Changes since Alpha 4487.0.1
Security fixes:
- containerd (CVE-2024-25621, CVE-2025-64329)
- expat (CVE-2025-59375)
- intel-microcode (CVE-2024-28956, CVE-2024-43420, CVE-2024-45332, CVE-2025-20012, CVE-2025-20054, CVE-2025-20103, CVE-2025-20623, CVE-2025-24495, CVE-2025-20053, CVE-2025-20109, CVE-2025-22839, CVE-2025-22840, CVE-2025-22889, CVE-2025-26403)
- nvidia-drivers (CVE-2025-23280, CVE-2025-23282, CVE-2025-23300, CVE-2025-23330, CVE-2025-23332, CVE-2025-23345)
- openssh (CVE-2025-61984, CVE-2025-61985)
- openssl (CVE-2025-9230, CVE-2025-9231, CVE-2025-9232)
- runc (CVE-2025-31133, CVE-2025-52565, CVE-2025-52881)
Bug fixes:
- Alpha only: Added Fusion SCSI disk drivers back to the initrd after they got lost in the rework (Flatcar#1924)
- Configured the services in the overlaybd sysext to start automatically like the other sysexts. Note that the sysext must be enabled at boot time for this to happen, otherwise you need to call
systemd-tmpfiles --createandsystemctl daemon-reloadfirst.
Changes:
- Alpha only: Reduced Azure image size again to 30 GB as before by shrinking the root partition to compensate for the growth of the other partitions (scripts#3460)
- The way that files for building custom kernel modules are installed has changed from a Ubuntu-inspired method to the standard upstream kernel method. In the unlikely event that this breaks your module builds, please let the Flatcar team know immediately.
Updates:
- Linux Firmware (20251011, 20251021)
- SDK: cmake (3.31.9)
- SDK: go (1.25.1 (includes 1.25))
- SDK: qemu (10.0.5)
- azure, dev: inotify-tools (4.25.9.0)
- azure, stackit: chrony (4.8)
- base, dev: bind (9.18.38)
- base, dev: bpftool (7.6.0)
- base, dev: btrfs-progs (6.16.1)
- base, dev: expat (2.7.3)
- base, dev: gettext (0.23.2 (includes 0.23.1, 0.23.0))
- base, dev: git (2.51.0 (includes 2.50.0))
- base, dev: intel-microcode (20250812 (includes 20250512))
- base, dev: libxml2 (2.14.6 (includes 2.14.5, 2.14.4, 2.14.3, 2.14.2, 2.14.1, 2.14.0))
- base, dev: nftables (1.1.5)
- base, dev: nvidia-drivers-service (amd64) (535.274.02)
- base, dev: nvidia-drivers-service (arm64) (570.195.03)
- base, dev: openssh (10.2_p1 (includes 10.1))
- base, dev: openssl (3.4.3)
- base, dev: xfsprogs (6.16.0 (includes 6.15.0))
- sysext-containerd: containerd (2.1.5 (includes 2.1.4))
- sysext-containerd: runc (1.3.3 (includes 1.3.2, 1.3.1))
- sysext-nvidia-drivers-535, sysext-nvidia-drivers-535-open: nvidia-drivers (535.274.02)
- sysext-nvidia-drivers-570, sysext-nvidia-drivers-570-open: nvidia-drivers (570.195.03)
- sysext-podman: crun (1.21)
- sysext-podman: netavark (1.15.2 (includes 1.15.1, 1.15.0))
- sysext-podman: passt (2025.06.11)
- sysext-python: platformdirs (4.4.0)
- sysext-python: typing-extensions (4.15.0)
- systemd (257.9)