flatcar/scripts stable-4230.2.0

on GitHub

Changes since Stable 4152.2.3

Security fixes:

• Linux (CVE-2025-37989, CVE-2025-37988, CVE-2025-37985, CVE-2025-37983, CVE-2025-37938, CVE-2025-37885, CVE-2025-37884, CVE-2025-37883, CVE-2025-37881, CVE-2025-37879, CVE-2025-37878, CVE-2025-37887, CVE-2025-37886, CVE-2025-37836, CVE-2025-37823, CVE-2025-37831, CVE-2025-37830, CVE-2025-37829, CVE-2025-37828, CVE-2025-37824, CVE-2025-37808, CVE-2025-37805, CVE-2025-37804, CVE-2025-37803, CVE-2025-37820, CVE-2025-37819, CVE-2025-37818, CVE-2025-37817, CVE-2025-37815, CVE-2025-37813, CVE-2025-37812, CVE-2025-37811, CVE-2025-37810, CVE-2025-37800, CVE-2025-37801, CVE-2025-37799, CVE-2025-37797, CVE-2025-37990, CVE-2025-37991, CVE-2025-37917, CVE-2025-37927, CVE-2025-37924, CVE-2025-37923, CVE-2025-37922, CVE-2025-37921, CVE-2025-37936, CVE-2025-37935, CVE-2025-37933, CVE-2025-37932, CVE-2025-37930, CVE-2025-37929, CVE-2025-37928, CVE-2025-37918, CVE-2025-37903, CVE-2025-37901, CVE-2025-37897, CVE-2025-37916, CVE-2025-37915, CVE-2025-37914, CVE-2025-37913, CVE-2025-37912, CVE-2025-37911, CVE-2025-37909, CVE-2025-37905, CVE-2025-37891, CVE-2025-37890, CVE-2025-37998, CVE-2025-37997, CVE-2025-37995, CVE-2025-37994, CVE-2025-37973, CVE-2025-37972, CVE-2025-37970, CVE-2025-37969, CVE-2025-37964, CVE-2025-37963, CVE-2025-37962, CVE-2025-37961, CVE-2025-37959, CVE-2025-37954, CVE-2025-37953, CVE-2025-37952, CVE-2025-37951, CVE-2025-37949, CVE-2025-37948, CVE-2025-37956, CVE-2025-37947, CVE-2025-38015, CVE-2025-38014, CVE-2025-38013, CVE-2025-38010, CVE-2025-38009, CVE-2025-38027, CVE-2025-38008, CVE-2025-38024, CVE-2025-38023, CVE-2025-38020, CVE-2025-38019, CVE-2025-38018, CVE-2025-38007, CVE-2025-38006, CVE-2025-38005, CVE-2025-37992, CVE-2025-38052, CVE-2025-38061, CVE-2025-38059, CVE-2025-38058, CVE-2025-38081, CVE-2025-38080, CVE-2025-38079, CVE-2025-38078, CVE-2025-38077, CVE-2025-38075, CVE-2025-38074, CVE-2025-38072, CVE-2025-38071, CVE-2025-38068, CVE-2025-38066, CVE-2025-38065, CVE-2025-38063, CVE-2025-38062, CVE-2025-38037, CVE-2025-38035, CVE-2025-38034, CVE-2025-38051, CVE-2025-38031, CVE-2025-38048, CVE-2025-38046, CVE-2025-38045, CVE-2025-38044, CVE-2025-38043, CVE-2025-38040, CVE-2025-38039, CVE-2025-38030, CVE-2025-38003, CVE-2025-38004, CVE-2025-38001, CVE-2025-38000, CVE-2025-38083)
• containers-storage, podman (CVE-2024-9676)
• curl (CVE-2024-11053, CVE-2024-9681)
• expat (CVE-2024-50602)
• sssd (CVE-2023-3758)
• wget (CVE-2024-10524)

Bug fixes:

• Fixed PXE boot failures that arose since upgrading to systemd v256. Users were dumped to an emergency shell. (flatcar/bootengine#103)
• Fixed creating netdev arguments to correctly include commas when no port forwards are passed (flatcar/scripts#2581)
• The kernel module build directory now contains native binaries in arm64 images instead of the previous amd64 binaries (scripts#2694)
• Nvidia driver installer service now supports the 570 driver branch by forcing the use of the proprietary kernel module. The 570 branch defaults to the kernel-open driver which requires loading firmware, which is not yet supported on Flatcar. (scripts#2694)
• Added back some BCC tools (scripts#2900)

Changes:

• Added support for ARM64 architecture in the NVIDIA driver installer service (scripts#2694)
• Added support for multiple port forwarding parameters in the QEMU startup script. Users can now specify multiple port forwards using the -f option. (flatcar/scripts#2575)
• Additional GRUB modules are no longer installed for UEFI platforms to save space and also because they cannot be loaded with Secure Boot enabled. This does not affect existing installations.
• The GRUB modules on non-UEFI platforms are now compressed with xz rather than gzip to save even more space. This does not affect existing installations.
• The VFIO kernel modules are now also available in ARM64 builds. (flatcar/scripts#2484)
• Enabled the gtp kernel module. This is the GPRS Tunneling Protocol datapath for usage in telecoms scenarios. (flatcar/scripts#2504)

Updates:

• AMD64: nvidia-drivers (535.230.02)
• ARM64: nvidia-drivers (570.86.15)
• Go (1.22.11 (includes 1.22.10))
• Linux (6.6.94 (includes 6.6.93, 6.6.92, 6.6.91, 6.6.90, 6.6.89,6.6.65))
• Linux Firmware (20250109 (includes 20241210, 20241110))
• SDK: autoconf (2.72)
• SDK: cmake (3.30.5)
• SDK: libpng (1.6.44)
• SDK: perf (6.11.7)
• SDK: pkgcheck (0.10.32)
• SDK: portage (3.0.66.1)
• SDK: qemu (8.2.7)
• azure, dev, gce, sysext-python: python (3.11.11_p1)
• azure: chrony (4.6.1)
• base, dev: audit (4.0.2)
• base, dev: azure-vm-utils (0.4.0)
• base, dev: bind (9.18.29)
• base, dev: bpftool (7.5.0 (includes 7.4.0))
• base, dev: btrfs-progs (6.12 (includes 6.11))
• base, dev: c-ares (1.34.3 (includes 1.34.2, 1.34.1, 1.34.0))
• base, dev: checkpolicy (3.7)
• base, dev: ethtool (6.10)
• base, dev: expat (2.6.4)
• base, dev: gawk (5.3.1)
• base, dev: gcc (14.2.1_p20241116)
• base, dev: glib (2.80.5 (includes 2.80.4, 2.80.3, 2.80.2, 2.80.1, 2.80.0))
• base, dev: gnupg (2.4.6)
• base, dev: hwdata (0.390)
• base, dev: intel-microcode (20241112 (includes 20241029))
• base, dev: iproute2 (6.12.0 (includes 6.11.0, 6.10.0))
• base, dev: iputils (20240905)
• base, dev: json-c (0.18)
• base, dev: kexec-tools (2.0.30 (includes 2.0.29))
• base, dev: less (668)
• base, dev: libarchive (3.7.7)
• base, dev: libcap (2.71)
• base, dev: libgpg-error (1.51)
• base, dev: libnetfilter_conntrack (1.1.0)
• base, dev: libnftnl (1.2.8)
• base, dev: libnvme (1.11.1 (includes 1.11))
• base, dev: libselinux (3.7)
• base, dev: libsepol (3.7)
• base, dev: libuv (1.49.2 (includes 1.49.1, 1.49.0))
• base, dev: libxml2 (2.12.9 (includes 2.12.8))
• base, dev: lsof (4.99.4)
• base, dev: mokutil (0.7.2)
• base, dev: npth (1.8)
• base, dev: nvme-cli (2.11)
• base, dev: openldap (2.6.8 (includes 2.6.7, 2.6.6, 2.6.5))
• base, dev: pax-utils (1.3.8)
• base, dev: sssd (2.9.5 (includes 2.9.4, 2.9.3, 2.9.2, 2.9.1, 2.9.0, 2.8.0, 2.7.0, 2.6.0, 2.5.0, 2.4.0))
• base, dev: strace (6.12 (includes 6.11, 6.10))
• base, dev: usbutils (018)
• base, dev: util-linux (2.40.2 (includes 2.40.1, 2.40.0))
• base, dev: wget (1.25.0)
• base, dev: xfsprogs (6.11.0 includes (6.10.1, 6.10.0, 6.9.0))
• base, dev: xz-utils (5.6.3)
• ca-certificates (3.112 (includes 3.111))
• dev: bash-completion (2.15.0)
• dev: binutils (2.43)
• dev: gentoolkit (0.6.8)
• docker: docker (27.3.1)
• docker: docker-buildx (0.14.0 (includes 0.13.0, 0.12.0, 0.11.0))
• docker: docker-cli (27.3.1)
• gce: six (1.17.0)
• sysext-podman: containers-storage (1.55.1)
• sysext-podman: gpgme (1.24.1 (includes 1.24.0))
• sysext-podman: podman (5.3.0)
• sysext-python: cachecontrol (0.14.1)
• sysext-python: charset-normalizer (3.4.1 (includes 3.4.0))
• sysext-python: distlib (0.3.9)
• sysext-python: jaraco-functools (4.1.0)
• sysext-python: packaging (24.2)
• sysext-python: pip (24.3.1 (includes 24.3)
• sysext-python: pyproject-hooks (1.2.0)
• sysext-python: resolvelib (1.1.0)
• sysext-python: rich (13.9.3)
• sysext-python: setuptools (75.6.0 (includes 75.5.0, 75.4.0, 75.3.0, 75.2.0, 75.1.1, 75.1.0, 75.0.0))
• sysext-python: trove-classifiers (2024.10.21.16)
• sysext-python: truststore (0.10.0)
• sysext-python: urllib3 (2.3.0)
• sysext-python: wheel (0.45.1 (includes 0.45.0))
• sysext-zfs: zfs (2.2.7 (includes 2.2.6))
• systemd (256.9 (from 255.8))
• vmware: libltdl (2.5.4 (includes 2.5.3, 2.5.2, 2.5.1, 2.5.0))
• vmware: libmspack (1.11)
• vmware: xmlsec (1.3.5)

Changes since Beta 4230.1.1

Security fixes:

• Linux (CVE-2025-37989, CVE-2025-37988, CVE-2025-37985, CVE-2025-37983, CVE-2025-37938, CVE-2025-37885, CVE-2025-37884, CVE-2025-37883, CVE-2025-37881, CVE-2025-37879, CVE-2025-37878, CVE-2025-37887, CVE-2025-37886, CVE-2025-37836, CVE-2025-37823, CVE-2025-37831, CVE-2025-37830, CVE-2025-37829, CVE-2025-37828, CVE-2025-37824, CVE-2025-37808, CVE-2025-37805, CVE-2025-37804, CVE-2025-37803, CVE-2025-37820, CVE-2025-37819, CVE-2025-37818, CVE-2025-37817, CVE-2025-37815, CVE-2025-37813, CVE-2025-37812, CVE-2025-37811, CVE-2025-37810, CVE-2025-37800, CVE-2025-37801, CVE-2025-37799, CVE-2025-37797, CVE-2025-37990, CVE-2025-37991, CVE-2025-37917, CVE-2025-37927, CVE-2025-37924, CVE-2025-37923, CVE-2025-37922, CVE-2025-37921, CVE-2025-37936, CVE-2025-37935, CVE-2025-37933, CVE-2025-37932, CVE-2025-37930, CVE-2025-37929, CVE-2025-37928, CVE-2025-37918, CVE-2025-37903, CVE-2025-37901, CVE-2025-37897, CVE-2025-37916, CVE-2025-37915, CVE-2025-37914, CVE-2025-37913, CVE-2025-37912, CVE-2025-37911, CVE-2025-37909, CVE-2025-37905, CVE-2025-37891, CVE-2025-37890, CVE-2025-37998, CVE-2025-37997, CVE-2025-37995, CVE-2025-37994, CVE-2025-37973, CVE-2025-37972, CVE-2025-37970, CVE-2025-37969, CVE-2025-37964, CVE-2025-37963, CVE-2025-37962, CVE-2025-37961, CVE-2025-37959, CVE-2025-37954, CVE-2025-37953, CVE-2025-37952, CVE-2025-37951, CVE-2025-37949, CVE-2025-37948, CVE-2025-37956, CVE-2025-37947, CVE-2025-38015, CVE-2025-38014, CVE-2025-38013, CVE-2025-38010, CVE-2025-38009, CVE-2025-38027, CVE-2025-38008, CVE-2025-38024, CVE-2025-38023, CVE-2025-38020, CVE-2025-38019, CVE-2025-38018, CVE-2025-38007, CVE-2025-38006, CVE-2025-38005, CVE-2025-37992, CVE-2025-38052, CVE-2025-38061, CVE-2025-38059, CVE-2025-38058, CVE-2025-38081, CVE-2025-38080, CVE-2025-38079, CVE-2025-38078, CVE-2025-38077, CVE-2025-38075, CVE-2025-38074, CVE-2025-38072, CVE-2025-38071, CVE-2025-38068, CVE-2025-38066, CVE-2025-38065, CVE-2025-38063, CVE-2025-38062, CVE-2025-38037, CVE-2025-38035, CVE-2025-38034, CVE-2025-38051, CVE-2025-38031, CVE-2025-38048, CVE-2025-38046, CVE-2025-38045, CVE-2025-38044, CVE-2025-38043, CVE-2025-38040, CVE-2025-38039, CVE-2025-38030, CVE-2025-38003, CVE-2025-38004, CVE-2025-38001, CVE-2025-38000, CVE-2025-38083)

Bug fixes:

• Added back some BCC tools (scripts#2900)

Updates:

• Linux (6.6.94 (includes 6.6.93, 6.6.92, 6.6.91, 6.6.90, 6.6.89))
• ca-certificates (3.112 (includes 3.111))