flatcar/scripts beta-4515.1.0

on GitHub

Changes since Alpha 4515.0.1

Security fixes:

• Linux (CVE-2025-40275, CVE-2025-40274, CVE-2025-40273, CVE-2025-40272, CVE-2025-40271, CVE-2025-40289, CVE-2025-40288, CVE-2025-40287, CVE-2025-40269, CVE-2025-40286, CVE-2025-40285, CVE-2025-40284, CVE-2025-40283, CVE-2025-40282, CVE-2025-40281, CVE-2025-40280, CVE-2025-40279, CVE-2025-40278, CVE-2025-40277, CVE-2025-40268, CVE-2025-40214, CVE-2025-40212, CVE-2024-58087, CVE-2024-57879, CVE-2024-57880, CVE-2024-55642, CVE-2024-55641, CVE-2024-55639, CVE-2024-54683, CVE-2024-54460, CVE-2024-54191, CVE-2024-53689, CVE-2024-53682, CVE-2024-53687, CVE-2024-56770, CVE-2024-56661, CVE-2024-56660, CVE-2024-56659, CVE-2024-56658, CVE-2024-56657, CVE-2024-56656, CVE-2024-56655, CVE-2024-56675, CVE-2024-56674, CVE-2024-56673, CVE-2024-56672, CVE-2024-56654, CVE-2024-56671, CVE-2024-56670, CVE-2024-56669, CVE-2024-56668, CVE-2024-56667, CVE-2024-56666, CVE-2024-56665, CVE-2024-56664, CVE-2024-56663, CVE-2024-56662, CVE-2024-56652, CVE-2024-56653, CVE-2024-53241, CVE-2024-53240, CVE-2025-40261, CVE-2025-40266, CVE-2025-40264, CVE-2025-40263, CVE-2025-40262, CVE-2025-40254, CVE-2025-40253, CVE-2025-40252, CVE-2025-40251, CVE-2025-40250, CVE-2025-40259, CVE-2025-40258, CVE-2025-40257, CVE-2025-40246, CVE-2025-40248, CVE-2025-40345)

Updates:

• Linux (6.12.61 (includes 6.12.59, 6.12.60))
• ca-certificates (3.119 (includes 3.118.1))

Changes since Beta 4459.1.2

Security fixes:

• Linux (CVE-2025-40275, CVE-2025-40274, CVE-2025-40273, CVE-2025-40272, CVE-2025-40271, CVE-2025-40289, CVE-2025-40288, CVE-2025-40287, CVE-2025-40269, CVE-2025-40286, CVE-2025-40285, CVE-2025-40284, CVE-2025-40283, CVE-2025-40282, CVE-2025-40281, CVE-2025-40280, CVE-2025-40279, CVE-2025-40278, CVE-2025-40277, CVE-2025-40268, CVE-2025-40214, CVE-2025-40212, CVE-2024-58087, CVE-2024-57879, CVE-2024-57880, CVE-2024-55642, CVE-2024-55641, CVE-2024-55639, CVE-2024-54683, CVE-2024-54460, CVE-2024-54191, CVE-2024-53689, CVE-2024-53682, CVE-2024-53687, CVE-2024-56770, CVE-2024-56661, CVE-2024-56660, CVE-2024-56659, CVE-2024-56658, CVE-2024-56657, CVE-2024-56656, CVE-2024-56655, CVE-2024-56675, CVE-2024-56674, CVE-2024-56673, CVE-2024-56672, CVE-2024-56654, CVE-2024-56671, CVE-2024-56670, CVE-2024-56669, CVE-2024-56668, CVE-2024-56667, CVE-2024-56666, CVE-2024-56665, CVE-2024-56664, CVE-2024-56663, CVE-2024-56662, CVE-2024-56652, CVE-2024-56653, CVE-2024-53241, CVE-2024-53240, CVE-2025-40261, CVE-2025-40266, CVE-2025-40264, CVE-2025-40263, CVE-2025-40262, CVE-2025-40254, CVE-2025-40253, CVE-2025-40252, CVE-2025-40251, CVE-2025-40250, CVE-2025-40259, CVE-2025-40258, CVE-2025-40257, CVE-2025-40246, CVE-2025-40248, CVE-2025-40345)
• binutils (CVE-2025-5244, CVE-2025-5245 CVE-2025-8225)
• curl (CVE-2025-9086, CVE-2025-10148)
• expat (CVE-2025-59375)
• go (CVE-2025-47910)
• intel-microcode (CVE-2024-28956, CVE-2024-43420, CVE-2024-45332, CVE-2025-20012, CVE-2025-20054, CVE-2025-20103, CVE-2025-20623, CVE-2025-24495, CVE-2025-20053, CVE-2025-20109, CVE-2025-22839, CVE-2025-22840, CVE-2025-22889, CVE-2025-26403)
• libpcre2 (CVE-2025-58050)
• libxml2 (libxml2-20250908)
• libxslt (CVE-2025-7424, CVE-2025-7425)
• net-tools (CVE-2025-46836)
• nvidia-drivers (CVE-2025-23280, CVE-2025-23282, CVE-2025-23300, CVE-2025-23330, CVE-2025-23332, CVE-2025-23345)
• openssh (CVE-2025-61984, CVE-2025-61985)
• openssl (CVE-2025-9230, CVE-2025-9231, CVE-2025-9232)

Bug fixes:

• Alpha only: Added Fusion SCSI disk drivers back to the initrd after they got lost in the rework (Flatcar#1924)
• Alpha only: Fixed systemd-sysext payload handling for air-gapped/self-hosted updates which was a known bug for 4487.0.0 (ue-rs#93)
• Configured the services in the overlaybd sysext to start automatically like the other sysexts. Note that the sysext must be enabled at boot time for this to happen, otherwise you need to call systemd-tmpfiles --create and systemctl daemon-reload first.
• Fixed SSSD startup failure by adding back LDB modules into the image, which got lost after a Samba update (Flatcar#1919)
• Fixed a kernel boot warning when loading an explicit list of kernel modules in the minimal first-stage initrd (Flatcar#1934)

Changes:

• Added support for the kernel cmdline parameters flatcar.release_file_server_url and flatcar.dev_file_server_url to specify custom servers where Flatcar extensions should be downloaded on boot (bootengine#112)
• Alpha only: Reduced Azure image size again to 30 GB as before by shrinking the root partition to compensate for the growth of the other partitions (scripts#3460)
• Increased all partition sizes: /boot to 1 GB, the two /usr partitions to 2 GB, /oem to 1 GB so that we can use more space in a few years when we can assume that most nodes run the new partition layout - existing nodes can still update for the next years (scripts#3027)
• Reduced the kernel+initrd size on /boot by half. Flatcar now uses a minimal first stage initrd just to access the /usr partition and then switches to the full initrd that does the full system preparation as before. Since this means that the set of kernel modules available in the first initrd is reduced, please report any impact.
• The way that files for building custom kernel modules are installed has changed from a Ubuntu-inspired method to the standard upstream kernel method. In the unlikely event that this breaks your module builds, please let the Flatcar team know immediately.

Updates:

• Linux (6.12.61 (includes 6.12.49, 6.12.50, 6.12.59, 6.12.60))
• Linux firmware (20251021 (includes 20250917, 20251011))
• Afterburn (5.10.0)
• azure, dev: inotify-tools (4.25.9.0)
• azure, stackit: chrony (4.8)
• base, dev: bash (5.3_p3)
• base, dev: bind (9.18.38)
• base, dev: bpftool (7.6.0)
• base, dev: btrfs-progs (6.16.1 (includes 6.16))
• base, dev: coreutils (9.7 (includes 9.6))
• base, dev: cryptsetup (2.8.1)
• base, dev: curl (8.16.0)
• base, dev: expat (2.7.3 (includes 2.7.2))
• base, dev: gcc (14.3.1_p20250801)
• base, dev: gettext (0.23.2 (includes 0.23.0, 0.23.1))
• base, dev: git (2.51.0 (includes 2.50.0))
• base, dev: hwdata (0.398)
• base, dev: intel-microcode (20250812 (includes 20250512))
• base, dev: libffi (3.5.2)
• base, dev: libnftnl (1.3.0)
• base, dev: libxml2 (2.14.6 (includes 2.13.9, 2.14.0, 2.14.1, 2.14.2, 2.14.3, 2.14.4, 2.14.5))
• base, dev: ncurses (6.5_p20250802)
• base, dev: nftables (1.1.5 (includes 1.1.4))
• base, dev: nvidia-drivers-service (570.195.03 (includes 535.274.02))
• base, dev: openssh (10.2_p1 (includes 10.1))
• base, dev: openssl (3.4.3)
• base, dev: readline (8.3_p1)
• base, dev: samba (4.22.3 (includes 4.21.0, 4.22.0, 4.22.1, 4.22.2))
• base, dev: talloc (2.4.3)
• base, dev: tdb (1.4.13)
• base, dev: tevent (0.16.2)
• base, dev: xfsprogs (6.16.0 (includes 6.15.0))
• ca-certificates (3.119 (includes 3.118.1))
• dev, sysext-incus: squashfs-tools (4.7.2 (includes 4.7.1))
• dev: binutils (2.45)
• sdk: azure-core (1.16.1)
• sdk: azure-identity (1.13.1)
• sdk: cmake (3.31.9)
• sdk: go (1.25.1 (includes 1.24.7, 1.25))
• sdk: pkgcheck (0.10.37)
• sdk: qemu (10.0.5)
• sdk: rust (1.89.0)
• sysext-containerd: containerd (2.1.4)
• sysext-containerd: runc (1.3.1)
• sysext-incus, sysext-podman, vmware: fuse (3.17.4)
• sysext-nvidia-drivers-535: nvidia-drivers (535.274.02)
• sysext-nvidia-drivers-570: nvidia-drivers (570.195.03 (includes 570.190))
• sysext-podman: crun (1.21)
• sysext-podman: gpgme (2.0.0)
• sysext-podman: netavark (1.15.2 (includes 1.15.0, 1.15.1))
• sysext-podman: passt (2025.06.11)
• sysext-python: charset-normalizer (3.4.3)
• sysext-python: jaraco-functools (4.3.0)
• sysext-python: markdown-it-py (4.0.0)
• sysext-python: pip (25.2)
• sysext-python: platformdirs (4.4.0)
• sysext-python: requests (2.32.5)
• sysext-python: typing-extensions (4.15.0)
• systemd (257.9)
• vmware: open-vm-tools (13.0.5)