Workload cluster release v19.3.4 for AWS
This is a security release featuring latest version of Flatcar Container Linux.
Change details
containerlinux 3815.2.2
Changes since Stable 3815.2.1
Security fixes:
- Linux (CVE-2023-28746, CVE-2023-47233, CVE-2023-52639, CVE-2023-6270, CVE-2023-7042, CVE-2024-22099, CVE-2024-23307, CVE-2024-24861, CVE-2024-26584, CVE-2024-26585, CVE-2024-26642, CVE-2024-26651, CVE-2024-26654, CVE-2024-26659, CVE-2024-26686, CVE-2024-26700, CVE-2024-26809)
- Downgraded xz-utils to 5.4.2 as precaution even though Flatcar is not affected of the SSH backdoor (CVE-2024-3094)
- openssh (CVE-2023-48795, CVE-2023-51384, CVE-2023-51385)
Bug fixes:
- Disabled user-configdrive.service on OpenStack when config drive is used, which caused the hostname to be overwritten. The coreos-cloudinit.service unit already runs on OpenStack if the system is not configured via ignition. (Flatcar#1385)
- Fixed
toolbox
to prevent mountedctr
snapshots from being garbage-collected (toolbox#9)
Changes:
- Disabled real-time priority for multipathd as it prevents the cgroups2 cpu controller from working. (scripts#1771)
- SDK: Unified qemu image formats, so that the
qemu_uefi
build target provides the regularqemu
and theqemu_uefi_secure
artifacts (scripts#1847)