Changes since Beta 4186.1.1
Security fixes:
- Linux (CVE-2025-21835, CVE-2025-21836, CVE-2024-58086, CVE-2025-21823, CVE-2025-21821, CVE-2025-21787, CVE-2025-21785, CVE-2025-21784, CVE-2025-21782, CVE-2025-21783, CVE-2025-21781, CVE-2025-21780, CVE-2025-21796, CVE-2025-21795, CVE-2025-21794, CVE-2025-21793, CVE-2025-21792, CVE-2025-21791, CVE-2025-21790, CVE-2025-21789, CVE-2025-21779, CVE-2024-58020, CVE-2024-57834, CVE-2024-54458, CVE-2024-54456, CVE-2025-21776, CVE-2025-21775, CVE-2025-21772, CVE-2025-21773, CVE-2025-21767, CVE-2025-21766, CVE-2025-21765, CVE-2025-21764, CVE-2025-21763, CVE-2025-21761, CVE-2025-21762, CVE-2025-21760, CVE-2025-21759, CVE-2025-21758, CVE-2025-21756, CVE-2025-21704, CVE-2023-52655, CVE-2023-52434, CVE-2025-21848, CVE-2025-21847, CVE-2025-21846, CVE-2025-21866, CVE-2025-21865, CVE-2025-21864, CVE-2025-21863, CVE-2025-21862, CVE-2025-21844, CVE-2025-21859, CVE-2025-21858, CVE-2025-21857, CVE-2025-21856, CVE-2025-21855, CVE-2025-21854, CVE-2025-21853, CVE-2024-58088, CVE-2025-21838)
- curl (CVE-2024-11053, CVE-2024-9681)
- sysext-podman: containers-storage, podman (CVE-2024-9676)
- amd64: nvidia-drivers (CVE-2024-0131, CVE-2024-0147, CVE-2024-0149, CVE-2024-0150, CVE-2024-53869)
Bug fixes:
- azure: Fix issue of wa-linux-agent overriding ssh public key from ignition configuration during provisioning (flatcar/Flatcar#1661)
- Fix update-ca-certificates behavior when concatenating certificates with missing trailing newlines. (flatcar/scripts#2667)
- Fixed creating netdev arguments to correctly include commas when no port forwards are passed (flatcar/scripts#2581)
- The kernel module build directory now contains native binaries in arm64 images instead of the previous amd64 binaries (scripts#2694)
- Nvidia driver installer service now supports the 570 driver branch by forcing the use of the proprietary kernel module. The 570 branch defaults to the kernel-open driver which requires loading firmware, which is not yet supported on Flatcar. (scripts#2694)
Changes:
- Added support for ARM64 architecture in the NVIDIA driver installer service (scripts#2694)
- Added new image signing pub key to
flatcar-install
, needed for download verification of releases built from March 2025 onwards, if you have copies offlatcar-install
or the image signing pub key, you need to update them as well (init#129) - Added support for multiple port forwarding parameters in the QEMU startup script. Users can now specify multiple port forwards using the
-f
option. (flatcar/scripts#2575)
Updates:
- AMD64: nvidia-drivers (535.230.02)
- ARM64: nvidia-drivers (570.86.15)
- Go (1.22.11)
- Linux (6.6.83 (includes 6.6.79, 6.6.80, 6.6.81, 6.6.82))
- Linux Firmware (20250109)
- SDK: qemu (8.2.7)
- base, dev: audit (4.0.2)
- base, dev: bpftool (7.5.0)
- base, dev: btrfs-progs (6.12)
- base, dev: c-ares (1.34.3 (includes 1.34.0, 1.34.1, 1.34.2))
- base, dev: ethtool (6.10)
- base, dev: glib (2.80.5 (includes 2.80.0, 2.80.1, 2.80.2, 2.80.3, 2.80.4))
- base, dev: gnupg (2.4.6)
- base, dev: hwdata (0.390)
- base, dev: intel-microcode (20241112 (includes 20241029))
- base, dev: iproute2 (6.12.0)
- base, dev: kexec-tools (2.0.30)
- base, dev: libcap (2.71)
- base, dev: libgpg-error (1.51)
- base, dev: libnvme (1.11.1 (includes 1.11))
- base, dev: libxml2 (2.12.9)
- base, dev: lsof (4.99.4)
- base, dev: npth (1.8)
- base, dev: nvme-cli (2.11)
- base, dev: openldap (2.6.8 (includes 2.6.7))
- base, dev: strace (6.12 (includes 6.10, 6.11))
- base, dev: usbutils (018)
- base, dev: xfsprogs (6.11.0)
- ca-certificates (3.109)
- dev: bash-completion (2.15.0)
- dev: binutils (2.43)
- docker: docker-buildx (0.14.0 (includes 0.11.0, 0.12.0, 0.13.0))
- gce: six (1.17.0)
- sysext-podman: containers-storage (1.55.1)
- sysext-podman: gpgme (1.24.1 (includes 1.24.0))
- sysext-podman: podman (5.3.0)
- sysext-python: charset-normalizer (3.4.1)
- sysext-python: pip (24.3.1 (includes 24.3))
- sysext-python: python (3.11.11_p1)
- sysext-python: setuptools (75.6.0 (includes 75.0.0, 75.1.0, 75.1.1, 75.2.0, 75.3.0, 75.4.0, 75.5.0))
- sysext-python: urllib3 (2.3.0)
- sysext-python: wheel (0.45.1 (includes 0.45.0))
- sysext-zfs: zfs (2.2.7 (includes 2.2.6))
- systemd (256.9)
- vmware: libltdl (2.5.4 (includes 2.5.0, 2.5.1, 2.5.2, 2.5.3))
Changes since Alpha 4230.0.1
Security fixes:
- Linux (CVE-2025-21835, CVE-2025-21836, CVE-2024-58086, CVE-2025-21823, CVE-2025-21821, CVE-2025-21787, CVE-2025-21785, CVE-2025-21784, CVE-2025-21782, CVE-2025-21783, CVE-2025-21781, CVE-2025-21780, CVE-2025-21796, CVE-2025-21795, CVE-2025-21794, CVE-2025-21793, CVE-2025-21792, CVE-2025-21791, CVE-2025-21790, CVE-2025-21789, CVE-2025-21779, CVE-2024-58020, CVE-2024-57834, CVE-2024-54458, CVE-2024-54456, CVE-2025-21776, CVE-2025-21775, CVE-2025-21772, CVE-2025-21773, CVE-2025-21767, CVE-2025-21766, CVE-2025-21765, CVE-2025-21764, CVE-2025-21763, CVE-2025-21761, CVE-2025-21762, CVE-2025-21760, CVE-2025-21759, CVE-2025-21758, CVE-2025-21756, CVE-2025-21704, CVE-2023-52655, CVE-2023-52434, CVE-2025-21848, CVE-2025-21847, CVE-2025-21846, CVE-2025-21866, CVE-2025-21865, CVE-2025-21864, CVE-2025-21863, CVE-2025-21862, CVE-2025-21844, CVE-2025-21859, CVE-2025-21858, CVE-2025-21857, CVE-2025-21856, CVE-2025-21855, CVE-2025-21854, CVE-2025-21853, CVE-2024-58088, CVE-2025-21838)
- amd64: nvidia-drivers (CVE-2024-0131, CVE-2024-0147, CVE-2024-0149, CVE-2024-0150, CVE-2024-53869)
Bug fixes:
- azure: Fix issue of wa-linux-agent overriding ssh public key from ignition configuration during provisioning (flatcar/Flatcar#1661)
- Fix update-ca-certificates behavior when concatenating certificates with missing trailing newlines. (flatcar/scripts#2667)
- The kernel module build directory now contains native binaries in arm64 images instead of the previous amd64 binaries (scripts#2694)
- Nvidia driver installer service now supports the 570 driver branch by forcing the use of the proprietary kernel module. The 570 branch defaults to the kernel-open driver which requires loading firmware, which is not yet supported on Flatcar. (scripts#2694)
Changes:
- Added support for ARM64 architecture in the NVIDIA driver installer service (scripts#2694)
- Added new image signing pub key to
flatcar-install
, needed for download verification of releases built from March 2025 onwards, if you have copies offlatcar-install
or the image signing pub key, you need to update them as well (init#129)