flatcar/scripts alpha-4593.0.0

on GitHub

Changes since Alpha 4547.0.0

Security fixes:

• Linux (CVE-2025-68335, CVE-2025-68332, CVE-2025-68337, CVE-2025-68336, CVE-2025-68265, CVE-2025-68266, CVE-2025-68263, CVE-2025-68261, CVE-2025-68259, CVE-2025-68258, CVE-2025-68257, CVE-2025-68256, CVE-2025-68264, CVE-2025-68254, CVE-2025-68255, CVE-2025-68764, CVE-2025-68766, CVE-2025-68765, CVE-2025-68759, CVE-2025-68758, CVE-2025-68757, CVE-2025-68756, CVE-2025-68753, CVE-2025-68763, CVE-2025-68744, CVE-2025-68742, CVE-2025-68741, CVE-2025-68740, CVE-2025-68748, CVE-2025-68747, CVE-2025-68746, CVE-2025-68724, CVE-2025-68380, CVE-2025-68379, CVE-2025-68378, CVE-2025-68733, CVE-2025-68732, CVE-2025-68728, CVE-2025-68727, CVE-2025-68374, CVE-2025-68352, CVE-2025-68349, CVE-2025-68348, CVE-2025-68347, CVE-2025-68372, CVE-2025-68371, CVE-2025-68369, CVE-2025-68367, CVE-2025-68366, CVE-2025-68364, CVE-2025-68346, CVE-2025-68363, CVE-2025-68362, CVE-2025-68361, CVE-2025-68356, CVE-2025-68354, CVE-2025-68344, CVE-2025-68325, CVE-2025-68324, CVE-2025-71157, CVE-2025-71156, CVE-2025-71154, CVE-2025-71153, CVE-2025-71151, CVE-2025-71150, CVE-2025-71149, CVE-2025-71148, CVE-2025-71146, CVE-2025-71147, CVE-2025-71143, CVE-2025-71140, CVE-2025-71138, CVE-2025-71137, CVE-2025-71136, CVE-2025-71135, CVE-2025-71133, CVE-2025-71132, CVE-2025-71131, CVE-2025-71130, CVE-2025-71129, CVE-2025-71111, CVE-2025-71109, CVE-2025-71108, CVE-2025-71107, CVE-2025-71105, CVE-2025-71126, CVE-2025-71125, CVE-2025-71123, CVE-2025-71122, CVE-2025-71104, CVE-2025-71121, CVE-2025-71120, CVE-2025-71119, CVE-2025-71118, CVE-2025-71116, CVE-2025-71114, CVE-2025-71113, CVE-2025-71112, CVE-2025-71102, CVE-2025-71079, CVE-2025-71087, CVE-2025-71086, CVE-2025-71085, CVE-2025-71084, CVE-2025-71083, CVE-2025-71082, CVE-2025-71101, CVE-2025-71100, CVE-2025-71099, CVE-2025-71081, CVE-2025-71098, CVE-2025-71097, CVE-2025-71096, CVE-2025-71095, CVE-2025-71094, CVE-2025-71093, CVE-2025-71091, CVE-2025-71089, CVE-2025-71080, CVE-2025-71078, CVE-2025-71064, CVE-2025-71073, CVE-2025-71072, CVE-2025-71071, CVE-2025-71069, CVE-2025-71068, CVE-2025-71067, CVE-2025-71066, CVE-2025-71077, CVE-2025-71076, CVE-2025-71075, CVE-2025-71065, CVE-2025-68820, CVE-2025-68822, CVE-2025-68821, CVE-2025-68785, CVE-2025-68794, CVE-2025-68789, CVE-2025-68819, CVE-2025-68818, CVE-2025-68817, CVE-2025-68816, CVE-2025-68815, CVE-2025-68788, CVE-2025-68814, CVE-2025-68813, CVE-2025-68811, CVE-2025-68810, CVE-2025-68809, CVE-2025-68808, CVE-2025-68806, CVE-2025-68787, CVE-2025-68804, CVE-2025-68803, CVE-2025-68802, CVE-2025-68801, CVE-2025-68800, CVE-2025-68799, CVE-2025-68798, CVE-2025-68797, CVE-2025-68796, CVE-2025-68795, CVE-2025-68786, CVE-2025-68776, CVE-2025-68775, CVE-2025-68774, CVE-2025-68773, CVE-2025-68772, CVE-2025-68771, CVE-2025-68770, CVE-2025-68769, CVE-2025-68784, CVE-2025-68783, CVE-2025-68782, CVE-2025-68781, CVE-2025-68780, CVE-2025-68778, CVE-2025-68777, CVE-2025-68767, CVE-2025-71144, CVE-2025-71134, CVE-2025-71127, CVE-2025-71088, CVE-2026-22982, CVE-2026-22980, CVE-2026-22979, CVE-2026-22978, CVE-2026-22994, CVE-2025-71160, CVE-2026-22992, CVE-2026-22991, CVE-2026-22990, CVE-2026-22989, CVE-2026-22988, CVE-2026-22984, CVE-2026-22977, CVE-2026-22976)
• gnupg (CVE-2025-68972, CVE-2025-68973, gnupg-20251228-notdash)
• openssl (CVE-2025-11187, CVE-2025-15467, CVE-2025-15468, CVE-2025-15469, CVE-2025-66199, CVE-2025-68160, CVE-2025-69418, CVE-2025-69419, CVE-2025-69420, CVE-2025-69421, CVE-2026-22795, CVE-2026-22796)

Changes:

• Dropped Ciphers, MACs, and KexAlgorithms from the sshd configuration so that the OpenSSH upstream defaults are used. This introduces post-quantum key exchange algorithms for better security. (Flatcar#1921). Users requiring legacy Ciphers, MACs, and/or KexAlgos can override / re-enable this by deploying a custom drop-in config to /etc/ssh/sshd_config.d/.
• Enabled netkit module (scripts#3524)

Updates:

• Linux (6.12.66 (includes 6.12.65, 6.12.64, 6.12.63, 6.12.62))
• base, dev: gnupg (2.5.16 (includes 2.5))
• base, dev: libgpg-error (1.57)
• ca-certificates (3.120)
• dracut (109 (includes 108, 107))
• etcdctl (3.5.18)
• sysext-podman: gpgme (2.0.1)
• openssl (3.5.5)
• sysext-python: python (3.12.12 (includes 3.12.0))