You can see the latest product updates for all of Google Cloud on the Google Cloud page, browse and filter all release notes in the Google Cloud console, or programmatically access release notes in BigQuery.
To get the latest product updates delivered to you, add the URL of this page to your
feed
reader, or add the feed URL directly: https://cloud.google.com/feeds/cos-105-release-notes.xml
April 23, 2024
cos-105-17412-294-68
| Kernel | Docker | Containerd | GPU Drivers |
| COS-5.15.146 | v23.0.3 | v1.7.13 | v470.239.06(default),v550.54.15(latest) |
Fixed a crash during CIFS volumes mount.
Fixed CVE-2024-26642 in the Linux kernel.
April 15, 2024
cos-105-17412-294-66
| Kernel | Docker | Containerd | GPU Drivers |
| COS-5.15.146 | v23.0.3 | v1.7.13 | v470.239.06(default),v550.54.15(latest) |
Updated NVIDIA GPU drivers to v550.54.15. Fixed a potential corruption when launching kernels on H100 GPUs, which is more likely to occur when the GPU is shared between multiple processes.
Updated NVIDIA GPU drivers to v535.161.08. Fixed a potential corruption when launching kernels on H100 GPUs.
Fixed CVE-2024-26642,CVE-2024-26643 in the Linux kernel.
April 04, 2024
cos-105-17412-294-62
| Kernel | Docker | Containerd | GPU Drivers |
| COS-5.15.146 | v23.0.3 | v1.7.13 | v470.239.06(default),v550.54.14(latest) |
Updated app-emulation/containerd to 1.7.13.
Upgraded net-misc/chrony to v4.5.
Upgraded sys-apps/makedumpfile to v1.7.4.
Upgraded app-admin/node-problem-detector to v0.8.17.
Upgraded app-admin/localtoast to v1.1.7.
Add NVIDIA GPU drivers R550 branch and update latest to 550.54.14.
Downgraded app-admin/localtoast to v1.1.5.
Fix bug in google-guest-agent service enablement.
Fixed CVE-2024-26591 in the Linux kernel.
Fixed CVE-2024-26589 in the Linux kernel
Fixed CVE-2024-26585 in the Linux kernel.
Fixed CVE-2023-52439 in the Linux kernel.
Fixed CVE-2023-52434 in the Linux kernel.
March 27, 2024
cos-105-17412-294-48
| Kernel | Docker | Containerd | GPU Drivers |
| COS-5.15.146 | v23.0.3 | v1.7.10 | v470.239.06(default),v535.161.07(latest) |
Fixed CVE-2023-52435 in the Linux kernel.
Fixed CVE-2023-52443 in the Linux kernel.
March 20, 2024
cos-105-17412-294-46
| Kernel | Docker | Containerd | GPU Drivers |
| COS-5.15.146 | v23.0.3 | v1.7.10 | v470.239.06(default),v535.161.07(latest) |
Upgraded app-editors/vim to v9.0.2167, Upgraded app-editors/vim-core to v9.0.2167.
Fixed CVE-2024-0727 in dev-libs/openssl.
Updated app-editors/vim to 9.0.2167. This fixed CVE-2023-48231, CVE-2023-48232, CVE-2023-48233, CVE-2023-48234, CVE-2023-48235, CVE-2023-48236, CVE-2023-48237, CVE-2023-48706, CVE-2024-22667.
Fixed CVE-2023-52447 in the Linux kernel.
March 11, 2024
cos-105-17412-294-40
| Kernel | Docker | Containerd | GPU Drivers |
| COS-5.15.146 | v23.0.3 | v1.7.10 | v470.239.06(default),v535.161.07(latest) |
Updated cos-gpu-installer to v2.2.1. Fixed cached driver installation error with network disabled. Added force-fallback flag, major version specification for GPU driver installation and fixed ordering of kernel module loading for nvidia-modeset and nvidia-drm
Updated NVIDIA GPU drivers to v470.239.06 and v535.161.07. This fixes CVE‑2024‑0074, CVE-2024-0075 and CVE-2022-42265.
March 06, 2024
cos-105-17412-294-36
| Kernel | Docker | Containerd | GPU Drivers |
| COS-5.15.146 | v23.0.3 | v1.7.10 | v470.223.02 (default),v535.154.05(latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Fixed CVE-2024-23851 in the Linux kernel.
February 27, 2024
cos-105-17412-294-34
| Kernel | Docker | Containerd | GPU Drivers |
| COS-5.15.146 | v23.0.3 | v1.7.10 | v470.223.02 (default),v535.154.05(latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Fixed CVE-2024-26581 in the Linux kernel.
February 20, 2024
cos-105-17412-294-29
| Kernel | Docker | Containerd | GPU Drivers |
| COS-5.15.146 | v23.0.3 | v1.7.10 | v470.223.02 (default),v535.154.05(latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Fixed CVE-2024-24557 in app-emulation/docker.
Upgraded net-misc/curl to v8.6.0. This fixes CVE-2024-0853.
Updated dev-libs/libxml2 to v2.11.7. This fixes CVE-2024-25062.
Fixed CVE-2022-3566 in the Linux kernel.
Fixed CVE-2022-3567 in the Linux kernel.
February 12, 2024
cos-105-17412-294-23
| Kernel | Docker | Containerd | GPU Drivers |
| COS-5.15.146 | v23.0.3 | v1.7.10 | v470.223.02 (default),v535.154.05(latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Fixed CVE-2023-40546, CVE-2023-40548, CVE-2023-40549 , CVE-2023-40551, CVE-2023-40547 and CVE-2023-40550 in sys-boot/shim.
Fixed CVE-2023-5678 in dev-libs/openssl.
Fixed CVE-2024-1085 , CVE-2024-1086 and CVE-2023-46838 in the Linux kernel.
Fragmented nvidia-drivers and nvidia-drivers-open pkg into separate packages per major version.
February 05, 2024
cos-105-17412-294-13
| Kernel | Docker | Containerd | GPU Drivers |
| COS-5.15.146 | v23.0.3 | v1.7.10 | v470.223.02 (default),v535.154.05(latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Update latest NVIDIA GPU driver to v535.154.05.
Fixed CVE-2023-6915 in the Linux kernel.
January 31, 2024
cos-105-17412-294-10
| Kernel | Docker | Containerd | GPU Drivers |
| COS-5.15.146 | v23.0.3 | v1.7.10 | v470.223.02 (default),v535.129.03(latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Updated cos-gpu-installer to v2.1.10.
Backported support for TCP RTO configuration in networkd.
Added kernel compatibility with iptables-nft.
Fixed CVE-2024-22195 in dev-python/jinja.
Fixed CVE-2024-21626 in app-emulation/runc.
Fixed CVE-2024-0646 in the Linux kernel.
Fixed CVE-2023-6040 in the Linux kernel.
Runtime sysctl changes:
- Added: net.ipv6.conf.all.accept_ra_min_lft: 0
- Added: net.ipv6.conf.default.accept_ra_min_lft: 0
- Added: net.ipv6.conf.docker0.accept_ra_min_lft: 0
- Added: net.ipv6.conf.eth0.accept_ra_min_lft: 0
- Added: net.ipv6.conf.lo.accept_ra_min_lft: 0
- Added: net.netfilter.nf_flowtable_tcp_timeout: 30
- Added: net.netfilter.nf_flowtable_udp_timeout: 30
- Changed: fs.file-max: 813031 -> 813029
January 16, 2024
cos-105-17412-226-68
| Kernel | Docker | Containerd | GPU Drivers |
| COS-5.15.133 | v23.0.3 | v1.7.10 | v470.223.02 (default),v535.129.03(latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Upgraded dev-db/sqlite to v3.44.2-r2. This fixes CVE-2023-7104.
January 08, 2024
cos-105-17412-226-67
| Kernel | Docker | Containerd | GPU Drivers |
| COS-5.15.133 | v23.0.3 | v1.7.10 | v470.223.02 (default),v535.129.03(latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Updated net-misc/openssh to v9.6_p1-r1.
Updated dev-lang/go to v1.20.12. This resolves CVE-2023-45285 and CVE-2023-39326.
Upgraded sys-apps/dbus to v1.12.28. This fixes CVE-2023-34969, CVE-2022-42012, CVE-2022-42011 and CVE-2022-42010.
Runtime sysctl changes:
- Changed: net.core.optmem_max: 20480 -> 131072
January 02, 2024
cos-105-17412-226-62
| Kernel | Docker | Containerd | GPU Drivers |
| COS-5.15.133 | v23.0.3 | v1.7.10 | v470.223.02 (default),v535.129.03(latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Updated docker-credential-gcr to v2.1.21.
Updated net-misc/curl to v8.5.0. This resolves CVE-2023-46218.
Fixed CVE-2023-6817 in the Linux kernel.
Fixed CVE-2023-6931 in the Linux kernel.
Fixed CVE-2023-6932 in the Linux kernel.
December 19, 2023
cos-105-17412-226-52
| Kernel | Docker | Containerd | GPU Drivers |
| COS-5.15.133 | v23.0.3 | v1.7.10 | v470.223.02 (default),v535.129.03(latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Updated app-containers/containerd to 1.7.10.
Fixed a container performance issue that occurred after
running systemctl start cloud-audit-setup.
Fixed CVE-2023-6622 in the Linux kernel.
Fixed CVE-2023-6111 in the Linux kernel.
December 04, 2023
cos-105-17412-226-43
| Kernel | Docker | Containerd | GPU Drivers |
| COS-5.15.133 | v23.0.3 | v1.7.7 | v470.223.02 (default),v535.129.03(latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Backported support for TCP RTO configuration in networkd.
Fixed CVE-2023-46862 in the Linux kernel.
November 29, 2023
cos-105-17412-226-41
| Kernel | Docker | Containerd | GPU Drivers |
| COS-5.15.133 | v23.0.3 | v1.7.7 | v470.223.02 (default),v535.129.03(latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Updated NVIDIA GPU drivers. This resolves CVE-2023-31022.
Updated dev-libs/libxml2 to v2.11.5. This resolves CVE-2023-45322.
Updated app-editors/vim, app-editors/vim-core to v9.0.2092. This resolves CVE-2023-4733, CVE-2023-4734, CVE-2023-4735, CVE-2023-4736 CVE-2023-4738, CVE-2023-4750, CVE-2023-4752, CVE-2023-4781 CVE-2023-5344, CVE-2023-5441 and CVE-2023-5535.
Fixed CVE-2023-46813 in the Linux kernel.
November 09, 2023
cos-105-17412-226-34
| Kernel | Docker | Containerd | GPU Drivers |
| COS-5.15.133 | v23.0.3 | v1.7.7 | v470.199.02(default),v535.104.12(latest) |
Sync TCPX changes to commit 2e6e06f61bdb
Update dev-lang/go to 1.20.10. This resolves CVE-2023-44487, CVE-2023-39325.
Updated net-libs/nghttp2 to v1.57.0. This resolves CVE-2023-44487 and CVE-2023-35945.
November 07, 2023
cos-105-17412-226-28
| Kernel | Docker | Containerd | GPU Drivers |
| COS-5.15.133 | v23.0.3 | v1.7.7 | v470.199.02(default),v535.104.12(latest) |
Updated google-guest-configs to 20230929.00.
Fixed CVE-2023-42754 in the Linux kernel.
Fixed CVE-2023-5717 in the Linux kernel.
October 30, 2023
cos-105-17412-226-23
| Kernel | Docker | Containerd | GPU Drivers |
| COS-5.15.133 | v23.0.3 | v1.7.7 | v470.199.02(default),v535.104.12(latest) |
Enable portmapper registration reporting for lsof. This also fixes an issue where lsof is missing from SOS reports.
Updated dev-lang/go to v1.20.9. This resolves CVE-2023-39323.
October 26, 2023
cos-105-17412-226-18
| Kernel | Docker | Containerd | GPU Drivers |
| COS-5.15.133 | v23.0.3 | v1.7.7 | v470.199.02(default),v535.104.12(latest) |
Sync TCPX changes to commit e34a5bbcc20d.
October 24, 2023
cos-105-17412-226-17
| Kernel | Docker | Containerd | GPU Drivers |
| COS-5.15.133 | v23.0.3 | v1.7.7 | v470.199.02(default),v535.104.12(latest) |
Sync TCPX changes to commit 3cac7b2856a0
Updated app-containers/containerd to 1.7.7.
Sync TCPX changes to commit da99a91cffb1
Update latest NVIDIA GPU drivers to 535.104.12.
October 16, 2023
cos-105-17412-226-10
| Kernel | Docker | Containerd | GPU Drivers |
| COS-5.15.133 | v23.0.3 | v1.7.6 | v470.199.02(default),v535.104.05(latest) |
Updated app-containers/containerd to v1.7.6.
Synced TCPX changes to commit 90ce0a6aa201.
Updated cos-gpu-installer to v2.1.9.
Upgraded net-misc/curl to v8.4.0. This resolves CVE-2023-38545.
Fixed CVE-2023-38039 in net-misc/curl.
Fixed CVE-2023-4244 in the Linux kernel.
Fixed CVE-2023-5197 in the Linux kernel.
Fixed CVE-2023-42756 in COS kernel.
Fixed CVE-2023-42753 in the Linux kernel.
October 11, 2023
cos-105-17412-156-69
| Kernel | Docker | Containerd | GPU Drivers |
| COS-5.15.120 | v23.0.3 | v1.7.2 | v470.199.02(default),v535.104.05(latest) |
Upgraded cos-gpu-installer to v2.1.9.
Fixed CVE-2023-38039 in net-misc/curl.
Fixed CVE-2023-42753 in the Linux kernel.
September 26, 2023
cos-105-17412-156-63
| Kernel | Docker | Containerd | GPU Drivers |
| COS-5.15.120 | v23.0.3 | v1.7.2 | v470.199.02(default),v535.104.05 |
Fixed CVE-2023-40217 in the dev-lang/python package.
Fixed CVE-2023-4921 in the Linux kernel.
Fixed CVE-2023-4569 in the Linux kernel.
Fixed CVE-2023-4623 in the Linux kernel.
September 20, 2023
cos-105-17412-156-59
| Kernel | Docker | Containerd | GPU Drivers |
| COS-5.15.120 | v23.0.3 | v1.7.2 | v470.199.02(default),v535.104.05 |
Fixed an issue where IPv6 networking would fail under high CPU load.
September 19, 2023
cos-105-17412-156-57
| Kernel | Docker | Containerd | GPU Drivers |
| COS-5.15.120 | v23.0.3 | v1.7.2 | v470.199.02(default),v535.104.05 |
Updated cos-gpu-installer to v2.1.8.
Fixed CVE-2023-4015, CVE-2023-4622 in the linux kernel.
September 12, 2023
cos-105-17412-156-49
| Kernel | Docker | Containerd | GPU Drivers |
| COS-5.15.120 | v23.0.3 | v1.7.2 | v470.199.02(default),v535.104.05 |
Updated cos-gpu-installer to v2.1.7. Precompiled drivers are now downloaded from COS build artifacts.
Updated latest GPU driver to v535.104.05.
Fixed an issue where symlinks could not be moved.
The get_metadata_value script will now retry if it experiences a connection error.
Fixed an issue with NFS reconnects on GKE.
Updated dev-lang/go to v1.20.8. This resolves CVE-2023-29409.
Fixed the following CVEs in sys-libs/binutils-libs: CVE-2022-47007, CVE-2022-47008, CVE-2022-47010, CVE-2022-47011, CVE-2022-48063, CVE-2022-48064, CVE-2022-48065.
Runtime sysctl changes:
- Added: net.ipv4.tcp_backlog_ack_defer: 1
September 07, 2023
cos-105-17412-156-34
| Kernel | Docker | Containerd | GPU Drivers |
| COS-5.15.120 | v23.0.3 | v1.7.2 | v470.199.02(default),v525.125.06 |
Enabled persistence mode with Nvidia GPU driver installation.
Upgraded sys-fs/mdadm to v4.2. This resolves CVE-2023-28938 and CVE-2023-28736.
Fixed CVE-2023-4016 in sys-process/procps.
August 24, 2023
cos-105-17412-156-30
| Kernel | Docker | Containerd | GPU Drivers |
| COS-5.15.120 | v23.0.3 | v1.7.2 | v470.199.02(default),v525.125.06 |
Fixed a kernel crash in device memory TCP behavior.
Fixed CVE-2023-4128 in the Linux kernel.
Runtime sysctl changes:
- Added: kernel.io_uring_disabled: 0
August 21, 2023
cos-105-17412-156-23
| Kernel | Docker | Containerd | GPU Drivers |
| COS-5.15.120 | v23.0.3 | v1.7.2 | v470.199.02(default),v525.125.06 |
Simplified GPU driver installation by remounting the driver installation path as executable from cos-extensions.
Fixed an issue in systemd where a container out-of-memory event caused all processes in the container to be killed.
Updated dev-libs/openssl to v1.1.1v. This resolves CVE-2023-3817.
Upgrade app-misc/jq to v1.7_pre20201109-r1. This fixes CVE-2016-4074.
Fixed CVE-2023-4147 in the Linux kernel.
Fixed CVE-2023-4194 in the Linux kernel.
August 14, 2023
cos-105-17412-156-15
| Kernel | Docker | Containerd | GPU Drivers |
| COS-5.15.120 | v23.0.3 | v1.7.2 | v470.199.02(default),v525.125.06 |
Update cos-gpu-installer to v2.1.4. This fixes permission issue in GPU driver install directory with OSS drivers.
Fixed CVE-2023-32001 in net-misc/curl.
Fixed CVE-2022-40896 in dev-python/pygments.
Fixed CVE-2023-4004, CVE-2023-3776, CVE-2023-3777, CVE-2023-1206, and CVE-2023-3611 in the Linux kernel.
August 01, 2023
cos-105-17412-156-5
| Kernel | Docker | Containerd | GPU Drivers |
| COS-5.15.120 | v23.0.3 | v1.7.2 | v470.199.02(default),v525.125.06 |
Updated cos-gpu-installer to v2.1.1.
July 21, 2023
cos-105-17412-156-4
| Kernel | Docker | Containerd | GPU Drivers |
| COS-5.15.120 | v23.0.3 | v1.7.2 | v470.199.02(default),v525.125.06 |
Fixed CVE-2023-35001 in the Linux kernel.
Fixed CVE-2023-31248 in the Linux kernel.
Fixed stability issues in the device memory TCP feature.
July 18, 2023
cos-105-17412-156-2
| Kernel | Docker | Containerd | GPU Drivers |
| COS-5.15.120 | v23.0.3 | v1.7.2 | v470.199.02(default),v525.125.06 |
Updated containerd to v1.7.2.
Updated default GPU driver to v470.199.02 and latest GPU driver to v525.125.06. This resolves CVE-2023-25515 and CVE-2023-25516.
Updated open-vm-tools to v12.2.5. This resolves CVE-2023-20867.
Fixed CVE-2023-3609 in the Linux kernel.
July 13, 2023
cos-105-17412-101-51
| Kernel | Docker | Containerd | GPU Drivers |
| COS-5.15.109 | v23.0.3 | v1.7.0 | v470.182.03(default),v525.105.17 |
Fixed CVE-2023-3390 in the Linux kernel.
Fixed CVE-2023-3090 in the Linux kernel.
July 05, 2023
cos-105-17412-101-42
| Kernel | Docker | Containerd | GPU Drivers |
| COS-5.15.109 | v23.0.3 | v1.7.0 | v470.182.03(default),v525.105.17 |
Fixed CVE-2023-3268 in the Linux kernel.
June 29, 2023
cos-105-17412-101-37
| Kernel | Docker | Containerd | GPU Drivers |
| COS-5.15.109 | v23.0.3 | v1.7.0 | v470.182.03(default),v525.105.17 |
Added support for GPUDirect-TCPX.
Runtime sysctl changes:
- Changed: vm.lowmem_reserve_ratio: 256 256 32 0 -> 256 256 32 0 0
June 26, 2023
cos-105-17412-101-36
| Kernel | Docker | Containerd | GPU Drivers |
| COS-5.15.109 | v23.0.3 | v1.7.0 | v470.182.03(default),v525.105.17 |
Updated google-guest-configs to v20230526.00.
Updated toolbox to v20230615.
Updated dev-lang/go to v1.20.5. This fixes CVE-2023-29403, CVE-2023-29402, CVE-2023-29405 and CVE-2023-29404.
Fix CVE-2023-1972 in binutils.
Fix CVE-2023-1972 in binutils-libs.
Fixed CVE-2023-34256 in the Linux kernel.
June 12, 2023
cos-105-17412-101-24
| Kernel | Docker | Containerd | GPU Drivers |
| COS-5.15.109 | v23.0.3 | v1.7.0 | v470.182.03(default),v525.105.17 |
Updated dev-libs/openssl to v1.1.1u. This resolves CVE-2023-2650.
Fixed CVE-2023-24329 in dev-lang/python.
Updated net-misc/curl to v8.1.0-r1. This resolves CVE-2023-28319, CVE-2023-28320, CVE-2023-28321, and CVE-2023-28322.
Fixed CVE-2023-2124 in the Linux kernel.
June 05, 2023
cos-105-17412-101-17
| Kernel | Docker | Containerd | GPU Drivers |
| COS-5.15.109 | v23.0.3 | v1.7.0 | v470.182.03(default),v525.105.17 |
Updated ncurses to v6.4p20220423. This resolves CVE-2023-29491.
May 22, 2023
cos-105-17412-101-13
| Kernel | Docker | Containerd | GPU Drivers |
| COS-5.15.109 | v23.0.3 | v1.7.0 | v470.182.03(default),v525.105.17 |
Updated app-emulation/cloud-init to 23.1.2 which fixes CVE-2023-1786.
Updated app-editors/vim, app-editors/vim-core to v9.0.1562. This resolves CVE-2023-2609, CVE-2023-2610, CVE-2023-2426.
Fixed CVE-2023-32233.
May 09, 2023
cos-105-17412-101-4
| Kernel | Docker | Containerd | GPU Drivers |
| COS-5.15.109 | v23.0.3 | v1.7.0 | v470.182.03(default),v525.105.17 |
Updated app-admin/google-osconfig-agent to v20230403.00.
Updated docker to v23.0.0.
Updated sys-fs/e2fsprogs package to v1.46.6.
Updated docker to v23.0.3.
Updated google-guest-agent to v20230330.00.
Fixes CVE-2015-20107, CVE-2020-10735, CVE-2021-28861, and CVE-2022-45061 in dev-lang/python.
Updated dev-libs/libxml2 to v2.10.4. This resolves CVE-2023-28484.
Updated ncurses to 6.4p20220423. This resolves CVE-2023-29491.
Runtime sysctl changes:
- Added: kernel.ops_limit: 10000
- Added: kernel.warn_limit: 0
- Changed: net.core.bpf_jit_limit: 264241152 -> 528482304
- Changed: net.netfilter.nf_conntrack_sctp_timeout_established: 432000 -> 210
- Changed: vm.mmap_rnd_bits: 32 -> 31
- Deleted: net.netfilter.nf_conntrack_sctp_timeout_heartbeat_acked: 210
May 01, 2023
cos-105-17412-1-75
| Kernel | Docker | Containerd | GPU Drivers |
| COS-5.15.90 | v23.0.0 | v1.7.0 | v470.182.03(default),v525.105.17 |
Fallback to installing compatible drivers when installer is invoked for certain GPU devices and incompatible drivers.
Fixed an issue where chronyd does not restart after failure, resulting in the system time being out of sync.
Upgraded net-misc/curl to v8.0.1. This resolves CVE-2023-27534.
April 25, 2023
cos-105-17412-1-71
| Kernel | Docker | Containerd | GPU Drivers |
| COS-5.15.90 | v23.0.0 | v1.7.0 | v470.182.03(default),v525.105.17 |
Updated containerd to v1.7.0.
Fixed race condition in io_uring in the Linux kernel.
Updated dev-lang/go to v1.20.3. This resolves CVE-2023-24536,CVE-2023-24537,CVE-2023-24538.
cos-105-17412-1-66
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Apr 17, 2023 | COS-5.15.90 | v23.0.0 | v1.7.0-beta.1 | v470.182.03(default),v525.105.17 |
Fixed an issue where pstore is not cleaned at boot time if COS metrics are disabled.
Update default driver to 470.182.03. This resolves CVE CVE-2023-0184, CVE-2023-0189, CVE-2023-0180, CVE-2023-0185, CVE-2023-0187, CVE-2023-0198, CVE-2023-0199, CVE-2023-0188, CVE-2023-0190, CVE-2023-0194, CVE-2023-0195, CVE-2023-0191. Also update latest driver to 525.105.17. This resolves CVE-2023-0184, CVE-2023-0189, CVE-2023-0180, CVE-2023-0183, CVE-2023-0185, CVE-2023-0187, CVE-2023-0198, CVE-2023-0199, CVE-2023-0188, CVE-2023-0190, CVE-2023-0194, CVE-2023-0195, CVE-2023-0191.
Fixed CVE-2023-25809 in app-containers/runc.
Fixed CVE-2023-0465, CVE-2023-0466 in dev-libs/openssl.
Fixed CVE-2023-1652 in the Linux kernel.
cos-105-17412-1-61
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Apr 10, 2023 | COS-5.15.90 | v23.0.0 | v1.7.0-beta.1 | v470.161.03(default),v525.60.13 |
Add support for L4 GPU in cos-gpu-installer and fix cached driver installation for prebuilt driver modules.
Fixed CVE-2023-27561 in app-containers/runc.
Fixed CVE-2023-0464 in dev-libs/openssl.
Upgraded net-misc/openssh package to 9.3. This fixed CVE-2023-28531 in net-misc/openssh.
Fixed CVE-2023-0386 in overlayfs.
cos-105-17412-1-55
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Apr 03, 2023 | COS-5.15.90 | v23.0.0 | v1.7.0-beta.1 | v470.161.03(default),v525.60.13 |
Promoted M105 to stable.
cos-beta-105-17412-1-55
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Mar 27, 2023 | COS-5.15.90 | v23.0.0 | v1.7.0-beta.1 | v470.161.03(default),v525.60.13 |
Added warning to stackdriver logging agent to inform users that they are running a deprecated logging agent.
Removed CONFIG_NET_CLS_TCINDEX kernel config entry.
Updated dev-lang/go to v1.20.2. This resolves CVE-2023-24532.
Updated net-misc/curl to v7.88.1. This resolves CVE-2023-23916.
Fixed CVE-2023-28466 in the Linux kernel.
cos-beta-105-17412-1-44
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Mar 20, 2023 | COS-5.15.90 | v23.0.0 | v1.7.0-beta.1 | v470.161.03(default),v525.60.13 |
Updated docker to v23.0.0.
Added amd_iommu=off in the kernel command line to turn off
AMD IOMMU by default.
Enabled CONFIG_AMD_IOMMU and CONFIG_AMD_IOMMU_V2.
Fixed CVE-2023-23931 in dev-python/cryptography
Updated app-editors/vim,app-editors/vim-core to v9.0.1403. This resolves CVE-2022-4292, CVE-2022-4141, CVE-2023-0049, CVE-2023-0433, CVE-2023-0288, CVE-2023-0512, CVE-2023-1127, CVE-2023-1170, CVE-2023-1175, CVE-2023-1355 and CVE-2023-1264.
Fixed CVE-2022-40320 in dev-libs/confuse.
cos-beta-105-17412-1-37
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Mar 13, 2023 | COS-5.15.90 | v23.0.0rc3 | v1.7.0-beta.1 | v470.161.03(default),v525.60.13 |
Updated containerd to 1.7.0-beta.1.
Allow preloading GPU driver dependencies through cos-extensions for dev-channel images.
Fixed a regression in the Linux kernel that caused listen() to no longer return -EADDRINUSE.
Fixed a use-after-free issue in net/sched in the Linux kernel.
Fixed conntrack issue with random timeouts.
cos-beta-105-17412-1-28
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Mar 06, 2023 | COS-5.15.90 | v23.0.0rc3 | v1.6.18 | v470.161.03(default),v525.60.13 |
Removed support for Rust symbol demangling in google-breakpad.
Updated app-emulation/containerd to v1.6.18. This resolves CVE-2023-25173 and CVE-2023-25153.
Update dev-go/go-tools to 070db2996ebe3aa00667288f8e5749e867deeb39.
Upgraded dev-lang/go to v1.20.
Installed fluent-bit for stackdriver logging in x86 images.
It can be enabled by the metadata google-logging-use-fluentbit=true.
See https://cloud.google.com/container-optimized-os/docs/how-to/logging
for more details.
Fix containers losing access to GPUs with error "Failed to initialize NVML: Unknown error"
Updated dev-go/go-sys to v0.5.0.
Update open-iscsi to 2.1.8 to fix CVE-2020-17437
Updated dev-lang/go to v1.20.1. Updated dev-go/net to v0.7.0. This resolves CVE-2022-41723 and CVE-2022-41725.
Fix CVE-2022-4285 in binutils and CVE-2022-4285 in binutils-libs.
Fixed CVE-2022-48303 in app-arch/tar
Fixed CVE-2023-25136 in net-misc/openssh. Also upgraded net-misc/openssh from 9.1 to 9.2.
Fixed CVE-2022-1304 in the sys-fs/e2fsprogs package.
Fixed CVE-2022-2928 and CVE-2022-2929 in net-misc/dhcp.
Fixed CVE-2022-46663 in sys-apps/less.
Fixed CVE-2021-4122 in sys-fs/cryptsetup. Upgraded sys-fs/cryptsetup from 2.3.4 to 2.4.3.
Update net-fs/cifs-utils to v6.15. Fixes CVE-2022-29869, CVE-2021-20208, and CVE-2022-27239 in net-fs/cifs-utils.
Fixed CVE-2021-27291 and CVE-2021-20270 in dev-python/pygments.
Add prebuilt NVIDIA GPU kernel module installation support using the cos-extensions script/ cos-gpu-installer:v2 container.
cos-beta-105-17412-1-2 (vs Milestone 101)
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Feb 14, 2023 | COS-5.15.90 | v23.0.0rc3 | v1.6.15 | v470.161.03(default),v525.60.13 |
Enabled trusted IMA certificate loading from /etc/ima/pubkey.x509.
Retry starting systemd-networkd permanently in case of failure instead of default limit of 5.
Enabled fluent-bit to use customized configuration.
Moved standalone kubelet runtime to containerd.
Added cni-plugins by default.
Moved containerd default cgroup to systemd.
Added kernel flag to protect stateful partition and support for cryptsetup with AEAD.
Enabled CONFIG_SCHED_CORE and FANOTIFY_ACCESS_PERMISSIONS in the kernel config.
Upgraded Nvidia latest drivers from v510.108.03 to v525.60.13 (OSS).
Updated cos-gpu-installer to v2.0.31. This adds support for gsp_tu10x.bin and gsp_ad10x.bin gsp firmware files and removes the container dependency on python2.
Updated the Linux kernel to v5.15.90.
Updated dev-python/pexpect to v4.8.0.
Updated dev-go/go-tools to v0.1.11.
Upgraded dev-lang/go to v1.19.3.
Updated sys-boot/shim to v15.6.
Upgraded pam to v1.5.2.
Updated libseccomp to v2.5.4.
Upgraded openssh package to v9.1_p1.
Upgraded docker to v23.0.0-rc.3.
Upgraded Python to v3.8 and removed Python 2.
Updated cloud-init to v22.4.
Upgraded nfs-utils to v2.6.2.
Updated built-in kubelet/kubectl to v1.25.5.
Updated localtoast from v1.1.4.3 to v1.1.5.1.
Updated sosreport to v4.4.
Updated sys-apps/apparmor to v3.1.2.
Upgraded systemd to v252.1.
Updated app-emulation/cri-tools to v1.25.0.
Updated stackdriver logging agent to v1.9.9.
Updated app-emulation/docker-credential-helpers to v0.7.0.
Updated sys-apps/shadow to v4.12.3.
Updated sys-apps/makedumpfile to v1.7.2.
Updated app-emulation/runc to v1.1.4.
Updated grub2 to Fedora-38.
Removed Network Time Security support in Chrony.
Updated google-guest-agent to v20220614.00.
Removed the mosys package.
Updated app-admin/sudo to v1.9.12_p1.
Updated app-arch/pigz to v2.7.
Updated app-arch/xz-utils to v5.2.9.
Updated app-editors/vim-core to v9.0.1000.
Updated app-eselect/eselect-awk to v0.4.
Updated app-eselect/eselect-vi to v20221122.
Updated dev-libs/inih to v56-r1.
Updated net-misc/curl to v7.86.0-r3.
Updated sys-apps/file to v5.43-r1.
Updated sys-apps/findutils to v4.9.0-r2.
Updated sys-apps/grep to v3.8-r1.
Updated sys-apps/less to v608-r1.
Updated sys-apps/sed to v4.9.
Updated sys-auth/passwdqc to v2.0.2-r1.
Updated sys-block/thin-provisioning-tools to v0.9.0-r1.
Updated sys-fs/e2fsprogs to v2fsprogs-1.46.5-r4.
Updated sys-libs/libcap to v2.66.
Updated sys-libs/timezone-data to v2022g.
Updated sys-libs/zlib to v1.2.13-r1.
Updated sys-process/lsof to v4.96.4.
Updated virtual/editor to v0-r4.
Fixed an issue where sudo -i is not working correctly.
Updated x11-libs/pixman to v0.42.2. This resolves CVE-2022-44638.
Fixed CVE-2022-40768 and CVE-2022-43750 in the Linux kernel.
Updated app-arch/libarchive to v3.6.1. This resolves CVE-2022-26280.
Fixed CVE-2022-37454 in dev-lang/python.
Fixed CVE-2023-0054 in vim.
Upgraded vim to v9.0.1000. This fixes CVE-2022-4292.
Fixed CVE-2022-3715 in bash.
Runtime sysctl changes:
- Changed: vm.mmap_rnd_bits: 28 -> 32