPlatform/guest-oslogin/releases/tag/20200910.00)<br>- jq [1.6](https://github.com/stedolan/jq/releases/tag/jq-1.6)<br>- rsync [3.2.3](https://download.samba.org/pub/rsync/NEWS#3.2.3)<br>- tcpdump [4.9.3](https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9.3/CHANGES)<br><br>Note: Please note that ARM images remain experimental for now.<br>Packages:<br>- docker 19.03.13<br>- ignition 0.34.0<br>- kernel 5.8.11<br>- systemd 245<br><br>Architectures:<br>- amd64<br> 2020-09-30T12:23:46+00:00 @@ -2822,7 +2846,7 @@ https://github.com/flatcar/manifest/releases/tag/v2632.0.0 2632.0.0 - 2023-10-25T10:20:42.641932+00:00 + 2023-11-22T09:59:32.481763+00:00 Bug fixes:<br><br>- Fix resetting of DNS nameservers in systemd-networkd units ([PR#12](https://github.com/flatcar/systemd/pull/12))<br><br>Changes:<br><br>- Disable TX checksum offloading for the IP-in-IP tunl0 interface used by Calico ([PR#26](https://github.com/flatcar/init/pull/26)). This is a workaround for a Mellanox driver issue, currently tracked in [Flatcar#183](https://github.com/flatcar/Flatcar/issues/183)<br>- Set `sysctl net.ipv4.conf.(all|*).rp_filter` to 0 (instead of the systemd upstream value 2) to be less restrictive which some network solutions rely on ([PR#11](https://github.com/flatcar/systemd/pull/11))<br>- Update-engine now detects rollbacks and reports them as errors to the update server ([PR#6](https://github.com/flatcar/update_engine/pull/6))<br>- `flatcar-install` allows installation to a multipath drive ([PR#24](https://github.com/flatcar/init/pull/24))<br>- Support the `lockdown` kernel command line parameter ([PR#533](https://github.com/flatcar/coreos-overlay/pull/553))<br>- Update public key to include a [new subkey](https://www.flatcar-linux.org/security/image-signing-key/)<br><br>Updates:<br><br>- Linux [5.8.9](https://lwn.net/Articles/831365/)<br>- linux-firmware [20200817](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20200817)<br>- Go [1.15.2](https://golang.org/doc/go1.15)<br>- Rust [1.46.0](https://blog.rust-lang.org/2020/08/27/Rust-1.46.0.html)<br><br>Note: Please note that ARM images remain experimental for now.<br><br>Packages:<br>- docker 19.03.12<br>- ignition 0.34.0<br>- kernel 5.8.9<br>- rkt 1.30.0<br>- systemd 245<br><br>Architectures:<br>- amd64<br>- arm64<br> 2020-09-16T06:15:52+00:00 @@ -2830,7 +2854,7 @@ https://github.com/flatcar/manifest/releases/tag/v2605.1.0 2605.1.0 - 2023-10-25T10:20:42.636500+00:00 + 2023-11-22T09:59:32.476272+00:00 <br>Bug fixes:<br><br>- Resolve ipset API incompatibility [Flatcar#174](https://github.com/flatcar/Flatcar/issues/174)<br>- Fix udev rule warning about ignored value [Flatcar#164](https://github.com/flatcar/Flatcar/issues/164)<br>- Add missing `render` group [Flatcar#169](https://github.com/flatcar/Flatcar/issues/169)<br><br>Changes:<br><br>- Mount `/sys/fs/bpf` into the toolbox container and allow BPF syscalls ([PR#544](https://github.com/flatcar/coreos-overlay/pull/544))<br>- Support loading BPF programs with `tc` [Flatcar#172](https://github.com/flatcar/Flatcar/issues/172)<br><br>Updates:<br><br>- Linux [5.4.61](https://lwn.net/Articles/829613/)<br>- etcd-wrapper/etcdctl [3.3.25](https://github.com/etcd-io/etcd/releases/tag/v3.3.25)<br>- ipset [7.6](https://lwn.net/Articles/813097/)<br>- iproute [5.8](https://lwn.net/Articles/828370/)<br>- mdadm [4.1](https://mirrors.edge.kernel.org/pub/linux/utils/raid/mdadm/ANNOUNCE)<br>- VMware: openvm-tools [11.1.5](https://github.com/vmware/open-vm-tools/blob/stable-11.1.5/ReleaseNotes.md)<br><br>Note: Please note that ARM images remain experimental for now.<br><br>Packages:<br>- docker 19.03.12<br>- ignition 0.34.0<br>- kernel 5.4.61<br>- rkt 1.30.0<br>- systemd 245<br><br>Architectures:<br>- amd64<br>- arm64<br> 2020-09-01T12:24:31+00:00 @@ -2838,7 +2862,7 @@ https://github.com/flatcar/manifest/releases/tag/v2605.0.0 2605.0.0 - 2023-10-25T10:20:42.631465+00:00 + 2023-11-22T09:59:32.471080+00:00 Security fixes:<br><br><br><br>* Bind: fixes for [CVE-2020-8616](https://nvd.nist.gov/vuln/detail/CVE-2020-8616), [CVE-2020-8617](https://nvd.nist.gov/vuln/detail/CVE-2020-8617), [CVE-2020-8620](https://nvd.nist.gov/vuln/detail/CVE-2020-8620), [CVE-2020-8621](https://nvd.nist.gov/vuln/detail/CVE-2020-8621), [CVE-2020-8622](https://nvd.nist.gov/vuln/detail/CVE-2020-8622), [CVE-2020-8623](https://nvd.nist.gov/vuln/detail/CVE-2020-8623), [CVE-2020-8624](https://nvd.nist.gov/vuln/detail/CVE-2020-8624)<br><br>Bug fixes:<br><br><br><br>* etcd-wrapper: Adjust data dir permissions [https://github.com/flatcar/coreos-overlay/pull/536](https://github.com/flatcar/coreos-overlay/pull/536) <br><br>Changes:<br><br><br><br>* Add drivers for qedf, qedi, qla4xxx as kernel modules [https://github.com/flatcar/coreos-overlay/pull/528](https://github.com/flatcar/coreos-overlay/pull/528) <br><br>Updates:<br><br><br><br>* Linux [5.4.59](https://lwn.net/Articles/829106/)<br>* Bind-tools [9.16.6](https://ftp.isc.org/isc/bind9/cur/9.16/RELEASE-NOTES-bind-9.16.6.html)<br>* Openssl [1.1.1g](https://www.openssl.org/news/openssl-1.1.1-notes.html) <br>* etcd-wrapper [3.3.24](https://github.com/etcd-io/etcd/releases/tag/v3.3.24)<br>* sssd [1.16.3](https://sssd.io/docs/users/relnotes/notes_1_16_3.html)<br>* kerberos [1.18.2](https://web.mit.edu/kerberos/krb5-1.18/)<br>* Containerd [1.3.7](https://github.com/containerd/containerd/releases/tag/v1.3.7)<br>* Go [1.13.15](https://go.googlesource.com/go/+/refs/tags/go1.13.15) used for compilation<br>Packages:<br>- docker 19.03.12<br>- ignition 0.34.0<br>- kernel 5.4.59<br>- rkt 1.30.0<br>- systemd 245<br><br>Architectures:<br>- amd64<br>- arm64<br> 2020-08-20T21:47:52+00:00 @@ -2846,7 +2870,7 @@ https://github.com/flatcar/manifest/releases/tag/v2592.0.0 2592.0.0 - 2023-10-25T10:20:42.626205+00:00 + 2023-11-22T09:59:32.465636+00:00 Bug Fixes:<br>- Improved logic for GPT disk UUID randomization to fix booting on Packet c3.medium.x86 machines ([flatcar-linux/bootengine#17](https://github.com/flatcar/bootengine/pull/17))<br>- gpg: add patches for accepting keys without UIDs ([flatcar-linux/coreos-overlay#381](https://github.com/flatcar/coreos-overlay/pull/381))<br>- The static IP address configuration in the initramfs works again in the format `ip=<ip>::<gateway>:<netmask>:<hostname>:<iface>:none[:<dns1>[:<dns2>]]` ([flatcar-linux/bootengine#15](https://github.com/flatcar/bootengine/pull/15))<br><br><br>Changes:<br>- Since [version 245](https://github.com/systemd/systemd-stable/blob/v245-stable/NEWS#L267) systemd-networkd ignores network unit files with an empty `[Match]` section. Add a `Name=*` entry to match all interfaces.<br>- Weave network interfaces are excluded from systemd-networkd ([flatcar-linux/init#22](https://github.com/flatcar/init/pull/22))<br>- Enabled the mmio and vsock virtio kernel modules for Firecracker ([flatcar-linux/coreos-overlay#485](https://github.com/flatcar/coreos-overlay/pull/485))<br>- Enabled CONFIG_IKHEADERS to expose kernel headers under `/sys/kernel/kheaders.tar.xz`<br>- Vultr support in Ignition ([flatcar-linux/ignition#13](https://github.com/flatcar/ignition/pull/13))<br>- VMware OVF settings default to ESXi 6.5 and Linux 3.x<br><br><br>Updates:<br>- Linux [5.4.55](https://lwn.net/Articles/827718/)<br>- systemd [v245](https://github.com/systemd/systemd-stable/blob/v245-stable/NEWS)<br>- Docker [19.03.12](https://docs.docker.com/engine/release-notes/#190312)<br>- gnupg [2.2.20](https://lists.gnupg.org/pipermail/gnupg-announce/2020q1/000444.html)<br>- cryptsetup [2.0.3](https://www.saout.de/pipermail/dm-crypt/2018-May/005876.html)<br>- etcd [3.3.22](https://github.com/etcd-io/etcd/releases/tag/v3.3.22)<br>- etcdctl [3.3.22](https://github.com/etcd-io/etcd/releases/tag/v3.3.22)<br>- Go [1.13.14](https://go.googlesource.com/go/+/refs/tags/go1.13.14)<br>- Rust [1.44.1](https://blog.rust-lang.org/2020/06/18/Rust.1.44.1.html)<br><br>Note: Please note that ARM images remain experimental for now.<br>Packages:<br>- docker 19.03.12<br>- ignition 0.34.0<br>- kernel 5.4.55<br>- rkt 1.30.0<br>- systemd 245<br><br>Architectures:<br>- amd64<br>- arm64<br> 2020-08-06T14:58:47+00:00 @@ -2854,7 +2878,7 @@ https://github.com/flatcar/manifest/releases/tag/v2513.1.0 2513.1.0 - 2023-10-25T10:20:42.620402+00:00 + 2023-11-22T09:59:32.459712+00:00 Security Fixes:<br><br>- Malicious URLs can cause Git to expose private credentials [CVE-2020-5260](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5260)<br>- Similar to [CVE-2020-5260](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5260), Malicious URLs can cause Git to expose private credentials [CVE-2020-11008](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11008)<br><br>Bugfixes:<br>- Include dig binary in ARM [flatcar-linux/Flatcar#123](https://github.com/flatcar/Flatcar/issues/123)<br>- Fix the login prompt issue in the ISO [flatcar-linux/Flatcar#131](https://github.com/flatcar/Flatcar/issues/131)<br>- app-admin/{kubelet, etcd, flannel}-wrapper: don't overwrite the user supplied --insecure-options argument https://github.com/flatcar/coreos-overlay/pull/426<br><br>Updates:<br><br>- Linux - [5.4.47](https://lwn.net/Articles/823315/)<br>- Docker - [19.03.11](https://docs.docker.com/engine/release-notes/#190311)<br>- Go - [1.13.12](https://go.googlesource.com/go/+/refs/tags/go1.13.12)<br>- strace - [5.6](https://github.com/strace/strace/releases/tag/v5.6)<br>- git - [2.26.2](https://github.com/git/git/blob/master/Documentation/RelNotes/2.26.2.txt)<br><br>Note: Please note that ARM images remain experimental for now.<br><br>Packages:<br>- docker 19.03.11<br>- ignition 0.34.0<br>- kernel 5.4.47<br>- rkt 1.30.0<br>- systemd 243<br><br>Architectures:<br>- amd64<br>- arm64<br> 2020-06-30T15:56:06+00:00 @@ -2862,7 +2886,7 @@ https://github.com/flatcar/manifest/releases/tag/v2513.0.1 2513.0.1 - 2023-10-25T10:20:42.615189+00:00 + 2023-11-22T09:59:32.454342+00:00 ## Flatcar updates<br><br>Security fixes:<br>- Fix the Intel Microcode vulnerabilities ([CVE-2020-0543](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0543))<br><br>Changes:<br>- A source code and licensing overview is available under `/usr/share/licenses/INFO`<br><br>Updates:<br>- Linux [5.4.46](https://lwn.net/Articles/822840/)<br>- intel-microcode [20200609](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20200609)<br>Packages:<br>- docker 19.03.8<br>- ignition 0.34.0<br>- kernel 5.4.46<br>- rkt 1.30.0<br>- systemd 243<br><br>Architectures:<br>- amd64<br>- arm64<br> 2020-06-17T15:44:00+00:00 @@ -2870,7 +2894,7 @@ https://github.com/flatcar/manifest/releases/tag/v2513.0.0 2513.0.0 - 2023-10-25T10:20:42.610558+00:00 + 2023-11-22T09:59:32.449636+00:00 ## Flatcar updates<br><br>Security fixes:<br>- Fix e2fsprogs arbitrary code execution via crafted filesystem ([CVE-2019-5094](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094))<br>- Fix libarchive crash or use-after-free via crafted RAR file ([CVE-2019-18408](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18408), [CVE-2020-9308](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9308))<br>- Fix libgcrypt ECDSA timing attack ([CVE-2019-13627](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13627))<br>- Fix libidn2 domain impersonation ([CVE-2019-12290](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12290))<br>- Fix NSS crashes and heap corruption ([CVE-2017-11695](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11695), [CVE-2017-11696](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11696), [CVE-2017-11697](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11697), [CVE-2017-11698](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11698), [CVE-2018-18508](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18508), [CVE-2019-11745](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745))<br>- Fix OpenSSL overflow in Montgomery squaring procedure ([CVE-2019-1551](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551))<br>- Fix SQLite crash and heap corruption ([CVE-2019-16168](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16168), [CVE-2019-5827](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5827))<br>- Fix unzip heap overflow or excessive resource consumption via crafted archive ([CVE-2018-1000035](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000035), [CVE-2019-13232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13232))<br>- Fix vim arbitrary command execution via crafted file ([CVE-2019-12735](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12735))<br><br>Bug fixes:<br>- Revert adding the SELinux use flag for docker-runc until a regression is solved<br>- When writing the update kernel, prefer `/boot/coreos` only if `/boot/coreos/vmlinux-*` exists (https://github.com/flatcar/update_engine/pull/5)<br>- Fixed sysroot-boot initramfs service race which resulted in a warning that this service failed<br><br>Changes:<br>- Support the CoreOS GRUB `/boot/coreos/first_boot` flag file (https://github.com/flatcar/bootengine/pull/13)<br>- Fetch container images in docker format rather than ACI by default in `etcd-member.service`, `flanneld.service`, and `kubelet-wrapper`<br>- Add wireguard kernel module from [wireguard-linux-compat](https://git.zx2c4.com/wireguard-linux-compat)<br>- Include `wg` (wireguard-tools)<br>- Enable regex support for `jq`<br>- Use `flatcar.autologin` kernel command line parameter on Azure for auto login on the serial console<br><br>Updates:<br>- e2fsprogs [1.45.5](http://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.45.5)<br>- etcd [3.3.20](https://github.com/etcd-io/etcd/releases/tag/v3.3.20)<br>- etcdctl [3.3.20](https://github.com/etcd-io/etcd/releases/tag/v3.3.20)<br>- Linux [5.4.41](https://lwn.net/Articles/820524/)<br>- OpenSSL [1.0.2u](https://www.openssl.org/news/openssl-1.0.2-notes.html)<br>- vim [8.2.0360](http://ftp.vim.org/pub/vim/patches/8.2/README)<br>- systemd [243](https://github.com/systemd/systemd-stable/blob/v243-stable/NEWS)<br><br>Packages:<br>- docker 19.03.8<br>- ignition 0.34.0<br>- kernel 5.4.41<br>- rkt 1.30.0<br>- systemd 243<br><br>Architectures:<br>- amd64<br>- arm64<br> 2020-05-26T16:33:35+00:00 @@ -2878,7 +2902,7 @@ https://github.com/flatcar/manifest/releases/tag/v2492.0.0 2492.0.0 - 2023-10-25T10:20:42.603989+00:00 + 2023-11-22T09:59:32.442908+00:00 ## Flatcar updates<br><br>Bug fixes:<br><br>- Support both guestinfo.ignition.config and guestinfo.coreos.config in coreos-cloudinit (https://github.com/flatcar/coreos-cloudinit/pull/4)<br>- Fix VMware guestinfo variable retrieval and add missing variables in ignition (https://github.com/flatcar/ignition/pull/11)<br>- Use flatcar.autologin for the console in oem-vmware (https://github.com/flatcar/coreos-overlay/pull/308)<br>- Log list of coredumps with coredumpctl in mayday (https://github.com/flatcar/mayday/pull/8)<br><br>Updates:<br><br>- Linux [5.4.35](https://lwn.net/Articles/818569/)<br>- Go [1.13.10](https://go.googlesource.com/go/+/refs/tags/go1.13.10)<br>- containerd [1.3.4](https://github.com/containerd/containerd/releases/tag/v1.3.4)<br>- conntrack-tools [1.4.5](https://git.netfilter.org/conntrack-tools/tag/?h=conntrack-tools-1.4.5)<br>- linux-firmware [20191022](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20191022)<br>Packages:<br>- docker 19.03.8<br>- ignition 0.34.0<br>- kernel 5.4.35<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br>- arm64<br> 2020-04-30T14:30:52+00:00 @@ -2886,7 +2910,7 @@ https://github.com/flatcar/manifest/releases/tag/v2466.0.0 2466.0.0 - 2023-10-25T10:20:42.599025+00:00 + 2023-11-22T09:59:32.437768+00:00 ## Flatcar updates<br><br>Bug fixes:<br><br>- Use newest network interface naming scheme (https://github.com/flatcar/Flatcar/issues/36)<br> - It is a possible breaking change for some persistent network interface names<br>- Fix coreos-cloudinit variable names (https://github.com/flatcar/coreos-overlay/pull/206)<br>- Prefer /boot/coreos to write updates (https://github.com/flatcar/update_engine/pull/2)<br>- Build a download URL in a safer way (https://github.com/flatcar/update_engine/issues/3)<br>- Remove /boot/coreos/first_boot after a Ignition rerun on migration (https://github.com/flatcar/bootengine/pull/10)<br>- Support coreos.config.url as kernel command line parameter for Ignition (https://github.com/flatcar/ignition/pull/10)<br>- Make flannel cross-node traffic work with systemd > 242 (https://github.com/coreos/flannel/issues/1155, https://github.com/flatcar/coreos-overlay/pull/279)<br><br>Changes:<br><br>- Add `tracepath` alongside `traceroute6` (https://github.com/flatcar/Flatcar/issues/50)<br>- Extend logging capabilities of mayday (https://github.com/flatcar/Flatcar/issues/61)<br><br>Updates:<br><br>- Linux [4.19.113](https://lwn.net/Articles/815960/)<br>- Docker [19.03.8](https://github.com/docker/docker-ce/releases/tag/v19.03.8)<br>- open-vm-tools [11.0.5](https://github.com/vmware/open-vm-tools/releases/tag/stable-11.0.5)<br>- openssh [8.1](https://www.openssh.com/txt/release-8.1)<br>- WAAgent [2.2.46](https://github.com/Azure/WALinuxAgent/releases/tag/v2.2.46)<br>Packages:<br>- docker 19.03.8<br>- ignition 0.34.0<br>- kernel 4.19.113<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br>- arm64<br> 2020-04-15T15:24:01+00:00 @@ -2894,7 +2918,7 @@ https://github.com/flatcar/manifest/releases/tag/v2430.0.0 2430.0.0 - 2023-10-25T10:20:42.593662+00:00 + 2023-11-22T09:59:32.432159+00:00 ## Flatcar updates<br><br>Bug fixes:<br><br>- Enable persistent network interface names already in the initramfs to fix https://github.com/coreos/bugs/issues/1767<br>- Do not error out in runc if SELinux is disabled on the system (https://github.com/flatcar/coreos-overlay/pull/189)<br>- Bring back runc 1.0-rc2 for Docker 17.03 (https://github.com/flatcar/coreos-overlay/pull/191)<br>- Use correct branch name format in developer container tools (https://github.com/flatcar/dev-util/pull/2)<br><br>Updates:<br><br>- Linux [4.19.106](https://lwn.net/Articles/813157/)<br>Packages:<br>- docker 19.03.5<br>- ignition 0.34.0<br>- kernel 4.19.106<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br>- arm64<br> 2020-03-05T10:26:46+00:00 @@ -2902,7 +2926,7 @@ https://github.com/flatcar/manifest/releases/tag/v2411.0.0 2411.0.0 - 2023-10-25T10:20:42.588967+00:00 + 2023-11-22T09:59:32.427180+00:00 ## Flatcar updates<br><br>Security fixes:<br><br>- Fix stack-based buffer overflow in sudo ([CVE-2019-18634](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18634))<br>- Fix incorrect access control leading to privileges escalation in runc ([CVE-2019-19921](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19921))<br>- Fix systemd use-after-free upon receiving crafted D-Bus message from local unprivileged attacker ([CVE-2020-1712](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1712))<br><br>Bug fixes:<br><br>- Fix DNS resolution for the GCE metadata server (https://github.com/flatcar/coreos-overlay/pull/160)<br>- Use correct URLs for flatcar-linux in emerge-gitclone and scripts (https://github.com/flatcar/dev-util/pull/1) (https://github.com/flatcar/scripts/pull/50)<br>- Fix a wrong profile reference in torcx (https://github.com/flatcar/coreos-overlay/pull/162)<br>- Create symlink for /run/metadata/coreos (https://github.com/flatcar/coreos-overlay/pull/166)<br>- Create symlink for flatcar-install (https://github.com/flatcar/init/pull/14)<br>- Fix backwards compatibility issues for users to migrate from CoreOS Container Linux (https://github.com/flatcar/Flatcar/issues/16 https://github.com/flatcar/afterburn/pull/7 https://github.com/flatcar/bootengine/pull/7 https://github.com/flatcar/bootengine/pull/8 https://github.com/flatcar/init/pull/16 https://github.com/flatcar/init/pull/17 https://github.com/flatcar/ignition/pull/8)<br><br>Changes:<br><br>- Build Flatcar tarballs to be used by containers (https://github.com/flatcar/scripts/pull/51)<br>- Enable qede kernel module<br><br>Updates:<br><br>- Linux [4.19.102](https://lwn.net/Articles/811638/)<br>- runc [1.0.0-rc10](https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc10)<br>- sudo [1.8.31](https://www.sudo.ws/stable.html#1.8.31)<br><br>Packages:<br>- docker 19.03.5<br>- ignition 0.34.0<br>- kernel 4.19.102<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br>- arm64<br> 2020-02-17T16:40:26+00:00 @@ -2910,7 +2934,7 @@ https://github.com/flatcar/manifest/releases/tag/v2387.0.0 2387.0.0 - 2023-10-25T10:20:42.583360+00:00 + 2023-11-22T09:59:32.421361+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2387.0.0):<br><br>Security fixes:<br><br>- Fix multiple Git [vulnerabilities](https://marc.info/?l=git&m=157600115215285&w=2) ([CVE-2019-1348](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1348), [CVE-2019-1349](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1349), [CVE-2019-1350](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1350), [CVE-2019-1351](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1351), [CVE-2019-1352](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1352), [CVE-2019-1353](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1353), [CVE-2019-1354](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1354), [CVE-2019-1387](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1387), [CVE-2019-19604](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19604))<br><br>Updates:<br><br>- Git [2.24.1](https://github.com/git/git/blob/master/Documentation/RelNotes/2.24.1.txt)<br>- Ignition [0.34.0](https://github.com/coreos/ignition/releases/tag/v0.34.0)<br><br>## Flatcar updates<br>- Linux [4.19.97](https://lwn.net/Articles/809961/)<br><br>Packages:<br>- docker 19.03.5<br>- ignition 0.34.0<br>- kernel 4.19.97<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br>- arm64<br> 2020-01-21T12:54:35+00:00 @@ -2918,7 +2942,7 @@ https://github.com/flatcar/manifest/releases/tag/v2345.0.2 2345.0.2 - 2023-10-25T10:20:42.578369+00:00 + 2023-11-22T09:59:32.416285+00:00 ## Flatcar updates<br><br>Security fixes:<br><br>- Fix a denial-of-service issue via malicious access to `/dev/kvm` ([CVE-2019-19332](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19332))<br><br>Bug fixes:<br><br>- Fix a bug when creating RAID0 arrays by setting the default layout (https://github.com/flatcar/baselayout/pull/2)<br><br>Updates:<br><br>- Linux [4.19.89](https://lwn.net/Articles/807416/)<br>Packages:<br>- docker 19.03.5<br>- ignition 0.33.0<br>- kernel 4.19.89<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br>- arm64<br> 2019-12-20T09:27:31+00:00 @@ -2926,7 +2950,7 @@ https://github.com/flatcar/manifest/releases/tag/v2345.0.1 2345.0.1 - 2023-10-25T10:20:42.573728+00:00 + 2023-11-22T09:59:32.411443+00:00 ## Flatcar updates<br><br>It is the first release done for both amd64 and arm64.<br><br>Bug fixes:<br><br>- Fix cross-build issues around WAF by creating wrappers (https://github.com/flatcar/coreos-overlay/pull/137 https://github.com/flatcar/coreos-overlay/pull/139)<br><br>Updates:<br><br>- ldb [1.3.6](https://gitlab.com/samba-team/samba/-/tags/ldb-1.3.6)<br>- samba [4.8.6](https://gitlab.com/samba-team/samba/-/tags/samba-4.8.6)<br>- talloc [2.1.11](https://gitlab.com/samba-team/samba/-/tags/talloc-2.1.11)<br>- tdb [1.3.15](https://gitlab.com/samba-team/samba/-/tags/tdb-1.3.15)<br>- tevent [0.9.37](https://gitlab.com/samba-team/samba/-/tags/tevent-0.9.37)<br><br>Packages:<br>- docker 19.03.5<br>- ignition 0.33.0<br>- kernel 4.19.87<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br>- arm64<br> 2019-12-09T10:28:08+00:00 @@ -2934,7 +2958,7 @@ https://github.com/flatcar/manifest/releases/tag/v2345.0.0 2345.0.0 - 2023-10-25T10:20:42.568905+00:00 + 2023-11-22T09:59:32.406463+00:00 ## Flatcar updates<br><br>Security fixes:<br><br>- Fix heap-based buffer over-read in libexpat ([CVE-2019-15903](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903))<br>- Fix code injection around dynamic libraries in docker ([CVE-2019-14271](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14271))<br><br>Bug fixes:<br><br>- Fix cross-build issues in rust by storing shell scripts under the source directory (https://github.com/flatcar/coreos-overlay/pull/125)<br>- Fix bug in dealing with xattrs when unpacking torcx tarballs (https://github.com/flatcar/torcx/pull/2)<br><br>Updates:<br><br>- Linux [4.19.87](https://lwn.net/Articles/805923/)<br>- docker [19.03.5](https://docs.docker.com/engine/release-notes/#19035)<br>- etcd [3.3.18](https://github.com/etcd-io/etcd/releases/tag/v3.3.18)<br>- expat [2.2.8](https://github.com/libexpat/libexpat/releases/tag/R_2_2_8)<br><br>Packages:<br>- docker 19.03.5<br>- ignition 0.33.0<br>- kernel 4.19.87<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-12-05T06:35:19+00:00 @@ -2942,7 +2966,7 @@ https://github.com/flatcar/manifest/releases/tag/v2331.0.0 2331.0.0 - 2023-10-25T10:20:42.563668+00:00 + 2023-11-22T09:59:32.401320+00:00 ## Flatcar updates<br><br>Security fixes:<br><br>- Fix Intel CPU disclosure of memory to user process. Complete mitigation requires [manually disabling TSX or SMT](https://docs.flatcar-linux.org/os/disabling-smt/) on affected processors. ([CVE-2019-11135](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11135), [TAA](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00270.html))<br>- Fix Intel CPU denial of service by a malicious guest VM ([CVE-2018-12207](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12207))<br>- Fix curl Kerberos FTP double free ([CVE-2019-5481](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5481))<br> - Fix curl TFTP buffer overflow with non-default block size ([CVE-2019-5482](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5482))<br> - Fix OpenSSL key extraction attacks under non-default conditions ([CVE-2019-1563](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563), [CVE-2019-1547](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1547))<br>- Fix panic caused by invalid DSA public keys in Go 1.12 and 1.13 ([CVE-2019-17596](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17596))<br><br>Bug fixes:<br><br>- Fix CFS scheduler throttling highly-threaded I/O-bound applications ([#2623](https://github.com/coreos/bugs/issues/2623))<br>- Fix time zone for Brazil ([#2627](https://github.com/coreos/bugs/issues/2627))<br><br>Updates:<br><br>- Go [1.12.12](https://go.googlesource.com/go/+/refs/tags/go1.12.12) and [1.13.3](https://go.googlesource.com/go/+/refs/tags/go1.13.3)<br>- curl [7.66.0](https://curl.haxx.se/mail/archive-2019-09/0002.html)<br>- intel-microcode [20191115](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/blob/microcode-20191115/releasenote)<br>- Linux [4.19.84](https://lwn.net/Articles/804465/)<br>- OpenSSL [1.0.2t](https://www.openssl.org/news/cl102.txt)<br>- timezone-data [2019c](http://mm.icann.org/pipermail/tz-announce/2019-September/000057.html)<br><br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.84<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-11-25T12:07:57+00:00 @@ -2950,7 +2974,7 @@ https://github.com/flatcar/manifest/releases/tag/v2317.0.1 2317.0.1 - 2023-10-25T10:20:42.558094+00:00 + 2023-11-22T09:59:32.395004+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2317.0.1):<br><br>Bug fixes:<br><br>- Fix CFS scheduler throttling highly-threaded I/O-bound applications ([#2623](https://github.com/coreos/bugs/issues/2623))<br>- Fix time zone for Brazil ([#2627](https://github.com/coreos/bugs/issues/2627))<br><br>Updates:<br><br>- Linux [4.19.81](https://lwn.net/Articles/803384/)<br>- timezone-data [2019c](http://mm.icann.org/pipermail/tz-announce/2019-September/000057.html)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.81<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-11-11T14:14:00+00:00 @@ -2958,7 +2982,7 @@ https://github.com/flatcar/manifest/releases/tag/v2303.0.0 2303.0.0 - 2023-10-25T10:20:42.553479+00:00 + 2023-11-22T09:59:32.390265+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2303.0.0):<br><br>Changes:<br>- Pin rkt to Go 1.12<br><br>Updates:<br>- Go [1.12.10](https://golang.org/doc/devel/release.html#go1.12.minor)<br>- Go [1.13.2](https://golang.org/doc/devel/release.html#go1.13.minor)<br>- Linux [4.19.80](https://lwn.net/Articles/802628/)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.80<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-10-23T12:33:00+00:00 @@ -2966,7 +2990,7 @@ https://github.com/flatcar/manifest/releases/tag/v2296.0.0 2296.0.0 - 2023-10-25T10:20:42.549004+00:00 + 2023-11-22T09:59:32.385553+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2296.0.0):<br><br>Security fixes:<br>- Fix sudo allowing a user to run commands as root if configured to permit the user to run commands as everyone other than root ([CVE-2019-14287](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14287))<br><br>Bug fixes:<br>- Fix kernel crash with CephFS mounts, introduced in 2275.0.0 ([#2616](https://github.com/coreos/bugs/issues/2616))<br><br>Updates:<br>- etcd [3.3.17](https://github.com/etcd-io/etcd/releases/tag/v3.3.17)<br>- etcdctl [3.3.17](https://github.com/etcd-io/etcd/releases/tag/v3.3.17)<br>- Go [1.12.9](https://golang.org/doc/devel/release.html#go1.12.minor)<br>- Linux [4.19.79](https://lwn.net/Articles/802169/)<br>- sudo [1.8.28](https://www.sudo.ws/stable.html#1.8.28)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.79<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-10-17T18:54:10+00:00 @@ -2974,7 +2998,7 @@ https://github.com/flatcar/manifest/releases/tag/v2275.1.0 2275.1.0 - 2023-10-25T10:20:42.544242+00:00 + 2023-11-22T09:59:32.380691+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2275.1.0):<br><br>Bug fixes:<br>- Fix kernel crash with CephFS mounts, introduced in 2275.0.0 ([#2616](https://github.com/coreos/bugs/issues/2616))<br><br>Updates:<br>- Linux [4.19.78](https://lwn.net/Articles/801700/)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.78<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-10-16T15:09:02+00:00 @@ -2982,7 +3006,7 @@ https://github.com/flatcar/manifest/releases/tag/v2275.0.0 2275.0.0 - 2023-10-25T10:20:42.539850+00:00 + 2023-11-22T09:59:32.376064+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2275.0.0):<br><br>Security fixes:<br><br>- Fix dbus authentication bypass in non-default configurations ([CVE-2019-12749](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12749))<br>- Fix kernel KVM guest escape ([CVE-2019-14835](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14835))<br>- Fix race condition in Intel microprocessors ([CVE-2019-11184](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11184))<br><br>Updates:<br><br>- intel-microcode [20190918](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/blob/microcode-20190918/releasenote)<br>- Linux [4.19.75](https://lwn.net/Articles/800247/)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.75<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-09-25T09:33:48+00:00 @@ -2990,7 +3014,7 @@ https://github.com/flatcar/manifest/releases/tag/v2261.0.0 2261.0.0 - 2023-10-25T10:20:42.535133+00:00 + 2023-11-22T09:59:32.371157+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2261.0.0):<br><br>Security fixes:<br><br>- Fix systemd-resolved bug allowing unprivileged users to change DNS settings ([CVE-2019-15718](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15718))<br><br>Bug fixes:<br><br>- Fix GCE agent crash loop in new installs ([#2608](https://github.com/coreos/bugs/issues/2608))<br><br>Updates:<br><br>- Linux [4.19.71](https://lwn.net/Articles/798627/)<br><br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.71<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-09-13T10:54:40+00:00 @@ -2998,7 +3022,7 @@ https://github.com/flatcar/manifest/releases/tag/v2247.1.0 2247.1.0 - 2023-10-25T10:20:42.530596+00:00 + 2023-11-22T09:59:32.366477+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2247.1.0):<br><br>Security fixes:<br><br>- Fix systemd-resolved bug allowing unprivileged users to change DNS settings ([CVE-2019-15718](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15718))<br><br>Bug fixes:<br><br>- Fix GCE agent crash loop in new installs ([#2608](https://github.com/coreos/bugs/issues/2608))<br><br>Updates:<br><br>- Linux [4.19.69](https://lwn.net/Articles/797815/)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.69<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-09-05T08:53:55+00:00 @@ -3006,7 +3030,7 @@ https://github.com/flatcar/manifest/releases/tag/v2247.0.0 2247.0.0 - 2023-10-25T10:20:42.526033+00:00 + 2023-11-22T09:59:32.361617+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2247.0.0):<br><br>Security fixes:<br>- Fix libarchive out of bounds reads ([CVE-2017-14166](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14166), [CVE-2017-14501](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14501), [CVE-2017-14502](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14502), [CVE-2017-14503](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14503))<br>- Fix pam_systemd bug allowing authenticated remote users to perform polkit actions as if locally logged in ([CVE-2019-3842](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3842))<br>- Fix polkit information disclosure and denial of service ([CVE-2018-1116](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1116))<br>- Fix SQLite multiple vulnerabilities, the worst of which allows code execution ([CVE-2019-5018](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5018), [CVE-2019-9936](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9936), [CVE-2019-9937](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9937))<br>- Fix wget buffer overflow allowing arbitrary code execution ([CVE-2019-5953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5953))<br><br>Updates:<br>- etcd [3.3.15](https://github.com/etcd-io/etcd/releases/tag/v3.3.15)<br>- etcdctl [3.3.15](https://github.com/etcd-io/etcd/releases/tag/v3.3.15)<br>- Go [1.12.7](https://golang.org/doc/devel/release.html#go1.12.minor)<br>- Linux [4.19.68](https://lwn.net/Articles/797250/)<br>- wget [1.20.3](http://git.savannah.gnu.org/cgit/wget.git/tree/NEWS?h=v1.20.3&id=a220ead43505bc3e0ea8efb1572919111dbbf6dc#n8)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.68<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-08-30T07:38:30+00:00 @@ -3014,7 +3038,7 @@ https://github.com/flatcar/manifest/releases/tag/v2234.0.0 2234.0.0 - 2023-10-25T10:20:42.520718+00:00 + 2023-11-22T09:59:32.356025+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2234.0.0):<br><br>Security fixes:<br>- Use secure_getenv to fix a vulnerability around XDG_SEAT in pam_systemd (https://github.com/coreos/systemd/pull/118) ([CVE-2019-3842](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3842))<br><br>Updates:<br>- Linux [4.19.65](https://lwn.net/Articles/795525/)<br><br>## Flatcar updates<br><br>Bug fixes:<br>- Fix wrong key name for fw_cfg in ignition with QEMU (https://github.com/flatcar/ignition/issues/2)<br>- Get SELinux context included in torcx tarballs (https://github.com/flatcar/scripts/pull/16)<br>- Enable XattrPrivileged for untar to fix SELinux issue (https://github.com/flatcar/torcx/pull/1)<br><br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.65<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-08-16T09:46:07+00:00 @@ -3022,7 +3046,7 @@ https://github.com/flatcar/manifest/releases/tag/v2219.1.0 2219.1.0 - 2023-10-25T10:20:42.515959+00:00 + 2023-11-22T09:59:32.351025+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2219.1.0):<br><br>Security fixes:<br>- Fix Linux information leak attack vector via speculative side channel ([CVE-2019-1125](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1125))<br><br>Updates:<br>- Linux [4.19.65](https://lwn.net/Articles/795525/)<br><br>## Flatcar updates<br><br>Changes:<br>- Add "-s" flag in flatcar-install to install to smallest disk (https://github.com/flatcar/init/pull/7)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.65<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-08-08T08:19:15+00:00 @@ -3030,7 +3054,7 @@ https://github.com/flatcar/manifest/releases/tag/v2219.0.0 2219.0.0 - 2023-10-25T10:20:42.511382+00:00 + 2023-11-22T09:59:32.346232+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2219.0.0):<br>Bug fixes:<br>- Fix Ignition fetching from S3 URLs when network is slow to start ([ignition#826](https://github.com/coreos/ignition/issues/826))<br><br>Updates:<br>- Linux [4.19.62](https://lwn.net/Articles/794807/)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.62<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-08-01T09:17:22+00:00 @@ -3038,7 +3062,7 @@ https://github.com/flatcar/manifest/releases/tag/v2205.0.0 2205.0.0 - 2023-10-25T10:20:42.506968+00:00 + 2023-11-22T09:59:32.341581+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2205.0.0):<br><br>Bug fixes:<br><br> - Fix Docker `device or resource busy` error when creating overlay mounts, introduced in 2191.0.0<br><br>Updates: <br><br> - Linux [4.19.58](https://lwn.net/Articles/793363/)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.58<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-07-17T13:53:28+00:00 @@ -3046,7 +3070,7 @@ https://github.com/flatcar/manifest/releases/tag/v2191.0.0 2191.0.0 - 2023-10-25T10:20:42.502520+00:00 + 2023-11-22T09:59:32.336353+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2191.0.0):<br><br>Security fixes:<br><br> * Fix libexpat denial of service ([CVE-2018-20843](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20843))<br><br>Bug fixes:<br><br> * Fix Ignition panic when no `guestinfo.(coreos|ignition).config` parameters are specified on VMware (coreos/ignition#821)<br><br>Updates:<br><br> * expat [2.2.7](https://github.com/libexpat/libexpat/releases/tag/R_2_2_7)<br> * Ignition [0.33.0](https://github.com/coreos/ignition/releases/tag/v0.33.0)<br> * Linux [4.19.56](https://lwn.net/Articles/792009/)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.33.0<br>- kernel 4.19.56<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-07-03T08:03:08+00:00 @@ -3054,7 +3078,7 @@ https://github.com/flatcar/manifest/releases/tag/v2184.0.0 2184.0.0 - 2023-10-25T10:20:42.497907+00:00 + 2023-11-22T09:59:32.331399+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2184.0.0):<br>Bug fixes:<br><br>- Temporarily revert bunzip2 change in 2163.0.0 causing decompression failures for invalid archives created by older versions of lbzip2, including Container Linux release images ([#2589](https://github.com/coreos/bugs/issues/2589))<br><br>Updates:<br><br>- intel-microcode [20190618](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/blob/microcode-20190618/releasenote)<br>- Linux [4.19.55](https://lwn.net/Articles/791755/)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.32.0<br>- kernel 4.19.55<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-07-01T10:43:29+00:00 @@ -3062,7 +3086,7 @@ https://github.com/flatcar/manifest/releases/tag/v2163.2.1 2163.2.1 - 2023-10-25T10:20:42.493351+00:00 + 2023-11-22T09:59:32.326527+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2163.2.1):<br><br>Security fixes:<br><br>- Fix Linux TCP remotely-triggerable kernel panic and excessive resource consumption ([CVE-2019-11477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11477), [CVE-2019-11478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11478), [CVE-2019-11479](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11479))<br><br>Updates:<br><br>- Linux [4.19.50](https://lwn.net/Articles/790878/)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.32.0<br>- kernel 4.19.50<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-06-19T08:17:08+00:00 @@ -3070,7 +3094,7 @@ https://github.com/flatcar/manifest/releases/tag/v2163.1.0 2163.1.0 - 2023-10-25T10:20:42.488813+00:00 + 2023-11-22T09:59:32.321743+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2163.1.0):<br>Bug fixes:<br>- Temporarily revert bunzip2 change in 2163.0.0 causing decompression failures for invalid archives created by older versions of lbzip2, including Container Linux release images ([#2589](https://github.com/coreos/bugs/issues/2589))<br>Packages:<br>- docker 18.06.3<br>- ignition 0.32.0<br>- kernel 4.19.47<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-06-12T13:24:21+00:00 @@ -3078,7 +3102,7 @@ https://github.com/flatcar/manifest/releases/tag/v2163.0.0 2163.0.0 - 2023-10-25T10:20:42.484355+00:00 + 2023-11-22T09:59:32.317155+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2163.0.0):<br><br>Security fixes:<br><br>- Fix curl TFTP buffer overflow with non-default block size ([CVE-2019-5436](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5436))<br><br>Updates:<br><br>- coreutils [8.30](https://git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?h=v8.30)<br>- curl [7.65.0](https://curl.haxx.se/changes.html#7_65_0)<br>- GCC [8.3.0](https://gcc.gnu.org/gcc-8/changes.html#GCC8.3)<br>- glibc [2.29](https://sourceware.org/ml/libc-announce/2019/msg00000.html)<br>- Linux [4.19.47](https://lwn.net/Articles/790017/)<br>- Rust [1.35.0](https://blog.rust-lang.org/2019/05/23/Rust-1.35.0.html)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.32.0<br>- kernel 4.19.47<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-06-06T08:50:58+00:00 @@ -3086,7 +3110,7 @@ https://github.com/flatcar/manifest/releases/tag/v2149.0.0 2149.0.0 - 2023-10-25T10:20:42.479700+00:00 + 2023-11-22T09:59:32.312266+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2149.0.0):<br><br>Updates:<br>- etcd [3.3.13](https://github.com/etcd-io/etcd/releases/tag/v3.3.13)<br>- etcdctl [3.3.13](https://github.com/etcd-io/etcd/releases/tag/v3.3.13)<br>- Go [1.12.5](https://golang.org/doc/devel/release.html#go1.12.minor)<br>- intel-microcode [20190514](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/blob/microcode-20190514/releasenote)<br>- Linux [4.19.44](https://lwn.net/Articles/788778/)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.32.0<br>- kernel 4.19.44<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-05-21T20:29:23+00:00 @@ -3094,7 +3118,7 @@ https://github.com/flatcar/manifest/releases/tag/v2135.1.0 2135.1.0 - 2023-10-25T10:20:42.475170+00:00 + 2023-11-22T09:59:32.307616+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2135.1.0):<br><br>Security fixes:<br>- Fix Intel CPU disclosure of memory to user process. Complete mitigation requires [manually disabling SMT](https://docs.flatcar-linux.org/os/disabling-smt/) on affected processors. ([CVE-2019-11091](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11091), [CVE-2018-12126](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12126), [CVE-2018-12127](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12127), [CVE-2018-12130](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12130), [MDS](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html))<br><br>Updates:<br>- intel-microcode [20190514](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/blob/microcode-20190514/releasenote)<br>- Linux [4.19.43](https://lwn.net/Articles/788388/)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.32.0<br>- kernel 4.19.43<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-05-16T10:57:13+00:00 @@ -3102,7 +3126,7 @@ https://github.com/flatcar/manifest/releases/tag/v2135.0.0 2135.0.0 - 2023-10-25T10:20:42.470368+00:00 + 2023-11-22T09:59:32.302589+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2135.0.0):<br><br>Security fixes:<br><br>- Fix SQLite remote code execution ([CVE-2018-20346](https://nvd.nist.gov/vuln/detail/CVE-2018-20346))<br>- Fix GLib [multiple vulnerabilities](https://www.openwall.com/lists/oss-security/2018/10/23/5)<br><br>Bug fixes:<br><br>- Fix systemd `MountFlags=shared` option ([#2579](https://github.com/coreos/bugs/issues/2579))<br><br>Changes:<br><br>- Use Amazon's recommended NVMe timeout for new EC2 installs ([#2484](https://github.com/coreos/bugs/issues/2484))<br>- Pin network interface naming to systemd v238 scheme ([#2578](https://github.com/coreos/bugs/issues/2578))<br>- Enable XDP sockets ([#2580](https://github.com/coreos/bugs/issues/2580))<br><br>Updates:<br><br>- Linux [4.19.37](https://lwn.net/Articles/786953/)<br>- Rust [1.34.1](https://blog.rust-lang.org/2019/04/25/Rust-1.34.1.html)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.32.0<br>- kernel 4.19.37<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-05-08T07:08:56+00:00 @@ -3110,7 +3134,7 @@ https://github.com/flatcar/manifest/releases/tag/v2121.0.0 2121.0.0 - 2023-10-25T10:20:42.465487+00:00 + 2023-11-22T09:59:32.297541+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2121.0.0):<br><br>Security fixes:<br> - Fix libseccomp privilege escalation ([CVE-2019-9893](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9893))<br><br>Bug fixes:<br> - Disable new sticky directory protections for backward compatibility ([#2577](https://github.com/coreos/bugs/issues/2577))<br><br>Changes:<br> - Enable `atlantic` kernel module ([#2576](https://github.com/coreos/bugs/issues/2576))<br><br>Updates:<br> - Go [1.12.4](https://golang.org/doc/devel/release.html#go1.12.minor)<br> - Ignition [0.32.0](https://github.com/coreos/ignition/releases/tag/v0.32.0)<br> - libseccomp [2.4.0](https://github.com/seccomp/libseccomp/releases/tag/v2.4.0)<br> - Linux [4.19.36](https://lwn.net/Articles/786361/)<br> - Rust [1.34.0](https://blog.rust-lang.org/2019/04/11/Rust-1.34.0.html)<br> - tini [0.18.0](https://github.com/krallin/tini/releases/tag/v0.18.0)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.32.0<br>- kernel 4.19.36<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-05-03T10:42:07+00:00 @@ -3118,7 +3142,7 @@ https://github.com/flatcar/manifest/releases/tag/v2107.0.0 2107.0.0 - 2023-10-25T10:20:42.460616+00:00 + 2023-11-22T09:59:32.292454+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2107.0.0):<br><br>Security fixes:<br>- Fix libmspack vulnerabilities in the VMware agent for new installs ([CVE-2018-14679](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14679), [CVE-2018-14680](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14680), [CVE-2018-14681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14681), [CVE-2018-14682](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14682), [CVE-2018-18584](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18584), [CVE-2018-18585](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18585), [CVE-2018-18586](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18586))<br><br>Updates:<br>- Afterburn (formerly coreos-metadata) [4.0.0](https://github.com/coreos/afterburn/releases/tag/v4.0.0)<br>- Git [2.21.0](https://raw.githubusercontent.com/git/git/v2.21.0/Documentation/RelNotes/2.21.0.txt)<br>- Go [1.12.2](https://golang.org/doc/devel/release.html#go1.12.minor)<br>- Linux [4.19.34](https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.34)<br><br>Packages:<br>- docker 18.06.3<br>- ignition 0.31.0<br>- kernel 4.19.34<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-04-09T13:24:31+00:00 @@ -3126,7 +3150,7 @@ https://github.com/flatcar/manifest/releases/tag/v2093.0.0 2093.0.0 - 2023-10-25T10:20:42.455726+00:00 + 2023-11-22T09:59:32.286871+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2093.0.0):<br><br>Security fixes:<br>- Fix OpenSSH `scp` allowing remote servers to change target directory permissions ([CVE-2018-20685](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20685))<br>- Fix OpenSSH outputting ANSI control codes from remote servers ([CVE-2019-6109](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6109), [CVE-2019-6110](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6110))<br>- Fix OpenSSH `scp` allowing remote servers to overwrite arbitrary files ([CVE-2019-6111](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111))<br>- Fix OpenSSL side-channel timing attack ([CVE-2018-5407](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407))<br>- Fix OpenSSL padding oracle attack in misbehaving applications ([CVE-2019-1559](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1559))<br>- Fix ntp `ntpd` denial of service by authenticated user ([CVE-2019-8936](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8936))<br>- Fix ntp buffer overflow in `ntpq` and `ntpdc` ([CVE-2018-12327](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12327))<br><br>Bug fixes:<br>- Fix systemd presets incorrectly handling escaped unit names ([#2569](https://github.com/coreos/bugs/issues/2569))<br><br>Updates:<br>- GCC [8.2.0](https://gcc.gnu.org/gcc-8/changes.html#GCC8.2)<br>- Go [1.12.1](https://golang.org/doc/devel/release.html#go1.12.minor)<br>- IANA timezone database [2018i](https://mm.icann.org/pipermail/tz-announce/2018-December/000054.html)<br>- Linux [4.19.31](https://lwn.net/Articles/783858/)<br>- ntp [4.2.8p13](https://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ChangeLog-stable)<br>- OpenSSH [7.9p1](https://www.openssh.com/txt/release-7.9)<br>- OpenSSL [1.0.2r](https://www.openssl.org/news/openssl-1.0.2-notes.html)<br>- Update Engine [0.4.10](https://github.com/coreos/update_engine/releases/tag/v0.4.10)<br><br>Packages:<br>- docker 18.06.3<br>- ignition 0.31.0<br>- kernel 4.19.31<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-03-26T13:08:56+00:00 @@ -3134,7 +3158,7 @@ https://github.com/flatcar/manifest/releases/tag/v2079.0.0 2079.0.0 - 2023-10-25T10:20:42.450198+00:00 + 2023-11-22T09:59:32.281146+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2079.0.0):<br><br>Security fixes:<br>- Fix tar local denial of service with `--sparse` option ([CVE-2018-20482](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20482))<br>- Fix wget local information leak ([CVE-2018-20483](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20483))<br><br>Bug fixes:<br>- Fix systemd-journald memory leak ([#2564](https://github.com/coreos/bugs/issues/2564))<br><br>Changes:<br>- Enable `vhost_vsock` kernel module ([#2563](https://github.com/coreos/bugs/issues/2563))<br><br>Updates:<br>- Go [1.12](https://golang.org/doc/go1.12)<br>- Linux [4.19.28](https://lwn.net/Articles/782719/)<br>- Rust [1.33.0](https://blog.rust-lang.org/2019/02/28/Rust-1.33.0.html)<br>- systemd [241](https://github.com/systemd/systemd/blob/v241/NEWS)<br>- tar [1.31](https://lists.gnu.org/archive/html/info-gnu/2019-01/msg00001.html)<br>- wget [1.20.1](https://git.savannah.gnu.org/cgit/wget.git/tree/NEWS?h=v1.20.1)<br>Packages:<br>- docker 18.06.3<br>- ignition 0.31.0<br>- kernel 4.19.28<br>- rkt 1.30.0<br>- systemd 241<br><br>Architectures:<br>- amd64<br> 2019-03-12T14:38:05+00:00 @@ -3142,7 +3166,7 @@ https://github.com/flatcar/manifest/releases/tag/v2065.0.0 2065.0.0 - 2023-10-25T10:20:42.445305+00:00 + 2023-11-22T09:59:32.276035+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2065.0.0):<br><br>Security fixes:<br>- Fix curl vulnerabilities ([CVE-2018-16839](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16839), [CVE-2018-16840](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16840), [CVE-2018-16842](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16842), [CVE-2018-16890](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16890), [CVE-2019-3822](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3822), [CVE-2019-3823](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3823))<br>- Fix Linux use-after-free in `sockfs_setattr` ([CVE-2019-8912](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8912))<br>- Fix systemd crash from a specially-crafted D-Bus message ([CVE-2019-6454](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6454))<br><br>Updates:<br>- curl [7.64.0](https://curl.haxx.se/changes.html#7_64_0)<br>- Docker [18.06.3-ce](https://github.com/docker/docker-ce/releases/tag/v18.06.3-ce)<br>- Ignition [0.31.0](https://github.com/coreos/ignition/releases/tag/v0.31.0)<br>- Linux [4.19.25](https://lwn.net/Articles/780611/)<br><br>Packages:<br>- docker 18.06.3<br>- ignition 0.31.0<br>- kernel 4.19.25<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2019-02-27T08:55:30+00:00 @@ -3150,7 +3174,7 @@ https://github.com/flatcar/manifest/releases/tag/v2051.0.0 2051.0.0 - 2023-10-25T10:20:42.440316+00:00 + 2023-11-22T09:59:32.270834+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2051.0.0):<br><br>Security fixes:<br> - Fix runc container breakout ([CVE-2019-5736](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5736))<br><br>Changes:<br> - Revert `/sys/bus/rbd/add` to Linux 4.14 behavior ([#2544](https://github.com/coreos/bugs/issues/2544))<br> - Add a new subkey for signing release images<br><br>Updates:<br> - etcd [3.3.12](https://github.com/etcd-io/etcd/releases/tag/v3.3.12)<br> - etcdctl [3.3.12](https://github.com/etcd-io/etcd/releases/tag/v3.3.12)<br> - flannel [0.11.0](https://github.com/coreos/flannel/releases/tag/v0.11.0)<br> - Linux [4.19.20](https://lwn.net/Articles/779132/)<br><br>Packages:<br>- docker 18.06.1<br>- ignition 0.30.0<br>- kernel 4.19.20<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2019-02-14T10:32:06+00:00 @@ -3158,7 +3182,7 @@ https://github.com/flatcar/manifest/releases/tag/v2037.0.0 2037.0.0 - 2023-10-25T10:20:42.435633+00:00 + 2023-11-22T09:59:32.266059+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2037.0.0):<br><br>Security fixes:<br>- Fix Go CPU denial of service in ECC ([CVE-2019-6486](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6486))<br><br>Updates:<br>- btrfs-progs [4.19](https://git.kernel.org/pub/scm/linux/kernel/git/kdave/btrfs-progs.git/plain/CHANGES?h=v4.19)<br>- e2fsprogs [1.44.5](http://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.44.5)<br>- glibc [2.27](https://www.sourceware.org/ml/libc-alpha/2018-02/msg00054.html)<br>- Go [1.10.8](https://golang.org/doc/devel/release.html#go1.10.minor)<br>- Go [1.11.5](https://golang.org/doc/devel/release.html#go1.11.minor)<br>- Linux [4.19.18](https://lwn.net/Articles/777580/)<br>- Rust [1.32.0](https://blog.rust-lang.org/2019/01/17/Rust-1.32.0.html)<br>- util-linux [2.33](https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.33/v2.33-ReleaseNotes)<br>- xfsprogs [4.17.0](https://git.kernel.org/pub/scm/fs/xfs/xfsprogs-dev.git/plain/doc/CHANGES?id=v4.17.0)<br>Packages:<br>- docker 18.06.1<br>- ignition 0.30.0<br>- kernel 4.19.18<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2019-01-30T13:45:27+00:00 @@ -3166,7 +3190,7 @@ https://github.com/flatcar/manifest/releases/tag/v2023.0.0 2023.0.0 - 2023-10-25T10:20:42.430796+00:00 + 2023-11-22T09:59:32.261101+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2023.0.0):<br><br>Security fixes:<br> - Fix systemd-journald privilege escalation ([CVE-2018-16864](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16864), [CVE-2018-16865](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16865))<br> - Fix systemd-journald out of bounds read ([CVE-2018-16866](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16866))<br> - Fix ntpq, ntpdc buffer overflow ([CVE-2018-12327](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12327))<br> - Fix etcd improper authentication with RBAC and client certs ([CVE-2018-16886](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16886))<br><br>Changes:<br> - Add `ip_vs_mh` kernel module ([#2542](https://github.com/coreos/bugs/issues/2542))<br><br>Updates:<br> - etcd [3.3.11](https://github.com/etcd-io/etcd/releases/tag/v3.3.11)<br> - etcdctl [3.3.11](https://github.com/etcd-io/etcd/releases/tag/v3.3.11)<br> - Linux [4.19.15](https://lwn.net/Articles/776607/)<br> - ntp [4.2.8p12](https://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ChangeLog-stable)<br> - sudo [1.8.25p1](https://www.sudo.ws/stable.html#1.8.25p1)<br><br>Packages:<br>- docker 18.06.1<br>- ignition 0.30.0<br>- kernel 4.19.15<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2019-01-18T14:03:21+00:00 @@ -3174,7 +3198,7 @@ https://github.com/flatcar/manifest/releases/tag/v2016.0.0 2016.0.0 - 2023-10-25T10:20:42.425783+00:00 + 2023-11-22T09:59:32.255838+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v2016.0.0):<br><br>Bug fixes:<br><br>- Fix monitoring process events over netlink ([#2537](https://github.com/coreos/bugs/issues/2537))<br><br>Updates:<br>- Ignition [0.30.0](https://github.com/coreos/ignition/releases/tag/v0.30.0)<br>- Go [1.10.7](https://golang.org/doc/devel/release.html#go1.10.minor)<br>- Go [1.11.4](https://golang.org/doc/devel/release.html#go1.11.minor)<br>- Linux [4.19.13](https://lwn.net/Articles/775720/)<br>Packages:<br>- docker 18.06.1<br>- ignition 0.30.0<br>- kernel 4.19.13<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2019-01-18T09:11:32+00:00 @@ -3182,7 +3206,7 @@ https://github.com/flatcar/manifest/releases/tag/v1995.0.0 1995.0.0 - 2023-10-25T10:20:42.421202+00:00 + 2023-11-22T09:59:32.251137+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1995.0.0):<br><br>Security fixes:<br>- Fix Go CPU denial of service in X.509 verification ([CVE-2018-16875](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16875))<br>- Fix PolicyKit always authorizing UIDs greater than `INT_MAX` ([CVE-2018-19788](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19788))<br><br>Bug fixes:<br>- Fix AWS, Azure, and GCE disk aliases in the initramfs for Ignition ([#2531](https://github.com/coreos/bugs/issues/2531))<br><br>Updates:<br>- Go [1.10.6](https://golang.org/doc/devel/release.html#go1.10.minor)<br>- Go [1.11.3](https://golang.org/doc/devel/release.html#go1.11.minor)<br>- Ignition [0.29.1](https://github.com/coreos/ignition/releases/tag/v0.29.1)<br>- Linux [4.19.9](https://lwn.net/Articles/774847/)<br>- Rust [1.31.0](https://blog.rust-lang.org/2018/12/06/Rust-1.31-and-rust-2018.html)<br>- wa-linux-agent [2.2.32](https://github.com/Azure/WALinuxAgent/releases/tag/v2.2.32)<br>Packages:<br>- docker 18.06.1<br>- ignition 0.29.1<br>- kernel 4.19.9<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-12-21T09:09:39+00:00 @@ -3190,7 +3214,7 @@ https://github.com/flatcar/manifest/releases/tag/v1981.0.0 1981.0.0 - 2023-10-25T10:20:42.416307+00:00 + 2023-11-22T09:59:32.246146+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1981.0.0):<br><br>Updates:<br> - Linux [4.19.6](https://lwn.net/Articles/773528/)<br> - iptables [1.6.2](https://www.netfilter.org/projects/iptables/files/changes-iptables-1.6.2.txt)<br>Packages:<br>- docker 18.06.1<br>- ignition 0.28.0<br>- kernel 4.19.6<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-12-06T09:45:28+00:00 @@ -3198,7 +3222,7 @@ https://github.com/flatcar/manifest/releases/tag/v1967.0.0 1967.0.0 - 2023-10-25T10:20:42.411929+00:00 + 2023-11-22T09:59:32.241532+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1967.0.0):<br><br>Security fixes:<br>- Disable containerd CRI plugin to stop it from listening on a TCP port ([#2524](https://github.com/coreos/bugs/issues/2524))<br>- Fix curl buffer overrun in NTLM authentication code ([CVE-2018-14618](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14618))<br>- Fix OpenSSL TLS client denial of service ([CVE-2018-0732](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0732))<br>- Fix OpenSSL timing side channel in DSA signature generation ([CVE-2018-0734](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734))<br>- Fix OpenSSL timing side channel via SMT port contention ([CVE-2018-5407](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407))<br><br>Updates:<br>- coreos-metadata [3.0.2](https://github.com/coreos/coreos-metadata/releases/tag/v3.0.2)<br>- curl [7.61.1](https://curl.haxx.se/changes.html#7_61_1)<br>- Go [1.10.5](https://golang.org/doc/devel/release.html#go1.10.minor)<br>- Go [1.11.2](https://golang.org/doc/devel/release.html#go1.11.minor)<br>- Linux [4.19.2](https://lwn.net/Articles/771883/)<br>- OpenSSL [1.0.2p](https://www.openssl.org/news/openssl-1.0.2-notes.html)<br>- Rust [1.30.1](https://blog.rust-lang.org/2018/11/08/Rust-1.30.1.html)<br>Packages:<br>- docker 18.06.1<br>- ignition 0.28.0<br>- kernel 4.19.2<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-11-21T10:58:39+00:00 @@ -3206,7 +3230,7 @@ https://github.com/flatcar/manifest/releases/tag/v1953.0.0 1953.0.0 - 2023-10-25T10:20:42.406809+00:00 + 2023-11-22T09:59:32.236280+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1953.0.0):<br><br>Security fixes:<br>- Fix systemd re-executing with arbitrary supplied state ([CVE-2018-15686](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15686))<br>- Fix systemd race allowing changing file permissions ([CVE-2018-15687](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15687))<br>- Fix systemd-networkd buffer overflow in the dhcp6 client ([CVE-2018-15688](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15688))<br><br>Bug fixes:<br>- Add AWS and GCE disk aliases in the initramfs for Ignition ([#2481](https://github.com/coreos/bugs/issues/2481))<br>- Add compatibility `nf_conntrack_ipv4` kernel module to fix kube-proxy IPVS on Linux 4.19 ([#2518](https://github.com/coreos/bugs/issues/2518))<br><br>Updates:<br>- IANA timezone database [2018e](https://mm.icann.org/pipermail/tz-announce/2018-May/000050.html)<br>- kexec-tools [2.0.17](https://git.kernel.org/pub/scm/utils/kernel/kexec/kexec-tools.git/log/?h=v2.0.17)<br>- Linux [4.19.1](https://lwn.net/Articles/770746/)<br>Packages:<br>- docker 18.06.1<br>- ignition 0.28.0<br>- kernel 4.19.1<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-11-08T16:14:40+00:00 @@ -3214,7 +3238,7 @@ https://github.com/flatcar/manifest/releases/tag/v1939.0.0 1939.0.0 - 2023-10-25T10:20:42.401845+00:00 + 2023-11-22T09:59:32.231089+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1939.0.0):<br><br>Security fixes:<br>- Fix Git remote code execution during recursive clone ([CVE-2018-17456](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17456))<br>- Fix OpenSSH user enumeration ([CVE-2018-15473](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15473))<br>- Fix Rust standard library integer overflow ([CVE-2018-1000810](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000810))<br><br>Bug fixes:<br>- Fix missing kernel headers ([#2505](https://github.com/coreos/bugs/issues/2505))<br><br>Updates:<br>- coreos-metadata [3.0.1](https://github.com/coreos/coreos-metadata/releases/tag/v3.0.1)<br>- etcd-wrapper [3.3.10](https://github.com/etcd-io/etcd/releases/tag/v3.3.10)<br>- etcdctl [3.3.10](https://github.com/etcd-io/etcd/releases/tag/v3.3.10)<br>- Git [2.18.1](https://raw.githubusercontent.com/git/git/v2.18.1/Documentation/RelNotes/2.18.1.txt)<br>- Linux [4.19](https://lwn.net/Articles/769110/)<br>- linux-firmware [20181001](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/log/?id=7c81f23ad903f72e87e2102d8f52408305c0f7a2)<br>- OpenSSH [7.7p1](https://www.openssh.com/txt/release-7.7)<br>- Rust [1.29.1](https://blog.rust-lang.org/2018/09/25/Rust-1.29.1.html)<br>Packages:<br>- docker 18.06.1<br>- ignition 0.28.0<br>- kernel 4.19.0<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-10-26T10:15:37+00:00 @@ -3222,7 +3246,7 @@ https://github.com/flatcar/manifest/releases/tag/v1925.0.0 1925.0.0 - 2023-10-25T10:20:42.396781+00:00 + 2023-11-22T09:59:32.225746+00:00 ## Flatcar updates<br><br>Changes:<br><br>* Add new image signing subkey to `flatcar-install` ([flatcar-linux/init#4](https://github.com/flatcar/init/pull/4))<br><br>Bug fixes:<br><br>* Fix `/usr/lib/coreos` symlink for Container Linux compatibility ([flatcar-linux/coreos-overlay#8](https://github.com/flatcar/coreos-overlay/pull/8))<br><br>## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1925.0.0):<br><br>Updates:<br>- glibc [2.26](https://sourceware.org/ml/libc-alpha/2017-08/msg00010.html)<br>- Go [1.11.1](https://golang.org/doc/devel/release.html#go1.11.minor)<br>- Linux [4.18.12](https://lwn.net/Articles/767627/)<br>- nfs-utils [2.3.1](https://lwn.net/Articles/741961/)<br>- open-vm-tools [10.3.0](https://github.com/vmware/open-vm-tools/blob/stable-10.3.0/ReleaseNotes.md)<br>Packages:<br>- docker 18.06.1<br>- ignition 0.28.0<br>- kernel 4.18.12<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-10-11T13:18:48+00:00 @@ -3230,7 +3254,7 @@ https://github.com/flatcar/manifest/releases/tag/v1911.0.2 1911.0.2 - 2023-10-25T10:20:42.392051+00:00 + 2023-11-22T09:59:32.220835+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1911.0.2):<br><br>Bug fixes:<br>- Fix Google Compute Engine OS Login activation ([#2503](https://github.com/coreos/bugs/issues/2503))<br><br>Updates:<br>- Linux [4.18.9](https://lwn.net/Articles/765657/)<br>Packages:<br>- docker 18.06.1<br>- ignition 0.28.0<br>- kernel 4.18.9<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-10-01T17:46:23+00:00 @@ -3238,7 +3262,7 @@ https://github.com/flatcar/manifest/releases/tag/v1897.0.0 1897.0.0 - 2023-10-25T10:20:42.387626+00:00 + 2023-11-22T09:59:32.216249+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1897.0.0):<br><br>Bug fixes:<br>- Fix Docker mounting named volumes ([#2497](https://github.com/coreos/bugs/issues/2497))<br>- Fix Azure disk detection in Ignition ([#2481](https://github.com/coreos/bugs/issues/2481))<br><br>Changes:<br>- Add support for Google Compute Engine OS Login<br>- Enable support for Mellanox Ethernet switches<br><br>Updates:<br>- coreos-metadata [3.0.0](https://github.com/coreos/coreos-metadata/releases/tag/v3.0.0)<br>- Go [1.10.4](https://golang.org/doc/devel/release.html#go1.10.minor)<br>- Go [1.11](https://golang.org/doc/go1.11)<br>- intel-microcode [20180807a](https://downloadcenter.intel.com/download/28087)<br>- Linux [4.18.7](https://lwn.net/Articles/764459/)<br>- update-ssh-keys [0.3.0](https://github.com/coreos/update-ssh-keys/releases/tag/v0.3.0)<br>Packages:<br>- docker 18.06.1<br>- ignition 0.28.0<br>- kernel 4.18.7<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-09-14T13:25:22+00:00 @@ -3246,7 +3270,7 @@ https://github.com/flatcar/manifest/releases/tag/v1883.0.0 1883.0.0 - 2023-10-25T10:20:42.382797+00:00 + 2023-11-22T09:59:32.211210+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1883.0.0):<br><br>Changes:<br>- Add CIFS userspace utilities ([#571](https://github.com/coreos/bugs/issues/571))<br>- Drop AWS PV images from regions which do not support PV<br><br>Updates:<br>- containerd [1.1.2](https://github.com/containerd/containerd/releases/tag/v1.1.2)<br>- Docker [18.06.1-ce](https://github.com/docker/docker-ce/releases/tag/v18.06.1-ce)<br>- Ignition [0.28.0](https://github.com/coreos/ignition/releases/tag/v0.28.0)<br>- Linux [4.18.5](https://lwn.net/Articles/763431/)<br>- Rust [1.28.0](https://blog.rust-lang.org/2018/08/02/Rust-1.28.html)<br>Packages:<br>- docker 18.06.1<br>- ignition 0.28.0<br>- kernel 4.18.5<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-08-29T17:07:21+00:00 @@ -3254,7 +3278,7 @@ https://github.com/flatcar/manifest/releases/tag/v1871.0.0 1871.0.0 - 2023-10-25T10:20:42.378142+00:00 + 2023-11-22T09:59:32.206379+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1871.0.0):<br><br>Security fixes:<br>- Fix Linux remote denial of service ([FragmentSmack](https://access.redhat.com/security/cve/cve-2018-5391), [CVE-2018-5391](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5391))<br>- Fix Linux privileged memory access via speculative execution ([L1TF/Foreshadow](https://foreshadowattack.eu/), [CVE-2018-3620](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3620), [CVE-2018-3646](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3646))<br>- Fix curl SMTP buffer overflow ([CVE-2018-0500](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0500))<br><br>Bug fixes:<br>- Fix PXE systems attempting to mount an ESP ([#2491](https://github.com/coreos/bugs/issues/2491))<br><br>Updates:<br>- coreos-metadata [2.0.0](https://github.com/coreos/coreos-metadata/releases/tag/v2.0.0)<br>- curl [7.61.0](https://curl.haxx.se/changes.html#7_61_0)<br>- Ignition [0.27.0](https://github.com/coreos/ignition/releases/tag/v0.27.0)<br>- Linux [4.17.15](https://lwn.net/Articles/762807/)<br>- update-ssh-keys [0.2.1](https://github.com/coreos/update-ssh-keys/releases/tag/v0.2.1)<br>Packages:<br>- docker 18.06.0<br>- ignition 0.27.0<br>- kernel 4.17.15<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-08-17T12:11:12+00:00 @@ -3262,7 +3286,7 @@ https://github.com/flatcar/manifest/releases/tag/v1855.1.0 1855.1.0 - 2023-10-25T10:20:42.373087+00:00 + 2023-11-22T09:59:32.201212+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1855.1.0):<br><br>Security fixes:<br>- Fix Linux local denial of service as Xen PV guest ([CVE-2018-14678](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14678))<br><br>Bug fixes:<br>- Fix failure to mount large ext4 filesystems ([#2485](https://github.com/coreos/bugs/issues/2485))<br><br>Updates:<br>- Linux [4.17.12](https://lwn.net/Articles/761766/)<br>Packages:<br>- docker 18.06.0<br>- ignition 0.26.0<br>- kernel 4.17.12<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-08-08T10:49:49+00:00 @@ -3270,7 +3294,7 @@ https://github.com/flatcar/manifest/releases/tag/v1855.0.0 1855.0.0 - 2023-10-25T10:20:42.368597+00:00 + 2023-11-22T09:59:32.196597+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1855.0.0):<br><br>Changes:<br>- [Remove ARM64 architecture](https://groups.google.com/d/topic/coreos-user/3Z2S6bKNF5E/discussion)<br>- [Remove developer image from SDK](https://groups.google.com/d/topic/coreos-dev/JNU-UDYprMo/discussion)<br><br>Updates:<br>- etcd [3.3.9](https://github.com/coreos/etcd/releases/tag/v3.3.9)<br>- etcdctl [3.3.9](https://github.com/coreos/etcd/releases/tag/v3.3.9)<br>- Linux [4.17.11](https://lwn.net/Articles/761179/)<br>Packages:<br>- docker 18.06.0<br>- ignition 0.26.0<br>- kernel 4.17.11<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-07-31T09:15:59+00:00 @@ -3278,7 +3302,7 @@ https://github.com/flatcar/manifest/releases/tag/v1849.0.0 1849.0.0 - 2023-10-25T10:20:42.364036+00:00 + 2023-11-22T09:59:32.191804+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1849.0.0):<br><br>Changes:<br>- Add torcx remotes support<br><br>Updates:<br>- containerd [1.1.1](https://github.com/containerd/containerd/releases/tag/v1.1.1)<br>- Docker [18.06.0-ce](https://github.com/docker/docker-ce/releases/tag/v18.06.0-ce)<br>- intel-microcode [20180703](https://downloadcenter.intel.com/download/27945/Linux-Processor-Microcode-Data-File)<br>- Linux [4.17.9](https://lwn.net/Articles/760499/)<br>- Update Engine [0.4.9](https://github.com/coreos/update_engine/releases/tag/v0.4.9)<br><br>Packages:<br>- docker 18.06.0<br>- ignition 0.26.0<br>- kernel 4.17.9<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-07-26T09:41:44+00:00 @@ -3286,7 +3310,7 @@ https://github.com/flatcar/manifest/releases/tag/v1828.0.0 1828.0.0 - 2023-10-25T10:20:42.359428+00:00 + 2023-11-22T09:59:32.186865+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1828.0.0):<br><br>Security fixes:<br>- Fix curl buffer overflows ([CVE-2018-1000300](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000300), [CVE-2018-1000301](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000301))<br>- Fix Linux random seed during early boot ([CVE-2018-1108](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1108))<br><br>Changes:<br>- Reads of `/dev/urandom` early in boot will block until entropy pool is fully initialized<br>- Support friendly AWS EBS NVMe device names ([#2399](https://github.com/coreos/bugs/issues/2399))<br><br>Updates:<br>- cryptsetup [1.7.5](https://mirrors.edge.kernel.org/pub/linux/utils/cryptsetup/v1.7/v1.7.5-ReleaseNotes)<br>- curl [7.60.0](https://curl.haxx.se/changes.html#7_60_0)<br>- etcd-wrapper [3.3.8](https://github.com/coreos/etcd/releases/tag/v3.3.8)<br>- etcdctl [3.3.8](https://github.com/coreos/etcd/releases/tag/v3.3.8)<br>- intel-microcode [20180616](https://downloadcenter.intel.com/download/27776/Linux-Processor-Microcode-Data-File)<br>- kmod [25](https://git.kernel.org/pub/scm/utils/kernel/kmod/kmod.git/tree/NEWS?h=v25)<br>- Linux [4.17.3](https://lwn.net/Articles/758268/)<br>- linux-firmware [20180606](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/log/?id=d1147327232ec4616a66ab898df84f9700c816c1)<br>- Locksmith [0.6.2](https://github.com/coreos/locksmith/releases/tag/v0.6.2)<br>- OpenSSL [1.0.2o](https://www.openssl.org/news/openssl-1.0.2-notes.html)<br>Packages:<br>- docker 18.05.0<br>- ignition 0.26.0<br>- kernel 4.17.3<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-07-05T13:56:54+00:00 @@ -3294,7 +3318,7 @@ https://github.com/flatcar/manifest/releases/tag/v1814.0.0 1814.0.0 - 2023-10-25T10:20:42.354230+00:00 + 2023-11-22T09:59:32.181565+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1814.0.0):<br><br>Bug fixes:<br>- Fix Hyper-V network driver regression ([#2454](https://github.com/coreos/bugs/issues/2454))<br><br>Changes:<br>- [Drop obsolete `cros_sdk` method of entering SDK](https://groups.google.com/d/topic/coreos-dev/JV3s-j51Tcw/discussion)<br><br>Updates:<br>- etcd [3.3.7](https://github.com/coreos/etcd/releases/tag/v3.3.7)<br>- etcdctl [3.3.7](https://github.com/coreos/etcd/releases/tag/v3.3.7)<br>- Go [1.9.7](https://golang.org/doc/devel/release.html#go1.9.minor)<br>- Go [1.10.3](https://golang.org/doc/devel/release.html#go1.10.minor)<br>- Ignition [0.26.0](https://github.com/coreos/ignition/releases/tag/v0.26.0)<br>- Linux [4.16.16](https://lwn.net/Articles/757679/)<br>- torcx [0.2.0](https://github.com/coreos/torcx/releases/tag/v0.2.0)<br>Packages:<br>- docker 18.05.0<br>- ignition 0.26.0<br>- kernel 4.16.16<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-06-22T10:18:59+00:00 @@ -3302,7 +3326,7 @@ https://github.com/flatcar/manifest/releases/tag/v1800.1.0 1800.1.0 - 2023-10-25T10:20:42.349388+00:00 + 2023-11-22T09:59:32.176537+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1800.1.0):<br><br>Bug fixes:<br>- Fix Hyper-V network driver regression ([#2454](https://github.com/coreos/bugs/issues/2454))<br>Packages:<br>- docker 18.05.0<br>- ignition 0.25.1<br>- kernel 4.16.14<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-06-13T13:23:42+00:00 @@ -3310,7 +3334,7 @@ https://github.com/flatcar/manifest/releases/tag/v1800.0.0 1800.0.0 - 2023-10-25T10:20:42.344927+00:00 + 2023-11-22T09:59:32.171921+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1800.0.0):<br><br>Security fixes:<br> - Fix multiple procps vulnerabilities ([CVE-2018-1120](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1120), [CVE-2018-1121](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1121), [CVE-2018-1122](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1122), [CVE-2018-1123](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1123), [CVE-2018-1124](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1124), [CVE-2018-1125](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1125), [CVE-2018-1126](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1126), [CVE-2018-1120](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1120), [CVE-2018-1121](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1121), [CVE-2018-1122](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1122), [CVE-2018-1123](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1123), [CVE-2018-1124](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1124), [CVE-2018-1126](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1126))<br> - Fix shadow privilege escalation ([CVE-2018-7169](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7169))<br> - Fix samba man-in-the-middle attack ([CVE-2016-2119](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2119))<br> - Fix Git arbitrary code execution when cloning untrusted repositories ([CVE-2018-11235](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11235))<br><br>Bug fixes:<br>- Fix failure to set network interface MTU ([#2443](https://github.com/coreos/bugs/issues/2443))<br>- Fix inadvertent change of network interface names ([#2437](https://github.com/coreos/bugs/issues/2437))<br>- Fix Docker bind mounts from root filesystem ([#2440](https://github.com/coreos/bugs/issues/2440))<br><br>Changes:<br> - Update VMware virtual hardware version to 11 (ESXi > 6.0)<br><br>Updates:<br> - etcd [3.3.6](https://github.com/coreos/etcd/releases/tag/v3.3.6)<br> - etcdctl [3.3.6](https://github.com/coreos/etcd/releases/tag/v3.3.6)<br> - Git [2.16.4](https://raw.githubusercontent.com/git/git/v2.16.4/Documentation/RelNotes/2.16.4.txt)<br> - Linux [4.16.14](https://lwn.net/Articles/756651/)<br> - open-vm-tools [10.2.5](https://docs.vmware.com/en/VMware-Tools/10.2/rn/vmware-tools-1025-release-notes.html)<br> - procps [3.3.15](https://gitlab.com/procps-ng/procps/tags/v3.3.15)<br> - samba [4.5.16](https://www.samba.org/samba/history/samba-4.5.16.html)<br> - shadow [4.6](https://github.com/shadow-maint/shadow/releases/tag/4.6)<br>Packages:<br>- docker 18.05.0<br>- ignition 0.25.1<br>- kernel 4.16.14<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-06-12T10:15:01+00:00 @@ -3318,7 +3342,7 @@ https://github.com/flatcar/manifest/releases/tag/v1786.2.0 1786.2.0 - 2023-10-25T10:20:42.338939+00:00 + 2023-11-22T09:59:32.165774+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1786.2.0):<br><br>Security fixes:<br>- Fix Git arbitrary code execution when cloning untrusted repositories ([CVE-2018-11235](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11235))<br><br>Bug fixes:<br>- Fix failure to set network interface MTU ([#2443](https://github.com/coreos/bugs/issues/2443))<br><br>Updates:<br>- Git [2.16.4](https://raw.githubusercontent.com/git/git/v2.16.4/Documentation/RelNotes/2.16.4.txt)<br>- Linux [4.16.13](https://lwn.net/Articles/755961/)<br>Packages:<br>- docker 18.05.0<br>- ignition 0.25.1<br>- kernel 4.16.13<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-06-01T13:23:42+00:00 @@ -3326,7 +3350,7 @@ https://github.com/flatcar/manifest/releases/tag/v1786.1.0 1786.1.0 - 2023-10-25T10:20:42.334309+00:00 + 2023-11-22T09:59:32.160911+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1786.1.0):<br><br>Bug fixes:<br>- Fix inadvertent change of network interface names ([#2437](https://github.com/coreos/bugs/issues/2437))<br>- Fix Docker bind mounts from root filesystem ([#2440](https://github.com/coreos/bugs/issues/2440))<br><br>Packages:<br>- docker 18.05.0<br>- ignition 0.25.1<br>- kernel 4.16.10<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-05-27T09:02:47+00:00 @@ -3334,7 +3358,7 @@ https://github.com/flatcar/manifest/releases/tag/v1786.0.1 1786.0.1 - 2023-10-25T10:20:42.329780+00:00 + 2023-11-22T09:59:32.156149+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1786.0.1):<br><br>Security fixes:<br><br>- Fix ncurses denial of service and arbitrary code execution ([CVE-2017-10684](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10684), [CVE-2017-10685](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10685), [CVE-2017-11112](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11112), [CVE-2017-11113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11113), [CVE-2017-13728](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13728), [CVE-2017-13729](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13729), [CVE-2017-13730](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13730), [CVE-2017-13731](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13731), [CVE-2017-13732](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13732), [CVE-2017-13733](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13733), [CVE-2017-13734](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13734), [CVE-2017-16879](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16879))<br>- Fix rsync arbitrary command execution ([CVE-2018-5764](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5764))<br>- Fix wget cookie injection ([CVE-2018-0494](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0494))<br><br>Changes:<br>- Enable QLogic FCoE offload support ([#2367](https://github.com/coreos/bugs/issues/2367))<br>- Enable hardware RNG kernel drivers ([#2430](https://github.com/coreos/bugs/issues/2430))<br>- Add `notrap` to ntpd default access restrictions ([#2220](https://github.com/coreos/bugs/issues/2220))<br>- Allow booting default GRUB menu entry if GRUB password is enabled ([#1597](https://github.com/coreos/bugs/issues/1597))<br>- `coreos-install -i` no longer modifies `grub.cfg` ([#2291](https://github.com/coreos/bugs/issues/2291))<br>- QEMU wrapper script now enables VirtIO RNG device<br><br>Updates:<br>- bind-tools [9.11.2-P1](https://kb.isc.org/article/AA-01550/0/BIND-9.11.2-P1-Release-Notes.html)<br>- Docker [18.05.0-ce](https://github.com/docker/docker-ce/releases/tag/v18.05.0-ce)<br>- etcd-wrapper [3.3.5](https://github.com/coreos/etcd/releases/tag/v3.3.5)<br>- etcdctl [3.3.5](https://github.com/coreos/etcd/releases/tag/v3.3.5)<br>- GnuPG [2.2.7](https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000424.html)<br>- GPT fdisk [1.0.3](https://sourceforge.net/p/gptfdisk/code/ci/f1f6236fb44392bfe5673bc3889a2b17b1696b90/tree/NEWS)<br>- Ignition [0.25.1](https://github.com/coreos/ignition/releases/tag/v0.25.1)<br>- Less [529](http://www.greenwoodsoftware.com/less/news.529.html)<br>- Linux [4.16.10](https://lwn.net/Articles/754971/)<br>- rsync [3.1.3](https://download.samba.org/pub/rsync/src/rsync-3.1.3-NEWS)<br>- Rust [1.26](https://blog.rust-lang.org/2018/05/10/Rust-1.26.html)<br>- util-linux [2.32](https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.32/v2.32-ReleaseNotes)<br>- vim [8.0.1298](http://ftp.vim.org/pub/vim/patches/8.0/README)<br>- wget [1.19.5](https://git.savannah.gnu.org/cgit/wget.git/tree/NEWS?h=v1.19.5&id=15a39093b8751596fe87a6c1f143dff6b6a818ee)<br>Packages:<br>- docker 18.05.0<br>- ignition 0.25.1<br>- kernel 4.16.10<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-05-26T15:29:50+00:00 @@ -3342,7 +3366,7 @@ https://github.com/flatcar/manifest/releases/tag/v1772.0.0 1772.0.0 - 2023-10-25T10:20:42.323375+00:00 + 2023-11-22T09:59:32.149617+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1772.0.0):<br><br>Bug fixes:<br>- Fix GRUB free magic error on existing systems ([#2400](https://github.com/coreos/bugs/issues/2400))<br><br>Changes:<br>- Support storing sudoers in SSSD and LDAP<br>- No longer publish Oracle Cloud release images<br><br>Updates:<br>- audit [2.7.1](https://github.com/linux-audit/audit-userspace/blob/60aa3f2bc5f6483654599af4cb91731714079e26/ChangeLog)<br>- coreutils [8.28](https://git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?h=v8.28)<br>- etcd-wrapper [3.3.4](https://github.com/coreos/etcd/releases/tag/v3.3.4)<br>- etcdctl [3.3.4](https://github.com/coreos/etcd/releases/tag/v3.3.4)<br>- Go [1.9.6](https://golang.org/doc/devel/release.html#go1.9.minor)<br>- Go [1.10.2](https://golang.org/doc/devel/release.html#go1.10.minor)<br>- Linux [4.16.7](https://lwn.net/Articles/753348/)<br>- sudo [1.8.23](https://www.sudo.ws/stable.html#1.8.23)<br>- Update Engine [0.4.7](https://github.com/coreos/update_engine/releases/tag/v0.4.7)<br>- wa-linux-agent [2.2.25](https://github.com/Azure/WALinuxAgent/releases/tag/v2.2.25)<br>Packages:<br>- docker 18.04.0<br>- ignition 0.24.0<br>- kernel 4.16.7<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-05-11T11:45:29+00:00 @@ -3350,7 +3374,7 @@ https://github.com/flatcar/manifest/releases/tag/v1758.0.0 1758.0.0 - 2023-10-25T10:20:42.318248+00:00 + 2023-11-22T09:59:32.144138+00:00 ## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1758.0.0):<br><br>Security fixes:<br> - Fix ntp clock manipulation from ephemeral connections ([CVE-2016-1549](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549), [CVE-2018-7170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7170))<br> - Fix ntp denial of service from out of bounds read ([CVE-2018-7182](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7182)) <br> - Fix ntp denial of service from packets with timestamp 0 ([CVE-2018-7184](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7184), [CVE-2018-7185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7185))<br> - Fix ntp remote code execution ([CVE-2018-7183](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7183))<br><br>Bug fixes:<br> - Pass `/etc/machine-id` from the host to the kubelet<br> - Fix docker2aci tar conversion ([#2402](https://github.com/coreos/bugs/issues/2402))<br> - Switch `/boot` from FAT16 to FAT32 ([#2246](https://github.com/coreos/bugs/issues/2246))<br><br>Changes:<br> - Make Ignition failures more visible on the console<br><br>Updates:<br> - containerd [1.0.3](https://github.com/containerd/containerd/releases/tag/v1.0.3)<br> - coreos-cloudinit [1.14.0](https://github.com/coreos/coreos-cloudinit/releases/tag/v1.14.0)<br> - coreos-metadata [1.0.6](https://github.com/coreos/coreos-metadata/releases/tag/v1.0.6)<br> - Docker [18.04.0-ce](https://docs.docker.com/release-notes/docker-ce/#18040-ce-2018-04-10)<br> - Go [1.9.5](https://golang.org/doc/devel/release.html#go1.9.minor)<br> - Go [1.10.1](https://golang.org/doc/devel/release.html#go1.10.minor)<br> - Linux [4.16.3](https://lwn.net/ml/linux-kernel/20180419074956.GA22325@kroah.com/)<br> - ntp [4.2.8p11](https://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ChangeLog-stable)<br> - rkt [1.30.0](https://github.com/rkt/rkt/releases/tag/v1.30.0)<br> - Rust [1.25.0](https://blog.rust-lang.org/2018/03/29/Rust-1.25.html)<br> - torcx [0.1.3](https://github.com/coreos/torcx/releases/tag/v0.1.3)<br> - update-ssh-keys [0.1.2](https://github.com/coreos/update-ssh-keys/releases/tag/v0.1.2)<br>Packages:<br>- docker 18.04.0<br>- ignition 0.24.0<br>- kernel 4.16.3<br>- rkt 1.30.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-04-26T09:58:53+00:00 @@ -3358,7 +3382,7 @@ https://github.com/flatcar/manifest/releases/tag/v1745.0.0 1745.0.0 - 2023-10-25T10:20:42.312289+00:00 + 2023-11-22T09:59:32.137838+00:00 ## Flatcar updates<br><br>Initial Flatcar release.<br><br>Notes:<br>- Previous test images have been removed from the release servers. This is due to a new update key being generated using our updated security policy which we [included](https://github.com/flatcar/coreos-overlay/pull/6) in the first public image.<br><br>## [Upstream Container Linux updates](https://github.com/coreos/manifest/releases/tag/v1745.0.0):<br><br>Security fixes:<br>- Fix curl out of bounds read ([CVE-2018-1000005](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000005))<br>- Fix curl authentication data leak ([CVE-2018-1000007](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000007))<br>- Fix curl buffer overflow ([CVE-2018-1000120](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000120))<br>- Fix glibc integer overflow in libcidn ([CVE-2017-14062](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14062))<br>- Fix glibc memory issues in `glob()` with `~` ([CVE-2017-15670](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15670), [CVE-2017-15671](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15671), [CVE-2017-15804](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15804))<br>- Fix glibc mishandling RPATHs with `$ORIGIN` on setuid binaries ([CVE-2017-16997](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16997))<br>- Fix glibc buffer underflow in `realpath()` ([CVE-2018-1000001](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000001))<br>- Fix glibc integer overflow and heap corruption in `memalign()` ([CVE-2018-6485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6485))<br><br>Bug fixes:<br>- Fix GRUB crash at boot ([#2284](https://github.com/coreos/bugs/issues/2284))<br><br>Updates:<br>- curl [7.59.0](https://curl.haxx.se/changes.html#7_59_0)<br>- etcd-wrapper [3.3.3](https://github.com/coreos/etcd/releases/tag/v3.3.3)<br>- etcdctl [3.3.3](https://github.com/coreos/etcd/releases/tag/v3.3.3)<br>- glibc [2.25](https://www.sourceware.org/ml/libc-alpha/2017-02/msg00079.html)<br>- Ignition [0.24.0](https://github.com/coreos/ignition/releases/tag/v0.24.0)<br>- Linux [4.15.15](https://lwn.net/Articles/750656/)<br>- Update Engine [0.4.6](https://github.com/coreos/update_engine/releases/tag/v0.4.6)<br>Packages:<br>- docker 18.03.0<br>- ignition 0.24.0<br>- kernel 4.15.15<br>- rkt 1.29.0<br>- systemd 238<br><br>Architectures:<br>- amd64<br> 2018-04-25T14:36:35+00:00 diff --git a/static/releases-json/releases-alpha.json b/static/releases-json/releases-alpha.json index 459bb9d6..53287145 100644 --- a/static/releases-json/releases-alpha.json +++ b/static/releases-json/releases-alpha.json @@ -3195,30 +3195,44 @@ }, "release_notes": "_Changes since **Alpha 3745.0.0**_\n \n #### Security fixes:\n \n - Go ([CVE-2023-39323](https://nvd.nist.gov/vuln/detail/CVE-2023-39323), [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325))\n - curl ([CVE-2023-38545](https://nvd.nist.gov/vuln/detail/CVE-2023-38545), [CVE-2023-38546](https://nvd.nist.gov/vuln/detail/CVE-2023-38546))\n - glibc ([CVE-2023-4911](https://nvd.nist.gov/vuln/detail/CVE-2023-4911))\n - grub ([CVE-2023-4692](https://nvd.nist.gov/vuln/detail/CVE-2023-4692), [CVE-2023-4693](https://nvd.nist.gov/vuln/detail/CVE-2023-4693))\n - libtirpc ([libtirpc-rhbg-2138317](http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=4a2d85c64110ee9e21a8c4f9dafd6b0ae621506d), [libtirpc-rhbg-2150611](http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=f7f0abdf267698de3f74a0285405b1b01f40893b), [libtirpc-rhbg-2224666](http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=1d2e10afb2ffc35cb3623f57a15f712359f18e75))\n \n #### Bug fixes:\n \n - Added AWS EKS support for versions 1.24-1.28. Fixed `/usr/share/amazon/eks/download-kubelet.sh` to include download paths for these versions. ([scripts#1210](https://github.com/flatcar/scripts/pull/1210))\n - Disabled systemd-networkd's RoutesToDNS setting by default to fix provisioning failures observed in VMs with multiple network interfaces on Azure ([scripts#1206](https://github.com/flatcar/scripts/pull/1206))\n - Fixed quotes handling for update-engine ([Flatcar#1209](https://github.com/flatcar/Flatcar/issues/1209))\n - Fixed the postinstall hook failure when updating from Azure instances without OEM systemd-sysext images to Flatcar Alpha 3745.x.y ([update_engine#29](https://github.com/flatcar/update_engine/pull/29))\n \n #### Changes:\n \n - To make Kubernetes work by default, `/usr/libexec/kubernetes/kubelet-plugins/volume/exec` is now a symlink to the writable folder `/var/kubernetes/kubelet-plugins/volume/exec` ([Flatcar#1193](https://github.com/flatcar/Flatcar/issues/1193))\n \n #### Updates:\n \n - Go ([1.20.10](https://go.dev/doc/devel/release#go1.20.10) (includes [1.20.9](https://go.dev/doc/devel/release#go1.20.9)))\n - Linux ([6.1.58](https://lwn.net/Articles/947820) (includes [6.1.57](https://lwn.net/Articles/947298), [6.1.56](https://lwn.net/Articles/946854)))\n - ca-certificates ([3.94](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_94.html))\n - containerd ([1.7.7](https://github.com/containerd/containerd/releases/tag/v1.7.7))\n - curl ([8.4.0](https://curl.se/changes.html#8_4_0))\n - libnl ([3.8.0](https://github.com/thom311/libnl/compare/libnl3_7_0...libnl3_8_0))\n - libtirpc ([1.3.4](https://marc.info/?l=linux-nfs&m=169667640909830&w=2))\n - libxml2 ([2.11.5](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.5))\n - openssh ([9.5p1](https://www.openssh.com/releasenotes.html#9.5p1))\n - pigz ([2.8](https://zlib.net/pipermail/pigz-announce_zlib.net/2023-August/000018.html))\n - strace ([6.4](https://github.com/strace/strace/releases/tag/v6.4))\n - whois ([5.5.18](https://github.com/rfc1036/whois/blob/v5.5.18/debian/changelog))" }, - "current": { + "3794.0.0": { "channel": "alpha", "architectures": [ "amd64", "arm64" ], - "release_date": "2023-10-25 08:37:38 +0000", + "release_date": "2023-11-22 07:53:31 +0000", "major_software": { - "containerd": [ - "1.7.7" + "ignition": [ + "2.15.0" ], - "docker": [ - "20.10.24" + "kernel": [ + "6.1.62" ], + "systemd": [ + "252" + ] + }, + "release_notes": "**This release removes the legacy \"torcx\" image customisation and replaces this feature with systemd-sysext. Torcx enabled users to deploy custom docker versions; however, it required special packaging using the Flatcar SDK.** Please refer to the \"Changes\" section below for details.\n\n**This release ships a major Docker update: Docker was upgraded to version 24 (from version 20 in the previous release). Please see the \"Changes\" section below for details.**\n\n _Changes since **Alpha 3760.0.0**_\n \n #### Security fixes:\n \n - Linux ([CVE-2023-35827](https://nvd.nist.gov/vuln/detail/CVE-2023-35827), [CVE-2023-46813](https://nvd.nist.gov/vuln/detail/CVE-2023-46813), [CVE-2023-46862](https://nvd.nist.gov/vuln/detail/CVE-2023-46862), [CVE-2023-5178](https://nvd.nist.gov/vuln/detail/CVE-2023-5178), [CVE-2023-5717](https://nvd.nist.gov/vuln/detail/CVE-2023-5717))\n - VMWare: open-vm-tools ([CVE-2023-34058](https://nvd.nist.gov/vuln/detail/CVE-2023-34058), [CVE-2023-34059](https://nvd.nist.gov/vuln/detail/CVE-2023-34059))\n - nghttp2 ([CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487))\n - samba ([CVE-2023-4091](https://nvd.nist.gov/vuln/detail/CVE-2023-4091))\n - zlib ([CVE-2023-45853](https://nvd.nist.gov/vuln/detail/CVE-2023-45853))\n \n #### Bug fixes:\n \n - Fixed iterating over the OEM update payload signatures which prevented the AWS OEM update to 3745.x.y ([update-engine#31](https://github.com/flatcar/update_engine/pull/31))\n - Made `sshkeys.service` more robust to only run `coreos-metadata-sshkeys@core.service` when not masked and also retry on failure ([init#112](https://github.com/flatcar/init/pull/112))\n - Set TTY used for fetching server_context to RAW mode before running cloudinit on cloudsigma ([scripts#1280](https://github.com/flatcar/scripts/pull/1280))\n\n\n #### Known issues:\n\n- docker and containerd packages information are missing from `flatcar_production_image_packages.txt` ([flatcar#1260](https://github.com/flatcar/Flatcar/issues/1260))\n \n #### Changes:\n \n - **Torcx, the mechanism to provide a custom Docker version, was replaced by systemd-sysext in the OS image**. Learn more about sysext and how to customise OS images [here](https://www.flatcar.org/docs/latest/provisioning/sysext/).\n - Torcx entered deprecation 2 years ago in favour of [deploying plain Docker binaries](https://www.flatcar.org/docs/latest/container-runtimes/use-a-custom-docker-or-containerd-version/)\n (which is now also a legacy option because systemd-sysext offers a more robust and better structured way of customisation, including OS independent updates).\n - Torcx has been removed entirely; if you use Torcx to extend the Flatcar base OS image, please refer to our [conversion script](https://www.flatcar.org/docs/latest/provisioning/sysext/#torcx-deprecation) and to the sysext documentation mentioned above for migrating.\n - Consequently, `update_engine` will not perform torcx sanity checks post-update anymore.\n - Relevant changes: [scripts#1216](https://github.com/flatcar/scripts/pull/1216), [update_engine#30](https://github.com/flatcar/update_engine/pull/30), [Mantle#466](https://github.com/flatcar/mantle/pull/466), [Mantle#465](https://github.com/flatcar/mantle/pull/465).\n- cri-tools, runc, containerd, docker, and docker-cli are now built from Gentoo upstream ebuilds. Docker received a major version upgrade - it was updated to Docker 24 (from Docker 20; see \"updates\").\n - **NOTE:** The docker btrfs storage driver has been de-prioritised; BTRFS backed storage will now default to the `overlay2` driver\n ([changelog](https://docs.docker.com/engine/release-notes/23.0/#bug-fixes-and-enhancements-6), [upstream pr](https://github.com/moby/moby/pull/42661)).\n Using the btrfs driver can still be enforced by creating a respective [docker config](https://docs.docker.com/storage/storagedriver/btrfs-driver/#configure-docker-to-use-the-btrfs-storage-driver) at `/etc/docker/daemon.json`.\n - **NOTE:** If you are already using btrfs-backed Docker storage and are upgrading to this new version, Docker will automatically use the `btrfs` storage driver for backwards-compatibility with your deployment.\n - **Docker will remove the `btrfs` driver entirely in a future version. Please consider migrating your deployments to the `overlay2` driver.**\n - Brightbox: The regular OpenStack image should now be used, it includes Afterburn for instance metadata attributes\n - OpenStack: An uncompressed image is provided for simpler import (since the images use qcow2 inline compression, there is no benefit in using the `.gz` or `.bz2` images)\n\n #### Updates:\n \n - Azure: WALinuxAgent ([v2.9.1.1](https://github.com/Azure/WALinuxAgent/releases/tag/v2.9.1.1))\n - DEV, AZURE: python ([3.11.6](https://docs.python.org/release/3.11.6/whatsnew/changelog.html#python-3-11-6))\n - DEV: iperf ([3.15](https://github.com/esnet/iperf/releases/tag/3.15))\n - DEV: smartmontools ([7.4](https://www.smartmontools.org/browser/tags/RELEASE_7_4/smartmontools/NEWS))\n - Go ([1.20.11](https://go.dev/doc/devel/release#go1.20.11))\n - Linux ([6.1.62](https://lwn.net/Articles/950700) (includes [6.1.61](https://lwn.net/Articles/949826), [6.1.60](https://lwn.net/Articles/948817) and [6.1.59](https://lwn.net/Articles/948297)))\n - Linux Firmware ([20231111](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20231111) (includes [20231030](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20231030)))\n - SDK: Rust ([1.73.0](https://github.com/rust-lang/rust/releases/tag/1.73.0))\n - SDK: python packaging ([23.2](https://github.com/pypa/packaging/releases/tag/23.2)), platformdirs ([3.11.0](https://github.com/platformdirs/platformdirs/releases/tag/3.11.0)) \n - VMWare: open-vm-tools ([12.3.5](https://github.com/vmware/open-vm-tools/releases/tag/stable-12.3.5))\n - containerd ([1.7.9](https://github.com/containerd/containerd/releases/tag/v1.7.9) (includes [1.7.8](https://github.com/containerd/containerd/releases/tag/v1.7.8)))\n - cri-tools ([1.27.0](https://github.com/kubernetes-sigs/cri-tools/releases/tag/v1.27.0))\n - ding-libs ([0.6.2](https://github.com/SSSD/ding-libs/releases/tag/0.6.2))\n - docker ([24.0.6](https://docs.docker.com/engine/release-notes/24.0/), includes changes from [23.0](https://docs.docker.com/engine/release-notes/23.0/))\n - ethtool ([6.5](https://git.kernel.org/pub/scm/network/ethtool/ethtool.git/tree/NEWS?h=v6.5))\n - hwdata ([v0.375](https://github.com/vcrhonek/hwdata/releases/tag/v0.375) (includes [0.374](https://github.com/vcrhonek/hwdata/commits/v0.374)))\n - iproute2 ([6.5.0](https://marc.info/?l=linux-netdev&m=169401822317373&w=2))\n - json-c ([0.17](https://github.com/json-c/json-c/blob/json-c-0.17-20230812/ChangeLog))\n - libffi ([3.4.4](https://github.com/libffi/libffi/releases/tag/v3.4.4) (includes [3.4.2](https://github.com/libffi/libffi/releases/tag/v3.4.2) and [3.4.3](https://github.com/libffi/libffi/releases/tag/v3.4.3)))\n - liblinear (246)\n - libsodium ([1.0.19](https://github.com/jedisct1/libsodium/releases/tag/1.0.19-RELEASE))\n - libunistring ([1.1](https://git.savannah.gnu.org/gitweb/?p=libunistring.git;a=blob;f=NEWS;h=5a43ddd7011d62a952733f6c0b7ad52aa4f385c7;hb=8006860b710aae2e8442088c3ddc7d819dfa8ac7))\n - mpc ([1.3.1](https://sympa.inria.fr/sympa/arc/mpc-discuss/2022-12/msg00049.html) (includes [1.3.0](https://sympa.inria.fr/sympa/arc/mpc-discuss/2022-12/msg00028.html))\n - mpfr ([4.2.1](https://gitlab.inria.fr/mpfr/mpfr/-/blob/4.2.1/NEWS))\n - nghttp2 ([1.57.0](https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0) (includes [1.52.0](https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0), [1.53.0](https://github.com/nghttp2/nghttp2/releases/tag/v1.53.0), [1.54.0](https://github.com/nghttp2/nghttp2/releases/tag/v1.54.0), [1.55.0](https://github.com/nghttp2/nghttp2/releases/tag/v1.55.0), [1.55.1](https://github.com/nghttp2/nghttp2/releases/tag/v1.55.1) and [1.56.0](https://github.com/nghttp2/nghttp2/releases/tag/v1.56.0)))\n - nspr ([4.35](https://hg.mozilla.org/projects/nspr/log/b563bfc16c887c48b038b7b441fcc4e40a126d3b))\n - ntp ([4.2.8p17](https://www.ntp.org/support/securitynotice/4_2_8p17-release-announcement/))\n - nvme-cli ([v2.6](https://github.com/linux-nvme/nvme-cli/releases/tag/v2.6), libnvme [v1.6](https://github.com/linux-nvme/libnvme/releases/tag/v1.6))\n - protobuf ([21.12](https://github.com/protocolbuffers/protobuf/releases/tag/v21.12) (includes [21.10](https://github.com/protocolbuffers/protobuf/releases/tag/v21.10) and [21.11](https://github.com/protocolbuffers/protobuf/releases/tag/v21.11)))\n - samba ([4.18.8](https://www.samba.org/samba/history/samba-4.18.8.html))\n - sqlite ([3.43.2](https://www.sqlite.org/releaselog/3_43_2.html))\n - thin-provisioning-tools ([1.0.6](https://github.com/jthornber/thin-provisioning-tools/blob/v1.0.6/CHANGES))" + }, + "current": { + "channel": "alpha", + "architectures": [ + "amd64", + "arm64" + ], + "release_date": "2023-11-22 07:53:31 +0000", + "major_software": { "ignition": [ "2.15.0" ], "kernel": [ - "6.1.58" + "6.1.62" ], "systemd": [ "252" ] }, - "release_notes": "_Changes since **Alpha 3745.0.0**_\n \n #### Security fixes:\n \n - Go ([CVE-2023-39323](https://nvd.nist.gov/vuln/detail/CVE-2023-39323), [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325))\n - curl ([CVE-2023-38545](https://nvd.nist.gov/vuln/detail/CVE-2023-38545), [CVE-2023-38546](https://nvd.nist.gov/vuln/detail/CVE-2023-38546))\n - glibc ([CVE-2023-4911](https://nvd.nist.gov/vuln/detail/CVE-2023-4911))\n - grub ([CVE-2023-4692](https://nvd.nist.gov/vuln/detail/CVE-2023-4692), [CVE-2023-4693](https://nvd.nist.gov/vuln/detail/CVE-2023-4693))\n - libtirpc ([libtirpc-rhbg-2138317](http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=4a2d85c64110ee9e21a8c4f9dafd6b0ae621506d), [libtirpc-rhbg-2150611](http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=f7f0abdf267698de3f74a0285405b1b01f40893b), [libtirpc-rhbg-2224666](http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=1d2e10afb2ffc35cb3623f57a15f712359f18e75))\n \n #### Bug fixes:\n \n - Added AWS EKS support for versions 1.24-1.28. Fixed `/usr/share/amazon/eks/download-kubelet.sh` to include download paths for these versions. ([scripts#1210](https://github.com/flatcar/scripts/pull/1210))\n - Disabled systemd-networkd's RoutesToDNS setting by default to fix provisioning failures observed in VMs with multiple network interfaces on Azure ([scripts#1206](https://github.com/flatcar/scripts/pull/1206))\n - Fixed quotes handling for update-engine ([Flatcar#1209](https://github.com/flatcar/Flatcar/issues/1209))\n - Fixed the postinstall hook failure when updating from Azure instances without OEM systemd-sysext images to Flatcar Alpha 3745.x.y ([update_engine#29](https://github.com/flatcar/update_engine/pull/29))\n \n #### Changes:\n \n - To make Kubernetes work by default, `/usr/libexec/kubernetes/kubelet-plugins/volume/exec` is now a symlink to the writable folder `/var/kubernetes/kubelet-plugins/volume/exec` ([Flatcar#1193](https://github.com/flatcar/Flatcar/issues/1193))\n \n #### Updates:\n \n - Go ([1.20.10](https://go.dev/doc/devel/release#go1.20.10) (includes [1.20.9](https://go.dev/doc/devel/release#go1.20.9)))\n - Linux ([6.1.58](https://lwn.net/Articles/947820) (includes [6.1.57](https://lwn.net/Articles/947298), [6.1.56](https://lwn.net/Articles/946854)))\n - ca-certificates ([3.94](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_94.html))\n - containerd ([1.7.7](https://github.com/containerd/containerd/releases/tag/v1.7.7))\n - curl ([8.4.0](https://curl.se/changes.html#8_4_0))\n - libnl ([3.8.0](https://github.com/thom311/libnl/compare/libnl3_7_0...libnl3_8_0))\n - libtirpc ([1.3.4](https://marc.info/?l=linux-nfs&m=169667640909830&w=2))\n - libxml2 ([2.11.5](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.5))\n - openssh ([9.5p1](https://www.openssh.com/releasenotes.html#9.5p1))\n - pigz ([2.8](https://zlib.net/pipermail/pigz-announce_zlib.net/2023-August/000018.html))\n - strace ([6.4](https://github.com/strace/strace/releases/tag/v6.4))\n - whois ([5.5.18](https://github.com/rfc1036/whois/blob/v5.5.18/debian/changelog))" + "release_notes": "**This release removes the legacy \"torcx\" image customisation and replaces this feature with systemd-sysext. Torcx enabled users to deploy custom docker versions; however, it required special packaging using the Flatcar SDK.** Please refer to the \"Changes\" section below for details.\n\n**This release ships a major Docker update: Docker was upgraded to version 24 (from version 20 in the previous release). Please see the \"Changes\" section below for details.**\n\n _Changes since **Alpha 3760.0.0**_\n \n #### Security fixes:\n \n - Linux ([CVE-2023-35827](https://nvd.nist.gov/vuln/detail/CVE-2023-35827), [CVE-2023-46813](https://nvd.nist.gov/vuln/detail/CVE-2023-46813), [CVE-2023-46862](https://nvd.nist.gov/vuln/detail/CVE-2023-46862), [CVE-2023-5178](https://nvd.nist.gov/vuln/detail/CVE-2023-5178), [CVE-2023-5717](https://nvd.nist.gov/vuln/detail/CVE-2023-5717))\n - VMWare: open-vm-tools ([CVE-2023-34058](https://nvd.nist.gov/vuln/detail/CVE-2023-34058), [CVE-2023-34059](https://nvd.nist.gov/vuln/detail/CVE-2023-34059))\n - nghttp2 ([CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487))\n - samba ([CVE-2023-4091](https://nvd.nist.gov/vuln/detail/CVE-2023-4091))\n - zlib ([CVE-2023-45853](https://nvd.nist.gov/vuln/detail/CVE-2023-45853))\n \n #### Bug fixes:\n \n - Fixed iterating over the OEM update payload signatures which prevented the AWS OEM update to 3745.x.y ([update-engine#31](https://github.com/flatcar/update_engine/pull/31))\n - Made `sshkeys.service` more robust to only run `coreos-metadata-sshkeys@core.service` when not masked and also retry on failure ([init#112](https://github.com/flatcar/init/pull/112))\n - Set TTY used for fetching server_context to RAW mode before running cloudinit on cloudsigma ([scripts#1280](https://github.com/flatcar/scripts/pull/1280))\n\n\n #### Known issues:\n\n- docker and containerd packages information are missing from `flatcar_production_image_packages.txt` ([flatcar#1260](https://github.com/flatcar/Flatcar/issues/1260))\n \n #### Changes:\n \n - **Torcx, the mechanism to provide a custom Docker version, was replaced by systemd-sysext in the OS image**. Learn more about sysext and how to customise OS images [here](https://www.flatcar.org/docs/latest/provisioning/sysext/).\n - Torcx entered deprecation 2 years ago in favour of [deploying plain Docker binaries](https://www.flatcar.org/docs/latest/container-runtimes/use-a-custom-docker-or-containerd-version/)\n (which is now also a legacy option because systemd-sysext offers a more robust and better structured way of customisation, including OS independent updates).\n - Torcx has been removed entirely; if you use Torcx to extend the Flatcar base OS image, please refer to our [conversion script](https://www.flatcar.org/docs/latest/provisioning/sysext/#torcx-deprecation) and to the sysext documentation mentioned above for migrating.\n - Consequently, `update_engine` will not perform torcx sanity checks post-update anymore.\n - Relevant changes: [scripts#1216](https://github.com/flatcar/scripts/pull/1216), [update_engine#30](https://github.com/flatcar/update_engine/pull/30), [Mantle#466](https://github.com/flatcar/mantle/pull/466), [Mantle#465](https://github.com/flatcar/mantle/pull/465).\n- cri-tools, runc, containerd, docker, and docker-cli are now built from Gentoo upstream ebuilds. Docker received a major version upgrade - it was updated to Docker 24 (from Docker 20; see \"updates\").\n - **NOTE:** The docker btrfs storage driver has been de-prioritised; BTRFS backed storage will now default to the `overlay2` driver\n ([changelog](https://docs.docker.com/engine/release-notes/23.0/#bug-fixes-and-enhancements-6), [upstream pr](https://github.com/moby/moby/pull/42661)).\n Using the btrfs driver can still be enforced by creating a respective [docker config](https://docs.docker.com/storage/storagedriver/btrfs-driver/#configure-docker-to-use-the-btrfs-storage-driver) at `/etc/docker/daemon.json`.\n - **NOTE:** If you are already using btrfs-backed Docker storage and are upgrading to this new version, Docker will automatically use the `btrfs` storage driver for backwards-compatibility with your deployment.\n - **Docker will remove the `btrfs` driver entirely in a future version. Please consider migrating your deployments to the `overlay2` driver.**\n - Brightbox: The regular OpenStack image should now be used, it includes Afterburn for instance metadata attributes\n - OpenStack: An uncompressed image is provided for simpler import (since the images use qcow2 inline compression, there is no benefit in using the `.gz` or `.bz2` images)\n\n #### Updates:\n \n - Azure: WALinuxAgent ([v2.9.1.1](https://github.com/Azure/WALinuxAgent/releases/tag/v2.9.1.1))\n - DEV, AZURE: python ([3.11.6](https://docs.python.org/release/3.11.6/whatsnew/changelog.html#python-3-11-6))\n - DEV: iperf ([3.15](https://github.com/esnet/iperf/releases/tag/3.15))\n - DEV: smartmontools ([7.4](https://www.smartmontools.org/browser/tags/RELEASE_7_4/smartmontools/NEWS))\n - Go ([1.20.11](https://go.dev/doc/devel/release#go1.20.11))\n - Linux ([6.1.62](https://lwn.net/Articles/950700) (includes [6.1.61](https://lwn.net/Articles/949826), [6.1.60](https://lwn.net/Articles/948817) and [6.1.59](https://lwn.net/Articles/948297)))\n - Linux Firmware ([20231111](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20231111) (includes [20231030](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20231030)))\n - SDK: Rust ([1.73.0](https://github.com/rust-lang/rust/releases/tag/1.73.0))\n - SDK: python packaging ([23.2](https://github.com/pypa/packaging/releases/tag/23.2)), platformdirs ([3.11.0](https://github.com/platformdirs/platformdirs/releases/tag/3.11.0)) \n - VMWare: open-vm-tools ([12.3.5](https://github.com/vmware/open-vm-tools/releases/tag/stable-12.3.5))\n - containerd ([1.7.9](https://github.com/containerd/containerd/releases/tag/v1.7.9) (includes [1.7.8](https://github.com/containerd/containerd/releases/tag/v1.7.8)))\n - cri-tools ([1.27.0](https://github.com/kubernetes-sigs/cri-tools/releases/tag/v1.27.0))\n - ding-libs ([0.6.2](https://github.com/SSSD/ding-libs/releases/tag/0.6.2))\n - docker ([24.0.6](https://docs.docker.com/engine/release-notes/24.0/), includes changes from [23.0](https://docs.docker.com/engine/release-notes/23.0/))\n - ethtool ([6.5](https://git.kernel.org/pub/scm/network/ethtool/ethtool.git/tree/NEWS?h=v6.5))\n - hwdata ([v0.375](https://github.com/vcrhonek/hwdata/releases/tag/v0.375) (includes [0.374](https://github.com/vcrhonek/hwdata/commits/v0.374)))\n - iproute2 ([6.5.0](https://marc.info/?l=linux-netdev&m=169401822317373&w=2))\n - json-c ([0.17](https://github.com/json-c/json-c/blob/json-c-0.17-20230812/ChangeLog))\n - libffi ([3.4.4](https://github.com/libffi/libffi/releases/tag/v3.4.4) (includes [3.4.2](https://github.com/libffi/libffi/releases/tag/v3.4.2) and [3.4.3](https://github.com/libffi/libffi/releases/tag/v3.4.3)))\n - liblinear (246)\n - libsodium ([1.0.19](https://github.com/jedisct1/libsodium/releases/tag/1.0.19-RELEASE))\n - libunistring ([1.1](https://git.savannah.gnu.org/gitweb/?p=libunistring.git;a=blob;f=NEWS;h=5a43ddd7011d62a952733f6c0b7ad52aa4f385c7;hb=8006860b710aae2e8442088c3ddc7d819dfa8ac7))\n - mpc ([1.3.1](https://sympa.inria.fr/sympa/arc/mpc-discuss/2022-12/msg00049.html) (includes [1.3.0](https://sympa.inria.fr/sympa/arc/mpc-discuss/2022-12/msg00028.html))\n - mpfr ([4.2.1](https://gitlab.inria.fr/mpfr/mpfr/-/blob/4.2.1/NEWS))\n - nghttp2 ([1.57.0](https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0) (includes [1.52.0](https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0), [1.53.0](https://github.com/nghttp2/nghttp2/releases/tag/v1.53.0), [1.54.0](https://github.com/nghttp2/nghttp2/releases/tag/v1.54.0), [1.55.0](https://github.com/nghttp2/nghttp2/releases/tag/v1.55.0), [1.55.1](https://github.com/nghttp2/nghttp2/releases/tag/v1.55.1) and [1.56.0](https://github.com/nghttp2/nghttp2/releases/tag/v1.56.0)))\n - nspr ([4.35](https://hg.mozilla.org/projects/nspr/log/b563bfc16c887c48b038b7b441fcc4e40a126d3b))\n - ntp ([4.2.8p17](https://www.ntp.org/support/securitynotice/4_2_8p17-release-announcement/))\n - nvme-cli ([v2.6](https://github.com/linux-nvme/nvme-cli/releases/tag/v2.6), libnvme [v1.6](https://github.com/linux-nvme/libnvme/releases/tag/v1.6))\n - protobuf ([21.12](https://github.com/protocolbuffers/protobuf/releases/tag/v21.12) (includes [21.10](https://github.com/protocolbuffers/protobuf/releases/tag/v21.10) and [21.11](https://github.com/protocolbuffers/protobuf/releases/tag/v21.11)))\n - samba ([4.18.8](https://www.samba.org/samba/history/samba-4.18.8.html))\n - sqlite ([3.43.2](https://www.sqlite.org/releaselog/3_43_2.html))\n - thin-provisioning-tools ([1.0.6](https://github.com/jthornber/thin-provisioning-tools/blob/v1.0.6/CHANGES))" } } diff --git a/static/releases-json/releases-beta.json b/static/releases-json/releases-beta.json index f4470ed7..ca3f178e 100644 --- a/static/releases-json/releases-beta.json +++ b/static/releases-json/releases-beta.json @@ -2873,16 +2873,42 @@ }, "release_notes": "_Changes since **Beta 3732.1.0**_\n \n #### Security fixes:\n \n - curl ([CVE-2023-38039](https://nvd.nist.gov/vuln/detail/CVE-2023-38039), [CVE-2023-38545](https://nvd.nist.gov/vuln/detail/CVE-2023-38545), [CVE-2023-38546](https://nvd.nist.gov/vuln/detail/CVE-2023-38546))\n - glibc ([CVE-2023-4527](https://nvd.nist.gov/vuln/detail/CVE-2023-4527), [CVE-2023-4806](https://nvd.nist.gov/vuln/detail/CVE-2023-4806))\n - lua ([CVE-2022-33099](https://nvd.nist.gov/vuln/detail/CVE-2022-33099))\n - mit-krb5 ([CVE-2023-36054](https://nvd.nist.gov/vuln/detail/CVE-2023-36054))\n - procps ([CVE-2023-4016](https://nvd.nist.gov/vuln/detail/CVE-2023-4016))\n - samba ([CVE-2021-44142](https://nvd.nist.gov/vuln/detail/CVE-2021-44142), [CVE-2022-1615](https://nvd.nist.gov/vuln/detail/CVE-2022-1615))\n \n #### Bug fixes:\n \n - Disabled systemd-networkd's RoutesToDNS setting by default to fix provisioning failures observed in VMs with multiple network interfaces on Azure ([scripts#1206](https://github.com/flatcar/scripts/pull/1206))\n - Fixed the postinstall hook failure when updating from Azure instances without OEM systemd-sysext images to Flatcar Alpha 3745.x.y ([update_engine#29](https://github.com/flatcar/update_engine/pull/29))\n \n #### Changes:\n \n - AWS OEM images now use a systemd-sysext image for layering additional platform-specific software on top of `/usr`\n - Reworked the VMware OEM software to be shipped as A/B updated systemd-sysext image\n - SDK: Experimental support for [prefix builds](https://github.com/flatcar/scripts/blob/main/PREFIX.md) to create distro independent, portable, self-contained applications w/ all dependencies included. With contributions from [chewi](https://github.com/chewi) and [HappyTobi](https://github.com/HappyTobi).\n - Started shipping default ssh client and ssh daemon configs in `/etc/ssh/ssh_config` and `/etc/ssh/sshd_config` which include config snippets in `/etc/ssh/ssh_config.d` and `/etc/ssh/sshd_config.d`, respectively.\n - The open-vm-tools package in VMware OEM now comes with vmhgfs-fuse, udev rules, pam and vgauth\n - To make Kubernetes work by default, `/usr/libexec/kubernetes/kubelet-plugins/volume/exec` is now a symlink to the writable folder `/var/kubernetes/kubelet-plugins/volume/exec` ([Flatcar#1193](https://github.com/flatcar/Flatcar/issues/1193))\n \n #### Updates:\n \n - Linux ([6.1.58](https://lwn.net/Articles/947820) (includes [6.1.57](https://lwn.net/Articles/947298), [6.1.56](https://lwn.net/Articles/946854)))\n - Linux Firmware ([20230919](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20230919))\n - bind-tools ([9.16.42](https://bind9.readthedocs.io/en/v9.16.42/notes.html#notes-for-bind-9-16-42))\n - ca-certificates ([3.94](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_94.html))\n - checkpolicy ([3.5](https://github.com/SELinuxProject/selinux/releases/tag/3.5))\n - curl ([8.3.0](https://curl.se/changes.html#8_3_0))\n - gcc ([13.2](https://gcc.gnu.org/gcc-13/changes.html))\n - gzip ([1.13](https://savannah.gnu.org/news/?id=10501))\n - libgcrypt ([1.10.2](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=blob;f=NEWS;h=c9a239615f8070427a96688b1be40a81e59e9b8a;hb=1c5cbacf3d88dded5063e959ee68678ff7d0fa56))\n - libselinux ([3.5](https://github.com/SELinuxProject/selinux/releases/tag/3.5))\n - libsemanage ([3.5](https://github.com/SELinuxProject/selinux/releases/tag/3.5))\n - libsepol ([3.5](https://github.com/SELinuxProject/selinux/releases/tag/3.5))\n - lua ([5.4.6](https://www.lua.org/manual/5.4/readme.html#changes))\n - mit-krb5 ([1.21.2](http://web.mit.edu/kerberos/krb5-1.21/))\n - openssh ([9.4p1](https://www.openssh.com/releasenotes.html#9.4p1))\n - policycoreutils ([3.5](https://github.com/SELinuxProject/selinux/releases/tag/3.5))\n - procps ([4.0.4](https://gitlab.com/procps-ng/procps/-/releases/v4.0.4) (includes [4.0.3](https://gitlab.com/procps-ng/procps/-/releases/v4.0.3) and [4.0.0](https://gitlab.com/procps-ng/procps/-/releases/v4.0.0)))\n - rpcsvc-proto ([1.4.4](https://github.com/thkukuk/rpcsvc-proto/releases/tag/v1.4.4))\n - samba ([4.18.4](https://wiki.samba.org/index.php/Samba_4.18_Features_added/changed#Samba_4.18.4))\n - selinux-base ([2.20221101](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20221101))\n - selinux-base-policy ([2.20221101](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20221101))\n - selinux-container ([2.20221101](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20221101))\n - selinux-sssd ([2.20221101](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20221101))\n - selinux-unconfined ([2.20221101](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20221101))\n - semodule-utils ([3.5](https://github.com/SELinuxProject/selinux/releases/tag/3.5))\n - SDK: Rust ([1.72.1](https://github.com/rust-lang/rust/releases/tag/1.72.1))\n - VMWARE: libdnet ([1.16.2](https://github.com/ofalk/libdnet/releases/tag/libdnet-1.16.2) (includes [1.16](https://github.com/ofalk/libdnet/releases/tag/libdnet-1.16)))\n\n _Changes since **Alpha 3745.0.0**_\n \n #### Security fixes:\n \n - curl ([CVE-2023-38545](https://nvd.nist.gov/vuln/detail/CVE-2023-38545), [CVE-2023-38546](https://nvd.nist.gov/vuln/detail/CVE-2023-38546))\n \n #### Bug fixes:\n \n - Disabled systemd-networkd's RoutesToDNS setting by default to fix provisioning failures observed in VMs with multiple network interfaces on Azure ([scripts#1206](https://github.com/flatcar/scripts/pull/1206))\n - Fixed the postinstall hook failure when updating from Azure instances without OEM systemd-sysext images to Flatcar Alpha 3745.x.y ([update_engine#29](https://github.com/flatcar/update_engine/pull/29))\n \n #### Changes:\n \n - To make Kubernetes work by default, `/usr/libexec/kubernetes/kubelet-plugins/volume/exec` is now a symlink to the writable folder `/var/kubernetes/kubelet-plugins/volume/exec` ([Flatcar#1193](https://github.com/flatcar/Flatcar/issues/1193))\n \n #### Updates:\n \n - Linux ([6.1.58](https://lwn.net/Articles/947820) (includes [6.1.57](https://lwn.net/Articles/947298), [6.1.56](https://lwn.net/Articles/946854)))\n - ca-certificates ([3.94](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_94.html))" }, + "3760.1.0": { + "channel": "beta", + "architectures": [ + "amd64", + "arm64" + ], + "release_date": "2023-11-22 07:54:40 +0000", + "major_software": { + "containerd": [ + "1.7.7" + ], + "docker": [ + "20.10.24" + ], + "ignition": [ + "2.15.0" + ], + "kernel": [ + "6.1.62" + ], + "systemd": [ + "252" + ] + }, + "release_notes": ":warning: From Alpha 3794.0.0 Torcx has been removed - please assert that you don't rely on specific Torcx mechanism but now use systemd-sysext. See [here](https://www.flatcar.org/docs/latest/provisioning/sysext/) for more information.\n\n _Changes since **Beta 3745.1.0**_\n \n #### Security fixes:\n \n - Linux ([CVE-2023-35827](https://nvd.nist.gov/vuln/detail/CVE-2023-35827), [CVE-2023-46813](https://nvd.nist.gov/vuln/detail/CVE-2023-46813), [CVE-2023-46862](https://nvd.nist.gov/vuln/detail/CVE-2023-46862), [CVE-2023-5178](https://nvd.nist.gov/vuln/detail/CVE-2023-5178), [CVE-2023-5717](https://nvd.nist.gov/vuln/detail/CVE-2023-5717))\n - curl ([CVE-2023-38545](https://nvd.nist.gov/vuln/detail/CVE-2023-38545), [CVE-2023-38546](https://nvd.nist.gov/vuln/detail/CVE-2023-38546))\n - glibc ([CVE-2023-4911](https://nvd.nist.gov/vuln/detail/CVE-2023-4911))\n - go ([CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325), [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325))\n - grub ([CVE-2023-4692](https://nvd.nist.gov/vuln/detail/CVE-2023-4692), [CVE-2023-4693](https://nvd.nist.gov/vuln/detail/CVE-2023-4693))\n - libtirpc ([libtirpc-rhbg-2138317](http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=4a2d85c64110ee9e21a8c4f9dafd6b0ae621506d), [libtirpc-rhbg-2150611](http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=f7f0abdf267698de3f74a0285405b1b01f40893b), [libtirpc-rhbg-2224666](http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=1d2e10afb2ffc35cb3623f57a15f712359f18e75))\n \n #### Bug fixes:\n \n - Added AWS EKS support for versions 1.24-1.28. Fixed `/usr/share/amazon/eks/download-kubelet.sh` to include download paths for these versions. ([scripts#1210](https://github.com/flatcar/scripts/pull/1210))\n - Fixed iterating over the OEM update payload signatures which prevented the AWS OEM update to 3745.x.y ([update-engine#31](https://github.com/flatcar/update_engine/pull/31))\n - Fixed quotes handling for update-engine ([Flatcar#1209](https://github.com/flatcar/Flatcar/issues/1209))\n - Made `sshkeys.service` more robust to only run `coreos-metadata-sshkeys@core.service` when not masked and also retry on failure ([init#112](https://github.com/flatcar/init/pull/112))\n \n #### Changes:\n \n - Brightbox: The regular OpenStack image should now be used, it includes Afterburn for instance metadata attributes\n - OpenStack: An uncompressed image is provided for simpler import (since the images use qcow2 inline compression, there is no benefit in using the `.gz` or `.bz2` images)\n \n #### Updates:\n \n - Go ([1.20.10](https://go.dev/doc/devel/release#go1.20.10) (includes [1.20.9](https://go.dev/doc/devel/release#go1.20.9)))\n - Linux ([6.1.62](https://lwn.net/Articles/950700) (includes [6.1.61](https://lwn.net/Articles/949826), [6.1.60](https://lwn.net/Articles/948817) and includes [6.1.59](https://lwn.net/Articles/948299)))\n - containerd ([1.7.7](https://github.com/containerd/containerd/releases/tag/v1.7.7))\n - curl ([8.4.0](https://curl.se/changes.html#8_4_0))\n - libnl ([3.8.0](https://github.com/thom311/libnl/compare/libnl3_7_0...libnl3_8_0))\n - libtirpc ([1.3.4](https://marc.info/?l=linux-nfs&m=169667640909830&w=2))\n - libxml2 ([2.11.5](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.5))\n - openssh ([9.5p1](https://www.openssh.com/releasenotes.html#9.5p1))\n - pigz ([2.8](https://zlib.net/pipermail/pigz-announce_zlib.net/2023-August/000018.html))\n - strace([6.4](https://github.com/strace/strace/releases/tag/v6.4))\n - whois ([5.5.18](https://github.com/rfc1036/whois/blob/v5.5.18/debian/changelog))\n \n _Changes since **Alpha 3760.0.0**_\n \n #### Security fixes:\n \n - Linux ([CVE-2023-35827](https://nvd.nist.gov/vuln/detail/CVE-2023-35827), [CVE-2023-46813](https://nvd.nist.gov/vuln/detail/CVE-2023-46813), [CVE-2023-46862](https://nvd.nist.gov/vuln/detail/CVE-2023-46862), [CVE-2023-5178](https://nvd.nist.gov/vuln/detail/CVE-2023-5178), [CVE-2023-5717](https://nvd.nist.gov/vuln/detail/CVE-2023-5717))\n \n #### Bug fixes:\n \n - Fixed iterating over the OEM update payload signatures which prevented the AWS OEM update to 3745.x.y ([update-engine#31](https://github.com/flatcar/update_engine/pull/31))\n - Made `sshkeys.service` more robust to only run `coreos-metadata-sshkeys@core.service` when not masked and also retry on failure ([init#112](https://github.com/flatcar/init/pull/112))\n \n #### Changes:\n \n - Brightbox: The regular OpenStack image should now be used, it includes Afterburn for instance metadata attributes\n - OpenStack: An uncompressed image is provided for simpler import (since the images use qcow2 inline compression, there is no benefit in using the `.gz` or `.bz2` images)\n \n #### Updates:\n \n - Linux ([6.1.62](https://lwn.net/Articles/950700) (includes [6.1.61](https://lwn.net/Articles/949826), [6.1.60](https://lwn.net/Articles/948817) and includes [6.1.59](https://lwn.net/Articles/948299)))" + }, "current": { "channel": "beta", "architectures": [ "amd64", "arm64" ], - "release_date": "2023-10-25 08:38:48 +0000", + "release_date": "2023-11-22 07:54:40 +0000", "major_software": { "containerd": [ - "1.7.6" + "1.7.7" ], "docker": [ "20.10.24" @@ -2891,12 +2917,12 @@ "2.15.0" ], "kernel": [ - "6.1.58" + "6.1.62" ], "systemd": [ "252" ] }, - "release_notes": "_Changes since **Beta 3732.1.0**_\n \n #### Security fixes:\n \n - curl ([CVE-2023-38039](https://nvd.nist.gov/vuln/detail/CVE-2023-38039), [CVE-2023-38545](https://nvd.nist.gov/vuln/detail/CVE-2023-38545), [CVE-2023-38546](https://nvd.nist.gov/vuln/detail/CVE-2023-38546))\n - glibc ([CVE-2023-4527](https://nvd.nist.gov/vuln/detail/CVE-2023-4527), [CVE-2023-4806](https://nvd.nist.gov/vuln/detail/CVE-2023-4806))\n - lua ([CVE-2022-33099](https://nvd.nist.gov/vuln/detail/CVE-2022-33099))\n - mit-krb5 ([CVE-2023-36054](https://nvd.nist.gov/vuln/detail/CVE-2023-36054))\n - procps ([CVE-2023-4016](https://nvd.nist.gov/vuln/detail/CVE-2023-4016))\n - samba ([CVE-2021-44142](https://nvd.nist.gov/vuln/detail/CVE-2021-44142), [CVE-2022-1615](https://nvd.nist.gov/vuln/detail/CVE-2022-1615))\n \n #### Bug fixes:\n \n - Disabled systemd-networkd's RoutesToDNS setting by default to fix provisioning failures observed in VMs with multiple network interfaces on Azure ([scripts#1206](https://github.com/flatcar/scripts/pull/1206))\n - Fixed the postinstall hook failure when updating from Azure instances without OEM systemd-sysext images to Flatcar Alpha 3745.x.y ([update_engine#29](https://github.com/flatcar/update_engine/pull/29))\n \n #### Changes:\n \n - AWS OEM images now use a systemd-sysext image for layering additional platform-specific software on top of `/usr`\n - Reworked the VMware OEM software to be shipped as A/B updated systemd-sysext image\n - SDK: Experimental support for [prefix builds](https://github.com/flatcar/scripts/blob/main/PREFIX.md) to create distro independent, portable, self-contained applications w/ all dependencies included. With contributions from [chewi](https://github.com/chewi) and [HappyTobi](https://github.com/HappyTobi).\n - Started shipping default ssh client and ssh daemon configs in `/etc/ssh/ssh_config` and `/etc/ssh/sshd_config` which include config snippets in `/etc/ssh/ssh_config.d` and `/etc/ssh/sshd_config.d`, respectively.\n - The open-vm-tools package in VMware OEM now comes with vmhgfs-fuse, udev rules, pam and vgauth\n - To make Kubernetes work by default, `/usr/libexec/kubernetes/kubelet-plugins/volume/exec` is now a symlink to the writable folder `/var/kubernetes/kubelet-plugins/volume/exec` ([Flatcar#1193](https://github.com/flatcar/Flatcar/issues/1193))\n \n #### Updates:\n \n - Linux ([6.1.58](https://lwn.net/Articles/947820) (includes [6.1.57](https://lwn.net/Articles/947298), [6.1.56](https://lwn.net/Articles/946854)))\n - Linux Firmware ([20230919](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20230919))\n - bind-tools ([9.16.42](https://bind9.readthedocs.io/en/v9.16.42/notes.html#notes-for-bind-9-16-42))\n - ca-certificates ([3.94](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_94.html))\n - checkpolicy ([3.5](https://github.com/SELinuxProject/selinux/releases/tag/3.5))\n - curl ([8.3.0](https://curl.se/changes.html#8_3_0))\n - gcc ([13.2](https://gcc.gnu.org/gcc-13/changes.html))\n - gzip ([1.13](https://savannah.gnu.org/news/?id=10501))\n - libgcrypt ([1.10.2](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=blob;f=NEWS;h=c9a239615f8070427a96688b1be40a81e59e9b8a;hb=1c5cbacf3d88dded5063e959ee68678ff7d0fa56))\n - libselinux ([3.5](https://github.com/SELinuxProject/selinux/releases/tag/3.5))\n - libsemanage ([3.5](https://github.com/SELinuxProject/selinux/releases/tag/3.5))\n - libsepol ([3.5](https://github.com/SELinuxProject/selinux/releases/tag/3.5))\n - lua ([5.4.6](https://www.lua.org/manual/5.4/readme.html#changes))\n - mit-krb5 ([1.21.2](http://web.mit.edu/kerberos/krb5-1.21/))\n - openssh ([9.4p1](https://www.openssh.com/releasenotes.html#9.4p1))\n - policycoreutils ([3.5](https://github.com/SELinuxProject/selinux/releases/tag/3.5))\n - procps ([4.0.4](https://gitlab.com/procps-ng/procps/-/releases/v4.0.4) (includes [4.0.3](https://gitlab.com/procps-ng/procps/-/releases/v4.0.3) and [4.0.0](https://gitlab.com/procps-ng/procps/-/releases/v4.0.0)))\n - rpcsvc-proto ([1.4.4](https://github.com/thkukuk/rpcsvc-proto/releases/tag/v1.4.4))\n - samba ([4.18.4](https://wiki.samba.org/index.php/Samba_4.18_Features_added/changed#Samba_4.18.4))\n - selinux-base ([2.20221101](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20221101))\n - selinux-base-policy ([2.20221101](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20221101))\n - selinux-container ([2.20221101](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20221101))\n - selinux-sssd ([2.20221101](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20221101))\n - selinux-unconfined ([2.20221101](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20221101))\n - semodule-utils ([3.5](https://github.com/SELinuxProject/selinux/releases/tag/3.5))\n - SDK: Rust ([1.72.1](https://github.com/rust-lang/rust/releases/tag/1.72.1))\n - VMWARE: libdnet ([1.16.2](https://github.com/ofalk/libdnet/releases/tag/libdnet-1.16.2) (includes [1.16](https://github.com/ofalk/libdnet/releases/tag/libdnet-1.16)))\n\n _Changes since **Alpha 3745.0.0**_\n \n #### Security fixes:\n \n - curl ([CVE-2023-38545](https://nvd.nist.gov/vuln/detail/CVE-2023-38545), [CVE-2023-38546](https://nvd.nist.gov/vuln/detail/CVE-2023-38546))\n \n #### Bug fixes:\n \n - Disabled systemd-networkd's RoutesToDNS setting by default to fix provisioning failures observed in VMs with multiple network interfaces on Azure ([scripts#1206](https://github.com/flatcar/scripts/pull/1206))\n - Fixed the postinstall hook failure when updating from Azure instances without OEM systemd-sysext images to Flatcar Alpha 3745.x.y ([update_engine#29](https://github.com/flatcar/update_engine/pull/29))\n \n #### Changes:\n \n - To make Kubernetes work by default, `/usr/libexec/kubernetes/kubelet-plugins/volume/exec` is now a symlink to the writable folder `/var/kubernetes/kubelet-plugins/volume/exec` ([Flatcar#1193](https://github.com/flatcar/Flatcar/issues/1193))\n \n #### Updates:\n \n - Linux ([6.1.58](https://lwn.net/Articles/947820) (includes [6.1.57](https://lwn.net/Articles/947298), [6.1.56](https://lwn.net/Articles/946854)))\n - ca-certificates ([3.94](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_94.html))" + "release_notes": ":warning: From Alpha 3794.0.0 Torcx has been removed - please assert that you don't rely on specific Torcx mechanism but now use systemd-sysext. See [here](https://www.flatcar.org/docs/latest/provisioning/sysext/) for more information.\n\n _Changes since **Beta 3745.1.0**_\n \n #### Security fixes:\n \n - Linux ([CVE-2023-35827](https://nvd.nist.gov/vuln/detail/CVE-2023-35827), [CVE-2023-46813](https://nvd.nist.gov/vuln/detail/CVE-2023-46813), [CVE-2023-46862](https://nvd.nist.gov/vuln/detail/CVE-2023-46862), [CVE-2023-5178](https://nvd.nist.gov/vuln/detail/CVE-2023-5178), [CVE-2023-5717](https://nvd.nist.gov/vuln/detail/CVE-2023-5717))\n - curl ([CVE-2023-38545](https://nvd.nist.gov/vuln/detail/CVE-2023-38545), [CVE-2023-38546](https://nvd.nist.gov/vuln/detail/CVE-2023-38546))\n - glibc ([CVE-2023-4911](https://nvd.nist.gov/vuln/detail/CVE-2023-4911))\n - go ([CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325), [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325))\n - grub ([CVE-2023-4692](https://nvd.nist.gov/vuln/detail/CVE-2023-4692), [CVE-2023-4693](https://nvd.nist.gov/vuln/detail/CVE-2023-4693))\n - libtirpc ([libtirpc-rhbg-2138317](http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=4a2d85c64110ee9e21a8c4f9dafd6b0ae621506d), [libtirpc-rhbg-2150611](http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=f7f0abdf267698de3f74a0285405b1b01f40893b), [libtirpc-rhbg-2224666](http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=1d2e10afb2ffc35cb3623f57a15f712359f18e75))\n \n #### Bug fixes:\n \n - Added AWS EKS support for versions 1.24-1.28. Fixed `/usr/share/amazon/eks/download-kubelet.sh` to include download paths for these versions. ([scripts#1210](https://github.com/flatcar/scripts/pull/1210))\n - Fixed iterating over the OEM update payload signatures which prevented the AWS OEM update to 3745.x.y ([update-engine#31](https://github.com/flatcar/update_engine/pull/31))\n - Fixed quotes handling for update-engine ([Flatcar#1209](https://github.com/flatcar/Flatcar/issues/1209))\n - Made `sshkeys.service` more robust to only run `coreos-metadata-sshkeys@core.service` when not masked and also retry on failure ([init#112](https://github.com/flatcar/init/pull/112))\n \n #### Changes:\n \n - Brightbox: The regular OpenStack image should now be used, it includes Afterburn for instance metadata attributes\n - OpenStack: An uncompressed image is provided for simpler import (since the images use qcow2 inline compression, there is no benefit in using the `.gz` or `.bz2` images)\n \n #### Updates:\n \n - Go ([1.20.10](https://go.dev/doc/devel/release#go1.20.10) (includes [1.20.9](https://go.dev/doc/devel/release#go1.20.9)))\n - Linux ([6.1.62](https://lwn.net/Articles/950700) (includes [6.1.61](https://lwn.net/Articles/949826), [6.1.60](https://lwn.net/Articles/948817) and includes [6.1.59](https://lwn.net/Articles/948299)))\n - containerd ([1.7.7](https://github.com/containerd/containerd/releases/tag/v1.7.7))\n - curl ([8.4.0](https://curl.se/changes.html#8_4_0))\n - libnl ([3.8.0](https://github.com/thom311/libnl/compare/libnl3_7_0...libnl3_8_0))\n - libtirpc ([1.3.4](https://marc.info/?l=linux-nfs&m=169667640909830&w=2))\n - libxml2 ([2.11.5](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.5))\n - openssh ([9.5p1](https://www.openssh.com/releasenotes.html#9.5p1))\n - pigz ([2.8](https://zlib.net/pipermail/pigz-announce_zlib.net/2023-August/000018.html))\n - strace([6.4](https://github.com/strace/strace/releases/tag/v6.4))\n - whois ([5.5.18](https://github.com/rfc1036/whois/blob/v5.5.18/debian/changelog))\n \n _Changes since **Alpha 3760.0.0**_\n \n #### Security fixes:\n \n - Linux ([CVE-2023-35827](https://nvd.nist.gov/vuln/detail/CVE-2023-35827), [CVE-2023-46813](https://nvd.nist.gov/vuln/detail/CVE-2023-46813), [CVE-2023-46862](https://nvd.nist.gov/vuln/detail/CVE-2023-46862), [CVE-2023-5178](https://nvd.nist.gov/vuln/detail/CVE-2023-5178), [CVE-2023-5717](https://nvd.nist.gov/vuln/detail/CVE-2023-5717))\n \n #### Bug fixes:\n \n - Fixed iterating over the OEM update payload signatures which prevented the AWS OEM update to 3745.x.y ([update-engine#31](https://github.com/flatcar/update_engine/pull/31))\n - Made `sshkeys.service` more robust to only run `coreos-metadata-sshkeys@core.service` when not masked and also retry on failure ([init#112](https://github.com/flatcar/init/pull/112))\n \n #### Changes:\n \n - Brightbox: The regular OpenStack image should now be used, it includes Afterburn for instance metadata attributes\n - OpenStack: An uncompressed image is provided for simpler import (since the images use qcow2 inline compression, there is no benefit in using the `.gz` or `.bz2` images)\n \n #### Updates:\n \n - Linux ([6.1.62](https://lwn.net/Articles/950700) (includes [6.1.61](https://lwn.net/Articles/949826), [6.1.60](https://lwn.net/Articles/948817) and includes [6.1.59](https://lwn.net/Articles/948299)))" } } diff --git a/static/releases-json/releases-stable.json b/static/releases-json/releases-stable.json index 4a80b095..379197f7 100644 --- a/static/releases-json/releases-stable.json +++ b/static/releases-json/releases-stable.json @@ -2512,13 +2512,39 @@ }, "release_notes": "_Changes since **Stable 3602.2.0**_\n \n #### Security fixes:\n \n- Linux ([CVE-2023-31085](https://nvd.nist.gov/vuln/detail/CVE-2023-31085), [CVE-2023-34324](https://nvd.nist.gov/vuln/detail/CVE-2023-34324), [CVE-2023-4244](https://nvd.nist.gov/vuln/detail/CVE-2023-4244), [CVE-2023-42754](https://nvd.nist.gov/vuln/detail/CVE-2023-42754), [CVE-2023-5197](https://nvd.nist.gov/vuln/detail/CVE-2023-5197))\n - curl ([CVE-2023-38545](https://nvd.nist.gov/vuln/detail/CVE-2023-38545), [CVE-2023-38546](https://nvd.nist.gov/vuln/detail/CVE-2023-38546))\n \n #### Bug fixes:\n \n - Disabled systemd-networkd's RoutesToDNS setting by default to fix provisioning failures observed in VMs with multiple network interfaces on Azure ([scripts#1206](https://github.com/flatcar/scripts/pull/1206))\n - Fixed a regression in Docker resulting in file permissions being dropped from exported container images. ([scripts#1231](https://github.com/flatcar/scripts/pull/1231))\n \n #### Changes:\n \n - To make Kubernetes work by default, `/usr/libexec/kubernetes/kubelet-plugins/volume/exec` is now a symlink to the writable folder `/var/kubernetes/kubelet-plugins/volume/exec` ([Flatcar#1193](https://github.com/flatcar/Flatcar/issues/1193))\n \n #### Updates:\n \n - Linux ([5.15.136](https://lwn.net/Articles/948297) (includes [5.15.135](https://lwn.net/Articles/947299), [5.15.134](https://lwn.net/Articles/946855)))\n - ca-certificates ([3.94](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_94.html))" }, + "3602.2.2": { + "channel": "stable", + "architectures": [ + "amd64", + "arm64" + ], + "release_date": "2023-11-22 07:55:14 +0000", + "major_software": { + "containerd": [ + "1.6.21" + ], + "docker": [ + "20.10.24" + ], + "ignition": [ + "2.15.0" + ], + "kernel": [ + "5.15.138" + ], + "systemd": [ + "252" + ] + }, + "release_notes": ":warning: From Alpha 3794.0.0 Torcx has been removed - please assert that you don't rely on specific Torcx mechanism but now use systemd-sysext. See [here](https://www.flatcar.org/docs/latest/provisioning/sysext/) for more information.\n\n\n _Changes since **Stable 3602.2.1**_\n \n #### Security fixes:\n \n - Linux ([CVE-2023-46813](https://nvd.nist.gov/vuln/detail/CVE-2023-46813), [CVE-2023-5178](https://nvd.nist.gov/vuln/detail/CVE-2023-5178), [CVE-2023-5717](https://nvd.nist.gov/vuln/detail/CVE-2023-5717))\n \n\n #### Changes:\n \n - Brightbox: The regular OpenStack image should now be used, it includes Afterburn for instance metadata attributes\n - OpenStack: An uncompressed image is provided for simpler import (since the images use qcow2 inline compression, there is no benefit in using the `.gz` or `.bz2` images)\n - linux kernel: added zstd support for squashfs kernel module ([scripts#1297](https://github.com/flatcar/scripts/pull/1297))\n \n #### Updates:\n \n - Linux ([5.15.138](https://lwn.net/Articles/950714) (includes [5.15.137](https://lwn.net/Articles/948818)))" + }, "current": { "channel": "stable", "architectures": [ "amd64", "arm64" ], - "release_date": "2023-10-25 08:39:23 +0000", + "release_date": "2023-11-22 07:55:14 +0000", "major_software": { "containerd": [ "1.6.21" @@ -2530,12 +2556,12 @@ "2.15.0" ], "kernel": [ - "5.15.136" + "5.15.138" ], "systemd": [ "252" ] }, - "release_notes": "_Changes since **Stable 3602.2.0**_\n \n #### Security fixes:\n \n- Linux ([CVE-2023-31085](https://nvd.nist.gov/vuln/detail/CVE-2023-31085), [CVE-2023-34324](https://nvd.nist.gov/vuln/detail/CVE-2023-34324), [CVE-2023-4244](https://nvd.nist.gov/vuln/detail/CVE-2023-4244), [CVE-2023-42754](https://nvd.nist.gov/vuln/detail/CVE-2023-42754), [CVE-2023-5197](https://nvd.nist.gov/vuln/detail/CVE-2023-5197))\n - curl ([CVE-2023-38545](https://nvd.nist.gov/vuln/detail/CVE-2023-38545), [CVE-2023-38546](https://nvd.nist.gov/vuln/detail/CVE-2023-38546))\n \n #### Bug fixes:\n \n - Disabled systemd-networkd's RoutesToDNS setting by default to fix provisioning failures observed in VMs with multiple network interfaces on Azure ([scripts#1206](https://github.com/flatcar/scripts/pull/1206))\n - Fixed a regression in Docker resulting in file permissions being dropped from exported container images. ([scripts#1231](https://github.com/flatcar/scripts/pull/1231))\n \n #### Changes:\n \n - To make Kubernetes work by default, `/usr/libexec/kubernetes/kubelet-plugins/volume/exec` is now a symlink to the writable folder `/var/kubernetes/kubelet-plugins/volume/exec` ([Flatcar#1193](https://github.com/flatcar/Flatcar/issues/1193))\n \n #### Updates:\n \n - Linux ([5.15.136](https://lwn.net/Articles/948297) (includes [5.15.135](https://lwn.net/Articles/947299), [5.15.134](https://lwn.net/Articles/946855)))\n - ca-certificates ([3.94](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_94.html))" + "release_notes": ":warning: From Alpha 3794.0.0 Torcx has been removed - please assert that you don't rely on specific Torcx mechanism but now use systemd-sysext. See [here](https://www.flatcar.org/docs/latest/provisioning/sysext/) for more information.\n\n\n _Changes since **Stable 3602.2.1**_\n \n #### Security fixes:\n \n - Linux ([CVE-2023-46813](https://nvd.nist.gov/vuln/detail/CVE-2023-46813), [CVE-2023-5178](https://nvd.nist.gov/vuln/detail/CVE-2023-5178), [CVE-2023-5717](https://nvd.nist.gov/vuln/detail/CVE-2023-5717))\n \n\n #### Changes:\n \n - Brightbox: The regular OpenStack image should now be used, it includes Afterburn for instance metadata attributes\n - OpenStack: An uncompressed image is provided for simpler import (since the images use qcow2 inline compression, there is no benefit in using the `.gz` or `.bz2` images)\n - linux kernel: added zstd support for squashfs kernel module ([scripts#1297](https://github.com/flatcar/scripts/pull/1297))\n \n #### Updates:\n \n - Linux ([5.15.138](https://lwn.net/Articles/950714) (includes [5.15.137](https://lwn.net/Articles/948818)))" } } diff --git a/static/releases-json/releases.json b/static/releases-json/releases.json index 6abe4cb5..e8146842 100644 --- a/static/releases-json/releases.json +++ b/static/releases-json/releases.json @@ -3195,13 +3195,33 @@ }, "release_notes": "_Changes since **Alpha 3745.0.0**_\n \n #### Security fixes:\n \n - Go ([CVE-2023-39323](https://nvd.nist.gov/vuln/detail/CVE-2023-39323), [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325))\n - curl ([CVE-2023-38545](https://nvd.nist.gov/vuln/detail/CVE-2023-38545), [CVE-2023-38546](https://nvd.nist.gov/vuln/detail/CVE-2023-38546))\n - glibc ([CVE-2023-4911](https://nvd.nist.gov/vuln/detail/CVE-2023-4911))\n - grub ([CVE-2023-4692](https://nvd.nist.gov/vuln/detail/CVE-2023-4692), [CVE-2023-4693](https://nvd.nist.gov/vuln/detail/CVE-2023-4693))\n - libtirpc ([libtirpc-rhbg-2138317](http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=4a2d85c64110ee9e21a8c4f9dafd6b0ae621506d), [libtirpc-rhbg-2150611](http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=f7f0abdf267698de3f74a0285405b1b01f40893b), [libtirpc-rhbg-2224666](http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=1d2e10afb2ffc35cb3623f57a15f712359f18e75))\n \n #### Bug fixes:\n \n - Added AWS EKS support for versions 1.24-1.28. Fixed `/usr/share/amazon/eks/download-kubelet.sh` to include download paths for these versions. ([scripts#1210](https://github.com/flatcar/scripts/pull/1210))\n - Disabled systemd-networkd's RoutesToDNS setting by default to fix provisioning failures observed in VMs with multiple network interfaces on Azure ([scripts#1206](https://github.com/flatcar/scripts/pull/1206))\n - Fixed quotes handling for update-engine ([Flatcar#1209](https://github.com/flatcar/Flatcar/issues/1209))\n - Fixed the postinstall hook failure when updating from Azure instances without OEM systemd-sysext images to Flatcar Alpha 3745.x.y ([update_engine#29](https://github.com/flatcar/update_engine/pull/29))\n \n #### Changes:\n \n - To make Kubernetes work by default, `/usr/libexec/kubernetes/kubelet-plugins/volume/exec` is now a symlink to the writable folder `/var/kubernetes/kubelet-plugins/volume/exec` ([Flatcar#1193](https://github.com/flatcar/Flatcar/issues/1193))\n \n #### Updates:\n \n - Go ([1.20.10](https://go.dev/doc/devel/release#go1.20.10) (includes [1.20.9](https://go.dev/doc/devel/release#go1.20.9)))\n - Linux ([6.1.58](https://lwn.net/Articles/947820) (includes [6.1.57](https://lwn.net/Articles/947298), [6.1.56](https://lwn.net/Articles/946854)))\n - ca-certificates ([3.94](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_94.html))\n - containerd ([1.7.7](https://github.com/containerd/containerd/releases/tag/v1.7.7))\n - curl ([8.4.0](https://curl.se/changes.html#8_4_0))\n - libnl ([3.8.0](https://github.com/thom311/libnl/compare/libnl3_7_0...libnl3_8_0))\n - libtirpc ([1.3.4](https://marc.info/?l=linux-nfs&m=169667640909830&w=2))\n - libxml2 ([2.11.5](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.5))\n - openssh ([9.5p1](https://www.openssh.com/releasenotes.html#9.5p1))\n - pigz ([2.8](https://zlib.net/pipermail/pigz-announce_zlib.net/2023-August/000018.html))\n - strace ([6.4](https://github.com/strace/strace/releases/tag/v6.4))\n - whois ([5.5.18](https://github.com/rfc1036/whois/blob/v5.5.18/debian/changelog))" }, + "3794.0.0": { + "channel": "alpha", + "architectures": [ + "amd64", + "arm64" + ], + "release_date": "2023-11-22 07:53:31 +0000", + "major_software": { + "ignition": [ + "2.15.0" + ], + "kernel": [ + "6.1.62" + ], + "systemd": [ + "252" + ] + }, + "release_notes": "**This release removes the legacy \"torcx\" image customisation and replaces this feature with systemd-sysext. Torcx enabled users to deploy custom docker versions; however, it required special packaging using the Flatcar SDK.** Please refer to the \"Changes\" section below for details.\n\n**This release ships a major Docker update: Docker was upgraded to version 24 (from version 20 in the previous release). Please see the \"Changes\" section below for details.**\n\n _Changes since **Alpha 3760.0.0**_\n \n #### Security fixes:\n \n - Linux ([CVE-2023-35827](https://nvd.nist.gov/vuln/detail/CVE-2023-35827), [CVE-2023-46813](https://nvd.nist.gov/vuln/detail/CVE-2023-46813), [CVE-2023-46862](https://nvd.nist.gov/vuln/detail/CVE-2023-46862), [CVE-2023-5178](https://nvd.nist.gov/vuln/detail/CVE-2023-5178), [CVE-2023-5717](https://nvd.nist.gov/vuln/detail/CVE-2023-5717))\n - VMWare: open-vm-tools ([CVE-2023-34058](https://nvd.nist.gov/vuln/detail/CVE-2023-34058), [CVE-2023-34059](https://nvd.nist.gov/vuln/detail/CVE-2023-34059))\n - nghttp2 ([CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487))\n - samba ([CVE-2023-4091](https://nvd.nist.gov/vuln/detail/CVE-2023-4091))\n - zlib ([CVE-2023-45853](https://nvd.nist.gov/vuln/detail/CVE-2023-45853))\n \n #### Bug fixes:\n \n - Fixed iterating over the OEM update payload signatures which prevented the AWS OEM update to 3745.x.y ([update-engine#31](https://github.com/flatcar/update_engine/pull/31))\n - Made `sshkeys.service` more robust to only run `coreos-metadata-sshkeys@core.service` when not masked and also retry on failure ([init#112](https://github.com/flatcar/init/pull/112))\n - Set TTY used for fetching server_context to RAW mode before running cloudinit on cloudsigma ([scripts#1280](https://github.com/flatcar/scripts/pull/1280))\n\n\n #### Known issues:\n\n- docker and containerd packages information are missing from `flatcar_production_image_packages.txt` ([flatcar#1260](https://github.com/flatcar/Flatcar/issues/1260))\n \n #### Changes:\n \n - **Torcx, the mechanism to provide a custom Docker version, was replaced by systemd-sysext in the OS image**. Learn more about sysext and how to customise OS images [here](https://www.flatcar.org/docs/latest/provisioning/sysext/).\n - Torcx entered deprecation 2 years ago in favour of [deploying plain Docker binaries](https://www.flatcar.org/docs/latest/container-runtimes/use-a-custom-docker-or-containerd-version/)\n (which is now also a legacy option because systemd-sysext offers a more robust and better structured way of customisation, including OS independent updates).\n - Torcx has been removed entirely; if you use Torcx to extend the Flatcar base OS image, please refer to our [conversion script](https://www.flatcar.org/docs/latest/provisioning/sysext/#torcx-deprecation) and to the sysext documentation mentioned above for migrating.\n - Consequently, `update_engine` will not perform torcx sanity checks post-update anymore.\n - Relevant changes: [scripts#1216](https://github.com/flatcar/scripts/pull/1216), [update_engine#30](https://github.com/flatcar/update_engine/pull/30), [Mantle#466](https://github.com/flatcar/mantle/pull/466), [Mantle#465](https://github.com/flatcar/mantle/pull/465).\n- cri-tools, runc, containerd, docker, and docker-cli are now built from Gentoo upstream ebuilds. Docker received a major version upgrade - it was updated to Docker 24 (from Docker 20; see \"updates\").\n - **NOTE:** The docker btrfs storage driver has been de-prioritised; BTRFS backed storage will now default to the `overlay2` driver\n ([changelog](https://docs.docker.com/engine/release-notes/23.0/#bug-fixes-and-enhancements-6), [upstream pr](https://github.com/moby/moby/pull/42661)).\n Using the btrfs driver can still be enforced by creating a respective [docker config](https://docs.docker.com/storage/storagedriver/btrfs-driver/#configure-docker-to-use-the-btrfs-storage-driver) at `/etc/docker/daemon.json`.\n - **NOTE:** If you are already using btrfs-backed Docker storage and are upgrading to this new version, Docker will automatically use the `btrfs` storage driver for backwards-compatibility with your deployment.\n - **Docker will remove the `btrfs` driver entirely in a future version. Please consider migrating your deployments to the `overlay2` driver.**\n - Brightbox: The regular OpenStack image should now be used, it includes Afterburn for instance metadata attributes\n - OpenStack: An uncompressed image is provided for simpler import (since the images use qcow2 inline compression, there is no benefit in using the `.gz` or `.bz2` images)\n\n #### Updates:\n \n - Azure: WALinuxAgent ([v2.9.1.1](https://github.com/Azure/WALinuxAgent/releases/tag/v2.9.1.1))\n - DEV, AZURE: python ([3.11.6](https://docs.python.org/release/3.11.6/whatsnew/changelog.html#python-3-11-6))\n - DEV: iperf ([3.15](https://github.com/esnet/iperf/releases/tag/3.15))\n - DEV: smartmontools ([7.4](https://www.smartmontools.org/browser/tags/RELEASE_7_4/smartmontools/NEWS))\n - Go ([1.20.11](https://go.dev/doc/devel/release#go1.20.11))\n - Linux ([6.1.62](https://lwn.net/Articles/950700) (includes [6.1.61](https://lwn.net/Articles/949826), [6.1.60](https://lwn.net/Articles/948817) and [6.1.59](https://lwn.net/Articles/948297)))\n - Linux Firmware ([20231111](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20231111) (includes [20231030](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20231030)))\n - SDK: Rust ([1.73.0](https://github.com/rust-lang/rust/releases/tag/1.73.0))\n - SDK: python packaging ([23.2](https://github.com/pypa/packaging/releases/tag/23.2)), platformdirs ([3.11.0](https://github.com/platformdirs/platformdirs/releases/tag/3.11.0)) \n - VMWare: open-vm-tools ([12.3.5](https://github.com/vmware/open-vm-tools/releases/tag/stable-12.3.5))\n - containerd ([1.7.9](https://github.com/containerd/containerd/releases/tag/v1.7.9) (includes [1.7.8](https://github.com/containerd/containerd/releases/tag/v1.7.8)))\n - cri-tools ([1.27.0](https://github.com/kubernetes-sigs/cri-tools/releases/tag/v1.27.0))\n - ding-libs ([0.6.2](https://github.com/SSSD/ding-libs/releases/tag/0.6.2))\n - docker ([24.0.6](https://docs.docker.com/engine/release-notes/24.0/), includes changes from [23.0](https://docs.docker.com/engine/release-notes/23.0/))\n - ethtool ([6.5](https://git.kernel.org/pub/scm/network/ethtool/ethtool.git/tree/NEWS?h=v6.5))\n - hwdata ([v0.375](https://github.com/vcrhonek/hwdata/releases/tag/v0.375) (includes [0.374](https://github.com/vcrhonek/hwdata/commits/v0.374)))\n - iproute2 ([6.5.0](https://marc.info/?l=linux-netdev&m=169401822317373&w=2))\n - json-c ([0.17](https://github.com/json-c/json-c/blob/json-c-0.17-20230812/ChangeLog))\n - libffi ([3.4.4](https://github.com/libffi/libffi/releases/tag/v3.4.4) (includes [3.4.2](https://github.com/libffi/libffi/releases/tag/v3.4.2) and [3.4.3](https://github.com/libffi/libffi/releases/tag/v3.4.3)))\n - liblinear (246)\n - libsodium ([1.0.19](https://github.com/jedisct1/libsodium/releases/tag/1.0.19-RELEASE))\n - libunistring ([1.1](https://git.savannah.gnu.org/gitweb/?p=libunistring.git;a=blob;f=NEWS;h=5a43ddd7011d62a952733f6c0b7ad52aa4f385c7;hb=8006860b710aae2e8442088c3ddc7d819dfa8ac7))\n - mpc ([1.3.1](https://sympa.inria.fr/sympa/arc/mpc-discuss/2022-12/msg00049.html) (includes [1.3.0](https://sympa.inria.fr/sympa/arc/mpc-discuss/2022-12/msg00028.html))\n - mpfr ([4.2.1](https://gitlab.inria.fr/mpfr/mpfr/-/blob/4.2.1/NEWS))\n - nghttp2 ([1.57.0](https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0) (includes [1.52.0](https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0), [1.53.0](https://github.com/nghttp2/nghttp2/releases/tag/v1.53.0), [1.54.0](https://github.com/nghttp2/nghttp2/releases/tag/v1.54.0), [1.55.0](https://github.com/nghttp2/nghttp2/releases/tag/v1.55.0), [1.55.1](https://github.com/nghttp2/nghttp2/releases/tag/v1.55.1) and [1.56.0](https://github.com/nghttp2/nghttp2/releases/tag/v1.56.0)))\n - nspr ([4.35](https://hg.mozilla.org/projects/nspr/log/b563bfc16c887c48b038b7b441fcc4e40a126d3b))\n - ntp ([4.2.8p17](https://www.ntp.org/support/securitynotice/4_2_8p17-release-announcement/))\n - nvme-cli ([v2.6](https://github.com/linux-nvme/nvme-cli/releases/tag/v2.6), libnvme [v1.6](https://github.com/linux-nvme/libnvme/releases/tag/v1.6))\n - protobuf ([21.12](https://github.com/protocolbuffers/protobuf/releases/tag/v21.12) (includes [21.10](https://github.com/protocolbuffers/protobuf/releases/tag/v21.10) and [21.11](https://github.com/protocolbuffers/protobuf/releases/tag/v21.11)))\n - samba ([4.18.8](https://www.samba.org/samba/history/samba-4.18.8.html))\n - sqlite ([3.43.2](https://www.sqlite.org/releaselog/3_43_2.html))\n - thin-provisioning-tools ([1.0.6](https://github.com/jthornber/thin-provisioning-tools/blob/v1.0.6/CHANGES))" + }, "current": { "channel": "stable", "architectures": [ "amd64", "arm64" ], - "release_date": "2023-10-25 08:39:23 +0000", + "release_date": "2023-11-22 07:55:14 +0000", "major_software": { "containerd": [ "1.6.21" @@ -3213,13 +3233,13 @@ "2.15.0" ], "kernel": [ - "5.15.136" + "5.15.138" ], "systemd": [ "252" ] }, - "release_notes": "_Changes since **Stable 3602.2.0**_\n \n #### Security fixes:\n \n- Linux ([CVE-2023-31085](https://nvd.nist.gov/vuln/detail/CVE-2023-31085), [CVE-2023-34324](https://nvd.nist.gov/vuln/detail/CVE-2023-34324), [CVE-2023-4244](https://nvd.nist.gov/vuln/detail/CVE-2023-4244), [CVE-2023-42754](https://nvd.nist.gov/vuln/detail/CVE-2023-42754), [CVE-2023-5197](https://nvd.nist.gov/vuln/detail/CVE-2023-5197))\n - curl ([CVE-2023-38545](https://nvd.nist.gov/vuln/detail/CVE-2023-38545), [CVE-2023-38546](https://nvd.nist.gov/vuln/detail/CVE-2023-38546))\n \n #### Bug fixes:\n \n - Disabled systemd-networkd's RoutesToDNS setting by default to fix provisioning failures observed in VMs with multiple network interfaces on Azure ([scripts#1206](https://github.com/flatcar/scripts/pull/1206))\n - Fixed a regression in Docker resulting in file permissions being dropped from exported container images. ([scripts#1231](https://github.com/flatcar/scripts/pull/1231))\n \n #### Changes:\n \n - To make Kubernetes work by default, `/usr/libexec/kubernetes/kubelet-plugins/volume/exec` is now a symlink to the writable folder `/var/kubernetes/kubelet-plugins/volume/exec` ([Flatcar#1193](https://github.com/flatcar/Flatcar/issues/1193))\n \n #### Updates:\n \n - Linux ([5.15.136](https://lwn.net/Articles/948297) (includes [5.15.135](https://lwn.net/Articles/947299), [5.15.134](https://lwn.net/Articles/946855)))\n - ca-certificates ([3.94](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_94.html))" + "release_notes": ":warning: From Alpha 3794.0.0 Torcx has been removed - please assert that you don't rely on specific Torcx mechanism but now use systemd-sysext. See [here](https://www.flatcar.org/docs/latest/provisioning/sysext/) for more information.\n\n\n _Changes since **Stable 3602.2.1**_\n \n #### Security fixes:\n \n - Linux ([CVE-2023-46813](https://nvd.nist.gov/vuln/detail/CVE-2023-46813), [CVE-2023-5178](https://nvd.nist.gov/vuln/detail/CVE-2023-5178), [CVE-2023-5717](https://nvd.nist.gov/vuln/detail/CVE-2023-5717))\n \n\n #### Changes:\n \n - Brightbox: The regular OpenStack image should now be used, it includes Afterburn for instance metadata attributes\n - OpenStack: An uncompressed image is provided for simpler import (since the images use qcow2 inline compression, there is no benefit in using the `.gz` or `.bz2` images)\n - linux kernel: added zstd support for squashfs kernel module ([scripts#1297](https://github.com/flatcar/scripts/pull/1297))\n \n #### Updates:\n \n - Linux ([5.15.138](https://lwn.net/Articles/950714) (includes [5.15.137](https://lwn.net/Articles/948818)))" }, "1722.2.0": { "channel": "beta", @@ -6095,6 +6115,32 @@ }, "release_notes": "_Changes since **Beta 3732.1.0**_\n \n #### Security fixes:\n \n - curl ([CVE-2023-38039](https://nvd.nist.gov/vuln/detail/CVE-2023-38039), [CVE-2023-38545](https://nvd.nist.gov/vuln/detail/CVE-2023-38545), [CVE-2023-38546](https://nvd.nist.gov/vuln/detail/CVE-2023-38546))\n - glibc ([CVE-2023-4527](https://nvd.nist.gov/vuln/detail/CVE-2023-4527), [CVE-2023-4806](https://nvd.nist.gov/vuln/detail/CVE-2023-4806))\n - lua ([CVE-2022-33099](https://nvd.nist.gov/vuln/detail/CVE-2022-33099))\n - mit-krb5 ([CVE-2023-36054](https://nvd.nist.gov/vuln/detail/CVE-2023-36054))\n - procps ([CVE-2023-4016](https://nvd.nist.gov/vuln/detail/CVE-2023-4016))\n - samba ([CVE-2021-44142](https://nvd.nist.gov/vuln/detail/CVE-2021-44142), [CVE-2022-1615](https://nvd.nist.gov/vuln/detail/CVE-2022-1615))\n \n #### Bug fixes:\n \n - Disabled systemd-networkd's RoutesToDNS setting by default to fix provisioning failures observed in VMs with multiple network interfaces on Azure ([scripts#1206](https://github.com/flatcar/scripts/pull/1206))\n - Fixed the postinstall hook failure when updating from Azure instances without OEM systemd-sysext images to Flatcar Alpha 3745.x.y ([update_engine#29](https://github.com/flatcar/update_engine/pull/29))\n \n #### Changes:\n \n - AWS OEM images now use a systemd-sysext image for layering additional platform-specific software on top of `/usr`\n - Reworked the VMware OEM software to be shipped as A/B updated systemd-sysext image\n - SDK: Experimental support for [prefix builds](https://github.com/flatcar/scripts/blob/main/PREFIX.md) to create distro independent, portable, self-contained applications w/ all dependencies included. With contributions from [chewi](https://github.com/chewi) and [HappyTobi](https://github.com/HappyTobi).\n - Started shipping default ssh client and ssh daemon configs in `/etc/ssh/ssh_config` and `/etc/ssh/sshd_config` which include config snippets in `/etc/ssh/ssh_config.d` and `/etc/ssh/sshd_config.d`, respectively.\n - The open-vm-tools package in VMware OEM now comes with vmhgfs-fuse, udev rules, pam and vgauth\n - To make Kubernetes work by default, `/usr/libexec/kubernetes/kubelet-plugins/volume/exec` is now a symlink to the writable folder `/var/kubernetes/kubelet-plugins/volume/exec` ([Flatcar#1193](https://github.com/flatcar/Flatcar/issues/1193))\n \n #### Updates:\n \n - Linux ([6.1.58](https://lwn.net/Articles/947820) (includes [6.1.57](https://lwn.net/Articles/947298), [6.1.56](https://lwn.net/Articles/946854)))\n - Linux Firmware ([20230919](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20230919))\n - bind-tools ([9.16.42](https://bind9.readthedocs.io/en/v9.16.42/notes.html#notes-for-bind-9-16-42))\n - ca-certificates ([3.94](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_94.html))\n - checkpolicy ([3.5](https://github.com/SELinuxProject/selinux/releases/tag/3.5))\n - curl ([8.3.0](https://curl.se/changes.html#8_3_0))\n - gcc ([13.2](https://gcc.gnu.org/gcc-13/changes.html))\n - gzip ([1.13](https://savannah.gnu.org/news/?id=10501))\n - libgcrypt ([1.10.2](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=blob;f=NEWS;h=c9a239615f8070427a96688b1be40a81e59e9b8a;hb=1c5cbacf3d88dded5063e959ee68678ff7d0fa56))\n - libselinux ([3.5](https://github.com/SELinuxProject/selinux/releases/tag/3.5))\n - libsemanage ([3.5](https://github.com/SELinuxProject/selinux/releases/tag/3.5))\n - libsepol ([3.5](https://github.com/SELinuxProject/selinux/releases/tag/3.5))\n - lua ([5.4.6](https://www.lua.org/manual/5.4/readme.html#changes))\n - mit-krb5 ([1.21.2](http://web.mit.edu/kerberos/krb5-1.21/))\n - openssh ([9.4p1](https://www.openssh.com/releasenotes.html#9.4p1))\n - policycoreutils ([3.5](https://github.com/SELinuxProject/selinux/releases/tag/3.5))\n - procps ([4.0.4](https://gitlab.com/procps-ng/procps/-/releases/v4.0.4) (includes [4.0.3](https://gitlab.com/procps-ng/procps/-/releases/v4.0.3) and [4.0.0](https://gitlab.com/procps-ng/procps/-/releases/v4.0.0)))\n - rpcsvc-proto ([1.4.4](https://github.com/thkukuk/rpcsvc-proto/releases/tag/v1.4.4))\n - samba ([4.18.4](https://wiki.samba.org/index.php/Samba_4.18_Features_added/changed#Samba_4.18.4))\n - selinux-base ([2.20221101](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20221101))\n - selinux-base-policy ([2.20221101](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20221101))\n - selinux-container ([2.20221101](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20221101))\n - selinux-sssd ([2.20221101](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20221101))\n - selinux-unconfined ([2.20221101](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20221101))\n - semodule-utils ([3.5](https://github.com/SELinuxProject/selinux/releases/tag/3.5))\n - SDK: Rust ([1.72.1](https://github.com/rust-lang/rust/releases/tag/1.72.1))\n - VMWARE: libdnet ([1.16.2](https://github.com/ofalk/libdnet/releases/tag/libdnet-1.16.2) (includes [1.16](https://github.com/ofalk/libdnet/releases/tag/libdnet-1.16)))\n\n _Changes since **Alpha 3745.0.0**_\n \n #### Security fixes:\n \n - curl ([CVE-2023-38545](https://nvd.nist.gov/vuln/detail/CVE-2023-38545), [CVE-2023-38546](https://nvd.nist.gov/vuln/detail/CVE-2023-38546))\n \n #### Bug fixes:\n \n - Disabled systemd-networkd's RoutesToDNS setting by default to fix provisioning failures observed in VMs with multiple network interfaces on Azure ([scripts#1206](https://github.com/flatcar/scripts/pull/1206))\n - Fixed the postinstall hook failure when updating from Azure instances without OEM systemd-sysext images to Flatcar Alpha 3745.x.y ([update_engine#29](https://github.com/flatcar/update_engine/pull/29))\n \n #### Changes:\n \n - To make Kubernetes work by default, `/usr/libexec/kubernetes/kubelet-plugins/volume/exec` is now a symlink to the writable folder `/var/kubernetes/kubelet-plugins/volume/exec` ([Flatcar#1193](https://github.com/flatcar/Flatcar/issues/1193))\n \n #### Updates:\n \n - Linux ([6.1.58](https://lwn.net/Articles/947820) (includes [6.1.57](https://lwn.net/Articles/947298), [6.1.56](https://lwn.net/Articles/946854)))\n - ca-certificates ([3.94](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_94.html))" }, + "3760.1.0": { + "channel": "beta", + "architectures": [ + "amd64", + "arm64" + ], + "release_date": "2023-11-22 07:54:40 +0000", + "major_software": { + "containerd": [ + "1.7.7" + ], + "docker": [ + "20.10.24" + ], + "ignition": [ + "2.15.0" + ], + "kernel": [ + "6.1.62" + ], + "systemd": [ + "252" + ] + }, + "release_notes": ":warning: From Alpha 3794.0.0 Torcx has been removed - please assert that you don't rely on specific Torcx mechanism but now use systemd-sysext. See [here](https://www.flatcar.org/docs/latest/provisioning/sysext/) for more information.\n\n _Changes since **Beta 3745.1.0**_\n \n #### Security fixes:\n \n - Linux ([CVE-2023-35827](https://nvd.nist.gov/vuln/detail/CVE-2023-35827), [CVE-2023-46813](https://nvd.nist.gov/vuln/detail/CVE-2023-46813), [CVE-2023-46862](https://nvd.nist.gov/vuln/detail/CVE-2023-46862), [CVE-2023-5178](https://nvd.nist.gov/vuln/detail/CVE-2023-5178), [CVE-2023-5717](https://nvd.nist.gov/vuln/detail/CVE-2023-5717))\n - curl ([CVE-2023-38545](https://nvd.nist.gov/vuln/detail/CVE-2023-38545), [CVE-2023-38546](https://nvd.nist.gov/vuln/detail/CVE-2023-38546))\n - glibc ([CVE-2023-4911](https://nvd.nist.gov/vuln/detail/CVE-2023-4911))\n - go ([CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325), [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325))\n - grub ([CVE-2023-4692](https://nvd.nist.gov/vuln/detail/CVE-2023-4692), [CVE-2023-4693](https://nvd.nist.gov/vuln/detail/CVE-2023-4693))\n - libtirpc ([libtirpc-rhbg-2138317](http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=4a2d85c64110ee9e21a8c4f9dafd6b0ae621506d), [libtirpc-rhbg-2150611](http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=f7f0abdf267698de3f74a0285405b1b01f40893b), [libtirpc-rhbg-2224666](http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=1d2e10afb2ffc35cb3623f57a15f712359f18e75))\n \n #### Bug fixes:\n \n - Added AWS EKS support for versions 1.24-1.28. Fixed `/usr/share/amazon/eks/download-kubelet.sh` to include download paths for these versions. ([scripts#1210](https://github.com/flatcar/scripts/pull/1210))\n - Fixed iterating over the OEM update payload signatures which prevented the AWS OEM update to 3745.x.y ([update-engine#31](https://github.com/flatcar/update_engine/pull/31))\n - Fixed quotes handling for update-engine ([Flatcar#1209](https://github.com/flatcar/Flatcar/issues/1209))\n - Made `sshkeys.service` more robust to only run `coreos-metadata-sshkeys@core.service` when not masked and also retry on failure ([init#112](https://github.com/flatcar/init/pull/112))\n \n #### Changes:\n \n - Brightbox: The regular OpenStack image should now be used, it includes Afterburn for instance metadata attributes\n - OpenStack: An uncompressed image is provided for simpler import (since the images use qcow2 inline compression, there is no benefit in using the `.gz` or `.bz2` images)\n \n #### Updates:\n \n - Go ([1.20.10](https://go.dev/doc/devel/release#go1.20.10) (includes [1.20.9](https://go.dev/doc/devel/release#go1.20.9)))\n - Linux ([6.1.62](https://lwn.net/Articles/950700) (includes [6.1.61](https://lwn.net/Articles/949826), [6.1.60](https://lwn.net/Articles/948817) and includes [6.1.59](https://lwn.net/Articles/948299)))\n - containerd ([1.7.7](https://github.com/containerd/containerd/releases/tag/v1.7.7))\n - curl ([8.4.0](https://curl.se/changes.html#8_4_0))\n - libnl ([3.8.0](https://github.com/thom311/libnl/compare/libnl3_7_0...libnl3_8_0))\n - libtirpc ([1.3.4](https://marc.info/?l=linux-nfs&m=169667640909830&w=2))\n - libxml2 ([2.11.5](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.5))\n - openssh ([9.5p1](https://www.openssh.com/releasenotes.html#9.5p1))\n - pigz ([2.8](https://zlib.net/pipermail/pigz-announce_zlib.net/2023-August/000018.html))\n - strace([6.4](https://github.com/strace/strace/releases/tag/v6.4))\n - whois ([5.5.18](https://github.com/rfc1036/whois/blob/v5.5.18/debian/changelog))\n \n _Changes since **Alpha 3760.0.0**_\n \n #### Security fixes:\n \n - Linux ([CVE-2023-35827](https://nvd.nist.gov/vuln/detail/CVE-2023-35827), [CVE-2023-46813](https://nvd.nist.gov/vuln/detail/CVE-2023-46813), [CVE-2023-46862](https://nvd.nist.gov/vuln/detail/CVE-2023-46862), [CVE-2023-5178](https://nvd.nist.gov/vuln/detail/CVE-2023-5178), [CVE-2023-5717](https://nvd.nist.gov/vuln/detail/CVE-2023-5717))\n \n #### Bug fixes:\n \n - Fixed iterating over the OEM update payload signatures which prevented the AWS OEM update to 3745.x.y ([update-engine#31](https://github.com/flatcar/update_engine/pull/31))\n - Made `sshkeys.service` more robust to only run `coreos-metadata-sshkeys@core.service` when not masked and also retry on failure ([init#112](https://github.com/flatcar/init/pull/112))\n \n #### Changes:\n \n - Brightbox: The regular OpenStack image should now be used, it includes Afterburn for instance metadata attributes\n - OpenStack: An uncompressed image is provided for simpler import (since the images use qcow2 inline compression, there is no benefit in using the `.gz` or `.bz2` images)\n \n #### Updates:\n \n - Linux ([6.1.62](https://lwn.net/Articles/950700) (includes [6.1.61](https://lwn.net/Articles/949826), [6.1.60](https://lwn.net/Articles/948817) and includes [6.1.59](https://lwn.net/Articles/948299)))" + }, "2051.99.1": { "channel": "edge", "architectures": [ @@ -10329,5 +10375,31 @@ ] }, "release_notes": "_Changes since **Stable 3602.2.0**_\n \n #### Security fixes:\n \n- Linux ([CVE-2023-31085](https://nvd.nist.gov/vuln/detail/CVE-2023-31085), [CVE-2023-34324](https://nvd.nist.gov/vuln/detail/CVE-2023-34324), [CVE-2023-4244](https://nvd.nist.gov/vuln/detail/CVE-2023-4244), [CVE-2023-42754](https://nvd.nist.gov/vuln/detail/CVE-2023-42754), [CVE-2023-5197](https://nvd.nist.gov/vuln/detail/CVE-2023-5197))\n - curl ([CVE-2023-38545](https://nvd.nist.gov/vuln/detail/CVE-2023-38545), [CVE-2023-38546](https://nvd.nist.gov/vuln/detail/CVE-2023-38546))\n \n #### Bug fixes:\n \n - Disabled systemd-networkd's RoutesToDNS setting by default to fix provisioning failures observed in VMs with multiple network interfaces on Azure ([scripts#1206](https://github.com/flatcar/scripts/pull/1206))\n - Fixed a regression in Docker resulting in file permissions being dropped from exported container images. ([scripts#1231](https://github.com/flatcar/scripts/pull/1231))\n \n #### Changes:\n \n - To make Kubernetes work by default, `/usr/libexec/kubernetes/kubelet-plugins/volume/exec` is now a symlink to the writable folder `/var/kubernetes/kubelet-plugins/volume/exec` ([Flatcar#1193](https://github.com/flatcar/Flatcar/issues/1193))\n \n #### Updates:\n \n - Linux ([5.15.136](https://lwn.net/Articles/948297) (includes [5.15.135](https://lwn.net/Articles/947299), [5.15.134](https://lwn.net/Articles/946855)))\n - ca-certificates ([3.94](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_94.html))" + }, + "3602.2.2": { + "channel": "stable", + "architectures": [ + "amd64", + "arm64" + ], + "release_date": "2023-11-22 07:55:14 +0000", + "major_software": { + "containerd": [ + "1.6.21" + ], + "docker": [ + "20.10.24" + ], + "ignition": [ + "2.15.0" + ], + "kernel": [ + "5.15.138" + ], + "systemd": [ + "252" + ] + }, + "release_notes": ":warning: From Alpha 3794.0.0 Torcx has been removed - please assert that you don't rely on specific Torcx mechanism but now use systemd-sysext. See [here](https://www.flatcar.org/docs/latest/provisioning/sysext/) for more information.\n\n\n _Changes since **Stable 3602.2.1**_\n \n #### Security fixes:\n \n - Linux ([CVE-2023-46813](https://nvd.nist.gov/vuln/detail/CVE-2023-46813), [CVE-2023-5178](https://nvd.nist.gov/vuln/detail/CVE-2023-5178), [CVE-2023-5717](https://nvd.nist.gov/vuln/detail/CVE-2023-5717))\n \n\n #### Changes:\n \n - Brightbox: The regular OpenStack image should now be used, it includes Afterburn for instance metadata attributes\n - OpenStack: An uncompressed image is provided for simpler import (since the images use qcow2 inline compression, there is no benefit in using the `.gz` or `.bz2` images)\n - linux kernel: added zstd support for squashfs kernel module ([scripts#1297](https://github.com/flatcar/scripts/pull/1297))\n \n #### Updates:\n \n - Linux ([5.15.138](https://lwn.net/Articles/950714) (includes [5.15.137](https://lwn.net/Articles/948818)))" } } From 3ddd8e9518b1336d8faaa2312c7b662ac1f173b0 Mon Sep 17 00:00:00 2001 From: Mathieu Tortuyaux Date: Wed, 22 Nov 2023 11:25:59 +0100 Subject: [PATCH 2/2] data/releases/alpha: manually add containerd/docker Signed-off-by: Mathieu Tortuyaux --- data/releases/alpha/3794.0.0.yml | 2 ++ data/releases/alpha/current.yml | 2 ++ 2 files changed, 4 insertions(+) diff --git a/data/releases/alpha/3794.0.0.yml b/data/releases/alpha/3794.0.0.yml index a5b5798a..f9965291 100644 --- a/data/releases/alpha/3794.0.0.yml +++ b/data/releases/alpha/3794.0.0.yml @@ -139,5 +139,7 @@ image_packages: ignition: 2.15.0 kernel: 6.1.62 systemd: '252' + docker: 24.0.6 + containerd: 1.7.9 release: 3794.0.0 version: 3794.0.0 diff --git a/data/releases/alpha/current.yml b/data/releases/alpha/current.yml index 0bd685da..9f43c0d2 100644 --- a/data/releases/alpha/current.yml +++ b/data/releases/alpha/current.yml @@ -139,5 +139,7 @@ image_packages: ignition: 2.15.0 kernel: 6.1.62 systemd: '252' + docker: 24.0.6 + containerd: 1.7.9 release: current version: 3794.0.0