flatcar/scripts beta-4426.1.0

on GitHub

Changes since Beta 4372.1.0

Security fixes:

• Linux (CVE-2025-39725, CVE-2025-39726, CVE-2025-38675, CVE-2025-38670, CVE-2025-38668, CVE-2025-38666, CVE-2025-38665, CVE-2025-38664, CVE-2025-38663, CVE-2025-38671, CVE-2025-38662, CVE-2025-38500, CVE-2025-39734, CVE-2025-39732, CVE-2025-39731, CVE-2025-39730, CVE-2025-39727, CVE-2025-38650, CVE-2025-38648, CVE-2025-38646, CVE-2025-38645, CVE-2025-38644, CVE-2025-38660, CVE-2025-38659, CVE-2025-38653, CVE-2025-38652, CVE-2025-38628, CVE-2025-38626, CVE-2025-38625, CVE-2025-38624, CVE-2025-38623, CVE-2025-38622, CVE-2025-38640, CVE-2025-38639, CVE-2025-38635, CVE-2025-38634, CVE-2025-38632, CVE-2025-38631, CVE-2025-38630, CVE-2025-38619, CVE-2025-38618, CVE-2025-38617, CVE-2025-38611, CVE-2025-38615, CVE-2025-38612, CVE-2025-38577, CVE-2025-38586, CVE-2025-38585, CVE-2025-38583, CVE-2025-38582, CVE-2025-38581, CVE-2025-38610, CVE-2025-38609, CVE-2025-38608, CVE-2025-38604, CVE-2025-38602, CVE-2025-38601, CVE-2025-38579, CVE-2025-38595, CVE-2025-38593, CVE-2025-38590, CVE-2025-38588, CVE-2025-38587, CVE-2025-38578, CVE-2025-38563, CVE-2025-38562, CVE-2025-38561, CVE-2025-38560, CVE-2025-38559, CVE-2025-38557, CVE-2025-38576, CVE-2025-38574, CVE-2025-38573, CVE-2025-38572, CVE-2025-38571, CVE-2025-38569, CVE-2025-38568, CVE-2025-38566, CVE-2025-38565, CVE-2025-38555, CVE-2025-38553, CVE-2025-38501, CVE-2025-39798, CVE-2025-39797, CVE-2025-39795, CVE-2025-39794, CVE-2025-39792, CVE-2025-39750, CVE-2025-39760, CVE-2025-39758, CVE-2025-39757, CVE-2025-39756, CVE-2025-39754, CVE-2025-39753, CVE-2025-39752, CVE-2025-39763, CVE-2025-39761, CVE-2025-39751, CVE-2025-39744, CVE-2025-39743, CVE-2025-39742, CVE-2025-39739, CVE-2025-39738, CVE-2025-39749, CVE-2025-39748, CVE-2025-39747, CVE-2025-39746, CVE-2025-39736, CVE-2025-39737, CVE-2025-38727, CVE-2025-38729, CVE-2025-38728, CVE-2025-38694, CVE-2025-38703, CVE-2025-38702, CVE-2025-38701, CVE-2025-38700, CVE-2025-38699, CVE-2025-38698, CVE-2025-38726, CVE-2025-38725, CVE-2025-38724, CVE-2025-38697, CVE-2025-38723, CVE-2025-38722, CVE-2025-38721, CVE-2025-38718, CVE-2025-38717, CVE-2025-38716, CVE-2025-38715, CVE-2025-38714, CVE-2025-38696, CVE-2025-38713, CVE-2025-38712, CVE-2025-38711, CVE-2025-38710, CVE-2025-38709, CVE-2025-38708, CVE-2025-38707, CVE-2025-38706, CVE-2025-38705, CVE-2025-38704, CVE-2025-38695, CVE-2025-38688, CVE-2025-38687, CVE-2025-38686, CVE-2025-38685, CVE-2025-38684, CVE-2025-38683, CVE-2025-38681, CVE-2025-38693, CVE-2025-38692, CVE-2025-38691, CVE-2025-38679, CVE-2025-38680, CVE-2025-38616, CVE-2025-39773, CVE-2025-39772, CVE-2025-39770, CVE-2025-39791, CVE-2025-39790, CVE-2025-39788, CVE-2025-39787, CVE-2025-39767, CVE-2025-39783, CVE-2025-39782, CVE-2025-39781, CVE-2025-39780, CVE-2025-39779, CVE-2025-39776, CVE-2025-39765, CVE-2025-39766, CVE-2025-39759, CVE-2025-39711, CVE-2025-39720, CVE-2025-39719, CVE-2025-39718, CVE-2025-39716, CVE-2025-39715, CVE-2025-39714, CVE-2025-39713, CVE-2025-39724, CVE-2025-39723, CVE-2025-39722, CVE-2025-39721, CVE-2025-39712, CVE-2025-39675, CVE-2025-39673, CVE-2025-38737, CVE-2025-38736, CVE-2025-39710, CVE-2025-39709, CVE-2025-39707, CVE-2025-38735, CVE-2025-39706, CVE-2025-39705, CVE-2025-39703, CVE-2025-39702, CVE-2025-39701, CVE-2025-39700, CVE-2025-39698, CVE-2025-39697, CVE-2025-38734, CVE-2025-39695, CVE-2025-39694, CVE-2025-39693, CVE-2025-39692, CVE-2025-39691, CVE-2025-39689, CVE-2025-39687, CVE-2025-39686, CVE-2025-38733, CVE-2025-39685, CVE-2025-39684, CVE-2025-39683, CVE-2025-39682, CVE-2025-39681, CVE-2025-39679, CVE-2025-39676, CVE-2025-38732, CVE-2025-38730, CVE-2025-38677, CVE-2025-40300)
• bind (CVE-2024-11187, CVE-2024-12705)
• containerd (CVE-2025-47291)
• git (CVE-2025-48384, CVE-2025-48385, CVE-2025-48386)
• glib (CVE-2025-4373)
• go (CVE-2025-4674, CVE-2025-22873, CVE-2025-4673, CVE-2025-0913, CVE-2025-22874)
• jq (CVE-2024-23337, CVE-2024-53427, CVE-2025-48060)
• libxml2 (CVE-2025-32414, CVE-2025-32415, CVE-2025-6021, CVE-2025-49794, CVE-2025-49795, CVE-2025-49796)
• nvidia-drivers-service (CVE-2025-23244)
• podman (CVE-2025-6032)
• python (CVE-2025-4516, CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4517)
• requests (CVE-2024-47081)
• vim (CVE-2025-1215, CVE-2025-22134, CVE-2025-24014, GHSA-63p5-mwg2-787v, CVE-2025-27423, CVE-2025-29768)

Bug fixes:

• Enabled CONFIG_CPUSETS_V1 to mitigate cgroupsv1 removal (e.g JVM) (Flatcar#1884)
• Fixed a UID/GID mis-alignment for user/group messagebus between acct-user/acct-group and baselayout. (baselayout#36)
• Reenabled console support for DRM drivers, so that with the virtio graphics driver the interactive console is shown again after boot (Flatcar#1834)
• sysext-podman: removed /etc/subuid and /etc/subgid generation for core user, before this change it partially overwrites the file and causes issues. (Flatcar#1733) This could be created through initial provisioning. (scripts#3043)

Changes:

• Added overlaybd system extension to support accelerated container images.
  Add overlaybd to /etc/flatcar/enabled-sysext.conf to check it out.
  The extension includes both overlaybd as well as accelerated-container-image tools.
• Azure OEM: add inotify-tools, python urllib3 (flatcar/scripts#3116)

Updates:

• Linux (6.12.47 (includes 6.12.46, 6.12.45, 6.12.44, 6.12.43, 6.12.42, 6.12.41, 6.12.35))
• Linux Firmware (20250708 (includes 20250627))
• SDK: cmake (3.31.7)
• SDK: gdb (16.3)
• SDK: gentoo-syntax (16)
• SDK: go (1.24.5 includes 1.24.4)
• SDK: iperf (3.19)
• SDK: m4 (1.4.20)
• SDK: maturin (1.9.1)
• SDK: meson (1.7.2)
• SDK: mtools (4.0.49)
• SDK: nano (8.5)
• SDK: pkgcheck (0.10.36)
• SDK: python-cryptography (45.0.4)
• SDK: qemu (9.2.3)
• SDK: rust (1.87.0 (includes 1.86.0))
• azure, dev, gce, sysext-python: mpdecimal (4.0.1)
• azure, dev, gce, sysext-python: python (3.11.13)
• base, dev: bind (9.18.37 (includes 9.18.36, 9.18.35, 9.18.34, 9.18.33, 9.18.32))
• base, dev: checkpolicy (3.8.1 (includes 3.8))
• base, dev: elfutils (0.193)
• base, dev: gawk (5.3.2)
• base, dev: gcc (14.3.0)
• base, dev: glib (2.84.3 (includes 2.84.2, 2.84.1, 2.84.0, 2.83.5, 2.83.4, 2.83.3, 2.83.2, 2.83.1, 2.83.0))
• base, dev: glibc (2.41)
• base, dev: gnupg (2.4.8)
• base, dev: grep (3.12)
• base, dev: gzip (1.14)
• base, dev: inih (60 (includes 59))
• base, dev: ipset (7.24)
• base, dev: iputils (20250605 (includes 20250602))
• base, dev: jansson (2.14.1)
• base, dev: jq (1.8.1 (includes 1.8.0))
• base, dev: kexec-tools (2.0.31)
• base, dev: libarchive (3.8.1 (includes 3.8.0))
• base, dev: libcap (2.76 (includes 2.75, 2.74, 2.73, 2.72))
• base, dev: libffi (3.5.1 (includes 3.4.8 (includes 3.4.7)))
• base, dev: libgcrypt (1.11.1)
• base, dev: libgpg-error (1.55 (includes 1.53 (includes 1.52)))
• base, dev: libnftnl (1.2.9)
• base, dev: libselinux (3.8.1 (includes 3.8))
• base, dev: libsepol (3.8.1 (includes 3.8))
• base, dev: libunistring (1.3)
• base, dev: libunwind (1.8.2)
• base, dev: liburing (2.9 (includes 2.8))
• base, dev: libusb (1.0.28)
• base, dev: libuv (1.51.0)
• base, dev: libxml2 (2.13.8)
• base, dev: nvidia-drivers-service (amd64) (535.247.01)
• base, dev: nvidia-drivers-service (arm64) (570.153.02 (includes 570.148.08, 570.133.20, 570.124.06))
• base, dev: openssh (10.0_p1)
• base, dev: openssl (3.4.1 (includes 3.4.0))
• base, dev: quota (4.10)
• base, dev: semodule-utils (3.8.1 (includes 3.8))
• base, dev: sqlite (3.50.2 (includes 3.49.2))
• base, dev: sssd (2.9.7)
• base, dev: userspace-rcu (0.15.3 (includes 0.15.2))
• base, dev: vim (9.1.1436)
• base, dev: xz-utils (5.8.1 (includes 5.8.0))
• btrfs-progs (6.14)
• ca-certificates (3.115.1 (includes 3.113))
• chrony (4.7)
• curl (8.14.1)
• dbus-glib (0.114)
• dev, sysext-incus: squashfs-tools (4.7)
• dev: file (5.46)
• dev: gdb (16.2 (includes 16.1))
• dev: man-db (2.13.1)
• dev: pahole (1.30)
• dev: portage (3.0.68)
• dev: sandbox (2.46)
• dev: smartmontools (7.5)
• ethtool (6.14)
• fuse-overlayfs (1.15)
• git (2.49.1)
• iproute2 (6.15.0)
• kbd (2.8.0)
• less (679)
• libnvme (1.14)
• ncurses (6.5_p20250329)
• nftables (1.1.3)
• nvme-cli (2.14)
• procps (4.0.5)
• samba (4.20.8)
• strace (6.15)
• sysext-containerd: containerd (2.0.5)
• sysext-containerd: runc (1.2.6)
• sysext-docker: docker (28.0.4 (includes 28.0.3, 28.0.2))
• sysext-incus: cowsql (1.15.8)
• sysext-incus: incus (6.0.4)
• sysext-incus: lxc (6.0.4)
• sysext-incus: lxcfs (6.0.4)
• sysext-nvidia: nvidia-drivers (570.169 (includes 570.153.02))
• sysext-podman: containers-common (0.63.0)
• sysext-podman: gpgme (1.24.3)
• sysext-podman: passt (2025.04.15)
• sysext-podman: podman (5.5.2)
• sysext-python: cachecontrol (0.14.3 (includes 0.14.2))
• sysext-python: charset-normalizer (3.4.2)
• sysext-python: ensurepip-pip (25.1.1)
• sysext-python: jaraco-collections (5.2.1)
• sysext-python: jaraco-functools (4.2.1)
• sysext-python: more-itertools (10.7.0)
• sysext-python: msgpack (1.1.1)
• sysext-python: packaging (25.0)
• sysext-python: pip (25.1.1 (includes 25.1))
• sysext-python: platformdirs (4.3.8)
• sysext-python: pygments (2.19.2)
• sysext-python: requests (2.32.4 (includes 2.32.3))
• sysext-python: setuptools (80.9.0 (includes 80.8.0, 80.7.0, 80.6.0, 80.4.0, 80.3.0, 80.2.0, 80.1.0, 80.0.0, 79.0.0))
• sysext-python: setuptools-scm (8.3.1 (includes 8.3.0))
• sysext-python: trove-classifiers (2025.5.9.12 (includes 2025.5.8.15, 2025.5.8.13, 2025.5.7.19, 2025.5.1.12, 2025.4.28.22))
• sysext-python: typing-extensions (4.14.1 (includes 4.14.0))
• sysext-python: urllib3 (2.5.0)
• sysext-zfs: zfs (2.3.3 (includes 2.3.2))
• util-linux (2.41.1)
• vmware: open-vm-tools (13.0.0)
• xfsprogs (6.14.0)

Changes since Alpha 4426.0.0

Security fixes:

• Linux (CVE-2025-39734, CVE-2025-39732, CVE-2025-39731, CVE-2025-39730, CVE-2025-39727, CVE-2025-38650, CVE-2025-38648, CVE-2025-38646, CVE-2025-38645, CVE-2025-38644, CVE-2025-38660, CVE-2025-38659, CVE-2025-38653, CVE-2025-38652, CVE-2025-38628, CVE-2025-38626, CVE-2025-38625, CVE-2025-38624, CVE-2025-38623, CVE-2025-38622, CVE-2025-38640, CVE-2025-38639, CVE-2025-38635, CVE-2025-38634, CVE-2025-38632, CVE-2025-38631, CVE-2025-38630, CVE-2025-38619, CVE-2025-38618, CVE-2025-38617, CVE-2025-38611, CVE-2025-38615, CVE-2025-38612, CVE-2025-38577, CVE-2025-38586, CVE-2025-38585, CVE-2025-38583, CVE-2025-38582, CVE-2025-38581, CVE-2025-38610, CVE-2025-38609, CVE-2025-38608, CVE-2025-38604, CVE-2025-38602, CVE-2025-38601, CVE-2025-38579, CVE-2025-38595, CVE-2025-38593, CVE-2025-38590, CVE-2025-38588, CVE-2025-38587, CVE-2025-38578, CVE-2025-38563, CVE-2025-38562, CVE-2025-38561, CVE-2025-38560, CVE-2025-38559, CVE-2025-38557, CVE-2025-38576, CVE-2025-38574, CVE-2025-38573, CVE-2025-38572, CVE-2025-38571, CVE-2025-38569, CVE-2025-38568, CVE-2025-38566, CVE-2025-38565, CVE-2025-38555, CVE-2025-38553, CVE-2025-38501, CVE-2025-39798, CVE-2025-39797, CVE-2025-39795, CVE-2025-39794, CVE-2025-39792, CVE-2025-39750, CVE-2025-39760, CVE-2025-39758, CVE-2025-39757, CVE-2025-39756, CVE-2025-39754, CVE-2025-39753, CVE-2025-39752, CVE-2025-39763, CVE-2025-39761, CVE-2025-39751, CVE-2025-39744, CVE-2025-39743, CVE-2025-39742, CVE-2025-39739, CVE-2025-39738, CVE-2025-39749, CVE-2025-39748, CVE-2025-39747, CVE-2025-39746, CVE-2025-39736, CVE-2025-39737, CVE-2025-38727, CVE-2025-38729, CVE-2025-38728, CVE-2025-38694, CVE-2025-38703, CVE-2025-38702, CVE-2025-38701, CVE-2025-38700, CVE-2025-38699, CVE-2025-38698, CVE-2025-38726, CVE-2025-38725, CVE-2025-38724, CVE-2025-38697, CVE-2025-38723, CVE-2025-38722, CVE-2025-38721, CVE-2025-38718, CVE-2025-38717, CVE-2025-38716, CVE-2025-38715, CVE-2025-38714, CVE-2025-38696, CVE-2025-38713, CVE-2025-38712, CVE-2025-38711, CVE-2025-38710, CVE-2025-38709, CVE-2025-38708, CVE-2025-38707, CVE-2025-38706, CVE-2025-38705, CVE-2025-38704, CVE-2025-38695, CVE-2025-38688, CVE-2025-38687, CVE-2025-38686, CVE-2025-38685, CVE-2025-38684, CVE-2025-38683, CVE-2025-38681, CVE-2025-38693, CVE-2025-38692, CVE-2025-38691, CVE-2025-38679, CVE-2025-38680, CVE-2025-38616, CVE-2025-39773, CVE-2025-39772, CVE-2025-39770, CVE-2025-39791, CVE-2025-39790, CVE-2025-39788, CVE-2025-39787, CVE-2025-39767, CVE-2025-39783, CVE-2025-39782, CVE-2025-39781, CVE-2025-39780, CVE-2025-39779, CVE-2025-39776, CVE-2025-39765, CVE-2025-39766, CVE-2025-39759, CVE-2025-39711, CVE-2025-39720, CVE-2025-39719, CVE-2025-39718, CVE-2025-39716, CVE-2025-39715, CVE-2025-39714, CVE-2025-39713, CVE-2025-39724, CVE-2025-39723, CVE-2025-39722, CVE-2025-39721, CVE-2025-39712, CVE-2025-39675, CVE-2025-39673, CVE-2025-38737, CVE-2025-38736, CVE-2025-39710, CVE-2025-39709, CVE-2025-39707, CVE-2025-38735, CVE-2025-39706, CVE-2025-39705, CVE-2025-39703, CVE-2025-39702, CVE-2025-39701, CVE-2025-39700, CVE-2025-39698, CVE-2025-39697, CVE-2025-38734, CVE-2025-39695, CVE-2025-39694, CVE-2025-39693, CVE-2025-39692, CVE-2025-39691, CVE-2025-39689, CVE-2025-39687, CVE-2025-39686, CVE-2025-38733, CVE-2025-39685, CVE-2025-39684, CVE-2025-39683, CVE-2025-39682, CVE-2025-39681, CVE-2025-39679, CVE-2025-39676, CVE-2025-38732, CVE-2025-38730, CVE-2025-38677, CVE-2025-40300)

Bug fixes:

• Enabled CONFIG_CPUSETS_V1 to mitigate cgroupsv1 removal (e.g JVM) (Flatcar#1884)

Updates:

• Linux (6.12.47 (includes 6.12.46, 6.12.45, 6.12.44, 6.12.43, 6.12.42))
• ca-certificates (3.115.1)