You can see the latest product updates for all of Google Cloud on the Google Cloud page, browse and filter all release notes in the Google Cloud console, or programmatically access release notes in BigQuery.
To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly.
November 11, 2024
cos-105-17412-495-37
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.167 | v23.0.3 | v1.7.23 | See List |
Fixed CVE-2024-50602 in dev-libs/expat.
Fixed KCTF-2e95c43 in the Linux kernel.
Fixed CVE-2024-50038 in the Linux kernel.
Fixed CVE-2024-50038 in the Linux kernel.
Fixed CVE-2024-50082 in the Linux kernel.
Fixed CVE-2024-50083 in the Linux kernel.
Fixed CVE-2024-50024 in the Linux kernel.
Fixed CVE-2024-50002 in the Linux kernel.
Fixed CVE-2024-49967 in the Linux kernel.
Fixed CVE-2024-50006 in the Linux kernel.
Fixed CVE-2024-49881 in the Linux kernel.
Fixed CVE-2024-49881 in the Linux kernel.
Fixed CVE-2024-50015 in the Linux kernel.
Fixed CVE-2024-50015 in the Linux kernel.
Fixed CVE-2024-50001 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 812681 -> 812709
November 06, 2024
cos-105-17412-495-28
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.167 | v23.0.3 | v1.7.23 | See List |
Added NVIDIA GPU drivers R560 branch - Update R560, latest driver to v560.35.03.
Updated NVIDIA GPU drivers to v535.216.01 for default/R535 and v550.127.05 for R550 for all GPUs. This resolves CVE-2024-0126.
Fixed CVE-2024-47705 in the Linux kernel.
Fixed CVE-2024-47705 in the Linux kernel.
Fixed CVE-2024-49975 in the Linux kernel.
Fixed CVE-2024-49993 in the Linux kernel.
Fixed CVE-2024-50019 in the Linux kernel.
Fixed CVE-2024-50045 in the Linux kernel.
Fixed CVE-2024-47710 in the Linux kernel.
Fixed CVE-2024-47706 in the Linux kernel.
Fixed CVE-2024-49983 in the Linux kernel.
Fixed CVE-2024-50000 in the Linux kernel.
Fixed CVE-2024-50039 in the Linux kernel.
Fixed CVE-2024-49875 in the Linux kernel.
Fixed CVE-2024-49936 in the Linux kernel.
Fixed CVE-2024-47696 in the Linux kernel.
Fixed CVE-2024-47679 in the Linux kernel.
Fixed CVE-2024-50035 in the Linux kernel.
Fixed CVE-2024-49883 in the Linux kernel.
Fixed CVE-2024-49884 in the Linux kernel.
Fixed CVE-2024-49889 in the Linux kernel.
Fixed CVE-2024-49851 in the Linux kernel.
Fixed CVE-2024-47701 in the Linux kernel.
Fixed CVE-2024-47701 in the Linux kernel.
Fixed CVE-2024-50033 in the Linux kernel.
Fixed CVE-2024-49860 in the Linux kernel.
Fixed CVE-2024-47737 in the Linux kernel.
Fixed CVE-2024-47742 in the Linux kernel.
Fixed CVE-2024-47739 in the Linux kernel.
Fixed CVE-2024-49858 in the Linux kernel.
Fixed CVE-2024-50046 in the Linux kernel.
Fixed CVE-2024-47692 in the Linux kernel.
Fixed CVE-2024-47693 in the Linux kernel.
Fixed CVE-2024-47684 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 812685 -> 812681
October 28, 2024
cos-105-17412-495-13
Date | Kernel | Docker | Containerd | GPU Drivers |
Oct 28, 2024 | COS-5.15.167 | v23.0.3 | v1.7.23 | See List |
Upgraded app-admin/google-guest-configs to v20240725.00.
Upgraded app-containers/cni-plugins to v1.5.1.
Updated R550, latest driver to v550.90.12.
Fixed CVE-2024-8096 and CVE-2024-7264 in net-misc/curl.
Fixed CVE-2024-47685 in the Linux kernel.
Fixed CVE-2024-27017 in the Linux kernel.
Fixed CVE-2024-38632 in the Linux kernel.
Fixed CVE-2024-39463 in the Linux kernel.
Fixed CVE-2024-47674 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 812700 -> 812685
October 21, 2024
cos-105-17412-495-4
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.167 | v23.0.3 | v1.7.23 | See List |
This is an LTS Refresh release.
Updated app-containers/containerd to 1.7.23.
Upgraded net-libs/libnetfilter_cttimeout to v1.0.1.
Upgraded app-arch/lz4 to v1.10.0-r1.
Upgraded app-arch/pigz to v2.8.
Upgraded net-libs/libnetfilter_queue to v1.0.5.
Upgraded sys-libs/libcap to v2.70.
Upgraded net-libs/libtirpc to v1.3.4-r3.
Upgraded sys-libs/zlib to v1.3.1-r1.
Upgraded net-libs/libmnl to v1.0.5.
Upgraded net-nds/rpcbind to v1.2.6.
Upgraded sys-libs/gdbm to v1.24.
Upgraded net-libs/libnetfilter_cthelper to v1.0.1-r1.
Upgraded dev-libs/nss to v3.103.
Updated app-arch/libarchive to version 3.7.6. This fixed CVE-2024-48957, CVE-2024-48958.
Fixed CVE-2024-44958 in the Linux kernel.
Fixed CVE-2024-43892 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 812681 -> 812700
October 14, 2024
cos-105-17412-448-66
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.163 | v23.0.3 | v1.7.19 | See List |
Update sosreport to v4.5.4
Fixed CVE-2024-45003 in the Linux kernel.
Fixed CVE-2024-44965 in the Linux kernel.
Fixed CVE-2024-46829 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 812685 -> 812681
October 07, 2024
cos-105-17412-448-61
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.163 | v23.0.3 | v1.7.19 | See List |
Update R535 default driver to v535.183.06.
Updated the GPU installer to v2.4.1.
Fixed CVE-2024-46744 in the Linux kernel.
Fixed CVE-2024-46750 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 812662 -> 812685
September 30, 2024
cos-105-17412-448-57
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.163 | v23.0.3 | v1.7.19 | See List |
Upgraded app-admin/google-guest-configs to v20240725.00.
Fixed A3 Edge VM names in google guest agent configs.
Updated cos-gpu-installer to v2.4.0. It identifies GPU drivers before installation.
Fixed CVE-2024-46763 in the Linux kernel.
Fixed CVE-2024-46679 in the Linux kernel.
Fixed CVE-2024-46721 in the Linux kernel
Fixed CVE-2024-46800 in the Linux kernel
Fixed CVE-2024-46743 in the Linux kernel
Fixed CVE-2024-46738 in the Linux kernel
Fixed CVE-2024-44940 in the Linux kernel
Fixed CVE-2024-42246 in the Linux kernel
September 23, 2024
cos-105-17412-448-49
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.163 | v23.0.3 | v1.7.19 | See List |
Fixed CVE-2024-7592 in dev-lang/python.
Fixed CVE-2024-43817 in the Linux kernel
Fixed CVE-2024-44947 in the Linux kernel
Fixed CVE-2024-45025 in the Linux kernel
Fixed CVE-2024-45018 in the Linux kernel
Fixed CVE-2024-45021 in the Linux kernel
Fixed CVE-2024-41012 in the Linux kernel
Fixed CVE-2024-44983 in the Linux kernel
Fixed CVE-2024-43893 in the Linux kernel
Fixed CVE-2024-43871 in the Linux kernel
Fixed CVE-2024-44952 in the Linux kernel
Runtime sysctl changes:
- Changed: fs.file-max: 812685 -> 812689
September 16, 2024
cos-105-17412-448-36
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.163 | v23.0.3 | v1.7.19 | See List |
Fixed CVE-2024-6232 in dev-lang/python and upgraded to v3.8.19 which fixes CVE-2007-4559.
Updated dev-libs/expat to v2.6.3. This fixed CVE-2024-45492, CVE-2024-45490, CVE-2024-45491.
Fixed CVE-2023-7256 in net-libs/libpcap.
Fixed CVE-2024-43914 in the Linux kernel
Fixed CVE-2024-44944 in the Linux kernel
Fixed CVE-2024-43853 in the Linux kernel
Fixed CVE-2024-44985 in the Linux kernel
Fixed CVE-2024-43882 in the Linux kernel
Fixed CVE-2024-44986 in the Linux kernel
Fixed CVE-2024-44987 in the Linux kernel
September 09, 2024
cos-105-17412-448-29
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.163 | v23.0.3 | v1.7.19 | See List |
Fixes CVE-2024-37370, CVE-2024-37371 in app-crypt/mit-krb5.
Fixes CVE-2024-43889 in the Linux kernel.
Fixes CVE-2024-43828 in the Linux kernel.
Fixes CVE-2024-43856 in the Linux kernel.
Fixes CVE-2024-44934 in the Linux kernel.
Fixes CVE-2024-41073 in the Linux kernel.
Fixes CVE-2024-42302 in the Linux kernel.
Fixes CVE-2024-43854 in the Linux kernel.
Fixes CVE-2024-41098 in Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 812696 -> 812685
- Changed: net.ipv4.tcp_rto_min_us: 200000 -> 5000
September 03, 2024
cos-105-17412-448-22
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.163 | v23.0.3 | v1.7.19 | See List |
Updated app-editors/vim, app-editors/vim-core to version 9.1.0686. This fixed CVE-2024-41957, CVE-2024-41965.
Fixed CVE-2023-52889 in the Linux kernel.
Fixed CVE-2024-42285 in the Linux kernel.
Fixed CVE-2024-42269 in the Linux kernel.
Fixed CVE-2024-42283 in the Linux kernel.
Fixed CVE-2024-42270 in the Linux kernel.
Fixed KCTF-c07ff85 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 812685 -> 812696
August 26, 2024
cos-105-17412-448-16
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.163 | v23.0.3 | v1.7.19 | See List |
Fixed CVE-2023-0597 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 812707 -> 812685
- Changed: kernel.threads-max: 63552 -> 63551
- Changed: net.ipv4.tcp_mem: 94140 125520 188280 -> 94137 125519 188274
- Changed: net.ipv4.udp_mem: 188280 251041 376560 -> 188277 251039 376554
- Changed: user.max_cgroup_namespaces: 31776 -> 31775
- Changed: user.max_ipc_namespaces: 31776 -> 31775
- Changed: user.max_mnt_namespaces: 31776 -> 31775
- Changed: user.max_net_namespaces: 31776 -> 31775
- Changed: user.max_pid_namespaces: 31776 -> 31775
- Changed: user.max_time_namespaces: 31776 -> 31775
- Changed: user.max_user_namespaces: 31776 -> 31775
- Changed: user.max_uts_namespaces: 31776 -> 31775
August 20, 2024
cos-105-17412-448-12
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.163 | v23.0.3 | v1.7.19 | See List |
Fixed CVE-2024-6602 in dev-libs/nss.
Runtime sysctl changes:
- Added: vm.unprivileged_userfaultfd: 0
- Changed: fs.file-max: 812708 -> 812707
August 12, 2024
cos-105-17412-448-8
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.163 | v23.0.3 | v1.7.19 | v470.256.02(default),v550.90.07(latest) |
This is an LTS Refresh release.
Updated app-admin/google-guest-configs to 20240607.00.
Updated app-containers/containerd to 1.7.19.
Upgraded app-containers/cni-plugins to v1.4.1.
Upgraded sys-auth/pambase to v20240128.
Upgraded sys-apps/gentoo-functions to v0.19.
Upgraded dev-libs/nss to v3.100.
Upgraded dev-libs/re2 to v0.2022.12.01.
Upgraded app-arch/unzip to v6.0_p27-r1.
Upgraded dev-python/six to v1.16.0-r1.
Upgraded dev-python/netifaces to v0.11.0-r2.
Upgraded dev-lang/python-exec to v2.4.10.
Enabled the feature to utilize the gpu_driver_versions proto
file for controlling the specific GPU driver version to be installed for each GPU type.
Updated cos-gpu-installer to v2.3.5 - Improved error messaging for incompatible GPU driver input.
Removed crash-reporter KVM support.
Removed dev-go/grpc.
Disable NVIDIA persistence mode with -no-verify flag.
Fixed CVE-2024-2511, CVE-2024-4741, CVE-2024-5535 in dev-libs/openssl.
Fixed CVE-2023-5678 in dev-libs/openssl.
Upgraded curl to v8.9.0. This fixes CVE-2024-6197.
Fixed CVE-2024-6345 in dev-python/setuptools.
Fixed CVE-2024-39894 in openssh.
Fixed CVE-2024-39472 in the Linux kernel.
Fixed CVE-2024-38577 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 812698 -> 812708
July 22, 2024
cos-105-17412-370-78
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.154 | v23.0.3 | v1.7.15 | v470.256.02(default),v550.90.07(latest) |
Fixed CVE-2024-39482 in the Linux kernel
Fixed CVE-2024-39476 in the Linux kernel
Runtime sysctl changes:
- Changed: fs.file-max: 812694 -> 812698
July 15, 2024
cos-105-17412-370-75
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.154 | v23.0.3 | v1.7.15 | v470.256.02(default),v550.90.07(latest) |
Upgraded app-admin/logrotate to v3.22.0.
Upgraded dev-libs/libusb to v1.0.27-r1.
Upgraded sys-apps/dmidecode to v3.6.
Upgraded sys-apps/grep to v3.11-r1.
Upgraded app-shells/dash to v0.5.12.
Upgraded sys-apps/attr to v2.5.2-r1.
Upgraded sys-apps/diffutils to v3.10.
Upgraded net-dns/libidn2 to v2.3.7.
Upgraded net-misc/wget to v1.21.4.
Upgraded app-misc/mime-types to v2.1.54.
Upgraded net-analyzer/netcat to v110.20180111-r2.
Updated cos-gpu-installer to v2.3.5.
Added the package revision number to the SSH banner in net-misc/openssh.
Fixed CVE-2024-24790 and CVE-2024-24789 in dev-lang/go.
Updated net-misc/wget to v1.24.5. This fixed CVE-2024-38428.
Fixed CVE-2024-36978 in the Linux kernel.
July 01, 2024
cos-105-17412-370-67
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.154 | v23.0.3 | v1.7.15 | v470.256.02(default),v550.90.07(latest) |
Fixed CVE-2024-35195 in dev-python/requests.
Fixed CVE-2024-38662 in the Linux kernel.
Runtime sysctl changes:
- Added: net.ipv4.tcp_rto_min_us: 200000
- Changed: fs.file-max: 812707 -> 812700
Fixed CVE-2024-6387 in net-misc/openssh.
June 24, 2024
cos-105-17412-370-61
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.154 | v23.0.3 | v1.7.15 | v470.256.02(default),v550.90.07(latest) |
Fixed CVE-2024-26584 in the Linux kernel.
Fixed CVE-2024-26583 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 812704 -> 812707
Fixed a crash in the Linux kernel.
June 18, 2024
cos-105-17412-370-58
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.154 | v23.0.3 | v1.7.15 | v470.256.02(default),v550.90.07(latest) |
Update R550, latest driver to v550.90.07.This fixes CVE‑2024‑0090, CVE‑2024‑0091, CVE‑2024‑0092 Update R535 to v535.183.01.This fixes CVE‑2024‑0090, CVE‑2024‑0092 Update R470, default driver to v470.256.02.This fixes CVE‑2024‑0090, CVE‑2024‑0092
Upgraded app-arch/libarchive to version 3.7.4. Fixes CVE-2024-26256.
Upgraded app-arch/lz4 to 1.9.4. Fixes CVE-2021-3520.
Fixes CVE-2024-36902 in the Linux kernel.
Fixes CVE-2024-36938 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 812695 -> 812704
June 10, 2024
cos-105-17412-370-54
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.154 | v23.0.3 | v1.7.15 | v470.239.06(default),v550.54.15(latest) |
Fixed frequent restarts in fluent-bit stackdriver plugin.
Updated cos-gpu-installer to v2.3.3. This resolves potential synchronization issues and ensures proper cleanup of mounts in GPU driver installation directory configuration.
Updated cos-gpu-installer to v2.3.4. This fixes CVEs: CVE-2023-29402, CVE-2023-29405, CVE-2023-29404, CVE-2023-24540, CVE-2023-24538, CVE-2022-41721, GHSA-m425-mq94-257g, CVE-2022-41715, CVE-2022-30633, CVE-2022-41724, CVE-2022-2880, CVE-2022-30631, CVE-2021-29923, CVE-2022-24675, CVE-2022-30580, CVE-2022-41723, CVE-2023-24534, CVE-2022-41725, CVE-2022-2879, CVE-2023-24539, CVE-2022-30635, CVE-2023-45285, CVE-2022-32149, CVE-2023-24537, CVE-2022-32189, CVE-2022-28131, CVE-2023-39323, CVE-2022-28327, CVE-2022-30630, CVE-2023-44487, CVE-2023-39325, CVE-2022-27664, CVE-2023-45287, CVE-2023-29400, CVE-2023-24536, CVE-2023-29403, CVE-2022-30632, CVE-2023-39318, CVE-2020-29511, CVE-2024-24786, CVE-2023-3978, CVE-2022-41717, CVE-2022-32148, CVE-2023-39326, CVE-2023-45288, CVE-2022-1962, CVE-2023-24532, CVE-2023-39319, CVE-2022-1705, CVE-2020-29509, CVE-2023-29406, CVE-2023-29409, CVE-2022-30629
Fixed CVE-2024-27020, CVE-2024-27015, CVE-2024-27016, CVE-2024-27013, CVE-2024-27018, CVE-2024-36008, CVE-2024-27019 and CVE-2024-27020 in the Linux kernel
Runtime sysctl changes:
- Changed: fs.file-max: 812685 -> 812695
June 03, 2024
cos-105-17412-370-44
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.154 | v23.0.3 | v1.7.15 | v470.239.06(default),v550.54.15(latest) |
Updated cos-gpu-installer to v2.3.2.
Fixed CVE-2024-34459 in the libxml2 package.
Fixed a bug in auto update engine when confidential VMs are enabled.
May 28, 2024
cos-105-17412-370-39
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.154 | v23.0.3 | v1.7.15 | v470.239.06(default),v550.54.15(latest) |
Improved boot time on A3 machines by around 5 seconds.
Fixed system-accounts-secured benchmark by changing the system account range used in the benchmark.
Fixed CVE-2024-21626 in github.com/opencontainers/runc in kubelet.
Updated dev-vcs/git to v2.45.1. This resolves CVE-2024-32002, CVE-2024-32020, CVE-2024-32465, CVE-2024-32004, CVE-2024-32021.
Runtime sysctl changes:
- Changed: fs.file-max: 813024 -> 812685
May 20, 2024
cos-105-17412-370-34
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.154 | v23.0.3 | v1.7.15 | v470.239.06(default),v550.54.15(latest) |
Updated cos-gpu-installer to v2.3.1.
Upgraded app-eselect/eselect-iptables to v20220320.
Upgraded sys-libs/timezone-data to v2024a-r1.
May 13, 2024
cos-105-17412-370-29
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.154 | v23.0.3 | v1.7.15 | v470.239.06(default),v550.54.15(latest) |
Fixed CVE-2024-26900 in the Linux kernel.
May 06, 2024
cos-105-17412-370-23
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.154 | v23.0.3 | v1.7.15 | v470.239.06(default),v550.54.15(latest) |
Upgraded sys-apps/makedumpfile to v1.7.5.
Updated cos-gpu-installer to v2.3.0.
Fixed CVE-2023-0687, CVE-2024-2961, CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602 in sys-libs/glibc.
Fixed CVE-2021-37600, CVE-2021-3995, CVE-2021-3996 in sys-apps/util-linux.
Updated net-dns/c-ares to v1.27. This fixed CVE-2024-25629.
Fixed CVE-2023-32681 in dev-python/requests.
Fixed CVE-2024-26921 in the Linux kernel.
April 30, 2024
cos-105-17412-370-14
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.154 | v23.0.3 | v1.7.15 | v470.239.06(default),v550.54.15(latest) |
This is an LTS Refresh release.
Updated app-emulation/containerd to v1.7.15.
Included nvidia plugin in sosreport.
Updated cos-gpu-installer to v2.1.11. Added major version specification for GPU driver installation.
Fixed CVE-2023-4641 in sys-apps/shadow.
Fixed CVE-2023-50387, CVE-2023-50868, CVE-2023-7008 in sys-apps/systemd.
Fixed CVE-2023-0767, CVE-2023-5388, CVE-2023-6135, CVE-2024-0743 in dev-libs/nss.
Updated net-dns/c-ares to v1.19.1. This fixed CVE-2022-4904, CVE-2023-31124, CVE-2023-31130, CVE-2023-31147, CVE-2023-32067
Updated dev-python/pyyaml to v5.4.1. This fixed CVE-2017-18342, CVE-2019-20477, CVE-2020-14343, CVE-2020-1747.
Updated app-arch/tar to v1.35. This fixed CVE-2023-39804.
Updated dev-vcs/git to v2.44.0. This fixed CVE-2022-23521, CVE-2022-24765, CVE-2022-29187, CVE-2022-39253, CVE-2022-39260, CVE-2022-41903, CVE-2023-22490, CVE-2023-23946, CVE-2023-25652, CVE-2023-25815, CVE-2023-29007.
Updated net-misc/curl to v8.7.1. This fixed CVE-2024-2004, CVE-2024-2379, CVE-2024-2398, CVE-2024-2466.
Updated dev-libs/expat to v2.6.2. This fixed CVE-2022-40674, CVE-2022-43680, CVE-2023-52425, CVE-2023-52426, CVE-2024-28757.
Updated app-admin/sudo to v1.9.15_p5. This fixed CVE-2022-43995, CVE-2023-22809, CVE-2023-27320, CVE-2023-28486, CVE-2023-28487, CVE-2023-42465.
Fixed CVE-2024-28182 in net-libs/nghttp2.
Fixed CVE-2024-26808 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 813029 -> 813024
- Changed: net.ipv6.route.max_size: 4096 -> 2147483647
Fixed issues with the SRSO vulnerability mitigation (CVE-2023-20569). This fix might negatively impact the performance of your workloads on AMD machine types.
April 23, 2024
cos-105-17412-294-68
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.146 | v23.0.3 | v1.7.13 | v470.239.06(default),v550.54.15(latest) |
Fixed a crash during CIFS volumes mount.
Fixed CVE-2024-26642 in the Linux kernel.
April 15, 2024
cos-105-17412-294-66
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.146 | v23.0.3 | v1.7.13 | v470.239.06(default),v550.54.15(latest) |
Updated NVIDIA GPU drivers to v550.54.15. Fixed a potential corruption when launching kernels on H100 GPUs, which is more likely to occur when the GPU is shared between multiple processes.
Updated NVIDIA GPU drivers to v535.161.08. Fixed a potential corruption when launching kernels on H100 GPUs.
Fixed CVE-2024-26642,CVE-2024-26643 in the Linux kernel.
April 04, 2024
cos-105-17412-294-62
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.146 | v23.0.3 | v1.7.13 | v470.239.06(default),v550.54.14(latest) |
Updated app-emulation/containerd to 1.7.13.
Upgraded net-misc/chrony to v4.5.
Upgraded sys-apps/makedumpfile to v1.7.4.
Upgraded app-admin/node-problem-detector to v0.8.17.
Upgraded app-admin/localtoast to v1.1.7.
Add NVIDIA GPU drivers R550 branch and update latest to 550.54.14.
Downgraded app-admin/localtoast to v1.1.5.
Fix bug in google-guest-agent service enablement.
Fixed CVE-2024-26591 in the Linux kernel.
Fixed CVE-2024-26589 in the Linux kernel
Fixed CVE-2024-26585 in the Linux kernel.
Fixed CVE-2023-52439 in the Linux kernel.
Fixed CVE-2023-52434 in the Linux kernel.
March 27, 2024
cos-105-17412-294-48
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.146 | v23.0.3 | v1.7.10 | v470.239.06(default),v535.161.07(latest) |
Fixed CVE-2023-52435 in the Linux kernel.
Fixed CVE-2023-52443 in the Linux kernel.
March 20, 2024
cos-105-17412-294-46
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.146 | v23.0.3 | v1.7.10 | v470.239.06(default),v535.161.07(latest) |
Upgraded app-editors/vim to v9.0.2167, Upgraded app-editors/vim-core to v9.0.2167.
Fixed CVE-2024-0727 in dev-libs/openssl.
Updated app-editors/vim to 9.0.2167. This fixed CVE-2023-48231, CVE-2023-48232, CVE-2023-48233, CVE-2023-48234, CVE-2023-48235, CVE-2023-48236, CVE-2023-48237, CVE-2023-48706, CVE-2024-22667.
Fixed CVE-2023-52447 in the Linux kernel.
March 11, 2024
cos-105-17412-294-40
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.146 | v23.0.3 | v1.7.10 | v470.239.06(default),v535.161.07(latest) |
Updated cos-gpu-installer to v2.2.1. Fixed cached driver installation error with network disabled. Added force-fallback flag, major version specification for GPU driver installation and fixed ordering of kernel module loading for nvidia-modeset and nvidia-drm
Updated NVIDIA GPU drivers to v470.239.06 and v535.161.07. This fixes CVE‑2024‑0074, CVE-2024-0075 and CVE-2022-42265.
March 06, 2024
cos-105-17412-294-36
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.146 | v23.0.3 | v1.7.10 | v470.223.02 (default),v535.154.05(latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Fixed CVE-2024-23851 in the Linux kernel.
February 27, 2024
cos-105-17412-294-34
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.146 | v23.0.3 | v1.7.10 | v470.223.02 (default),v535.154.05(latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Fixed CVE-2024-26581 in the Linux kernel.
February 20, 2024
cos-105-17412-294-29
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.146 | v23.0.3 | v1.7.10 | v470.223.02 (default),v535.154.05(latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Fixed CVE-2024-24557 in app-emulation/docker.
Upgraded net-misc/curl to v8.6.0. This fixes CVE-2024-0853.
Updated dev-libs/libxml2 to v2.11.7. This fixes CVE-2024-25062.
Fixed CVE-2022-3566 in the Linux kernel.
Fixed CVE-2022-3567 in the Linux kernel.
February 12, 2024
cos-105-17412-294-23
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.146 | v23.0.3 | v1.7.10 | v470.223.02 (default),v535.154.05(latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Fixed CVE-2023-40546, CVE-2023-40548, CVE-2023-40549 , CVE-2023-40551, CVE-2023-40547 and CVE-2023-40550 in sys-boot/shim.
Fixed CVE-2023-5678 in dev-libs/openssl.
Fixed CVE-2024-1085 , CVE-2024-1086 and CVE-2023-46838 in the Linux kernel.
Fragmented nvidia-drivers and nvidia-drivers-open pkg into separate packages per major version.
February 05, 2024
cos-105-17412-294-13
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.146 | v23.0.3 | v1.7.10 | v470.223.02 (default),v535.154.05(latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Update latest NVIDIA GPU driver to v535.154.05.
Fixed CVE-2023-6915 in the Linux kernel.
January 31, 2024
cos-105-17412-294-10
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.146 | v23.0.3 | v1.7.10 | v470.223.02 (default),v535.129.03(latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Updated cos-gpu-installer to v2.1.10.
Backported support for TCP RTO configuration in networkd.
Added kernel compatibility with iptables-nft.
Fixed CVE-2024-22195 in dev-python/jinja.
Fixed CVE-2024-21626 in app-emulation/runc.
Fixed CVE-2024-0646 in the Linux kernel.
Fixed CVE-2023-6040 in the Linux kernel.
Runtime sysctl changes:
- Added: net.ipv6.conf.all.accept_ra_min_lft: 0
- Added: net.ipv6.conf.default.accept_ra_min_lft: 0
- Added: net.ipv6.conf.docker0.accept_ra_min_lft: 0
- Added: net.ipv6.conf.eth0.accept_ra_min_lft: 0
- Added: net.ipv6.conf.lo.accept_ra_min_lft: 0
- Added: net.netfilter.nf_flowtable_tcp_timeout: 30
- Added: net.netfilter.nf_flowtable_udp_timeout: 30
- Changed: fs.file-max: 813031 -> 813029
January 16, 2024
cos-105-17412-226-68
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.133 | v23.0.3 | v1.7.10 | v470.223.02 (default),v535.129.03(latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Upgraded dev-db/sqlite to v3.44.2-r2. This fixes CVE-2023-7104.
January 08, 2024
cos-105-17412-226-67
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.133 | v23.0.3 | v1.7.10 | v470.223.02 (default),v535.129.03(latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Updated net-misc/openssh to v9.6_p1-r1.
Updated dev-lang/go to v1.20.12. This resolves CVE-2023-45285 and CVE-2023-39326.
Upgraded sys-apps/dbus to v1.12.28. This fixes CVE-2023-34969, CVE-2022-42012, CVE-2022-42011 and CVE-2022-42010.
Runtime sysctl changes:
- Changed: net.core.optmem_max: 20480 -> 131072
January 02, 2024
cos-105-17412-226-62
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.133 | v23.0.3 | v1.7.10 | v470.223.02 (default),v535.129.03(latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Updated docker-credential-gcr to v2.1.21.
Updated net-misc/curl to v8.5.0. This resolves CVE-2023-46218.
Fixed CVE-2023-6817 in the Linux kernel.
Fixed CVE-2023-6931 in the Linux kernel.
Fixed CVE-2023-6932 in the Linux kernel.
December 19, 2023
cos-105-17412-226-52
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.133 | v23.0.3 | v1.7.10 | v470.223.02 (default),v535.129.03(latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Updated app-containers/containerd to 1.7.10.
Fixed a container performance issue that occurred after
running systemctl start cloud-audit-setup
.
Fixed CVE-2023-6622 in the Linux kernel.
Fixed CVE-2023-6111 in the Linux kernel.
December 04, 2023
cos-105-17412-226-43
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.133 | v23.0.3 | v1.7.7 | v470.223.02 (default),v535.129.03(latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Backported support for TCP RTO configuration in networkd.
Fixed CVE-2023-46862 in the Linux kernel.
November 29, 2023
cos-105-17412-226-41
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.133 | v23.0.3 | v1.7.7 | v470.223.02 (default),v535.129.03(latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Updated NVIDIA GPU drivers. This resolves CVE-2023-31022.
Updated dev-libs/libxml2 to v2.11.5. This resolves CVE-2023-45322.
Updated app-editors/vim, app-editors/vim-core to v9.0.2092. This resolves CVE-2023-4733, CVE-2023-4734, CVE-2023-4735, CVE-2023-4736 CVE-2023-4738, CVE-2023-4750, CVE-2023-4752, CVE-2023-4781 CVE-2023-5344, CVE-2023-5441 and CVE-2023-5535.
Fixed CVE-2023-46813 in the Linux kernel.
November 09, 2023
cos-105-17412-226-34
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.133 | v23.0.3 | v1.7.7 | v470.199.02(default),v535.104.12(latest) |
Sync TCPX changes to commit 2e6e06f61bdb
Update dev-lang/go to 1.20.10. This resolves CVE-2023-44487, CVE-2023-39325.
Updated net-libs/nghttp2 to v1.57.0. This resolves CVE-2023-44487 and CVE-2023-35945.
November 07, 2023
cos-105-17412-226-28
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.133 | v23.0.3 | v1.7.7 | v470.199.02(default),v535.104.12(latest) |
Updated google-guest-configs to 20230929.00.
Fixed CVE-2023-42754 in the Linux kernel.
Fixed CVE-2023-5717 in the Linux kernel.
October 30, 2023
cos-105-17412-226-23
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.133 | v23.0.3 | v1.7.7 | v470.199.02(default),v535.104.12(latest) |
Enable portmapper registration reporting for lsof. This also fixes an issue where lsof
is missing from SOS reports.
Updated dev-lang/go to v1.20.9. This resolves CVE-2023-39323.
October 26, 2023
cos-105-17412-226-18
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.133 | v23.0.3 | v1.7.7 | v470.199.02(default),v535.104.12(latest) |
Sync TCPX changes to commit e34a5bbcc20d.
October 24, 2023
cos-105-17412-226-17
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.133 | v23.0.3 | v1.7.7 | v470.199.02(default),v535.104.12(latest) |
Sync TCPX changes to commit 3cac7b2856a0
Updated app-containers/containerd to 1.7.7.
Sync TCPX changes to commit da99a91cffb1
Update latest NVIDIA GPU drivers to 535.104.12.
October 16, 2023
cos-105-17412-226-10
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.133 | v23.0.3 | v1.7.6 | v470.199.02(default),v535.104.05(latest) |
Updated app-containers/containerd to v1.7.6.
Synced TCPX changes to commit 90ce0a6aa201.
Updated cos-gpu-installer to v2.1.9.
Upgraded net-misc/curl to v8.4.0. This resolves CVE-2023-38545.
Fixed CVE-2023-38039 in net-misc/curl.
Fixed CVE-2023-4244 in the Linux kernel.
Fixed CVE-2023-5197 in the Linux kernel.
Fixed CVE-2023-42756 in COS kernel.
Fixed CVE-2023-42753 in the Linux kernel.
October 11, 2023
cos-105-17412-156-69
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.120 | v23.0.3 | v1.7.2 | v470.199.02(default),v535.104.05(latest) |
Upgraded cos-gpu-installer to v2.1.9.
Fixed CVE-2023-38039 in net-misc/curl.
Fixed CVE-2023-42753 in the Linux kernel.
September 26, 2023
cos-105-17412-156-63
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.120 | v23.0.3 | v1.7.2 | v470.199.02(default),v535.104.05 |
Fixed CVE-2023-40217 in the dev-lang/python package.
Fixed CVE-2023-4921 in the Linux kernel.
Fixed CVE-2023-4569 in the Linux kernel.
Fixed CVE-2023-4623 in the Linux kernel.
September 20, 2023
cos-105-17412-156-59
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.120 | v23.0.3 | v1.7.2 | v470.199.02(default),v535.104.05 |
Fixed an issue where IPv6 networking would fail under high CPU load.
September 19, 2023
cos-105-17412-156-57
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.120 | v23.0.3 | v1.7.2 | v470.199.02(default),v535.104.05 |
Updated cos-gpu-installer to v2.1.8.
Fixed CVE-2023-4015, CVE-2023-4622 in the linux kernel.
September 12, 2023
cos-105-17412-156-49
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.120 | v23.0.3 | v1.7.2 | v470.199.02(default),v535.104.05 |
Updated cos-gpu-installer to v2.1.7. Precompiled drivers are now downloaded from COS build artifacts.
Updated latest GPU driver to v535.104.05.
Fixed an issue where symlinks could not be moved.
The get_metadata_value
script will now retry if it experiences a connection error.
Fixed an issue with NFS reconnects on GKE.
Updated dev-lang/go to v1.20.8. This resolves CVE-2023-29409.
Fixed the following CVEs in sys-libs/binutils-libs: CVE-2022-47007, CVE-2022-47008, CVE-2022-47010, CVE-2022-47011, CVE-2022-48063, CVE-2022-48064, CVE-2022-48065.
Runtime sysctl changes:
- Added: net.ipv4.tcp_backlog_ack_defer: 1
September 07, 2023
cos-105-17412-156-34
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.120 | v23.0.3 | v1.7.2 | v470.199.02(default),v525.125.06 |
Enabled persistence mode with Nvidia GPU driver installation.
Upgraded sys-fs/mdadm to v4.2. This resolves CVE-2023-28938 and CVE-2023-28736.
Fixed CVE-2023-4016 in sys-process/procps.
August 24, 2023
cos-105-17412-156-30
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.120 | v23.0.3 | v1.7.2 | v470.199.02(default),v525.125.06 |
Fixed a kernel crash in device memory TCP behavior.
Fixed CVE-2023-4128 in the Linux kernel.
Runtime sysctl changes:
- Added: kernel.io_uring_disabled: 0
August 21, 2023
cos-105-17412-156-23
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.120 | v23.0.3 | v1.7.2 | v470.199.02(default),v525.125.06 |
Simplified GPU driver installation by remounting the driver installation path as executable from cos-extensions.
Fixed an issue in systemd where a container out-of-memory event caused all processes in the container to be killed.
Updated dev-libs/openssl to v1.1.1v. This resolves CVE-2023-3817.
Upgrade app-misc/jq to v1.7_pre20201109-r1. This fixes CVE-2016-4074.
Fixed CVE-2023-4147 in the Linux kernel.
Fixed CVE-2023-4194 in the Linux kernel.
August 14, 2023
cos-105-17412-156-15
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.120 | v23.0.3 | v1.7.2 | v470.199.02(default),v525.125.06 |
Update cos-gpu-installer to v2.1.4. This fixes permission issue in GPU driver install directory with OSS drivers.
Fixed CVE-2023-32001 in net-misc/curl.
Fixed CVE-2022-40896 in dev-python/pygments.
Fixed CVE-2023-4004, CVE-2023-3776, CVE-2023-3777, CVE-2023-1206, and CVE-2023-3611 in the Linux kernel.
August 01, 2023
cos-105-17412-156-5
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.120 | v23.0.3 | v1.7.2 | v470.199.02(default),v525.125.06 |
Updated cos-gpu-installer to v2.1.1.
July 21, 2023
cos-105-17412-156-4
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.120 | v23.0.3 | v1.7.2 | v470.199.02(default),v525.125.06 |
Fixed CVE-2023-35001 in the Linux kernel.
Fixed CVE-2023-31248 in the Linux kernel.
Fixed stability issues in the device memory TCP feature.
July 18, 2023
cos-105-17412-156-2
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.120 | v23.0.3 | v1.7.2 | v470.199.02(default),v525.125.06 |
Updated containerd to v1.7.2.
Updated default GPU driver to v470.199.02 and latest GPU driver to v525.125.06. This resolves CVE-2023-25515 and CVE-2023-25516.
Updated open-vm-tools to v12.2.5. This resolves CVE-2023-20867.
Fixed CVE-2023-3609 in the Linux kernel.
July 13, 2023
cos-105-17412-101-51
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.109 | v23.0.3 | v1.7.0 | v470.182.03(default),v525.105.17 |
Fixed CVE-2023-3390 in the Linux kernel.
Fixed CVE-2023-3090 in the Linux kernel.
July 05, 2023
cos-105-17412-101-42
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.109 | v23.0.3 | v1.7.0 | v470.182.03(default),v525.105.17 |
Fixed CVE-2023-3268 in the Linux kernel.
June 29, 2023
cos-105-17412-101-37
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.109 | v23.0.3 | v1.7.0 | v470.182.03(default),v525.105.17 |
Added support for GPUDirect-TCPX.
Runtime sysctl changes:
- Changed: vm.lowmem_reserve_ratio: 256 256 32 0 -> 256 256 32 0 0
June 26, 2023
cos-105-17412-101-36
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.109 | v23.0.3 | v1.7.0 | v470.182.03(default),v525.105.17 |
Updated google-guest-configs to v20230526.00.
Updated toolbox to v20230615.
Updated dev-lang/go to v1.20.5. This fixes CVE-2023-29403, CVE-2023-29402, CVE-2023-29405 and CVE-2023-29404.
Fix CVE-2023-1972 in binutils.
Fix CVE-2023-1972 in binutils-libs.
Fixed CVE-2023-34256 in the Linux kernel.
June 12, 2023
cos-105-17412-101-24
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.109 | v23.0.3 | v1.7.0 | v470.182.03(default),v525.105.17 |
Updated dev-libs/openssl to v1.1.1u. This resolves CVE-2023-2650.
Fixed CVE-2023-24329 in dev-lang/python.
Updated net-misc/curl to v8.1.0-r1. This resolves CVE-2023-28319, CVE-2023-28320, CVE-2023-28321, and CVE-2023-28322.
Fixed CVE-2023-2124 in the Linux kernel.
June 05, 2023
cos-105-17412-101-17
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.109 | v23.0.3 | v1.7.0 | v470.182.03(default),v525.105.17 |
Updated ncurses to v6.4p20220423. This resolves CVE-2023-29491.
May 22, 2023
cos-105-17412-101-13
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.109 | v23.0.3 | v1.7.0 | v470.182.03(default),v525.105.17 |
Updated app-emulation/cloud-init to 23.1.2 which fixes CVE-2023-1786.
Updated app-editors/vim, app-editors/vim-core to v9.0.1562. This resolves CVE-2023-2609, CVE-2023-2610, CVE-2023-2426.
Fixed CVE-2023-32233.
May 09, 2023
cos-105-17412-101-4
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.109 | v23.0.3 | v1.7.0 | v470.182.03(default),v525.105.17 |
Updated app-admin/google-osconfig-agent to v20230403.00.
Updated docker to v23.0.0.
Updated sys-fs/e2fsprogs package to v1.46.6.
Updated docker to v23.0.3.
Updated google-guest-agent to v20230330.00.
Fixes CVE-2015-20107, CVE-2020-10735, CVE-2021-28861, and CVE-2022-45061 in dev-lang/python.
Updated dev-libs/libxml2 to v2.10.4. This resolves CVE-2023-28484.
Updated ncurses to 6.4p20220423. This resolves CVE-2023-29491.
Runtime sysctl changes:
- Added: kernel.ops_limit: 10000
- Added: kernel.warn_limit: 0
- Changed: net.core.bpf_jit_limit: 264241152 -> 528482304
- Changed: net.netfilter.nf_conntrack_sctp_timeout_established: 432000 -> 210
- Changed: vm.mmap_rnd_bits: 32 -> 31
- Deleted: net.netfilter.nf_conntrack_sctp_timeout_heartbeat_acked: 210
May 01, 2023
cos-105-17412-1-75
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.90 | v23.0.0 | v1.7.0 | v470.182.03(default),v525.105.17 |
Fallback to installing compatible drivers when installer is invoked for certain GPU devices and incompatible drivers.
Fixed an issue where chronyd does not restart after failure, resulting in the system time being out of sync.
Upgraded net-misc/curl to v8.0.1. This resolves CVE-2023-27534.
April 25, 2023
cos-105-17412-1-71
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.90 | v23.0.0 | v1.7.0 | v470.182.03(default),v525.105.17 |
Updated containerd to v1.7.0.
Fixed race condition in io_uring in the Linux kernel.
Updated dev-lang/go to v1.20.3. This resolves CVE-2023-24536,CVE-2023-24537,CVE-2023-24538.
cos-105-17412-1-66
Date | Kernel | Docker | Containerd | GPU Drivers |
Apr 17, 2023 | COS-5.15.90 | v23.0.0 | v1.7.0-beta.1 | v470.182.03(default),v525.105.17 |
Fixed an issue where pstore is not cleaned at boot time if COS metrics are disabled.
Update default driver to 470.182.03. This resolves CVE CVE-2023-0184, CVE-2023-0189, CVE-2023-0180, CVE-2023-0185, CVE-2023-0187, CVE-2023-0198, CVE-2023-0199, CVE-2023-0188, CVE-2023-0190, CVE-2023-0194, CVE-2023-0195, CVE-2023-0191. Also update latest driver to 525.105.17. This resolves CVE-2023-0184, CVE-2023-0189, CVE-2023-0180, CVE-2023-0183, CVE-2023-0185, CVE-2023-0187, CVE-2023-0198, CVE-2023-0199, CVE-2023-0188, CVE-2023-0190, CVE-2023-0194, CVE-2023-0195, CVE-2023-0191.
Fixed CVE-2023-25809 in app-containers/runc.
Fixed CVE-2023-0465, CVE-2023-0466 in dev-libs/openssl.
Fixed CVE-2023-1652 in the Linux kernel.
cos-105-17412-1-61
Date | Kernel | Docker | Containerd | GPU Drivers |
Apr 10, 2023 | COS-5.15.90 | v23.0.0 | v1.7.0-beta.1 | v470.161.03(default),v525.60.13 |
Add support for L4 GPU in cos-gpu-installer and fix cached driver installation for prebuilt driver modules.
Fixed CVE-2023-27561 in app-containers/runc.
Fixed CVE-2023-0464 in dev-libs/openssl.
Upgraded net-misc/openssh package to 9.3. This fixed CVE-2023-28531 in net-misc/openssh.
Fixed CVE-2023-0386 in overlayfs.
cos-105-17412-1-55
Date | Kernel | Docker | Containerd | GPU Drivers |
Apr 03, 2023 | COS-5.15.90 | v23.0.0 | v1.7.0-beta.1 | v470.161.03(default),v525.60.13 |
Promoted M105 to stable.
cos-beta-105-17412-1-55
Date | Kernel | Docker | Containerd | GPU Drivers |
Mar 27, 2023 | COS-5.15.90 | v23.0.0 | v1.7.0-beta.1 | v470.161.03(default),v525.60.13 |
Added warning to stackdriver logging agent to inform users that they are running a deprecated logging agent.
Removed CONFIG_NET_CLS_TCINDEX
kernel config entry.
Updated dev-lang/go to v1.20.2. This resolves CVE-2023-24532.
Updated net-misc/curl to v7.88.1. This resolves CVE-2023-23916.
Fixed CVE-2023-28466 in the Linux kernel.
cos-beta-105-17412-1-44
Date | Kernel | Docker | Containerd | GPU Drivers |
Mar 20, 2023 | COS-5.15.90 | v23.0.0 | v1.7.0-beta.1 | v470.161.03(default),v525.60.13 |
Updated docker to v23.0.0.
Added amd_iommu=off
in the kernel command line to turn off
AMD IOMMU
by default.
Enabled CONFIG_AMD_IOMMU
and CONFIG_AMD_IOMMU_V2
.
Fixed CVE-2023-23931 in dev-python/cryptography
Updated app-editors/vim,app-editors/vim-core to v9.0.1403. This resolves CVE-2022-4292, CVE-2022-4141, CVE-2023-0049, CVE-2023-0433, CVE-2023-0288, CVE-2023-0512, CVE-2023-1127, CVE-2023-1170, CVE-2023-1175, CVE-2023-1355 and CVE-2023-1264.
Fixed CVE-2022-40320 in dev-libs/confuse.
cos-beta-105-17412-1-37
Date | Kernel | Docker | Containerd | GPU Drivers |
Mar 13, 2023 | COS-5.15.90 | v23.0.0rc3 | v1.7.0-beta.1 | v470.161.03(default),v525.60.13 |
Updated containerd to 1.7.0-beta.1.
Allow preloading GPU driver dependencies through cos-extensions for dev-channel images.
Fixed a regression in the Linux kernel that caused listen() to no longer return -EADDRINUSE.
Fixed a use-after-free issue in net/sched in the Linux kernel.
Fixed conntrack issue with random timeouts.
cos-beta-105-17412-1-28
Date | Kernel | Docker | Containerd | GPU Drivers |
Mar 06, 2023 | COS-5.15.90 | v23.0.0rc3 | v1.6.18 | v470.161.03(default),v525.60.13 |
Removed support for Rust symbol demangling in google-breakpad.
Updated app-emulation/containerd to v1.6.18. This resolves CVE-2023-25173 and CVE-2023-25153.
Update dev-go/go-tools to 070db2996ebe3aa00667288f8e5749e867deeb39.
Upgraded dev-lang/go to v1.20.
Installed fluent-bit for stackdriver logging in x86 images.
It can be enabled by the metadata google-logging-use-fluentbit=true
.
See https://cloud.google.com/container-optimized-os/docs/how-to/logging
for more details.
Fix containers losing access to GPUs with error "Failed to initialize NVML: Unknown error"
Updated dev-go/go-sys to v0.5.0.
Update open-iscsi to 2.1.8 to fix CVE-2020-17437
Updated dev-lang/go to v1.20.1. Updated dev-go/net to v0.7.0. This resolves CVE-2022-41723 and CVE-2022-41725.
Fix CVE-2022-4285 in binutils and CVE-2022-4285 in binutils-libs.
Fixed CVE-2022-48303 in app-arch/tar
Fixed CVE-2023-25136 in net-misc/openssh. Also upgraded net-misc/openssh from 9.1 to 9.2.
Fixed CVE-2022-1304 in the sys-fs/e2fsprogs package.
Fixed CVE-2022-2928 and CVE-2022-2929 in net-misc/dhcp.
Fixed CVE-2022-46663 in sys-apps/less.
Fixed CVE-2021-4122 in sys-fs/cryptsetup. Upgraded sys-fs/cryptsetup from 2.3.4 to 2.4.3.
Update net-fs/cifs-utils to v6.15. Fixes CVE-2022-29869, CVE-2021-20208, and CVE-2022-27239 in net-fs/cifs-utils.
Fixed CVE-2021-27291 and CVE-2021-20270 in dev-python/pygments.
Add prebuilt NVIDIA GPU kernel module installation support using the cos-extensions script/ cos-gpu-installer:v2 container.
cos-beta-105-17412-1-2 (vs Milestone 101)
Date | Kernel | Docker | Containerd | GPU Drivers |
Feb 14, 2023 | COS-5.15.90 | v23.0.0rc3 | v1.6.15 | v470.161.03(default),v525.60.13 |
Enabled trusted IMA certificate loading from /etc/ima/pubkey.x509.
Retry starting systemd-networkd permanently in case of failure instead of default limit of 5.
Enabled fluent-bit to use customized configuration.
Moved standalone kubelet runtime to containerd.
Added cni-plugins by default.
Moved containerd default cgroup to systemd.
Added kernel flag to protect stateful partition and support for cryptsetup with AEAD.
Enabled CONFIG_SCHED_CORE and FANOTIFY_ACCESS_PERMISSIONS in the kernel config.
Upgraded Nvidia latest drivers from v510.108.03 to v525.60.13 (OSS).
Updated cos-gpu-installer to v2.0.31. This adds support for gsp_tu10x.bin and gsp_ad10x.bin gsp firmware files and removes the container dependency on python2.
Updated the Linux kernel to v5.15.90.
Updated dev-python/pexpect to v4.8.0.
Updated dev-go/go-tools to v0.1.11.
Upgraded dev-lang/go to v1.19.3.
Updated sys-boot/shim to v15.6.
Upgraded pam to v1.5.2.
Updated libseccomp to v2.5.4.
Upgraded openssh package to v9.1_p1.
Upgraded docker to v23.0.0-rc.3.
Upgraded Python to v3.8 and removed Python 2.
Updated cloud-init to v22.4.
Upgraded nfs-utils to v2.6.2.
Updated built-in kubelet/kubectl to v1.25.5.
Updated localtoast from v1.1.4.3 to v1.1.5.1.
Updated sosreport to v4.4.
Updated sys-apps/apparmor to v3.1.2.
Upgraded systemd to v252.1.
Updated app-emulation/cri-tools to v1.25.0.
Updated stackdriver logging agent to v1.9.9.
Updated app-emulation/docker-credential-helpers to v0.7.0.
Updated sys-apps/shadow to v4.12.3.
Updated sys-apps/makedumpfile to v1.7.2.
Updated app-emulation/runc to v1.1.4.
Updated grub2 to Fedora-38.
Removed Network Time Security support in Chrony.
Updated google-guest-agent to v20220614.00.
Removed the mosys package.
Updated app-admin/sudo to v1.9.12_p1.
Updated app-arch/pigz to v2.7.
Updated app-arch/xz-utils to v5.2.9.
Updated app-editors/vim-core to v9.0.1000.
Updated app-eselect/eselect-awk to v0.4.
Updated app-eselect/eselect-vi to v20221122.
Updated dev-libs/inih to v56-r1.
Updated net-misc/curl to v7.86.0-r3.
Updated sys-apps/file to v5.43-r1.
Updated sys-apps/findutils to v4.9.0-r2.
Updated sys-apps/grep to v3.8-r1.
Updated sys-apps/less to v608-r1.
Updated sys-apps/sed to v4.9.
Updated sys-auth/passwdqc to v2.0.2-r1.
Updated sys-block/thin-provisioning-tools to v0.9.0-r1.
Updated sys-fs/e2fsprogs to v2fsprogs-1.46.5-r4.
Updated sys-libs/libcap to v2.66.
Updated sys-libs/timezone-data to v2022g.
Updated sys-libs/zlib to v1.2.13-r1.
Updated sys-process/lsof to v4.96.4.
Updated virtual/editor to v0-r4.
Fixed an issue where sudo -i
is not working correctly.
Updated x11-libs/pixman to v0.42.2. This resolves CVE-2022-44638.
Fixed CVE-2022-40768 and CVE-2022-43750 in the Linux kernel.
Updated app-arch/libarchive to v3.6.1. This resolves CVE-2022-26280.
Fixed CVE-2022-37454 in dev-lang/python.
Fixed CVE-2023-0054 in vim.
Upgraded vim to v9.0.1000. This fixes CVE-2022-4292.
Fixed CVE-2022-3715 in bash.
Runtime sysctl changes:
- Changed: vm.mmap_rnd_bits: 28 -> 32