flatcar/scripts alpha-4426.0.0

on GitHub

Changes since Alpha 4372.0.1

Security fixes:

• Linux (CVE-2025-38523, CVE-2025-38436, CVE-2025-38434, CVE-2025-38362, CVE-2025-38361, CVE-2025-38355, CVE-2025-38369, CVE-2025-38368, CVE-2025-38365, CVE-2025-38364, CVE-2025-38363, CVE-2025-38353, CVE-2025-38354, CVE-2025-38246, CVE-2025-38245, CVE-2025-38244, CVE-2025-38264, CVE-2025-38263, CVE-2025-38262, CVE-2025-38260, CVE-2025-38259, CVE-2025-38258, CVE-2025-38257, CVE-2025-38256, CVE-2025-38255, CVE-2025-38253, CVE-2025-38251, CVE-2025-38250, CVE-2025-38249, CVE-2025-38239, CVE-2025-38236, CVE-2025-38413, CVE-2025-38412, CVE-2025-38410, CVE-2025-38409, CVE-2025-38407, CVE-2025-38408, CVE-2025-38406, CVE-2025-38405, CVE-2025-38404, CVE-2025-38403, CVE-2025-38401, CVE-2025-38402, CVE-2025-38379, CVE-2025-38377, CVE-2025-38376, CVE-2025-38375, CVE-2025-38374, CVE-2025-38400, CVE-2025-38373, CVE-2025-38399, CVE-2025-38396, CVE-2025-38395, CVE-2025-38393, CVE-2025-38392, CVE-2025-38391, CVE-2025-38390, CVE-2025-38372, CVE-2025-38389, CVE-2025-38388, CVE-2025-38387, CVE-2025-38386, CVE-2025-38385, CVE-2025-38384, CVE-2025-38383, CVE-2025-38382, CVE-2025-38381, CVE-2025-38380, CVE-2025-38371, CVE-2025-38360, CVE-2025-38356, CVE-2025-38350, CVE-2025-38546, CVE-2025-38545, CVE-2025-38544, CVE-2025-38543, CVE-2025-38542, CVE-2025-38540, CVE-2025-38541, CVE-2025-38520, CVE-2025-38521, CVE-2025-38512, CVE-2025-38511, CVE-2025-38510, CVE-2025-38507, CVE-2025-38506, CVE-2025-38517, CVE-2025-38516, CVE-2025-38515, CVE-2025-38514, CVE-2025-38513, CVE-2025-38503, CVE-2025-38505, CVE-2025-38460, CVE-2025-38467, CVE-2025-38466, CVE-2025-38465, CVE-2025-38464, CVE-2025-38463, CVE-2025-38462, CVE-2025-38461, CVE-2025-38446, CVE-2025-38445, CVE-2025-38444, CVE-2025-38443, CVE-2025-38441, CVE-2025-38440, CVE-2025-38459, CVE-2025-38458, CVE-2025-38457, CVE-2025-38439, CVE-2025-38456, CVE-2025-38455, CVE-2025-38454, CVE-2025-38452, CVE-2025-38451, CVE-2025-38450, CVE-2025-38449, CVE-2025-38448, CVE-2025-38437, CVE-2025-38438, CVE-2025-38349, CVE-2024-57809, CVE-2024-57838, CVE-2024-56780, CVE-2024-56779, CVE-2024-56778, CVE-2024-56777, CVE-2024-56776, CVE-2024-56775, CVE-2024-56774, CVE-2024-56773, CVE-2024-56771, CVE-2024-56772, CVE-2024-56556, CVE-2024-56565, CVE-2024-56564, CVE-2024-56563, CVE-2024-56562, CVE-2024-56561, CVE-2024-56560, CVE-2024-56559, CVE-2024-56582, CVE-2024-56581, CVE-2024-56580, CVE-2024-56579, CVE-2024-56578, CVE-2024-56577, CVE-2024-56576, CVE-2024-56558, CVE-2024-56575, CVE-2024-56574, CVE-2024-56573, CVE-2024-56572, CVE-2024-56571, CVE-2024-56570, CVE-2024-56569, CVE-2024-56568, CVE-2024-56567, CVE-2024-56566, CVE-2024-56557, CVE-2024-56555, CVE-2024-56554, CVE-2024-56553, CVE-2024-56550, CVE-2024-56552, CVE-2024-56551, CVE-2025-38552, CVE-2025-38551, CVE-2025-38550, CVE-2025-38549, CVE-2025-38547, CVE-2025-38548, CVE-2025-38531, CVE-2025-38530, CVE-2025-38529, CVE-2025-38528, CVE-2025-38527, CVE-2025-38526, CVE-2025-38524, CVE-2025-38539, CVE-2025-38538, CVE-2025-38537, CVE-2025-38535, CVE-2025-38533, CVE-2025-38532, CVE-2025-38499, CVE-2025-38478, CVE-2025-38477, CVE-2025-38476, CVE-2025-38475, CVE-2025-38474, CVE-2025-38473, CVE-2025-38472, CVE-2025-38497, CVE-2025-38496, CVE-2025-38495, CVE-2025-38494, CVE-2025-38493, CVE-2025-38491, CVE-2025-38490, CVE-2025-38471, CVE-2025-38489, CVE-2025-38488, CVE-2025-38487, CVE-2025-38485, CVE-2025-38484, CVE-2025-38483, CVE-2025-38482, CVE-2025-38481, CVE-2025-38480, CVE-2025-38469, CVE-2025-38470, CVE-2025-38468, CVE-2025-38500)
• bind (CVE-2024-11187, CVE-2024-12705)
• containerd (CVE-2025-47291)
• git (CVE-2025-48384, CVE-2025-48385, CVE-2025-48386)
• glib (CVE-2025-4373)
• go (CVE-2025-22873, CVE-2025-4673, CVE-2025-0913, CVE-2025-22874, CVE-2025-4674)
• jq (CVE-2024-23337, CVE-2024-53427, CVE-2025-48060)
• libxml2 (CVE-2025-49794, CVE-2025-49795, CVE-2025-49796, CVE-2025-32414, CVE-2025-32415)
• nvidia-drivers-service (CVE-2025-23244)
• podman (CVE-2025-6032)
• python (CVE-2025-4516, CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4517)
• requests (CVE-2024-47081)
• vim (CVE-2025-1215, CVE-2025-22134, CVE-2025-24014, GHSA-63p5-mwg2-787v, CVE-2025-27423, CVE-2025-29768)

Bug fixes:

• Fixed a UID/GID mis-alignment for user/group messagebus between acct-user/acct-group and baselayout. (baselayout#36)
• Reenabled console support for DRM drivers, so that with the virtio graphics driver the interactive console is shown again after boot (Flatcar#1834)
• sysext-podman: removed /etc/subuid and /etc/subgid generation for core user, before this change it partially overwrites the file and causes issues. (Flatcar#1733) This could be created through initial provisioning. (scripts#3043)

Changes:

• Added overlaybd system extension to support accelerated container images.
  Add overlaybd to /etc/flatcar/enabled-sysext.conf to check it out.
  The extension includes both overlaybd as well as accelerated-container-image tools.
• Azure OEM: add inotify-tools, python urllib3 (flatcar/scripts#3116)

Updates:

• Linux (6.12.41 (includes 6.12.40, 6.12.39, 6.12.38, 6.12.37, 6.12.36, 6.12.35))
• Linux Firmware (20250708 (includes 20250627))
• SDK: cmake (3.31.7)
• SDK: gdb (16.3 (includes 16.2, 16.1))
• SDK: gentoo-syntax (16)
• SDK: go (1.24.5 (includes 1.24.4))
• SDK: iperf (3.19)
• SDK: m4 (1.4.20)
• SDK: maturin (1.9.1)
• SDK: meson (1.7.2)
• SDK: mtools (4.0.49)
• SDK: nano (8.5)
• SDK: pkgcheck (0.10.36)
• SDK: python-cryptography (45.0.4)
• SDK: qemu (9.2.3)
• SDK: rust (1.87.0 (includes 1.86.0))
• azure, dev, gce, sysext-python: mpdecimal (4.0.1)
• azure, dev, gce, sysext-python: python (3.11.13)
• base, dev: bind (9.18.37 (includes 9.18.36, 9.18.35, 9.18.34, 9.18.33, 9.18.32))
• base, dev: checkpolicy (3.8.1 (includes 3.8))
• base, dev: elfutils (0.193)
• base, dev: gawk (5.3.2)
• base, dev: gcc (14.3.0)
• base, dev: glib (2.84.3 (includes 2.84.2, 2.84.1, 2.84.0, 2.83.5, 2.83.4, 2.83.3, 2.83.2, 2.83.1, 2.83.0))
• base, dev: glibc (2.41)
• base, dev: gnupg (2.4.8)
• base, dev: grep (3.12)
• base, dev: gzip (1.14)
• base, dev: inih (60 (includes (59)))
• base, dev: ipset (7.24)
• base, dev: iputils (20250605-r1 (includes (20250605, 20250602)))
• base, dev: jansson (2.14.1)
• base, dev: jq (1.8.1 (includes 1.8.0))
• base, dev: kexec-tools (2.0.31)
• base, dev: libarchive (3.8.1 (includes 3.8.0))
• base, dev: libcap (2.76 (includes 2.75, 2.74, 2.73, 2.72))
• base, dev: libffi (3.5.1 (includes 3.4.8, 3.4.7))
• base, dev: libgcrypt (1.11.1)
• base, dev: libgpg-error (1.55 (includes (1.53, 1.52)))
• base, dev: libnftnl (1.2.9)
• base, dev: libselinux (3.8.1 (includes 3.8))
• base, dev: libsepol (3.8.1 (includes 3.8))
• base, dev: libunistring (1.3)
• base, dev: libunwind (1.8.2)
• base, dev: liburing (2.9 (includes 2.8))
• base, dev: libusb (1.0.28)
• base, dev: libuv (1.51.0)
• base, dev: libxml2 (2.14.5 (includes 2.13.8))
• base, dev: nvidia-drivers-service (amd64) (535.247.01)
• base, dev: nvidia-drivers-service (arm64) (570.169 (includes 570.153.02, 570.148.08, 570.133.20, 570.124.06))
• base, dev: openssh (10.0_p1)
• base, dev: openssl (3.4.1 (includes 3.4.0))
• base, dev: quota (4.10)
• base, dev: semodule-utils (3.8.1 (includes 3.8))
• base, dev: sqlite (3.50.2 (includes 3.49.2))
• base, dev: sssd (2.9.7)
• base, dev: userspace-rcu (0.15.3 (includes 0.15.2))
• base, dev: vim (9.1.1436)
• base, dev: xz-utils (5.8.1 (includes 5.8.0))
• btrfs-progs (6.14)
• ca-certificates (3.114 (includes 3.113.1,3.113))
• chrony (4.7)
• curl (8.14.1)
• dbus-glib (0.114)
• dev, sysext-incus: squashfs-tools (4.7)
• dev: file (5.46)
• dev: man-db (2.13.1)
• dev: pahole (1.30)
• dev: portage (3.0.68)
• dev: sandbox (2.46)
• dev: smartmontools (7.5)
• ethtool (6.14)
• fuse-overlayfs (1.15)
• git (2.49.1)
• iproute2 (6.15.0)
• kbd (2.8.0)
• less (679)
• libnvme (1.14)
• ncurses (6.5_p20250329)
• nftables (1.1.3)
• nvme-cli (2.14)
• procps (4.0.5)
• sysext-python: ensurepip-pip (25.1.1)
• sysext-python: jaraco-collections (5.2.1)
• sysext-python: jaraco-functools (4.2.1)
• sysext-python: pygments (2.19.2)
• sysext-python: resolvelib (1.2.0)
• samba (4.20.8)
• strace (6.15)
• sysext-containerd: containerd (2.0.5)
• sysext-containerd: runc (1.2.6)
• sysext-docker: docker (28.0.4 (includes 28.0.3, 28.0.2))
• sysext-incus: cowsql (1.15.8)
• sysext-incus: incus (6.0.4)
• sysext-incus: lxc (6.0.4)
• sysext-incus: lxcfs (6.0.4)
• sysext-podman: containers-common (0.63.0)
• sysext-podman: gpgme (1.24.3)
• sysext-podman: passt ((2025.6.11 (includes 2025.04.15)))
• sysext-podman: podman (5.5.2)
• sysext-python: cachecontrol (0.14.3 (includes 0.14.2))
• sysext-python: charset-normalizer (3.4.2)
• sysext-python: more-itertools (10.7.0)
• sysext-python: msgpack (1.1.1)
• sysext-python: packaging (25.0)
• sysext-python: pip (25.1.1 (includes 25.1))
• sysext-python: platformdirs (4.3.8)
• sysext-python: requests (2.32.4 (includes 2.32.3))
• sysext-python: setuptools (80.9.0 (includes 80.8.0, 80.7.0, 80.6.0, 80.4.0, 80.3.0, 80.2.0, 80.1.0, 80.0.0, 79.0.0))
• sysext-python: setuptools-scm (8.3.1 (includes 8.3.0))
• sysext-python: trove-classifiers (2025.5.9.12 (includes 2025.5.8.15, 2025.5.8.13, 2025.5.7.19, 2025.5.1.12, 2025.4.28.22))
• sysext-python: typing-extensions (4.14.1 (includes 4.14.0))
• sysext-python: urllib3 (2.5.0)
• sysext-zfs: zfs (2.3.3 (includes 2.3.2))
• util-linux (2.41.1)
• vmware: open-vm-tools (13.0.0)
• xfsprogs (6.14.0)