You can see the latest product updates for all of Google Cloud on the Google Cloud page, browse and filter all release notes in the Google Cloud console, or programmatically access release notes in BigQuery.
To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly.
October 21, 2024
cos-101-17162-528-64
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.161 | v20.10.27 | v1.6.28 | See List |
Updated app-arch/libarchive to version 3.7.6. This fixed CVE-2024-48957, CVE-2024-48958.
Fixed CVE-2024-44958 in the Linux kernel.
Fixed CVE-2024-43892 in the Linux kernel.
October 14, 2024
cos-101-17162-528-61
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.161 | v20.10.27 | v1.6.28 | See List |
Fixed CVE-2024-45003 in the Linux kernel.
Fixed CVE-2024-44965 in the Linux kernel.
Fixed CVE-2024-46829 in the Linux kernel.
October 07, 2024
cos-101-17162-528-57
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.161 | v20.10.27 | v1.6.28 | See List |
Updated the GPU installer to v2.4.1.
Fixed CVE-2024-46750 in the Linux kernel.
Updated the GPU installer to v2.4.1.
Fixed CVE-2024-46750 in the Linux kernel.
September 30, 2024
cos-101-17162-528-54
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.161 | v20.10.27 | v1.6.28 | See List |
Updated cos-gpu-installer to v2.4.0. It identifies GPU drivers before installation.
Fixed CVE-2024-42246 in the Linux kernel
Fixed CVE-2024-46763 in the Linux kernel.
Fixed CVE-2024-46679 in the Linux kernel.
Fixed CVE-2024-46721 in the Linux kernel
Fixed CVE-2024-46800 in the Linux kernel
Fixed CVE-2024-46743 in the Linux kernel
Fixed CVE-2024-46738 in the Linux kernel
Fixed CVE-2024-40905 in the Linux kernel
September 23, 2024
cos-101-17162-528-49
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.161 | v20.10.27 | v1.6.28 | See List |
Fixed CVE-2024-38588 in the Linux kernel
Fixed CVE-2024-38588 in the Linux kernel
Fixed CVE-2024-43853 in the Linux kernel
Fixed CVE-2024-44940 in the Linux kernel
Fixed CVE-2024-43817 in the Linux kernel
Fixed CVE-2024-44947 in the Linux kernel
Fixed CVE-2024-42131 in the Linux kernel
Fixed CVE-2024-45025 in the Linux kernel
Fixed CVE-2024-45021 in the Linux kernel
Fixed CVE-2024-41012 in the Linux kernel
September 16, 2024
cos-101-17162-528-40
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.161 | v20.10.27 | v1.6.28 | See List |
Fixed CVE-2024-6232 in dev-lang/python.
Updated dev-libs/expat to v2.6.3. This fixed CVE-2024-45492, CVE-2024-45490, CVE-2024-45491.
Fixed CVE-2024-43893 in the Linux kernel
Fixed CVE-2024-39468 in the Linux kernel
Fixed CVE-2024-43871 in the Linux kernel
Fixed CVE-2024-44944 in the Linux kernel
Fixed CVE-2024-44985 in the Linux kernel
Fixed CVE-2024-43882 in the Linux kernel
Fixed CVE-2024-44987 in the Linux kernel
Fixed CVE-2024-44986 in the Linux kernel
September 09, 2024
cos-101-17162-528-34
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.161 | v20.10.27 | v1.6.28 | See List |
Fixes CVE-2023-7256 in net-libs/libpcap.
Fixes CVE-2024-40959 in the Linux kernel.
Fixes CVE-2024-40995 in the Linux kernel.
Fixes CVE-2024-43828 in the Linux kernel.
Fixes CVE-2024-41055 in the Linux kernel.
Fixes CVE-2024-43856 in the Linux kernel.
Fixes CVE-2024-40958 in the Linux kernel.
Fixes CVE-2024-41073 in the Linux kernel.
Fixes CVE-2024-44934 in the Linux kernel.
Fixes CVE-2024-41049 in the Linux kernel.
September 03, 2024
cos-101-17162-528-27
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.161 | v20.10.27 | v1.6.28 | See List |
Fixed CVE-2024-37370, CVE-2024-37371 in app-crypt/mit-krb5.
Updated app-editors/vim, app-editors/vim-core to version 9.1.0686. This fixed CVE-2024-41957, CVE-2024-41965.
Fixed CVE-2024-40954 in the Linux kernel.
Fixed CVE-2024-43854 in the Linux kernel.
Fixed CVE-2024-43854 in the Linux kernel.
Fixed CVE-2024-43854 in the Linux kernel.
Fixed CVE-2024-41098 in the Linux kernel.
Fixed CVE-2024-42283 in the Linux kernel.
Fixed CVE-2024-42269 in the Linux kernel.
Fixed CVE-2024-42270 in the Linux kernel.
Fixed CVE-2024-40994 in the Linux kernel.
Fixed CVE-2023-52889 in the Linux kernel.
Fixed CVE-2024-41000 in the Linux kernel.
Fixed CVE-2024-42102 in the Linux kernel.
Fixed CVE-2024-40960 in the Linux kernel.
Fixed CVE-2024-40961 in the Linux kernel.
Fixed KCTF-c07ff85 in the Linux kernel.
August 26, 2024
cos-101-17162-528-16
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.161 | v20.10.27 | v1.6.28 | See List |
Fixed CVE-2023-0597 in the Linux kernel.
Fixed CVE-2024-42154 in the Linux kernel
Fixed CVE-2024-41087 in the Linux kernel
Fixed CVE-2024-42247 in the Linux kernel
Runtime sysctl changes:
- Changed: fs.file-max: 813025 -> 813018
- Changed: kernel.threads-max: 63552 -> 63551
- Changed: net.ipv4.tcp_mem: 94140 125520 188280 -> 94137 125519 188274
- Changed: net.ipv4.udp_mem: 188280 251041 376560 -> 188277 251039 376554
- Changed: user.max_cgroup_namespaces: 31776 -> 31775
- Changed: user.max_ipc_namespaces: 31776 -> 31775
- Changed: user.max_mnt_namespaces: 31776 -> 31775
- Changed: user.max_net_namespaces: 31776 -> 31775
- Changed: user.max_pid_namespaces: 31776 -> 31775
- Changed: user.max_time_namespaces: 31776 -> 31775
- Changed: user.max_user_namespaces: 31776 -> 31775
- Changed: user.max_uts_namespaces: 31776 -> 31775
August 12, 2024
cos-101-17162-528-12
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.161 | v20.10.27 | v1.6.28 | v470.256.02(default),v550.90.07(latest) |
This is an LTS Refresh release.
Enabled the feature to utilize the gpu_driver_versions proto
file for controlling the specific GPU driver version to be installed for each GPU type.
Updated cos-gpu-installer to v2.3.5 - Improved error messaging for incompatible GPU driver input.
Removed crash-reporter KVM support.
Removed dev-go/grpc.
Disable NVIDIA persistence mode with -no-verify flag.
Fixed CVE-2024-6602 in dev-libs/nss.
Fixed CVE-2024-2511, CVE-2024-4741, CVE-2024-5535 in dev-libs/openssl.
Upgraded curl to v8.9.0. This fixes CVE-2024-6197.
Fixed CVE-2024-6345 in dev-python/setuptools.
Updated ncurses to 6.4_p20240414. This resolves CVE-2023-45918.
Fixed CVE-2021-36084, CVE-2021-36085, CVE-2021-36086, CVE-2021-36087 in sys-libs/libsepol.
Fixed CVE-2024-39472 in the Linux kernel.
Fixed CVE-2024-42229 in the Linux kernel.
Fixed CVE-2024-42068 in the Linux kernel.
Fixed CVE-2024-42082 in the Linux kernel.
Fixed CVE-2024-38577 in the Linux kernel.
Fixes CVE-2024-36901 in the Linux kernel.
Fixes CVE-2024-39482 in the Linux kernel.
July 22, 2024
cos-101-17162-463-62
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.155 | v20.10.27 | v1.6.28 | v470.256.02(default),v550.90.07(latest) |
Added the package revision number to the SSH banner in net-misc/openssh.
Fixed CVE-2024-24790 and CVE-2024-24789 in dev-lang/go.
July 15, 2024
cos-101-17162-463-58
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.155 | v20.10.27 | v1.6.28 | v470.256.02(default),v550.90.07(latest) |
Updated cos-gpu-installer to v2.3.5.
Updated net-misc/wget to v1.24.5. This fixed CVE-2024-38428.
Fixed CVE-2024-36978 in the Linux kernel.
July 01, 2024
cos-101-17162-463-55
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.155 | v20.10.27 | v1.6.28 | v470.256.02(default),v550.90.07(latest) |
Fixed CVE-2024-38662 in the Linux kernel.
Runtime sysctl changes:
- Added: net.ipv4.tcp_rto_min_us: 200000
Fixed CVE-2024-6387 in net-misc/openssh.
June 24, 2024
cos-101-17162-463-51
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.155 | v20.10.27 | v1.6.28 | v470.256.02(default),v550.90.07(latest) |
Fixed upload throughput in gVisor container in gVNIC.
Fixed a crash in the Linux kernel.
June 18, 2024
cos-101-17162-463-48
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.155 | v20.10.27 | v1.6.28 | v470.256.02(default),v550.90.07(latest) |
Update R550, latest driver to v550.90.07.This fixes CVE‑2024‑0090, CVE‑2024‑0091, CVE‑2024‑0092 Update R535 to v535.183.01.This fixes CVE‑2024‑0090, CVE‑2024‑0092 Update R470, default driver to v470.256.02.This fixes CVE‑2024‑0090, CVE‑2024‑0092
Upgraded app-arch/lz4 to 1.9.4. Fixes CVE-2021-3520.
Upgraded app-arch/libarchive to version 3.7.4. Fixes CVE-2024-26256.
Fixed CVE-2024-26584 in the Linux kernel.
Fixed CVE-2024-26583 in the Linux kernel.
Fixes CVE-2024-36902 in the Linux kernel.
Fixes CVE-2024-36938 in the Linux kernel.
June 10, 2024
cos-101-17162-463-42
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.155 | v20.10.27 | v1.6.28 | v470.239.06(default),v550.54.15(latest) |
Updated cos-gpu-installer to v2.3.3. This resolves potential synchronization issues and ensures proper cleanup of mounts in GPU driver installation directory configuration.
Fixed frequent restarts in the fluent-bit stackdriver plugin.
Updated cos-gpu-installer to v2.3.4. This fixes CVEs: CVE-2023-29402, CVE-2023-29405, CVE-2023-29404, CVE-2023-24540, CVE-2023-24538, CVE-2022-41721, GHSA-m425-mq94-257g, CVE-2022-41715, CVE-2022-30633, CVE-2022-41724, CVE-2022-2880, CVE-2022-30631, CVE-2021-29923, CVE-2022-24675, CVE-2022-30580, CVE-2022-41723, CVE-2023-24534, CVE-2022-41725, CVE-2022-2879, CVE-2023-24539, CVE-2022-30635, CVE-2023-45285, CVE-2022-32149, CVE-2023-24537, CVE-2022-32189, CVE-2022-28131, CVE-2023-39323, CVE-2022-28327, CVE-2022-30630, CVE-2023-44487, CVE-2023-39325, CVE-2022-27664, CVE-2023-45287, CVE-2023-29400, CVE-2023-24536, CVE-2023-29403, CVE-2022-30632, CVE-2023-39318, CVE-2020-29511, CVE-2024-24786, CVE-2023-3978, CVE-2022-41717, CVE-2022-32148, CVE-2023-39326, CVE-2023-45288, CVE-2022-1962, CVE-2023-24532, CVE-2023-39319, CVE-2022-1705, CVE-2020-29509, CVE-2023-29406, CVE-2023-29409, CVE-2022-30629
Updated dev-vcs/git to v2.45.1. This fixes CVE-2024-32002,CVE-2024-32020,CVE-2024-32465,CVE-2024-32004,CVE-2024-32021.
Fixed CVE-2024-27018 and CVE-2024-36008 in the linux kernel.
June 03, 2024
cos-101-17162-463-37
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.155 | v20.10.27 | v1.6.28 | v470.239.06(default),v550.54.15(latest) |
Updated cos-gpu-installer to v2.3.2.
Fixed CVE-2024-34459 in the libxml2 package.
Fixed CVE-2024-27013 in the linux kernel.
Fixed a bug in auto update engine when confidential VMs are enabled.
May 28, 2024
cos-101-17162-463-29
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.155 | v20.10.27 | v1.6.28 | v470.239.06(default),v550.54.15(latest) |
Fixed system-accounts-secured benchmark by changing the system account range used in the benchmark.
Updated sys-apps/apparmor to v2.13.11. This resolves CVE-2016-1585.
Updated net-libs/gnutls to v3.8.5. This fixes CVE-2024-28834.
May 21, 2024
cos-101-17162-463-26
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.155 | v20.10.27 | v1.6.28 | v470.239.06(default),v550.54.15(latest) |
Updated cos-gpu-installer to v2.3.1.
Add IPv6 support for endor boards.
Fixed CVE-2024-26900 in the Linux kernel.
May 06, 2024
cos-101-17162-463-16
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.155 | v20.10.27 | v1.6.28 | v470.239.06(default),v550.54.15(latest) |
Fixed CVE-2017-18207 in dev-lang/python.
Fixed CVE-2023-32681 in dev-python/requests.
Updated cos-gpu-installer to v2.3.0.
Fixed CVE-2022-2806 in app-admin/sosreport.
Fixed CVE-2023-0687, CVE-2024-2961, CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602 in sys-libs/glibc.
Fixed CVE-2021-37600, CVE-2021-3995, CVE-2021-3996 in sys-apps/util-linux.
Updated net-dns/c-ares to v1.27. This fixed CVE-2024-25629.
Fixed CVE-2024-26921 in the Linux kernel.
April 30, 2024
cos-101-17162-463-8
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.155 | v20.10.27 | v1.6.28 | v470.239.06(default),v550.54.15(latest) |
This is an LTS Refresh release.
Included nvidia plugin in sosreport.
Updated cos-gpu-installer to v2.1.11. Added major version specification for GPU driver installation.
Updated docker and docker-cli to v20.10.27.
Fixed CVE-2023-4641 in sys-apps/shadow.
Fixed CVE-2023-50387, CVE-2023-50868, CVE-2023-7008 in sys-apps/systemd.
Updated sys-apps/shadow to v4.12.3. This resolves CVE-2013-4235.
Fixed CVE-2023-0767, CVE-2023-5388, CVE-2023-6135, CVE-2024-0743 in dev-libs/nss.
Fixed CVE-2023-5678 in dev-libs/openssl.
Updated dev-vcs/git to v2.44.0. This fixed CVE-2022-23521, CVE-2022-24765, CVE-2022-29187, CVE-2022-39253, CVE-2022-39260, CVE-2022-41903, CVE-2023-22490, CVE-2023-23946, CVE-2023-25652, CVE-2023-25815, CVE-2023-29007.
Updated net-dns/c-ares to v1.19.1. This fixed CVE-2022-4904, CVE-2023-31124, CVE-2023-31130, CVE-2023-31147, CVE-2023-32067
Updated dev-python/pyyaml to v5.4.1. This fixed CVE-2017-18342, CVE-2019-20477, CVE-2020-14343, CVE-2020-1747.
Updated app-arch/tar to v1.35. This fixed CVE-2023-39804.
Updated net-misc/curl to v8.7.1. This fixed CVE-2024-2004, CVE-2024-2379, CVE-2024-2398, CVE-2024-2466.
Updated dev-libs/expat to v2.6.2. This fixed CVE-2022-40674, CVE-2022-43680, CVE-2023-52425, CVE-2023-52426, CVE-2024-28757.
Updated sys-libs/zlib to v1.2.13. This fixed CVE-2018-25032, CVE-2022-37434.
Updated app-admin/sudo to v1.9.15_p5. This fixed CVE-2022-33070, CVE-2022-43995, CVE-2023-22809, CVE-2023-27320, CVE-2023-28486, CVE-2023-28487, CVE-2023-42465.
Fixed CVE-2024-28182 in net-libs/nghttp2.
Fixed CVE-2024-26603 in the Linux kernel.
Fixed CVE-2024-26602 in the Linux kernel.
Fixed CVE-2024-26601 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 813030 -> 813025
- Changed: net.ipv6.route.max_size: 4096 -> 2147483647
Fixed issues with the SRSO vulnerability mitigation (CVE-2023-20569). This fix might negatively impact the performance of your workloads on AMD machine types.
April 23, 2024
cos-101-17162-386-65
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.146 | v20.10.24 | v1.6.28 | v470.239.06(default),v550.54.15(latest) |
Fixed a crash during CIFS volumes mount.
April 15, 2024
cos-101-17162-386-64
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.146 | v20.10.24 | v1.6.28 | v470.239.06(default),v550.54.15(latest) |
Updated NVIDIA GPU drivers to v550.54.15. Fixed a potential corruption when launching kernels on H100 GPUs, which is more likely to occur when the GPU is shared between multiple processes.
Updated NVIDIA GPU drivers to v535.161.08. Fixed a potential corruption when launching kernels on H100 GPUs.
April 01, 2024
cos-101-17162-386-59
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.146 | v20.10.24 | v1.6.28 | v470.239.06(default),v550.54.14(latest) |
Added NVIDIA GPU drivers R550 branch and update latest to 550.54.14.
March 27, 2024
cos-101-17162-386-57
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.146 | v20.10.24 | v1.6.28 | v470.239.06(default),v535.161.07(latest) |
Fixed bug in google-guest-agent service enablement.
Fixed CVE-2024-26591 in the Linux kernel.
Fixed CVE-2024-26589 in the Linux kernel
Fixed CVE-2024-26585 in the Linux kernel.
Fixed CVE-2023-52439 in the Linux kernel.
Fixed CVE-2023-52434 in the Linux kernel.
Fixed CVE-2023-52435 in the Linux kernel.
Fixed CVE-2023-52443 in the Linux kernel.
March 20, 2024
cos-101-17162-386-47
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.146 | v20.10.24 | v1.6.28 | v470.239.06(default),v535.161.07(latest) |
Fixed CVE-2024-0727 in dev-libs/openssl.
Updated app-editors/vim to 9.0.2167. This fixed CVE-2023-48231, CVE-2023-48232, CVE-2023-48233, CVE-2023-48234, CVE-2023-48235, CVE-2023-48236, CVE-2023-48237, CVE-2023-48706, CVE-2024-22667.
Fixed CVE-2023-52447 in the Linux kernel.
March 11, 2024
cos-101-17162-386-43
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.146 | v20.10.24 | v1.6.28 | v470.239.06(default),v535.161.07(latest) |
Updated cos-gpu-installer to v2.2.1. Fixed cached driver installation error with network disabled. Added force-fallback flag, major version specification for GPU driver installation and fixed ordering of kernel module loading for nvidia-modeset and nvidia-drm
Updated NVIDIA GPU drivers to v470.239.06 and v535.161.07. This fixes CVE‑2024‑0074, CVE-2024-0075 and CVE-2022-42265.
March 06, 2024
cos-101-17162-386-37
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.146 | v20.10.24 | v1.6.28 | v470.223.02 (default),v535.154.05(latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Fixed CVE-2024-24557 in app-emulation/docker.
Fixed CVE-2024-23851 in the Linux kernel.
February 27, 2024
cos-101-17162-386-33
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.146 | v20.10.24 | v1.6.28 | v470.223.02 (default),v535.154.05(latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Updated app-emulation/containerd to 1.6.28.
Upgraded net-misc/curl to version 8.6.0. This fixes CVE-2024-0853.
Updated dev-libs/libxml2 to 2.11.7. This fixes CVE-2024-25062.
Fixed CVE-2024-26581 in the Linux kernel.
Fixed CVE-2022-3566 in the Linux kernel.
Fixed CVE-2022-3567 in the Linux kernel.
Fixed CVE-2024-1086 in the Linux kernel.
February 12, 2024
cos-101-17162-386-22
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.146 | v20.10.24 | v1.6.24 | v470.223.02 (default),v535.154.05(latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Fixed CVE-2023-40546, CVE-2023-40547 CVE-2023-40548, CVE-2023-40549, CVE-2023-40550 and CVE-2023-40551 in sys-boot/shim.
Fixed CVE-2023-5678 in dev-libs/openssl.
Fixed CVE-2024-0567 and CVE-2024-0553 in net-libs/gnutls.
Fixed CVE-2024-1085 and CVE-2023-46838 in the Linux kernel.
Fragmented nvidia-drivers and nvidia-drivers-open pkg into separate packages per major version.
February 05, 2024
cos-101-17162-386-12
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.146 | v20.10.24 | v1.6.24 | v470.223.02 (default),v535.154.05(latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Fixed CVE-2023-6915 in the Linux kernel.
January 31, 2024
cos-101-17162-386-11
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.146 | v20.10.24 | v1.6.24 | v470.223.02 (default),v535.154.05(latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Updated latest NVIDIA GPU driver to 535.154.05.
Updated cos-gpu-installer to v2.1.10.
Updated app-emulation/containerd to 1.6.24.
Fixed CVE-2023-3164 in sys-apps/gawk.
Fixed CVE-2024-22195 in dev-python/jinja.
Fixed CVE-2024-21626 in app-emulation/runc.
Fixed CVE-2024-0646 in the Linux kernel.
Fixed CVE-2023-6040 in the Linux kernel.
Runtime sysctl changes:
- Added: net.ipv6.conf.all.accept_ra_min_lft: 0
- Added: net.ipv6.conf.default.accept_ra_min_lft: 0
- Added: net.ipv6.conf.docker0.accept_ra_min_lft: 0
- Added: net.ipv6.conf.eth0.accept_ra_min_lft: 0
- Added: net.ipv6.conf.lo.accept_ra_min_lft: 0
- Changed: fs.file-max: 813032 -> 813030
January 16, 2024
cos-101-17162-336-47
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.133 | v20.10.24 | v1.6.24 | v470.223.02 (default),v535.129.03(latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Upgraded dev-db/sqlite to v3.44.2-r2. This fixes CVE-2023-7104.
Fixed CVE-2023-48795 in net-misc/openssh.
January 08, 2024
cos-101-17162-336-45
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.133 | v20.10.24 | v1.6.24 | v470.223.02 (default),v535.129.03(latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Upgraded sys-apps/dbus to v1.12.28. This fixes CVE-2023-34969, CVE-2022-42012, CVE-2022-42011 and CVE-2022-42010.
Fixed CVE-2023-51385 in net-misc/openssh.
Fixed CVE-2023-6931 in the Linux kernel.
January 02, 2024
cos-101-17162-336-43
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.133 | v20.10.24 | v1.6.24 | v470.223.02 (default),v535.129.03(latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Updated docker-credential-gcr to v2.1.21.
Updated dev-lang/go to v1.20.12. This resolves CVE-2023-45285 and CVE-2023-39326.
Updated net-misc/curl to v8.5.0. This resolves CVE-2023-46218.
Fixed CVE-2023-6817 in the Linux kernel.
Fixed CVE-2023-6931 in the Linux kernel.
Fixed CVE-2023-6932 in the Linux kernel.
December 19, 2023
cos-101-17162-336-35
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.133 | v20.10.24 | v1.6.24 | v470.223.02 (default),v535.129.03(latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Fixed a container performance issue that occurred after
running systemctl start cloud-audit-setup
.
Fixed CVE-2023-6622 in the Linux kernel.
December 04, 2023
cos-101-17162-336-28
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.133 | v20.10.24 | v1.6.24 | v470.223.02 (default),v535.129.03(latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Fixed CVE-2023-46862 in the Linux kernel.
November 29, 2023
cos-101-17162-336-27
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.133 | v20.10.24 | v1.6.24 | v470.223.02 (default),v535.129.03(latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Updated NVIDIA GPU drivers. This resolves CVE-2023-31022.
Updated dev-libs/libxml2 to v2.11.5. This resolves CVE-2023-45322.
November 15, 2023
cos-101-17162-336-25
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.133 | v20.10.24 | v1.6.24 | v470.199.02(default),v535.104.12(latest) |
Updated dev-lang/go to v1.20.10. This resolves CVE-2023-44487 and CVE-2023-39325.
Updated app-editors/vim,app-editors/vim-core to v9.0.2092. This resolves CVE-2023-4733, CVE-2023-4734, CVE-2023-4735, CVE-2023-4736, CVE-2023-4738, CVE-2023-4750, CVE-2023-4752, CVE-2023-4781, CVE-2023-5344, CVE-2023-5441, CVE-2023-5535.
Updated net-libs/nghttp2 to v1.57.0. This resolves CVE-2023-44487 and CVE-2023-35945.
Fixed CVE-2023-46813 in the Linux kernel.
November 14, 2023
cos-101-17162-336-25
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.133 | v20.10.24 | v1.6.24 | v470.199.02(default),v535.104.12(latest) |
Updated dev-lang/go to 1.20.10. This resolves CVE-2023-44487, CVE-2023-39325
Updated app-editors/vim,app-editors/vim-core to v9.0.2092. This resolves CVE-2023-4733, CVE-2023-4734, CVE-2023-4735, CVE-2023-4736 CVE-2023-4738, CVE-2023-4750, CVE-2023-4752, CVE-2023-4781 CVE-2023-5344, CVE-2023-5441, CVE-2023-5535.
Updated net-libs/nghttp2 to v1.57.0. This resolves CVE-2023-44487 and CVE-2023-35945.
Fixed CVE-2023-46813 in the Linux kernel.
November 07, 2023
cos-101-17162-336-20
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.133 | v20.10.24 | v1.6.24 | v470.199.02(default),v535.104.12(latest) |
Updated google-guest-configs to 20230929.00.
Fixed CVE-2023-42754 in the Linux kernel.
Fixed CVE-2023-5717 in the Linux kernel.
October 30, 2023
cos-101-17162-336-16
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.133 | v20.10.24 | v1.6.24 | v470.199.02(default),v535.104.12(latest) |
Updated app-emulation/containerd to v1.6.24.
Enable portmapper registration reporting for lsof. This also fixes an issue where lsof
is missing from SOS reports.
Fix Node restart due to kernel panic is C3D machines.
Updated dev-lang/go to v1.20.9. This resolves CVE-2023-39323.
October 24, 2023
cos-101-17162-336-9
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.133 | v20.10.24 | v1.6.21 | v470.199.02(default),v535.104.12(latest) |
Update latest NVIDIA GPU drivers to 535.104.12.
October 16, 2023
cos-101-17162-336-7
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.133 | v20.10.24 | v1.6.21 | v470.199.02(default),v535.104.05(latest) |
Fixed CVE-2022-48560 in dev-lang/python package.
Upgraded net-misc/curl to v8.4.0. This resolves CVE-2023-38545.
Fixed CVE-2023-38039 in net-misc/curl.
Fixed CVE-2023-5197 in the Linux kernel.
Fixed CVE-2023-42756 in COS kernel.
Fixed CVE-2023-42753 in the Linux Kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 813043 -> 813032
- Changed: kernel.threads-max: 63551 -> 63552
- Changed: net.netfilter.nf_conntrack_sctp_timeout_shutdown_recd: 0 -> 3
- Changed: net.netfilter.nf_conntrack_sctp_timeout_shutdown_sent: 0 -> 3
- Changed: user.max_cgroup_namespaces: 31775 -> 31776
- Changed: user.max_ipc_namespaces: 31775 -> 31776
- Changed: user.max_mnt_namespaces: 31775 -> 31776
- Changed: user.max_net_namespaces: 31775 -> 31776
- Changed: user.max_pid_namespaces: 31775 -> 31776
- Changed: user.max_time_namespaces: 31775 -> 31776
- Changed: user.max_user_namespaces: 31775 -> 31776
- Changed: user.max_uts_namespaces: 31775 -> 31776
October 03, 2023
cos-101-17162-279-57
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.120 | v20.10.24 | v1.6.21 | v470.199.02(default),v535.104.05 |
Updated cos-gpu-installer to v2.1.9.
September 26, 2023
cos-101-17162-279-55
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.120 | v20.10.24 | v1.6.21 | v470.199.02(default),v535.104.05 |
Fixed an issue where IPv6 networking would fail under high CPU load.
Upgraded go from 1.19.13 to 1.20.8. This also required upgrading dev-go/go-tools to 0.3.0. Fixed CVE-2023-39318 and CVE-2023-39319.
Fixed CVE-2023-40217 in the dev-lang/python package.
Fixed CVE-2023-4921 in the Linux kernel.
Fixed CVE-2023-4569 in the Linux kernel
Fixed CVE-2023-4623 in the Linux kernel.
Fixed CVE-2023-4622 in the Linux kernel.
September 18, 2023
cos-101-17162-279-47
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.120 | v20.10.24 | v1.6.21 | v470.199.02(default),v535.104.05 |
Fixed an issue where symlinks could not be moved.
Fixed an issue with NFS reconnects on GKE.
Update dev-lang/go to v1.19.13. This resolves CVE-2023-29409.
September 11, 2023
cos-101-17162-279-42
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.120 | v20.10.24 | v1.6.21 | v470.199.02(default),v535.104.05 |
Updated cos-gpu-installer to v2.1.7. Switched precompiled driver and signature location to COS build artifacts.
Updated latest GPU driver to v535.104.05.
Changed error handling in get_metadata_value script to retry if connection error happens during instance metadata check.
Fixed the following CVEs in sys-libs/binutils-libs: CVE-2022-47007 CVE-2022-47008, CVE-2022-47010, CVE-2022-47011, CVE-2022-48063, CVE-2022-48064, CVE-2022-48065.
September 07, 2023
cos-101-17162-279-34
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.120 | v20.10.24 | v1.6.21 | v470.199.02(default),v525.125.06 |
Simplified GPU driver installation by remounting driver installation path as executable from cos-extensions.
Enabled trusted IMA certificate loading from /etc/ima/pubkey.x509.
Enable persistence mode with Nvidia GPU driver installation.
Fixed CVE-2018-20852 in the dev-lang/python package.
Updated xz-utils to 5.2.9. This resolves CVE-2020-22916.
Upgraded sys-fs/mdadm to v4.2. This resolves CVE-2023-28938 and CVE-2023-28736.
Upgraded sys-process/procps to 3.3.17. This fixed CVE-2018-1121 and CVE-2023-4016.
Fixed CVE-2023-4128 in the Linux kernel.
Runtime sysctl changes:
- Added: kernel.io_uring_disabled: 0
August 21, 2023
cos-101-17162-279-24
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.120 | v20.10.24 | v1.6.21 | v470.199.02(default),v525.125.06 |
Updated dev-libs/openssl to v1.1.1v. This resolves CVE-2023-3817.
Fixed CVE-2018-14647 in the dev-lang/python package.
Fixed CVE-2018-1000802 in the dev-lang/python package
Upgrade app-misc/jq to v1.7_pre20201109-r1. This fixes CVE-2016-4074.
Fixed CVE-2023-4194 in the Linux kernel.
August 14, 2023
cos-101-17162-279-14
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.120 | v20.10.24 | v1.6.21 | v470.199.02(default),v525.125.06 |
Fixed CVE-2023-32001 in net-misc/curl.
Fixed CVE-2023-4004, CVE-2023-3777, CVE-2023-1206, and CVE-2023-3611 in the Linux kernel.
August 07, 2023
cos-101-17162-279-6
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.120 | v20.10.24 | v1.6.21 | v470.199.02(default),v525.125.06 |
Fixed CVE-2022-28737 in sys-boot/shim.
Fixed CVE-2023-38408 in net-misc/openssh.
Fixed CVE-2022-40896 in dev-python/pygments.
Fixed CVE-2023-3776 in the Linux kernel.
August 01, 2023
cos-101-17162-279-1
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.120 | v20.10.24 | v1.6.21 | v470.199.02(default),v525.125.06 |
Updated containerd to v1.6.21.
Updated app-emulation/docker-cli to v20.10.24.
Updated app-emulation/docker to v20.10.24.
Updated containerd to v1.6.20.
Updated open-vm-tools to v12.2.5 to fix CVE-2023-20867.
July 25, 2023
cos-101-17162-210-60
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.107 | v20.10.24 | v1.6.18 | v470.199.02(default),v525.125.06 |
Fix CVE-2023-2269 in the kernel.
Fixed CVE-2023-35001 in the Linux kernel.
Fix CVE-2023-3389 in kernel.
Fixed CVE-2023-31248 in the Linux kernel.
July 18, 2023
cos-101-17162-210-56
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.107 | v20.10.24 | v1.6.18 | v470.199.02(default),v525.125.06 |
Updated default GPU driver to v470.199.02 and latest GPU driver to v525.125.06. This resolves CVE-2023-25515 and CVE-2023-25516.
Fixed CVE-2023-3609 in the Linux kernel.
July 13, 2023
cos-101-17162-210-54
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.107 | v20.10.24 | v1.6.18 | v470.182.03(default),v525.105.17 |
Fixed CVE-2023-24329 in python.
Fixed CVE-2021-3737 in python.
Fixed CVE-2022-0391 in python.
Fixed CVE-2021-4189 in python.
Fixed CVE-2021-3426 in python.
Fixed CVE-2021-23336 in python.
Fixed CVE-2021-3733 in python.
Fixed CVE-2023-31486 in perl.
Fixed CVE-2023-3090 in the Linux kernel.
July 05, 2023
cos-101-17162-210-48
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.107 | v20.10.24 | v1.6.18 | v470.182.03(default),v525.105.17 |
Fixed CVE-2020-27619, CVE-2021-3177 and CVE-2022-45061 in python.
Fixed CVE-2019-10160, CVE-2019-9948 and CVE-2019-9636 in python2.
Fixed CVE-2023-3268 in the Linux kernel.
June 29, 2023
cos-101-17162-210-44
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.107 | v20.10.24 | v1.6.18 | v470.182.03(default),v525.105.17 |
Fixed CVE-2022-37454 in python.
Upgraded sys-apps/file to v5.43-r1 to fix CVE-2019-18218.
June 26, 2023
cos-101-17162-210-40
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.107 | v20.10.24 | v1.6.18 | v470.182.03(default),v525.105.17 |
Updated google-guest-configs to v20230526.00.
Updated toolbox to v20230615.
Updated dev-lang/go to 1.19.10. This fixes CVE-2023-29403, CVE-2023-29404, CVE-2023-29402 and CVE-2023-29405.
June 20, 2023
cos-101-17162-210-32
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.107 | v20.10.24 | v1.6.18 | v470.182.03(default),v525.105.17 |
Fixed CVE-2023-1972 in binutils.
Fixed CVE-2023-1972 in binutils-libs.
Fixed CVE-2023-34256 in the Linux kernel.
June 12, 2023
cos-101-17162-210-26
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.107 | v20.10.24 | v1.6.18 | v470.182.03(default),v525.105.17 |
Updated dev-libs/openssl to v1.1.1u. This resolves CVE-2023-2650.
Updated net-misc/curl to v8.1.0-r1. This resolves CVE-2023-28319, CVE-2023-28320, CVE-2023-28321, and CVE-2023-28322.
Fixed CVE-2023-2124 in the Linux kernel.
June 05, 2023
cos-101-17162-210-21
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.107 | v20.10.24 | v1.6.18 | v470.182.03(default),v525.105.17 |
Updated ncurses to v6.4p20220423. This resolves CVE-2023-29491.
May 22, 2023
cos-101-17162-210-18
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.107 | v20.10.24 | v1.6.18 | v470.182.03(default), v525.105.17 |
Updated app-emulation/cloud-init to 23.1.2 which fixes CVE-2023-1786.
Updated app-editors/vim, app-editors/vim-core to v9.0.1562. This resolves CVE-2023-2609, CVE-2023-2610, CVE-2023-2426.
May 09, 2023
cos-101-17162-210-12
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.107 | v20.10.24 | v1.6.18 | v470.182.03(default),v525.105.17 |
Updated app-emulation/docker-cli to v20.10.24.
Updated app-emulation/docker to 20.10.24. This fixes CVE-2023-28840, CVE-2023-28841, CVE-2023-28842, CVE-2022-27652, CVE-2022-36109.
Updated dev-libs/libxml2 to v2.10.4. This resolves CVE-2023-28484.
May 01, 2023
cos-101-17162-210-9
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.107 | v20.10.12 | v1.6.18 | v470.182.03(default),v525.105.17 |
Fallback to installing compatible drivers when installer is invoked for certain GPU devices and incompatible drivers.
Fixed an issue where chronyd does not restart after failure, resulting in the system time being out of sync.
Updated ncurses to v6.4p20220423. This resolves CVE-2023-29491.
Upgraded net-misc/curl to v8.0.1. This resolves CVE-2023-27534.
April 27, 2023
cos-101-17162-210-2
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.107 | v20.10.12 | v1.6.18 | v470.182.03(default),v525.105.17 |
Updated app-admin/google-osconfig-agent to 20230403.00.
Upgraded localtoast from v1.1.4.3 to v1.1.5.1.
Added support for L4 GPU in cos-gpu-installer and fix cached driver installation for prebuilt driver modules.
Enabled INET_DIAG_DESTROY kernel configuration.
Updated google-guest-agent to 20230330.00.
Runtime sysctl changes:
- Added: kernel.oops_limit: 10000
- Added: kernel.warn_limit: 0
- Changed: net.core.bpf_jit_limit: 264241152 -> 528482304
- Changed: net.netfilter.nf_conntrack_sctp_timeout_established: 432000 -> 210
- Deleted: net.netfilter.nf_conntrack_sctp_timeout_heartbeat_acked: 210
April 25, 2023
cos-101-17162-127-64
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.89 | v20.10.12 | v1.6.18 | v470.182.03(default),v525.105.17 |
Fixed race condition in io_uring in the Linux kernel.
Updated dev-lang/go to v1.19.8. This resolves CVE-2023-24536,CVE-2023-24537,CVE-2023-24538.
cos-101-17162-127-61
Date | Kernel | Docker | Containerd | GPU Drivers |
Apr 17, 2023 | COS-5.15.89 | v20.10.12 | v1.6.18 | v470.182.03(default),v525.105.17 |
Fixed an issue where pstore is not cleaned at boot time if COS metrics are disabled.
Fixed CVE-2023-25809 in app-containers/runc.
Fixed CVE-2023-0465, CVE-2023-0466 in dev-libs/openssl.
Fixed CVE-2023-1652 in the Linux kernel.
cos-101-17162-127-57
Date | Kernel | Docker | Containerd | GPU Drivers |
Apr 10, 2023 | COS-5.15.89 | v20.10.12 | v1.6.18 | v470.182.03(default),v525.105.17 |
Update default driver to 470.182.03. This resolves: CVE
CVE-2023-0184, CVE-2023-0189, CVE-2023-0180, CVE-2023-0185,
CVE-2023-0187, CVE-2023-0198, CVE-2023-0199, CVE-2023-0188,
CVE-2023-0190, CVE-2023-0194, CVE-2023-0195, CVE-2023-0191.
Also update latest driver to 525.105.17. This resolves CVE-2023-0184, CVE-2023-0189, CVE-2023-0180, CVE-2023-0183, CVE-2023-0185, CVE-2023-0187,
CVE-2023-0198, CVE-2023-0199, CVE-2023-0188, CVE-2023-0190,
CVE-2023-0194, CVE-2023-0195, CVE-2023-0191.
Fixed CVE-2023-0464 in dev-libs/openssl.
cos-101-17162-127-53
Date | Kernel | Docker | Containerd | GPU Drivers |
Apr 03, 2023 | COS-5.15.89 | v20.10.12 | v1.6.18 | v470.161.03(default),v525.60.13 |
Fixed CVE-2023-27561 in runc.
Fixed CVE-2023-0386 in overlayfs.
cos-101-17162-127-51
Date | Kernel | Docker | Containerd | GPU Drivers |
Mar 27, 2023 | COS-5.15.89 | v20.10.12 | v1.6.18 | v470.161.03(default),v525.60.13 |
Updated dev-lang/go to v1.19.7. This resolves CVE-2023-24532.
Fixed CVE-2023-28466 in the Linux kernel.
cos-101-17162-127-42
Date | Kernel | Docker | Containerd | GPU Drivers |
Mar 20, 2023 | COS-5.15.89 | v20.10.12 | v1.6.18 | v470.161.03(default),v525.60.13 |
Removed CONFIG_NET_CLS_TCINDEX
kernel config entry.
Fixed CVE-2023-23931 in dev-python/cryptography.
Updated app-editors/vim,app-editors/vim-core to v9.0.1403. This resolves CVE-2022-4292, CVE-2022-4141, CVE-2023-0049, CVE-2023-0433, CVE-2023-0288, CVE-2023-0512, CVE-2023-1127, CVE-2023-1170, CVE-2023-0051, CVE-2023-0054, CVE-2023-1175, CVE-2023-1355 and CVE-2023-1264.
Updated net-misc/curl to v7.88.1. This resolves CVE-2023-23916.
Fixed CVE-2022-40320 in dev-libs/confuse.
cos-101-17162-127-33
Date | Kernel | Docker | Containerd | GPU Drivers |
Mar 13, 2023 | COS-5.15.89 | v20.10.12 | v1.6.18 | v470.161.03(default),v525.60.13 |
Fixed a regression in the Linux kernel that caused listen() to no longer return -EADDRINUSE.
Fixed a use-after-free issue in net/sched in the Linux kernel.
cos-101-17162-127-29
Date | Kernel | Docker | Containerd | GPU Drivers |
Mar 09, 2023 | COS-5.15.89 | v20.10.12 | v1.6.18 | v470.161.03(default),v525.60.13 |
Enabled FANOTIFY_ACCESS_PERMISSIONS
configuration in kernel.
Updated the Linux kernel to v5.15.89.
Fixed conntrack issue with random timeouts.
cos-101-17162-127-27
Date | Kernel | Docker | Containerd | GPU Drivers |
Mar 06, 2023 | COS-5.15.65 | v20.10.12 | v1.6.18 | v470.161.03(default),v525.60.13 |
Updated app-emulation/containerd to v1.6.18. This resolves CVE-2023-25173 and CVE-2023-25153.
Updated dev-go/go-sys to v0.5.0.
Update open-iscsi to 2.1.8 to fix CVE-2020-17437
Updated dev-lang/go to v1.19.6. Updated dev-go/net to v0.7.0. This resolves CVE-2022-41723 and CVE-2022-41725.
Fix CVE-2022-4285 in binutils and CVE-2022-4285 in binutils-libs
Fixed CVE-2022-48303 in app-arch/tar
Fixed CVE-2019-13636 in the sys-devel/patch package.
Fixed CVE-2022-2928 and CVE-2022-2929 in net-misc/dhcp.
Fixed CVE-2020-11080 in net-libs/nghttp2.
Fixed CVE-2022-46663 in sys-apps/less and upgraded sys-apps/less to v608.
Fixed CVE-2022-1304 in the sys-fs/e2fsprogs package.
Fixed CVE-2019-18276 in app-shells/bash.
Update net-fs/cifs-utils to v6.15. Fixes CVE-2022-29869, CVE-2021-20208, and CVE-2022-27239 in net-fs/cifs-utils.
Fixed CVE-2021-27291 and CVE-2021-20270 in dev-python/pygments.
cos-101-17162-127-8
Date | Kernel | Docker | Containerd | GPU Drivers |
Feb 14, 2023 | COS-5.15.65 | v20.10.12 | v1.6.15 | v470.161.03(default),v525.60.13 |
Upgraded Nvidia latest drivers from v510.108.03 to v525.60.13.
Updated cos-gpu-installer to v2.0.31. This adds support for gsp_tu10x.bin and gsp_ad10x.bin gsp firmware files and removes the container dependency on python2.
Updated dev-libs/openssl to v1.1.1t. This resolves CVE-2022-4450, CVE-2023-0215, CVE-2022-4304 and CVE-2023-0286.
cos-101-17162-127-5
Date | Kernel | Docker | Containerd | GPU Drivers |
Feb 06, 2023 | COS-5.15.65 | v20.10.12 | v1.6.15 | v470.161.03(default),v510.108.03 |
Updated containerd to v1.6.15.
Updated dev-go/go-tools to v0.1.11.
Updated dev-lang/go to v1.19.4. This involves setting x509sha1=1
and execerrdot=0
in GODEBUG environment by default to preserve the Go behavior present prior to the upgrade. To revert the above behavior, set x509sha1
or/and execerrdot
in the GODEBUG environment. The upgrade resolves CVE-2021-44716, CVE-2021-44717, CVE-2022-1705, CVE-2022-1962, CVE-2022-23772, CVE-2022-23773, CVE-2022-23806, CVE-2022-24675, CVE-2022-24921, CVE-2022-27664, CVE-2022-28131, CVE-2022-28327, CVE-2022-2879, CVE-2022-2880, CVE-2022-29526, CVE-2022-30629, CVE-2022-30630, CVE-2022-30631, CVE-2022-30632, CVE-2022-30633, CVE-2022-30635, CVE-2022-32148, CVE-2022-32189 and CVE-2022-41715.
Updated lvm2 to v2.03.14.
Updated lxml to v4.6.5. This fixes CVE-2021-43818.
Updated net-misc/curl package to 7.85.0-r2. This fixes CVE-2022-35252.
Updated vim/vim-core to v9.0.0467. This resolves CVE-2022-3153,CVE-2022-3134,CVE-2022-3099,CVE-2022-3037,CVE-2022-3016,CVE-2022-2982,CVE-2022-2980,CVE-2022-2946,CVE-2022-2923,CVE-2022-2889,CVE-2022-2874,CVE-2022-2862,CVE-2022-2849,CVE-2022-2845,CVE-2022-2819,CVE-2022-2817,CVE-2022-2816,CVE-2022-2598,CVE-2022-2581,CVE-2022-2580,CVE-2022-2571.
Fixed CVE-2022-47929 in the Linux kernel.
cos-101-17162-40-56
Date | Kernel | Docker | Containerd | GPU Drivers |
Jan 23, 2023 | COS-5.15.65 | v20.10.12 | v1.6.12 | v470.161.03(default),v510.108.03 |
Fixed a use-after-free bug in TCP in the Linux kernel.
Fixed CVE-2022-40897 in dev-python/setuptools.
cos-101-17162-40-52
Date | Kernel | Docker | Containerd | GPU Drivers |
Jan 09, 2023 | COS-5.15.65 | v20.10.12 | v1.6.12 | v470.161.03(default),v510.108.03 |
Updated app-emulation/containerd to version v1.6.12.
Fixed no CNI info for pod sandbox on restart in app-emulation/containerd.
Fixed proc_skip_spaces in the Linux kernel to follow existing convention instead of acting as a wrapper to skip_spaces.
Updated Nvidia default drivers to v470.161.03 fixing CVE-2022-34670, CVE-2022-34674, CVE-2022-34675, CVE-2022-34677, CVE-2022-34679, CVE-2022-34680, CVE-2022-34682, CVE-2022-42254, CVE-2022-42255, CVE-2022-42256, CVE-2022-42257, CVE-2022-42258, CVE-2022-42259, CVE-2022-42260, CVE-2022-42261, CVE-2022-42262, CVE-2022-42263, CVE-2022-42264 and latest to v510.108.03 fixing CVE-2022-34670, CVE-2022-34674, CVE-2022-34675, CVE-2022-34677, CVE-2022-34679,CVE-2022-34680, CVE-2022-34682, CVE-2022-34684, CVE-2022-42254, CVE-2022-42255,CVE-2022-42256, CVE-2022-42257, CVE-2022-42258, CVE-2022-42259, CVE-2022-42260,CVE-2022-42261, CVE-2022-42262, CVE-2022-42263, CVE-2022-42264.
Fixed CVE-2022-23471 in app-emulation/containerd.
Fixed CVE-2022-35260 and CVE-2022-32221 in net-misc/curl.
Fixed CVE-2022-42328 and CVE-2022-42329 in the Linux kernel.
cos-101-17162-40-42
Date | Kernel | Docker | Containerd | GPU Drivers |
Dec 12, 2022 | COS-5.15.65 | v20.10.12 | v1.6.6 | v470.141.03(default),v510.47.03 |
Updated dev-go/text to v0.3.8. This fixes CVE-2022-32149.
Updated dev-libs/libxml2 to v2.10.3. This resolves CVE-2022-40304 and CVE-2022-40303.
Fixed CVE-2022-36227 in app-arch/libarchive package.
cos-101-17162-40-38
Date | Kernel | Docker | Containerd | GPU Drivers |
Dec 05, 2022 | COS-5.15.65 | v20.10.12 | v1.6.6 | v470.141.03(default),v510.47.03 |
Set ManageForeignRoutes and ManageForeignRoutingPolicyRules to no
in case cos.disable_systemd_route_mgmt
is present in the kernel command line.
Fixed CVE-2022-3821 in sys-apps/systemd.
Fixed CVE-2022-3169 in the Linux kernel.
cos-101-17162-40-34
Date | Kernel | Docker | Containerd | GPU Drivers |
Nov 10, 2022 | COS-5.15.65 | v20.10.12 | v1.6.6 | v470.141.03(default),v510.47.03 |
Fixed a bug that /etc/pam.d/sudo-i was missing.
Updated cos-gpu-installer to v2.0.29. This addresses CVE-2022-3602 in cos-gpu-installer.
Updated app-editors/vim and app-editors/vim-core to v9.0.0828. This resolves CVE-2022-3234, CVE-2022-3235, CVE-2022-3256, CVE-2022-3278, CVE-2022-3296, CVE-2022-3297, CVE-2022-3324, CVE-2022-3352 and CVE-2022-3705.
Fixed CVE-2022-43945 in the Linux kernel.
Fixed CVE-2022-3543 in the Linux kernel.
cos-101-17162-40-25
Date | Kernel | Docker | Containerd | GPU Drivers |
Nov 07, 2022 | COS-5.15.65 | v20.10.12 | v1.6.6 | v470.141.03(default),v510.47.03 |
Fixed CVE-2022-42915 in curl.
Updated vim/vim-core to v9.0.0467. This resolves CVE-2022-3153, CVE-2022-3134, CVE-2022-3099, CVE-2022-3037, CVE-2022-3016, CVE-2022-2982, CVE-2022-2980, CVE-2022-2946, CVE-2022-2923, CVE-2022-2889, CVE-2022-2874, CVE-2022-2862, CVE-2022-2849, CVE-2022-2845, CVE-2022-2819, CVE-2022-2817 CVE-2022-2816, CVE-2022-2598, CVE-2022-2581, CVE-2022-2580, CVE-2022-2571.
cos-101-17162-40-20
Date | Kernel | Docker | Containerd | GPU Drivers |
Oct 31, 2022 | COS-5.15.65 | v20.10.12 | v1.6.6 | v470.141.03(default),v510.47.03 |
Fixed gVNIC support for jumbo frames.
Fixed CVE-2021-46848 in libtasn1.
Fixed CVE-2022-3586 and CVE-2022-3524 in the Linux Kernel.
cos-101-17162-40-16
Date | Kernel | Docker | Containerd | GPU Drivers |
Oct 24, 2022 | COS-5.15.65 | v20.10.12 | v1.6.6 | v470.141.03(default),v510.47.03 |
Enabled kernel config CONFIG_PVPANIC_MMIO
.
Fixed CVE-2022-2602 in the Linux kernel.
cos-101-17162-40-13
Date | Kernel | Docker | Containerd | GPU Drivers |
Oct 17, 2022 | COS-5.15.65 | v20.10.12 | v1.6.6 | v470.141.03(default),v510.47.03 |
Fixed an issue related to IP leakage in containerd.
Fixed an issue in cloud-init where cloud-init fails when not able to log to /dev/console.
Fixed an out-of-bounds read in libarchive. This resolves CVE-2022-26280.
cos-101-17162-40-5
Date | Kernel | Docker | Containerd | GPU Drivers |
Sep 19, 2022 | COS-5.15.65 | v20.10.12 | v1.6.6 | v470.141.03(default),v510.47.03 |
Updated cos-gpu-installer to v2.0.27. This resolves the issue where multiple installers can be started in the same VM.
Updated app-arch/gzip to v1.12. This resolves CVE-2022-1271.
Updated net-libs/gnutls to v3.7.7. This resolves CVE-2022-2509.
Updated net-libs/libtirpc to v1.3.3. This resolves CVE-2021-46828.
cos-101-17162-40-1
Date | Kernel | Docker | Containerd | GPU Drivers |
Sep 15, 2022 | COS-5.15.65 | v20.10.12 | v1.6.6 | v470.141.03(default),v510.47.03 |
COS M101 is stable.
cos-beta-101-17162-40-1
Date | Kernel | Docker | Containerd | GPU Drivers |
Sep 12, 2022 | COS-5.15.65 | v20.10.12 | v1.6.6 | v470.141.03(default),v510.47.03 |
Upgraded the GPU driver version in the "latest" track to v510.47.03.
Updated the built-in kubectl/kubelet to v1.23.10.
Updated the Linux kernel to v5.15.65.
Updated cos-gpu-installer to v2.0.26. This resolves the compatibility issue with K80 GPU devices. When an incompatible driver version (R510+) is chosen in an instance with K80 GPU, the installer will automatically fall back to an available R470 driver version.
Opting out of a CIS Benchmark will now prevent scripts from adjusting your instance.
Upgraded Google OS Config Agent(aka VMManager) to v20220801.00.
Fixed a scenario of high contention state of the system in case filesystem is almost full and processes is trying to write content.
Fixed memory leak in the seccomp subsystem.
Updated open-vm-tools to v12.1.0 fixing CVE-2022-31676.
Updated app-editors/vim and app-editors/vim-core to 9.0.0099. This resolves CVE-2022-2175,CVE-2022-2182,CVE-2022-2183,CVE-2022-2206,CVE-2022-2207,CVE-2022-2208,CVE-2022-2210,CVE-2022-2231,CVE-2022-2257,CVE-2022-2264,CVE-2022-2284,CVE-2022-2285,CVE-2022-2286,CVE-2022-2287,CVE-2022-2288,CVE-2022-2289,CVE-2022-2304,CVE-2022-2343,CVE-2022-2344,CVE-2022-2345,CVE-2022-2522
cos-beta-101-17162-0-19
Date | Kernel | Docker | Containerd | GPU Drivers |
Sep 06, 2022 | COS-5.15.57 | v20.10.12 | v1.6.6 | v470.141.03(default) |
Fixed kdump on NVME disks.
Updated gnutls to v3.7.6. This resolves CVE-2021-4209.
cos-beta-101-17162-0-18
Date | Kernel | Docker | Containerd | GPU Drivers |
Aug 29, 2022 | COS-5.15.57 | v20.10.12 | v1.6.6 | v470.141.03(default) |
Fixed issues in cos-gpu-installer where nvidia-peermem.ko was not installed and where driver signatures were included in the cached build tools.
Updated toolbox to v20220722.
Fixed CVE-2022-1158 in Linux Kernel.
cos-beta-101-17162-0-14
Date | Kernel | Docker | Containerd | GPU Drivers |
Aug 22, 2022 | COS-5.15.57 | v20.10.12 | v1.6.6 | v470.141.03(default) |
Updated net-misc/rsync to v3.2.5 and fixed CVE-2022-29154.
Updated dev-db/sqlite to v3.39.2 to fix CVE-2022-35737.
cos-beta-101-17162-0-10
Date | Kernel | Docker | Containerd | GPU Drivers |
Aug 15, 2022 | COS-5.15.57 | v20.10.12 | v1.6.6 | v470.141.03(default) |
Removed stackdriver-correct-container benchmark for cis-level2 compliance.
Updated default and latest Nvidia drivers to 470.141.03.
Enable IOMMU_SUPPORT and IRQ_REMAP kernel configurations.
Fixed CVE-2022-21505 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.epoll.max_user_watches: 1811300 -> 1810832
- Changed: fs.fanotify.max_user_marks: 67627 -> 67610
- Changed: fs.file-max: 813249 -> 813043
- Changed: fs.inotify.max_user_watches: 63503 -> 63488
- Changed: kernel.threads-max: 63567 -> 63551
- Changed: net.ipv4.tcp_mem: 94164 125552 188328 -> 94140 125520 188280
- Changed: net.ipv4.udp_mem: 188328 251105 376656 -> 188280 251041 376560
- Changed: user.max_cgroup_namespaces: 31783 -> 31775
- Changed: user.max_fanotify_marks: 67627 -> 67610
- Changed: user.max_inotify_watches: 63503 -> 63488
- Changed: user.max_ipc_namespaces: 31783 -> 31775
- Changed: user.max_mnt_namespaces: 31783 -> 31775
- Changed: user.max_net_namespaces: 31783 -> 31775
- Changed: user.max_pid_namespaces: 31783 -> 31775
- Changed: user.max_time_namespaces: 31783 -> 31775
- Changed: user.max_user_namespaces: 31783 -> 31775
- Changed: user.max_uts_namespaces: 31783 -> 31775
cos-beta-101-17162-0-3 (vs Milestone 97)
Date | Kernel | Docker | Containerd | GPU Drivers |
Aug 01, 2022 | COS-5.15.57 | v20.10.12 | v1.6.6 | v470.82.01(default) |
Updated sosreport to v4.3.
Backported support for SEV-SNP in the Linux kernel.
Updated the Linux kernel to v5.15.57.
Updated the built-in kubectl/kubelet to v1.23.9.
Updated stackdriver logging agent to v1.9.8.
Updated the built-in kubelet to be compiled from source instead of using official Kubernetes releases.
Updated sys-apps/irqbalance to v1.8.0-r1.
Moved the toolchain source from gs://chromiumos-sdk to gs://cos-sdk.
Updated default toolbox container to v20220614.
Upgraded Google OS Config Agent(aka VMManager) to v20220606.00.
Updated docker-credential-gcr to v2.1.5.
Updated cos-gpu-installer to fetch the COS toolchain from gs://cos-tools instead of gs://chromiumos-sdk.
Updated net-misc/netplan to v0.104.
Upgraded sys-fs/e2tools to v0.1.0.
Upgraded sys-fs/xfsprogs to v5.18.0 and sys-fs/e2fsprogs to v1.46.5.
Updated google-guest-agent to v20220523.00.
Updated runc to v1.1.2.
Upgraded package sys-boot/shim to version 15.5.
Updated the default toolbox container to v20220429.
Upgraded docker-credential-gcr to v2.1.2.
Upgraded dump-capture-kernel to 5.15.
Added pci=clearmsi option in dump-capture-kernel command line.
Updated net-misc/chrony to v4.2.
Upgraded docker-credential-gcr to v2.1.1.
Updated app-admin/localtoast(cis_scanner) to v1.1.4.3.
Updated google-guest-configs to v20220211.00.
Updated ChromeOS base to ChromeOS version 14542.0.0.
Updated containerd to v1.6.0.
Updated cri-tools to v1.23.0.
Runtime sysctl changes:
- Added: fs.fanotify.max_queued_events: 16384
- Added: fs.fanotify.max_user_groups: 128
- Added: fs.fanotify.max_user_marks: 54813
- Added: kernel.max_rcu_stall_to_panic: 0
- Added: kernel.sched_schedstats: 0
- Added: kernel.task_delayacct: 0
- Added: net.core.netdev_unregister_timeout_secs: 10
- Added: net.ipv4.fib_multipath_hash_fields: 7
- Added: net.ipv4.fib_notify_on_flag_change: 0
- Added: net.ipv4.icmp_echo_enable_probe: 0
- Added: net.ipv4.tcp_migrate_req: 0
- Added: net.ipv6.conf.all.ioam6_enabled: 0
- Added: net.ipv6.conf.all.ioam6_id: 65535
- Added: net.ipv6.conf.all.ioam6_id_wide: 4294967295
- Added: net.ipv6.conf.all.ra_defrtr_metric: 1024
- Added: net.ipv6.conf.default.ioam6_enabled: 0
- Added: net.ipv6.conf.default.ioam6_id: 65535
- Added: net.ipv6.conf.default.ioam6_id_wide: 4294967295
- Added: net.ipv6.conf.default.ra_defrtr_metric: 1024
- Added: net.ipv6.conf.docker0.ioam6_enabled: 0
- Added: net.ipv6.conf.docker0.ioam6_id: 65535
- Added: net.ipv6.conf.docker0.ioam6_id_wide: 4294967295
- Added: net.ipv6.conf.docker0.ra_defrtr_metric: 1024
- Added: net.ipv6.conf.eth0.ioam6_enabled: 0
- Added: net.ipv6.conf.eth0.ioam6_id: 65535
- Added: net.ipv6.conf.eth0.ioam6_id_wide: 4294967295
- Added: net.ipv6.conf.eth0.ra_defrtr_metric: 1024
- Added: net.ipv6.conf.lo.ioam6_enabled: 0
- Added: net.ipv6.conf.lo.ioam6_id: 65535
- Added: net.ipv6.conf.lo.ioam6_id_wide: 4294967295
- Added: net.ipv6.conf.lo.ra_defrtr_metric: 1024
- Added: net.ipv6.fib_multipath_hash_fields: 7
- Added: net.ipv6.fib_notify_on_flag_change: 0
- Added: net.ipv6.ioam6_id: 16777215
- Added: net.ipv6.ioam6_id_wide: 72057594037927935
- Added: net.netfilter.nf_conntrack_tcp_ignore_invalid_rst: 0
- Added: net.netfilter.nf_hooks_lwtunnel: 0
- Added: user.max_fanotify_groups: 128
- Added: user.max_fanotify_marks: 54813
- Added: vm.percpu_pagelist_high_fraction: 0
- Changed: fs.epoll.max_user_watches: 1666560 -> 1811300
- Changed: fs.file-max: 813432 -> 813248
- Changed: fs.inotify.max_user_watches: 8192 -> 51557
- Changed: fs.xfs.speculative_cow_prealloc_lifetime: 1800 -> 300
- Changed: kernel.threads-max: 63574 -> 63567
- Changed: net.ipv4.tcp_mem: 94173 125565 188346 -> 94164 125552 188328
- Changed: net.ipv4.udp_mem: 188346 251131 376692 -> 188328 251105 376656
- Changed: net.netfilter.nf_conntrack_buckets: 65536 -> 262144
- Changed: net.netfilter.nf_conntrack_expect_max: 1024 -> 4096
- Changed: user.max_cgroup_namespaces: 31787 -> 31783
- Changed: user.max_inotify_watches: 8192 -> 51557
- Changed: user.max_ipc_namespaces: 31787 -> 31783
- Changed: user.max_mnt_namespaces: 31787 -> 31783
- Changed: user.max_net_namespaces: 31787 -> 31783
- Changed: user.max_pid_namespaces: 31787 -> 31783
- Changed: user.max_time_namespaces: 31787 -> 31783
- Changed: user.max_user_namespaces: 31787 -> 31783
- Changed: user.max_uts_namespaces: 31787 -> 31783
- Changed: fs.file-max: 813250 -> 813249
- Changed: fs.fanotify.max_user_marks: 54813 -> 67627
- Changed: fs.inotify.max_user_watches: 51557 -> 63503
- Changed: user.max_fanotify_marks: 54813 -> 67627
- Changed: user.max_inotify_watches: 51557 -> 63503
- Changed: kernel.random.poolsize: 4096 -> 256
- Changed: kernel.random.write_wakeup_threshold: 896 -> 256
- Deleted: vm.block_dump: 0
- Deleted: vm.percpu_pagelist_fraction: 0
Fixed an issue where the "logs", "crictl", and "kdump" sosreport plugins did not work properly.
Added a new systemd unit logging-agent.target to group stackdriver logging agents.
Enabled kernel config CONFIG_TRANSPARENT_HUGEPAGE_ALWAYS.
Added TPU driver v20220117.
Made CIS-Scanner show results for passing and non-passing benchmarks.
Added option to GPU driver installation script for populating and resetting toolchain cache.
Built cos-gpu-installer using debian:bookworm.
Increased number of vCPUs support from 256 to 512.
Added get_status
API in device policy manager.
cos_extensions
and toolbox
utilities now fetch
container images from multi-region Artifact Registry.
Enabled disk_setup module in cloud-init.
Added CLI to change cgroup versions.
Added CIS Scanner (app-admin/localtoast) v1.1.4.1.
Renamed cos-alphabet-compliance to cis-compliance. cis-compliance will only install scripts needed to make the VM Level 2 CIS compliant.
Added the support to export logs of the cis-level1, cis-level2 and cis-compliance-scanner systemd services via stackdriver logging.
Enabled CONFIG_BFQ_GROUP_IOSCHED kernel configuration.
Added command "cos-extensions list -- --gpu-installer" to show the default cos-gpu-installer.
Set NVMe IO timeout to 4294967295.
Fixed an issue in the Linux kernel where I/Os would sometimes fail on SEV-enabled machines due to a full swiotlb buffer.
Added xemu kernel module.
Added support for NFSv4 Kerberos authentication.
Updated oslogin to v20220721.00
Upgrade ice kernel module from v1.3.2 to v1.8.8 due to incompatibility with kernel 5.15.
Add 5.15 vanilla and rt kernel in project-edgeos.
Updated toolbox to v20220630.
Fixed the bug in toolbox where long project name/container image tag can fail to run the toolbox container.
Fixed an issue that prevented large cloud-configs (~256KB) from working properly.
Disabled bracketed paste mode by default in readline.
Backported upstream patch to fix the issue where systemd affects BFQ IO setup.
Added cgroup-driver=systemd flag to kubelet.
Fixed a warning related to IPv4 parsing error in cloud-init.
Fixed an issue in systemd to consider primary network interface configured only after non-link-local IPv4 address is available.
Updated CIS Scanner to v1.1.4.2.
Fixed segmentation fault in ebtables.
Updated stackdriver logging default config to support multiple time formats which fixed bug of dropped logs in some conditions.
Updated toolbox script to use nspawn share system environment variable.
Updated openssl to v1.1.1q. This resolves CVE-2022-2097.
Updated net-misc/curl to v7.84.0. This resolves CVE-2022-32205, CVE-2022-32206, CVE-2022-32207, and CVE-2022-32208.
Upgraded openssl to 1.1.1p to resolve CVE-2022-2068.
Fixed CVE-2022-29217 in dev-python/pyjwt.
Updated app-editors/vim and app-editors/vim-core to v8.2.5066. This resolves CVE-2022-2126,CVE-2022-2125,CVE-2022-2124,CVE-2022-2129,CVE-2022-1720, CVE-2022-1942,CVE-2022-1886,CVE-2022-1851,CVE-2022-1160,CVE-2022-1154, CVE-2022-1381,CVE-2022-1420,CVE-2022-1733,CVE-2022-1796,CVE-2022-1769, CVE-2022-1735,CVE-2022-1674,CVE-2022-1771,CVE-2022-1620,CVE-2022-1785, CVE-2022-1629,CVE-2022-1616,CVE-2022-1621,CVE-2022-1619,CVE-2022-1927, CVE-2022-1898,CVE-2021-4187,CVE-2022-0128,CVE-2022-0156,CVE-2022-0158, CVE-2022-0261,CVE-2022-0318,CVE-2022-0319,CVE-2022-0392,CVE-2022-0368, CVE-2022-0393,CVE-2022-0361,CVE-2022-0359,CVE-2022-0413,CVE-2022-0408, CVE-2022-0407,CVE-2022-0443,CVE-2022-0714,CVE-2022-0696,CVE-2022-0685, CVE-2022-0729,CVE-2022-0572 and CVE-2022-0629.
Fixed CVE-2021-22570 in libprotobuf.
Updated app-emulation/containerd to v1.6.6. This resolves CVE-2022-31030.
Updated net-misc/curl to v7.83.1. This resolves CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776, CVE-2022-27778, CVE-2022-27779, CVE-2022-27780, CVE-2022-27781, CVE-2022-27782, CVE-2022-30115.
Upgraded openssl to v1.1.1o. This resolves CVE-2022-1292.
Upgraded dev-libs/libxml2 to v2.9.14. This resolves CVE-2022-29824.
Upgraded dev-libs/libxslt to v1.1.35. This resolves CVE-2022-29824.
Upgraded sys-libs/ncurses to v6.3_p20220423. This resolves CVE-2022-29458.
Fixed CVE-2022-28893 in the Linux kernel.
Upgraded contanerd to v1.6.2. This resolves CVE-2022-24769.
Upgraded open-vm-tools package to v12.0.0_p19345655. This resolves CVE-2022-22943.
Upgraded openssl package to v1.1.1n. This resolves CVE-2022-0778.
Upgraded dev-libs/libxml2 to v2.9.13. This resolves CVE-2022-23308.
Fixed CVE-2021-25217 in net-misc/dhcp.
Fixed CVE-2022-29581 in the Linux kernel.
Fixed CVE-2022-0847 in the Linux kernel.
Updated containerd to v1.6.1. This resolves CVE-2022-23648.
Fixed CVE-2021-45346 in dev-db/sqlite.