Changes since Alpha 4152.0.0
Security fixes:
- Linux (CVE-2024-53103, CVE-2024-53104, CVE-2024-53088, CVE-2024-53082, CVE-2024-53083, CVE-2024-53081, CVE-2024-53060, CVE-2024-53068, CVE-2024-53066, CVE-2024-53063, CVE-2024-53072, CVE-2024-53070, CVE-2024-53061, CVE-2024-50302, CVE-2024-50301, CVE-2024-50296, CVE-2024-50295, CVE-2024-50294, CVE-2024-50292, CVE-2024-50290, CVE-2024-50300, CVE-2024-50299, CVE-2024-50298, CVE-2024-50275, CVE-2024-50284, CVE-2024-50283, CVE-2024-50282, CVE-2024-50280, CVE-2024-50279, CVE-2024-50278, CVE-2024-50287, CVE-2024-50286, CVE-2024-50285, CVE-2024-50276, CVE-2024-50273, CVE-2024-50272, CVE-2024-50271, CVE-2024-50269, CVE-2024-50268, CVE-2024-50267, CVE-2024-50264, CVE-2024-50265, CVE-2024-53102, CVE-2024-53101, CVE-2024-53100, CVE-2024-53099, CVE-2024-53097, CVE-2024-53095, CVE-2024-53094, CVE-2024-53093, CVE-2024-53091, CVE-2024-53079, CVE-2024-53135, CVE-2024-53134, CVE-2024-53131, CVE-2024-53130, CVE-2024-53129, CVE-2024-53140, CVE-2024-53139, CVE-2024-53138, CVE-2024-53136, CVE-2024-53126, CVE-2024-53127, CVE-2024-53113, CVE-2024-53112, CVE-2024-53110, CVE-2024-53109, CVE-2024-53108, CVE-2024-53123, CVE-2024-53122, CVE-2024-53121, CVE-2024-53120, CVE-2024-53119, CVE-2024-53106)
- OpenSSL (CVE-2024-2511, CVE-2024-4603, CVE-2024-4741, CVE-2024-5535, CVE-2024-6119, CVE-2024-9143)
- expat (CVE-2024-50602)
- sssd (CVE-2023-3758)
- wget (CVE-2024-10524)
Bug fixes:
- Added qemu-guest-agent to ARM64 images (flatcar/flatcar#1593)
Changes:
- Additional GRUB modules are no longer installed for UEFI platforms to save space and also because they cannot be loaded with Secure Boot enabled. This does not affect existing installations.
- The GRUB modules on non-UEFI platforms are now compressed with xz rather than gzip to save even more space. This does not affect existing installations.
- The VFIO kernel modules are now also available in ARM64 builds. (flatcar/scripts#2484)
- Enabled the gtp kernel module. This is the GPRS Tunneling Protocol datapath for usage in telecoms scenarios. (flatcar/scripts#2504)
Updates:
- Linux (6.6.65 (includes 6.6.64, 6.6.63, 6.6.62, 6.6.61))
- Linux Firmware (20241210 (includes 20241110))
- OpenSSL (3.2.3)
- SDK: autoconf (2.72)
- SDK: cmake (3.30.5)
- SDK: libpng (1.6.44)
- SDK: perf (6.11.7)
- SDK: pkgcheck (0.10.32)
- SDK: portage (3.0.66.1)
- SDK: Go (1.22.10)
- azure: chrony (4.6.1)
- base, dev: azure-vm-utils (0.4.0)
- base, dev: bind (9.18.29)
- base, dev: bpftool (7.4.0)
- base, dev: btrfs-progs (6.11)
- base, dev: checkpolicy (3.7)
- base, dev: expat (2.6.4)
- base, dev: gawk (5.3.1)
- base, dev: gcc (14.2.1_p20241116)
- base, dev: iproute2 (6.11.0 (includes 6.10.0))
- base, dev: iputils (20240905)
- base, dev: json-c (0.18)
- base, dev: kexec-tools (2.0.29)
- base, dev: less (668)
- base, dev: libarchive (3.7.7)
- base, dev: libnetfilter_conntrack (1.1.0)
- base, dev: libnftnl (1.2.8)
- base, dev: libselinux (3.7)
- base, dev: libsepol (3.7)
- base, dev: libuv (1.49.2 (includes 1.49.1, 1.49.0))
- base, dev: libxml2 (2.12.8)
- base, dev: mokutil (0.7.2)
- base, dev: openldap (2.6.6 (includes 2.6.5))
- base, dev: pax-utils (1.3.8)
- base, dev: util-linux (2.40.2 (includes 2.40.1, 2.40.0))
- base, dev: wget (1.25.0)
- base, dev: xfsprogs (6.10.1 (includes 6.10.0, 6.9.0))
- base, dev: xz-utils (5.6.3)
- ca-certificates (3.107)
- dev: gentoolkit (0.6.8)
- docker: docker (27.3.1)
- docker: docker-cli (27.3.1)
- sssd (2.9.5 (includes 2.9.4, 2.9.3, 2.9.2, 2.9.1, 2.9.0, 2.8.0, 2.7.0, 2.6.0, 2.5.0, 2.4.0)
- sysext-python: cachecontrol (0.14.1)
- sysext-python: charset-normalizer (3.4.0)
- sysext-python: distlib (0.3.9)
- sysext-python: jaraco-functools (4.1.0)
- sysext-python: packaging (24.2)
- sysext-python: pyproject-hooks (1.2.0)
- sysext-python: resolvelib (1.1.0)
- sysext-python: rich (13.9.3)
- sysext-python: trove-classifiers (2024.10.21.16)
- sysext-python: truststore (0.10.0)
- vmware: libmspack (1.11)
- vmware: xmlsec (1.3.5)