Changes since Beta 3815.1.0
Security fixes:
- Linux (CVE-2022-27672, CVE-2022-36402, CVE-2022-36402, CVE-2022-40982, CVE-2022-4269, CVE-2022-45886, CVE-2022-45887, CVE-2022-45919, CVE-2022-48425, CVE-2023-0160, CVE-2023-0160, CVE-2023-0459, CVE-2023-1032, CVE-2023-1076, CVE-2023-1077, CVE-2023-1079, CVE-2023-1118, CVE-2023-1192, CVE-2023-1194, CVE-2023-1206, CVE-2023-1281, CVE-2023-1380, CVE-2023-1380, CVE-2023-1513, CVE-2023-1583, CVE-2023-1611, CVE-2023-1670, CVE-2023-1829, CVE-2023-1855, CVE-2023-1859, CVE-2023-1989, CVE-2023-1990, CVE-2023-1998, CVE-2023-2002, CVE-2023-2002, CVE-2023-20569, CVE-2023-20588, CVE-2023-20593, CVE-2023-2124, CVE-2023-21255, CVE-2023-21264, CVE-2023-2156, CVE-2023-2156, CVE-2023-2163, CVE-2023-2163, CVE-2023-2194, CVE-2023-2235, CVE-2023-2248, CVE-2023-2248, CVE-2023-2269, CVE-2023-2269, CVE-2023-2483, CVE-2023-25012, CVE-2023-25775, CVE-2023-25775, CVE-2023-2598, CVE-2023-26545, CVE-2023-28466, CVE-2023-28866, CVE-2023-2898, CVE-2023-2985, CVE-2023-30456, CVE-2023-30772, CVE-2023-3090, CVE-2023-31085, CVE-2023-3117, CVE-2023-31248, CVE-2023-3141, CVE-2023-31436, CVE-2023-31436, CVE-2023-3212, CVE-2023-3220, CVE-2023-32233, CVE-2023-32233, CVE-2023-32247, CVE-2023-32247, CVE-2023-32248, CVE-2023-32248, CVE-2023-32250, CVE-2023-32250, CVE-2023-32252, CVE-2023-32252, CVE-2023-32254, CVE-2023-32254, CVE-2023-32257, CVE-2023-32257, CVE-2023-32258, CVE-2023-32258, CVE-2023-3268, CVE-2023-3268, CVE-2023-3269, CVE-2023-3269, CVE-2023-3312, CVE-2023-3312, CVE-2023-3317, CVE-2023-33203, CVE-2023-33250, CVE-2023-33250, CVE-2023-33288, CVE-2023-3355, CVE-2023-3390, CVE-2023-33951, CVE-2023-33951, CVE-2023-33952, CVE-2023-33952, CVE-2023-34255, CVE-2023-34256, CVE-2023-34256, CVE-2023-34319, CVE-2023-34324, CVE-2023-35001, CVE-2023-35788, CVE-2023-35823, CVE-2023-35823, CVE-2023-35824, CVE-2023-35824, CVE-2023-35826, CVE-2023-35826, CVE-2023-35827, CVE-2023-35828, CVE-2023-35828, CVE-2023-35829, CVE-2023-35829, CVE-2023-3609, CVE-2023-3610, CVE-2023-3610, CVE-2023-3611, CVE-2023-37453, CVE-2023-37453, CVE-2023-3772, CVE-2023-3773, CVE-2023-3776, CVE-2023-3777, CVE-2023-38409, CVE-2023-38426, CVE-2023-38427, CVE-2023-38428, CVE-2023-38429, CVE-2023-38430, CVE-2023-38431, CVE-2023-38432, CVE-2023-38432, CVE-2023-3863, CVE-2023-3863, CVE-2023-3865, CVE-2023-3865, CVE-2023-3866, CVE-2023-3866, CVE-2023-3867, CVE-2023-39189, CVE-2023-39191, CVE-2023-39192, CVE-2023-39192, CVE-2023-39193, CVE-2023-39193, CVE-2023-39194, CVE-2023-39197, CVE-2023-39197, CVE-2023-39198, CVE-2023-4004, CVE-2023-4015, CVE-2023-40283, CVE-2023-40791, CVE-2023-4128, CVE-2023-4132, CVE-2023-4133, CVE-2023-4133, CVE-2023-4134, CVE-2023-4134, CVE-2023-4147, CVE-2023-4155, CVE-2023-4194, CVE-2023-4206, CVE-2023-4207, CVE-2023-4208, CVE-2023-4244, CVE-2023-4273, CVE-2023-42752, CVE-2023-42752, CVE-2023-42753, CVE-2023-42753, CVE-2023-42754, CVE-2023-42756, CVE-2023-44466, CVE-2023-4563, CVE-2023-4569, CVE-2023-45862, CVE-2023-45863, CVE-2023-45871, CVE-2023-45871, CVE-2023-45898, CVE-2023-4610, CVE-2023-4611, CVE-2023-4623, CVE-2023-4623, CVE-2023-46343, CVE-2023-46813, CVE-2023-46838, CVE-2023-46838, CVE-2023-46862, CVE-2023-46862, CVE-2023-4881, CVE-2023-4921, CVE-2023-50431, CVE-2023-50431, CVE-2023-5090, CVE-2023-51042, CVE-2023-51043, CVE-2023-5158, CVE-2023-51779, CVE-2023-51780, CVE-2023-51781, CVE-2023-51782, CVE-2023-5197, CVE-2023-5345, CVE-2023-5633, CVE-2023-5717, CVE-2023-5972, CVE-2023-6039, CVE-2023-6111, CVE-2023-6121, CVE-2023-6176, CVE-2023-6200, CVE-2023-6531, CVE-2023-6546, CVE-2023-6560, CVE-2023-6606, CVE-2023-6610, CVE-2023-6610, CVE-2023-6622, CVE-2023-6817, CVE-2023-6915, CVE-2023-6915, CVE-2023-6931, CVE-2023-6932, CVE-2023-7192, CVE-2024-0193, CVE-2024-0443, CVE-2024-0565, CVE-2024-0582, CVE-2024-0584, CVE-2024-0607, CVE-2024-0607, CVE-2024-0639, CVE-2024-0641, CVE-2024-0646, CVE-2024-0775, CVE-2024-0775, CVE-2024-1085, CVE-2024-1085, CVE-2024-1086, CVE-2024-1086, CVE-2024-1312, CVE-2024-22705, CVE-2024-23849, CVE-2024-23849)
- binutils (CVE-2023-1972)
- curl (CVE-2023-46218, CVE-2023-46219)
- docker (CVE-2024-24557)
- gnutls (CVE-2023-5981)
- intel-microcode (CVE-2023-23583)
- libxml2 (CVE-2023-45322)
- openssh (CVE-2023-48795, CVE-2023-51384, CVE-2023-51385)
- openssl (CVE-2023-3817, CVE-2023-5363, CVE-2023-5678)
- runc (CVE-2024-21626)
- traceroute (CVE-2023-46316)
- vim (CVE-2023-5344, CVE-2023-5441, CVE-2023-5535, CVE-2023-46246)
- SDK: perl (CVE-2023-47038)
Bug fixes:
- Added a workaround for old airgapped/proxied update-engine clients to be able to update to this release (Flatcar#1332, update_engine#38)
- Fixed the handling of OEM update payloads in a Nebraska response with self-hosted packages (ue-rs#49)
- Forwarded the proxy environment variables of
update-engine.service
to the postinstall script to support fetching OEM systemd-sysext payloads through a proxy (Flatcar#1326)
Changes:
- Added a
flatcar-update --oem-payloads <yes|no>
flag to skip providing OEM payloads, e.g., for downgrades (init#114) - Update generation SLSA provenance info from v0.2 to v1.0.
Updates:
- Linux (6.6.16 (includes 6.6.15, 6.6.14, 6.6.13, 6.6.12, 6.6.11, 6.6.10, 6.6.9, 6.6.8, 6.6.7, 6.6))
- Linux Firmware (20231211)
- Go (1.20.13)
- bash (5.2_p21)
- binutils (2.41)
- bpftool (6.5.7)
- c-ares (1.21.0)
- ca-certificates (3.97)
- containerd (1.7.13 (includes 1.7.11))
- coreutils (9.4)
- curl (8.5.0)
- docker (24.0.9)
- elfutils (0.190)
- gawk (5.3.0)
- gentoolkit (0.6.3)
- gettext (0.22.4)
- glib (2.78.3)
- gnutls (3.8.2)
- groff (1.23.0)
- hwdata (0.376)
- intel-microcode (20231114_p20231114)
- iproute2 (6.6.0)
- ipset (7.19)
- jq (1.7.1 (includes 1.7))
- kbd (2.6.4)
- kmod (31)
- libarchive (3.7.2)
- libdnet (1.16.4)
- libksba (1.6.5)
- libnsl (2.0.1)
- libxslt (1.1.39)
- lsof (4.99.0)
- lz4 (1.9.4)
- openssh (9.6p1)
- openssl (3.0.12)
- readline (8.2_p7)
- runc (1.1.12)
- selinux-base (2.20231002)
- selinux-base-policy (2.20231002)
- selinux-container (2.20231002)
- selinux-dbus (2.20231002)
- selinux-sssd (2.20231002)
- selinux-unconfined (2.20231002)
- sqlite (3.44.2)
- strace (6.6)
- traceroute (2.1.3)
- usbutils (016)
- util-linux (2.39.2)
- vim (9.0.2092)
- whois (5.5.20)
- xmlsec (1.3.2)
- xz-utils (5.4.5)
- zlib (1.3)
- SDK: perl (5.38.2)
- SDK: portage (3.0.59)
- SDK: python (3.11.7)
- SDK: repo (2.37)
- SDK: Rust (1.75.0 (includes 1.74.1))
Changes since Alpha 3850.0.0
Security fixes:
- Linux (CVE-2023-46838, CVE-2023-50431, CVE-2023-6610, CVE-2023-6915, CVE-2024-1085, CVE-2024-1086, CVE-2024-23849)
- docker (CVE-2024-24557)
- runc (CVE-2024-21626)
Bug fixes:
- Added a workaround for old airgapped/proxied update-engine clients to be able to update to this release (Flatcar#1332, update_engine#38)
- Fixed the handling of OEM update payloads in a Nebraska response with self-hosted packages (ue-rs#49)
- Forwarded the proxy environment variables of
update-engine.service
to the postinstall script to support fetching OEM systemd-sysext payloads through a proxy (Flatcar#1326)
Changes:
- Added a
flatcar-update --oem-payloads <yes|no>
flag to skip providing OEM payloads, e.g., for downgrades (init#114)