Announcing new Alpha release 3127.0.0, Beta release 3066.1.1, Stable release 3033.2.1, and LTS-2605 release 2605.25.1

[Flatcar Container Linux User]

Hello,

We are pleased to announce new Flatcar Container Linux releases for the Alpha, Beta, Stable, and LTS-2605 channel.

Alpha 3127.0.0

Changes since alpha-3115.0.0

Security fixes:

• Linux (CVE-2021-4155, CVE-2021-4197, CVE-2021-45095, CVE-2022-0185)
• expat (CVE-2021-45960, CVE-2021-46143, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827)
• mit-krb5 (CVE-2021-37750)
• openssl (CVE-2021-4044)

Bug fixes:

• Fixed the dracut emergency Ignition log printing that had a scripting error causing the print command to fail (flatcar-linux/bootengine#33)
• Fixed leak of SELinux policy store to the root filesystem top directory due to wrong store path in policycoreutils instead of /var/lib/selinux (flatcar-linux/Flatcar#596)

Changes:

• Removed the pre-shipped /etc/flatcar/update.conf file, leaving it totally to the user to define the contents as it was unnecessarily overwriting the /use/share/flatcar/update.conf (flatcar-linux/scripts#212)
• Moved tracepath and traceroute6 from /usr/sbin to /usr/bin

Updates:

• Linux (5.15.16) (includes 5.15.14, 5.15.15)
• expat (2.4.3)
• iputils (20210722)
• openssl (3.0.1)
• parted (3.4) (includes 3.3)
• pciutils (3.7.0)
• runc (1.1.0)
• sed (4.8)
• SDK: mantle (0.18.0)

Beta 3066.1.1

Changes since beta-3066.1.0

Known issues:

• The SELinux policy store update fix resulted in some files leaked to the root filesystem top directory (flatcar-linux/Flatcar#596)

Security fixes:

• Linux (CVE-2021-4135, CVE-2021-4155, CVE-2021-28711, CVE-2021-28712, CVE-2021-28713, CVE-2021-28714, CVE-2021-28715, CVE-2021-39685, CVE-2021-44733, CVE-2021-45095, CVE-2022-0185)
• ca-certificates (CVE-2021-43527)
• containerd (CVE-2021-43816)
• expat (CVE-2021-45960, CVE-2021-46143, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827)

Bug fixes:

• Ensured that the /run/xtables.lock coordination file exists for modifications of the xtables backend from containers (must be bind-mounted) or the iptables-legacy binaries on the host (flatcar-linux/init#57)
• Excluded the Kubenet cbr0 interface from networkd’s DHCP config and set it to Unmanaged to prevent interference and ensure that it is not part of the network online check (flatcar-linux/init#55)
• dev container: Fix github URL for coreos-overlay and portage-stable to use repos from flatcar-linux org directly instead of relying on redirects from the kinvolk org. This fixes checkouts with emerge-gitclone inside dev-container. (flatcar-linux/scripts#194)
• SDK: Fixed build error popping up in the new SDK Container because policycoreutils used the wrong ROOT to update the SELinux store (flatcar-linux/coreos-overlay#1502)

Changes:

• Backported elf support for iproute2 (flatcar-linux/coreos-overlay#1256)

Updates:

• Linux (5.10.93) (from 5.10.84)
• ca-certificates (3.74)
• Docker (20.10.12)
• containerd (1.5.9)
• expat (2.4.3)

Stable 3033.2.1

Changes since stable-3033.2.0

Known issues:

• The SELinux policy store update fix resulted in some files leaked to the root filesystem top directory (flatcar-linux/Flatcar#596)

Security fixes:

• Linux (CVE-2021-4135, CVE-2021-4155, CVE-2021-28711, CVE-2021-28712, CVE-2021-28713, CVE-2021-28714, CVE-2021-28715, CVE-2021-39685, CVE-2021-44733, CVE-2021-45095, CVE-2022-0185)
• ca-certificates (CVE-2021-43527)
• containerd (CVE-2021-43816)
• expat (CVE-2021-45960, CVE-2021-46143, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827)

Bug fixes:

• Ensured that the /run/xtables.lock coordination file exists for modifications of the xtables backend from containers (must be bind-mounted) or the iptables-legacy binaries on the host (flatcar-linux/init#57)
• dev container: Fix github URL for coreos-overlay and portage-stable to use repos from flatcar-linux org directly instead of relying on redirects from the kinvolk org. This fixes checkouts with emerge-gitclone inside dev-container. (flatcar-linux/scripts#194)
• SDK: Fixed build error popping up in the new SDK Container because policycoreutils used the wrong ROOT to update the SELinux store (flatcar-linux/coreos-overlay#1502)

Changes:

• Backported elf support for iproute2 (flatcar-linux/coreos-overlay#1256)

Updates:

• Linux (5.10.93) (from 5.10.84)
• ca-certificates (3.74)
• Docker (20.10.12)
• containerd (1.5.9)
• expat (2.4.3)

LTS 2605.25.1

Changes since LTS-2605.24.1

Security fixes

• Linux (CVE-2021-4135, CVE-2021-4155, CVE-2021-28711, CVE-2021-28712, CVE-2021-28713, CVE-2021-28714, CVE-2021-28715, CVE-2021-39685, CVE-2021-44733, CVE-2021-45095, CVE-2022-0185)
• ca-certificates (CVE-2021-43527)

Updates

• Linux (5.4.173) (includes 5.4.165, 5.4.166, 5.4.167, 5.4.168, 5.4.169, 5.4.170, 5.4.171, 5.4.172)
• ca-certificates (3.74) (includes 3.73.1)

Best,
The Flatcar Container Linux MaintainersSubject: Announcing new Alpha release 3127.0.0, Beta release 3066.1.1, Stable release 3033.2.1, and LTS-2605 release 2605.25.1

 Comment

Hello,
We are pleased to announce new Flatcar Container Linux releases for the Alpha, Beta, Stable, and LTS-2605 channel.

Alpha 3127.0.0

Changes since alpha-3115.0.0

Security fixes:

• Linux (CVE-2021-4155, CVE-2021-4197, CVE-2021-45095, CVE-2022-0185)
• expat (CVE-2021-45960, CVE-2021-46143, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827)
• mit-krb5 (CVE-2021-37750)
• openssl (CVE-2021-4044)

Bug fixes:

• Fixed the dracut emergency Ignition log printing that had a scripting error causing the print command to fail (flatcar-linux/bootengine#33)
• Fixed leak of SELinux policy store to the root filesystem top directory due to wrong store path in policycoreutils instead of /var/lib/selinux (flatcar-linux/Flatcar#596)

Changes:

• Removed the pre-shipped /etc/flatcar/update.conf file, leaving it totally to the user to define the contents as it was unnecessarily overwriting the /use/share/flatcar/update.conf (flatcar-linux/scripts#212)
• Moved tracepath and traceroute6 from /usr/sbin to /usr/bin

Updates:

• Linux (5.15.16) (includes 5.15.14, 5.15.15)
• expat (2.4.3)
• iputils (20210722)
• openssl (3.0.1)
• parted (3.4) (includes 3.3)
• pciutils (3.7.0)
• runc (1.1.0)
• sed (4.8)
• SDK: mantle (0.18.0)

Beta 3066.1.1

Changes since beta-3066.1.0

Known issues:

• The SELinux policy store update fix resulted in some files leaked to the root filesystem top directory (flatcar-linux/Flatcar#596)

Security fixes:

• Linux (CVE-2021-4135, CVE-2021-4155, CVE-2021-28711, CVE-2021-28712, CVE-2021-28713, CVE-2021-28714, CVE-2021-28715, CVE-2021-39685, CVE-2021-44733, CVE-2021-45095, CVE-2022-0185)
• ca-certificates (CVE-2021-43527)
• containerd (CVE-2021-43816)
• expat (CVE-2021-45960, CVE-2021-46143, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827)

Bug fixes:

• Ensured that the /run/xtables.lock coordination file exists for modifications of the xtables backend from containers (must be bind-mounted) or the iptables-legacy binaries on the host (flatcar-linux/init#57)
• Excluded the Kubenet cbr0 interface from networkd’s DHCP config and set it to Unmanaged to prevent interference and ensure that it is not part of the network online check (flatcar-linux/init#55)
• dev container: Fix github URL for coreos-overlay and portage-stable to use repos from flatcar-linux org directly instead of relying on redirects from the kinvolk org. This fixes checkouts with emerge-gitclone inside dev-container. (flatcar-linux/scripts#194)
• SDK: Fixed build error popping up in the new SDK Container because policycoreutils used the wrong ROOT to update the SELinux store (flatcar-linux/coreos-overlay#1502)

Changes:

• Backported elf support for iproute2 (flatcar-linux/coreos-overlay#1256)

Updates:

• Linux (5.10.93) (from 5.10.84)
• ca-certificates (3.74)
• Docker (20.10.12)
• containerd (1.5.9)
• expat (2.4.3)

Stable 3033.2.1

Changes since stable-3033.2.0

Known issues:

• The SELinux policy store update fix resulted in some files leaked to the root filesystem top directory (flatcar-linux/Flatcar#596)

Security fixes:

• Linux (CVE-2021-4135, CVE-2021-4155, CVE-2021-28711, CVE-2021-28712, CVE-2021-28713, CVE-2021-28714, CVE-2021-28715, CVE-2021-39685, CVE-2021-44733, CVE-2021-45095, CVE-2022-0185)
• ca-certificates (CVE-2021-43527)
• containerd (CVE-2021-43816)
• expat (CVE-2021-45960, CVE-2021-46143, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827)

Bug fixes:

• Ensured that the /run/xtables.lock coordination file exists for modifications of the xtables backend from containers (must be bind-mounted) or the iptables-legacy binaries on the host (flatcar-linux/init#57)
• dev container: Fix github URL for coreos-overlay and portage-stable to use repos from flatcar-linux org directly instead of relying on redirects from the kinvolk org. This fixes checkouts with emerge-gitclone inside dev-container. (flatcar-linux/scripts#194)
• SDK: Fixed build error popping up in the new SDK Container because policycoreutils used the wrong ROOT to update the SELinux store (flatcar-linux/coreos-overlay#1502)

Changes:

• Backported elf support for iproute2 (flatcar-linux/coreos-overlay#1256)

Updates:

• Linux (5.10.93) (from 5.10.84)
• ca-certificates (3.74)
• Docker (20.10.12)
• containerd (1.5.9)
• expat (2.4.3)

LTS 2605.25.1

Changes since LTS-2605.24.1

Security fixes

• Linux (CVE-2021-4135, CVE-2021-4155, CVE-2021-28711, CVE-2021-28712, CVE-2021-28713, CVE-2021-28714, CVE-2021-28715, CVE-2021-39685, CVE-2021-44733, CVE-2021-45095, CVE-2022-0185)
• ca-certificates (CVE-2021-43527)

Updates

• Linux (5.4.173) (includes 5.4.165, 5.4.166, 5.4.167, 5.4.168, 5.4.169, 5.4.170, 5.4.171, 5.4.172)
• ca-certificates (3.74) (includes 3.73.1)

Best,
The Flatcar Container Linux Maintainers