Changes since Stable 3975.2.0
Security fixes:
- Linux (CVE-2024-44944, CVE-2024-43877, CVE-2024-43876, CVE-2024-43875, CVE-2024-43873, CVE-2024-43871, CVE-2024-43881, CVE-2024-43880, CVE-2024-43879, CVE-2024-43869, CVE-2024-43870, CVE-2024-43856, CVE-2024-43860, CVE-2024-43859, CVE-2024-43858, CVE-2024-43833, CVE-2024-43832, CVE-2024-43831, CVE-2024-43830, CVE-2024-43829, CVE-2024-43828, CVE-2024-43855, CVE-2024-43854, CVE-2024-43853, CVE-2024-43851, CVE-2024-43850, CVE-2024-43849, CVE-2024-43847, CVE-2024-43846, CVE-2024-43845, CVE-2024-43842, CVE-2024-43841, CVE-2024-43839, CVE-2024-43837, CVE-2024-43834, CVE-2024-43825, CVE-2024-43823, CVE-2024-43821, CVE-2024-43818, CVE-2024-43817, CVE-2024-42321, CVE-2024-42322, CVE-2024-42288, CVE-2024-42297, CVE-2024-42296, CVE-2024-42295, CVE-2024-42294, CVE-2024-42292, CVE-2024-42320, CVE-2024-42318, CVE-2024-42291, CVE-2024-42316, CVE-2024-42315, CVE-2024-42314, CVE-2024-42313, CVE-2024-42311, CVE-2024-42310, CVE-2024-42309, CVE-2024-42308, CVE-2024-42290, CVE-2024-42307, CVE-2024-42306, CVE-2024-42305, CVE-2024-42304, CVE-2024-42303, CVE-2024-42302, CVE-2024-42301, CVE-2024-42299, CVE-2024-42298, CVE-2024-42289, CVE-2024-42284, CVE-2024-42283, CVE-2024-42281, CVE-2024-42280, CVE-2024-42279, CVE-2024-42278, CVE-2024-42277, CVE-2024-42287, CVE-2024-42286, CVE-2024-42285, CVE-2023-52889, CVE-2024-42276, CVE-2024-43867, CVE-2024-43866, CVE-2024-43864, CVE-2024-43863, CVE-2024-42312, CVE-2024-42274, CVE-2024-42273, CVE-2024-42272, CVE-2024-42271, CVE-2024-42270, CVE-2024-42269, CVE-2024-42268, CVE-2024-42267, CVE-2024-42265, CVE-2024-43908, CVE-2024-44931, CVE-2024-43914, CVE-2024-43912, CVE-2024-44935, CVE-2024-44934, CVE-2024-43909, CVE-2024-43905, CVE-2024-43903, CVE-2024-43902, CVE-2024-43900, CVE-2024-43907, CVE-2024-43906, CVE-2024-43897, CVE-2024-43894, CVE-2024-43893, CVE-2024-43892, CVE-2024-43890, CVE-2024-43889, CVE-2024-43895, CVE-2024-43883, CVE-2024-43861, CVE-2024-42259, CVE-2024-44943, CVE-2024-44942, CVE-2024-44941, CVE-2024-44940, CVE-2024-44938, CVE-2024-44939, CVE-2024-43898, CVE-2024-43882, CVE-2024-44947, CVE-2024-44946)
Bug fixes:
- Fix ownership of systemd units shipped with built-in docker/containerd sysexts. The files shipped on production images were accidentally owned by 1000:1000 instead of 0:0. This uid/gid is not present on Flatcar images but would be assigned to the first created user. Due to contents of sysexts and /usr being readonly on Flatcar, the invalid permissions can't be used to escalate privileges. (scripts#2266)
- Equinix Metal: Fixed oem-cloudinit.service. The availability check now uses the https://metadata.platformequinix.com/metadata endpoint. (scripts#2222)