Generic Kernel version-release: kernel-6.6.130.1-3
Add azure-vm-utils to SPECS/SPECS-EXTENDED
Add bootengine to SPECS/SPECS-EXTENDED
Add coreos-cloudinit to SPECS/SPECS-EXTENDED
Add coreos-init to SPECS/SPECS-EXTENDED
Add kata-containers-preview to SPECS/SPECS-EXTENDED
Add Kernel config validation tool
Add Nodejs24 container and distroless image
Add support for kernel flavor versioning
Add update-ssh-keys to SPECS/SPECS-EXTENDED
Add uvm micro kernel to SPECS/SPECS-EXTENDED
Enable crypto kernel configs in kernel version 6.12
Enable lz4, lz4hc and zstd zram compression
Fix Cisco Telegraf
Fix docker engine multiarch image push
Fix espeak-ng ptest
Fix fontconfig ptest
Fix libsoup with_check condition
Fix ntpdate-wrapper binary path
Fix python-daemon ptest regression
Fix python-fields ptest
Fix shim-unsigned-* separately from shim
Patch azurelinux-image-tools for CVE-2026-27141
Patch cmake for CVE-2026-27135
Patch coredns for CVE-2026-26018, CVE-2026-26017
Patch dcos-cli for CVE-2025-30204
Patch edk2 for CVE-2025-69419 and align edk2-hvloader-signed release
Patch flannel for CVE-2026-32241
Patch freetype for CVE-2026-23865
Patch giflib for CVE-2026-23868
Patch glibc for CVE-2026-4437, CVE-2026-4438
Patch grub2 for CVE-2025-0622 and increase SBAT to grub,5
Patch hdf5 for CVE-2025-2915
Patch kernel to enable CONFIG_TCP_CONG_BBR3
Patch kernel-mshv to enable CONFIG_WIREGUARD
Patch libarrow for CVE-2026-25087
Patch libarchive for CVE-2026-4111
Patch libexif for CVE-2026-32775
Patch libssh for CVE-2026-3731
Patch libsoup for CVE-2026-0716, CVE-2026-2443, CVE-2026-2369
Patch libvirt for TPM patches
Patch nasm for CVE-2022-46456
Patch ncurses for CVE-2025-69720
Patch netavark for CVE-2026-25541
Patch nghttp2 for CVE-2026-27135
Patch nodejs for CVE-2026-27135
Patch ocaml for CVE-2026-28364
Patch plexus-utils for CVE-2025-67030
Patch pyOpenSSL for CVE-2026-27459, CVE-2026-27448
Patch python-pyasn1 for CVE-2026-30922
Patch python3 for CVE-2026-4519
Patch python-requests for CVE-2026-25645
Patch python-virtualenv for CVE-2025-50181, CVE-2026-24049, CVE-2026-1703
Patch rpm-ostree for CVE-2026-25541, CVE-2025-58160
Patch rust for CVE-2026-25541, CVE-2026-25727, CVE-2023-48795
Patch skopeo for CVE-2026-24117
Patch squid for CVE-2026-33526, CVE-2026-33515, CVE-2026-32748
Patch strongswan for CVE-2026-25075
Patch telegraf for CVE-2026-4645
Patch vim for CVE-2026-32249 CVE-2026-33412
Upgrade bind to 9.20.21 for CVE-2026-3591, CVE-2026-3119, CVE-2026-3104, CVE-2026-1519
Upgrade erlang to 26.2.5.18 for CVE-2026-23941, CVE-2026-23942, CVE-2026-23943
Upgrade etcd to 3.5.28 for CVE-2026-33413, CVE-2026-33343
Upgrade frr to 10.5.0
Upgrade golang to 1.26.1-1
Upgrade kernel to 6.6.130.1 and reapply recent BBR3 and zram compressions. Includes crackarmor fix CVE-2026-23269
Upgrade kernel-hwe to 6.12.78.2.1 for CVE-2026-23269.
Upgrade KubeVirt to v1.7.1
Upgrade libpng to 1.6.56 for CVE-2026-33636, CVE-2026-33416
Upgrade mariadb to 10.11.16 for CVE-2026-3494
Upgrade nginx to 1.28.3 for CVE-2026-27654, CVE-2026-27784, CVE-2026-32647, CVE-2026-27651, CVE-2026-28753, CVE-2026-28755
Upgrade shim to v16.1
Upgrade SymCrypt-OpenSSL to 1.9.5
Upgrade trident to v0.22
Additional Notes:
Kernel-hwe was upgraded to 6.12.78.2.1 resulting in a rebuild of cuda-open-hwe OOT module (cuda-open-hwe-580.105.08-7_6.12.78.2.1.azl3.aarch64.rpm)
Note that in a bare metal test scenario, running nvidia-smi caused the kernel to crash with "Trying to vfree() nonexistent vm area (000000001f7525a8)". In virtualized scenarios all testing passed.