flatcar/scripts beta-4694.1.0

on GitHub

Changes since Beta 4628.1.2

Security fixes:

• Linux (CVE-2026-46323, CVE-2026-46315, CVE-2026-46275, CVE-2026-46244, CVE-2026-46243, CVE-2026-46322, CVE-2026-46321, CVE-2026-46316)
• c-ares (CVE-2025-62408)
• curl (CVE-2025-13034, CVE-2025-14017, CVE-2025-14524, CVE-2025-14819, CVE-2025-15079, CVE-2025-15224)
• expat (CVE-2026-24515, CVE-2026-25210)
• glib (CVE-2025-13601, CVE-2025-14087)
• glibc (CVE-2026-0861, CVE-2026-0915, CVE-2025-15281)
• gnupg (CVE-2026-24881, CVE-2026-24882, CVE-2026-24883)
• gnutls (CVE-2025-14831, CVE-2026-1584)
• incus (CVE-2026-23953)
• intel-microcode (CVE-2025-31648)
• libpcap (CVE-2025-11961, CVE-2025-11964)
• libtasn1 (CVE-2025-13151)
• libxslt (CVE-2025-10911, CVE-2025-11731)
• nvidia-drivers (CVE-2025-33219)
• p11-kit (CVE-2026-2100)
• rsync (CVE-2025-10158)
• sssd (CVE-2025-11561)
• util-linux (CVE-2025-14104)

Changes:

• Add EROFS tools for containerd (Flatcar#2047)
• Added NVMe/TCP support, enabling storage backends that use NVMe over Fabrics. (scripts#4036)
• Build AMD GPU driver as module (scripts#3461)
• Enable VNC console serial logs on ARM64 QEMU/KVM instances (scripts#2359)
• Reworked how the OEM partition is mounted at boot time so that Ignition no longer has to handle this by itself, thereby requiring less patching. This should not affect any existing usage, but it is a significant underlying change, so it needs to be called out. Please report any unexpected issues. (script#3934)
• Enabled /dev/kfd/ in amdgpu driver on AMD64 (scripts#4053)

Updates:

• Linux (6.12.93 (includes 6.12.92))
• Linux Firmware (20260410 (includes 20260309, 20260221))
• SDK: catalyst (4.1.1)
• SDK: gnu-efi (4.0.4 (includes 4.0.3))
• SDK: meson (1.9.2)
• SDK: qemu (10.2.0 (includes 10.1.0))
• SDK: rust (1.92.0_p1)
• base, dev: binutils-libs (2.46.0)
• base, dev: c-ares (1.34.6)
• base, dev: cryptsetup (2.8.3 (includes 2.8.2))
• base, dev: curl (8.18.0)
• base, dev: expat (2.7.4)
• base, dev: gentoo-functions (1.7.6)
• base, dev: glibc (2.42)
• base, dev: gnupg (2.5.17)
• base, dev: gnutls (3.8.12)
• base, dev: intel-microcode (20260227_p20260227 (includes 20260210_p20260211))
• base, dev: iproute2 (6.18.0)
• base, dev: libgpg-error (1.58)
• base, dev: libnl (3.12.0)
• base, dev: libpcap (1.10.6)
• base, dev: libsodium (1.0.21_p20260122)
• base, dev: libtasn1 (4.21.0)
• base, dev: linux-headers (6.18)
• base, dev: nftables (1.1.6)
• base, dev: nghttp2 (1.68.0 (includes 1.67.1, 1.67.0, 1.66.0))
• base, dev: p11-kit (0.26.2 (includes 0.26.1, 0.26.0, 0.25.10, 0.25.9, 0.25.8, 0.25.7, 0.25.6))
• base, dev: pam (1.7.2)
• base, dev: pax-utils (1.3.10)
• base, dev: quota (4.11)
• base, dev: socat (1.8.1.0)
• base, dev: sqlite (3.51.2)
• base, dev: sssd (2.9.8)
• base, dev: strace (6.18)
• base, dev: systemd (258.3)
• base, dev: tcpdump (4.99.6)
• base, dev: timezone-data (2025c)
• base, dev: util-linux (2.41.3)
• base, dev: wireguard-tools (1.0.20250521)
• base, dev: xfsprogs (6.18.0)
• base, dev: xz-utils (5.8.2)
• dev: binutils (2.46.0)
• dev: eselect (1.4.31)
• dev: gdb (17.1)
• dev: gentoolkit (0.7.1)
• dev: iperf (3.20)
• dev: portage (3.0.77 (includes 3.0.76, 3.0.75, 3.0.74, 3.0.73))
• nss-usrfiles (2.43)
• sysext-containerd: containerd (2.2.1)
• sysext-incus, sysext-podman, vmware: fuse (3.18.1 (includes 3.18.0))
• sysext-nvidia-drivers-535, sysext-nvidia-drivers-535-open: nvidia-drivers (535.288.01)
• sysext-nvidia-drivers-570, sysext-nvidia-drivers-570-open: nvidia-drivers (570.211.01)
• sysext-overlaybd: accelerated-container-image (1.4.3 (includes 1.4.2, 1.4.1, 1.4.0))
• sysext-podman: aardvark-dns (1.17.0 (includes 1.16.0))
• sysext-podman: containers-common (0.64.2 (includes 0.64.1, 0.64.0))
• sysext-podman: containers-image (5.36.2 (includes 5.36.1, 5.36.0))
• sysext-podman: containers-storage (1.59.1 (includes 1.59.0, 1.58.0))
• sysext-podman: fuse-overlayfs (1.16)
• sysext-podman: netavark (1.17.1 (includes 1.17.0))
• sysext-podman: passt (2025.12.15)
• sysext-podman: podman (5.7.1)
• sysext-python: jaraco-context (6.1.0)
• sysext-python: jaraco-functools (4.4.0)
• sysext-python: packaging (26.0)
• sysext-python: trove-classifiers (2026.1.14.14)
• sysext-python: wheel (0.46.2 (includes 0.46.1, 0.46.0))
• vmware: libxslt (1.1.45)

Changes since Alpha 4694.0.1

Security fixes:

• Linux (CVE-2026-46323, CVE-2026-46315, CVE-2026-46275, CVE-2026-46244, CVE-2026-46243, CVE-2026-46322, CVE-2026-46321, CVE-2026-46316)

Changes:

• Added NVMe/TCP support, enabling storage backends that use NVMe over Fabrics. (scripts#4036)
• Enabled /dev/kfd/ in amdgpu driver on AMD64 (scripts#4053)

Updates:

• Linux (6.12.93 (includes 6.12.92))