flatcar/scripts beta-3850.1.0

on GitHub

Changes since Beta 3815.1.0

Security fixes:

• Linux (CVE-2022-27672, CVE-2022-36402, CVE-2022-36402, CVE-2022-40982, CVE-2022-4269, CVE-2022-45886, CVE-2022-45887, CVE-2022-45919, CVE-2022-48425, CVE-2023-0160, CVE-2023-0160, CVE-2023-0459, CVE-2023-1032, CVE-2023-1076, CVE-2023-1077, CVE-2023-1079, CVE-2023-1118, CVE-2023-1192, CVE-2023-1194, CVE-2023-1206, CVE-2023-1281, CVE-2023-1380, CVE-2023-1380, CVE-2023-1513, CVE-2023-1583, CVE-2023-1611, CVE-2023-1670, CVE-2023-1829, CVE-2023-1855, CVE-2023-1859, CVE-2023-1989, CVE-2023-1990, CVE-2023-1998, CVE-2023-2002, CVE-2023-2002, CVE-2023-20569, CVE-2023-20588, CVE-2023-20593, CVE-2023-2124, CVE-2023-21255, CVE-2023-21264, CVE-2023-2156, CVE-2023-2156, CVE-2023-2163, CVE-2023-2163, CVE-2023-2194, CVE-2023-2235, CVE-2023-2248, CVE-2023-2248, CVE-2023-2269, CVE-2023-2269, CVE-2023-2483, CVE-2023-25012, CVE-2023-25775, CVE-2023-25775, CVE-2023-2598, CVE-2023-26545, CVE-2023-28466, CVE-2023-28866, CVE-2023-2898, CVE-2023-2985, CVE-2023-30456, CVE-2023-30772, CVE-2023-3090, CVE-2023-31085, CVE-2023-3117, CVE-2023-31248, CVE-2023-3141, CVE-2023-31436, CVE-2023-31436, CVE-2023-3212, CVE-2023-3220, CVE-2023-32233, CVE-2023-32233, CVE-2023-32247, CVE-2023-32247, CVE-2023-32248, CVE-2023-32248, CVE-2023-32250, CVE-2023-32250, CVE-2023-32252, CVE-2023-32252, CVE-2023-32254, CVE-2023-32254, CVE-2023-32257, CVE-2023-32257, CVE-2023-32258, CVE-2023-32258, CVE-2023-3268, CVE-2023-3268, CVE-2023-3269, CVE-2023-3269, CVE-2023-3312, CVE-2023-3312, CVE-2023-3317, CVE-2023-33203, CVE-2023-33250, CVE-2023-33250, CVE-2023-33288, CVE-2023-3355, CVE-2023-3390, CVE-2023-33951, CVE-2023-33951, CVE-2023-33952, CVE-2023-33952, CVE-2023-34255, CVE-2023-34256, CVE-2023-34256, CVE-2023-34319, CVE-2023-34324, CVE-2023-35001, CVE-2023-35788, CVE-2023-35823, CVE-2023-35823, CVE-2023-35824, CVE-2023-35824, CVE-2023-35826, CVE-2023-35826, CVE-2023-35827, CVE-2023-35828, CVE-2023-35828, CVE-2023-35829, CVE-2023-35829, CVE-2023-3609, CVE-2023-3610, CVE-2023-3610, CVE-2023-3611, CVE-2023-37453, CVE-2023-37453, CVE-2023-3772, CVE-2023-3773, CVE-2023-3776, CVE-2023-3777, CVE-2023-38409, CVE-2023-38426, CVE-2023-38427, CVE-2023-38428, CVE-2023-38429, CVE-2023-38430, CVE-2023-38431, CVE-2023-38432, CVE-2023-38432, CVE-2023-3863, CVE-2023-3863, CVE-2023-3865, CVE-2023-3865, CVE-2023-3866, CVE-2023-3866, CVE-2023-3867, CVE-2023-39189, CVE-2023-39191, CVE-2023-39192, CVE-2023-39192, CVE-2023-39193, CVE-2023-39193, CVE-2023-39194, CVE-2023-39197, CVE-2023-39197, CVE-2023-39198, CVE-2023-4004, CVE-2023-4015, CVE-2023-40283, CVE-2023-40791, CVE-2023-4128, CVE-2023-4132, CVE-2023-4133, CVE-2023-4133, CVE-2023-4134, CVE-2023-4134, CVE-2023-4147, CVE-2023-4155, CVE-2023-4194, CVE-2023-4206, CVE-2023-4207, CVE-2023-4208, CVE-2023-4244, CVE-2023-4273, CVE-2023-42752, CVE-2023-42752, CVE-2023-42753, CVE-2023-42753, CVE-2023-42754, CVE-2023-42756, CVE-2023-44466, CVE-2023-4563, CVE-2023-4569, CVE-2023-45862, CVE-2023-45863, CVE-2023-45871, CVE-2023-45871, CVE-2023-45898, CVE-2023-4610, CVE-2023-4611, CVE-2023-4623, CVE-2023-4623, CVE-2023-46343, CVE-2023-46813, CVE-2023-46838, CVE-2023-46838, CVE-2023-46862, CVE-2023-46862, CVE-2023-4881, CVE-2023-4921, CVE-2023-50431, CVE-2023-50431, CVE-2023-5090, CVE-2023-51042, CVE-2023-51043, CVE-2023-5158, CVE-2023-51779, CVE-2023-51780, CVE-2023-51781, CVE-2023-51782, CVE-2023-5197, CVE-2023-5345, CVE-2023-5633, CVE-2023-5717, CVE-2023-5972, CVE-2023-6039, CVE-2023-6111, CVE-2023-6121, CVE-2023-6176, CVE-2023-6200, CVE-2023-6531, CVE-2023-6546, CVE-2023-6560, CVE-2023-6606, CVE-2023-6610, CVE-2023-6610, CVE-2023-6622, CVE-2023-6817, CVE-2023-6915, CVE-2023-6915, CVE-2023-6931, CVE-2023-6932, CVE-2023-7192, CVE-2024-0193, CVE-2024-0443, CVE-2024-0565, CVE-2024-0582, CVE-2024-0584, CVE-2024-0607, CVE-2024-0607, CVE-2024-0639, CVE-2024-0641, CVE-2024-0646, CVE-2024-0775, CVE-2024-0775, CVE-2024-1085, CVE-2024-1085, CVE-2024-1086, CVE-2024-1086, CVE-2024-1312, CVE-2024-22705, CVE-2024-23849, CVE-2024-23849)
• binutils (CVE-2023-1972)
• curl (CVE-2023-46218, CVE-2023-46219)
• docker (CVE-2024-24557)
• gnutls (CVE-2023-5981)
• intel-microcode (CVE-2023-23583)
• libxml2 (CVE-2023-45322)
• openssh (CVE-2023-48795, CVE-2023-51384, CVE-2023-51385)
• openssl (CVE-2023-3817, CVE-2023-5363, CVE-2023-5678)
• runc (CVE-2024-21626)
• traceroute (CVE-2023-46316)
• vim (CVE-2023-5344, CVE-2023-5441, CVE-2023-5535, CVE-2023-46246)
• SDK: perl (CVE-2023-47038)

Bug fixes:

• Added a workaround for old airgapped/proxied update-engine clients to be able to update to this release (Flatcar#1332, update_engine#38)
• Fixed the handling of OEM update payloads in a Nebraska response with self-hosted packages (ue-rs#49)
• Forwarded the proxy environment variables of update-engine.service to the postinstall script to support fetching OEM systemd-sysext payloads through a proxy (Flatcar#1326)

Changes:

• Added a flatcar-update --oem-payloads <yes|no> flag to skip providing OEM payloads, e.g., for downgrades (init#114)
• Update generation SLSA provenance info from v0.2 to v1.0.

Updates:

• Linux (6.6.16 (includes 6.6.15, 6.6.14, 6.6.13, 6.6.12, 6.6.11, 6.6.10, 6.6.9, 6.6.8, 6.6.7, 6.6))
• Linux Firmware (20231211)
• Go (1.20.13)
• bash (5.2_p21)
• binutils (2.41)
• bpftool (6.5.7)
• c-ares (1.21.0)
• ca-certificates (3.97)
• containerd (1.7.13 (includes 1.7.11))
• coreutils (9.4)
• curl (8.5.0)
• docker (24.0.9)
• elfutils (0.190)
• gawk (5.3.0)
• gentoolkit (0.6.3)
• gettext (0.22.4)
• glib (2.78.3)
• gnutls (3.8.2)
• groff (1.23.0)
• hwdata (0.376)
• intel-microcode (20231114_p20231114)
• iproute2 (6.6.0)
• ipset (7.19)
• jq (1.7.1 (includes 1.7))
• kbd (2.6.4)
• kmod (31)
• libarchive (3.7.2)
• libdnet (1.16.4)
• libksba (1.6.5)
• libnsl (2.0.1)
• libxslt (1.1.39)
• lsof (4.99.0)
• lz4 (1.9.4)
• openssh (9.6p1)
• openssl (3.0.12)
• readline (8.2_p7)
• runc (1.1.12)
• selinux-base (2.20231002)
• selinux-base-policy (2.20231002)
• selinux-container (2.20231002)
• selinux-dbus (2.20231002)
• selinux-sssd (2.20231002)
• selinux-unconfined (2.20231002)
• sqlite (3.44.2)
• strace (6.6)
• traceroute (2.1.3)
• usbutils (016)
• util-linux (2.39.2)
• vim (9.0.2092)
• whois (5.5.20)
• xmlsec (1.3.2)
• xz-utils (5.4.5)
• zlib (1.3)
• SDK: perl (5.38.2)
• SDK: portage (3.0.59)
• SDK: python (3.11.7)
• SDK: repo (2.37)
• SDK: Rust (1.75.0 (includes 1.74.1))

Changes since Alpha 3850.0.0

Security fixes:

• Linux (CVE-2023-46838, CVE-2023-50431, CVE-2023-6610, CVE-2023-6915, CVE-2024-1085, CVE-2024-1086, CVE-2024-23849)
• docker (CVE-2024-24557)
• runc (CVE-2024-21626)

Bug fixes:

• Added a workaround for old airgapped/proxied update-engine clients to be able to update to this release (Flatcar#1332, update_engine#38)
• Fixed the handling of OEM update payloads in a Nebraska response with self-hosted packages (ue-rs#49)
• Forwarded the proxy environment variables of update-engine.service to the postinstall script to support fetching OEM systemd-sysext payloads through a proxy (Flatcar#1326)

Changes:

• Added a flatcar-update --oem-payloads <yes|no> flag to skip providing OEM payloads, e.g., for downgrades (init#114)

Updates:

• Linux (6.6.16 (includes 6.6.15, 6.6.14, 6.6.13))
• ca-certificates (3.97)
• containerd (1.7.13)
• docker (24.0.9)
• runc (1.1.12)