Hello,
We are pleased to announce new Flatcar Container Linux releases for the Alpha, Beta, Stable, and LTS-2605 channel.
Alpha 3127.0.0
Changes since alpha-3115.0.0
Security fixes:
- Linux (CVE-2021-4155, CVE-2021-4197, CVE-2021-45095, CVE-2022-0185)
- expat (CVE-2021-45960, CVE-2021-46143, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827)
- mit-krb5 (CVE-2021-37750)
- openssl (CVE-2021-4044)
Bug fixes:
- Fixed the dracut emergency Ignition log printing that had a scripting error causing the print command to fail (flatcar-linux/bootengine#33)
- Fixed leak of SELinux policy store to the root filesystem top directory due to wrong store path in policycoreutils instead of /var/lib/selinux (flatcar-linux/Flatcar#596)
Changes:
- Removed the pre-shipped /etc/flatcar/update.conf file, leaving it totally to the user to define the contents as it was unnecessarily overwriting the /use/share/flatcar/update.conf (flatcar-linux/scripts#212)
- Moved tracepath and traceroute6 from /usr/sbin to /usr/bin
Updates:
Beta 3066.1.1
Changes since beta-3066.1.0
Known issues:
- The SELinux policy store update fix resulted in some files leaked to the root filesystem top directory (flatcar-linux/Flatcar#596)
Security fixes:
- Linux (CVE-2021-4135, CVE-2021-4155, CVE-2021-28711, CVE-2021-28712, CVE-2021-28713, CVE-2021-28714, CVE-2021-28715, CVE-2021-39685, CVE-2021-44733, CVE-2021-45095, CVE-2022-0185)
- ca-certificates (CVE-2021-43527)
- containerd (CVE-2021-43816)
- expat (CVE-2021-45960, CVE-2021-46143, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827)
Bug fixes:
- Ensured that the /run/xtables.lock coordination file exists for modifications of the xtables backend from containers (must be bind-mounted) or the iptables-legacy binaries on the host (flatcar-linux/init#57)
- Excluded the Kubenet cbr0 interface from networkd’s DHCP config and set it to Unmanaged to prevent interference and ensure that it is not part of the network online check (flatcar-linux/init#55)
- dev container: Fix github URL for coreos-overlay and portage-stable to use repos from flatcar-linux org directly instead of relying on redirects from the kinvolk org. This fixes checkouts with emerge-gitclone inside dev-container. (flatcar-linux/scripts#194)
- SDK: Fixed build error popping up in the new SDK Container because policycoreutils used the wrong ROOT to update the SELinux store (flatcar-linux/coreos-overlay#1502)
Changes:
Updates:
Stable 3033.2.1
Changes since stable-3033.2.0
Known issues:
- The SELinux policy store update fix resulted in some files leaked to the root filesystem top directory (flatcar-linux/Flatcar#596)
Security fixes:
- Linux (CVE-2021-4135, CVE-2021-4155, CVE-2021-28711, CVE-2021-28712, CVE-2021-28713, CVE-2021-28714, CVE-2021-28715, CVE-2021-39685, CVE-2021-44733, CVE-2021-45095, CVE-2022-0185)
- ca-certificates (CVE-2021-43527)
- containerd (CVE-2021-43816)
- expat (CVE-2021-45960, CVE-2021-46143, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827)
Bug fixes:
- Ensured that the /run/xtables.lock coordination file exists for modifications of the xtables backend from containers (must be bind-mounted) or the iptables-legacy binaries on the host (flatcar-linux/init#57)
- dev container: Fix github URL for coreos-overlay and portage-stable to use repos from flatcar-linux org directly instead of relying on redirects from the kinvolk org. This fixes checkouts with emerge-gitclone inside dev-container. (flatcar-linux/scripts#194)
- SDK: Fixed build error popping up in the new SDK Container because policycoreutils used the wrong ROOT to update the SELinux store (flatcar-linux/coreos-overlay#1502)
Changes:
Updates:
LTS 2605.25.1
Changes since LTS-2605.24.1
Security fixes
- Linux (CVE-2021-4135, CVE-2021-4155, CVE-2021-28711, CVE-2021-28712, CVE-2021-28713, CVE-2021-28714, CVE-2021-28715, CVE-2021-39685, CVE-2021-44733, CVE-2021-45095, CVE-2022-0185)
- ca-certificates (CVE-2021-43527)
Updates
Best,
The Flatcar Container Linux MaintainersSubject: Announcing new Alpha release 3127.0.0, Beta release 3066.1.1, Stable release 3033.2.1, and LTS-2605 release 2605.25.1
Hello,
We are pleased to announce new Flatcar Container Linux releases for the Alpha, Beta, Stable, and LTS-2605 channel.
Alpha 3127.0.0
Changes since alpha-3115.0.0
Security fixes:
- Linux (CVE-2021-4155, CVE-2021-4197, CVE-2021-45095, CVE-2022-0185)
- expat (CVE-2021-45960, CVE-2021-46143, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827)
- mit-krb5 (CVE-2021-37750)
- openssl (CVE-2021-4044)
Bug fixes:
- Fixed the dracut emergency Ignition log printing that had a scripting error causing the print command to fail (flatcar-linux/bootengine#33)
- Fixed leak of SELinux policy store to the root filesystem top directory due to wrong store path in policycoreutils instead of /var/lib/selinux (flatcar-linux/Flatcar#596)
Changes:
- Removed the pre-shipped /etc/flatcar/update.conf file, leaving it totally to the user to define the contents as it was unnecessarily overwriting the /use/share/flatcar/update.conf (flatcar-linux/scripts#212)
- Moved tracepath and traceroute6 from /usr/sbin to /usr/bin
Updates:
Beta 3066.1.1
Changes since beta-3066.1.0
Known issues:
- The SELinux policy store update fix resulted in some files leaked to the root filesystem top directory (flatcar-linux/Flatcar#596)
Security fixes:
- Linux (CVE-2021-4135, CVE-2021-4155, CVE-2021-28711, CVE-2021-28712, CVE-2021-28713, CVE-2021-28714, CVE-2021-28715, CVE-2021-39685, CVE-2021-44733, CVE-2021-45095, CVE-2022-0185)
- ca-certificates (CVE-2021-43527)
- containerd (CVE-2021-43816)
- expat (CVE-2021-45960, CVE-2021-46143, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827)
Bug fixes:
- Ensured that the /run/xtables.lock coordination file exists for modifications of the xtables backend from containers (must be bind-mounted) or the iptables-legacy binaries on the host (flatcar-linux/init#57)
- Excluded the Kubenet cbr0 interface from networkd’s DHCP config and set it to Unmanaged to prevent interference and ensure that it is not part of the network online check (flatcar-linux/init#55)
- dev container: Fix github URL for coreos-overlay and portage-stable to use repos from flatcar-linux org directly instead of relying on redirects from the kinvolk org. This fixes checkouts with emerge-gitclone inside dev-container. (flatcar-linux/scripts#194)
- SDK: Fixed build error popping up in the new SDK Container because policycoreutils used the wrong ROOT to update the SELinux store (flatcar-linux/coreos-overlay#1502)
Changes:
Updates:
Stable 3033.2.1
Changes since stable-3033.2.0
Known issues:
- The SELinux policy store update fix resulted in some files leaked to the root filesystem top directory (flatcar-linux/Flatcar#596)
Security fixes:
- Linux (CVE-2021-4135, CVE-2021-4155, CVE-2021-28711, CVE-2021-28712, CVE-2021-28713, CVE-2021-28714, CVE-2021-28715, CVE-2021-39685, CVE-2021-44733, CVE-2021-45095, CVE-2022-0185)
- ca-certificates (CVE-2021-43527)
- containerd (CVE-2021-43816)
- expat (CVE-2021-45960, CVE-2021-46143, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827)
Bug fixes:
- Ensured that the /run/xtables.lock coordination file exists for modifications of the xtables backend from containers (must be bind-mounted) or the iptables-legacy binaries on the host (flatcar-linux/init#57)
- dev container: Fix github URL for coreos-overlay and portage-stable to use repos from flatcar-linux org directly instead of relying on redirects from the kinvolk org. This fixes checkouts with emerge-gitclone inside dev-container. (flatcar-linux/scripts#194)
- SDK: Fixed build error popping up in the new SDK Container because policycoreutils used the wrong ROOT to update the SELinux store (flatcar-linux/coreos-overlay#1502)
Changes:
Updates:
LTS 2605.25.1
Changes since LTS-2605.24.1
Security fixes
- Linux (CVE-2021-4135, CVE-2021-4155, CVE-2021-28711, CVE-2021-28712, CVE-2021-28713, CVE-2021-28714, CVE-2021-28715, CVE-2021-39685, CVE-2021-44733, CVE-2021-45095, CVE-2022-0185)
- ca-certificates (CVE-2021-43527)
Updates
Best,
The Flatcar Container Linux Maintainers