flatcar/scripts beta-4152.1.0

on GitHub

Changes since Beta 4116.1.0

Security fixes:

• Linux (CVE-2024-53103, CVE-2024-53104, CVE-2024-53088, CVE-2024-53082, CVE-2024-53083, CVE-2024-53081, CVE-2024-53060, CVE-2024-53068, CVE-2024-53066, CVE-2024-53063, CVE-2024-53072, CVE-2024-53070, CVE-2024-53061, CVE-2024-50302, CVE-2024-50301, CVE-2024-50296, CVE-2024-50295, CVE-2024-50294, CVE-2024-50292, CVE-2024-50290, CVE-2024-50300, CVE-2024-50299, CVE-2024-50298, CVE-2024-50275, CVE-2024-50284, CVE-2024-50283, CVE-2024-50282, CVE-2024-50280, CVE-2024-50279, CVE-2024-50278, CVE-2024-50287, CVE-2024-50286, CVE-2024-50285, CVE-2024-50276, CVE-2024-50273, CVE-2024-50272, CVE-2024-50271, CVE-2024-50269, CVE-2024-50268, CVE-2024-50267, CVE-2024-50264, CVE-2024-50265, CVE-2024-53102, CVE-2024-53101, CVE-2024-53100, CVE-2024-53099, CVE-2024-53097, CVE-2024-53095, CVE-2024-53094, CVE-2024-53093, CVE-2024-53091, CVE-2024-53079, CVE-2024-53135, CVE-2024-53134, CVE-2024-53131, CVE-2024-53130, CVE-2024-53129, CVE-2024-53140, CVE-2024-53139, CVE-2024-53138, CVE-2024-53136, CVE-2024-53126, CVE-2024-53127, CVE-2024-53113, CVE-2024-53112, CVE-2024-53110, CVE-2024-53109, CVE-2024-53108, CVE-2024-53123, CVE-2024-53122, CVE-2024-53121, CVE-2024-53120, CVE-2024-53119, CVE-2024-53106)
• OpenSSL (CVE-2024-2511, CVE-2024-4603, CVE-2024-4741, CVE-2024-5535, CVE-2024-6119, CVE-2024-9143)
• curl (CVE-2024-8096)
• libarchive (CVE-2024-26256, CVE-2024-48957, CVE-2024-48958)
• nvidia-drivers (CVE-2023-31022, CVE-2024-0074, CVE-2024-0075, CVE-2024-0078, CVE-2024-0126)
• openssh (CVE-2024-39894)
• sysext-podman: containers-common (CVE-2024-9341)
• sysext-podman: containers-image (CVE-2024-3727)
• sysext-podman: podman (CVE-2024-9407)

Bug fixes:

• Added qemu-guest-agent to ARM64 images (flatcar/flatcar#1593)

Changes:

• Added Proxmox Virtual Environment images (scripts#1783)
• The UEFI firmware has changed from raw (.fd) format to QCOW2 format. In addition, the amd64 firmware variables are now held in a 4MB image rather than a 2MB image. Note that this firmware is only intended for testing with QEMU. Do not use it in production. (scripts#2434)
• The arm64 UEFI firmware now supports Secure Boot. Be aware that this is not considered secure due to the lack of an SMM implementation, which is needed to protect the variable store. As above, this firmware should not be used in production anyway. (scripts#2434)
• grub 2.12-flatcar3: GRUB now includes many patches from Red Hat to support Secure Boot, as well as Flatcar's own patches. The version string includes a numbered "flatcar" suffix to track changes to these additional patches. This string can be seen in the GRUB menu. (scripts#2431)

Updates:

• Ignition (2.20.0)
• Linux (6.6.65 (includes 6.6.64, 6.6.63, 6.6.62, 6.6.61))
• Linux Firmware (20241017)
• OpenSSL (3.2.3)
• SDK: Go (1.22.9)
• SDK: catalyst (4.0.0)
• SDK: crossdev (20240921)
• SDK: edk2-bin (202408 (includes 202405, 202402, 202311, 202308, 202305, 202302, 202211, 202208, 202205))
• SDK: meson (1.5.2)
• SDK: rust (1.81.0)
• azure: chrony (4.6)
• base, dev: azure-vm-utils (0.3.0)
• base, dev: binutils-config (5.5.2)
• base, dev: btrfs-progs (6.10.1 (includes 6.10))
• base, dev: c-ares (1.33.1 (includes 1.33.0, 1.32.3, 1.32.2, 1.32.1, 1.32.0, 1.31.0, 1.30.0))
• base, dev: cracklib (2.10.2 (includes 2.10.1, 2.10.0))
• base, dev: cryptsetup (2.7.5 (includes 2.7.4, 2.7.3))
• base, dev: curl (8.10.1 (includes 8.10.0))
• base, dev: efivar (39)
• base, dev: gettext (0.22.5)
• base, dev: git (2.45.2 (includes 2.45.1, 2.45.0))
• base, dev: gnutls (3.8.7.1 (includes 3.8.6))
• base, dev: gptfdisk (1.0.10)
• base, dev: intel-microcode (20240910_p20240915)
• base, dev: kmod (33)
• base, dev: ldb (2.8.1 (includes 2.8.0))
• base, dev: libarchive (3.7.6 (includes 3.7.5))
• base, dev: libassuan (3.0.0)
• base, dev: libgcrypt (1.11.0)
• base, dev: libgpg-error (1.50)
• base, dev: libnl (3.10.0)
• base, dev: libnvme (1.10)
• base, dev: liburing (2.7 (includes 2.6, 2.5, 2.4))
• base, dev: nvme-cli (2.10.2 (includes 2.10.1, 2.10))
• base, dev: oniguruma (6.9.9)
• base, dev: openssh (9.8_p1)
• base, dev: pinentry (1.3.1)
• base, dev: pkgconf (2.3.0)
• base, dev: samba (4.19.7)
• base, dev: selinux-base (2.20240916)
• base, dev: selinux-base-policy (2.20240916)
• base, dev: selinux-container (2.20240916)
• base, dev: selinux-dbus (2.20240916)
• base, dev: selinux-policykit (2.20240916)
• base, dev: selinux-sssd (2.20240916)
• base, dev: selinux-unconfined (2.20240916)
• base, dev: socat (1.8.0.0)
• base, dev: sqlite (3.46.1)
• base, dev: talloc (2.4.2)
• base, dev: tcpdump (4.99.5)
• base, dev: tdb (1.4.10)
• base, dev: tevent (0.16.1 (includes 0.16.0))
• base, dev: userspace-rcu (0.14.1)
• ca-certificates (3.107)
• containerd (1.7.23)
• dev: gdb (15.2)
• dev: gnuconfig (20240728)
• dev: iperf (3.17.1 (includes 3.17))
• dev: libpipeline (1.5.8)
• dev: man-db (2.13.0)
• nvidia-drivers (535.216.01)
• sysext-podman: aardvark-dns (1.12.2 (includes 1.12.1, 1.12.0))
• sysext-podman: containers-common (0.60.4 (includes 0.60.3, 0.60.2, 0.60.1, 0.60.0, 0.59.2))
• sysext-podman: containers-image (5.32.2 (includes 5.32.1, 5.32.0, 5.31.0, 5.30.2, 5.30.1))
• sysext-podman: containers-storage (1.55.0 (includes 1.54.0))
• sysext-podman: crun (1.17 (includes 1.16.1, 1.16, 1.15, 1.14.4))
• sysext-podman: fuse-overlayfs (1.14)
• sysext-podman: netavark (1.12.2 (includes 1.12.1, 1.12.0, 1.11.0))
• sysext-podman: passt (2024.09.06)
• sysext-podman: podman (5.2.4 (includes 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1.2, 5.1.1, 5.1.0))
• sysext-python: idna (3.10)
• sysext-python: more-itertools (10.5.0)
• sysext-python: msgpack (1.1.0)
• sysext-python: platformdirs (4.3.6)
• sysext-python: rich (13.8.1)
• sysext-python: setuptools (74.1.3)
• sysext-python: trove-classifiers (2024.9.12)
• sysext-python: urllib3 (2.2.3)
• vmware: open-vm-tools (12.5.0)
• vmware: xmlsec (1.3.4)

Changes since Alpha 4152.0.0

Security fixes:

• Linux (CVE-2024-53103, CVE-2024-53104, CVE-2024-53088, CVE-2024-53082, CVE-2024-53083, CVE-2024-53081, CVE-2024-53060, CVE-2024-53068, CVE-2024-53066, CVE-2024-53063, CVE-2024-53072, CVE-2024-53070, CVE-2024-53061, CVE-2024-50302, CVE-2024-50301, CVE-2024-50296, CVE-2024-50295, CVE-2024-50294, CVE-2024-50292, CVE-2024-50290, CVE-2024-50300, CVE-2024-50299, CVE-2024-50298, CVE-2024-50275, CVE-2024-50284, CVE-2024-50283, CVE-2024-50282, CVE-2024-50280, CVE-2024-50279, CVE-2024-50278, CVE-2024-50287, CVE-2024-50286, CVE-2024-50285, CVE-2024-50276, CVE-2024-50273, CVE-2024-50272, CVE-2024-50271, CVE-2024-50269, CVE-2024-50268, CVE-2024-50267, CVE-2024-50264, CVE-2024-50265, CVE-2024-53102, CVE-2024-53101, CVE-2024-53100, CVE-2024-53099, CVE-2024-53097, CVE-2024-53095, CVE-2024-53094, CVE-2024-53093, CVE-2024-53091, CVE-2024-53079, CVE-2024-53135, CVE-2024-53134, CVE-2024-53131, CVE-2024-53130, CVE-2024-53129, CVE-2024-53140, CVE-2024-53139, CVE-2024-53138, CVE-2024-53136, CVE-2024-53126, CVE-2024-53127, CVE-2024-53113, CVE-2024-53112, CVE-2024-53110, CVE-2024-53109, CVE-2024-53108, CVE-2024-53123, CVE-2024-53122, CVE-2024-53121, CVE-2024-53120, CVE-2024-53119, CVE-2024-53106)
• OpenSSL (CVE-2024-2511, CVE-2024-4603, CVE-2024-4741, CVE-2024-5535, CVE-2024-6119, CVE-2024-9143)

Bug fixes:

• Added qemu-guest-agent to ARM64 images (flatcar/flatcar#1593)

Updates:

• Linux (6.6.65 (includes 6.6.64, 6.6.63, 6.6.62, 6.6.61))
• OpenSSL (3.2.3)
• ca-certificates (3.107)