alpha-4081.0.0
tormath1
released this
05 Sep 11:37
·
1473 commits
to main
since this release
Changes since Alpha 4054.0.0
Security fixes:
- Linux (CVE-2024-44944, CVE-2024-43877, CVE-2024-43876, CVE-2024-43875, CVE-2024-43873, CVE-2024-43871, CVE-2024-43881, CVE-2024-43880, CVE-2024-43879, CVE-2024-43869, CVE-2024-43870, CVE-2024-43856, CVE-2024-43860, CVE-2024-43859, CVE-2024-43858, CVE-2024-43833, CVE-2024-43832, CVE-2024-43831, CVE-2024-43830, CVE-2024-43829, CVE-2024-43828, CVE-2024-43855, CVE-2024-43854, CVE-2024-43853, CVE-2024-43851, CVE-2024-43850, CVE-2024-43849, CVE-2024-43847, CVE-2024-43846, CVE-2024-43845, CVE-2024-43842, CVE-2024-43841, CVE-2024-43839, CVE-2024-43837, CVE-2024-43834, CVE-2024-43825, CVE-2024-43823, CVE-2024-43821, CVE-2024-43818, CVE-2024-43817, CVE-2024-42321, CVE-2024-42322, CVE-2024-42288, CVE-2024-42297, CVE-2024-42296, CVE-2024-42295, CVE-2024-42294, CVE-2024-42292, CVE-2024-42320, CVE-2024-42318, CVE-2024-42291, CVE-2024-42316, CVE-2024-42315, CVE-2024-42314, CVE-2024-42313, CVE-2024-42311, CVE-2024-42310, CVE-2024-42309, CVE-2024-42308, CVE-2024-42290, CVE-2024-42307, CVE-2024-42306, CVE-2024-42305, CVE-2024-42304, CVE-2024-42303, CVE-2024-42302, CVE-2024-42301, CVE-2024-42299, CVE-2024-42298, CVE-2024-42289, CVE-2024-42284, CVE-2024-42283, CVE-2024-42281, CVE-2024-42280, CVE-2024-42279, CVE-2024-42278, CVE-2024-42277, CVE-2024-42287, CVE-2024-42286, CVE-2024-42285, CVE-2023-52889, CVE-2024-42276, CVE-2024-43867, CVE-2024-43866, CVE-2024-43864, CVE-2024-43863, CVE-2024-42312, CVE-2024-42274, CVE-2024-42273, CVE-2024-42272, CVE-2024-42271, CVE-2024-42270, CVE-2024-42269, CVE-2024-42268, CVE-2024-42267, CVE-2024-42265, CVE-2024-43908, CVE-2024-44931, CVE-2024-43914, CVE-2024-43912, CVE-2024-44935, CVE-2024-44934, CVE-2024-43909, CVE-2024-43905, CVE-2024-43903, CVE-2024-43902, CVE-2024-43900, CVE-2024-43907, CVE-2024-43906, CVE-2024-43897, CVE-2024-43894, CVE-2024-43893, CVE-2024-43892, CVE-2024-43890, CVE-2024-43889, CVE-2024-43895, CVE-2024-43883, CVE-2024-43861, CVE-2024-42259, CVE-2024-44943, CVE-2024-44942, CVE-2024-44941, CVE-2024-44940, CVE-2024-44938, CVE-2024-44939, CVE-2024-43898, CVE-2024-43882, CVE-2024-44947, CVE-2024-44946)
- SDK: re2c (CVE-2022-23901)
- curl (CVE-2024-7264)
- Linux Firmware (CVE-2023-31315)
Bug fixes:
- Fix ownership of systemd units shipped with built-in docker/containerd sysexts. The files shipped on production images were accidentally owned by 1000:1000 instead of 0:0. This uid/gid is not present on Flatcar images but would be assigned to the first created user. Due to contents of sysexts and /usr being readonly on Flatcar, the invalid permissions can't be used to escalate privileges. (scripts#2266)
- Equinix Metal: Fixed oem-cloudinit.service. The availability check now uses the https://metadata.platformequinix.com/metadata endpoint. (scripts#2222)
- Fixed slow boots PXE and ISO boots caused by the decrypt-root.service. (Flatcar#1514)
- Fixed the initrd option in the QEMU launcher script. It was -R, but this was already taken by the read-only pflash option, so use -r instead. (scripts#2239)
Changes:
- Replace nmap netcat with openbsd variant. The license didn't get an exception from CNCF. Something about the definition of "derivative works" being too broad.
- The
docker build
command will now use buildx as its backend as the old one became deprecated and a loud "DEPRECATED" information is printed every time it's used.
Updates:
- Go (1.21.13)
- Linux (6.6.48 (includes 6.6.47, 6.6.46, 6.6.45, 6.6.44))
- Linux Firmware (20240811)
- Open-iSCSI (2.1.10)
- Azure: azure-nvme-utils (0.2.0)
- ca-certificates (3.104)
- conntrack-tools (1.4.8)
- containerd (1.7.21)
- curl (8.9.1)
- dev: minicom (2.9)
- elfutils (0.191)
- gce, sysext-python: setuptools (72.1.0 (includes 71.1.0, 71.0.0))
- gflags (2.2.2)
- glog (0.6.0)
- libmicrohttpd (1.0.1 (includes 1.0.0))
- lz4 (1.10.0)
- nghttp2 (1.62.1)
- npth (1.7)
- sysext-python: more-itertools (10.4.0)
- sysext-python: pip (24.2 (includes 24.1.2))
- sysext-python: wheel (0.44.0)
- sysext-zfs: zfs (2.2.5 (includes 2.2.4))
- tcpdump (4.99.4)
- SDK: meson (1.5.1)
- SDK: pahole (1.27)
- SDK: Rust (1.80.1)