Flatcar Container Linux Release - February 13th, 2024

# Flatcar Container Linux Release - February 13th, 2024 ## Alpha 3874.0.0 - AMD64-usr - Platforms succeeded: All except DO - Platforms failed: DO with kubeadm.v1.26.5.calico.base: this test is known as flaky and will be removed in less than 2 weeks since K8S 1.26 is EOL - Platforms not tested: None - ARM64-usr - Platforms succeeded: All - Platforms failed: None - Platforms not tested: EM (no resources) VERDICT: _GO_ / _WAIT_ / _NO-GO_ ## Beta 3850.1.0 - AMD64-usr - Platforms succeeded: All except EM - Platforms failed: EM (kubeadm.v1.28.1.calico.basekubeadm.v1.28.1.cilium.basekubeadm.v1.26.5.calico.cgroupv1.basekubeadm.v1.26.5.flannel.basekubeadm.v1.26.5.cilium.cgroupv1.basekubeadm.v1.27.2.calico.basecl.etcd-member.discovery) - Platforms not tested: None - ARM64-usr - Platforms succeeded: All - Platforms failed: None - Platforms not tested: EM (no ressources) VERDICT: _GO_ / _WAIT_ / _NO-GO_ ## Stable 3815.2.0 - AMD64-usr - Platforms succeeded: All - Platforms failed: None - Platforms not tested: None - ARM64-usr - Platforms succeeded: All - Platforms failed: None - Platforms not tested: EM (no ressources) VERDICT: _GO_ / _WAIT_ / _NO-GO_ ## LTS 3510.3.2 - AMD64-usr - Platforms succeeded: All - Platforms failed: None - Platforms not tested: None - ARM64-usr - Platforms succeeded: All - Platforms failed: None - Platforms not tested: EM (no ressources) VERDICT: _GO_ / _WAIT_ / _NO-GO_ ## Test Tracking - Alpha: http://jenkins.infra.kinvolk.io:8080/job/container/job/sdk/1315/cldsv/ (restarted 2024-02-12) - Beta: http://jenkins.infra.kinvolk.io:8080/job/container/job/packages_all_arches/3438/cldsv/ (restarted 2024-02-12) - amd64 - ~~DigitalOcean~~ - ~~TLE (job did not run) (Rerunning)~~ - ~~Brightbox~~ - ~~TLE~~ - EM - kubeadm.v1.26.5.flannel.basekubeadm.v1.28.1.calico.basekubeadm.v1.26.5.cilium.cgroupv1.basecl.flannel.vxlancl.etcd-member.discoverykubeadm.v1.26.5.calico.cgroupv1.basekubeadm.v1.27.2.calico.basekubeadm.v1.28.1.cilium.base failed (Rerunning) - arm64 - EM - Low resources. - Stable: http://jenkins.infra.kinvolk.io:8080/job/container/job/packages_all_arches/3415/cldsv/ (restarted 2024-02-12) - LTS: http://jenkins.infra.kinvolk.io:8080/job/container/job/packages_all_arches/3437/cldsv/ (restarted 2024-02-12) ## Communication --- #### Guidelines / Things to Remember - Release notes are used in a PR and will appear on https://www.flatcar.org/releases/ - [Announcement Message](#Announcement-Message) is posted in [Flatcar-Linux-user](https://groups.google.com/g/flatcar-linux-user). Make sure to post as “Flatcar Container Linux User”, not with your personal user (this can be selected when drafting the post). - Make sure the the LTS is referred to as `LTS-2021`, and not `LTS-2605` --- ### Announcement Message Subject: Announcing new releases Alpha 3874.0.0, Beta 3850.1.0, Stable 3815.2.0, LTS 3510.3.2 Hello, We are pleased to announce a new Flatcar Container Linux release for the Alpha, Beta, Stable, LTS-2023 channel. ### New Alpha Release 3874.0.0 _Changes since **Alpha 3850.0.0**_ #### Security fixes: - Linux ([CVE-2023-46838](https://nvd.nist.gov/vuln/detail/CVE-2023-46838), [CVE-2023-50431](https://nvd.nist.gov/vuln/detail/CVE-2023-50431), [CVE-2023-6610](https://nvd.nist.gov/vuln/detail/CVE-2023-6610), [CVE-2023-6915](https://nvd.nist.gov/vuln/detail/CVE-2023-6915), [CVE-2024-1085](https://nvd.nist.gov/vuln/detail/CVE-2024-1085), [CVE-2024-1086](https://nvd.nist.gov/vuln/detail/CVE-2024-1086), [CVE-2024-23849](https://nvd.nist.gov/vuln/detail/CVE-2024-23849)) - docker ([CVE-2024-24557](https://nvd.nist.gov/vuln/detail/CVE-2024-24557)) - runc ([CVE-2024-21626](https://nvd.nist.gov/vuln/detail/CVE-2024-21626)) #### Bug fixes: - Added a workaround for old airgapped/proxied update-engine clients to be able to update to this release ([Flatcar#1332](https://github.com/flatcar/Flatcar/issues/1332), [update_engine#38](https://github.com/flatcar/update_engine/pull/38)) - Fixed the handling of OEM update payloads in a Nebraska response with self-hosted packages ([ue-rs#49](https://github.com/flatcar/ue-rs/pull/49)) - Forwarded the proxy environment variables of `update-engine.service` to the postinstall script to support fetching OEM systemd-sysext payloads through a proxy ([Flatcar#1326](https://github.com/flatcar/Flatcar/issues/1326)) #### Changes: - Added a `flatcar-update --oem-payloads <yes|no>` flag to skip providing OEM payloads, e.g., for downgrades ([init#114](https://github.com/flatcar/init/pull/114)) #### Updates: - Linux ([6.6.16](https://lwn.net/Articles/961011) (includes [6.6.15](https://lwn.net/Articles/960441), [6.6.14](https://lwn.net/Articles/959512), [6.6.13](https://lwn.net/Articles/958862))) - Linux Firmware ([20240115](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20240115)) - afterburn ([5.5.1](https://github.com/coreos/afterburn/releases/tag/v5.5.1)) - ca-certificates ([3.97](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_97.html)) - containerd ([1.7.13](https://github.com/containerd/containerd/releases/tag/v1.7.13) (includes [1.7.12](https://github.com/containerd/containerd/releases/tag/v1.7.12))) - docker ([24.0.9](https://github.com/moby/moby/releases/tag/v24.0.9)) - git ([2.43.0](https://github.com/git/git/blob/v2.43.0/Documentation/RelNotes/2.43.0.txt) (includes [2.42.0](https://github.com/git/git/blob/v2.42.0/Documentation/RelNotes/2.42.0.txt))) - iperf ([3.16](https://github.com/esnet/iperf/releases/tag/3.16)) - libuv ([1.47.0](https://github.com/libuv/libuv/releases/tag/v1.47.0)) - runc ([1.1.12](https://github.com/opencontainers/runc/releases/tag/v1.1.12)) - SDK: make ([4.4.1](https://lists.gnu.org/archive/html/info-gnu/2023-02/msg00011.html) (includes [4.4](https://lists.gnu.org/archive/html/help-make/2022-10/msg00020.html))) - SDK: portage ([3.0.61](https://gitweb.gentoo.org/proj/portage.git/tree/NEWS?h=portage-3.0.61)) ### New Beta Release 3850.1.0 _Changes since **Beta 3815.1.0**_ #### Security fixes: - Linux ([CVE-2022-27672](https://nvd.nist.gov/vuln/detail/CVE-2022-27672), [CVE-2022-36402](https://nvd.nist.gov/vuln/detail/CVE-2022-36402), [CVE-2022-36402](https://nvd.nist.gov/vuln/detail/CVE-2022-36402), [CVE-2022-40982](https://nvd.nist.gov/vuln/detail/CVE-2022-40982), [CVE-2022-4269](https://nvd.nist.gov/vuln/detail/CVE-2022-4269), [CVE-2022-45886](https://nvd.nist.gov/vuln/detail/CVE-2022-45886), [CVE-2022-45887](https://nvd.nist.gov/vuln/detail/CVE-2022-45887), [CVE-2022-45919](https://nvd.nist.gov/vuln/detail/CVE-2022-45919), [CVE-2022-48425](https://nvd.nist.gov/vuln/detail/CVE-2022-48425), [CVE-2023-0160](https://nvd.nist.gov/vuln/detail/CVE-2023-0160), [CVE-2023-0160](https://nvd.nist.gov/vuln/detail/CVE-2023-0160), [CVE-2023-0459](https://nvd.nist.gov/vuln/detail/CVE-2023-0459), [CVE-2023-1032](https://nvd.nist.gov/vuln/detail/CVE-2023-1032), [CVE-2023-1076](https://nvd.nist.gov/vuln/detail/CVE-2023-1076), [CVE-2023-1077](https://nvd.nist.gov/vuln/detail/CVE-2023-1077), [CVE-2023-1079](https://nvd.nist.gov/vuln/detail/CVE-2023-1079), [CVE-2023-1118](https://nvd.nist.gov/vuln/detail/CVE-2023-1118), [CVE-2023-1192](https://nvd.nist.gov/vuln/detail/CVE-2023-1192), [CVE-2023-1194](https://nvd.nist.gov/vuln/detail/CVE-2023-1194), [CVE-2023-1206](https://nvd.nist.gov/vuln/detail/CVE-2023-1206), [CVE-2023-1281](https://nvd.nist.gov/vuln/detail/CVE-2023-1281), [CVE-2023-1380](https://nvd.nist.gov/vuln/detail/CVE-2023-1380), [CVE-2023-1380](https://nvd.nist.gov/vuln/detail/CVE-2023-1380), [CVE-2023-1513](https://nvd.nist.gov/vuln/detail/CVE-2023-1513), [CVE-2023-1583](https://nvd.nist.gov/vuln/detail/CVE-2023-1583), [CVE-2023-1611](https://nvd.nist.gov/vuln/detail/CVE-2023-1611), [CVE-2023-1670](https://nvd.nist.gov/vuln/detail/CVE-2023-1670), [CVE-2023-1829](https://nvd.nist.gov/vuln/detail/CVE-2023-1829), [CVE-2023-1855](https://nvd.nist.gov/vuln/detail/CVE-2023-1855), [CVE-2023-1859](https://nvd.nist.gov/vuln/detail/CVE-2023-1859), [CVE-2023-1989](https://nvd.nist.gov/vuln/detail/CVE-2023-1989), [CVE-2023-1990](https://nvd.nist.gov/vuln/detail/CVE-2023-1990), [CVE-2023-1998](https://nvd.nist.gov/vuln/detail/CVE-2023-1998), [CVE-2023-2002](https://nvd.nist.gov/vuln/detail/CVE-2023-2002), [CVE-2023-2002](https://nvd.nist.gov/vuln/detail/CVE-2023-2002), [CVE-2023-20569](https://nvd.nist.gov/vuln/detail/CVE-2023-20569), [CVE-2023-20588](https://nvd.nist.gov/vuln/detail/CVE-2023-20588), [CVE-2023-20593](https://nvd.nist.gov/vuln/detail/CVE-2023-20593), [CVE-2023-2124](https://nvd.nist.gov/vuln/detail/CVE-2023-2124), [CVE-2023-21255](https://nvd.nist.gov/vuln/detail/CVE-2023-21255), [CVE-2023-21264](https://nvd.nist.gov/vuln/detail/CVE-2023-21264), [CVE-2023-2156](https://nvd.nist.gov/vuln/detail/CVE-2023-2156), [CVE-2023-2156](https://nvd.nist.gov/vuln/detail/CVE-2023-2156), [CVE-2023-2163](https://nvd.nist.gov/vuln/detail/CVE-2023-2163), [CVE-2023-2163](https://nvd.nist.gov/vuln/detail/CVE-2023-2163), [CVE-2023-2194](https://nvd.nist.gov/vuln/detail/CVE-2023-2194), [CVE-2023-2235](https://nvd.nist.gov/vuln/detail/CVE-2023-2235), [CVE-2023-2248](https://nvd.nist.gov/vuln/detail/CVE-2023-2248), [CVE-2023-2248](https://nvd.nist.gov/vuln/detail/CVE-2023-2248), [CVE-2023-2269](https://nvd.nist.gov/vuln/detail/CVE-2023-2269), [CVE-2023-2269](https://nvd.nist.gov/vuln/detail/CVE-2023-2269), [CVE-2023-2483](https://nvd.nist.gov/vuln/detail/CVE-2023-2483), [CVE-2023-25012](https://nvd.nist.gov/vuln/detail/CVE-2023-25012), [CVE-2023-25775](https://nvd.nist.gov/vuln/detail/CVE-2023-25775), [CVE-2023-25775](https://nvd.nist.gov/vuln/detail/CVE-2023-25775), [CVE-2023-2598](https://nvd.nist.gov/vuln/detail/CVE-2023-2598), [CVE-2023-26545](https://nvd.nist.gov/vuln/detail/CVE-2023-26545), [CVE-2023-28466](https://nvd.nist.gov/vuln/detail/CVE-2023-28466), [CVE-2023-28866](https://nvd.nist.gov/vuln/detail/CVE-2023-28866), [CVE-2023-2898](https://nvd.nist.gov/vuln/detail/CVE-2023-2898), [CVE-2023-2985](https://nvd.nist.gov/vuln/detail/CVE-2023-2985), [CVE-2023-30456](https://nvd.nist.gov/vuln/detail/CVE-2023-30456), [CVE-2023-30772](https://nvd.nist.gov/vuln/detail/CVE-2023-30772), [CVE-2023-3090](https://nvd.nist.gov/vuln/detail/CVE-2023-3090), [CVE-2023-31085](https://nvd.nist.gov/vuln/detail/CVE-2023-31085), [CVE-2023-3117](https://nvd.nist.gov/vuln/detail/CVE-2023-3117), [CVE-2023-31248](https://nvd.nist.gov/vuln/detail/CVE-2023-31248), [CVE-2023-3141](https://nvd.nist.gov/vuln/detail/CVE-2023-3141), [CVE-2023-31436](https://nvd.nist.gov/vuln/detail/CVE-2023-31436), [CVE-2023-31436](https://nvd.nist.gov/vuln/detail/CVE-2023-31436), [CVE-2023-3212](https://nvd.nist.gov/vuln/detail/CVE-2023-3212), [CVE-2023-3220](https://nvd.nist.gov/vuln/detail/CVE-2023-3220), [CVE-2023-32233](https://nvd.nist.gov/vuln/detail/CVE-2023-32233), [CVE-2023-32233](https://nvd.nist.gov/vuln/detail/CVE-2023-32233), [CVE-2023-32247](https://nvd.nist.gov/vuln/detail/CVE-2023-32247), [CVE-2023-32247](https://nvd.nist.gov/vuln/detail/CVE-2023-32247), [CVE-2023-32248](https://nvd.nist.gov/vuln/detail/CVE-2023-32248), [CVE-2023-32248](https://nvd.nist.gov/vuln/detail/CVE-2023-32248), [CVE-2023-32250](https://nvd.nist.gov/vuln/detail/CVE-2023-32250), [CVE-2023-32250](https://nvd.nist.gov/vuln/detail/CVE-2023-32250), [CVE-2023-32252](https://nvd.nist.gov/vuln/detail/CVE-2023-32252), [CVE-2023-32252](https://nvd.nist.gov/vuln/detail/CVE-2023-32252), [CVE-2023-32254](https://nvd.nist.gov/vuln/detail/CVE-2023-32254), [CVE-2023-32254](https://nvd.nist.gov/vuln/detail/CVE-2023-32254), [CVE-2023-32257](https://nvd.nist.gov/vuln/detail/CVE-2023-32257), [CVE-2023-32257](https://nvd.nist.gov/vuln/detail/CVE-2023-32257), [CVE-2023-32258](https://nvd.nist.gov/vuln/detail/CVE-2023-32258), [CVE-2023-32258](https://nvd.nist.gov/vuln/detail/CVE-2023-32258), [CVE-2023-3268](https://nvd.nist.gov/vuln/detail/CVE-2023-3268), [CVE-2023-3268](https://nvd.nist.gov/vuln/detail/CVE-2023-3268), [CVE-2023-3269](https://nvd.nist.gov/vuln/detail/CVE-2023-3269), [CVE-2023-3269](https://nvd.nist.gov/vuln/detail/CVE-2023-3269), [CVE-2023-3312](https://nvd.nist.gov/vuln/detail/CVE-2023-3312), [CVE-2023-3312](https://nvd.nist.gov/vuln/detail/CVE-2023-3312), [CVE-2023-3317](https://nvd.nist.gov/vuln/detail/CVE-2023-3317), [CVE-2023-33203](https://nvd.nist.gov/vuln/detail/CVE-2023-33203), [CVE-2023-33250](https://nvd.nist.gov/vuln/detail/CVE-2023-33250), [CVE-2023-33250](https://nvd.nist.gov/vuln/detail/CVE-2023-33250), [CVE-2023-33288](https://nvd.nist.gov/vuln/detail/CVE-2023-33288), [CVE-2023-3355](https://nvd.nist.gov/vuln/detail/CVE-2023-3355), [CVE-2023-3390](https://nvd.nist.gov/vuln/detail/CVE-2023-3390), [CVE-2023-33951](https://nvd.nist.gov/vuln/detail/CVE-2023-33951), [CVE-2023-33951](https://nvd.nist.gov/vuln/detail/CVE-2023-33951), [CVE-2023-33952](https://nvd.nist.gov/vuln/detail/CVE-2023-33952), [CVE-2023-33952](https://nvd.nist.gov/vuln/detail/CVE-2023-33952), [CVE-2023-34255](https://nvd.nist.gov/vuln/detail/CVE-2023-34255), [CVE-2023-34256](https://nvd.nist.gov/vuln/detail/CVE-2023-34256), [CVE-2023-34256](https://nvd.nist.gov/vuln/detail/CVE-2023-34256), [CVE-2023-34319](https://nvd.nist.gov/vuln/detail/CVE-2023-34319), [CVE-2023-34324](https://nvd.nist.gov/vuln/detail/CVE-2023-34324), [CVE-2023-35001](https://nvd.nist.gov/vuln/detail/CVE-2023-35001), [CVE-2023-35788](https://nvd.nist.gov/vuln/detail/CVE-2023-35788), [CVE-2023-35823](https://nvd.nist.gov/vuln/detail/CVE-2023-35823), [CVE-2023-35823](https://nvd.nist.gov/vuln/detail/CVE-2023-35823), [CVE-2023-35824](https://nvd.nist.gov/vuln/detail/CVE-2023-35824), [CVE-2023-35824](https://nvd.nist.gov/vuln/detail/CVE-2023-35824), [CVE-2023-35826](https://nvd.nist.gov/vuln/detail/CVE-2023-35826), [CVE-2023-35826](https://nvd.nist.gov/vuln/detail/CVE-2023-35826), [CVE-2023-35827](https://nvd.nist.gov/vuln/detail/CVE-2023-35827), [CVE-2023-35828](https://nvd.nist.gov/vuln/detail/CVE-2023-35828), [CVE-2023-35828](https://nvd.nist.gov/vuln/detail/CVE-2023-35828), [CVE-2023-35829](https://nvd.nist.gov/vuln/detail/CVE-2023-35829), [CVE-2023-35829](https://nvd.nist.gov/vuln/detail/CVE-2023-35829), [CVE-2023-3609](https://nvd.nist.gov/vuln/detail/CVE-2023-3609), [CVE-2023-3610](https://nvd.nist.gov/vuln/detail/CVE-2023-3610), [CVE-2023-3610](https://nvd.nist.gov/vuln/detail/CVE-2023-3610), [CVE-2023-3611](https://nvd.nist.gov/vuln/detail/CVE-2023-3611), [CVE-2023-37453](https://nvd.nist.gov/vuln/detail/CVE-2023-37453), [CVE-2023-37453](https://nvd.nist.gov/vuln/detail/CVE-2023-37453), [CVE-2023-3772](https://nvd.nist.gov/vuln/detail/CVE-2023-3772), [CVE-2023-3773](https://nvd.nist.gov/vuln/detail/CVE-2023-3773), [CVE-2023-3776](https://nvd.nist.gov/vuln/detail/CVE-2023-3776), [CVE-2023-3777](https://nvd.nist.gov/vuln/detail/CVE-2023-3777), [CVE-2023-38409](https://nvd.nist.gov/vuln/detail/CVE-2023-38409), [CVE-2023-38426](https://nvd.nist.gov/vuln/detail/CVE-2023-38426), [CVE-2023-38427](https://nvd.nist.gov/vuln/detail/CVE-2023-38427), [CVE-2023-38428](https://nvd.nist.gov/vuln/detail/CVE-2023-38428), [CVE-2023-38429](https://nvd.nist.gov/vuln/detail/CVE-2023-38429), [CVE-2023-38430](https://nvd.nist.gov/vuln/detail/CVE-2023-38430), [CVE-2023-38431](https://nvd.nist.gov/vuln/detail/CVE-2023-38431), [CVE-2023-38432](https://nvd.nist.gov/vuln/detail/CVE-2023-38432), [CVE-2023-38432](https://nvd.nist.gov/vuln/detail/CVE-2023-38432), [CVE-2023-3863](https://nvd.nist.gov/vuln/detail/CVE-2023-3863), [CVE-2023-3863](https://nvd.nist.gov/vuln/detail/CVE-2023-3863), [CVE-2023-3865](https://nvd.nist.gov/vuln/detail/CVE-2023-3865), [CVE-2023-3865](https://nvd.nist.gov/vuln/detail/CVE-2023-3865), [CVE-2023-3866](https://nvd.nist.gov/vuln/detail/CVE-2023-3866), [CVE-2023-3866](https://nvd.nist.gov/vuln/detail/CVE-2023-3866), [CVE-2023-3867](https://nvd.nist.gov/vuln/detail/CVE-2023-3867), [CVE-2023-39189](https://nvd.nist.gov/vuln/detail/CVE-2023-39189), [CVE-2023-39191](https://nvd.nist.gov/vuln/detail/CVE-2023-39191), [CVE-2023-39192](https://nvd.nist.gov/vuln/detail/CVE-2023-39192), [CVE-2023-39192](https://nvd.nist.gov/vuln/detail/CVE-2023-39192), [CVE-2023-39193](https://nvd.nist.gov/vuln/detail/CVE-2023-39193), [CVE-2023-39193](https://nvd.nist.gov/vuln/detail/CVE-2023-39193), [CVE-2023-39194](https://nvd.nist.gov/vuln/detail/CVE-2023-39194), [CVE-2023-39197](https://nvd.nist.gov/vuln/detail/CVE-2023-39197), [CVE-2023-39197](https://nvd.nist.gov/vuln/detail/CVE-2023-39197), [CVE-2023-39198](https://nvd.nist.gov/vuln/detail/CVE-2023-39198), [CVE-2023-4004](https://nvd.nist.gov/vuln/detail/CVE-2023-4004), [CVE-2023-4015](https://nvd.nist.gov/vuln/detail/CVE-2023-4015), [CVE-2023-40283](https://nvd.nist.gov/vuln/detail/CVE-2023-40283), [CVE-2023-40791](https://nvd.nist.gov/vuln/detail/CVE-2023-40791), [CVE-2023-4128](https://nvd.nist.gov/vuln/detail/CVE-2023-4128), [CVE-2023-4132](https://nvd.nist.gov/vuln/detail/CVE-2023-4132), [CVE-2023-4133](https://nvd.nist.gov/vuln/detail/CVE-2023-4133), [CVE-2023-4133](https://nvd.nist.gov/vuln/detail/CVE-2023-4133), [CVE-2023-4134](https://nvd.nist.gov/vuln/detail/CVE-2023-4134), [CVE-2023-4134](https://nvd.nist.gov/vuln/detail/CVE-2023-4134), [CVE-2023-4147](https://nvd.nist.gov/vuln/detail/CVE-2023-4147), [CVE-2023-4155](https://nvd.nist.gov/vuln/detail/CVE-2023-4155), [CVE-2023-4194](https://nvd.nist.gov/vuln/detail/CVE-2023-4194), [CVE-2023-4206](https://nvd.nist.gov/vuln/detail/CVE-2023-4206), [CVE-2023-4207](https://nvd.nist.gov/vuln/detail/CVE-2023-4207), [CVE-2023-4208](https://nvd.nist.gov/vuln/detail/CVE-2023-4208), [CVE-2023-4244](https://nvd.nist.gov/vuln/detail/CVE-2023-4244), [CVE-2023-4273](https://nvd.nist.gov/vuln/detail/CVE-2023-4273), [CVE-2023-42752](https://nvd.nist.gov/vuln/detail/CVE-2023-42752), [CVE-2023-42752](https://nvd.nist.gov/vuln/detail/CVE-2023-42752), [CVE-2023-42753](https://nvd.nist.gov/vuln/detail/CVE-2023-42753), [CVE-2023-42753](https://nvd.nist.gov/vuln/detail/CVE-2023-42753), [CVE-2023-42754](https://nvd.nist.gov/vuln/detail/CVE-2023-42754), [CVE-2023-42756](https://nvd.nist.gov/vuln/detail/CVE-2023-42756), [CVE-2023-44466](https://nvd.nist.gov/vuln/detail/CVE-2023-44466), [CVE-2023-4563](https://nvd.nist.gov/vuln/detail/CVE-2023-4563), [CVE-2023-4569](https://nvd.nist.gov/vuln/detail/CVE-2023-4569), [CVE-2023-45862](https://nvd.nist.gov/vuln/detail/CVE-2023-45862), [CVE-2023-45863](https://nvd.nist.gov/vuln/detail/CVE-2023-45863), [CVE-2023-45871](https://nvd.nist.gov/vuln/detail/CVE-2023-45871), [CVE-2023-45871](https://nvd.nist.gov/vuln/detail/CVE-2023-45871), [CVE-2023-45898](https://nvd.nist.gov/vuln/detail/CVE-2023-45898), [CVE-2023-4610](https://nvd.nist.gov/vuln/detail/CVE-2023-4610), [CVE-2023-4611](https://nvd.nist.gov/vuln/detail/CVE-2023-4611), [CVE-2023-4623](https://nvd.nist.gov/vuln/detail/CVE-2023-4623), [CVE-2023-4623](https://nvd.nist.gov/vuln/detail/CVE-2023-4623), [CVE-2023-46343](https://nvd.nist.gov/vuln/detail/CVE-2023-46343), [CVE-2023-46813](https://nvd.nist.gov/vuln/detail/CVE-2023-46813), [CVE-2023-46838](https://nvd.nist.gov/vuln/detail/CVE-2023-46838), [CVE-2023-46838](https://nvd.nist.gov/vuln/detail/CVE-2023-46838), [CVE-2023-46862](https://nvd.nist.gov/vuln/detail/CVE-2023-46862), [CVE-2023-46862](https://nvd.nist.gov/vuln/detail/CVE-2023-46862), [CVE-2023-4881](https://nvd.nist.gov/vuln/detail/CVE-2023-4881), [CVE-2023-4921](https://nvd.nist.gov/vuln/detail/CVE-2023-4921), [CVE-2023-50431](https://nvd.nist.gov/vuln/detail/CVE-2023-50431), [CVE-2023-50431](https://nvd.nist.gov/vuln/detail/CVE-2023-50431), [CVE-2023-5090](https://nvd.nist.gov/vuln/detail/CVE-2023-5090), [CVE-2023-51042](https://nvd.nist.gov/vuln/detail/CVE-2023-51042), [CVE-2023-51043](https://nvd.nist.gov/vuln/detail/CVE-2023-51043), [CVE-2023-5158](https://nvd.nist.gov/vuln/detail/CVE-2023-5158), [CVE-2023-51779](https://nvd.nist.gov/vuln/detail/CVE-2023-51779), [CVE-2023-51780](https://nvd.nist.gov/vuln/detail/CVE-2023-51780), [CVE-2023-51781](https://nvd.nist.gov/vuln/detail/CVE-2023-51781), [CVE-2023-51782](https://nvd.nist.gov/vuln/detail/CVE-2023-51782), [CVE-2023-5197](https://nvd.nist.gov/vuln/detail/CVE-2023-5197), [CVE-2023-5345](https://nvd.nist.gov/vuln/detail/CVE-2023-5345), [CVE-2023-5633](https://nvd.nist.gov/vuln/detail/CVE-2023-5633), [CVE-2023-5717](https://nvd.nist.gov/vuln/detail/CVE-2023-5717), [CVE-2023-5972](https://nvd.nist.gov/vuln/detail/CVE-2023-5972), [CVE-2023-6039](https://nvd.nist.gov/vuln/detail/CVE-2023-6039), [CVE-2023-6111](https://nvd.nist.gov/vuln/detail/CVE-2023-6111), [CVE-2023-6121](https://nvd.nist.gov/vuln/detail/CVE-2023-6121), [CVE-2023-6176](https://nvd.nist.gov/vuln/detail/CVE-2023-6176), [CVE-2023-6200](https://nvd.nist.gov/vuln/detail/CVE-2023-6200), [CVE-2023-6531](https://nvd.nist.gov/vuln/detail/CVE-2023-6531), [CVE-2023-6546](https://nvd.nist.gov/vuln/detail/CVE-2023-6546), [CVE-2023-6560](https://nvd.nist.gov/vuln/detail/CVE-2023-6560), [CVE-2023-6606](https://nvd.nist.gov/vuln/detail/CVE-2023-6606), [CVE-2023-6610](https://nvd.nist.gov/vuln/detail/CVE-2023-6610), [CVE-2023-6610](https://nvd.nist.gov/vuln/detail/CVE-2023-6610), [CVE-2023-6622](https://nvd.nist.gov/vuln/detail/CVE-2023-6622), [CVE-2023-6817](https://nvd.nist.gov/vuln/detail/CVE-2023-6817), [CVE-2023-6915](https://nvd.nist.gov/vuln/detail/CVE-2023-6915), [CVE-2023-6915](https://nvd.nist.gov/vuln/detail/CVE-2023-6915), [CVE-2023-6931](https://nvd.nist.gov/vuln/detail/CVE-2023-6931), [CVE-2023-6932](https://nvd.nist.gov/vuln/detail/CVE-2023-6932), [CVE-2023-7192](https://nvd.nist.gov/vuln/detail/CVE-2023-7192), [CVE-2024-0193](https://nvd.nist.gov/vuln/detail/CVE-2024-0193), [CVE-2024-0443](https://nvd.nist.gov/vuln/detail/CVE-2024-0443), [CVE-2024-0565](https://nvd.nist.gov/vuln/detail/CVE-2024-0565), [CVE-2024-0582](https://nvd.nist.gov/vuln/detail/CVE-2024-0582), [CVE-2024-0584](https://nvd.nist.gov/vuln/detail/CVE-2024-0584), [CVE-2024-0607](https://nvd.nist.gov/vuln/detail/CVE-2024-0607), [CVE-2024-0607](https://nvd.nist.gov/vuln/detail/CVE-2024-0607), [CVE-2024-0639](https://nvd.nist.gov/vuln/detail/CVE-2024-0639), [CVE-2024-0641](https://nvd.nist.gov/vuln/detail/CVE-2024-0641), [CVE-2024-0646](https://nvd.nist.gov/vuln/detail/CVE-2024-0646), [CVE-2024-0775](https://nvd.nist.gov/vuln/detail/CVE-2024-0775), [CVE-2024-0775](https://nvd.nist.gov/vuln/detail/CVE-2024-0775), [CVE-2024-1085](https://nvd.nist.gov/vuln/detail/CVE-2024-1085), [CVE-2024-1085](https://nvd.nist.gov/vuln/detail/CVE-2024-1085), [CVE-2024-1086](https://nvd.nist.gov/vuln/detail/CVE-2024-1086), [CVE-2024-1086](https://nvd.nist.gov/vuln/detail/CVE-2024-1086), [CVE-2024-1312](https://nvd.nist.gov/vuln/detail/CVE-2024-1312), [CVE-2024-22705](https://nvd.nist.gov/vuln/detail/CVE-2024-22705), [CVE-2024-23849](https://nvd.nist.gov/vuln/detail/CVE-2024-23849), [CVE-2024-23849](https://nvd.nist.gov/vuln/detail/CVE-2024-23849)) - binutils ([CVE-2023-1972](https://nvd.nist.gov/vuln/detail/CVE-2023-1972)) - curl ([CVE-2023-46218](https://nvd.nist.gov/vuln/detail/CVE-2023-46218), [CVE-2023-46219](https://nvd.nist.gov/vuln/detail/CVE-2023-46219)) - docker ([CVE-2024-24557](https://nvd.nist.gov/vuln/detail/CVE-2024-24557)) - gnutls ([CVE-2023-5981](https://nvd.nist.gov/vuln/detail/CVE-2023-5981)) - intel-microcode ([CVE-2023-23583](https://nvd.nist.gov/vuln/detail/CVE-2023-23583)) - libxml2 ([CVE-2023-45322](https://nvd.nist.gov/vuln/detail/CVE-2023-45322)) - openssh ([CVE-2023-48795](https://nvd.nist.gov/vuln/detail/CVE-2023-48795), [CVE-2023-51384](https://nvd.nist.gov/vuln/detail/CVE-2023-51384), [CVE-2023-51385](https://nvd.nist.gov/vuln/detail/CVE-2023-51385)) - openssl ([CVE-2023-3817](https://nvd.nist.gov/vuln/detail/CVE-2023-3817), [CVE-2023-5363](https://nvd.nist.gov/vuln/detail/CVE-2023-5363), [CVE-2023-5678](https://nvd.nist.gov/vuln/detail/CVE-2023-5678)) - runc ([CVE-2024-21626](https://nvd.nist.gov/vuln/detail/CVE-2024-21626)) - traceroute ([CVE-2023-46316](https://nvd.nist.gov/vuln/detail/CVE-2023-46316)) - vim ([CVE-2023-5344](https://nvd.nist.gov/vuln/detail/CVE-2023-5344), [CVE-2023-5441](https://nvd.nist.gov/vuln/detail/CVE-2023-5441), [CVE-2023-5535](https://nvd.nist.gov/vuln/detail/CVE-2023-5535), [CVE-2023-46246](https://nvd.nist.gov/vuln/detail/CVE-2023-46246)) - SDK: perl ([CVE-2023-47038](https://nvd.nist.gov/vuln/detail/CVE-2023-47038)) #### Bug fixes: - Added a workaround for old airgapped/proxied update-engine clients to be able to update to this release ([Flatcar#1332](https://github.com/flatcar/Flatcar/issues/1332), [update_engine#38](https://github.com/flatcar/update_engine/pull/38)) - Fixed the handling of OEM update payloads in a Nebraska response with self-hosted packages ([ue-rs#49](https://github.com/flatcar/ue-rs/pull/49)) - Forwarded the proxy environment variables of `update-engine.service` to the postinstall script to support fetching OEM systemd-sysext payloads through a proxy ([Flatcar#1326](https://github.com/flatcar/Flatcar/issues/1326)) #### Changes: - Added a `flatcar-update --oem-payloads <yes|no>` flag to skip providing OEM payloads, e.g., for downgrades ([init#114](https://github.com/flatcar/init/pull/114)) - Update generation SLSA provenance info from v0.2 to v1.0. #### Updates: - Linux ([6.6.16](https://lwn.net/Articles/961011) (includes [6.6.15](https://lwn.net/Articles/960441), [6.6.14](https://lwn.net/Articles/959512), [6.6.13](https://lwn.net/Articles/958862), [6.6.12](https://lwn.net/Articles/958342), [6.6.11](https://lwn.net/Articles/957375), [6.6.10](https://lwn.net/Articles/957008), [6.6.9](https://lwn.net/Articles/956525), [6.6.8](https://lwn.net/Articles/955813), [6.6.7](https://lwn.net/Articles/954990/), [6.6](https://kernelnewbies.org/Linux_6.6))) - Linux Firmware ([20231211](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20231211)) - Go ([1.20.13](https://go.dev/doc/devel/release#go1.20.13)) - bash ([5.2_p21](https://git.savannah.gnu.org/cgit/bash.git/log/?id=2bb3cbefdb8fd019765b1a9cc42ecf37ff22fec6)) - binutils ([2.41](https://lists.gnu.org/archive/html/info-gnu/2023-07/msg00009.html)) - bpftool ([6.5.7](https://kernelnewbies.org/Linux_6.5#Tracing.2C_perf_and_BPF)) - c-ares ([1.21.0](https://c-ares.org/changelog.html#1_21_0)) - ca-certificates ([3.97](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_97.html)) - containerd ([1.7.13](https://github.com/containerd/containerd/releases/tag/v1.7.13) (includes [1.7.11](https://github.com/containerd/containerd/releases/tag/v1.7.11))) - coreutils ([9.4](https://lists.gnu.org/archive/html/info-gnu/2023-08/msg00007.html)) - curl ([8.5.0](https://curl.se/changes.html#8_5_0)) - docker ([24.0.9](https://github.com/moby/moby/releases/tag/v24.0.9)) - elfutils ([0.190](https://sourceware.org/git/?p=elfutils.git;a=blob;f=NEWS;h=0420d3b8376877c1b11712f1aad90a2e2b6f6d06;hb=c1058da5a450e33e72b72abb53bc3ffd7f6b361b)) - gawk ([5.3.0](https://lwn.net/Articles/949829/)) - gentoolkit ([0.6.3](https://gitweb.gentoo.org/proj/gentoolkit.git/log/?h=gentoolkit-0.6.3)) - gettext ([0.22.4](https://savannah.gnu.org/news/?id=10544)) - glib ([2.78.3](https://gitlab.gnome.org/GNOME/glib/-/blob/2.78.3/NEWS)) - gnutls ([3.8.2](https://lists.gnupg.org/pipermail/gnutls-help/2023-November/004837.html)) - groff ([1.23.0](https://lists.gnu.org/archive/html/info-gnu/2023-07/msg00001.html)) - hwdata ([0.376](https://github.com/vcrhonek/hwdata/commits/v0.376)) - intel-microcode ([20231114_p20231114](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20231114)) - iproute2 ([6.6.0](https://marc.info/?l=linux-netdev&m=169929000929786&w=2)) - ipset ([7.19](https://git.netfilter.org/ipset/tree/ChangeLog?id=ce6db35a0ea950e850ebe7c50ce46908c1c3bb2b)) - jq ([1.7.1](https://github.com/jqlang/jq/releases/tag/jq-1.7.1) (includes [1.7](https://github.com/jqlang/jq/releases/tag/jq-1.7))) - kbd ([2.6.4](https://github.com/legionus/kbd/releases/tag/v2.6.4)) - kmod ([31](https://github.com/kmod-project/kmod/blob/v31/NEWS)) - libarchive ([3.7.2](https://github.com/libarchive/libarchive/releases/tag/v3.7.2)) - libdnet ([1.16.4](https://github.com/ofalk/libdnet/releases/tag/libdnet-1.16.4)) - libksba ([1.6.5](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=blob;f=NEWS;h=369cfb5d91bf232685a6c5b156453a624e11ed67;hb=7b3e4785e54280d1a13c5bc839bdc6722d898ac7)) - libnsl ([2.0.1](https://github.com/thkukuk/libnsl/releases/tag/v2.0.1)) - libxslt ([1.1.39](https://gitlab.gnome.org/GNOME/libxslt/-/releases/v1.1.39)) - lsof ([4.99.0](https://github.com/lsof-org/lsof/blob/4.99.0/00DIST#L5523)) - lz4 ([1.9.4](https://github.com/lz4/lz4/releases/tag/v1.9.4)) - openssh ([9.6p1](https://www.openssh.com/releasenotes.html#9.6p1)) - openssl ([3.0.12](https://github.com/openssl/openssl/blob/openssl-3.0.12/NEWS.md#major-changes-between-openssl-3011-and-openssl-3012-24-oct-2023)) - readline ([8.2_p7](https://git.savannah.gnu.org/cgit/readline.git/log/?id=bfe9c573a9e376323929c80b2b71c59727fab0cc)) - runc ([1.1.12](https://github.com/opencontainers/runc/releases/tag/v1.1.12)) - selinux-base ([2.20231002](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20231002)) - selinux-base-policy ([2.20231002](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20231002)) - selinux-container ([2.20231002](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20231002)) - selinux-dbus ([2.20231002](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20231002)) - selinux-sssd ([2.20231002](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20231002)) - selinux-unconfined ([2.20231002](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20231002)) - sqlite ([3.44.2](https://www.sqlite.org/releaselog/3_44_2.html)) - strace ([6.6](https://github.com/strace/strace/releases/tag/v6.6)) - traceroute ([2.1.3](https://sourceforge.net/projects/traceroute/files/traceroute/traceroute-2.1.3/)) - usbutils ([016](https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usbutils.git/tree/NEWS?h=v016)) - util-linux ([2.39.2](https://github.com/util-linux/util-linux/blob/v2.39.2/Documentation/releases/v2.39.2-ReleaseNotes)) - vim ([9.0.2092](https://github.com/vim/vim/commits/v9.0.2092/)) - whois ([5.5.20](https://github.com/rfc1036/whois/blob/v5.5.20/debian/changelog)) - xmlsec ([1.3.2](https://github.com/lsh123/xmlsec/releases/tag/xmlsec_1_3_2)) - xz-utils ([5.4.5](https://github.com/tukaani-project/xz/releases/tag/v5.4.5)) - zlib ([1.3](https://github.com/madler/zlib/releases/tag/v1.3)) - SDK: perl ([5.38.2](https://perldoc.perl.org/5.38.2/perldelta)) - SDK: portage ([3.0.59](https://gitweb.gentoo.org/proj/portage.git/tree/NEWS?h=portage-3.0.59)) - SDK: python ([3.11.7](https://www.python.org/downloads/release/python-3117/)) - SDK: repo (2.37) - SDK: Rust ([1.75.0](https://github.com/rust-lang/rust/releases/tag/1.75.0) (includes [1.74.1](https://github.com/rust-lang/rust/releases/tag/1.74.1))) _Changes since **Alpha 3850.0.0**_ #### Security fixes: - Linux ([CVE-2023-46838](https://nvd.nist.gov/vuln/detail/CVE-2023-46838), [CVE-2023-50431](https://nvd.nist.gov/vuln/detail/CVE-2023-50431), [CVE-2023-6610](https://nvd.nist.gov/vuln/detail/CVE-2023-6610), [CVE-2023-6915](https://nvd.nist.gov/vuln/detail/CVE-2023-6915), [CVE-2024-1085](https://nvd.nist.gov/vuln/detail/CVE-2024-1085), [CVE-2024-1086](https://nvd.nist.gov/vuln/detail/CVE-2024-1086), [CVE-2024-23849](https://nvd.nist.gov/vuln/detail/CVE-2024-23849)) - docker ([CVE-2024-24557](https://nvd.nist.gov/vuln/detail/CVE-2024-24557)) - runc ([CVE-2024-21626](https://nvd.nist.gov/vuln/detail/CVE-2024-21626)) #### Bug fixes: - Added a workaround for old airgapped/proxied update-engine clients to be able to update to this release ([Flatcar#1332](https://github.com/flatcar/Flatcar/issues/1332), [update_engine#38](https://github.com/flatcar/update_engine/pull/38)) - Fixed the handling of OEM update payloads in a Nebraska response with self-hosted packages ([ue-rs#49](https://github.com/flatcar/ue-rs/pull/49)) - Forwarded the proxy environment variables of `update-engine.service` to the postinstall script to support fetching OEM systemd-sysext payloads through a proxy ([Flatcar#1326](https://github.com/flatcar/Flatcar/issues/1326)) #### Changes: - Added a `flatcar-update --oem-payloads <yes|no>` flag to skip providing OEM payloads, e.g., for downgrades ([init#114](https://github.com/flatcar/init/pull/114)) #### Updates: - Linux ([6.6.16](https://lwn.net/Articles/961011) (includes [6.6.15](https://lwn.net/Articles/960441), [6.6.14](https://lwn.net/Articles/959512), [6.6.13](https://lwn.net/Articles/958862))) - ca-certificates ([3.97](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_97.html)) - containerd ([1.7.13](https://github.com/containerd/containerd/releases/tag/v1.7.13)) - docker ([24.0.9](https://github.com/moby/moby/releases/tag/v24.0.9)) - runc ([1.1.12](https://github.com/opencontainers/runc/releases/tag/v1.1.12)) ### New Stable Release 3815.2.0 _Changes since **Stable 3760.2.0**_ #### Security fixes: - Linux ([CVE-2023-46838](https://nvd.nist.gov/vuln/detail/CVE-2023-46838), [CVE-2023-50431](https://nvd.nist.gov/vuln/detail/CVE-2023-50431), [CVE-2023-6610](https://nvd.nist.gov/vuln/detail/CVE-2023-6610), [CVE-2023-6915](https://nvd.nist.gov/vuln/detail/CVE-2023-6915), [CVE-2024-1085](https://nvd.nist.gov/vuln/detail/CVE-2024-1085), [CVE-2024-1086](https://nvd.nist.gov/vuln/detail/CVE-2024-1086), [CVE-2024-23849](https://nvd.nist.gov/vuln/detail/CVE-2024-23849)) - Go ([CVE-2023-39326](https://nvd.nist.gov/vuln/detail/CVE-2023-39326), [CVE-2023-45285](https://nvd.nist.gov/vuln/detail/CVE-2023-45285)) - VMWare: open-vm-tools ([CVE-2023-34058](https://nvd.nist.gov/vuln/detail/CVE-2023-34058), [CVE-2023-34059](https://nvd.nist.gov/vuln/detail/CVE-2023-34059)) - docker ([CVE-2024-24557](https://nvd.nist.gov/vuln/detail/CVE-2024-24557)) - nghttp2 ([CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487)) - runc ([CVE-2024-21626](https://nvd.nist.gov/vuln/detail/CVE-2024-21626)) - samba ([CVE-2023-4091](https://nvd.nist.gov/vuln/detail/CVE-2023-4091)) - zlib ([CVE-2023-45853](https://nvd.nist.gov/vuln/detail/CVE-2023-45853)) #### Bug fixes: - Added a workaround for old airgapped/proxied update-engine clients to be able to update to this release ([Flatcar#1332](https://github.com/flatcar/Flatcar/issues/1332), [update_engine#38](https://github.com/flatcar/update_engine/pull/38)) - Forwarded the proxy environment variables of `update-engine.service` to the postinstall script to support fetching OEM systemd-sysext payloads through a proxy ([Flatcar#1326](https://github.com/flatcar/Flatcar/issues/1326)) - Set TTY used for fetching server_context to RAW mode before running cloudinit on cloudsigma ([scripts#1280](https://github.com/flatcar/scripts/pull/1280)) #### Changes: - **torcx was replaced by systemd-sysext in the OS image**. Learn more about sysext and how to customise OS images [here](https://www.flatcar.org/docs/latest/provisioning/sysext/). (which is now also a legacy option because systemd-sysext offers a more robust and better structured way of customisation, including OS independent updates). - Torcx entered deprecation 2 years ago in favour of [deploying plain Docker binaries](https://www.flatcar.org/docs/latest/container-runtimes/use-a-custom-docker-or-containerd-version/) - Torcx has been removed entirely; if you use torcx to extend the Flatcar base OS image, please refer to our [conversion script](https://www.flatcar.org/docs/latest/provisioning/sysext/#torcx-deprecation) and to the sysext documentation mentioned above for migrating. - Consequently, `update_engine` will not perform torcx sanity checks post-update anymore. - Relevant changes: [scripts#1216](https://github.com/flatcar/scripts/pull/1216), [update_engine#30](https://github.com/flatcar/update_engine/pull/30), [Mantle#466](https://github.com/flatcar/mantle/pull/466), [Mantle#465](https://github.com/flatcar/mantle/pull/465). - **NOTE:** The docker btrfs storage driver has been de-prioritised; BTRFS backed storage will now default to the `overlay2` driver ([changelog](https://docs.docker.com/engine/release-notes/23.0/#bug-fixes-and-enhancements-6), [upstream pr](https://github.com/moby/moby/pull/42661)). - **NOTE:** If you are already using btrfs-backed Docker storage and are upgrading to this new version, Docker will automatically use the `btrfs` storage driver for backwards-compatibility with your deployment. - **Docker will remove the `btrfs` driver entirely in a future version. Please consider migrating your deployments to the `overlay2` driver.** Using the btrfs driver can still be enforced by creating a respective [docker config](https://docs.docker.com/storage/storagedriver/btrfs-driver/#configure-docker-to-use-the-btrfs-storage-driver) at `/etc/docker/daemon.json`. - cri-tools, runc, containerd, docker, and docker-cli are now built from Gentoo upstream ebuilds. Docker received a major version upgrade - it was updated to Docker 24 (from Docker 20; see "updates"). - GCP OEM images now use a systemd-sysext image for layering additional platform-specific software on top of `/usr` and being part of the OEM A/B updates ([flatcar#1146](https://github.com/flatcar/Flatcar/issues/1146)) - Added a `flatcar-update --oem-payloads <yes|no>` flag to skip providing OEM payloads, e.g., for downgrades ([init#114](https://github.com/flatcar/init/pull/114)) #### Updates: - Linux ([6.1.77](https://lwn.net/Articles/961012) (includes [6.1.76](https://lwn.net/Articles/960442), [6.1.75](https://lwn.net/Articles/959513), [6.1.74](https://lwn.net/Articles/958863))) - Linux Firmware ([20231111](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20231111) (includes [20231030](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20231030))) - Go ([1.20.12](https://go.dev/doc/devel/release#go1.20.12)) - Azure: WALinuxAgent ([v2.9.1.1](https://github.com/Azure/WALinuxAgent/releases/tag/v2.9.1.1)) - DEV: Azure ([3.11.6](https://docs.python.org/release/3.11.6/whatsnew/changelog.html#python-3-11-6)) - DEV: iperf ([3.15](https://github.com/esnet/iperf/releases/tag/3.15)) - DEV: smartmontools ([7.4](https://www.smartmontools.org/browser/tags/RELEASE_7_4/smartmontools/NEWS)) - SDK: Rust ([1.73.0](https://github.com/rust-lang/rust/releases/tag/1.73.0)) - SDK: Python ([3.11.0](https://github.com/platformdirs/platformdirs/releases/tag/3.11.0) (includes [23.2](https://github.com/pypa/packaging/releases/tag/23.2))) - VMWare: open-vm-tools ([12.3.5](https://github.com/vmware/open-vm-tools/releases/tag/stable-12.3.5)) - acpid ([2.0.34](https://sourceforge.net/p/acpid2/code/ci/2.0.34/tree/Changelog)) - ca-certificates ([3.97](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_97.html)) - containerd ([1.7.9](https://github.com/containerd/containerd/releases/tag/v1.7.9) (includes [1.7.8](https://github.com/containerd/containerd/releases/tag/v1.7.8), [1.7.13](https://github.com/containerd/containerd/releases/tag/v1.7.13), [1.7.10](https://github.com/containerd/containerd/releases/tag/v1.7.10))) - cri-tools ([1.27.0](https://github.com/kubernetes-sigs/cri-tools/releases/tag/v1.27.0)) - ding-libs ([0.6.2](https://github.com/SSSD/ding-libs/releases/tag/0.6.2)) - docker ([24.0.9](https://github.com/moby/moby/releases/tag/v24.0.9) (includes [24.0.6](https://docs.docker.com/engine/release-notes/24.0/), [23.0](https://docs.docker.com/engine/release-notes/23.0/))) - efibootmgr ([18](https://github.com/rhboot/efibootmgr/releases/tag/18)) - efivar ([38](https://github.com/rhboot/efivar/releases/tag/38)) - ethtool ([6.5](https://git.kernel.org/pub/scm/network/ethtool/ethtool.git/tree/NEWS?h=v6.5)) - hwdata ([v0.375](https://github.com/vcrhonek/hwdata/releases/tag/v0.375) (includes [0.374](https://github.com/vcrhonek/hwdata/commits/v0.374))) - iproute2 ([6.5.0](https://marc.info/?l=linux-netdev&m=169401822317373&w=2)) - ipvsadm ([1.31](https://git.kernel.org/pub/scm/utils/kernel/ipvsadm/ipvsadm.git/tag/?h=v1.31) (includes [1.30](https://git.kernel.org/pub/scm/utils/kernel/ipvsadm/ipvsadm.git/tag/?h=v1.30), [1.29](https://git.kernel.org/pub/scm/utils/kernel/ipvsadm/ipvsadm.git/tag/?h=v1.29), [1.28](https://git.kernel.org/pub/scm/utils/kernel/ipvsadm/ipvsadm.git/tag/?h=v1.28))) - json-c ([0.17](https://github.com/json-c/json-c/blob/json-c-0.17-20230812/ChangeLog)) - libffi ([3.4.4](https://github.com/libffi/libffi/releases/tag/v3.4.4) (includes [3.4.3](https://github.com/libffi/libffi/releases/tag/v3.4.3), [3.4.2](https://github.com/libffi/libffi/releases/tag/v3.4.2))) - liblinear ([246](https://github.com/cjlin1/liblinear/releases/tag/v246)) - libmnl ([1.0.5](https://git.netfilter.org/libmnl/log/?h=libmnl-1.0.5)) - libnetfilter_conntrack ([1.0.9](https://git.netfilter.org/libnetfilter_conntrack/log/?h=libnetfilter_conntrack-1.0.9)) - libnetfilter_cthelper ([1.0.1](https://git.netfilter.org/libnetfilter_cthelper/log/?id=8cee0347cc6969c39bb64000dfaa676a8f9e30f0)) - libnetfilter_cttimeout ([1.0.1](https://git.netfilter.org/libnetfilter_cttimeout/log/?id=068d36d6291f53a0a609ab1f695aa06e94ce3d30)) - libnfnetlink ([1.0.2](https://git.netfilter.org/libnfnetlink/log/?h=libnfnetlink-1.0.2)) - libsodium ([1.0.19](https://github.com/jedisct1/libsodium/releases/tag/1.0.19-RELEASE)) - libunistring ([1.1](https://git.savannah.gnu.org/gitweb/?p=libunistring.git;a=blob;f=NEWS;h=5a43ddd7011d62a952733f6c0b7ad52aa4f385c7;hb=8006860b710aae2e8442088c3ddc7d819dfa8ac7)) - libunwind ([1.7.2](https://github.com/libunwind/libunwind/releases/tag/v1.7.2) (includes [1.7.0](https://github.com/libunwind/libunwind/releases/tag/v1.7.0))) - liburing ([2.3](https://github.com/axboe/liburing/blob/liburing-2.3/CHANGELOG)) - mpc ([1.3.1](https://sympa.inria.fr/sympa/arc/mpc-discuss/2022-12/msg00049.html) (includes [1.3.0](https://sympa.inria.fr/sympa/arc/mpc-discuss/2022-12/msg00028.html))) - mpfr ([4.2.1](https://gitlab.inria.fr/mpfr/mpfr/-/blob/4.2.1/NEWS)) - nghttp2 ([1.57.0](https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0) (includes [1.56.0](https://github.com/nghttp2/nghttp2/releases/tag/v1.56.0), [1.55.1](https://github.com/nghttp2/nghttp2/releases/tag/v1.55.1), [1.55.0](https://github.com/nghttp2/nghttp2/releases/tag/v1.55.0), [1.54.0](https://github.com/nghttp2/nghttp2/releases/tag/v1.54.0), [1.53.0](https://github.com/nghttp2/nghttp2/releases/tag/v1.53.0), [1.52.0](https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0))) - nspr ([4.35](https://hg.mozilla.org/projects/nspr/log/b563bfc16c887c48b038b7b441fcc4e40a126d3b)) - ntp ([4.2.8p17](https://www.ntp.org/support/securitynotice/4_2_8p17-release-announcement/)) - nvme-cli ([v2.6](https://github.com/linux-nvme/nvme-cli/releases/tag/v2.6) (includes [v1.6](https://github.com/linux-nvme/libnvme/releases/tag/v1.6))) - protobuf ([21.12](https://github.com/protocolbuffers/protobuf/releases/tag/v21.12) (includes [21.11](https://github.com/protocolbuffers/protobuf/releases/tag/v21.11), [21.10](https://github.com/protocolbuffers/protobuf/releases/tag/v21.10))) - runc ([1.1.12](https://github.com/opencontainers/runc/releases/tag/v1.1.12)) - samba ([4.18.8](https://www.samba.org/samba/history/samba-4.18.8.html)) - sqlite ([3.43.2](https://www.sqlite.org/releaselog/3_43_2.html)) - squashfs-tools ([4.6.1](https://github.com/plougher/squashfs-tools/releases/tag/4.6.1) (includes [4.6](https://github.com/plougher/squashfs-tools/releases/tag/4.6))) - thin-provisioning-tools ([1.0.6](https://github.com/jthornber/thin-provisioning-tools/blob/v1.0.6/CHANGES)) _Changes since **Beta 3815.1.0**_ #### Security fixes: - Linux ([CVE-2023-46838](https://nvd.nist.gov/vuln/detail/CVE-2023-46838), [CVE-2023-50431](https://nvd.nist.gov/vuln/detail/CVE-2023-50431), [CVE-2023-6610](https://nvd.nist.gov/vuln/detail/CVE-2023-6610), [CVE-2023-6915](https://nvd.nist.gov/vuln/detail/CVE-2023-6915), [CVE-2024-1085](https://nvd.nist.gov/vuln/detail/CVE-2024-1085), [CVE-2024-1086](https://nvd.nist.gov/vuln/detail/CVE-2024-1086), [CVE-2024-23849](https://nvd.nist.gov/vuln/detail/CVE-2024-23849)) - docker ([CVE-2024-24557](https://nvd.nist.gov/vuln/detail/CVE-2024-24557)) - runc ([CVE-2024-21626](https://nvd.nist.gov/vuln/detail/CVE-2024-21626)) #### Bug fixes: - Added a workaround for old airgapped/proxied update-engine clients to be able to update to this release ([Flatcar#1332](https://github.com/flatcar/Flatcar/issues/1332), [update_engine#38](https://github.com/flatcar/update_engine/pull/38)) - Forwarded the proxy environment variables of `update-engine.service` to the postinstall script to support fetching OEM systemd-sysext payloads through a proxy ([Flatcar#1326](https://github.com/flatcar/Flatcar/issues/1326)) #### Changes: - Added a `flatcar-update --oem-payloads <yes|no>` flag to skip providing OEM payloads, e.g., for downgrades ([init#114](https://github.com/flatcar/init/pull/114)) #### Updates: - Linux ([6.1.77](https://lwn.net/Articles/961012) (includes [6.1.76](https://lwn.net/Articles/960442), [6.1.75](https://lwn.net/Articles/959513), [6.1.74](https://lwn.net/Articles/958863))) - ca-certificates ([3.97](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_97.html)) - containerd ([1.7.13](https://github.com/containerd/containerd/releases/tag/v1.7.13)) - docker ([24.0.9](https://github.com/moby/moby/releases/tag/v24.0.9)) - runc ([1.1.12](https://github.com/opencontainers/runc/releases/tag/v1.1.12)) ### New LTS-2023 Release _Changes since **LTS 3510.3.1**_ #### Security fixes: - Linux ([CVE-2022-47940](https://nvd.nist.gov/vuln/detail/CVE-2022-47940), [CVE-2023-1193](https://nvd.nist.gov/vuln/detail/CVE-2023-1193), [CVE-2023-1194](https://nvd.nist.gov/vuln/detail/CVE-2023-1194), [CVE-2023-25775](https://nvd.nist.gov/vuln/detail/CVE-2023-25775), [CVE-2023-32247](https://nvd.nist.gov/vuln/detail/CVE-2023-32247), [CVE-2023-32250](https://nvd.nist.gov/vuln/detail/CVE-2023-32250), [CVE-2023-32252](https://nvd.nist.gov/vuln/detail/CVE-2023-32252), [CVE-2023-32254](https://nvd.nist.gov/vuln/detail/CVE-2023-32254), [CVE-2023-32257](https://nvd.nist.gov/vuln/detail/CVE-2023-32257), [CVE-2023-32258](https://nvd.nist.gov/vuln/detail/CVE-2023-32258), [CVE-2023-38427](https://nvd.nist.gov/vuln/detail/CVE-2023-38427), [CVE-2023-38430](https://nvd.nist.gov/vuln/detail/CVE-2023-38430), [CVE-2023-38431](https://nvd.nist.gov/vuln/detail/CVE-2023-38431), [CVE-2023-3867](https://nvd.nist.gov/vuln/detail/CVE-2023-3867), [CVE-2023-46343](https://nvd.nist.gov/vuln/detail/CVE-2023-46343), [CVE-2023-46813](https://nvd.nist.gov/vuln/detail/CVE-2023-46813), [CVE-2023-46838](https://nvd.nist.gov/vuln/detail/CVE-2023-46838), [CVE-2023-46862](https://nvd.nist.gov/vuln/detail/CVE-2023-46862), [CVE-2023-51779](https://nvd.nist.gov/vuln/detail/CVE-2023-51779), [CVE-2023-51780](https://nvd.nist.gov/vuln/detail/CVE-2023-51780), [CVE-2023-51781](https://nvd.nist.gov/vuln/detail/CVE-2023-51781), [CVE-2023-51782](https://nvd.nist.gov/vuln/detail/CVE-2023-51782), [CVE-2023-52340](https://nvd.nist.gov/vuln/detail/CVE-2023-52340), [CVE-2023-5717](https://nvd.nist.gov/vuln/detail/CVE-2023-5717), [CVE-2023-6040](https://nvd.nist.gov/vuln/detail/CVE-2023-6040), [CVE-2023-6121](https://nvd.nist.gov/vuln/detail/CVE-2023-6121), [CVE-2023-6606](https://nvd.nist.gov/vuln/detail/CVE-2023-6606), [CVE-2023-6622](https://nvd.nist.gov/vuln/detail/CVE-2023-6622), [CVE-2023-6817](https://nvd.nist.gov/vuln/detail/CVE-2023-6817), [CVE-2023-6915](https://nvd.nist.gov/vuln/detail/CVE-2023-6915), [CVE-2023-6931](https://nvd.nist.gov/vuln/detail/CVE-2023-6931), [CVE-2023-6932](https://nvd.nist.gov/vuln/detail/CVE-2023-6932), [CVE-2024-0584](https://nvd.nist.gov/vuln/detail/CVE-2024-0584), [CVE-2024-0607](https://nvd.nist.gov/vuln/detail/CVE-2024-0607), [CVE-2024-0646](https://nvd.nist.gov/vuln/detail/CVE-2024-0646), [CVE-2024-1085](https://nvd.nist.gov/vuln/detail/CVE-2024-1085), [CVE-2024-22705](https://nvd.nist.gov/vuln/detail/CVE-2024-22705)) - runc ([CVE-2024-21626](https://nvd.nist.gov/vuln/detail/CVE-2024-21626)) #### Bug fixes: - Forwarded the proxy environment variables of `update-engine.service` to the postinstall script to support fetching OEM systemd-sysext payloads through a proxy ([Flatcar#1326](https://github.com/flatcar/Flatcar/issues/1326)) #### Changes: - Added a `flatcar-update --oem-payloads <yes|no>` flag to skip providing OEM payloads, e.g., for downgrades ([init#114](https://github.com/flatcar/init/pull/114)) - Backported the OEM payload support to update-engine to avoid the fallback download path for clients on a restricted network and rather use the URLs passed from `flatcar-update -E` or with self-hosted Nebraska payloads ([Flatcar#1332](https://github.com/flatcar/Flatcar/issues/1332), [Flatcar#1326](https://github.com/flatcar/Flatcar/issues/1326)) - Brightbox: The regular OpenStack image should now be used, it includes Afterburn for instance metadata attributes - OpenStack: An uncompressed image is provided for simpler import (since the images use qcow2 inline compression, there is no benefit in using the `.gz` or `.bz2` images) #### Updates: - Linux ([5.15.148](https://lwn.net/Articles/959514) (includes [5.15.147](https://lwn.net/Articles/958344), [5.15.146](https://lwn.net/Articles/957010), [5.15.145](https://lwn.net/Articles/956081), [5.15.144](https://lwn.net/Articles/955815), [5.15.143](https://lwn.net/Articles/954988/), [5.15.142](https://lwn.net/Articles/954114), [5.15.141](https://lwn.net/Articles/953649/), [5.15.140](https://lwn.net/Articles/953130), [5.15.139](https://lwn.net/Articles/952004), [5.15.138](https://lwn.net/Articles/950714), [5.15.137](https://lwn.net/Articles/948818))) - ca-certificates ([3.97](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_97.html) (includes [3.96.1](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_96_1.html), [3.96](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_96.html), [3.95](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_95.html))) - runc ([1.1.12](https://github.com/opencontainers/runc/releases/tag/v1.1.12)) Best, The Flatcar Container Linux Maintainers --- ### Communication #### Go/No-Go message for Matrix/Slack ##### Go/No-Go Meeting for Alpha 3874.0.0, Beta 3850.1.0, Stable 3815.2.0, LTS 3510.3.2 Pre-view images are available in https://bincache.flatcar-linux.net/images/amd64/$VERSION/ Tracking issue: https://github.com/flatcar/Flatcar/issues/1342 The Go/No-Go document is in our HackMD @flatcar namespace Link: https://hackmd.io/JUCZzDkNSwm2S49FlgtW3A Please give your Go/No-Go vote with 💚 for Go, ❌ for No-Go, and ✋ for Wait. Contributors & community feel free to put your suggestions, thoughts or comments on the document or here in the chat. @MAINTAINER @MAINTAINER @MAINTAINER #### Mastodon _The toot (from [@flatcar](https://hachyderm.io/@flatcar)) goes out after the changelog update has been published; it includes a link to the web changelog._ New Flatcar releases for all channels, and includes runc CVE fix for all channels 📦 Many package updates: Linux, Docker, runc 🔒 CVE fixes & security patches: Linux, runc 📜 Release notes at the usual spot: https://www.flatcar.org/releases/ #### Kubernetes Slack _This goes in the #flatcar channel_ Please welcome Flatcar releases of this month: - Alpha 3874.0.0 (new major) - Beta 3850.1.0 (new major) - Stable 3815.2.0 (new major) - LTS 3510.3.2 (maintenance release) These releases include: 📦 Many package updates: Linux, Docker, runc 🔒 CVE fixes & security patches: Linux, runc 📜 Release notes at the usual spot: https://www.flatcar.org/releases/