Container-Optimized OS Release Notes: Milestone 109

You can see the latest product updates for all of Google Cloud on the Google Cloud page, browse and filter all release notes in the Google Cloud console, or programmatically access release notes in BigQuery.

To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly.

November 18, 2024

cos-109-17800-372-45

Kernel Docker Containerd GPU Drivers
COS-6.1.112 v24.0.9 v1.7.23 See List

Fixed CVE-2024-45310 in app-containers/runc.

Fixed CVE-2024-50010 in the Linux kernel.

Fixed CVE-2024-49959 in the Linux kernel.

Fixed CVE-2024-49954 in the Linux kernel.

Fixed CVE-2024-50110 in the Linux kernel.

Fixed CVE-2024-50138 in the Linux kernel.

Fixed CVE-2024-50115 in the Linux kernel.

Fixed CVE-2024-50131 in the Linux kernel.

November 11, 2024

cos-109-17800-372-38

Kernel Docker Containerd GPU Drivers
COS-6.1.112 v24.0.9 v1.7.23 See List

Fixed CVE-2024-50602 in dev-libs/expat.

Fixed KCTF-2e95c43 in the Linux kernel.

Fixed CVE-2024-50038 in the Linux kernel.

Fixed CVE-2024-50038 in the Linux kernel.

Fixed CVE-2024-50082 in the Linux kernel.

Fixed CVE-2024-50083 in the Linux kernel.

Fixed CVE-2024-50024 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812248 -> 812209

November 06, 2024

cos-109-17800-372-31

Kernel Docker Containerd GPU Drivers
COS-6.1.112 v24.0.9 v1.7.23 See List

Added NVIDIA GPU drivers R560 branch - Update R560, latest driver to v560.35.03.

Updated NVIDIA GPU drivers to v535.216.01 for default/R535 and v550.127.05 for R550 for all GPUs. This resolves CVE-2024-0126.

Fixed CVE-2024-50002 in the Linux kernel.

Fixed CVE-2024-49967 in the Linux kernel.

Fixed CVE-2024-50006 in the Linux kernel.

Fixed CVE-2024-49881 in the Linux kernel.

Fixed CVE-2024-49881 in the Linux kernel.

Fixed CVE-2024-47705 in the Linux kernel.

Fixed CVE-2024-47705 in the Linux kernel.

Fixed CVE-2024-50001 in the Linux kernel.

Fixed CVE-2024-47678 in the Linux kernel.

Fixed CVE-2024-47678 in the Linux kernel.

Fixed CVE-2024-49870 in the Linux kernel.

Fixed CVE-2024-50045 in the Linux kernel.

Fixed CVE-2024-49983 in the Linux kernel.

Fixed CVE-2024-49978 in the Linux kernel.

Fixed CVE-2024-50015 in the Linux kernel.

Fixed CVE-2024-50039 in the Linux kernel.

Fixed CVE-2024-50000 in the Linux kernel.

Fixed CVE-2024-49975 in the Linux kernel.

Fixed CVE-2024-49993 in the Linux kernel.

Fixed CVE-2024-50019 in the Linux kernel.

Fixed CVE-2024-49875 in the Linux kernel.

Fixed CVE-2024-47710 in the Linux kernel.

Fixed CVE-2024-47707 in the Linux kernel.

Fixed CVE-2024-49850 in the Linux kernel.

Fixed CVE-2024-49936 in the Linux kernel.

Fixed CVE-2024-49889 in the Linux kernel.

Fixed CVE-2024-47696 in the Linux kernel.

Fixed CVE-2024-49851 in the Linux kernel.

Fixed CVE-2024-49883 in the Linux kernel.

Fixed CVE-2024-47728 in the Linux kernel.

Fixed CVE-2024-49884 in the Linux kernel.

Fixed CVE-2024-47679 in the Linux kernel.

Fixed CVE-2024-50035 in the Linux kernel.

Fixed CVE-2024-47701 in the Linux kernel.

Fixed CVE-2024-47701 in the Linux kernel.

Fixed CVE-2024-47727 in the Linux kernel.

Fixed CVE-2024-47682 in the Linux kernel.

Fixed CVE-2024-49858 in the Linux kernel.

Fixed CVE-2024-50033 in the Linux kernel.

Fixed CVE-2024-49860 in the Linux kernel.

Fixed CVE-2024-47737 in the Linux kernel.

Fixed CVE-2024-47742 in the Linux kernel.

Fixed CVE-2024-47739 in the Linux kernel.

Fixed CVE-2024-47706 in the Linux kernel.

Fixed CVE-2024-47692 in the Linux kernel.

Fixed CVE-2024-47693 in the Linux kernel.

Fixed CVE-2024-47734 in the Linux kernel.

Fixed CVE-2024-47743 in the Linux kernel.

Fixed CVE-2024-47684 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812253 -> 812248

October 28, 2024

cos-109-17800-372-12

Kernel Docker Containerd GPU Drivers
COS-6.1.112 v24.0.9 v1.7.23 See List

Fixed CVE-2024-47685 in the Linux kernel.

Fixed CVE-2024-38632 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812259 -> 812253

October 24, 2024

cos-109-17800-372-7

Kernel Docker Containerd GPU Drivers
COS-6.1.112 v24.0.9 v1.7.23 See List

Upgraded app-containers/docker-credential-helpers to v0.8.2.

Upgraded app-containers/cni-plugins to v1.5.1.

Upgraded app-containers/docker-credential-gcr to v2.1.23.

Upgraded app-containers/containerd, app-containers/containerd-test to v1.7.20.

Upgraded app-admin/google-guest-configs to v20240725.00.

Upgraded dev-python/jsonpatch to v1.33.

Upgraded dev-python/netifaces to v0.11.0-r2.

Upgraded dev-lang/python-exec to v2.4.10.

Upgraded dev-db/sqlite to v3.46.0.

Upgraded dev-python/six to v1.16.0-r1.

Upgraded sys-libs/libcap-ng to v0.8.5.

Upgraded net-libs/libtirpc to v1.3.4-r3.

Upgraded net-fs/cifs-utils to v7.0-r1, Upgraded sys-libs/talloc to v2.4.2.

Upgraded dev-python/jinja to v3.1.4.

Upgraded sys-libs/libcap to v2.70.

Upgraded app-arch/pigz to v2.8.

Upgraded sys-fs/xfsprogs to v6.8.0.

Upgraded dev-python/pyserial to v3.5-r2.

Upgraded sys-libs/zlib to v1.3.1-r1.

Upgraded dev-python/configobj to v5.0.8.

Upgraded sys-libs/gdbm to v1.24.

Upgraded app-arch/lz4 to v1.10.0-r1.

Upgraded app-arch/unzip to v6.0_p27-r1.

Upgraded dev-libs/nss to v3.103.

Upgraded sys-apps/acl to v2.3.2-r1.

Updated R550, latest driver to v550.90.12.

Upgraded app-arch/libarchive to version 3.7.6. This fixed CVE-2024-48957, CVE-2024-48958.

Runtime sysctl changes:

  • Changed: fs.file-max: 812253 -> 812259

Upgraded app-containers/containerd to 1.7.23.

October 21, 2024

cos-109-17800-309-93

Kernel Docker Containerd GPU Drivers
COS-6.1.100 v24.0.9 v1.7.22 See List

Fixed CVE-2024-44958 in the Linux kernel.

Fixed CVE-2024-43892 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812261 -> 812253

October 14, 2024

cos-109-17800-309-88

Kernel Docker Containerd GPU Drivers
COS-6.1.100 v24.0.9 v1.7.22 See List

Fixed CVE-2024-43853 in the Linux kernel.

Fixed CVE-2024-45003 in the Linux kernel.

Fixed CVE-2024-46848 in the Linux kernel.

Fixed CVE-2024-44965 in the Linux kernel.

Fixed CVE-2024-44970 in the Linux kernel.

Fixed CVE-2024-46829 in the Linux kernel.

Fixed CVE-2024-46855 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812257 -> 812261

October 07, 2024

cos-109-17800-309-84

Kernel Docker Containerd GPU Drivers
COS-6.1.100 v24.0.9 v1.7.22 See List

Update R535, default driver to v535.183.06.

Updated the GPU installer to v2.4.1.

Upgraded nvidia-container-toolkit to v1.16.2. Fixed CVE-2024-0132 and CVE-2024-0133.

Fixed CVE-2024-46744 in the Linux kernel.

Fixed CVE-2024-46750 in the Linux kernel.

September 30, 2024

cos-109-17800-309-77

Kernel Docker Containerd GPU Drivers
COS-6.1.100 v24.0.9 v1.7.22 See List

Upgraded app-admin/google-guest-configs to v20240725.00.

Fixed A3 Edge VM names in google guest agent configs.

Updated cos-gpu-installer to v2.4.0. It identifies GPU drivers before installation.

Fixed CVE-2024-46763 in the Linux kernel.

Fixed CVE-2024-46679 in the Linux kernel.

Fixed CVE-2024-46721 in the Linux kernel

Fixed CVE-2024-46800 in the Linux kernel

Fixed CVE-2024-46743 in the Linux kernel

Fixed CVE-2024-46738 in the Linux kernel

September 23, 2024

cos-109-17800-309-69

Kernel Docker Containerd GPU Drivers
COS-6.1.100 v24.0.9 v1.7.22 See List

Updated net-misc/curl to 8.10.0.

Fixed CVE-2024-43817 in the Linux kernel

Fixed CVE-2024-44947 in the Linux kernel

Fixed CVE-2024-45025 in the Linux kernel

Fixed CVE-2024-41012 in the Linux kernel

Fixed CVE-2024-45018 in the Linux kernel

Fixed CVE-2024-45022 in the Linux kernel

Fixed CVE-2024-45021 in the Linux kernel

Fixed CVE-2024-44940 in the Linux kernel

Fixed CVE-2024-46686 in the Linux kernel

Runtime sysctl changes:

  • Changed: fs.file-max: 812257 -> 812253

September 16, 2024

cos-109-17800-309-59

Kernel Docker Containerd GPU Drivers
COS-6.1.100 v24.0.9 v1.7.22 See List

Updated app-containers/containerd to v1.7.22.

Updated dev-lang/python to 3.8.19_p1. This fixes

Fixed CVE-2023-27043 in dev-lang/python.

Fixed CVE-2024-7592 in dev-lang/python.

Fixed CVE-2024-6232 in dev-lang/python.

Fixed CVE-2024-6119 in net-libs/openssl.

Updated dev-libs/expat to v2.6.3. This fixed CVE-2024-45492, CVE-2024-45490, CVE-2024-45491.

Fixed CVE-2024-44983 in the Linux kernel

Fixed CVE-2024-43893 in the Linux kernel

Fixed CVE-2024-44944 in the Linux kernel

Fixed CVE-2024-43871 in the Linux kernel

Fixed CVE-2024-44989 in the Linux kernel

Fixed CVE-2024-44990 in the Linux kernel

Fixed CVE-2024-45000 in the Linux kernel

Fixed CVE-2024-42307 in the Linux kernel

Fixed CVE-2024-43914 in the Linux kernel

Fixed CVE-2024-43873 in the Linux kernel

Fixed CVE-2024-42302 in the Linux kernel

Fixed CVE-2024-43882 in the Linux kernel

Fixed CVE-2024-44985 in the Linux kernel

Fixed CVE-2024-44986 in the Linux kernel

Runtime sysctl changes:

  • Changed: fs.file-max: 812274 -> 812257

September 09, 2024

cos-109-17800-309-46

Kernel Docker Containerd GPU Drivers
COS-6.1.100 v24.0.9 v1.7.21 See List

Updated app-containers/containerd to 1.7.21.

Upgraded app-containers/containerd to v1.7.20, Upgraded app-containers/containerd-test to v1.7.20.

Fixes CVE-2023-7256 in net-libs/libpcap.

Fixes CVE-2024-44987 in the Linux kernel.

Fixes CVE-2024-43889 in the Linux kernel.

Fixes CVE-2024-42302 in the Linux kernel.

Fixes CVE-2024-41057 in the linux kernel.

Fixes CVE-2024-43837 in the Linux kernel.

Fixes CVE-2024-43855 in the Linux kernel.

Fixes CVE-2024-41076 in the Linux kernel.

Fixes CVE-2024-42316 in the Linux kernel

Fixes CVE-2024-43828 in the Linux kernel.

Fixes CVE-2024-43856 in the Linux kernel.

Fixes CVE-2024-41073 in the Linux kernel.

Fixes CVE-2024-44934 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812248 -> 812274

September 03, 2024

cos-109-17800-309-33

Kernel Docker Containerd GPU Drivers
COS-6.1.100 v24.0.9 v1.7.19 See List

Fixed CVE-2024-37370, CVE-2024-37371 in app-crypt/mit-krb5.

Updated app-editors/vim, app-editors/vim-core to version 9.1.0686. This fixed CVE-2023-46246, CVE-2024-41957, CVE-2024-41965.

Fixed CVE-2024-41058 in the Linux kernel.

Fixed CVE-2024-41058 in the Linux kernel.

Fixed CVE-2024-43854 in the Linux kernel.

Fixed CVE-2024-43854 in the Linux kernel.

Fixed CVE-2024-43854 in the Linux kernel.

Fixed CVE-2024-41098 in the Linux kernel.

Fixed CVE-2024-42270 in the Linux kernel.

Fixed CVE-2023-52889 in the Linux kernel.

Fixed CVE-2024-42283 in the Linux kernel.

Fixed CVE-2024-42268 in the Linux kernel.

Fixed CVE-2024-42269 in the Linux kernel.

Fixed CVE-2024-42285 in the Linux kernel.

Fixed KCTF-c07ff85 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812259 -> 812248

August 26, 2024

cos-109-17800-309-24

Kernel Docker Containerd GPU Drivers
COS-6.1.100 v24.0.9 v1.7.19 See List

Updated google-osconfig-agent to v20240822.00.

August 20, 2024

cos-109-17800-309-20

Kernel Docker Containerd GPU Drivers
COS-6.1.100 v24.0.9 v1.7.19 See List

Fixed CVE-2024-6602 in dev-libs/nss.

Downgraded setuptools to v65.6.3. Cherry-picked upstream fix for CVE-2024-6345.

Runtime sysctl changes:

  • Added: vm.unprivileged_userfaultfd: 0
  • Changed: fs.file-max: 812257 -> 812229
  • Changed: net.ipv4.tcp_rto_min_us: 200000 -> 5000

August 12, 2024

cos-109-17800-309-13

Kernel Docker Containerd GPU Drivers
COS-6.1.100 v24.0.9 v1.7.19 v535.183.01(default),v550.90.07(latest),v470.256.02(R470 for compatibility with K80 GPUs)

Upgraded sys-apps/less to v661.

Downgraded sys-apps/ethtool to v6.3.

Updated dev-libs/openssl to version 3.0.14 and added patch for CVE-2024-5535. This fixed CVE-2024-2511, CVE-2024-4603, CVE-2024-4741, CVE-2024-5535.

Updated net-misc/curl to version 8.9.1. This fixed CVE-2024-7264.

Fixed CVE-2024-39472 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812261 -> 812257

August 06, 2024

cos-109-17800-309-7

Kernel Docker Containerd GPU Drivers
COS-6.1.100 v24.0.9 v1.7.19 v535.183.01(default),v550.90.07(latest),v470.256.02(R470 for compatibility with K80 GPUs)

Upgraded app-admin/google-guest-configs to 20240607.00.

Upgraded app-containers/containerd to 1.7.19.

Upgraded sys-auth/pambase to v20240128.

Upgraded app-containers/docker, app-containers/docker-test, app-containers/docker-cli to v24.0.9.

Upgraded app-containers/docker-credential-gcr to v2.1.22.

Upgraded app-containers/docker-credential-helpers to v0.8.1.

Upgraded app-containers/cni-plugins to v1.4.1.

Upgraded net-misc/rsync to v3.2.7-r5.

Enabled the feature to utilize the gpu_driver_versions proto file for controlling the specific GPU driver version to be installed for each GPU type.

Upgraded cos-gpu-installer to v2.3.5 - Improved error messaging for incompatible GPU driver input.

Removed crash-reporter KVM support.

Removed dev-go/grpc.

Upgraded curl to v8.9.0. This fixes CVE-2024-6197.

Upgraded dev-python/setuptools to v70.3.0. This fixes CVE-2024-6345.

Fixed CVE-2021-36084, CVE-2021-36085, CVE-2021-36086, CVE-2021-36087 in sys-libs/libsepol.

Runtime sysctl changes:

  • Added: net.core.mem_pcpu_rsv: 256

July 30, 2024

cos-109-17800-218-88

Kernel Docker Containerd GPU Drivers
COS-6.1.85 v24.0.9 v1.7.15 v535.183.01(default),v550.90.07(latest),v470.256.02(R470 for compatibility with K80 GPUs)

Upgraded app-arch/libarchive to version 3.7.4. This fixes CVE-2024-26256.

Fixed CVE-2024-39894.

Fixed CVE-2024-36891 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812285 -> 812261

July 22, 2024

cos-109-17800-218-83

Kernel Docker Containerd GPU Drivers
COS-6.1.85 v24.0.9 v1.7.15 v535.183.01(default),v550.90.07(latest),v470.256.02(R470 for compatibility with K80 GPUs)

Disable NVIDIA persistence mode with -no-verify flag

Fixed CVE-2024-38662 in the Linux kernel

Fixed CVE-2024-39482 in the Linux kernel

Fixed CVE-2024-39474 in the Linux kernel

Fixed CVE-2024-39476 in the Linux kernel

July 15, 2024

cos-109-17800-218-76

Kernel Docker Containerd GPU Drivers
COS-6.1.85 v24.0.9 v1.7.15 v535.183.01(default),v550.90.07(latest),v470.256.02(R470 for compatibility with K80 GPUs)

Upgraded app-editors/vim to v9.1.0470, Upgraded app-editors/vim-core to v9.1.0470.

Upgraded sys-apps/grep to v3.11-r1.

Upgraded sys-apps/dmidecode to v3.6.

Upgraded net-misc/rsync to v3.2.7-r4.

Upgraded sys-apps/ethtool to v6.9.

Upgraded sys-apps/attr to v2.5.2-r1.

Upgraded net-dns/libidn2 to v2.3.7.

Upgraded sys-apps/sed to v4.9-r1.

Upgraded app-admin/logrotate to v3.22.0.

Upgraded sys-block/thin-provisioning-tools to v0.9.0-r4.

Upgraded sys-process/lsof to v4.99.3.

Upgraded sys-apps/file to v5.45-r4.

Upgraded dev-libs/libusb to v1.0.27-r1.

Upgraded net-misc/curl to v8.8.0-r1.

Updated cos-gpu-installer to v2.3.5 - Improved error messaging for incompatible GPU driver input.

Added the package revision number to the SSH banner in net-misc/openssh.

Updated net-misc/wget to version 1.24.5. This fixed CVE-2024-38428.

Fixed CVE-2024-36978 in the Linux kernel.

July 01, 2024

cos-109-17800-218-69

Kernel Docker Containerd GPU Drivers
COS-6.1.85 v24.0.9 v1.7.15 v535.183.01(default),v550.90.07(latest),v470.256.02(R470 for compatibility with K80 GPUs)

Fixed CVE-2024-35195 in dev-python/requests.

Fixed CVE-2024-36901 in the Linux kernel.

Runtime sysctl changes:

  • Added: net.ipv4.tcp_rto_min_us: 200000
  • Changed: fs.file-max: 812261 -> 812270

Fixed CVE-2024-6387 in net-misc/openssh.

June 24, 2024

cos-109-17800-218-62

Kernel Docker Containerd GPU Drivers
COS-6.1.85 v24.0.9 v1.7.15 v535.183.01(default),v550.90.07(latest),v470.256.02(R470 for compatibility with K80 GPUs)

Runtime sysctl changes:

  • Changed: fs.file-max: 812259 -> 812261

Fixed a crash in the Linux kernel.

June 18, 2024

cos-109-17800-218-61

Kernel Docker Containerd GPU Drivers
COS-6.1.85 v24.0.9 v1.7.15 v535.183.01(default),v550.90.07(latest),v470.256.02(R470 for compatibility with K80 GPUs)

Update R550, latest driver to v550.90.07.This fixes CVE‑2024‑0090, CVE‑2024‑0091, CVE‑2024‑0092 Update R535, default driver to v535.183.01.This fixes CVE‑2024‑0090, CVE‑2024‑0092 Update R470 to v470.256.02.This fixes CVE‑2024‑0090, CVE‑2024‑0092

Upgraded app-arch/lz4 to 1.9.4. Fixes CVE-2021-3520.

Fixes CVE-2024-36902 in the Linux kernel.

Fixes CVE-2024-36938 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812271 -> 812259

June 11, 2024

cos-109-17800-218-52

Kernel Docker Containerd GPU Drivers
COS-6.1.85 v24.0.9 v1.7.15 v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs)

Fixed a performance issue observed in some Postgres databases.

Updated cos-gpu-installer to v2.3.4 - This fixes CVEs: CVE-2023-29402, CVE-2023-29405, CVE-2023-29404, CVE-2023-24540, CVE-2023-24538, CVE-2022-41721, GHSA-m425-mq94-257g, CVE-2022-41715, CVE-2022-30633, CVE-2022-41724, CVE-2022-2880, CVE-2022-30631, CVE-2021-29923, CVE-2022-24675, CVE-2022-30580, CVE-2022-41723, CVE-2023-24534, CVE-2022-41725, CVE-2022-2879, CVE-2023-24539, CVE-2022-30635, CVE-2023-45285, CVE-2022-32149, CVE-2023-24537, CVE-2022-32189, CVE-2022-28131, CVE-2023-39323, CVE-2022-28327, CVE-2022-30630, CVE-2023-44487, CVE-2023-39325, CVE-2022-27664, CVE-2023-45287, CVE-2023-29400, CVE-2023-24536, CVE-2023-29403, CVE-2022-30632, CVE-2023-39318, CVE-2020-29511, CVE-2024-24786, CVE-2023-3978, CVE-2022-41717, CVE-2022-32148, CVE-2023-39326, CVE-2023-45288, CVE-2022-1962, CVE-2023-24532, CVE-2023-39319, CVE-2022-1705, CVE-2020-29509, CVE-2023-29406, CVE-2023-29409, CVE-2022-30629

Runtime sysctl changes:

  • Changed: fs.file-max: 812253 -> 812271

June 10, 2024

cos-109-17800-218-50

Kernel Docker Containerd GPU Drivers
COS-6.1.85 v24.0.9 v1.7.15 v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs)

Fixed frequent restarts in fluent-bit stackdriver plugin.

Updated cos-gpu-installer to v2.3.3. This resolves potential synchronization issues and ensures proper cleanup of mounts in GPU driver installation directory configuration.

Fixed CVE-2024-26987, CVE-2024-27020, CVE-2024-27014, CVE-2024-27022, CVE-2024-27019 ,CVE-2024-27013, CVE-2024-36008, CVE-2024-27018 ,CVE-2024-27016 and CVE-2024-27015 in the Linux kernel

Runtime sysctl changes:

  • Changed: fs.file-max: 812257 -> 812253

June 03, 2024

cos-109-17800-218-44

Kernel Docker Containerd GPU Drivers
COS-6.1.85 v24.0.9 v1.7.15 v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs)

Updated cos-gpu-installer to v2.3.2.

Fixed CVE-2024-34459 in the libxml2 package.

Fixed a bug in auto update engine when confidential VMs are enabled.

May 28, 2024

cos-109-17800-218-37

Kernel Docker Containerd GPU Drivers
COS-6.1.85 v24.0.9 v1.7.15 v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs)

Improved boot time on A3 machines by around 5 seconds.

Fixed CVE-2024-21626 in runc in kubelet.

Updated dev-vcs/git to v2.45.1. This resolves CVE-2024-32002, CVE-2024-32020, CVE-2024-32465, CVE-2024-32004, CVE-2024-32021.

Runtime sysctl changes:

  • Changed: fs.file-max: 812597 -> 812196

May 20, 2024

cos-109-17800-218-32

Kernel Docker Containerd GPU Drivers
COS-6.1.85 v24.0.9 v1.7.15 v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs)

Updated cos-gpu-installer to v2.3.1.

Upgraded sys-apps/less to v643-r2.

Upgraded app-eselect/eselect-iptables to v20220320.

Upgraded sys-libs/timezone-data to v2024a-r1.

Upgraded app-editors/vim to v9.1.0366, Upgraded app-editors/vim-core to v9.1.0366.

May 13, 2024

cos-109-17800-218-26

Kernel Docker Containerd GPU Drivers
COS-6.1.85 v24.0.9 v1.7.15 v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs)

Uprev GPU driver version to v470.239.06.

Fixed CVE-2024-26900 in the Linux kernel.

May 06, 2024

cos-109-17800-218-20

Kernel Docker Containerd GPU Drivers
COS-6.1.85 v24.0.9 v1.7.15 v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs)

Upgraded sys-apps/makedumpfile to v1.7.5.

Upgraded app-admin/node-problem-detector to v0.8.18.

Updated cos-gpu-installer to v2.3.0.

Fixed CVE-2023-0687, CVE-2024-2961, CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602 in sys-libs/glibc.

Updated net-dns/c-ares to v1.27. This fixed CVE-2024-25629.

Fixed CVE-2023-32681 in dev-python/requests.

April 30, 2024

cos-109-17800-218-14

Kernel Docker Containerd GPU Drivers
COS-6.1.85 v24.0.9 v1.7.15 v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs)

Updated app-containers/containerd to v1.7.15.

Set serial port baudrate to 115200.

Included nvidia plugin in sosreport.

Updated cos-gpu-installer to v2.1.11. Added major version specification for GPU driver installation.

Fixed CVE-2023-4641 in sys-apps/shadow.

Fixed CVE-2023-50387, CVE-2023-50868, CVE-2023-7008 in sys-apps/systemd.

Fixed CVE-2023-0767, CVE-2023-5388, CVE-2023-6135, CVE-2024-0743 in dev-libs/nss.

Fixed CVE-2024-3772 in dev-python/pydantic.

Updated dev-python/pyyaml to v6.0.1. This fixed CVE-2017-18342, CVE-2019-20477, CVE-2020-14343, CVE-2020-1747.

Updated dev-vcs/git to v2.44.0 This fixed CVE-2023-22490, CVE-2023-23946, CVE-2023-25652, CVE-2023-25815, CVE-2023-29007.

Updated net-misc/curl to v8.7.1. This fixed CVE-2024-2004, CVE-2024-2379, CVE-2024-2398, CVE-2024-2466.

Updated dev-libs/expat to v2.6.2. This fixed CVE-2023-52425, CVE-2023-52426, CVE-2024-28757.

Updated app-admin/sudo to v1.9.15_p5. This fixed CVE-2023-42465.

Fixed CVE-2024-28182 in net-libs/nghttp2.

Fixed CVE-2024-26808 in the Linux kernel.

Fixed CVE-2024-26642 in the Linux kernel.

Fixed CVE-2024-26642,CVE-2024-26643 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812605 -> 812597
  • Changed: kernel.threads-max: 63520 -> 63519
  • Changed: net.ipv4.tcp_mem: 94092 125456 188184 -> 94089 125455 188178
  • Changed: net.ipv4.udp_mem: 188184 250912 376368 -> 188181 250911 376362
  • Changed: user.max_cgroup_namespaces: 31760 -> 31759
  • Changed: user.max_ipc_namespaces: 31760 -> 31759
  • Changed: user.max_mnt_namespaces: 31760 -> 31759
  • Changed: user.max_net_namespaces: 31760 -> 31759
  • Changed: user.max_pid_namespaces: 31760 -> 31759
  • Changed: user.max_time_namespaces: 31760 -> 31759
  • Changed: user.max_user_namespaces: 31760 -> 31759
  • Changed: user.max_uts_namespaces: 31760 -> 31759

Fixed issues with the SRSO vulnerability mitigation (CVE-2023-20569). This fix might negatively impact the performance of your workloads on AMD machine types.

April 15, 2024

cos-109-17800-147-60

Kernel Docker Containerd GPU Drivers
COS-6.1.75 v24.0.9 v1.7.13 v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs)

Updated NVIDIA GPU drivers to v550.54.15. Fixed a potential corruption when launching kernels on H100 GPUs, which is more likely to occur when the GPU is shared between multiple processes.

Updated NVIDIA GPU drivers to v535.161.08. Fixed a potential corruption when launching kernels on H100 GPUs.

April 01, 2024

cos-109-17800-147-54

Kernel Docker Containerd GPU Drivers
COS-6.1.75 v24.0.9 v1.7.13 v535.161.07(default),v550.54.14(latest),v470.239.06(R470 for compatibility with K80 GPUs)

Updated app-containers/nvidia-container-toolkit to v1.14.6.

Upgraded localtoast to v1.1.7 and opted out of logging-service-running benchmark by default for cis-level2.

Upgraded sys-apps/makedumpfile to v1.7.4.

Upgraded app-admin/fluent-bit to v1.9.10.

Upgraded app-admin/node-problem-detector to v0.8.17.

Upgraded net-misc/chrony to v4.5.

Added NVIDIA GPU drivers R550 branch and update latest to 550.54.14.

Fixed a bug in google-guest-agent service enablement.

Fixed CVE-2024-26584 in the Linux kernel.

Fixed CVE-2024-26585 in the Linux kernel.

March 27, 2024

cos-109-17800-147-41

Kernel Docker Containerd GPU Drivers
COS-6.1.75 v24.0.9 v1.7.13 v535.161.07(default, latest),v470.239.06(R470 for compatibility with K80 GPUs)

Fixed CVE-2023-52434 in the Linux kernel.

Fixed CVE-2024-26583 in the Linux kernel.

Fixed CVE-2024-26582 in the Linux kernel.

Fixed CVE-2023-52435 in the Linux kernel.

March 20, 2024

cos-109-17800-147-38

Kernel Docker Containerd GPU Drivers
COS-6.1.75 v24.0.9 v1.7.13 v535.161.07(default, latest),v470.239.06(R470 for compatibility with K80 GPUs)

Added support for iSCSI targets and RAM block devices.

Updated app-editors/vim to 9.0.2167. This fixed CVE-2023-48231, CVE-2023-48232, CVE-2023-48233, CVE-2023-48234, CVE-2023-48235, CVE-2023-48236, CVE-2023-48237, CVE-2023-48706, CVE-2024-22667.

March 11, 2024

cos-109-17800-147-33

Kernel Docker Containerd GPU Drivers
COS-6.1.75 v24.0.9 v1.7.13 v535.161.07(default, latest),v470.239.06(R470 for compatibility with K80 GPUs)

Updated cos-gpu-installer to v2.2.1. Fixed cached driver installation error with network disabled. Added force-fallback flag, major version specification for GPU driver installation and fixed ordering of kernel module loading for nvidia-modeset and nvidia-drm

Updated NVIDIA GPU drivers to v470.239.06 and v535.161.07. This fixes CVE‑2024‑0074, CVE-2024-0075 and CVE-2022-42265.

March 06, 2024

cos-109-17800-147-28

Kernel Docker Containerd GPU Drivers
COS-6.1.75 v24.0.9 v1.7.13 v535.154.05 (default),v535.154.05(latest),v470.223.02(R470 for compatibility with K80 GPUs)

Fixed CVE-2024-23851 in the Linux kernel.

February 27, 2024

cos-109-17800-147-22

Kernel Docker Containerd GPU Drivers
COS-6.1.75 v24.0.9 v1.7.13 v535.154.05 (default),v535.154.05(latest),v470.223.02(R470 for compatibility with K80 GPUs)

Upgraded Docker to v24.0.9. This fixes CVE-2024-24557.

Fixed CVE-2024-0684 in sys-apps/coreutils.

Fixed CVE-2024-26581 in the Linux kernel.

February 20, 2024

cos-109-17800-147-15

Kernel Docker Containerd GPU Drivers
COS-6.1.75 v24.0.5 v1.7.13 v535.154.05 (default),v535.154.05(latest),v470.223.02(R470 for compatibility with K80 GPUs)

Updated app-containers/containerd to v1.7.13.

Upgraded net-misc/curl to v8.6.0. This fixes CVE-2024-0853.

Updated dev-libs/libxml2 to v2.11.7. This fixes CVE-2024-25062.

February 12, 2024

cos-109-17800-147-9

Kernel Docker Containerd GPU Drivers
COS-6.1.75 v24.0.5 v1.7.10 v535.154.05 (default),v535.154.05(latest),v470.223.02(R470 for compatibility with K80 GPUs)

This is an LTS Refresh Release.

Update default NVIDIA GPU drivers to 535.154.05.

Updated cos-gpu-installer to v2.1.10.

Backported support for TCP RTO configuration in networkd.

Fixed CVE-2023-40546, CVE-2023-40547, CVE-2023-40548, CVE-2023-40549, CVE-2023-40550 and CVE-2023-40551 in sys-boot/shim.

Updated dev-libs/openssl to v3.0.13. This resolves CVE-2024-0727 and CVE-2023-6129.

Fixed CVE-2024-1086 in the linux kernel.

Runtime sysctl changes:

  • Added: net.ipv4.tcp_backlog_ack_defer: 1
  • Added: net.ipv4.tcp_shrink_window: 0
  • Changed: fs.file-max: 812608 -> 812605
  • Changed: net.core.optmem_max: 20480 -> 131072
  • Changed: net.ipv6.route.max_size: 4096 -> 2147483647
  • Changed: vm.lowmem_reserve_ratio: 256 256 32 0 -> 256 256 32 0 0

Fragmented nvidia-drivers and nvidia-drivers-open pkg into separate packages per major version.

February 05, 2024

cos-109-17800-66-81

Kernel Docker Containerd GPU Drivers
COS-6.1.58 v24.0.5 v1.7.10 v535.129.03(default),v535.154.05(latest),v470.223.02(R470 for compatibility with K80 GPUs)

Update latest NVIDIA GPU driver to v535.154.05.

Fixed CVE-2023-6531 in the Linux kernel.

Fixed CVE-2024-0607 in the Linux kernel.

January 31, 2024

cos-109-17800-66-78

Kernel Docker Containerd GPU Drivers
COS-6.1.58 v24.0.5 v1.7.10 v535.129.03(default, latest),v470.223.02(R470 for compatibility with K80 GPUs)

Added kernel compatibility with iptables-nft.

Upgraded dev-python/jinja to v3.1.3. This resolves CVE-2024-22195.

Fixed CVE-2024-21626 in app-containers/runc.

Fixed CVE-2024-0646 in the Linux kernel.

Fixed CVE-2023-6915 in the Linux kernel.

Fixed CVE-2024-0565 in the Linux kernel.

Fixed CVE-2024-0193 in the Linux kernel.

Runtime sysctl changes:

  • Added: net.netfilter.nf_flowtable_tcp_timeout: 30
  • Added: net.netfilter.nf_flowtable_udp_timeout: 30

January 22, 2024

cos-109-17800-66-65

Kernel Docker Containerd GPU Drivers
COS-6.1.58 v24.0.5 v1.7.10 v535.129.03(default, latest),v470.223.02(R470 for compatibility with K80 GPUs)

Fixed a performance issue observed in Postgres databases.

January 16, 2024

cos-109-17800-66-58

Kernel Docker Containerd GPU Drivers
COS-6.1.58 v24.0.5 v1.7.10 v535.129.03(default, latest),v470.223.02(R470 for compatibility with K80 GPUs)

Upgraded dev-db/sqlite to v3.44.2-r2. This fixes CVE-2023-7104.

January 08, 2024

cos-109-17800-66-57

Kernel Docker Containerd GPU Drivers
COS-6.1.58 v24.0.5 v1.7.10 v535.129.03(default, latest),v470.223.02(R470 for compatibility with K80 GPUs)

Updated net-misc/openssh to v9.6_p1-r1.

Upgraded dev-go/crypto to v0.17.0. This fixes CVE-2023-48795.

Upgraded sys-apps/dbus to v1.12.28. This fixes CVE-2023-34969.

January 02, 2024

cos-109-17800-66-54

Kernel Docker Containerd GPU Drivers
COS-6.1.58 v24.0.5 v1.7.10 v535.129.03(default, latest),v470.223.02(R470 for compatibility with K80 GPUs)

Updated docker-credential-gcr to v2.1.21.

Fixed a performance issue that was observed in Postgres databases.

Updated dev-lang/go to v1.21.5. This resolves CVE-2023-45285 and CVE-2023-39326.

Updated net-misc/curl to v8.5.0. This resolves CVE-2023-46218.

Fixed CVE-2023-6817 in the Linux kernel.

Fixed CVE-2023-6931 in the Linux kernel.

Fixed CVE-2023-6932 in the Linux kernel.

December 19, 2023

cos-109-17800-66-43

Kernel Docker Containerd GPU Drivers
COS-6.1.58 v24.0.5 v1.7.10 v535.129.03(default, latest),v470.223.02(R470 for compatibility with K80 GPUs)

Updated app-containers/containerd to 1.7.10.

Fixed a container performance issue that occurred after running systemctl start cloud-audit-setup.

Fixed a kernel crash that occurred when running Postgres databases.

Fixed CVE-2023-49083 in package dev-python/cryptography.

Fixed CVE-2023-6622 in the Linux kernel.

December 11, 2023

cos-109-17800-66-33

Kernel Docker Containerd GPU Drivers
COS-6.1.58 v24.0.5 v1.7.7 v535.129.03(default, latest),v470.223.02(R470 for compatibility with K80 GPUs)

Fixed CVE-2023-6111 in the Linux kernel.

November 29, 2023

cos-109-17800-66-32

Kernel Docker Containerd GPU Drivers
COS-6.1.58 v24.0.5 v1.7.7 v535.129.03(default, latest),v470.223.02(R470 for compatibility with K80 GPUs)

Updated NVIDIA GPU drivers. This resolves CVE-2023-31022.

Updated dev-libs/openssl to v3.0.12. This resolves CVE-2023-5363 and CVE-2023-5678.

Updated dev-libs/libxml2 to v2.11.5. This resolves CVE-2023-45322.

Fixed CVE-2023-5090 in the linux kernel.

November 15, 2023

cos-109-17800-66-27

Kernel Docker Containerd GPU Drivers
COS-6.1.58 v24.0.5 v1.7.7 v535.104.12(default, latest),v470.199.02(R470 for compatibility with K80 GPUs)

Updated dev-lang/go to v1.21.3. This resolves CVE-2023-44487 and CVE-2023-39325.

Updated dev-go/net to v0.17.0. This fixes CVE-2023-44487 and CVE-2023-39325.

Updated app-editors/vim,app-editors/vim-core to v9.0.2092. This resolves CVE-2023-4733, CVE-2023-4734, CVE-2023-4735, CVE-2023-4736, CVE-2023-4738, CVE-2023-4750, CVE-2023-4752, CVE-2023-4781, CVE-2023-5344, CVE-2023-5441, CVE-2023-5535.

Updated net-libs/nghttp2 to v1.57.0. This resolves CVE-2023-44487 and CVE-2023-35945.

Fixed CVE-2023-46813 in the Linux kernel.

Fixed CVE-2023-46862 in the Linux kernel.

November 14, 2023

cos-109-17800-66-27

Kernel Docker Containerd GPU Drivers
COS-6.1.58 v24.0.5 v1.7.7 v535.104.12(default, latest),v470.199.02(R470 for compatibility with K80 GPUs)

Update dev-lang/go to 1.21.3. This resolves CVE-2023-44487 and CVE-2023-39325.

Updated dev-go/net to v0.17.0. This fixes CVE-2023-44487 and CVE-2023-39325.

Updated app-editors/vim,app-editors/vim-core to v9.0.2092. This resolves CVE-2023-4733, CVE-2023-4734, CVE-2023-4735, CVE-2023-4736, CVE-2023-4738, CVE-2023-4750, CVE-2023-4752, CVE-2023-4781, CVE-2023-5344, CVE-2023-5441, CVE-2023-5535.

Updated net-libs/nghttp2 to v1.57.0. This resolves CVE-2023-44487 and CVE-2023-35945.

Fixed CVE-2023-46813 in the Linux kernel.

Fixed CVE-2023-46862 in the Linux kernel.

November 07, 2023

cos-109-17800-66-19

Kernel Docker Containerd GPU Drivers
COS-6.1.58 v24.0.5 v1.7.7 v535.104.12(default, latest),v470.199.02(R470 for compatibility with K80 GPUs)

Updated google-guest-configs to 20230929.00.

Fixed CVE-2023-5717 in the Linux kernel.

October 30, 2023

cos-109-17800-66-15

Kernel Docker Containerd GPU Drivers
COS-6.1.58 v24.0.5 v1.7.7 v535.104.12(default, latest),v470.199.02(R470 for compatibility with K80 GPUs)

This is an LTS Refresh Release

Updated the Linux kernel to v6.1.58.

Updated app-containers/containerd to v1.7.7.

Updated default and latest NVIDIA GPU drivers to v535.104.12.

Updated dev-lang/go to v1.21.2. This resolves CVE-2023-39323.

Upgraded net-misc/curl to v8.4.0. This resolves CVE-2023-38545.

Fixed CVE-2023-4244 in the Linux kernel.

Enable portmapper registration reporting for lsof. This also fixes an issue where lsof is missing from SOS reports.

Restore systemd-logind restart behavior when dbus restarts.

Runtime sysctl changes:

  • Added: net.ipv6.conf.all.accept_ra_min_lft: 0
  • Added: net.ipv6.conf.default.accept_ra_min_lft: 0
  • Added: net.ipv6.conf.docker0.accept_ra_min_lft: 0
  • Added: net.ipv6.conf.eth0.accept_ra_min_lft: 0
  • Added: net.ipv6.conf.lo.accept_ra_min_lft: 0
  • Changed: fs.file-max: 812619 -> 812608
  • Changed: kernel.threads-max: 63519 -> 63520
  • Changed: net.netfilter.nf_conntrack_sctp_timeout_shutdown_recd: 0 -> 3
  • Changed: net.netfilter.nf_conntrack_sctp_timeout_shutdown_sent: 0 -> 3
  • Changed: user.max_cgroup_namespaces: 31759 -> 31760
  • Changed: user.max_ipc_namespaces: 31759 -> 31760
  • Changed: user.max_mnt_namespaces: 31759 -> 31760
  • Changed: user.max_net_namespaces: 31759 -> 31760
  • Changed: user.max_pid_namespaces: 31759 -> 31760
  • Changed: user.max_time_namespaces: 31759 -> 31760
  • Changed: user.max_user_namespaces: 31759 -> 31760
  • Changed: user.max_uts_namespaces: 31759 -> 31760

October 11, 2023

cos-109-17800-0-51

Kernel Docker Containerd GPU Drivers
COS-6.1.42 v24.0.5 v1.7.2 v535.104.05(default, latest),v470.199.02(R470 for compatibility with K80 GPUs)

Fixed CVE-2023-38039 in net-misc/curl.

Fixed CVE-2023-5197 in the Linux kernel.

October 03, 2023

cos-109-17800-0-47

Kernel Docker Containerd GPU Drivers
COS-6.1.42 v24.0.5 v1.7.2 v535.104.05(default),v470.199.02(R470)

Updated cos-gpu-installer to v2.1.9.

Fixed CVE-2023-42753 in the Linux kernel.

September 27, 2023

cos-109-17800-0-45

Kernel Docker Containerd GPU Drivers
COS-6.1.42 v24.0.5 v1.7.2 v535.104.05(default, latest),v470.199.02(R470 for K80 compatibility)

Promoted to stable.

September 26, 2023

cos-beta-109-17800-0-45

Kernel Docker Containerd GPU Drivers
COS-6.1.42 v24.0.5 v1.7.2 v535.104.05(default),v470.199.02(R470)

Fixed an issue where IPv6 networking would fail under high CPU load.

Fixed CVE-2023-40217 in the dev-lang/python package.

Updated dev-lang/go to 1.21.1. This fixes CVE-2023-39318 and CVE-2023-39319.

Fixed CVE-2023-4921 in the Linux kernel.

Fixed CVE-2023-4569 in the Linux kernel.

September 18, 2023

cos-beta-109-17800-0-37

Kernel Docker Containerd GPU Drivers
COS-6.1.42 v24.0.5 v1.7.2 v535.104.05(default),v470.199.02(R470)

Updated cos-gpu-installer to v2.1.8.

Fixed an issue where symlinks could not be moved.

Fixed an issue with NFS reconnects on GKE.

Fixed CVE-2023-4015, CVE-2023-4622, CVE-2023-4623 in the kernel.

September 11, 2023

cos-beta-109-17800-0-32

Kernel Docker Containerd GPU Drivers
COS-6.1.42 v24.0.5 v1.7.2 v535.104.05(default),v470.199.02(R470)

Updated latest GPU driver to v535.104.05.

September 07, 2023

cos-beta-109-17800-0-31

Kernel Docker Containerd GPU Drivers
COS-6.1.42 v24.0.5 v1.7.2 v535.54.03(default),v470.199.02(R470)

Updated dev-go/go-tools to v0.11.1_p20230712.

Updated dev-lang/go to v1.21.0.

The get_metadata_value script will now retry if it experiences a connection error.

Enabled persistence mode with Nvidia GPU driver installation.

Fixed an issue in ip6tables where the -C option did not work correctly.

Upgraded sys-fs/mdadm to v4.2. This resolves CVE-2023-28938 and CVE-2023-28736.

Fixed CVE-2023-4016 in sys-process/procps.

Fixed CVE-2022-40896 in pygments package.

Fixed CVE-2023-33953 in the Linux kernel.

Runtime sysctl changes:

  • Added: kernel.io_uring_disabled: 0

August 21, 2023

cos-beta-109-17800-0-13

Kernel Docker Containerd GPU Drivers
COS-6.1.42 v24.0.5 v1.7.2 v535.54.03(default),v470.199.02(R470)

Updated app-containers/docker-cli to 24.0.5.

Updated app-containers/docker to 24.0.5.

Updated dev-go/yaml to v3.0.1. This resolves CVE-2022-28948.

Updated dev-libs/openssl to v3.0.10. This resolves CVE-2023-3817.

Fixed CVE-2023-4147 in the Linux kernel.

Fixed CVE-2023-4194 in the Linux kernel.

August 14, 2023

cos-beta-109-17800-0-8

Date Kernel Docker Containerd GPU Drivers
Aug 14, 2023 COS-6.1.42 v24.0.4 v1.7.2 v535.54.03(default),v470.199.02(R470)

Updates to Major Packages:

Updated cos-gpu-installer to v2.1.4. Some key features of this update include:

  • Support for gsp_tu10x.bin and gsp_ad10x.bin gsp firmware files and removes the container dependency on python2.
  • Simplifies GPU driver installation by remounting driver installation path as executable from cos-extensions.
  • Support for L4 GPU in cos-gpu-installer and fixed cached driver installation for prebuilt driver modules.
  • Fallback to installing compatible drivers when installer is invoked for certain GPU devices and incompatible drivers.
  • Switch precompiled driver and signature location to COS build artifacts.
  • Added flag --no-verify to preload GPU drivers with no GPU attached.
  • Added support for NVIDIA R535 drivers by preparing gsp_ga10x.bin firmware file.
  • Added flag --module-arg to specify kernel module parameters.
  • Switch generic NVIDIA driver installer download url in cos-gpu-installer from us.downloads.nvidia to gs://nvidia-drivers--public.
  • Fix permission issue in GPU driver install directory with OSS drivers.

Updated default and latest drivers to v535.54.03 (NVIDIA LTSB). This also resolves: CVE-2023-0184, CVE-2023-0189, CVE-2023-0180, CVE-2023-0183, CVE-2023-0185, CVE-2023-0187, CVE-2023-0198, CVE-2023-0199, CVE-2023-0188, CVE-2023-0190, CVE-2023-0194, CVE-2023-0195, CVE-2023-0191. CVE-2023-25515 and CVE-2023-25516.

Also updated R470 drivers to 470.199.02. This also resolves: CVE-2023-0184, CVE-2023-0189, CVE-2023-0180, CVE-2023-0185, CVE-2023-0187, CVE-2023-0198, CVE-2023-0199, CVE-2023-0188, CVE-2023-0190, CVE-2023-0194, CVE-2023-0195, CVE-2023-0191.

Updated systemd to v253.3.

Updated Docker and docker-cli to v24.0.4.

Updated kubernetes to v1.27.3.

Updated containerd to 1.7.2. This also resolves CVE-2023-25173 and CVE-2023-25153.

Updated runc to 1.1.7. This also resolves CVE-2023-25809 and CVE-2023-27561.

Updated docker-credential-gcr to v2.1.10.

Updated cloud-init to v23.1.2.

Updated oslogin to v20230531.00.

Updated google-osconfig-agent to v20230706.02.

Updated google-guest-agent to v20230628.00.

Updated google-guest-configs to v20230526.00.

Upgraded localtoast from v1.1.5.1 to v1.1.6.

Updated sosreport to v4.5.4.

Updated toolbox to v20230714.

New Features and Changes in the Linux Kernel:

Updated the Linux kernel to v6.1.40.

Disabled CONFIG_DEBUG_CREDENTIALS in the kernel due to its performance impact on some container workloads.

Add MAX_SKB_FRAGS configuration in the Linux kernel.

Updated the gvnic driver in the Linux kernel.

Enabled support for MGLRU in the Linux kernel.

Enabled vrf, ip_gre, and ip6_gre modules.

Enabled TDX Guest support in the Linux Kernel.

Added kernel support for nftables.

Enabled the following kernel configs: CONFIG_AMD_IOMMU, CONFIG_AMD_IOMMU_V2 and INET_DIAG_DESTROY.

Added kernel modules for SquashFS, RAID1, and DM RAID.

New Features and Changes in the Image:

Installed fluent-bit for stackdriver logging in x86 images. See this page for more details.

Added nvidia-container-toolkit v1.13.5.

Retry starting systemd-networkd permanently in case of failure instead of default limit of 5.

Enabled fluent-bit to use customized configuration.

Enabled KVM-based nested virtualization for the x86 architecture.

Add noexec, nodev, nosuid to /etc/resolv.conf bind mount. Fixes EPERM errors when running a pod in UserNS in COS.

Increase /dev/stateful wait timeout with protected stateful partition.

Allowed preloading GPU driver dependencies through cos-extensions.

Toolbox is now compatible with both Artifact Registry (AR) and Google Container Registry (GCR).

Use the Fluent-bit logging agent when the google-logging-use-fluentbit metadata key is true and logging is enabled.

Fixed an issue where chronyd does not restart after failure, resulting in the system time being out of sync.

Fixed an issue where pstore is not cleaned at boot time if COS metrics are disabled.

Fixed containers losing access to GPUs with error "Failed to initialize NVML: Unknown error".

Removed support for Rust symbol demangling in google-breakpad.

CVE/Security Fixes:

Upgraded net-misc/curl to v8.1.2. This resolves CVE-2022-43552.

Upgraded net-misc/openssh package to v9.3. This resolves CVE-2023-28531 and CVE-2023-25136.

Updated dev-libs/openssl to v3.0.9. This resolves CVE-2023-2650, CVE-2022-4450, CVE-2023-0215, CVE-2022-4304, CVE-2023-0286, CVE-2023-0464, CVE-2023-1255, CVE-2023-0465 and CVE-2023-0466.

Fixed CVE-2023-24329, CVE-2015-20107, CVE-2020-10735, CVE-2021-28861, and CVE-2022-45061 in dev-lang/python.

Fixed ncurses upgrade to 6.4p20220423. This resolves CVE-2023-29491.

Updated the dev-libs/libxml2 package to 2.10.4. This resolves CVE-2023-28484.

Updated app-editors/vim, app-editors/vim-core to v9.0.1562. This resolves CVE-2023-2609, CVE-2023-2610, CVE-2023-2426, CVE-2023-0512, CVE-2023-1127, CVE-2023-1175, CVE-2023-1170, CVE-2023-1355 and CVE-2023-1264.

Updated to pick up CVE-2023-0394 patch for ipv6 raw.

Updated to pick up CVE-2023-0386 and CVE-2023-1281 patches for net-sched in the kernel.

Updated to pick up CVE-2023-0179 patch for netfilter in kernel.

Upgraded dev-libs/confuse to v3.3 and fixed CVE-2022-40320.

Upgraded dev-python/cryptography to v39.0.1. This resolves CVE-2023-23931.

Fixed CVE-2022-48303 in app-arch/tar.

Fixed CVE-2022-2928 and CVE-2022-2929 in net-misc/dhcp.

Upgraded sys-fs/cryptsetup from 2.3.4 to 2.4.3. This resolves CVE-2021-4122.

Updated net-fs/cifs-utils to v6.15. This resolves CVE-2022-29869, CVE-2021-20208, and CVE-2022-27239.

Fixed CVE-2021-27291 and CVE-2021-20270 in dev-python/pygments.

Updated binutils-libs to v2.40. This resolves CVE-2022-4285.

Updated dev-lang/go to v1.20.5 and dev-go/net to v0.7.0. This resolves CVE-2023-29403, CVE-2023-29404, CVE-2023-29402, CVE-2023-29405, CVE-2023-24532, CVE-2023-24536, CVE-2023-24537, CVE-2023-24538, CVE-2023-24539, CVE-2023-24540, CVE-2023-29400, CVE-2022-41723 and CVE-2022-41725.

Upgraded sys-apps/less to v633-r1. This resolves CVE-2022-46663.

Update open-vm-tools to v12.2.5. This resolves CVE-2023-20867.

Updated open-iscsi to v2.1.8. This resolves CVE-2020-17437.

Updates for Minor packages:

Upgraded sys-apps/coreutils to v9.3.

Upgraded sys-fs/e2fsprogs to v1.47.0-r2.

Upgraded app-misc/ca-certificates to v20230311.3.90.

Upgraded app-misc/mime-types to v2.1.54.

Upgraded sys-apps/diffutils to v3.10.

Upgraded net-dns/c-ares to v1.19.1.

Upgraded sys-apps/grep to v3.11.

Upgraded sys-apps/ethtool to v6.3.

Upgraded net-misc/wget to v1.21.4.

Upgraded sys-libs/libcap to v2.69.

Upgraded sys-apps/coreutils to v9.3-r1.

Upgraded app-admin/sudo to v1.9.13_p3-r1.

Upgraded app-arch/xz-utils to v5.4.3.

Upgraded sys-apps/acl to v2.3.1-r2.

Updated iproute2 to v6.2.0.

Upgraded app-misc/jq to v1.7_pre20201109-r1.

Upgraded sys-fs/lvm2 to v2-2.03.20.

Upgraded net-libs/libnetfilter_conntrack to v1.0.9-r1.

Upgraded net-firewall/iptables to v1.8.9.

Upgraded sys-apps/dmidecode to v3.5-r2.

Upgraded sys-libs/libcap to v2.68.

Upgraded net-misc/wget to v1.21.3-r1.

Upgraded sys-apps/file to v5.44-r3.

Upgraded sys-fs/xfsprogs to v6.2.0.

Upgraded net-libs/libnfnetlink to v1.0.2.

Upgraded net-misc/rsync to v3.2.7-r2.

Upgraded sys-process/lsof to v4.98.0.

Upgraded sys-libs/libcap-ng to v0.8.3.

Upgraded sys-libs/timezone-data to v2023c.

Upgraded sys-apps/net-tools to v2.10.

Upgraded sys-apps/kexec-tools to v2.0.24.

Upgraded sys-apps/gentoo-functions to v0.19.

Upgraded sys-apps/ethtool to v6.2.

Upgraded sys-apps/attr to v2.5.1-r2.

Upgraded sys-apps/acl to v2.3.1-r1.

Upgraded net-nds/rpcbind to v1.2.6.

Upgraded net-misc/bridge-utils to v1.7.1-r1.

Upgraded net-libs/libnetfilter_queue to v1.0.5.

Upgraded net-libs/libnetfilter_cttimeout to v1.0.1.

Upgraded net-libs/libnetfilter_cthelper to v1.0.1-r1.

Upgraded net-libs/libmnl to v1.0.5.

Upgraded net-libs/gnutls to v3.8.0.

Upgraded net-fs/autofs to v5.1.8-r1.

Upgraded net-dns/libidn2 to v2-2.3.4.

Upgraded net-dns/c-ares to v1.19.0.

Upgraded net-analyzer/netcat to v110.20180111-r2.

Upgraded dev-libs/userspace-rcu to v0.13.2.

Upgraded dev-libs/re2 to v2-0.2022.12.01.

Upgraded dev-libs/popt to v1.19.

Upgraded dev-libs/libzip to v1.9.2.

Upgraded dev-libs/nettle to v3.8.1.

Upgraded dev-libs/nspr to v4.35-r1.

Upgraded dev-libs/libyaml to v0.2.5.

Upgraded dev-libs/libverto to v0.3.2.

Upgraded dev-libs/libpcre2 to v2-10.42-r1.

Upgraded dev-libs/libpcre to v8.45-r1.

Upgraded dev-libs/libgpg-error to v1.46-r1.

Upgraded dev-libs/libgcrypt to v1.10.1-r3.

Upgraded dev-libs/libevent to v2.1.12-r1.

Upgraded dev-libs/gmp to v6.2.1-r5.

Upgraded dev-libs/expat to v2.5.0.

Upgraded dev-libs/elfutils to v0.189.

Upgraded dev-libs/dbus-glib to v0.112.

Upgraded dev-db/sqlite to v3.41.0.

Upgraded app-shells/dash to v0.5.12.

Upgraded app-arch/pigz to v2.7-r1.

Upgraded app-admin/logrotate to v3.21.0.

Updated dev-go/go-sys to v0.5.0.

Updated dev-go/go-tools to 070db2996ebe3aa00667288f8e5749e867deeb39.

Upgraded bind-tools to v9.16.37.