Changes since Alpha 2823.0.0:
Security fixes
- Linux (CVE-2021-28964, CVE-2021-28972, CVE-2021-28971, CVE-2021-28951, CVE-2021-28952, CVE-2021-29266, CVE-2021-28688, CVE-2021-29264, CVE-2021-29649, CVE-2021-29650, CVE-2021-29646, CVE-2021-29647, CVE-2021-29154, CVE-2021-29155, CVE-2021-23133)
Bug fixes
- Fix the patch to update DefaultTasksMax in systemd (coreos-overlay#971)
Updates
Changes since Beta 2801.1.0:
Security fixes
- Linux (CVE-2021-28964, CVE-2021-28972, CVE-2021-28971, CVE-2021-28951, CVE-2021-28952, CVE-2021-29266, CVE-2021-28688, CVE-2021-29264, CVE-2021-29649, CVE-2021-29650, CVE-2021-29646, CVE-2021-29647, CVE-2021-29154, CVE-2021-29155, CVE-2021-23133)
- Go (CVE-2021-27918, CVE-2021-27919)
- glib (CVE-2021-28153, CVE-2021-27218, CVE-2021-27219)
- boost (CVE-2012-2677)
- ncurses (CVE-2019-17594, CVE-2019-17595)
- zstd (CVE-2021-24032)
Bug Fixes
- Fix the patch to update DefaultTasksMax in systemd (coreos-overlay#971)
Changes
- The pam_faillock PAM module was enabled as replacement for the removed pam_tally2 module and will temporarily lock an account if there were login attempts with a wrong password. The faillock command can be used to show the current state. With pam_tally2 there was no limit for wrong password login attempts but with faillock the default is already restricting the attempts. The default behavior was relaxed to allow 5 wrong passwords per two minutes, and a one minute account lock time. This does not apply to logins with an SSH key. (baselayout#17)
- The etcd and flannel services are now run with Docker and any rkt-based customizations of the etcd-member and flanneld services not supported anymore. Also, because the flanneld service relies on Docker and will restart Docker after applying the new configuration, it is not possible anymore to set Requires=flanneld.service for docker.service and instead it’s enough to have flanneld.service enabled. (coreos-overlay#857)
Updates