Flatcar updates
Security fixes:
- Fix e2fsprogs arbitrary code execution via crafted filesystem (CVE-2019-5094)
- Fix Git arbitrary path overwrite, credential leak from credential helpers, remote code execution in recursive clones, and arbitrary command execution via submodules (CVE-2019-1348, CVE-2019-1387, CVE-2019-19604, CVE-2020-11008, CVE-2020-5260)
- Fix libarchive crash or use-after-free via crafted RAR file (CVE-2019-18408, CVE-2020-9308)
- Fix libgcrypt ECDSA timing attack (CVE-2019-13627)
- Fix libidn2 domain impersonation (CVE-2019-12290)
- Fix NSS crashes and heap corruption (CVE-2017-11695, CVE-2017-11696, CVE-2017-11697, CVE-2017-11698, CVE-2018-18508, CVE-2019-11745)
- Fix OpenSSL overflow in Montgomery squaring procedure (CVE-2019-1551)
- Fix SQLite crash and heap corruption (CVE-2019-16168, CVE-2019-5827)
- Fix unzip heap overflow or excessive resource consumption via crafted archive (CVE-2018-1000035, CVE-2019-13232)
- Fix vim arbitrary command execution via crafted file (CVE-2019-12735)
Bug fixes:
- When writing the update kernel, prefer
/boot/coreos
only if/boot/coreos/vmlinux-*
exists (flatcar-linux/update_engine#5) - Fixed sysroot-boot initramfs service race which resulted in a warning that this service failed
- Use the correct
BINHOST
URLs in the development container to download binary packages
Changes:
- Support the CoreOS GRUB
/boot/coreos/first_boot
flag file (flatcar-linux/bootengine#13) - Fetch container images in docker format rather than ACI by default in
etcd-member.service
,flanneld.service
, andkubelet-wrapper
- Use
flatcar.autologin
kernel command line parameter on Azure and VMware for auto login on the serial console - Include
conntrack
(conntrack-tools) - Include
journalctl
output,pstore
kernel crash logs, andcoredumpctl list
output in themayday
report - Update wa-linux-agent to 2.2.46 on Azure
- Support both
coreos.config.*
andflatcar.config.*
guestinfo variables on VMware OEM
Updates: