Container-Optimized OS Release Notes: Milestone 85

cos-85-13310-1498-10

Date Kernel Docker Containerd GPU Drivers
Aug 08, 2022 COS-5.4.203 v19.03.15 v1.4.13 v450.203.03(default)

Updated the default Nvidia driver version to v450.203.03.

Fixed CVE-2022-21505 in the Linux kernel.

cos-85-13310-1498-7

Date Kernel Docker Containerd GPU Drivers
Aug 01, 2022 COS-5.4.203 v19.03.15 v1.4.13 v450.172.01(default)

Moved the toolchain source from gs://chromiumos-sdk to gs://cos-sdk.

Updated toolbox to v20220722.

cos-85-13310-1498-4

Date Kernel Docker Containerd GPU Drivers
Jul 25, 2022 COS-5.4.203 v19.03.15 v1.4.13 v450.172.01(default)

Upgraded openssl to v1.1.1q to resolve CVE-2022-2097.

cos-85-13310-1498-3

Date Kernel Docker Containerd GPU Drivers
Jul 18, 2022 COS-5.4.203 v19.03.15 v1.4.13 v450.172.01(default)

Updated net-misc/curl to v7.84.0. This resolves CVE-2022-32205, CVE-2022-32206, CVE-2022-32207, and CVE-2022-32208.

cos-85-13310-1498-1

Date Kernel Docker Containerd GPU Drivers
Jul 13, 2022 COS-5.4.203 v19.03.15 v1.4.13 v450.172.01(default)

Updated cos-gpu-installer to fetch the COS toolchain from gs://cos-tools instead of gs://chromiumos-sdk.

Added pci=clearmsi option for kdump stackdriver.

Updated the Linux kernel to v5.4.203.

Updated toolbox to v20220630.

Updated net-dns/c-ares to v1.17.2. This resolves CVE-2022-27778, CVE-2022-27779, CVE-2022-27780, CVE-2022-27775, CVE-2022-30115, CVE-2022-27776, CVE-2022-27774, CVE-2022-27781, CVE-2022-22576.

Updated net-misc/curl to v7.83.1. This resolves CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776, CVE-2022-27778, CVE-2022-27779, CVE-2022-27780, CVE-2022-27781, CVE-2022-27782, CVE-2022-30115.

Runtime sysctl changes:

  • Changed: kernel.random.poolsize: 4096 -> 256
  • Changed: kernel.random.write_wakeup_threshold: 896 -> 256
  • Deleted: kernel.random.read_wakeup_threshold: 64

cos-85-13310-1453-24

Date Kernel Docker Containerd GPU Drivers
Jul 11, 2022 COS-5.4.188 v19.03.15 v1.4.13 v450.172.01(default)

Upgraded openssl to 1.1.1p to resolve CVE-2022-2068.

Updated app-editors/vim and app-editors/vim-core to v8.2.5066. This resolves CVE-2022-2126,CVE-2022-2125,CVE-2022-2124,CVE-2022-2129,CVE-2022-1720, CVE-2022-1942,CVE-2022-1886,CVE-2022-1851,CVE-2022-1160,CVE-2022-1154, CVE-2022-1381,CVE-2022-1420,CVE-2022-1733,CVE-2022-1796,CVE-2022-1769, CVE-2022-1735,CVE-2022-1674,CVE-2022-1771,CVE-2022-1620,CVE-2022-1785, CVE-2022-1629,CVE-2022-1616,CVE-2022-1621,CVE-2022-1619,CVE-2022-1927, CVE-2022-1898.

cos-85-13310-1453-22

Date Kernel Docker Containerd GPU Drivers
Jul 06, 2022 COS-5.4.188 v19.03.15 v1.4.13 v450.172.01(default)

Fixed CVE-2022-29217 in dev-python/pyjwt

Updated app-editors/vim and app-editors/vim-core to v8.2.4586. This resolves CVE-2022-0696,CVE-2022-0729,CVE-2022-0572,CVE-2022-0685, CVE-2022-0714,CVE-2022-0629 and CVE-2022-0943.

cos-85-13310-1453-18

Date Kernel Docker Containerd GPU Drivers
Jun 21, 2022 COS-5.4.188 v19.03.15 v1.4.13 v450.172.01(default)

Fixed CVE-2022-29162 in runc.

cos-85-13310-1453-17

Date Kernel Docker Containerd GPU Drivers
Jun 13, 2022 COS-5.4.188 v19.03.15 v1.4.13 v450.172.01(default)

Fixed CVE-2022-31030 in containerd.

cos-85-13310-1453-16

Date Kernel Docker Containerd GPU Drivers
Jun 03, 2022 COS-5.4.188 v19.03.15 v1.4.13 v450.172.01(default)

Fixed CVE-2022-30594, CVE-2022-1516 and CVE-2022-28893 in the Linux Kernel.

Fixed a bug in KTD LSM xattr handling.

cos-85-13310-1453-11

Date Kernel Docker Containerd GPU Drivers
May 25, 2022 COS-5.4.188 v19.03.15 v1.4.13 v450.172.01(default)

Fixed CVE-2022-1729 in the Linux Kernel.

Date Kernel Docker Containerd GPU Drivers
May 23, 2022 COS-5.4.188 v19.03.15 v1.4.13 v450.172.01(default)

Fixed an issue that prevented large cloud-configs (~256KB) from working properly.

Upgraded openssl to 1.1.1o. This resolves CVE-2022-1292.

Upgraded dev-libs/libxml2 to v2.9.14. This resolves CVE-2022-29824.

Upgraded dev-libs/libxslt to v1.1.35. This resolves CVE-2022-29824.

Fixed CVE-2022-0494 in the Linux kernel.

cos-85-13310-1453-6

Date Kernel Docker Containerd GPU Drivers
May 16, 2022 COS-5.4.188 v19.03.15 v1.4.13 v450.172.01(default)

Updated sys-libs/ncurses to v6.3_p20220423. This resolves CVE-2022-29458.

cos-85-13310-1453-5

Date Kernel Docker Containerd GPU Drivers
Apr 25, 2022 COS-5.4.188 v19.03.15 v1.4.13 v450.172.01(default)

Fixed CVE-2022-29581 and CVE-2022-1116 in the Linux kernel.

cos-85-13310-1453-3

Date Kernel Docker Containerd GPU Drivers
Apr 18, 2022 COS-5.4.188 v19.03.15 v1.4.13 v450.172.01(default)

Fixed CVE-2022-24769 in containerd.

cos-85-13310-1453-1

Date Kernel Docker Containerd GPU Drivers
Apr 12, 2022 COS-5.4.188 v19.03.15 v1.4.13 v450.172.01(default)

Updated default GPU driver version to v450.172.01.

Updated containerd to v1.4.13.

Updated the Linux kernel to v5.4.188.

Added command cos-extensions list -- --gpu-installer to show the default cos-gpu-installer.

Upgraded cos-gpu-installer-v2 to v2.0.17 in cos-extensions. Refined error message for installing latest driver. Preinstalled dependencies are now detected separately.

Fixed CVE-2020-13529 in systemd.

Upgraded dev-libs/libxml2 to v2.9.13-r1. This resolves CVE-2022-23308.

Fixed CVE-2022-0617 in the Linux kernel.

cos-85-13310-1416-18

Date Kernel Docker Containerd GPU Drivers
Apr 05, 2022 COS-5.4.171 v19.03.15 v1.4.8 v450.119.04(default)

Increased number of vCPUs support from 256 to 512.

cos-85-13310-1416-17

Date Kernel Docker Containerd GPU Drivers
Mar 25, 2022 COS-5.4.171 v19.03.15 v1.4.8 v450.119.04(default)

Fixed CVE-2022-27666, CVE-2022-1055 and CVE-2020-36516 in the Linux Kernel.

Upgraded openssl package to v1.1.1n to fix CVE-2022-0778.

cos-85-13310-1416-13

Date Kernel Docker Containerd GPU Drivers
Mar 21, 2022 COS-5.4.171 v19.03.15 v1.4.8 v450.119.04(default)

Fixed CVE-2021-22570 in libprotobuf.

Fixed get_status API in device policy manager.

cos-85-13310-1416-11

Date Kernel Docker Containerd Default GPU Driver
Mar 07, 2022 COS-5.4.171 v19.03.15 v1.4.8 v450.119.04

Fixed CVE-2022-0847 in the Linux kernel.

Fixed CVE-2022-23648 in containerd.

cos-85-13310-1416-9

Date Kernel Kubernetes Docker Containerd Default GPU Driver
Feb 28, 2022 COS-5.4.171 v1.18.20 v19.03.15 v1.4.8 v450.119.04

Fixed CVE-2021-45346 in dev-db/sqlite.

cos-85-13310-1416-5

Date Kernel Kubernetes Docker Containerd Default GPU Driver
Feb 14, 2022 COS-5.4.171 v1.18.20 v19.03.15 v1.4.8 v450.119.04

Updated app-editors/vim and app-editors/vim-core to v8.2.4328. This resolves CVE-2021-4187, CVE-2022-0128, CVE-2022-0156, CVE-2022-0158, CVE-2022-0261, CVE-2022-0318, CVE-2022-0319, CVE-2022-0392, CVE-2022-0368, CVE-2022-0393, CVE-2022-0361, CVE-2022-0359, CVE-2022-0413, CVE-2022-0408, CVE-2022-0407, and CVE-2022-0443.

Fixed CVE-2022-0492 in the Linux kernel.

cos-85-13310-1416-3

Date Kernel Kubernetes Docker Containerd Default GPU Driver
Feb 07, 2022 COS-5.4.171 v1.18.20 v19.03.15 v1.4.8 v450.119.04

Fixed an issue in containerd where layer hashes were sometimes computed incorrectly for large self-hosted containers.

Fixed CVE-2021-41190 in app-emulation/docker.

cos-85-13310-1416-1

Date Kernel Kubernetes Docker Containerd Default GPU Driver
Jan 24, 2022 COS-5.4.171 v1.18.20 v19.03.15 v1.4.8 v450.119.04

Updated the Linux kernel to v5.4.171. This resolves CVE-2021-28714 and CVE-2021-28715.

Upgraded dev-libs/libgcrypt to v1.9.4. This resolves CVE-2021-40528.

Runtime sysctl changes:

  • Changed: fs.epoll.max_user_watches: 1669181 -> 1669140
  • Changed: fs.file-max: 814782 -> 814766
  • Changed: kernel.threads-max: 63674 -> 63672
  • Changed: net.ipv4.tcp_mem: 94323 125765 188646 -> 94320 125762 188640
  • Changed: net.ipv4.udp_mem: 188646 251530 377292 -> 188643 251525 377286
  • Changed: user.max_cgroup_namespaces: 31837 -> 31836
  • Changed: user.max_ipc_namespaces: 31837 -> 31836
  • Changed: user.max_mnt_namespaces: 31837 -> 31836
  • Changed: user.max_net_namespaces: 31837 -> 31836
  • Changed: user.max_pid_namespaces: 31837 -> 31836
  • Changed: user.max_user_namespaces: 31837 -> 31836
  • Changed: user.max_uts_namespaces: 31837 -> 31836

cos-85-13310-1366-24

Date Kernel Kubernetes Docker Containerd Default GPU Driver
Jan 19, 2022 COS-5.4.150 v1.18.20 v19.03.15 v1.4.8 v450.119.04

Updated vim and vim-core to v8.2.3950. This resolves CVE-2021-4193, CVE-2021-4192, CVE-2021-4173, CVE-2021-4166, and CVE-2021-4136.

Fixed a privilege escalation vulnerability in fs_context in the Linux kernel. This resolves CVE-2022-0185.

Fixed a kernel crash issue in Container Threat Detection.

cos-85-13310-1366-21

Date Kernel Kubernetes Docker Containerd Default GPU Driver
Jan 11, 2022 COS-5.4.150 v1.18.20 v19.03.15 v1.4.8 v450.119.04

Upgraded dev-libs/nspr to v3.42. This resolves CVE-2021-43527.

Upgraded dev-libs/nss to v3.73. This resolves CVE-2021-43527.

Upgraded app-crypt/nss to v3.73. This resolves CVE-2021-43527.

Upgraded app-emulation/runc to v1.0.3. This resolves CVE-2021-43784.

Updated vim and vim-core to v8.2.3741. This resolves CVE-2021-3973, CVE-2021-3968, CVE-2021-4069, CVE-2021-4019, CVE-2021-3984 and CVE-2021-3974.

Fixed a double-free issue in packet_set_ring in the Linux kernel.

Fixed CVE-2021-4155 in the Linux kernel.

cos-85-13310-1366-14

Date Kernel Kubernetes Docker Containerd Default GPU Driver
Dec 13, 2021 COS-5.4.150 v1.18.20 v19.03.15 v1.4.8 v450.119.04

Fixed CVE-2021-4002 in the linux kernel.

cos-85-13310-1366-12

Date Kernel Kubernetes Docker Containerd Default GPU Driver
Dec 07, 2021 COS-5.4.150 v1.18.20 v19.03.15 v1.4.8 v450.119.04

Fixed CVE-2021-41617 in openssh.

cos-85-13310-1366-11

Date Kernel Kubernetes Docker Containerd Default GPU Driver
Dec 01, 2021 COS-5.4.150 v1.18.20 v19.03.15 v1.4.8 v450.119.04

Fixed CVE-2021-41190 in app-emulation/containerd.

Updated vim and vim-core to v8.2.3582. This resolves CVE-2021-3928 and CVE-2021-3927.

cos-85-13310-1366-9

Date Kernel Kubernetes Docker Containerd Default GPU Driver
Nov 15, 2021 COS-5.4.150 v1.18.20 v19.03.15 v1.4.8 v450.119.04

Fixed UUID parsing in kernel crash dump collection.

Updated vim and vim-core to v8.2.3567. This fixes CVE-2021-3872, CVE-2021-3903 and CVE-2021-3875.

Upgraded app-arch/libarchive to v3.5.2. This fixes CVE-2021-36976.

cos-85-13310-1366-5

Date Kernel Kubernetes Docker Containerd Default GPU Driver
Nov 04, 2021 COS-5.4.150 v1.18.20 v19.03.15 v1.4.8 v450.119.04

Enabled cos-extensions to fetch artifacts with geo-redundancy when installing GPU driver.

Upgraded openssl to 1.1.1l. This fixes CVE-2021-3711.

cos-85-13310-1366-3

Date Kernel Kubernetes Docker Containerd Default GPU Driver
Nov 01, 2021 COS-5.4.150 v1.18.20 v19.03.15 v1.4.8 v450.119.04

Fixed CVE-2021-41864 in the Linux Kernel.

cos-85-13310-1366-2

Date Kernel Kubernetes Docker Containerd Default GPU Driver
Oct 18, 2021 COS-5.4.150 v1.18.20 v19.03.15 v1.4.8 v450.119.04

Updated the Linux kernel to v5.4.150. This resolves CVE-2021-35477, CVE-2021-34556, CVE-2021-38205, CVE-2021-38198, CVE-2021-38199, CVE-2021-40490 and CVE-2021-3653.

Fixed CVE-2020-10029 in sys-libs/glibc.

Fixed CVE-2021-22945 in net-misc/curl.

Updated vim to v8.2.3428. This resolves CVE-2021-3796, CVE-2021-3778, and CVE-2021-3770.

Fixed CVE-2019-17594, CVE-2019-17595 and CVE-2021-39537 in sys-libs/ncurses.

Created kernel config file under /boot directory.

Updated the built-in kubectl/kubelet to v1.18.20.

cos-85-13310-1308-25

Date Kernel Kubernetes Docker Containerd Default GPU Driver
Oct 11, 2021 COS-5.4.129 v1.18.17 v19.03.15 v1.4.8 v450.119.04

Fixed an issue where GPU drivers wouldn't load due to being incorrectly linked.

Fixed CVE-2021-41103 in containerd.

cos-85-13310-1308-23

Date Kernel Kubernetes Docker Containerd Default GPU Driver
Oct 04, 2021 COS-5.4.129 v1.18.17 v19.03.15 v1.4.8 v450.119.04

Fixed CVE-2020-12403 in dev-libs/nss.

cos-85-13310-1308-22

Date Kernel Kubernetes Docker Containerd Default GPU Driver
Sep 27, 2021 COS-5.4.129 v1.18.17 v19.03.15 v1.4.8 v450.119.04

Fixed CVE-2021-28153 in glib and glib-utils.

Upgraded app-arch/libarchive to v3.5.1. This resolves CVE-2021-36976.

cos-85-13310-1308-19

Date Kernel Kubernetes Docker Containerd Default GPU Driver
Sep 20, 2021 COS-5.4.129 v1.18.17 v19.03.15 v1.4.8 v450.119.04

Fixed CVE-2021-3612 in the Linux kernel.

cos-85-13310-1308-18

Date Kernel Kubernetes Docker Containerd Default GPU Driver
Sep 13, 2021 COS-5.4.129 v1.18.17 v19.03.15 v1.4.8 v450.119.04

Upgraded net-misc/curl to v7.78.0. This resolves CVE-2021-22876, CVE-2021-22898, CVE-2021-22897, CVE-2021-22890, CVE-2021-22926 and CVE-2021-22924.

Fixed CVE-2021-32760 in containerd.

Upgraded net-misc/wget to v1.21.1. This resolves CVE-2021-31879.

cos-85-13310-1308-10

Date Kernel Kubernetes Docker Containerd Default GPU Driver
Aug 23, 2021 COS-5.4.129 v1.18.17 v19.03.15 v1.4.6 v450.119.04

Fixed cleanup context of teardownPodNetwork.

cos-85-13310-1308-7

Date Kernel Kubernetes Docker Containerd Default GPU Driver
Aug 02, 2021 COS-5.4.129 v1.18.17 v19.03.15 v1.4.6 v450.119.04

Added the cos.enable_ipv6 kernel command line option that enables IPv6 configuration. This option does not disable IPv4 configuration; COS always configures IPv4 by default.

Fixed an issue where enabling both IPv6 and IPv4 configuration on IPv4-exclusive networks resulted in slow boot times.

cos-85-13310-1308-6

Date Kernel Kubernetes Docker Containerd Default GPU Driver
Jul 26, 2021 COS-5.4.129 v1.18.17 v19.03.15 v1.4.6 v450.119.04

Fixed CVE-2021-33910 in systemd.

Fixed CVE-2021-33909 in the Linux kernel.

cos-85-13310-1308-1

Date Kernel Kubernetes Docker Containerd Default GPU Driver
Jul 12, 2021 COS-5.4.129 v1.18.17 v19.03.15 v1.4.6 v450.119.04

Updated containerd to v1.4.6.

Updated the built-in kubelet to v1.18.17.

Updated the Linux kernel to v5.4.129.

Upgraded the default GPU driver version to 450.119.04.

Upgraded tar to 1.34.

Upgraded sqlite to 3.34.1.

Upgraded libgcrypt to 1.9.3. This fixes CVE-2021-33560.

Fixed CVE-2021-3537 in libxml2.

Fixed CVE-2020-24977 in libxml2.

cos-85-13310-1260-26

Date Kernel Kubernetes Docker Containerd Default GPU Driver
Jun 21, 2021 COS-5.4.109 v1.18.15 v19.03.15 v1.4.3 v450.51.06

Fixed a memory leak in the GVE kernel driver.

Fixed a low network bandwidth issue in the Linux kernel.

cos-85-13310-1260-23

Date Kernel Kubernetes Docker Containerd Default GPU Driver
Jun 14, 2021 COS-5.4.109 v1.18.15 v19.03.15 v1.4.3 v450.51.06

Fixed a network regression on single-core systems when using the GVE network interface.

cos-85-13310-1260-22

Date Kernel Kubernetes Docker Containerd Default GPU Driver
Jun 09, 2021 COS-5.4.109 v1.18.15 v19.03.15 v1.4.3 v450.51.06

Fixed a network regression when using the GVE network interface.

Updated runc to v1.0.0_rc95. This resolves CVE-2021-30465.

cos-85-13310-1260-17

Date Kernel Kubernetes Docker Containerd Default GPU Driver
Jun 07, 2021 COS-5.4.109 v1.18.15 v19.03.15 v1.4.3 v450.51.06

Fixed CPU usage for workloads with heavy page cache usage.

cos-85-13310-1260-8

Date Kernel Kubernetes Docker Containerd
May 03, 2021 COS-5.4.109 v1.18.15 v19.03.15 v1.4.3

Upgraded dev-vcs/git to version 2.26.3. This resolves CVE-2021-21300.

cos-85-13310-1260-5

Date Kernel Kubernetes Docker Containerd
Apr 22, 2021 COS-5.4.109 v1.18.15 v19.03.15 v1.4.3

Fixed an out-of-bounds write issue in the Linux kernel.

cos-85-13310-1260-1

Date Kernel Kubernetes Docker Containerd
Apr 13, 2021 COS-5.4.109 v1.18.15 v19.03.15 v1.4.3

Updated the Linux kernel to v5.4.109.

Updated the built-in kubectl/kubelet to v1.18.15.

Upgraded docker to v19.03.15

Updated glib to v2.66.7. This fixes CVE-2021-27218 and CVE-2021-27219.

Fixed CVE-2020-28493 in dev-python/jinja.

Fixed CVE-2020-13630,CVE-2020-9327,CVE-2020-13871, CVE-2020-11656,CVE-2020-11655,CVE-2020-15358, CVE-2020-13631,CVE-2020-13632,CVE-2020-13434,CVE-2020-9327,CVE-2020-13435 for dev-db/sqlite

Upgraded net-misc/openssh to version 8.5_p1. This fixes CVE-2021-28041.

Added cos-package-info.json file containing the installed packages as well as packages used during build time of COS image.

cos-85-13310-1209-29

Date Kernel Kubernetes Docker Containerd
Apr 12, 2021 COS-5.4.89 v1.18.13 v19.03.14 v1.4.3

Updated openssh to version 8.5_p1. This resolves CVE-2021-28041.

Upgraded openssl to version 1.1.1k. This resolves CVE-2021-3449 and CVE-2021-3450.

cos-85-13310-1209-24

Date Kernel Kubernetes Docker
Apr 05, 2021 COS-5.4.89 v1.18.13 v19.03.14

Updated openssl to version 1.1.1j. This resolves CVE-2021-23840 and CVE-2021-23841.

cos-85-13310-1209-17

Date Kernel Kubernetes Docker
Mar 01, 2021 COS-5.4.89 v1.18.13 v19.03.14

Upgraded libgcrypt to v1.9.1. This addresses CVE-2021-3345.

cos-85-13310-1209-12

Date Kernel Kubernetes Docker
Feb 22, 2021 COS-5.4.89 v1.18.13 v19.03.14

Fixed an issue where firewall initialization would fail because ip6tables was not waiting to claim the xtables lock.

cos-85-13310-1209-10

Date Kernel Kubernetes Docker
Feb 08, 2021 COS-5.4.89 v1.18.13 v19.03.14

Fixed 32 x truesize under-estimation for tiny skbs in the Linux kernel.

cos-85-13310-1209-7

Date Kernel Kubernetes Docker
Feb 01, 2021 COS-5.4.89 v1.18.13 v19.03.14

Upgraded app-admin/sudo to version 1.9.5_p2. This resolves CVE-2021-3156.

cos-85-13310-1209-3

Date Kernel Kubernetes Docker
Jan 25, 2021 COS-5.4.89 v1.18.13 v19.03.14

Updated the Linux kernel to upstream/v5.4.89.

Added support for the bpf_get_netns_cookie eBPF helper.

Updated cos-gpu-installer to v2.0.3 in cos-extensions. Fixed an issue in which installing GPU drivers was failing due to loading GPU kernel modules in incorrect order.

Fixed an authenication error when using go-dbus to connect systemd.

Updated Docker to v19.03.14.

Updated the built-in kubectl/kubelet to v1.18.13.

Updated containerd to v1.4.3.

cos-85-13310-1041-161

Date Kernel Kubernetes Docker
Jan 11, 2021 COS-5.4.49 v1.18.9 v19.03.9

Fixed CVE-2020-29661 in the Linux kernel.

Fixed CVE-2020-29660 in the Linux kernel.

Fixed an issue where sshd is restarted every minute if no oslogin users are returned by the metadata server.

cos-85-13310-1041-38

Date Kernel Kubernetes Docker
Dec 02, 2020 COS-5.4.49 v1.18.9 v19.03.9

Fixed CVE-2020-15257 in containerd.

cos-85-13310-1041-28

Date Kernel Kubernetes Docker
Nov 11, 2020 COS-5.4.49 v1.18.9 v19.03.9

cloud-init starts after network-online because cloud-init does not configure network for COS on GCP.

cos-85-13310-1041-24

Date Kernel Kubernetes Docker
Oct 19, 2020 COS-5.4.49 v1.18.9 v19.03.9

Backported INIT_STACK_ALL_ZERO to replace INIT_STACK_ALL.

cos-85-13310-1041-17

Date Kernel Kubernetes Docker
Oct 12, 2020 COS-5.4.49 v1.18.9 v19.03.9

Added PPP loadable modules back, which were removed in cos-rc-85-13310-1019-0.

Moved Docker's "registry-mirrors" configuration to the dockerd command line to address Kubernetes cluster provisioning errors.

cos-85-13310-1041-14

Date Kernel Kubernetes Docker
Oct 08, 2020 COS-5.4.49 v1.18.9 v19.03.9

Moved the configuration of Docker's "registry-mirrors" option from the dockerd command line to /etc/docker/daemon.json. This should allow users to configure a custom registry mirror, which can be useful when responding to recent Docker Hub free tier changes.

cos-85-13310-1041-9 (vs Milestone 81)

Date Kernel Kubernetes Docker
Sep 24, 2020 COS-5.4.49 v1.18.9 v19.03.9

Upgraded kernel to upstream 5.4.

Improved eBPF debug and tracing functionality by enabling:
Compressed kernel headers
BTF (BPF Type Format) debug info.

Improved security by enabling more Kernel Self Protection Project (KSPP) settings:
Incorporate lockdown LSM.
Enable Clang's stack initialization.

Added XFS in preview mode.

Added NVMe userspace utilities support sys-apps/nvm-cli.

Added file system ACL userspace utilities sys-apps/acl.

Added FUSE userspace utilities support sys-fs/fuse.

Added cos-extensions userspace utilities support app-admin/extensions-manager.

Added nfs utils packages.

Added ext4 block bitmap prefetching feature.

Made chrony the default NTP client.

Made Python3 the default Python interpreter.

Reduced user home directory permissions to 750.

Disabled hung_on_panic by default.

Enforced kernel module signature verification by default.

Added the cos-extensions-manager package.

Removed the metrics daemon.

Backported upstream patch 'perf_event: support for LSM and SELinux check'.

Enabled utmp in systemd to allow creation of utmp files.

Upgraded KTD to its beta.

Upgraded gVNIC driver to v1.1.0.

Upgraded Nvidia GPU driver support to 450.51.06.

Upgraded containerd to v1.4.1.

Upgraded docker to v19.03.9.

Upgraded the built-in kubectl/kubelet to v1.18.9.

Upgraded docker-credential-gcr to v2.0.2.

Upgraded cloud-init to v19.4.

Upgraded node-problem-detector to v0.8.1.

Upgraded cos-toolbox to 20200715-00.

Upgraded oslogin to v20200507.00.

Upgraded compute-image-packages to v20191210.

Upgraded dump-capture-kernel to 4.19.

Upgraded makedumpfile to v1.6.7.

Upgraded Konlet to v0.11.0.

Upgraded runc to v1.1.0-rc10.

Upgraded openssl to 1.1.0l.

Updated toolbox base container image to include security patches.

Upgraded libseccomp to v2.4.2 to address CVE-2019-9893.

Disabled CONFIG_PPP to mitigate Linux Kernel CVE-2020-14416.

Fixed Linux kernel vulnerability CVE-2020-14386.

Fixed a kernel bug where eBPF programs can cause softlockups.

Removed size limit on /etc/ to fix cluster creation failure because of large number of addons.

Fixed a bug that caused OS login to use excessive amounts of memory.

Updated e2fsprogs to fix partition resize issue.

Enabled utmp in systemd to allow creation of utmp files.

Made dioread_nolock non-default.

Increased kdump memory reservation to 256M for 8G-16G instances.

Added rsync back into the image, which was removed in cos-dev-77-12293-0-0.

Added mount exec option to /var/lib/containerd.