# Flatcar Container Linux Release - 2nd of September 2024 ## Alpha 4081.0.0 - AMD64-usr - Platforms succeeded: all except equinix_metal - Platforms failed: equinix_metal - Platforms not tested: qemu_uefi_secure - ARM64-usr - Platforms succeeded: all except equinix_metal - Platforms failed: equinix_metal - Platforms not tested: none NOTE: Equinix Metal on AMD64: Tests are passing but there an emergency shell is found in the logs, so it's considered as failure. When I tried to repro last week I got this emergency shell because network was not up so Ignition was not able to fetch the config but it was random: https://github.com/flatcar/Flatcar/issues/1536 VERDICT: _GO_ ## Beta 4054.1.0 - AMD64-usr - Platforms succeeded: all except equinix_metal - Platforms failed: equinix_metal - Platforms not tested: qemu_uefi_secure - ARM64-usr - Platforms succeeded: all except equinix_metal - Platforms failed: equinix_metal - Platforms not tested: none NOTE: Equinix Metal on AMD64: Tests are passing but there an emergency shell is found in the logs, so it's considered as failure. When I tried to repro last week I got this emergency shell because network was not up so Ignition was not able to fetch the config but it was random: https://github.com/flatcar/Flatcar/issues/1536 VERDICT: _GO_ ## Stable 3975.2.1 - AMD64-usr - Platforms succeeded: all except equinix_metal - Platforms failed: equinix_metal - Platforms not tested: qemu_uefi_secure - ARM64-usr - Platforms succeeded: all except equinix_metal - Platforms failed: equinix_metal - Platforms not tested: none NOTE: Equinix Metal on AMD64: Tests are passing but there an emergency shell is found in the logs, so it's considered as failure. When I tried to repro last week I got this emergency shell because network was not up so Ignition was not able to fetch the config but it was random: https://github.com/flatcar/Flatcar/issues/1536 VERDICT: _GO_ ## Communication --- #### Guidelines / Things to Remember - Release notes are used in a PR and will appear on https://www.flatcar.org/releases/ - [Announcement Message](#Announcement-Message) is posted in [Flatcar-Linux-user](https://groups.google.com/g/flatcar-linux-user). Make sure to post as “Flatcar Container Linux User”, not with your personal user (this can be selected when drafting the post). - Make sure the the LTS is referred to as `LTS-2021`, and not `LTS-2605` --- ### Announcement Message Subject: Announcing new releases Alpha 4081.0.0, Beta 4054.1.0 and Stable 3975.2.1 Hello, We are pleased to announce a new Flatcar Container Linux release for the Alpha, Beta and Stable channel. #### Alpha 4081.0.0 _Changes since **Alpha 4054.0.0**_ #### Security fixes: - Linux ([CVE-2024-44944](https://nvd.nist.gov/vuln/detail/CVE-2024-44944), [CVE-2024-43877](https://nvd.nist.gov/vuln/detail/CVE-2024-43877), [CVE-2024-43876](https://nvd.nist.gov/vuln/detail/CVE-2024-43876), [CVE-2024-43875](https://nvd.nist.gov/vuln/detail/CVE-2024-43875), [CVE-2024-43873](https://nvd.nist.gov/vuln/detail/CVE-2024-43873), [CVE-2024-43871](https://nvd.nist.gov/vuln/detail/CVE-2024-43871), [CVE-2024-43881](https://nvd.nist.gov/vuln/detail/CVE-2024-43881), [CVE-2024-43880](https://nvd.nist.gov/vuln/detail/CVE-2024-43880), [CVE-2024-43879](https://nvd.nist.gov/vuln/detail/CVE-2024-43879), [CVE-2024-43869](https://nvd.nist.gov/vuln/detail/CVE-2024-43869), [CVE-2024-43870](https://nvd.nist.gov/vuln/detail/CVE-2024-43870), [CVE-2024-43856](https://nvd.nist.gov/vuln/detail/CVE-2024-43856), [CVE-2024-43860](https://nvd.nist.gov/vuln/detail/CVE-2024-43860), [CVE-2024-43859](https://nvd.nist.gov/vuln/detail/CVE-2024-43859), [CVE-2024-43858](https://nvd.nist.gov/vuln/detail/CVE-2024-43858), [CVE-2024-43833](https://nvd.nist.gov/vuln/detail/CVE-2024-43833), [CVE-2024-43832](https://nvd.nist.gov/vuln/detail/CVE-2024-43832), [CVE-2024-43831](https://nvd.nist.gov/vuln/detail/CVE-2024-43831), [CVE-2024-43830](https://nvd.nist.gov/vuln/detail/CVE-2024-43830), [CVE-2024-43829](https://nvd.nist.gov/vuln/detail/CVE-2024-43829), [CVE-2024-43828](https://nvd.nist.gov/vuln/detail/CVE-2024-43828), [CVE-2024-43855](https://nvd.nist.gov/vuln/detail/CVE-2024-43855), [CVE-2024-43854](https://nvd.nist.gov/vuln/detail/CVE-2024-43854), [CVE-2024-43853](https://nvd.nist.gov/vuln/detail/CVE-2024-43853), [CVE-2024-43851](https://nvd.nist.gov/vuln/detail/CVE-2024-43851), [CVE-2024-43850](https://nvd.nist.gov/vuln/detail/CVE-2024-43850), [CVE-2024-43849](https://nvd.nist.gov/vuln/detail/CVE-2024-43849), [CVE-2024-43847](https://nvd.nist.gov/vuln/detail/CVE-2024-43847), [CVE-2024-43846](https://nvd.nist.gov/vuln/detail/CVE-2024-43846), [CVE-2024-43845](https://nvd.nist.gov/vuln/detail/CVE-2024-43845), [CVE-2024-43842](https://nvd.nist.gov/vuln/detail/CVE-2024-43842), [CVE-2024-43841](https://nvd.nist.gov/vuln/detail/CVE-2024-43841), [CVE-2024-43839](https://nvd.nist.gov/vuln/detail/CVE-2024-43839), [CVE-2024-43837](https://nvd.nist.gov/vuln/detail/CVE-2024-43837), [CVE-2024-43834](https://nvd.nist.gov/vuln/detail/CVE-2024-43834), [CVE-2024-43825](https://nvd.nist.gov/vuln/detail/CVE-2024-43825), [CVE-2024-43823](https://nvd.nist.gov/vuln/detail/CVE-2024-43823), [CVE-2024-43821](https://nvd.nist.gov/vuln/detail/CVE-2024-43821), [CVE-2024-43818](https://nvd.nist.gov/vuln/detail/CVE-2024-43818), [CVE-2024-43817](https://nvd.nist.gov/vuln/detail/CVE-2024-43817), [CVE-2024-42321](https://nvd.nist.gov/vuln/detail/CVE-2024-42321), [CVE-2024-42322](https://nvd.nist.gov/vuln/detail/CVE-2024-42322), [CVE-2024-42288](https://nvd.nist.gov/vuln/detail/CVE-2024-42288), [CVE-2024-42297](https://nvd.nist.gov/vuln/detail/CVE-2024-42297), [CVE-2024-42296](https://nvd.nist.gov/vuln/detail/CVE-2024-42296), [CVE-2024-42295](https://nvd.nist.gov/vuln/detail/CVE-2024-42295), [CVE-2024-42294](https://nvd.nist.gov/vuln/detail/CVE-2024-42294), [CVE-2024-42292](https://nvd.nist.gov/vuln/detail/CVE-2024-42292), [CVE-2024-42320](https://nvd.nist.gov/vuln/detail/CVE-2024-42320), [CVE-2024-42318](https://nvd.nist.gov/vuln/detail/CVE-2024-42318), [CVE-2024-42291](https://nvd.nist.gov/vuln/detail/CVE-2024-42291), [CVE-2024-42316](https://nvd.nist.gov/vuln/detail/CVE-2024-42316), [CVE-2024-42315](https://nvd.nist.gov/vuln/detail/CVE-2024-42315), [CVE-2024-42314](https://nvd.nist.gov/vuln/detail/CVE-2024-42314), [CVE-2024-42313](https://nvd.nist.gov/vuln/detail/CVE-2024-42313), [CVE-2024-42311](https://nvd.nist.gov/vuln/detail/CVE-2024-42311), [CVE-2024-42310](https://nvd.nist.gov/vuln/detail/CVE-2024-42310), [CVE-2024-42309](https://nvd.nist.gov/vuln/detail/CVE-2024-42309), [CVE-2024-42308](https://nvd.nist.gov/vuln/detail/CVE-2024-42308), [CVE-2024-42290](https://nvd.nist.gov/vuln/detail/CVE-2024-42290), [CVE-2024-42307](https://nvd.nist.gov/vuln/detail/CVE-2024-42307), [CVE-2024-42306](https://nvd.nist.gov/vuln/detail/CVE-2024-42306), [CVE-2024-42305](https://nvd.nist.gov/vuln/detail/CVE-2024-42305), [CVE-2024-42304](https://nvd.nist.gov/vuln/detail/CVE-2024-42304), [CVE-2024-42303](https://nvd.nist.gov/vuln/detail/CVE-2024-42303), [CVE-2024-42302](https://nvd.nist.gov/vuln/detail/CVE-2024-42302), [CVE-2024-42301](https://nvd.nist.gov/vuln/detail/CVE-2024-42301), [CVE-2024-42299](https://nvd.nist.gov/vuln/detail/CVE-2024-42299), [CVE-2024-42298](https://nvd.nist.gov/vuln/detail/CVE-2024-42298), [CVE-2024-42289](https://nvd.nist.gov/vuln/detail/CVE-2024-42289), [CVE-2024-42284](https://nvd.nist.gov/vuln/detail/CVE-2024-42284), [CVE-2024-42283](https://nvd.nist.gov/vuln/detail/CVE-2024-42283), [CVE-2024-42281](https://nvd.nist.gov/vuln/detail/CVE-2024-42281), [CVE-2024-42280](https://nvd.nist.gov/vuln/detail/CVE-2024-42280), [CVE-2024-42279](https://nvd.nist.gov/vuln/detail/CVE-2024-42279), [CVE-2024-42278](https://nvd.nist.gov/vuln/detail/CVE-2024-42278), [CVE-2024-42277](https://nvd.nist.gov/vuln/detail/CVE-2024-42277), [CVE-2024-42287](https://nvd.nist.gov/vuln/detail/CVE-2024-42287), [CVE-2024-42286](https://nvd.nist.gov/vuln/detail/CVE-2024-42286), [CVE-2024-42285](https://nvd.nist.gov/vuln/detail/CVE-2024-42285), [CVE-2023-52889](https://nvd.nist.gov/vuln/detail/CVE-2023-52889), [CVE-2024-42276](https://nvd.nist.gov/vuln/detail/CVE-2024-42276), [CVE-2024-43867](https://nvd.nist.gov/vuln/detail/CVE-2024-43867), [CVE-2024-43866](https://nvd.nist.gov/vuln/detail/CVE-2024-43866), [CVE-2024-43864](https://nvd.nist.gov/vuln/detail/CVE-2024-43864), [CVE-2024-43863](https://nvd.nist.gov/vuln/detail/CVE-2024-43863), [CVE-2024-42312](https://nvd.nist.gov/vuln/detail/CVE-2024-42312), [CVE-2024-42274](https://nvd.nist.gov/vuln/detail/CVE-2024-42274), [CVE-2024-42273](https://nvd.nist.gov/vuln/detail/CVE-2024-42273), [CVE-2024-42272](https://nvd.nist.gov/vuln/detail/CVE-2024-42272), [CVE-2024-42271](https://nvd.nist.gov/vuln/detail/CVE-2024-42271), [CVE-2024-42270](https://nvd.nist.gov/vuln/detail/CVE-2024-42270), [CVE-2024-42269](https://nvd.nist.gov/vuln/detail/CVE-2024-42269), [CVE-2024-42268](https://nvd.nist.gov/vuln/detail/CVE-2024-42268), [CVE-2024-42267](https://nvd.nist.gov/vuln/detail/CVE-2024-42267), [CVE-2024-42265](https://nvd.nist.gov/vuln/detail/CVE-2024-42265), [CVE-2024-43908](https://nvd.nist.gov/vuln/detail/CVE-2024-43908), [CVE-2024-44931](https://nvd.nist.gov/vuln/detail/CVE-2024-44931), [CVE-2024-43914](https://nvd.nist.gov/vuln/detail/CVE-2024-43914), [CVE-2024-43912](https://nvd.nist.gov/vuln/detail/CVE-2024-43912), [CVE-2024-44935](https://nvd.nist.gov/vuln/detail/CVE-2024-44935), [CVE-2024-44934](https://nvd.nist.gov/vuln/detail/CVE-2024-44934), [CVE-2024-43909](https://nvd.nist.gov/vuln/detail/CVE-2024-43909), [CVE-2024-43905](https://nvd.nist.gov/vuln/detail/CVE-2024-43905), [CVE-2024-43903](https://nvd.nist.gov/vuln/detail/CVE-2024-43903), [CVE-2024-43902](https://nvd.nist.gov/vuln/detail/CVE-2024-43902), [CVE-2024-43900](https://nvd.nist.gov/vuln/detail/CVE-2024-43900), [CVE-2024-43907](https://nvd.nist.gov/vuln/detail/CVE-2024-43907), [CVE-2024-43906](https://nvd.nist.gov/vuln/detail/CVE-2024-43906), [CVE-2024-43897](https://nvd.nist.gov/vuln/detail/CVE-2024-43897), [CVE-2024-43894](https://nvd.nist.gov/vuln/detail/CVE-2024-43894), [CVE-2024-43893](https://nvd.nist.gov/vuln/detail/CVE-2024-43893), [CVE-2024-43892](https://nvd.nist.gov/vuln/detail/CVE-2024-43892), [CVE-2024-43890](https://nvd.nist.gov/vuln/detail/CVE-2024-43890), [CVE-2024-43889](https://nvd.nist.gov/vuln/detail/CVE-2024-43889), [CVE-2024-43895](https://nvd.nist.gov/vuln/detail/CVE-2024-43895), [CVE-2024-43883](https://nvd.nist.gov/vuln/detail/CVE-2024-43883), [CVE-2024-43861](https://nvd.nist.gov/vuln/detail/CVE-2024-43861), [CVE-2024-42259](https://nvd.nist.gov/vuln/detail/CVE-2024-42259), [CVE-2024-44943](https://nvd.nist.gov/vuln/detail/CVE-2024-44943), [CVE-2024-44942](https://nvd.nist.gov/vuln/detail/CVE-2024-44942), [CVE-2024-44941](https://nvd.nist.gov/vuln/detail/CVE-2024-44941), [CVE-2024-44940](https://nvd.nist.gov/vuln/detail/CVE-2024-44940), [CVE-2024-44938](https://nvd.nist.gov/vuln/detail/CVE-2024-44938), [CVE-2024-44939](https://nvd.nist.gov/vuln/detail/CVE-2024-44939), [CVE-2024-43898](https://nvd.nist.gov/vuln/detail/CVE-2024-43898), [CVE-2024-43882](https://nvd.nist.gov/vuln/detail/CVE-2024-43882), [CVE-2024-44947](https://nvd.nist.gov/vuln/detail/CVE-2024-44947), [CVE-2024-44946](https://nvd.nist.gov/vuln/detail/CVE-2024-44946)) - SDK: re2c ([CVE-2022-23901](https://nvd.nist.gov/vuln/detail/CVE-2022-23901)) - curl ([CVE-2024-7264](https://nvd.nist.gov/vuln/detail/CVE-2024-7264)) - Linux Firmware ([CVE-2023-31315](https://nvd.nist.gov/vuln/detail/CVE-2023-31315)) #### Bug fixes: - Fix ownership of systemd units shipped with built-in docker/containerd sysexts. The files shipped on production images were accidentally owned by 1000:1000 instead of 0:0. This uid/gid is not present on Flatcar images but would be assigned to the first created user. Due to contents of sysexts and /usr being readonly on Flatcar, the invalid permissions can't be used to escalate privileges. ([scripts#2266](https://github.com/flatcar/scripts/pull/2266)) - Equinix Metal: Fixed oem-cloudinit.service. The availability check now uses the https://metadata.platformequinix.com/metadata endpoint. ([scripts#2222](https://github.com/flatcar/scripts/pull/2222)) - Fixed slow boots PXE and ISO boots caused by the decrypt-root.service. ([Flatcar#1514](https://github.com/flatcar/flatcar/pull/1514)) - Fixed the initrd option in the QEMU launcher script. It was -R, but this was already taken by the read-only pflash option, so use -r instead. ([scripts#2239](https://github.com/flatcar/scripts/pull/2239)) #### Changes: - Replace nmap netcat with openbsd variant. The license didn't get an exception from CNCF. Something about the definition of "derivative works" being too broad. - The `docker build` command will now use buildx as its backend as the old one became deprecated and a loud "DEPRECATED" information is printed every time it's used. #### Updates: - Go ([1.21.13](https://go.dev/doc/devel/release#go1.21.13)) - Linux ([6.6.48](https://lwn.net/Articles/987679) (includes [6.6.47](https://lwn.net/Articles/986231/), [6.6.46](https://lwn.net/Articles/985672), [6.6.45](https://lwn.net/Articles/985200), [6.6.44](https://lwn.net/Articles/984450))) - Linux Firmware ([20240811](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20240811)) - Open-iSCSI ([2.1.10](https://github.com/open-iscsi/open-iscsi/releases/tag/2.1.10)) - Azure: azure-nvme-utils ([0.2.0](https://github.com/Azure/azure-nvme-utils/releases/tag/v0.2.0)) - ca-certificates ([3.104](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_104.html)) - conntrack-tools ([1.4.8](https://lwn.net/Articles/945927/)) - containerd ([1.7.21](https://github.com/containerd/containerd/releases/tag/v1.7.21)) - curl ([8.9.1](https://curl.se/ch/8.9.1.html)) - dev: minicom ([2.9](https://salsa.debian.org/minicom-team/minicom/-/releases/2.9)) - elfutils ([0.191](https://inbox.sourceware.org/elfutils-devel/CAJDtP-SJhJ8cjTpkNpi+F0nzVJ2pZsEai8Ewpp4yJmsO_H5-NA@mail.gmail.com/T/#u)) - gce, sysext-python: setuptools ([72.1.0](https://github.com/pypa/setuptools/blob/v72.1.0/NEWS.rst) (includes [71.1.0](https://github.com/pypa/setuptools/blob/v71.1.0/NEWS.rst), [71.0.0](https://github.com/pypa/setuptools/blob/v71.0.0/NEWS.rst))) - gflags ([2.2.2](https://github.com/gflags/gflags/releases/tag/v2.2.2)) - glog ([0.6.0](https://github.com/google/glog/releases/tag/v0.6.0)) - libmicrohttpd ([1.0.1](https://lists.gnu.org/archive/html/libmicrohttpd/2024-02/msg00005.html) (includes [1.0.0](https://lists.gnu.org/archive/html/libmicrohttpd/2024-02/msg00000.html))) - lz4 ([1.10.0](https://github.com/lz4/lz4/releases/tag/v1.10.0)) - nghttp2 ([1.62.1](https://github.com/nghttp2/nghttp2/releases/tag/v1.62.1)) - npth ([1.7](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=npth.git;a=blob;f=NEWS;h=c1b631b4294eabfef29baefd60e1b0dfecce710d;hb=75c68399ef3bbb5d024f2a60474a7214fa479016)) - sysext-python: more-itertools ([10.4.0](https://github.com/more-itertools/more-itertools/releases/tag/v10.4.0)) - sysext-python: pip ([24.2](https://github.com/pypa/pip/blob/24.2/NEWS.rst) (includes [24.1.2](https://github.com/pypa/pip/blob/24.1.2/NEWS.rst))) - sysext-python: wheel ([0.44.0](https://github.com/pypa/wheel/releases/tag/0.44.0)) - sysext-zfs: zfs ([2.2.5](https://github.com/openzfs/zfs/releases/tag/zfs-2.2.5) (includes [2.2.4](https://github.com/openzfs/zfs/releases/tag/zfs-2.2.4))) - tcpdump ([4.99.4](https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.99.4/CHANGES)) - SDK: meson ([1.5.1](https://mesonbuild.com/Release-notes-for-1-5-0.html)) - SDK: pahole ([1.27](https://git.kernel.org/pub/scm/devel/pahole/pahole.git/tag/?h=v1.27)) - SDK: Rust ([1.80.1](https://github.com/rust-lang/rust/releases/tag/1.80.1)) #### Beta 4054.1.0 _Changes since **Beta 4012.1.0**_ #### Security fixes: - Linux ([CVE-2024-44944](https://nvd.nist.gov/vuln/detail/CVE-2024-44944), [CVE-2024-43877](https://nvd.nist.gov/vuln/detail/CVE-2024-43877), [CVE-2024-43876](https://nvd.nist.gov/vuln/detail/CVE-2024-43876), [CVE-2024-43875](https://nvd.nist.gov/vuln/detail/CVE-2024-43875), [CVE-2024-43873](https://nvd.nist.gov/vuln/detail/CVE-2024-43873), [CVE-2024-43871](https://nvd.nist.gov/vuln/detail/CVE-2024-43871), [CVE-2024-43881](https://nvd.nist.gov/vuln/detail/CVE-2024-43881), [CVE-2024-43880](https://nvd.nist.gov/vuln/detail/CVE-2024-43880), [CVE-2024-43879](https://nvd.nist.gov/vuln/detail/CVE-2024-43879), [CVE-2024-43869](https://nvd.nist.gov/vuln/detail/CVE-2024-43869), [CVE-2024-43870](https://nvd.nist.gov/vuln/detail/CVE-2024-43870), [CVE-2024-43856](https://nvd.nist.gov/vuln/detail/CVE-2024-43856), [CVE-2024-43860](https://nvd.nist.gov/vuln/detail/CVE-2024-43860), [CVE-2024-43859](https://nvd.nist.gov/vuln/detail/CVE-2024-43859), [CVE-2024-43858](https://nvd.nist.gov/vuln/detail/CVE-2024-43858), [CVE-2024-43833](https://nvd.nist.gov/vuln/detail/CVE-2024-43833), [CVE-2024-43832](https://nvd.nist.gov/vuln/detail/CVE-2024-43832), [CVE-2024-43831](https://nvd.nist.gov/vuln/detail/CVE-2024-43831), [CVE-2024-43830](https://nvd.nist.gov/vuln/detail/CVE-2024-43830), [CVE-2024-43829](https://nvd.nist.gov/vuln/detail/CVE-2024-43829), [CVE-2024-43828](https://nvd.nist.gov/vuln/detail/CVE-2024-43828), [CVE-2024-43855](https://nvd.nist.gov/vuln/detail/CVE-2024-43855), [CVE-2024-43854](https://nvd.nist.gov/vuln/detail/CVE-2024-43854), [CVE-2024-43853](https://nvd.nist.gov/vuln/detail/CVE-2024-43853), [CVE-2024-43851](https://nvd.nist.gov/vuln/detail/CVE-2024-43851), [CVE-2024-43850](https://nvd.nist.gov/vuln/detail/CVE-2024-43850), [CVE-2024-43849](https://nvd.nist.gov/vuln/detail/CVE-2024-43849), [CVE-2024-43847](https://nvd.nist.gov/vuln/detail/CVE-2024-43847), [CVE-2024-43846](https://nvd.nist.gov/vuln/detail/CVE-2024-43846), [CVE-2024-43845](https://nvd.nist.gov/vuln/detail/CVE-2024-43845), [CVE-2024-43842](https://nvd.nist.gov/vuln/detail/CVE-2024-43842), [CVE-2024-43841](https://nvd.nist.gov/vuln/detail/CVE-2024-43841), [CVE-2024-43839](https://nvd.nist.gov/vuln/detail/CVE-2024-43839), [CVE-2024-43837](https://nvd.nist.gov/vuln/detail/CVE-2024-43837), [CVE-2024-43834](https://nvd.nist.gov/vuln/detail/CVE-2024-43834), [CVE-2024-43825](https://nvd.nist.gov/vuln/detail/CVE-2024-43825), [CVE-2024-43823](https://nvd.nist.gov/vuln/detail/CVE-2024-43823), [CVE-2024-43821](https://nvd.nist.gov/vuln/detail/CVE-2024-43821), [CVE-2024-43818](https://nvd.nist.gov/vuln/detail/CVE-2024-43818), [CVE-2024-43817](https://nvd.nist.gov/vuln/detail/CVE-2024-43817), [CVE-2024-42321](https://nvd.nist.gov/vuln/detail/CVE-2024-42321), [CVE-2024-42322](https://nvd.nist.gov/vuln/detail/CVE-2024-42322), [CVE-2024-42288](https://nvd.nist.gov/vuln/detail/CVE-2024-42288), [CVE-2024-42297](https://nvd.nist.gov/vuln/detail/CVE-2024-42297), [CVE-2024-42296](https://nvd.nist.gov/vuln/detail/CVE-2024-42296), [CVE-2024-42295](https://nvd.nist.gov/vuln/detail/CVE-2024-42295), [CVE-2024-42294](https://nvd.nist.gov/vuln/detail/CVE-2024-42294), [CVE-2024-42292](https://nvd.nist.gov/vuln/detail/CVE-2024-42292), [CVE-2024-42320](https://nvd.nist.gov/vuln/detail/CVE-2024-42320), [CVE-2024-42318](https://nvd.nist.gov/vuln/detail/CVE-2024-42318), [CVE-2024-42291](https://nvd.nist.gov/vuln/detail/CVE-2024-42291), [CVE-2024-42316](https://nvd.nist.gov/vuln/detail/CVE-2024-42316), [CVE-2024-42315](https://nvd.nist.gov/vuln/detail/CVE-2024-42315), [CVE-2024-42314](https://nvd.nist.gov/vuln/detail/CVE-2024-42314), [CVE-2024-42313](https://nvd.nist.gov/vuln/detail/CVE-2024-42313), [CVE-2024-42311](https://nvd.nist.gov/vuln/detail/CVE-2024-42311), [CVE-2024-42310](https://nvd.nist.gov/vuln/detail/CVE-2024-42310), [CVE-2024-42309](https://nvd.nist.gov/vuln/detail/CVE-2024-42309), [CVE-2024-42308](https://nvd.nist.gov/vuln/detail/CVE-2024-42308), [CVE-2024-42290](https://nvd.nist.gov/vuln/detail/CVE-2024-42290), [CVE-2024-42307](https://nvd.nist.gov/vuln/detail/CVE-2024-42307), [CVE-2024-42306](https://nvd.nist.gov/vuln/detail/CVE-2024-42306), [CVE-2024-42305](https://nvd.nist.gov/vuln/detail/CVE-2024-42305), [CVE-2024-42304](https://nvd.nist.gov/vuln/detail/CVE-2024-42304), [CVE-2024-42303](https://nvd.nist.gov/vuln/detail/CVE-2024-42303), [CVE-2024-42302](https://nvd.nist.gov/vuln/detail/CVE-2024-42302), [CVE-2024-42301](https://nvd.nist.gov/vuln/detail/CVE-2024-42301), [CVE-2024-42299](https://nvd.nist.gov/vuln/detail/CVE-2024-42299), [CVE-2024-42298](https://nvd.nist.gov/vuln/detail/CVE-2024-42298), [CVE-2024-42289](https://nvd.nist.gov/vuln/detail/CVE-2024-42289), [CVE-2024-42284](https://nvd.nist.gov/vuln/detail/CVE-2024-42284), [CVE-2024-42283](https://nvd.nist.gov/vuln/detail/CVE-2024-42283), [CVE-2024-42281](https://nvd.nist.gov/vuln/detail/CVE-2024-42281), [CVE-2024-42280](https://nvd.nist.gov/vuln/detail/CVE-2024-42280), [CVE-2024-42279](https://nvd.nist.gov/vuln/detail/CVE-2024-42279), [CVE-2024-42278](https://nvd.nist.gov/vuln/detail/CVE-2024-42278), [CVE-2024-42277](https://nvd.nist.gov/vuln/detail/CVE-2024-42277), [CVE-2024-42287](https://nvd.nist.gov/vuln/detail/CVE-2024-42287), [CVE-2024-42286](https://nvd.nist.gov/vuln/detail/CVE-2024-42286), [CVE-2024-42285](https://nvd.nist.gov/vuln/detail/CVE-2024-42285), [CVE-2023-52889](https://nvd.nist.gov/vuln/detail/CVE-2023-52889), [CVE-2024-42276](https://nvd.nist.gov/vuln/detail/CVE-2024-42276), [CVE-2024-43867](https://nvd.nist.gov/vuln/detail/CVE-2024-43867), [CVE-2024-43866](https://nvd.nist.gov/vuln/detail/CVE-2024-43866), [CVE-2024-43864](https://nvd.nist.gov/vuln/detail/CVE-2024-43864), [CVE-2024-43863](https://nvd.nist.gov/vuln/detail/CVE-2024-43863), [CVE-2024-42312](https://nvd.nist.gov/vuln/detail/CVE-2024-42312), [CVE-2024-42274](https://nvd.nist.gov/vuln/detail/CVE-2024-42274), [CVE-2024-42273](https://nvd.nist.gov/vuln/detail/CVE-2024-42273), [CVE-2024-42272](https://nvd.nist.gov/vuln/detail/CVE-2024-42272), [CVE-2024-42271](https://nvd.nist.gov/vuln/detail/CVE-2024-42271), [CVE-2024-42270](https://nvd.nist.gov/vuln/detail/CVE-2024-42270), [CVE-2024-42269](https://nvd.nist.gov/vuln/detail/CVE-2024-42269), [CVE-2024-42268](https://nvd.nist.gov/vuln/detail/CVE-2024-42268), [CVE-2024-42267](https://nvd.nist.gov/vuln/detail/CVE-2024-42267), [CVE-2024-42265](https://nvd.nist.gov/vuln/detail/CVE-2024-42265), [CVE-2024-43908](https://nvd.nist.gov/vuln/detail/CVE-2024-43908), [CVE-2024-44931](https://nvd.nist.gov/vuln/detail/CVE-2024-44931), [CVE-2024-43914](https://nvd.nist.gov/vuln/detail/CVE-2024-43914), [CVE-2024-43912](https://nvd.nist.gov/vuln/detail/CVE-2024-43912), [CVE-2024-44935](https://nvd.nist.gov/vuln/detail/CVE-2024-44935), [CVE-2024-44934](https://nvd.nist.gov/vuln/detail/CVE-2024-44934), [CVE-2024-43909](https://nvd.nist.gov/vuln/detail/CVE-2024-43909), [CVE-2024-43905](https://nvd.nist.gov/vuln/detail/CVE-2024-43905), [CVE-2024-43903](https://nvd.nist.gov/vuln/detail/CVE-2024-43903), [CVE-2024-43902](https://nvd.nist.gov/vuln/detail/CVE-2024-43902), [CVE-2024-43900](https://nvd.nist.gov/vuln/detail/CVE-2024-43900), [CVE-2024-43907](https://nvd.nist.gov/vuln/detail/CVE-2024-43907), [CVE-2024-43906](https://nvd.nist.gov/vuln/detail/CVE-2024-43906), [CVE-2024-43897](https://nvd.nist.gov/vuln/detail/CVE-2024-43897), [CVE-2024-43894](https://nvd.nist.gov/vuln/detail/CVE-2024-43894), [CVE-2024-43893](https://nvd.nist.gov/vuln/detail/CVE-2024-43893), [CVE-2024-43892](https://nvd.nist.gov/vuln/detail/CVE-2024-43892), [CVE-2024-43890](https://nvd.nist.gov/vuln/detail/CVE-2024-43890), [CVE-2024-43889](https://nvd.nist.gov/vuln/detail/CVE-2024-43889), [CVE-2024-43895](https://nvd.nist.gov/vuln/detail/CVE-2024-43895), [CVE-2024-43883](https://nvd.nist.gov/vuln/detail/CVE-2024-43883), [CVE-2024-43861](https://nvd.nist.gov/vuln/detail/CVE-2024-43861), [CVE-2024-42259](https://nvd.nist.gov/vuln/detail/CVE-2024-42259), [CVE-2024-44943](https://nvd.nist.gov/vuln/detail/CVE-2024-44943), [CVE-2024-44942](https://nvd.nist.gov/vuln/detail/CVE-2024-44942), [CVE-2024-44941](https://nvd.nist.gov/vuln/detail/CVE-2024-44941), [CVE-2024-44940](https://nvd.nist.gov/vuln/detail/CVE-2024-44940), [CVE-2024-44938](https://nvd.nist.gov/vuln/detail/CVE-2024-44938), [CVE-2024-44939](https://nvd.nist.gov/vuln/detail/CVE-2024-44939), [CVE-2024-43898](https://nvd.nist.gov/vuln/detail/CVE-2024-43898), [CVE-2024-43882](https://nvd.nist.gov/vuln/detail/CVE-2024-43882), [CVE-2024-44947](https://nvd.nist.gov/vuln/detail/CVE-2024-44947), [CVE-2024-44946](https://nvd.nist.gov/vuln/detail/CVE-2024-44946)) - curl ([CVE-2024-6197](https://nvd.nist.gov/vuln/detail/CVE-2024-6197), [CVE-2024-6874](https://nvd.nist.gov/vuln/detail/CVE-2024-6874)) - docker ([CVE-2024-29018](https://nvd.nist.gov/vuln/detail/CVE-2024-29018)) - git ([CVE-2024-32002](https://nvd.nist.gov/vuln/detail/CVE-2024-32002), [CVE-2024-32004](https://nvd.nist.gov/vuln/detail/CVE-2024-32004), [CVE-2024-32020](https://nvd.nist.gov/vuln/detail/CVE-2024-32020), [CVE-2024-32021](https://nvd.nist.gov/vuln/detail/CVE-2024-32021), [CVE-2024-32465](https://nvd.nist.gov/vuln/detail/CVE-2024-32465)) - glib ([CVE-2024-34397](https://nvd.nist.gov/vuln/detail/CVE-2024-34397)) - go ([CVE-2023-45288](https://nvd.nist.gov/vuln/detail/CVE-2023-45288), [CVE-2023-45289](https://nvd.nist.gov/vuln/detail/CVE-2023-45289), [CVE-2023-45290](https://nvd.nist.gov/vuln/detail/CVE-2023-45290), [CVE-2024-24783](https://nvd.nist.gov/vuln/detail/CVE-2024-24783), [CVE-2024-24784](https://nvd.nist.gov/vuln/detail/CVE-2024-24784), [CVE-2024-24785](https://nvd.nist.gov/vuln/detail/CVE-2024-24785), [CVE-2024-24788](https://nvd.nist.gov/vuln/detail/CVE-2024-24788), [CVE-2024-24789](https://nvd.nist.gov/vuln/detail/CVE-2024-24789), [CVE-2024-24790](https://nvd.nist.gov/vuln/detail/CVE-2024-24790), [CVE-2024-24791](https://nvd.nist.gov/vuln/detail/CVE-2024-24791)) - intel-microcode ([CVE-2023-45733](https://nvd.nist.gov/vuln/detail/CVE-2023-45733), [CVE-2023-45745](https://nvd.nist.gov/vuln/detail/CVE-2023-45745), [CVE-2023-46103](https://nvd.nist.gov/vuln/detail/CVE-2023-46103), [CVE-2023-47855](https://nvd.nist.gov/vuln/detail/CVE-2023-47855)) - libarchive ([CVE-2024-26256](https://nvd.nist.gov/vuln/detail/CVE-2024-26256), [CVE-2024-37407](https://nvd.nist.gov/vuln/detail/CVE-2024-37407)) - libxml2 ([CVE-2024-34459](https://nvd.nist.gov/vuln/detail/CVE-2024-34459)) - mit-krb5 ([CVE-2024-26461](https://nvd.nist.gov/vuln/detail/CVE-2024-26461), [CVE-2024-26462](https://nvd.nist.gov/vuln/detail/CVE-2024-26462), [CVE-2024-37370](https://nvd.nist.gov/vuln/detail/CVE-2024-37370), [CVE-2024-37371](https://nvd.nist.gov/vuln/detail/CVE-2024-37371)) - sysext-podman: podman ([CVE-2024-3727](https://nvd.nist.gov/vuln/detail/CVE-2024-3727)) - tpm2-tools ([CVE-2024-29038](https://nvd.nist.gov/vuln/detail/CVE-2024-29038), [CVE-2024-29039](https://nvd.nist.gov/vuln/detail/CVE-2024-29039), [CVE-2024-29040](https://nvd.nist.gov/vuln/detail/CVE-2024-29040)) - wget ([CVE-2024-38428](https://nvd.nist.gov/vuln/detail/CVE-2024-38428)) - SDK: nasm ([CVE-2019-6290](https://nvd.nist.gov/vuln/detail/CVE-2019-6290), [CVE-2019-6291](https://nvd.nist.gov/vuln/detail/CVE-2019-6291), [CVE-2019-8343](https://nvd.nist.gov/vuln/detail/CVE-2019-8343), [CVE-2020-21528](https://nvd.nist.gov/vuln/detail/CVE-2020-21528), [CVE-2021-33450](https://nvd.nist.gov/vuln/detail/CVE-2021-33450), [CVE-2021-33452](https://nvd.nist.gov/vuln/detail/CVE-2021-33452), [CVE-2022-44368](https://nvd.nist.gov/vuln/detail/CVE-2022-44368), [CVE-2022-44369](https://nvd.nist.gov/vuln/detail/CVE-2022-44369), [CVE-2022-44370](https://nvd.nist.gov/vuln/detail/CVE-2022-44370)) #### Bug fixes: - Fix ownership of systemd units shipped with built-in docker/containerd sysexts. The files shipped on production images were accidentally owned by 1000:1000 instead of 0:0. This uid/gid is not present on Flatcar images but would be assigned to the first created user. Due to contents of sysexts and /usr being readonly on Flatcar, the invalid permissions can't be used to escalate privileges. ([scripts#2266](https://github.com/flatcar/scripts/pull/2266)) - Fixed bad usage of gpg that prevented flatcar-install from being used with custom signing keys ([Flatcar#1471](https://github.com/flatcar/flatcar/pull/1471)) - Equinix Metal: Fixed oem-cloudinit.service. The availability check now uses the https://metadata.platformequinix.com/metadata endpoint. ([scripts#2222](https://github.com/flatcar/scripts/pull/2222)) #### Changes: - As part of the update to Catalyst 4 (used to build the SDK), the coreos package repository has been renamed to coreos-overlay to match its directory name. This will be reflected in package listings and package manager output. ([flatcar/scripts#2115](https://github.com/flatcar/scripts/pull/2115)) - The kernel security module Landlock is now enabled for programs to sandbox themselves ([flatcar/scripts#2158](https://github.com/flatcar/scripts/pull/2158)) #### Updates: - Linux ([6.6.48](https://lwn.net/Articles/987679) (includes [6.6.47](https://lwn.net/Articles/986231/), [6.6.46](https://lwn.net/Articles/985672), [6.6.45](https://lwn.net/Articles/985200), [6.6.44](https://lwn.net/Articles/984450))) - Linux Firmware ([20240709](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20240709)) - audit ([3.1.2](https://github.com/linux-audit/audit-userspace/releases/tag/v3.1.2)) - binutils ([2.42](https://sourceware.org/pipermail/binutils/2024-January/132213.html)) - bpftool ([6.9.2](https://kernelnewbies.org/Linux_6.9#Tracing.2C_perf_and_BPF) (includes [6.8.2](https://kernelnewbies.org/Linux_6.8#Tracing.2C_perf_and_BPF))) - btrfs-progs ([6.9.2](https://github.com/kdave/btrfs-progs/blob/v6.9.2/CHANGES)) - c-ares ([1.29.0](https://github.com/c-ares/c-ares/releases/tag/cares-1_29_0) (includes [1.28.1](https://github.com/c-ares/c-ares/releases/tag/cares-1_28_1), [1.28.0](https://github.com/c-ares/c-ares/releases/tag/cares-1_28_0))) - cJSON ([1.7.18](https://github.com/DaveGamble/cJSON/releases/tag/v1.7.18)) - ca-certificates ([3.104](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_104.html)) - containerd ([1.7.20](https://github.com/containerd/containerd/releases/tag/v1.7.20) (includes [1.7.19](https://github.com/containerd/containerd/releases/tag/v1.7.19))) - cryptsetup ([2.7.2](https://gitlab.com/cryptsetup/cryptsetup/-/blob/v2.7.2/docs/v2.7.2-ReleaseNotes) (includes [2.7.1](https://gitlab.com/cryptsetup/cryptsetup/-/blob/v2.7.1/docs/v2.7.1-ReleaseNotes) and [2.7.0](https://gitlab.com/cryptsetup/cryptsetup/-/blob/v2.7.0/docs/v2.7.0-ReleaseNotes))) - curl ([8.9.0](https://curl.se/ch/8.9.0.html) (includes [8.8.0](https://curl.se/changes.html#8_8_0))) - docker ([26.1.0](https://docs.docker.com/engine/release-notes/26.1/#2610), includes changes from [25.0](https://docs.docker.com/engine/release-notes/25.0/)) - e2fsprogs ([1.47.1](https://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.47.1)) - ethtool ([6.9](https://git.kernel.org/pub/scm/network/ethtool/ethtool.git/tree/NEWS?h=v6.9)) - findutils ([4.10.0](https://git.savannah.gnu.org/cgit/findutils.git/tree/NEWS?h=v4.10.0)) - gcc ([13.3.1_p20240614](https://gcc.gnu.org/gcc-13/changes.html)) - git ([2.44.2](https://github.com/git/git/blob/v2.44.2/Documentation/RelNotes/2.44.2.txt) (includes [2.44.1](https://github.com/git/git/blob/v2.44.1/Documentation/RelNotes/2.44.1.txt), [2.44.0](https://github.com/git/git/blob/v2.44.0/Documentation/RelNotes/2.44.0.txt))) - glib ([2.78.6](https://gitlab.gnome.org/GNOME/glib/-/releases/2.78.6) (includes [2.78.5](https://gitlab.gnome.org/GNOME/glib/-/releases/2.78.5), [2.78.4](https://gitlab.gnome.org/GNOME/glib/-/releases/2.78.4))) - gnupg ([2.4.5](https://lists.gnupg.org/pipermail/gnupg-announce/2024q1/000482.html)) - hwdata ([0.383](https://github.com/vcrhonek/hwdata/compare/v0.382...v0.383) (includes [0.382](https://github.com/vcrhonek/hwdata/commits/v0.382))) - intel-microcode ([20240514_p20240514](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240514)) - iproute2 ([6.8.0](https://lwn.net/Articles/965125/) (includes [6.7.0](https://lwn.net/Articles/957171/))) - ipset ([7.22](https://ipset.netfilter.org/changelog.html)) - kexec-tools ([2.0.28](https://github.com/horms/kexec-tools/commits/v2.0.28/)) - kmod ([32](https://git.kernel.org/pub/scm/utils/kernel/kmod/kmod.git/tree/NEWS?h=v32)) - libarchive ([3.7.4](https://github.com/libarchive/libarchive/releases/tag/v3.7.4) (includes [3.7.3](https://github.com/libarchive/libarchive/releases/tag/v3.7.3))) - libassuan ([2.5.7](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libassuan.git;a=blob;f=NEWS;h=047f12b7c3ee0c8c1718a2da8b5a6bb9dd541fd8;hb=cc2f776904e0b5e56e2b81b2672ca98d7787ed1b)) - libcap ([2.70](https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.hde102t8xd0v)) - libcap-ng ([0.8.5](https://github.com/stevegrubb/libcap-ng/releases/tag/v0.8.5)) - libdnet ([1.18.0](https://github.com/ofalk/libdnet/releases/tag/libdnet-1.18.0)) - libgpg-error ([1.49](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgpg-error.git;a=blob;f=NEWS;h=8ac4bf36113fe9254a361e2bc8d0ed52383839ce;hb=faed9c271ad22bbd2ed265d8e11badb53b7a2f32)) - libksba ([1.6.7](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=blob;f=NEWS;h=3d2d5a47688bb6214efaf02f5ab29f6e64433a97;hb=b14e68b97df754b2bb7a90bb904d143d8e896afb)) - libnl ([3.9.0](http://lists.infradead.org/pipermail/libnl/2023-December/002436.html)) - libnvme ([1.9](https://github.com/linux-nvme/libnvme/releases/tag/v1.9)) - libpcre2 ([10.43](https://github.com/PCRE2Project/pcre2/blob/pcre2-10.43/NEWS)) - libunwind ([1.8.1](https://github.com/libunwind/libunwind/releases/tag/v1.8.1) (includes [1.8.0](https://github.com/libunwind/libunwind/releases/tag/v1.8.0))) - libusb ([1.0.27](https://github.com/libusb/libusb/blob/v1.0.27/ChangeLog)) - libxml2 ([2.12.7](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7) (includes [2.12.6](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.6))) - linux-pam ([1.5.3](https://github.com/linux-pam/linux-pam/releases/tag/v1.5.3)) - lshw ([02.20.2b](https://www.ezix.org/project/wiki/HardwareLiSter#Changes)) - mit-krb5 ([1.21.3](https://web.mit.edu/kerberos/krb5-1.21/README-1.21.3.txt)) - multipath-tools ([0.9.8](https://github.com/opensvc/multipath-tools/blob/0.9.8/NEWS.md)) - nmap ([7.95](https://nmap.org/changelog.html#7.95)) - nvme-cli ([2.9.1](https://github.com/linux-nvme/nvme-cli/releases/tag/v2.9.1) (includes [2.9](https://github.com/linux-nvme/nvme-cli/releases/tag/v2.9))) - pciutils ([3.13.0](https://github.com/pciutils/pciutils/blob/v3.13.0/ChangeLog) (includes [3.12.0](https://github.com/pciutils/pciutils/blob/v3.12.0/ChangeLog))) - qemu-guest-agent ([8.2.0](https://wiki.qemu.org/ChangeLog/8.2#Guest_agent)) - rsync ([3.3.0](https://github.com/RsyncProject/rsync/blob/v3.3.0/NEWS.md)) - runc ([1.1.13](https://github.com/opencontainers/runc/releases/tag/v1.1.13)) - sqlite ([3.46.0](https://www.sqlite.org/releaselog/3_46_0.html) (includes [3.45.3](https://www.sqlite.org/releaselog/3_45_3.html))) - strace ([6.9](https://github.com/strace/strace/releases/tag/v6.9)) - sysext-podman: aardvark-dns ([1.11.0](https://github.com/containers/aardvark-dns/releases/tag/v1.11.0)) - sysext-podman: containers-common ([0.59.1](https://github.com/containers/common/releases/tag/v0.59.1)) - sysext-podman: podman ([5.0.3](https://github.com/containers/podman/releases/tag/v5.0.3)) - sysext-python: jaraco-text ([3.12.1](https://github.com/jaraco/jaraco.text/compare/v3.12.0...v3.12.1)) - sysext-python: setuptools ([70.3.0](https://github.com/pypa/setuptools/blob/v70.3.0/NEWS.rst) (includes [70.1.1](https://setuptools.pypa.io/en/stable/history.html#v70-1-1), [70.1.0](https://setuptools.pypa.io/en/stable/history.html#v70-1-0), [70.0.0](https://setuptools.pypa.io/en/stable/history.html#v70-0-0), [69.5.1](https://setuptools.pypa.io/en/stable/history.html#v69-5-1), [69.5.0](https://setuptools.pypa.io/en/stable/history.html#v69-5-0), [69.4.2](https://setuptools.pypa.io/en/stable/history.html#v69-4-2), [69.4.1](https://setuptools.pypa.io/en/stable/history.html#v69-4-1), [69.4.0](https://setuptools.pypa.io/en/stable/history.html#v69-4-0), [69.3.1](https://setuptools.pypa.io/en/stable/history.html#v69-3-1), [69.3.0](https://setuptools.pypa.io/en/stable/history.html#v69-3-0), [69.2.0](https://setuptools.pypa.io/en/stable/history.html#v69-2-0))) - sysext-python: trove-classifiers ([2024.7.2](https://github.com/pypa/trove-classifiers/compare/2024.5.22...2024.7.2)) - systemd ([255.8](https://github.com/systemd/systemd-stable/commits/v255.8/)) - talloc ([2.4.1](https://gitlab.com/samba-team/samba/-/commit/791e2817e13182344447590313f7e372a27c1d48)) - tdb ([1.4.9](https://gitlab.com/samba-team/samba/-/commit/b649c7d3c2b1e13e900c80ff7a20959a70b1c528)) - tevent ([0.15.0](https://gitlab.com/samba-team/samba/-/commit/6a80d170bca0c938f78ab12e37481b52792a9d83)) - tpm2-tools ([5.7](https://github.com/tpm2-software/tpm2-tools/releases/tag/5.7) (includes [5.6.1](https://github.com/tpm2-software/tpm2-tools/releases/tag/5.6.1), [5.6](https://github.com/tpm2-software/tpm2-tools/releases/tag/5.6))) - tpm2-tss ([4.1.3](https://github.com/tpm2-software/tpm2-tss/releases/tag/4.1.3) (includes changes from [4.0.2](https://github.com/tpm2-software/tpm2-tss/releases/tag/4.0.2)) - util-linux ([2.39.4](https://github.com/util-linux/util-linux/blob/v2.39.4/Documentation/releases/v2.39.4-ReleaseNotes)) - vim ([9.1.0366](https://github.com/vim/vim/commits/v9.1.0366/) (includes changes from [9.1](https://www.vim.org/vim-9.1-released.php))) - wget ([1.24.5](https://lists.gnu.org/archive/html/info-gnu/2024-03/msg00002.html)) - whois ([5.5.21](https://github.com/rfc1036/whois/blob/v5.5.21/debian/changelog)) - xfsprogs ([6.8.0](https://git.kernel.org/pub/scm/fs/xfs/xfsprogs-dev.git/tree/doc/CHANGES?h=v6.8.0) (includes changes from [6.6.0](https://git.kernel.org/pub/scm/fs/xfs/xfsprogs-dev.git/tree/doc/CHANGES?h=v6.6.0))) - xz-utils ([5.6.2](https://github.com/tukaani-project/xz/releases/tag/v5.6.2)) - zfs ([2.2.3](https://github.com/openzfs/zfs/releases/tag/zfs-2.2.3)) - zlib ([1.3.1](https://github.com/madler/zlib/releases/tag/v1.3.1)) - zstd ([1.5.6](https://github.com/facebook/zstd/releases/tag/v1.5.6)) - VMware: open-vm-tools ([12.4.5](https://github.com/vmware/open-vm-tools/releases/tag/stable-12.4.5)) - SDK: Rust ([1.80.0](https://github.com/rust-lang/rust/releases/tag/1.80.0)) - SDK: go ([1.21.12](https://go.dev/doc/devel/release#go1.21.12) includes changes from [1.21](https://go.dev/doc/go1.21)) - SDK: nasm ([2.16.01](https://github.com/netwide-assembler/nasm/releases/tag/nasm-2.16.01)) - SDK: portage ([3.0.65](https://github.com/gentoo/portage/blob/f03998622e0960388e903de0d6d24bdf6881e567/NEWS#L9) (includes changes from [3.0.63](https://gitweb.gentoo.org/proj/portage.git/tree/NEWS?h=portage-3.0.63))) - SDK: qemu ([8.2.3](https://wiki.qemu.org/ChangeLog/8.2)) _Changes since **Alpha 4054.0.0**_ #### Security fixes: - Linux ([CVE-2024-44944](https://nvd.nist.gov/vuln/detail/CVE-2024-44944), [CVE-2024-43877](https://nvd.nist.gov/vuln/detail/CVE-2024-43877), [CVE-2024-43876](https://nvd.nist.gov/vuln/detail/CVE-2024-43876), [CVE-2024-43875](https://nvd.nist.gov/vuln/detail/CVE-2024-43875), [CVE-2024-43873](https://nvd.nist.gov/vuln/detail/CVE-2024-43873), [CVE-2024-43871](https://nvd.nist.gov/vuln/detail/CVE-2024-43871), [CVE-2024-43881](https://nvd.nist.gov/vuln/detail/CVE-2024-43881), [CVE-2024-43880](https://nvd.nist.gov/vuln/detail/CVE-2024-43880), [CVE-2024-43879](https://nvd.nist.gov/vuln/detail/CVE-2024-43879), [CVE-2024-43869](https://nvd.nist.gov/vuln/detail/CVE-2024-43869), [CVE-2024-43870](https://nvd.nist.gov/vuln/detail/CVE-2024-43870), [CVE-2024-43856](https://nvd.nist.gov/vuln/detail/CVE-2024-43856), [CVE-2024-43860](https://nvd.nist.gov/vuln/detail/CVE-2024-43860), [CVE-2024-43859](https://nvd.nist.gov/vuln/detail/CVE-2024-43859), [CVE-2024-43858](https://nvd.nist.gov/vuln/detail/CVE-2024-43858), [CVE-2024-43833](https://nvd.nist.gov/vuln/detail/CVE-2024-43833), [CVE-2024-43832](https://nvd.nist.gov/vuln/detail/CVE-2024-43832), [CVE-2024-43831](https://nvd.nist.gov/vuln/detail/CVE-2024-43831), [CVE-2024-43830](https://nvd.nist.gov/vuln/detail/CVE-2024-43830), [CVE-2024-43829](https://nvd.nist.gov/vuln/detail/CVE-2024-43829), [CVE-2024-43828](https://nvd.nist.gov/vuln/detail/CVE-2024-43828), [CVE-2024-43855](https://nvd.nist.gov/vuln/detail/CVE-2024-43855), [CVE-2024-43854](https://nvd.nist.gov/vuln/detail/CVE-2024-43854), [CVE-2024-43853](https://nvd.nist.gov/vuln/detail/CVE-2024-43853), [CVE-2024-43851](https://nvd.nist.gov/vuln/detail/CVE-2024-43851), [CVE-2024-43850](https://nvd.nist.gov/vuln/detail/CVE-2024-43850), [CVE-2024-43849](https://nvd.nist.gov/vuln/detail/CVE-2024-43849), [CVE-2024-43847](https://nvd.nist.gov/vuln/detail/CVE-2024-43847), [CVE-2024-43846](https://nvd.nist.gov/vuln/detail/CVE-2024-43846), [CVE-2024-43845](https://nvd.nist.gov/vuln/detail/CVE-2024-43845), [CVE-2024-43842](https://nvd.nist.gov/vuln/detail/CVE-2024-43842), [CVE-2024-43841](https://nvd.nist.gov/vuln/detail/CVE-2024-43841), [CVE-2024-43839](https://nvd.nist.gov/vuln/detail/CVE-2024-43839), [CVE-2024-43837](https://nvd.nist.gov/vuln/detail/CVE-2024-43837), [CVE-2024-43834](https://nvd.nist.gov/vuln/detail/CVE-2024-43834), [CVE-2024-43825](https://nvd.nist.gov/vuln/detail/CVE-2024-43825), [CVE-2024-43823](https://nvd.nist.gov/vuln/detail/CVE-2024-43823), [CVE-2024-43821](https://nvd.nist.gov/vuln/detail/CVE-2024-43821), [CVE-2024-43818](https://nvd.nist.gov/vuln/detail/CVE-2024-43818), [CVE-2024-43817](https://nvd.nist.gov/vuln/detail/CVE-2024-43817), [CVE-2024-42321](https://nvd.nist.gov/vuln/detail/CVE-2024-42321), [CVE-2024-42322](https://nvd.nist.gov/vuln/detail/CVE-2024-42322), [CVE-2024-42288](https://nvd.nist.gov/vuln/detail/CVE-2024-42288), [CVE-2024-42297](https://nvd.nist.gov/vuln/detail/CVE-2024-42297), [CVE-2024-42296](https://nvd.nist.gov/vuln/detail/CVE-2024-42296), [CVE-2024-42295](https://nvd.nist.gov/vuln/detail/CVE-2024-42295), [CVE-2024-42294](https://nvd.nist.gov/vuln/detail/CVE-2024-42294), [CVE-2024-42292](https://nvd.nist.gov/vuln/detail/CVE-2024-42292), [CVE-2024-42320](https://nvd.nist.gov/vuln/detail/CVE-2024-42320), [CVE-2024-42318](https://nvd.nist.gov/vuln/detail/CVE-2024-42318), [CVE-2024-42291](https://nvd.nist.gov/vuln/detail/CVE-2024-42291), [CVE-2024-42316](https://nvd.nist.gov/vuln/detail/CVE-2024-42316), [CVE-2024-42315](https://nvd.nist.gov/vuln/detail/CVE-2024-42315), [CVE-2024-42314](https://nvd.nist.gov/vuln/detail/CVE-2024-42314), [CVE-2024-42313](https://nvd.nist.gov/vuln/detail/CVE-2024-42313), [CVE-2024-42311](https://nvd.nist.gov/vuln/detail/CVE-2024-42311), [CVE-2024-42310](https://nvd.nist.gov/vuln/detail/CVE-2024-42310), [CVE-2024-42309](https://nvd.nist.gov/vuln/detail/CVE-2024-42309), [CVE-2024-42308](https://nvd.nist.gov/vuln/detail/CVE-2024-42308), [CVE-2024-42290](https://nvd.nist.gov/vuln/detail/CVE-2024-42290), [CVE-2024-42307](https://nvd.nist.gov/vuln/detail/CVE-2024-42307), [CVE-2024-42306](https://nvd.nist.gov/vuln/detail/CVE-2024-42306), [CVE-2024-42305](https://nvd.nist.gov/vuln/detail/CVE-2024-42305), [CVE-2024-42304](https://nvd.nist.gov/vuln/detail/CVE-2024-42304), [CVE-2024-42303](https://nvd.nist.gov/vuln/detail/CVE-2024-42303), [CVE-2024-42302](https://nvd.nist.gov/vuln/detail/CVE-2024-42302), [CVE-2024-42301](https://nvd.nist.gov/vuln/detail/CVE-2024-42301), [CVE-2024-42299](https://nvd.nist.gov/vuln/detail/CVE-2024-42299), [CVE-2024-42298](https://nvd.nist.gov/vuln/detail/CVE-2024-42298), [CVE-2024-42289](https://nvd.nist.gov/vuln/detail/CVE-2024-42289), [CVE-2024-42284](https://nvd.nist.gov/vuln/detail/CVE-2024-42284), [CVE-2024-42283](https://nvd.nist.gov/vuln/detail/CVE-2024-42283), [CVE-2024-42281](https://nvd.nist.gov/vuln/detail/CVE-2024-42281), [CVE-2024-42280](https://nvd.nist.gov/vuln/detail/CVE-2024-42280), [CVE-2024-42279](https://nvd.nist.gov/vuln/detail/CVE-2024-42279), [CVE-2024-42278](https://nvd.nist.gov/vuln/detail/CVE-2024-42278), [CVE-2024-42277](https://nvd.nist.gov/vuln/detail/CVE-2024-42277), [CVE-2024-42287](https://nvd.nist.gov/vuln/detail/CVE-2024-42287), [CVE-2024-42286](https://nvd.nist.gov/vuln/detail/CVE-2024-42286), [CVE-2024-42285](https://nvd.nist.gov/vuln/detail/CVE-2024-42285), [CVE-2023-52889](https://nvd.nist.gov/vuln/detail/CVE-2023-52889), [CVE-2024-42276](https://nvd.nist.gov/vuln/detail/CVE-2024-42276), [CVE-2024-43867](https://nvd.nist.gov/vuln/detail/CVE-2024-43867), [CVE-2024-43866](https://nvd.nist.gov/vuln/detail/CVE-2024-43866), [CVE-2024-43864](https://nvd.nist.gov/vuln/detail/CVE-2024-43864), [CVE-2024-43863](https://nvd.nist.gov/vuln/detail/CVE-2024-43863), [CVE-2024-42312](https://nvd.nist.gov/vuln/detail/CVE-2024-42312), [CVE-2024-42274](https://nvd.nist.gov/vuln/detail/CVE-2024-42274), [CVE-2024-42273](https://nvd.nist.gov/vuln/detail/CVE-2024-42273), [CVE-2024-42272](https://nvd.nist.gov/vuln/detail/CVE-2024-42272), [CVE-2024-42271](https://nvd.nist.gov/vuln/detail/CVE-2024-42271), [CVE-2024-42270](https://nvd.nist.gov/vuln/detail/CVE-2024-42270), [CVE-2024-42269](https://nvd.nist.gov/vuln/detail/CVE-2024-42269), [CVE-2024-42268](https://nvd.nist.gov/vuln/detail/CVE-2024-42268), [CVE-2024-42267](https://nvd.nist.gov/vuln/detail/CVE-2024-42267), [CVE-2024-42265](https://nvd.nist.gov/vuln/detail/CVE-2024-42265), [CVE-2024-43908](https://nvd.nist.gov/vuln/detail/CVE-2024-43908), [CVE-2024-44931](https://nvd.nist.gov/vuln/detail/CVE-2024-44931), [CVE-2024-43914](https://nvd.nist.gov/vuln/detail/CVE-2024-43914), [CVE-2024-43912](https://nvd.nist.gov/vuln/detail/CVE-2024-43912), [CVE-2024-44935](https://nvd.nist.gov/vuln/detail/CVE-2024-44935), [CVE-2024-44934](https://nvd.nist.gov/vuln/detail/CVE-2024-44934), [CVE-2024-43909](https://nvd.nist.gov/vuln/detail/CVE-2024-43909), [CVE-2024-43905](https://nvd.nist.gov/vuln/detail/CVE-2024-43905), [CVE-2024-43903](https://nvd.nist.gov/vuln/detail/CVE-2024-43903), [CVE-2024-43902](https://nvd.nist.gov/vuln/detail/CVE-2024-43902), [CVE-2024-43900](https://nvd.nist.gov/vuln/detail/CVE-2024-43900), [CVE-2024-43907](https://nvd.nist.gov/vuln/detail/CVE-2024-43907), [CVE-2024-43906](https://nvd.nist.gov/vuln/detail/CVE-2024-43906), [CVE-2024-43897](https://nvd.nist.gov/vuln/detail/CVE-2024-43897), [CVE-2024-43894](https://nvd.nist.gov/vuln/detail/CVE-2024-43894), [CVE-2024-43893](https://nvd.nist.gov/vuln/detail/CVE-2024-43893), [CVE-2024-43892](https://nvd.nist.gov/vuln/detail/CVE-2024-43892), [CVE-2024-43890](https://nvd.nist.gov/vuln/detail/CVE-2024-43890), [CVE-2024-43889](https://nvd.nist.gov/vuln/detail/CVE-2024-43889), [CVE-2024-43895](https://nvd.nist.gov/vuln/detail/CVE-2024-43895), [CVE-2024-43883](https://nvd.nist.gov/vuln/detail/CVE-2024-43883), [CVE-2024-43861](https://nvd.nist.gov/vuln/detail/CVE-2024-43861), [CVE-2024-42259](https://nvd.nist.gov/vuln/detail/CVE-2024-42259), [CVE-2024-44943](https://nvd.nist.gov/vuln/detail/CVE-2024-44943), [CVE-2024-44942](https://nvd.nist.gov/vuln/detail/CVE-2024-44942), [CVE-2024-44941](https://nvd.nist.gov/vuln/detail/CVE-2024-44941), [CVE-2024-44940](https://nvd.nist.gov/vuln/detail/CVE-2024-44940), [CVE-2024-44938](https://nvd.nist.gov/vuln/detail/CVE-2024-44938), [CVE-2024-44939](https://nvd.nist.gov/vuln/detail/CVE-2024-44939), [CVE-2024-43898](https://nvd.nist.gov/vuln/detail/CVE-2024-43898), [CVE-2024-43882](https://nvd.nist.gov/vuln/detail/CVE-2024-43882), [CVE-2024-44947](https://nvd.nist.gov/vuln/detail/CVE-2024-44947), [CVE-2024-44946](https://nvd.nist.gov/vuln/detail/CVE-2024-44946)) #### Bug fixes: - Fix ownership of systemd units shipped with built-in docker/containerd sysexts. The files shipped on production images were accidentally owned by 1000:1000 instead of 0:0. This uid/gid is not present on Flatcar images but would be assigned to the first created user. Due to contents of sysexts and /usr being readonly on Flatcar, the invalid permissions can't be used to escalate privileges. ([scripts#2266](https://github.com/flatcar/scripts/pull/2266)) - Equinix Metal: Fixed oem-cloudinit.service. The availability check now uses the https://metadata.platformequinix.com/metadata endpoint. ([scripts#2222](https://github.com/flatcar/scripts/pull/2222)) #### Updates: - Linux ([6.6.48](https://lwn.net/Articles/987679) (includes [6.6.47](https://lwn.net/Articles/986231/), [6.6.46](https://lwn.net/Articles/985672), [6.6.45](https://lwn.net/Articles/985200), [6.6.44](https://lwn.net/Articles/984450))) - ca-certificates ([3.104](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_104.html)) #### Stable 3975.2.1 _Changes since **Stable 3975.2.0**_ #### Security fixes: - Linux ([CVE-2024-44944](https://nvd.nist.gov/vuln/detail/CVE-2024-44944), [CVE-2024-43877](https://nvd.nist.gov/vuln/detail/CVE-2024-43877), [CVE-2024-43876](https://nvd.nist.gov/vuln/detail/CVE-2024-43876), [CVE-2024-43875](https://nvd.nist.gov/vuln/detail/CVE-2024-43875), [CVE-2024-43873](https://nvd.nist.gov/vuln/detail/CVE-2024-43873), [CVE-2024-43871](https://nvd.nist.gov/vuln/detail/CVE-2024-43871), [CVE-2024-43881](https://nvd.nist.gov/vuln/detail/CVE-2024-43881), [CVE-2024-43880](https://nvd.nist.gov/vuln/detail/CVE-2024-43880), [CVE-2024-43879](https://nvd.nist.gov/vuln/detail/CVE-2024-43879), [CVE-2024-43869](https://nvd.nist.gov/vuln/detail/CVE-2024-43869), [CVE-2024-43870](https://nvd.nist.gov/vuln/detail/CVE-2024-43870), [CVE-2024-43856](https://nvd.nist.gov/vuln/detail/CVE-2024-43856), [CVE-2024-43860](https://nvd.nist.gov/vuln/detail/CVE-2024-43860), [CVE-2024-43859](https://nvd.nist.gov/vuln/detail/CVE-2024-43859), [CVE-2024-43858](https://nvd.nist.gov/vuln/detail/CVE-2024-43858), [CVE-2024-43833](https://nvd.nist.gov/vuln/detail/CVE-2024-43833), [CVE-2024-43832](https://nvd.nist.gov/vuln/detail/CVE-2024-43832), [CVE-2024-43831](https://nvd.nist.gov/vuln/detail/CVE-2024-43831), [CVE-2024-43830](https://nvd.nist.gov/vuln/detail/CVE-2024-43830), [CVE-2024-43829](https://nvd.nist.gov/vuln/detail/CVE-2024-43829), [CVE-2024-43828](https://nvd.nist.gov/vuln/detail/CVE-2024-43828), [CVE-2024-43855](https://nvd.nist.gov/vuln/detail/CVE-2024-43855), [CVE-2024-43854](https://nvd.nist.gov/vuln/detail/CVE-2024-43854), [CVE-2024-43853](https://nvd.nist.gov/vuln/detail/CVE-2024-43853), [CVE-2024-43851](https://nvd.nist.gov/vuln/detail/CVE-2024-43851), [CVE-2024-43850](https://nvd.nist.gov/vuln/detail/CVE-2024-43850), [CVE-2024-43849](https://nvd.nist.gov/vuln/detail/CVE-2024-43849), [CVE-2024-43847](https://nvd.nist.gov/vuln/detail/CVE-2024-43847), [CVE-2024-43846](https://nvd.nist.gov/vuln/detail/CVE-2024-43846), [CVE-2024-43845](https://nvd.nist.gov/vuln/detail/CVE-2024-43845), [CVE-2024-43842](https://nvd.nist.gov/vuln/detail/CVE-2024-43842), [CVE-2024-43841](https://nvd.nist.gov/vuln/detail/CVE-2024-43841), [CVE-2024-43839](https://nvd.nist.gov/vuln/detail/CVE-2024-43839), [CVE-2024-43837](https://nvd.nist.gov/vuln/detail/CVE-2024-43837), [CVE-2024-43834](https://nvd.nist.gov/vuln/detail/CVE-2024-43834), [CVE-2024-43825](https://nvd.nist.gov/vuln/detail/CVE-2024-43825), [CVE-2024-43823](https://nvd.nist.gov/vuln/detail/CVE-2024-43823), [CVE-2024-43821](https://nvd.nist.gov/vuln/detail/CVE-2024-43821), [CVE-2024-43818](https://nvd.nist.gov/vuln/detail/CVE-2024-43818), [CVE-2024-43817](https://nvd.nist.gov/vuln/detail/CVE-2024-43817), [CVE-2024-42321](https://nvd.nist.gov/vuln/detail/CVE-2024-42321), [CVE-2024-42322](https://nvd.nist.gov/vuln/detail/CVE-2024-42322), [CVE-2024-42288](https://nvd.nist.gov/vuln/detail/CVE-2024-42288), [CVE-2024-42297](https://nvd.nist.gov/vuln/detail/CVE-2024-42297), [CVE-2024-42296](https://nvd.nist.gov/vuln/detail/CVE-2024-42296), [CVE-2024-42295](https://nvd.nist.gov/vuln/detail/CVE-2024-42295), [CVE-2024-42294](https://nvd.nist.gov/vuln/detail/CVE-2024-42294), [CVE-2024-42292](https://nvd.nist.gov/vuln/detail/CVE-2024-42292), [CVE-2024-42320](https://nvd.nist.gov/vuln/detail/CVE-2024-42320), [CVE-2024-42318](https://nvd.nist.gov/vuln/detail/CVE-2024-42318), [CVE-2024-42291](https://nvd.nist.gov/vuln/detail/CVE-2024-42291), [CVE-2024-42316](https://nvd.nist.gov/vuln/detail/CVE-2024-42316), [CVE-2024-42315](https://nvd.nist.gov/vuln/detail/CVE-2024-42315), [CVE-2024-42314](https://nvd.nist.gov/vuln/detail/CVE-2024-42314), [CVE-2024-42313](https://nvd.nist.gov/vuln/detail/CVE-2024-42313), [CVE-2024-42311](https://nvd.nist.gov/vuln/detail/CVE-2024-42311), [CVE-2024-42310](https://nvd.nist.gov/vuln/detail/CVE-2024-42310), [CVE-2024-42309](https://nvd.nist.gov/vuln/detail/CVE-2024-42309), [CVE-2024-42308](https://nvd.nist.gov/vuln/detail/CVE-2024-42308), [CVE-2024-42290](https://nvd.nist.gov/vuln/detail/CVE-2024-42290), [CVE-2024-42307](https://nvd.nist.gov/vuln/detail/CVE-2024-42307), [CVE-2024-42306](https://nvd.nist.gov/vuln/detail/CVE-2024-42306), [CVE-2024-42305](https://nvd.nist.gov/vuln/detail/CVE-2024-42305), [CVE-2024-42304](https://nvd.nist.gov/vuln/detail/CVE-2024-42304), [CVE-2024-42303](https://nvd.nist.gov/vuln/detail/CVE-2024-42303), [CVE-2024-42302](https://nvd.nist.gov/vuln/detail/CVE-2024-42302), [CVE-2024-42301](https://nvd.nist.gov/vuln/detail/CVE-2024-42301), [CVE-2024-42299](https://nvd.nist.gov/vuln/detail/CVE-2024-42299), [CVE-2024-42298](https://nvd.nist.gov/vuln/detail/CVE-2024-42298), [CVE-2024-42289](https://nvd.nist.gov/vuln/detail/CVE-2024-42289), [CVE-2024-42284](https://nvd.nist.gov/vuln/detail/CVE-2024-42284), [CVE-2024-42283](https://nvd.nist.gov/vuln/detail/CVE-2024-42283), [CVE-2024-42281](https://nvd.nist.gov/vuln/detail/CVE-2024-42281), [CVE-2024-42280](https://nvd.nist.gov/vuln/detail/CVE-2024-42280), [CVE-2024-42279](https://nvd.nist.gov/vuln/detail/CVE-2024-42279), [CVE-2024-42278](https://nvd.nist.gov/vuln/detail/CVE-2024-42278), [CVE-2024-42277](https://nvd.nist.gov/vuln/detail/CVE-2024-42277), [CVE-2024-42287](https://nvd.nist.gov/vuln/detail/CVE-2024-42287), [CVE-2024-42286](https://nvd.nist.gov/vuln/detail/CVE-2024-42286), [CVE-2024-42285](https://nvd.nist.gov/vuln/detail/CVE-2024-42285), [CVE-2023-52889](https://nvd.nist.gov/vuln/detail/CVE-2023-52889), [CVE-2024-42276](https://nvd.nist.gov/vuln/detail/CVE-2024-42276), [CVE-2024-43867](https://nvd.nist.gov/vuln/detail/CVE-2024-43867), [CVE-2024-43866](https://nvd.nist.gov/vuln/detail/CVE-2024-43866), [CVE-2024-43864](https://nvd.nist.gov/vuln/detail/CVE-2024-43864), [CVE-2024-43863](https://nvd.nist.gov/vuln/detail/CVE-2024-43863), [CVE-2024-42312](https://nvd.nist.gov/vuln/detail/CVE-2024-42312), [CVE-2024-42274](https://nvd.nist.gov/vuln/detail/CVE-2024-42274), [CVE-2024-42273](https://nvd.nist.gov/vuln/detail/CVE-2024-42273), [CVE-2024-42272](https://nvd.nist.gov/vuln/detail/CVE-2024-42272), [CVE-2024-42271](https://nvd.nist.gov/vuln/detail/CVE-2024-42271), [CVE-2024-42270](https://nvd.nist.gov/vuln/detail/CVE-2024-42270), [CVE-2024-42269](https://nvd.nist.gov/vuln/detail/CVE-2024-42269), [CVE-2024-42268](https://nvd.nist.gov/vuln/detail/CVE-2024-42268), [CVE-2024-42267](https://nvd.nist.gov/vuln/detail/CVE-2024-42267), [CVE-2024-42265](https://nvd.nist.gov/vuln/detail/CVE-2024-42265), [CVE-2024-43908](https://nvd.nist.gov/vuln/detail/CVE-2024-43908), [CVE-2024-44931](https://nvd.nist.gov/vuln/detail/CVE-2024-44931), [CVE-2024-43914](https://nvd.nist.gov/vuln/detail/CVE-2024-43914), [CVE-2024-43912](https://nvd.nist.gov/vuln/detail/CVE-2024-43912), [CVE-2024-44935](https://nvd.nist.gov/vuln/detail/CVE-2024-44935), [CVE-2024-44934](https://nvd.nist.gov/vuln/detail/CVE-2024-44934), [CVE-2024-43909](https://nvd.nist.gov/vuln/detail/CVE-2024-43909), [CVE-2024-43905](https://nvd.nist.gov/vuln/detail/CVE-2024-43905), [CVE-2024-43903](https://nvd.nist.gov/vuln/detail/CVE-2024-43903), [CVE-2024-43902](https://nvd.nist.gov/vuln/detail/CVE-2024-43902), [CVE-2024-43900](https://nvd.nist.gov/vuln/detail/CVE-2024-43900), [CVE-2024-43907](https://nvd.nist.gov/vuln/detail/CVE-2024-43907), [CVE-2024-43906](https://nvd.nist.gov/vuln/detail/CVE-2024-43906), [CVE-2024-43897](https://nvd.nist.gov/vuln/detail/CVE-2024-43897), [CVE-2024-43894](https://nvd.nist.gov/vuln/detail/CVE-2024-43894), [CVE-2024-43893](https://nvd.nist.gov/vuln/detail/CVE-2024-43893), [CVE-2024-43892](https://nvd.nist.gov/vuln/detail/CVE-2024-43892), [CVE-2024-43890](https://nvd.nist.gov/vuln/detail/CVE-2024-43890), [CVE-2024-43889](https://nvd.nist.gov/vuln/detail/CVE-2024-43889), [CVE-2024-43895](https://nvd.nist.gov/vuln/detail/CVE-2024-43895), [CVE-2024-43883](https://nvd.nist.gov/vuln/detail/CVE-2024-43883), [CVE-2024-43861](https://nvd.nist.gov/vuln/detail/CVE-2024-43861), [CVE-2024-42259](https://nvd.nist.gov/vuln/detail/CVE-2024-42259), [CVE-2024-44943](https://nvd.nist.gov/vuln/detail/CVE-2024-44943), [CVE-2024-44942](https://nvd.nist.gov/vuln/detail/CVE-2024-44942), [CVE-2024-44941](https://nvd.nist.gov/vuln/detail/CVE-2024-44941), [CVE-2024-44940](https://nvd.nist.gov/vuln/detail/CVE-2024-44940), [CVE-2024-44938](https://nvd.nist.gov/vuln/detail/CVE-2024-44938), [CVE-2024-44939](https://nvd.nist.gov/vuln/detail/CVE-2024-44939), [CVE-2024-43898](https://nvd.nist.gov/vuln/detail/CVE-2024-43898), [CVE-2024-43882](https://nvd.nist.gov/vuln/detail/CVE-2024-43882), [CVE-2024-44947](https://nvd.nist.gov/vuln/detail/CVE-2024-44947), [CVE-2024-44946](https://nvd.nist.gov/vuln/detail/CVE-2024-44946)) #### Bug fixes: - Fix ownership of systemd units shipped with built-in docker/containerd sysexts. The files shipped on production images were accidentally owned by 1000:1000 instead of 0:0. This uid/gid is not present on Flatcar images but would be assigned to the first created user. Due to contents of sysexts and /usr being readonly on Flatcar, the invalid permissions can't be used to escalate privileges. ([scripts#2266](https://github.com/flatcar/scripts/pull/2266)) - Equinix Metal: Fixed oem-cloudinit.service. The availability check now uses the https://metadata.platformequinix.com/metadata endpoint. ([scripts#2222](https://github.com/flatcar/scripts/pull/2222)) #### Updates: - Linux ([6.6.48](https://lwn.net/Articles/987679) (includes [6.6.47](https://lwn.net/Articles/986231/), [6.6.46](https://lwn.net/Articles/985672), [6.6.45](https://lwn.net/Articles/985200), [6.6.44](https://lwn.net/Articles/984450))) - ca-certificates ([3.104](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_104.html)) Best, The Flatcar Container Linux Maintainers --- ### Communication #### Go/No-Go message for Matrix/Slack Go/No-Go Meeting for Alpha 4081.0.0, Beta 4054.1.0 and Stable 3975.2.1 Pre-view images are available in https://bincache.flatcar-linux.net/images/amd64/$VERSION/ Tracking issue: https://github.com/flatcar/Flatcar/issues/1533 The Go/No-Go document is in our HackMD @flatcar namespace Link: https://hackmd.io/c1ySZhyZRLKsKP4aXY-wzw?view Please give your Go/No-Go vote with 💚 for Go, ❌ for No-Go, and ✋ for Wait. Contributors & community feel free to put your suggestions, thoughts or comments on the document or here in the chat. #### Mastodon _The toot (from [@flatcar](https://hachyderm.io/@flatcar)) goes out after the changelog update has been published; it includes a link to the web changelog._ New Flatcar Alpha, Beta and Stable releases now available! (or Flatcar releases for all channels) 📦 Many package updates: Docker 26.1.0 comes on Beta 🔒 CVE fixes & security patches: Linux, Docker, Podman 📜 Release notes at the usual spot: https://www.flatcar.org/releases/ #### Kubernetes Slack _This goes in the #flatcar channel_ Please welcome Flatcar releases of this month: - Alpha 4081.0.0 (new major) - Beta 4054.1.0 (new major) - Stable 3975.2.1 (maintenance release) These releases include: 🚀 new features: kernel security module Landlock available on Beta 🩹 Fix bugs: cloud-init on Equinix Metal 📦 Many package updates: Docker 26.1.0 comes on Beta 📜 Release notes in usual spot: https://www.flatcar.org/releases/ :book: Read our blogpost regarding the latest new major stable: https://www.flatcar.org/blog/2024/08/whats-new-in-stable-3975.2.0/