Container-Optimized OS Release Notes: Milestone 117
Stay organized with collections
Save and categorize content based on your preferences.
You can see the latest product updates for all of Google Cloud on the
Google Cloud page, browse and filter all release notes in the
Google Cloud console,
or programmatically access release notes in
BigQuery.
To get the latest product updates delivered to you, add the URL of this page to your
feed
reader, or add the feed URL directly.
October 28, 2024
Fixed CVE-2024-47685 in the Linux kernel.
Fixed CVE-2024-44991 in the Linux kernel.
Fixed CVE-2024-47674 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 811768 -> 811706
October 21, 2024
Updated app-containers/containerd to 1.7.23.
Updated app-arch/libarchive to version 3.7.6. This fixed CVE-2024-48957, CVE-2024-48958.
Fixed CVE-2024-44959 in the Linux kernel.
Fixed CVE-2024-46838 in the Linux kernel.
Fixed KCTF-32556ce in the Linux kernel.
Fixed CVE-2024-45003 in the Linux kernel.
Fixed CVE-2024-44958 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 811790 -> 811768
October 14, 2024
Fixed CVE-2024-44965 in the Linux kernel.
Fixed CVE-2024-46848 in the Linux kernel.
Fixed CVE-2024-44970 in the Linux kernel.
Fixed CVE-2024-46864 in the Linux kernel.
Fixed CVE-2024-46829 in the Linux kernel.
Fixed CVE-2024-46847 in the Linux kernel.
Fixed CVE-2024-46855 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 811772 -> 811790
October 07, 2024
Update R535, default driver to v535.183.06.
Disabled MGLRU by default due to integration issues with
Kubernetes.
Upgraded to v1.16.2. Fixed CVE-2024-0132 and CVE-2024-0133.
Fixed CVE-2024-46744 in the Linux kernel.
Fixed CVE-2024-46750 in the Linux kernel.
Fixed CVE-2024-46786 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 811758 -> 811772
October 02, 2024
September 30, 2024
Fixed A3 Edge VM names in google guest agent configs and
upgrade to v20240725.
Fixed CVE-2024-46763 in the Linux kernel.
Fixed CVE-2024-46679 in the Linux kernel.
Fixed CVE-2024-46762 in the Linux kernel.
Fixed CVE-2024-46721 in the Linux kernel
Fixed CVE-2024-46737 in the Linux kernel
Fixed CVE-2024-46800 in the Linux kernel
Fixed CVE-2024-46796 in the Linux kernel
Fixed CVE-2024-46743 in the Linux kernel
Fixed CVE-2024-46738 in the Linux kernel
September 23, 2024
Upgraded app-admin/fluent-bit to v3.1.8.
Updated cos-gpu-installer to v2.4.2. This enables creation
of /dev/dri when loading nvidia-drm.ko for COS kernels build with
loadable drm and dependent modules.
Updated net-misc/curl to 8.10.0.
Fixed CVE-2024-44996 in the Linux kernel
Fixed CVE-2024-44947 in the Linux kernel
Fixed CVE-2024-45025 in the Linux kernel
Fixed CVE-2024-44983 in the Linux kernel
Fixed CVE-2024-44940 in the Linux kernel
Fixed CVE-2024-45022 in the Linux kernel
Fixed CVE-2024-45020 in the Linux kernel
Fixed CVE-2024-45018 in the Linux kernel
Fixed CVE-2024-45021 in the Linux kernel
Fixed CVE-2024-46686 in the Linux kernel
Runtime sysctl changes:
- Changed: fs.file-max: 811711 -> 811780
September 16, 2024
Updated app-containers/containerd to v1.7.22.
Fixed CVE-2023-27043 in dev-lang/python.
Fixed CVE-2024-7592 in dev-lang/python.
Fixed CVE-2024-6232 in dev-lang/python.
Fixed CVE-2024-6119 in net-libs/openssl.
Updated dev-lang/python to v3.8.19_p1. This fixes
CVE-2007-4559.
Updated dev-libs/expat to version v2.6.3. This fixed CVE-2024-45492, CVE-2024-45490, CVE-2024-45491.
Fixed CVE-2023-7256 in net-libs/libpcap.
Fixed CVE-2024-43893 in the Linux kernel
Fixed CVE-2024-44943 in the Linux kernel
Fixed CVE-2024-43891 in the Linux kernel
Fixed CVE-2024-43892 in the Linux kernel
Fixed CVE-2024-43914 in the Linux kernel
Fixed CVE-2024-44952 in the Linux kernel
Fixed CVE-2024-44957 in the Linux kernel
Fixed CVE-2024-44989 in the Linux kernel
Fixed CVE-2024-44990 in the Linux kernel
Fixed CVE-2024-45000 in the Linux kernel
Fixed CVE-2024-43882 in the Linux kernel
Fixed CVE-2024-44985 in the Linux kernel
Fixed CVE-2024-44987 in the Linux kernel
Fixed CVE-2024-44986 in the Linux kernel
Runtime sysctl changes:
- Changed: fs.file-max: 811784 -> 811711
September 09, 2024
Fixes CVE-2024-43889 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 811778 -> 811784
September 03, 2024
Updated app-containers/containerd to 1.7.21.
Fixed CVE-2024-37370, CVE-2024-37371 in app-crypt/mit-krb5.
Updated app-editors/vim, app-editors/vim-core to version 9.1.0686. This fixed CVE-2024-41957, CVE-2024-41965.
Fixed CVE-2024-44934 in the Linux kernel.
Fixed CVE-2024-42269 in the Linux kernel.
Fixed CVE-2024-42268 in the Linux kernel.
Fixed CVE-2024-42270 in the Linux kernel.
Fixed KCTF-c07ff85 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 811697 -> 811778
- Changed: net.ipv4.tcp_rto_min_us: 200000 -> 5000
August 26, 2024
Upgraded app-admin/fluent-bit to v3.1.6.
Upgraded sys-apps/pv to v1.8.12.
Updated google-osconfig-agent to v20240822.00.
August 20, 2024
Updates to Major Packages:
Upgraded app-admin/node-problem-detector to v0.8.19.
Upgraded app-admin/google-guest-configs to v20240607.00.
Upgraded app-admin/logrotate to v3.22.0.
Upgraded app-containers/docker-credential-helpers to v0.8.2.
Upgraded app-admin/google-guest-agent to v20240716.00.
Upgraded app-admin/google-osconfig-agent to v20240501.00.
Upgraded Konlet to v.0.12.0. This fixes an iptables compatibility issue.
Upgraded go to version 1.22.3.
Upgraded sys-boot/grub-lakitu to the FC 39's current version.
Upgraded localtoast to v1.1.7 and opted out of
logging-service-running benchmark by default for cis-level2.
Upgraded app-containers/docker, app-containers/docker-test and app-containers/docker-cli to v24.0.9.
Updated app-containers/nvidia-container-toolkit to v1.14.6.
Upgraded app-emulation/cloud-init to v23.4.3.
Updated sys-apps/systemd to v254.9.
Updated app-emulation/kubernetes to v1.30.3.
Updated docker-credential-gcr to v2.1.22.
Updated app-containers/runc to v1.1.12.
Updated net-misc/openssh to v9.6_p1-r1.
Updated toolbox to v20230714.
Upgraded app-admin/fluent-bit to v3.1.3.
New Features and Changes in the Linux Kernel:
Runtime sysctl changes:
- Added: dev.tty.legacy_tiocsti: 1
- Added: kernel.io_uring_group: -1
- Added: kernel.kexec_load_limit_panic: -1
- Added: kernel.kexec_load_limit_reboot: -1
- Added: kernel.loadpin.enforce: 1
- Added: net.core.mem_pcpu_rsv: 256
- Added: net.core.rps_default_mask: 00
- Added: net.ipv4.tcp_plb_cong_thresh: 128
- Added: net.ipv4.tcp_plb_enabled: 0
- Added: net.ipv4.tcp_plb_idle_rehash_rounds: 3
- Added: net.ipv4.tcp_plb_rehash_rounds: 12
- Added: net.ipv4.tcp_plb_suspend_rto_sec: 60
- Added: net.ipv4.tcp_rto_min_us: 200000
- Added: net.ipv4.tcp_shrink_window: 0
- Added: net.ipv4.tcp_syn_linear_timeouts: 4
- Added: net.ipv4.udp_child_hash_entries: 0
- Added: net.ipv4.udp_hash_entries: 4096
- Added: net.ipv6.conf.all.accept_ra_min_lft: 0
- Added: net.ipv6.conf.default.accept_ra_min_lft: 0
- Added: net.ipv6.conf.docker0.accept_ra_min_lft: 0
- Added: net.ipv6.conf.eth0.accept_ra_min_lft: 0
- Added: net.ipv6.conf.lo.accept_ra_min_lft: 0
- Added: net.ipv6.icmp.error_anycast_as_unicast: 0
- Added: vm.memfd_noexec: 0
- Added: kernel.io_uring_disabled: 0
- Added: fs.overflowgid: 65534
- Changed: net.core.optmem_max: 131072 -> 20480
- Changed: vm.lowmem_reserve_ratio: 256 256 32 0 0 -> 256 256 32 0
- Changed: fs.epoll.max_user_watches: 1809452 -> 1809007
- Changed: fs.fanotify.max_user_marks: 67560 -> 67544
- Changed: fs.file-max: 811776 -> 811724
- Changed: fs.inotify.max_user_watches: 63441 -> 63425
- Changed: kernel.threads-max: 63503 -> 63487
- Changed: net.ipv4.tcp_mem: 94065 125423 188130 -> 94041 125391 188082
- Changed: net.ipv4.udp_mem: 188133 250847 376266 -> 188085 250783 376170
- Changed: user.max_cgroup_namespaces: 31751 -> 31743
- Changed: user.max_fanotify_marks: 67560 -> 67544
- Changed: user.max_inotify_watches: 63441 -> 63425
- Changed: user.max_ipc_namespaces: 31751 -> 31743
- Changed: user.max_mnt_namespaces: 31751 -> 31743
- Changed: user.max_net_namespaces: 31751 -> 31743
- Changed: user.max_pid_namespaces: 31751 -> 31743
- Changed: user.max_time_namespaces: 31751 -> 31743
- Changed: user.max_user_namespaces: 31751 -> 31743
- Changed: user.max_uts_namespaces: 31751 -> 31743
- Changed: net.ipv6.route.max_size: 4096 -> 2147483647
- Changed: net.netfilter.nf_conntrack_sctp_timeout_shutdown_recd: 0 -> 3
- Changed: net.netfilter.nf_conntrack_sctp_timeout_shutdown_sent: 0 -> 3
Added support for iSCSI targets and RAM block devices.
Added support for dm-zero and dm-clone.
Enabled support for MGLRU in the Linux kernel.
Enabled vrf, ip_gre, and ip6_gre modules.
Updated the Linux kernel to v6.6.44.
New Features and Changes in the Image:
Disable NVIDIA persistence mode with -no-verify flag
Added support for TPU v6 devices.
Updated cos-gpu-installer to v2.3.5.
Added the package revision number to the SSH banner in
net-misc/openssh.
Disabled default automatic updates. Automatic updates must
now be explicitly enabled by setting the cos-update-strategy metadata to "update_enabled".
Mount efivarfs fs by default on EFI-enabled systems.
Enabled the feature to utilize the gpu_driver_versions proto
file for controlling the specific GPU driver version to be installed for each GPU type.
Removed support for NVIDIA 470 drivers.
Fixed bug that cause constant restarts in fluent-bit
stackdriver plugin.
Installed the google_optimize_local_ssd script.
Updated NVIDIA GPU drivers to v550.54.15.
Fixed a potential corruption when launching kernels on H100 GPUs, which is more likely to occur when the GPU is shared between multiple processes.
Updated NVIDIA GPU drivers to v535.161.08.
Fixed a potential corruption when launching kernels on H100 GPUs.
Added NVIDIA GPU drivers R550 branch and updated latest to
550.54.14.
Fixed a bug in google-guest-agent service enablement.
Fixed integrity-fs dm-crypt creation flakiness.
Added automatic generation of known modules list to image
build process.
Included nvidia plugin into sosreport.
Fixed a time-to-login slowdown introduced by cloud-init changes.
Changed default umask value for a user to 027.
Removed legacy logging agent (fluentd).
Fragmented nvidia-drivers and nvidia-drivers-open pkg into separate packages per major version.
Enhanced integrity-fs with disk resize and dm-clone.
Removed deprecated R525 NVIDIA GPU drivers.
Added more service logs to the default Cloud Logging
configuration.
Allow GPU driver installation on dev-channel images without the -test flag.
CVE/Security Fixes:
Fixed CVE-2024-39894 in net-misc/openssh.
Upgraded sys-apps/dbus to v1.14.10-r192. This fixes CVE-2023-34969.
Upgraded dev-lang/go to v1.22.4. This fixes CVE-2023-39323, CVE-2023-44487, CVE-2023-39325, CVE-2024-24790 and CVE-2024-24789.
Fixed CVE-2024-35195 in dev-python/requests.
Updated R550, latest driver to v550.90.07. This fixes CVE‑2024‑0090, CVE‑2024‑0091 and CVE‑2024‑0092.
Updated R535, default driver to v535.183.01. This fixes CVE‑2024‑0090 and CVE‑2024‑0092.
Fixed CVE-2024-21626 in github.com/opencontainers/runc in
kubelet.
Fixed CVE-2023-4641 in sys-apps/shadow.
Fixed CVE-2023-50387, CVE-2023-50868 in sys-apps/systemd.
Fixed CVE-2023-0687, CVE-2024-2961, CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602 in sys-libs/glibc.
Upgraded app-arch/lz4 to 1.9.4. Fixes CVE-2021-3520.
Upgraded app-arch/libarchive to version 3.7.4. Fixes
CVE-2024-26256.
Fixed CVE-2024-34459 in the libxml2 package.
Updated dev-vcs/git to v2.45.1. This resolves
CVE-2024-32002,CVE-2024-32020,CVE-2024-32465,CVE-2024-32004,CVE-2024-32021.
Fixed CVE-2023-32681 in dev-python/requests.
Fixed CVE-2024-3772 in dev-python/pydantic.
Fixed CVE-2023-5388 in dev-libs/nss.
Fixed CVE-2021-36084, CVE-2021-36085, CVE-2021-36086, CVE-2021-36087 in sys-libs/libsepol.
Updated dev-python/pyyaml to version 6.0.1. This fixed CVE-2017-18342, CVE-2020-14343, CVE-2020-1747.
Updated dev-vcs/git to version VERSION. This fixed CVE-2023-22490, CVE-2023-23946, CVE-2023-25652, CVE-2023-25815, CVE-2023-29007.
Updated net-misc/curl to version 8.9.1. This fixed CVE-2024-2004, CVE-2024-2379, CVE-2024-2398, CVE-2024-2466, CVE-2023-38545, CVE-2024-7264, CVE-2024-6197.
Updated dev-libs/expat to version 2.6.2. This fixed CVE-2024-28757.
Fixed CVE-2024-28182 in net-libs/nghttp2.
Upgraded docker to v24.0.9. This fixes CVE-2024-24557.
Fixed CVE-2023-40546, CVE-2023-40548, CVE-2023-40549 and CVE-2023-40550 in
sys-boot/shim.
Fixed CVE-2023-40551 in sys-boot/shim.
Fixed CVE-2023-40547 in sys-boot/shim.
Updated dev-libs/openssl to v3.0.14. This resolves
CVE-2024-0727, CVE-2023-6129, CVE-2024-2511, CVE-2024-4603, CVE-2024-4741 and CVE-2024-5535.
Fixed CVE-2024-0684 in sys-apps/coreutils.
Updated dev-libs/libxml2 to 2.11.7. This fixes CVE-2024-25062.
Fixed CVE-2024-23851 in the Linux kernel.
Fixed CVE-2024-21626 in app-containers/runc.
Upgraded dev-go/crypto to v0.17.0. This fixes
CVE-2023-48795.
Updated dev-go/net to v0.27.0. This resolves CVE-2023-44487, CVE-2023-39325 and CVE-2023-45288.
Updated app-editors/vim, app-editors/vim-core to v9.0.2092.
This resolves CVE-2023-4733, CVE-2023-4734, CVE-2023-4735, CVE-2023-4736,
CVE-2023-4738, CVE-2023-4750, CVE-2023-4752, CVE-2023-4781,
CVE-2023-5344, CVE-2023-5441, CVE-2023-5535, CVE-2023-2609, CVE-2023-2610, CVE-2023-2426.
Updated net-libs/nghttp2 to v1.57.0. This resolves CVE-2023-44487 and CVE-2023-35945.
Upgraded sys-fs/mdadm to v4.2. This resolves CVE-2023-28938 and CVE-2023-28736.
Fixed CVE-2023-4016 in sys-process/procps.
Fixed CVE-2023-1255 in the dev-libs/openssl package.
Update dev-go/protobuf to v1.33.0. This fixes CVE-2024-24786.
Updated dev-python/setuptools to v70.3.0. This resolves CVE-2024-6345.
Fixed CVE-2024-39472 in the linux kernel.
Updates for Minor Packages:
Upgraded app-containers/cni-plugins to v1.5.1.
Upgraded chromeos-base/session_manager-client to v0.0.1-r2796.
Upgraded chromeos-base/update_engine-client to v0.0.1-r2441.
Upgraded chromeos-base/shill-client to v0.0.1-r4612.
Upgraded chromeos-base/debugd-client to v0.0.1-r2707.
Upgraded chromeos-base/power_manager-client to v0.0.1-r2942.
Upgraded chromeos-base/minijail to v18-r142.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r637.
Upgraded dev-embedded/libftdi to v1.5-r7.
Upgraded sys-apps/pv to v1.8.10.
Upgraded net-dns/c-ares to v1.31.0.
Upgraded dev-python/pygobject to v3.46.0-r1.
Upgraded dev-db/sqlite to v3.46.0.
Upgraded dev-libs/nss to v3.97.
Upgraded sys-apps/hwdata to v0.383.
Upgraded net-misc/rsync to v3.3.0-r1.
Upgraded sys-apps/findutils to v4.10.0.
Upgraded sys-libs/libseccomp to v2.5.5-r1.
Upgraded sys-apps/ethtool to v6.9.
Upgraded sys-block/thin-provisioning-tools to v0.9.0-r4.
Fixed glibc-2.36 build errors in sys-boot/syslinux.
Upgraded sys-apps/makedumpfile to v1.7.5.
Upgraded app-admin/sosreport to v4.7.1.
Upgraded chromeos-base/chromeos-dbus-bindings to v0.0.1-r2795.
Upgraded sys-apps/rootdev to v0.0.1-r50.
Upgraded dev-util/puffin to v1.0.0-r451.
Upgraded dev-libs/double-conversion to v3.3.0.
Upgraded sys-apps/sed to v4.9-r1.
Upgraded sys-process/procps to v4.0.4-r1.
Upgraded sys-fs/e2fsprogs to v1.47.0-r3.
Upgraded sys-libs/libcap to v2.70.
Upgraded dev-python/jinja to v3.1.4.
Upgraded net-libs/gnutls to v3.8.6.
Upgraded sys-apps/dmidecode to v3.6.
Upgraded sys-fs/xfsprogs to v6.8.0.
Upgraded sys-apps/less to v661.
Upgraded sys-apps/acl to v2.3.2-r1.
Upgraded sys-apps/grep to v3.11-r1.
Upgraded net-libs/libtirpc to v1.3.4-r2.
Upgraded sys-apps/gentoo-functions to v1.6.
Upgraded net-misc/wget to v1.24.5.
Upgraded dev-libs/libusb to v1.0.27-r1.
Upgraded sys-libs/timezone-data to v2024a-r1.
Upgraded sys-libs/libcap-ng to v0.8.5.
Removed crash-reporter KVM support.
Updated dev-go/pprof to v0.0.0_p20230811.
Updated dev-go/go-tools to v0.16.2_p20231218.
Updated dev-go/term to v0.15.0.
Updated dev-go/go-sys to v0.15.0.
Updated dev-go/sync to v0.5.0.
Updated dev-go/mod to v0.14.0.
Updated dev-go/demangle to v0.0.0_p20230524.
Updated dev-go/go-arch to v0.6.0.
Upgraded chromeos-base/vm_protos to v0.0.1-r563.
Upgraded chromeos-base/hiberman-client to v0.0.1-r470.
Upgraded app-benchmarks/bootchart to v0.9.2-r5.
Downgraded app-misc/ca-certificates to v20230311.3.96.1.
Upgraded sys-auth/pambase to v20240128.
Upgraded net-misc/chrony to v4.5.
Upgraded chromeos-base/system_api to v0.0.1-r5653.
Upgraded chromeos-base/dlcservice-client to v0.0.1-r886.
Upgraded chromeos-base/google-breakpad to v2024.01.16.190249-r226.
Upgraded sys-fs/squashfs-tools to v4.6.1.
Upgraded sys-apps/sandbox to v2.29-r1.
Upgraded app-arch/xz-utils to v5.4.6-r1.
Upgraded dev-util/bsdiff to v4.3.1-r42.
Upgraded app-arch/pigz to v2.8.
Upgraded sys-apps/coreutils to v9.3-r1.
Upgraded net-dns/libidn2 to v2.3.7.
Upgraded sys-apps/attr to v2.5.2-r1.
Upgraded sys-apps/file to v5.45-r4.
Upgraded sys-libs/timezone-data to v2024a.
Upgraded sys-libs/zlib to v1.3.1-r1.
Updated gzip to v1.13-r1.
Upgraded app-eselect/eselect-iptables to v20220320.
Upgraded sys-libs/libcap-ng to v0.8.4-r1.
Upgraded dev-python/netifaces to v0.11.0-r2.
Upgraded sys-libs/gdbm to v1.24.
Updated protobuf-legacy-api to v1.5.4.