kinvolk/manifest v2748.0.0

on GitHub

Security fixes

• Linux
  • CVE-2020-27815
  • CVE-2020-27830
  • CVE-2020-27835
  • CVE-2020-28588
  • CVE-2020-29568
  • CVE-2020-29569
  • CVE-2020-29660
  • CVE-2020-29661

Bug fixes

• afterburn (coreos-metadata): Restart on failure and keep coreos-metadata unit active (kinvolk/coreos-overlay#768)
• networkd: avoid managing MAC addresses for veth devices (kinvolk/init#33)

Changes

• Updated nsswitch.conf to use systemd-resolved (kinvolk/baselayout#10)
• Enabled systemd-resolved stub listeners (kinvolk/baselayout#11)
• systemd-resolved: Disabled DNSSEC for the mean time (kinvolk/baselayout#14)
• kernel: enabled CONFIG_DEBUG_INFO_BTF (kinvolk/coreos-overlay#753)
• containerd: Switched to default upstream socket location while keeping a symlink for the previous location in Flatcar (kinvolk/coreos-overlay#771)
• containerd: Disabled shim debug logs (kinvolk/coreos-overlay#766)

Updates

• Linux (5.10.4)
• Linux firmware (20201218)
• SDK: Rust (1.48.0)

Note: Please note that ARM images remain experimental for now.