flatcar/scripts alpha-4459.0.0

on GitHub

Changes since Alpha 4426.0.0

Security fixes:

• Linux (CVE-2025-39734, CVE-2025-39732, CVE-2025-39731, CVE-2025-39730, CVE-2025-39727, CVE-2025-38650, CVE-2025-38648, CVE-2025-38646, CVE-2025-38645, CVE-2025-38644, CVE-2025-38660, CVE-2025-38659, CVE-2025-38653, CVE-2025-38652, CVE-2025-38628, CVE-2025-38626, CVE-2025-38625, CVE-2025-38624, CVE-2025-38623, CVE-2025-38622, CVE-2025-38640, CVE-2025-38639, CVE-2025-38635, CVE-2025-38634, CVE-2025-38632, CVE-2025-38631, CVE-2025-38630, CVE-2025-38619, CVE-2025-38618, CVE-2025-38617, CVE-2025-38611, CVE-2025-38615, CVE-2025-38612, CVE-2025-38577, CVE-2025-38586, CVE-2025-38585, CVE-2025-38583, CVE-2025-38582, CVE-2025-38581, CVE-2025-38610, CVE-2025-38609, CVE-2025-38608, CVE-2025-38604, CVE-2025-38602, CVE-2025-38601, CVE-2025-38579, CVE-2025-38595, CVE-2025-38593, CVE-2025-38590, CVE-2025-38588, CVE-2025-38587, CVE-2025-38578, CVE-2025-38563, CVE-2025-38562, CVE-2025-38561, CVE-2025-38560, CVE-2025-38559, CVE-2025-38557, CVE-2025-38576, CVE-2025-38574, CVE-2025-38573, CVE-2025-38572, CVE-2025-38571, CVE-2025-38569, CVE-2025-38568, CVE-2025-38566, CVE-2025-38565, CVE-2025-38555, CVE-2025-38553, CVE-2025-38501, CVE-2025-39798, CVE-2025-39797, CVE-2025-39795, CVE-2025-39794, CVE-2025-39792, CVE-2025-39750, CVE-2025-39760, CVE-2025-39758, CVE-2025-39757, CVE-2025-39756, CVE-2025-39754, CVE-2025-39753, CVE-2025-39752, CVE-2025-39763, CVE-2025-39761, CVE-2025-39751, CVE-2025-39744, CVE-2025-39743, CVE-2025-39742, CVE-2025-39739, CVE-2025-39738, CVE-2025-39749, CVE-2025-39748, CVE-2025-39747, CVE-2025-39746, CVE-2025-39736, CVE-2025-39737, CVE-2025-38727, CVE-2025-38729, CVE-2025-38728, CVE-2025-38694, CVE-2025-38703, CVE-2025-38702, CVE-2025-38701, CVE-2025-38700, CVE-2025-38699, CVE-2025-38698, CVE-2025-38726, CVE-2025-38725, CVE-2025-38724, CVE-2025-38697, CVE-2025-38723, CVE-2025-38722, CVE-2025-38721, CVE-2025-38718, CVE-2025-38717, CVE-2025-38716, CVE-2025-38715, CVE-2025-38714, CVE-2025-38696, CVE-2025-38713, CVE-2025-38712, CVE-2025-38711, CVE-2025-38710, CVE-2025-38709, CVE-2025-38708, CVE-2025-38707, CVE-2025-38706, CVE-2025-38705, CVE-2025-38704, CVE-2025-38695, CVE-2025-38688, CVE-2025-38687, CVE-2025-38686, CVE-2025-38685, CVE-2025-38684, CVE-2025-38683, CVE-2025-38681, CVE-2025-38693, CVE-2025-38692, CVE-2025-38691, CVE-2025-38679, CVE-2025-38680, CVE-2025-38616, CVE-2025-39773, CVE-2025-39772, CVE-2025-39770, CVE-2025-39791, CVE-2025-39790, CVE-2025-39788, CVE-2025-39787, CVE-2025-39767, CVE-2025-39783, CVE-2025-39782, CVE-2025-39781, CVE-2025-39780, CVE-2025-39779, CVE-2025-39776, CVE-2025-39765, CVE-2025-39766, CVE-2025-39759, CVE-2025-39711, CVE-2025-39720, CVE-2025-39719, CVE-2025-39718, CVE-2025-39716, CVE-2025-39715, CVE-2025-39714, CVE-2025-39713, CVE-2025-39724, CVE-2025-39723, CVE-2025-39722, CVE-2025-39721, CVE-2025-39712, CVE-2025-39675, CVE-2025-39673, CVE-2025-38737, CVE-2025-38736, CVE-2025-39710, CVE-2025-39709, CVE-2025-39707, CVE-2025-38735, CVE-2025-39706, CVE-2025-39705, CVE-2025-39703, CVE-2025-39702, CVE-2025-39701, CVE-2025-39700, CVE-2025-39698, CVE-2025-39697, CVE-2025-38734, CVE-2025-39695, CVE-2025-39694, CVE-2025-39693, CVE-2025-39692, CVE-2025-39691, CVE-2025-39689, CVE-2025-39687, CVE-2025-39686, CVE-2025-38733, CVE-2025-39685, CVE-2025-39684, CVE-2025-39683, CVE-2025-39682, CVE-2025-39681, CVE-2025-39679, CVE-2025-39676, CVE-2025-38732, CVE-2025-38730, CVE-2025-38677, CVE-2025-40300)
• glib (CVE-2025-7039)
• glibc (CVE-2025-8058)
• gnutls (CVE-2025-32988, CVE-2025-32989, CVE-2025-32990, CVE-2025-6395)
• go (CVE-2025-47906, CVE-2025-47907)
• iperf (CVE-2025-54349, CVE-2025-54350, CVE-2025-54351)
• nvidia-drivers (CVE-2025-23277, CVE-2025-23278, CVE-2025-23279, CVE-2025-23286)
• python (CVE-2025-6069, CVE-2025-8194)
• vim (CVE-2025-53905, CVE-2025-53906, CVE-2025-9390)

Bug fixes:

• Enabled CONFIG_CPUSETS_V1 to mitigate cgroupsv1 removal (e.g JVM) (Flatcar#1884)

Changes:

• Enable CONFIG_INET_DIAG_DESTROY in kernel options (flatcar/scripts#3176)
• Hyper-V images now use a systemd-sysext image for layering additional platform-specific software on top of /usr

Updates:

• Ignition (2.22.0)
• Linux (6.12.47 (includes 6.12.46, 6.12.45, 6.12.44, 6.12.43, 6.12.42))
• Linux Firmware (20250808)
• SDK: gnu-efi (4.0.2)
• SDK: go (1.24.6)
• SDK: rust (1.88.0)
• SDK: sbsigntools (0.9.5)
• azure, dev, gce, sysext-python: gdbm (1.26)
• azure, dev, gce, sysext-python: python (3.11.13_p1)
• base, dev: azure-vm-utils (0.7.0)
• base, dev: btrfs-progs (6.15)
• base, dev: cryptsetup (2.8.0)
• base, dev: curl (8.15.0 (includes 8.14.1, 8.14.0))
• base, dev: e2fsprogs (1.47.3)
• base, dev: ethtool (6.15)
• base, dev: glib (2.84.4)
• base, dev: gnutls (3.8.10)
• base, dev: iproute2 (6.16.0)
• base, dev: kmod (34.2)
• base, dev: libgcrypt (1.11.2)
• base, dev: libnvme (1.15)
• base, dev: libsodium (1.0.20_p20250606)
• base, dev: libusb (1.0.29)
• base, dev: lsof (4.99.5)
• base, dev: ncurses (6.5_p20250531)
• base, dev: nettle (3.10.2)
• base, dev: ntp (4.2.8_p18)
• base, dev: nvidia-drivers-service (amd64) (535.261.03)
• base, dev: nvidia-drivers-service (arm64) (570.172.08)
• base, dev: nvme-cli (2.15)
• base, dev: openssl (3.4.2)
• base, dev: pciutils (3.14.0)
• base, dev: pinentry (1.3.2)
• base, dev: pkgconf (2.5.1 (includes 2.5.0))
• base, dev: rpcbind (1.2.8)
• base, dev: selinux (2.20250213)
• base, dev: sqlite (3.50.4 (includes 3.50.3))
• base, dev: strace (6.16)
• base, dev: sudo (1.9.17_p2)
• base, dev: vim (9.1.1652)
• ca-certificates (3.115.1 (includes 3.115))
• dev: gnuconfig (20250710)
• dev: iperf (3.19.1)
• sysext-incus, sysext-podman, vmware: fuse (3.17.3)
• sysext-incus: cowsql (1.15.9)
• sysext-nvidia-drivers-535, sysext-nvidia-drivers-535-open: nvidia-drivers (535.261.03)
• sysext-nvidia-drivers-570, sysext-nvidia-drivers-570-open: nvidia-drivers (570.181) (includes 570.172.08)
• sysext-python: distlib (0.4.0)
• sysext-python: rich (14.1.0)
• sysext-python: trove-classifiers (2025.8.26.11 (includes 2025.8.6.13))
• sysext-python: truststore (0.10.4)