cos-85-13310-1498-13
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Aug 22, 2022 | COS-5.4.203 | v19.03.15 | v1.4.13 | v450.203.03(default) |
Updated net-misc/rsync to v3.2.5 and fixed CVE-2022-29154.
Updated dev-db/sqlite to v3.39.2 to fix CVE-2022-35737.
Fixed CVE-2022-36123 in the Linux kernel.
cos-85-13310-1498-10
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Aug 08, 2022 | COS-5.4.203 | v19.03.15 | v1.4.13 | v450.203.03(default) |
Updated the default Nvidia driver version to v450.203.03.
Fixed CVE-2022-21505 in the Linux kernel.
cos-85-13310-1498-7
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Aug 01, 2022 | COS-5.4.203 | v19.03.15 | v1.4.13 | v450.172.01(default) |
Moved the toolchain source from gs://chromiumos-sdk to gs://cos-sdk.
Updated toolbox to v20220722.
cos-85-13310-1498-4
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Jul 25, 2022 | COS-5.4.203 | v19.03.15 | v1.4.13 | v450.172.01(default) |
Upgraded openssl to v1.1.1q to resolve CVE-2022-2097.
cos-85-13310-1498-3
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Jul 18, 2022 | COS-5.4.203 | v19.03.15 | v1.4.13 | v450.172.01(default) |
Updated net-misc/curl to v7.84.0. This resolves CVE-2022-32205, CVE-2022-32206, CVE-2022-32207, and CVE-2022-32208.
cos-85-13310-1498-1
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Jul 13, 2022 | COS-5.4.203 | v19.03.15 | v1.4.13 | v450.172.01(default) |
Updated cos-gpu-installer to fetch the COS toolchain from gs://cos-tools instead of gs://chromiumos-sdk.
Added pci=clearmsi option for kdump stackdriver.
Updated the Linux kernel to v5.4.203.
Updated toolbox to v20220630.
Updated net-dns/c-ares to v1.17.2. This resolves CVE-2022-27778, CVE-2022-27779, CVE-2022-27780, CVE-2022-27775, CVE-2022-30115, CVE-2022-27776, CVE-2022-27774, CVE-2022-27781, CVE-2022-22576.
Updated net-misc/curl to v7.83.1. This resolves CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776, CVE-2022-27778, CVE-2022-27779, CVE-2022-27780, CVE-2022-27781, CVE-2022-27782, CVE-2022-30115.
Runtime sysctl changes:
- Changed: kernel.random.poolsize: 4096 -> 256
- Changed: kernel.random.write_wakeup_threshold: 896 -> 256
- Deleted: kernel.random.read_wakeup_threshold: 64
cos-85-13310-1453-24
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Jul 11, 2022 | COS-5.4.188 | v19.03.15 | v1.4.13 | v450.172.01(default) |
Upgraded openssl to 1.1.1p to resolve CVE-2022-2068.
Updated app-editors/vim and app-editors/vim-core to v8.2.5066. This resolves CVE-2022-2126,CVE-2022-2125,CVE-2022-2124,CVE-2022-2129,CVE-2022-1720, CVE-2022-1942,CVE-2022-1886,CVE-2022-1851,CVE-2022-1160,CVE-2022-1154, CVE-2022-1381,CVE-2022-1420,CVE-2022-1733,CVE-2022-1796,CVE-2022-1769, CVE-2022-1735,CVE-2022-1674,CVE-2022-1771,CVE-2022-1620,CVE-2022-1785, CVE-2022-1629,CVE-2022-1616,CVE-2022-1621,CVE-2022-1619,CVE-2022-1927, CVE-2022-1898.
cos-85-13310-1453-22
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Jul 06, 2022 | COS-5.4.188 | v19.03.15 | v1.4.13 | v450.172.01(default) |
Fixed CVE-2022-29217 in dev-python/pyjwt
Updated app-editors/vim and app-editors/vim-core to v8.2.4586. This resolves CVE-2022-0696,CVE-2022-0729,CVE-2022-0572,CVE-2022-0685, CVE-2022-0714,CVE-2022-0629 and CVE-2022-0943.
cos-85-13310-1453-18
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Jun 21, 2022 | COS-5.4.188 | v19.03.15 | v1.4.13 | v450.172.01(default) |
Fixed CVE-2022-29162 in runc.
cos-85-13310-1453-17
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Jun 13, 2022 | COS-5.4.188 | v19.03.15 | v1.4.13 | v450.172.01(default) |
Fixed CVE-2022-31030 in containerd.
cos-85-13310-1453-16
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Jun 03, 2022 | COS-5.4.188 | v19.03.15 | v1.4.13 | v450.172.01(default) |
Fixed CVE-2022-30594, CVE-2022-1516 and CVE-2022-28893 in the Linux Kernel.
Fixed a bug in KTD LSM xattr handling.
cos-85-13310-1453-11
| Date | Kernel | Docker | Containerd | GPU Drivers |
| May 25, 2022 | COS-5.4.188 | v19.03.15 | v1.4.13 | v450.172.01(default) |
Fixed CVE-2022-1729 in the Linux Kernel.
| Date | Kernel | Docker | Containerd | GPU Drivers |
| May 23, 2022 | COS-5.4.188 | v19.03.15 | v1.4.13 | v450.172.01(default) |
Fixed an issue that prevented large cloud-configs (~256KB) from working properly.
Upgraded openssl to 1.1.1o. This resolves CVE-2022-1292.
Upgraded dev-libs/libxml2 to v2.9.14. This resolves CVE-2022-29824.
Upgraded dev-libs/libxslt to v1.1.35. This resolves CVE-2022-29824.
Fixed CVE-2022-0494 in the Linux kernel.
cos-85-13310-1453-6
| Date | Kernel | Docker | Containerd | GPU Drivers |
| May 16, 2022 | COS-5.4.188 | v19.03.15 | v1.4.13 | v450.172.01(default) |
Updated sys-libs/ncurses to v6.3_p20220423. This resolves CVE-2022-29458.
cos-85-13310-1453-5
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Apr 25, 2022 | COS-5.4.188 | v19.03.15 | v1.4.13 | v450.172.01(default) |
Fixed CVE-2022-29581 and CVE-2022-1116 in the Linux kernel.
cos-85-13310-1453-3
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Apr 18, 2022 | COS-5.4.188 | v19.03.15 | v1.4.13 | v450.172.01(default) |
Fixed CVE-2022-24769 in containerd.
cos-85-13310-1453-1
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Apr 12, 2022 | COS-5.4.188 | v19.03.15 | v1.4.13 | v450.172.01(default) |
Updated default GPU driver version to v450.172.01.
Updated containerd to v1.4.13.
Updated the Linux kernel to v5.4.188.
Added command cos-extensions list -- --gpu-installer to show
the default cos-gpu-installer.
Upgraded cos-gpu-installer-v2 to v2.0.17 in cos-extensions. Refined error message for installing latest driver. Preinstalled dependencies are now detected separately.
Fixed CVE-2020-13529 in systemd.
Upgraded dev-libs/libxml2 to v2.9.13-r1. This resolves CVE-2022-23308.
Fixed CVE-2022-0617 in the Linux kernel.
cos-85-13310-1416-18
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Apr 05, 2022 | COS-5.4.171 | v19.03.15 | v1.4.8 | v450.119.04(default) |
Increased number of vCPUs support from 256 to 512.
cos-85-13310-1416-17
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Mar 25, 2022 | COS-5.4.171 | v19.03.15 | v1.4.8 | v450.119.04(default) |
Fixed CVE-2022-27666, CVE-2022-1055 and CVE-2020-36516 in the Linux Kernel.
Upgraded openssl package to v1.1.1n to fix CVE-2022-0778.
cos-85-13310-1416-13
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Mar 21, 2022 | COS-5.4.171 | v19.03.15 | v1.4.8 | v450.119.04(default) |
Fixed CVE-2021-22570 in libprotobuf.
Fixed get_status API in device policy manager.
cos-85-13310-1416-11
| Date | Kernel | Docker | Containerd | Default GPU Driver |
| Mar 07, 2022 | COS-5.4.171 | v19.03.15 | v1.4.8 | v450.119.04 |
Fixed CVE-2022-0847 in the Linux kernel.
Fixed CVE-2022-23648 in containerd.
cos-85-13310-1416-9
| Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
| Feb 28, 2022 | COS-5.4.171 | v1.18.20 | v19.03.15 | v1.4.8 | v450.119.04 |
Fixed CVE-2021-45346 in dev-db/sqlite.
cos-85-13310-1416-5
| Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
| Feb 14, 2022 | COS-5.4.171 | v1.18.20 | v19.03.15 | v1.4.8 | v450.119.04 |
Updated app-editors/vim and app-editors/vim-core to v8.2.4328. This resolves CVE-2021-4187, CVE-2022-0128, CVE-2022-0156, CVE-2022-0158, CVE-2022-0261, CVE-2022-0318, CVE-2022-0319, CVE-2022-0392, CVE-2022-0368, CVE-2022-0393, CVE-2022-0361, CVE-2022-0359, CVE-2022-0413, CVE-2022-0408, CVE-2022-0407, and CVE-2022-0443.
Fixed CVE-2022-0492 in the Linux kernel.
cos-85-13310-1416-3
| Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
| Feb 07, 2022 | COS-5.4.171 | v1.18.20 | v19.03.15 | v1.4.8 | v450.119.04 |
Fixed an issue in containerd where layer hashes were sometimes computed incorrectly for large self-hosted containers.
Fixed CVE-2021-41190 in app-emulation/docker.
cos-85-13310-1416-1
| Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
| Jan 24, 2022 | COS-5.4.171 | v1.18.20 | v19.03.15 | v1.4.8 | v450.119.04 |
Updated the Linux kernel to v5.4.171. This resolves CVE-2021-28714 and CVE-2021-28715.
Upgraded dev-libs/libgcrypt to v1.9.4. This resolves CVE-2021-40528.
Runtime sysctl changes:
- Changed: fs.epoll.max_user_watches: 1669181 -> 1669140
- Changed: fs.file-max: 814782 -> 814766
- Changed: kernel.threads-max: 63674 -> 63672
- Changed: net.ipv4.tcp_mem: 94323 125765 188646 -> 94320 125762 188640
- Changed: net.ipv4.udp_mem: 188646 251530 377292 -> 188643 251525 377286
- Changed: user.max_cgroup_namespaces: 31837 -> 31836
- Changed: user.max_ipc_namespaces: 31837 -> 31836
- Changed: user.max_mnt_namespaces: 31837 -> 31836
- Changed: user.max_net_namespaces: 31837 -> 31836
- Changed: user.max_pid_namespaces: 31837 -> 31836
- Changed: user.max_user_namespaces: 31837 -> 31836
- Changed: user.max_uts_namespaces: 31837 -> 31836
cos-85-13310-1366-24
| Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
| Jan 19, 2022 | COS-5.4.150 | v1.18.20 | v19.03.15 | v1.4.8 | v450.119.04 |
Updated vim and vim-core to v8.2.3950. This resolves CVE-2021-4193, CVE-2021-4192, CVE-2021-4173, CVE-2021-4166, and CVE-2021-4136.
Fixed a privilege escalation vulnerability in fs_context in the Linux kernel. This resolves CVE-2022-0185.
Fixed a kernel crash issue in Container Threat Detection.
cos-85-13310-1366-21
| Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
| Jan 11, 2022 | COS-5.4.150 | v1.18.20 | v19.03.15 | v1.4.8 | v450.119.04 |
Upgraded dev-libs/nspr to v3.42. This resolves CVE-2021-43527.
Upgraded dev-libs/nss to v3.73. This resolves CVE-2021-43527.
Upgraded app-crypt/nss to v3.73. This resolves CVE-2021-43527.
Upgraded app-emulation/runc to v1.0.3. This resolves CVE-2021-43784.
Updated vim and vim-core to v8.2.3741. This resolves CVE-2021-3973, CVE-2021-3968, CVE-2021-4069, CVE-2021-4019, CVE-2021-3984 and CVE-2021-3974.
Fixed a double-free issue in packet_set_ring in the Linux kernel.
Fixed CVE-2021-4155 in the Linux kernel.
cos-85-13310-1366-14
| Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
| Dec 13, 2021 | COS-5.4.150 | v1.18.20 | v19.03.15 | v1.4.8 | v450.119.04 |
Fixed CVE-2021-4002 in the linux kernel.
cos-85-13310-1366-12
| Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
| Dec 07, 2021 | COS-5.4.150 | v1.18.20 | v19.03.15 | v1.4.8 | v450.119.04 |
Fixed CVE-2021-41617 in openssh.
cos-85-13310-1366-11
| Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
| Dec 01, 2021 | COS-5.4.150 | v1.18.20 | v19.03.15 | v1.4.8 | v450.119.04 |
Fixed CVE-2021-41190 in app-emulation/containerd.
Updated vim and vim-core to v8.2.3582. This resolves CVE-2021-3928 and CVE-2021-3927.
cos-85-13310-1366-9
| Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
| Nov 15, 2021 | COS-5.4.150 | v1.18.20 | v19.03.15 | v1.4.8 | v450.119.04 |
Fixed UUID parsing in kernel crash dump collection.
Updated vim and vim-core to v8.2.3567. This fixes CVE-2021-3872, CVE-2021-3903 and CVE-2021-3875.
Upgraded app-arch/libarchive to v3.5.2. This fixes CVE-2021-36976.
cos-85-13310-1366-5
| Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
| Nov 04, 2021 | COS-5.4.150 | v1.18.20 | v19.03.15 | v1.4.8 | v450.119.04 |
Enabled cos-extensions to fetch artifacts with geo-redundancy when installing GPU driver.
Upgraded openssl to 1.1.1l. This fixes CVE-2021-3711.
cos-85-13310-1366-3
| Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
| Nov 01, 2021 | COS-5.4.150 | v1.18.20 | v19.03.15 | v1.4.8 | v450.119.04 |
Fixed CVE-2021-41864 in the Linux Kernel.
cos-85-13310-1366-2
| Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
| Oct 18, 2021 | COS-5.4.150 | v1.18.20 | v19.03.15 | v1.4.8 | v450.119.04 |
Updated the Linux kernel to v5.4.150. This resolves CVE-2021-35477, CVE-2021-34556, CVE-2021-38205, CVE-2021-38198, CVE-2021-38199, CVE-2021-40490 and CVE-2021-3653.
Fixed CVE-2020-10029 in sys-libs/glibc.
Fixed CVE-2021-22945 in net-misc/curl.
Updated vim to v8.2.3428. This resolves CVE-2021-3796, CVE-2021-3778, and CVE-2021-3770.
Fixed CVE-2019-17594, CVE-2019-17595 and CVE-2021-39537 in sys-libs/ncurses.
Created kernel config file under /boot directory.
Updated the built-in kubectl/kubelet to v1.18.20.
cos-85-13310-1308-25
| Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
| Oct 11, 2021 | COS-5.4.129 | v1.18.17 | v19.03.15 | v1.4.8 | v450.119.04 |
Fixed an issue where GPU drivers wouldn't load due to being incorrectly linked.
Fixed CVE-2021-41103 in containerd.
cos-85-13310-1308-23
| Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
| Oct 04, 2021 | COS-5.4.129 | v1.18.17 | v19.03.15 | v1.4.8 | v450.119.04 |
Fixed CVE-2020-12403 in dev-libs/nss.
cos-85-13310-1308-22
| Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
| Sep 27, 2021 | COS-5.4.129 | v1.18.17 | v19.03.15 | v1.4.8 | v450.119.04 |
Fixed CVE-2021-28153 in glib and glib-utils.
Upgraded app-arch/libarchive to v3.5.1. This resolves CVE-2021-36976.
cos-85-13310-1308-19
| Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
| Sep 20, 2021 | COS-5.4.129 | v1.18.17 | v19.03.15 | v1.4.8 | v450.119.04 |
Fixed CVE-2021-3612 in the Linux kernel.
cos-85-13310-1308-18
| Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
| Sep 13, 2021 | COS-5.4.129 | v1.18.17 | v19.03.15 | v1.4.8 | v450.119.04 |
Upgraded net-misc/curl to v7.78.0. This resolves CVE-2021-22876, CVE-2021-22898, CVE-2021-22897, CVE-2021-22890, CVE-2021-22926 and CVE-2021-22924.
Fixed CVE-2021-32760 in containerd.
Upgraded net-misc/wget to v1.21.1. This resolves CVE-2021-31879.
cos-85-13310-1308-10
| Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
| Aug 23, 2021 | COS-5.4.129 | v1.18.17 | v19.03.15 | v1.4.6 | v450.119.04 |
Fixed cleanup context of teardownPodNetwork.
cos-85-13310-1308-7
| Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
| Aug 02, 2021 | COS-5.4.129 | v1.18.17 | v19.03.15 | v1.4.6 | v450.119.04 |
Added the cos.enable_ipv6 kernel command line option that enables IPv6 configuration. This option does not disable IPv4 configuration; COS always configures IPv4 by default.
Fixed an issue where enabling both IPv6 and IPv4 configuration on IPv4-exclusive networks resulted in slow boot times.
cos-85-13310-1308-6
| Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
| Jul 26, 2021 | COS-5.4.129 | v1.18.17 | v19.03.15 | v1.4.6 | v450.119.04 |
Fixed CVE-2021-33910 in systemd.
Fixed CVE-2021-33909 in the Linux kernel.
cos-85-13310-1308-1
| Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
| Jul 12, 2021 | COS-5.4.129 | v1.18.17 | v19.03.15 | v1.4.6 | v450.119.04 |
Updated containerd to v1.4.6.
Updated the built-in kubelet to v1.18.17.
Updated the Linux kernel to v5.4.129.
Upgraded the default GPU driver version to 450.119.04.
Upgraded tar to 1.34.
Upgraded sqlite to 3.34.1.
Upgraded libgcrypt to 1.9.3. This fixes CVE-2021-33560.
Fixed CVE-2021-3537 in libxml2.
Fixed CVE-2020-24977 in libxml2.
cos-85-13310-1260-26
| Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
| Jun 21, 2021 | COS-5.4.109 | v1.18.15 | v19.03.15 | v1.4.3 | v450.51.06 |
Fixed a memory leak in the GVE kernel driver.
Fixed a low network bandwidth issue in the Linux kernel.
cos-85-13310-1260-23
| Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
| Jun 14, 2021 | COS-5.4.109 | v1.18.15 | v19.03.15 | v1.4.3 | v450.51.06 |
Fixed a network regression on single-core systems when using the GVE network interface.
cos-85-13310-1260-22
| Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
| Jun 09, 2021 | COS-5.4.109 | v1.18.15 | v19.03.15 | v1.4.3 | v450.51.06 |
Fixed a network regression when using the GVE network interface.
Updated runc to v1.0.0_rc95. This resolves CVE-2021-30465.
cos-85-13310-1260-17
| Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
| Jun 07, 2021 | COS-5.4.109 | v1.18.15 | v19.03.15 | v1.4.3 | v450.51.06 |
Fixed CPU usage for workloads with heavy page cache usage.
cos-85-13310-1260-8
| Date | Kernel | Kubernetes | Docker | Containerd |
| May 03, 2021 | COS-5.4.109 | v1.18.15 | v19.03.15 | v1.4.3 |
Upgraded dev-vcs/git to version 2.26.3. This resolves CVE-2021-21300.
cos-85-13310-1260-5
| Date | Kernel | Kubernetes | Docker | Containerd |
| Apr 22, 2021 | COS-5.4.109 | v1.18.15 | v19.03.15 | v1.4.3 |
Fixed an out-of-bounds write issue in the Linux kernel.
cos-85-13310-1260-1
| Date | Kernel | Kubernetes | Docker | Containerd |
| Apr 13, 2021 | COS-5.4.109 | v1.18.15 | v19.03.15 | v1.4.3 |
Updated the Linux kernel to v5.4.109.
Updated the built-in kubectl/kubelet to v1.18.15.
Upgraded docker to v19.03.15
Updated glib to v2.66.7. This fixes CVE-2021-27218 and CVE-2021-27219.
Fixed CVE-2020-28493 in dev-python/jinja.
Fixed CVE-2020-13630,CVE-2020-9327,CVE-2020-13871, CVE-2020-11656,CVE-2020-11655,CVE-2020-15358, CVE-2020-13631,CVE-2020-13632,CVE-2020-13434,CVE-2020-9327,CVE-2020-13435 for dev-db/sqlite
Upgraded net-misc/openssh to version 8.5_p1. This fixes CVE-2021-28041.
Added cos-package-info.json file containing the installed packages as well as packages used during build time of COS image.
cos-85-13310-1209-29
| Date | Kernel | Kubernetes | Docker | Containerd |
| Apr 12, 2021 | COS-5.4.89 | v1.18.13 | v19.03.14 | v1.4.3 |
Updated openssh to version 8.5_p1. This resolves CVE-2021-28041.
Upgraded openssl to version 1.1.1k. This resolves CVE-2021-3449 and CVE-2021-3450.
cos-85-13310-1209-24
| Date | Kernel | Kubernetes | Docker |
| Apr 05, 2021 | COS-5.4.89 | v1.18.13 | v19.03.14 |
Updated openssl to version 1.1.1j. This resolves CVE-2021-23840 and CVE-2021-23841.
cos-85-13310-1209-17
| Date | Kernel | Kubernetes | Docker |
| Mar 01, 2021 | COS-5.4.89 | v1.18.13 | v19.03.14 |
Upgraded libgcrypt to v1.9.1. This addresses CVE-2021-3345.
cos-85-13310-1209-12
| Date | Kernel | Kubernetes | Docker |
| Feb 22, 2021 | COS-5.4.89 | v1.18.13 | v19.03.14 |
Fixed an issue where firewall initialization would fail because ip6tables was not waiting to claim the xtables lock.
cos-85-13310-1209-10
| Date | Kernel | Kubernetes | Docker |
| Feb 08, 2021 | COS-5.4.89 | v1.18.13 | v19.03.14 |
Fixed 32 x truesize under-estimation for tiny skbs in the Linux kernel.
cos-85-13310-1209-7
| Date | Kernel | Kubernetes | Docker |
| Feb 01, 2021 | COS-5.4.89 | v1.18.13 | v19.03.14 |
Upgraded app-admin/sudo to version 1.9.5_p2. This resolves CVE-2021-3156.
cos-85-13310-1209-3
| Date | Kernel | Kubernetes | Docker |
| Jan 25, 2021 | COS-5.4.89 | v1.18.13 | v19.03.14 |
Updated the Linux kernel to upstream/v5.4.89.
Added support for the bpf_get_netns_cookie eBPF helper.
Updated cos-gpu-installer to v2.0.3 in cos-extensions. Fixed an issue in which installing GPU drivers was failing due to loading GPU kernel modules in incorrect order.
Fixed an authenication error when using go-dbus to connect systemd.
Updated Docker to v19.03.14.
Updated the built-in kubectl/kubelet to v1.18.13.
Updated containerd to v1.4.3.
cos-85-13310-1041-161
| Date | Kernel | Kubernetes | Docker |
| Jan 11, 2021 | COS-5.4.49 | v1.18.9 | v19.03.9 |
Fixed CVE-2020-29661 in the Linux kernel.
Fixed CVE-2020-29660 in the Linux kernel.
Fixed an issue where sshd is restarted every minute if no oslogin users are returned by the metadata server.
cos-85-13310-1041-38
| Date | Kernel | Kubernetes | Docker |
| Dec 02, 2020 | COS-5.4.49 | v1.18.9 | v19.03.9 |
Fixed CVE-2020-15257 in containerd.
cos-85-13310-1041-28
| Date | Kernel | Kubernetes | Docker |
| Nov 11, 2020 | COS-5.4.49 | v1.18.9 | v19.03.9 |
cloud-init starts after network-online because cloud-init does not configure network for COS on GCP.
cos-85-13310-1041-24
| Date | Kernel | Kubernetes | Docker |
| Oct 19, 2020 | COS-5.4.49 | v1.18.9 | v19.03.9 |
Backported INIT_STACK_ALL_ZERO to replace INIT_STACK_ALL.
cos-85-13310-1041-17
| Date | Kernel | Kubernetes | Docker |
| Oct 12, 2020 | COS-5.4.49 | v1.18.9 | v19.03.9 |
Added PPP loadable modules back, which were removed in cos-rc-85-13310-1019-0.
Moved Docker's "registry-mirrors" configuration to the dockerd command line to address Kubernetes cluster provisioning errors.
cos-85-13310-1041-14
| Date | Kernel | Kubernetes | Docker |
| Oct 08, 2020 | COS-5.4.49 | v1.18.9 | v19.03.9 |
Moved the configuration of Docker's "registry-mirrors" option from the dockerd command line to /etc/docker/daemon.json. This should allow users to configure a custom registry mirror, which can be useful when responding to recent Docker Hub free tier changes.
cos-85-13310-1041-9 (vs Milestone 81)
| Date | Kernel | Kubernetes | Docker |
| Sep 24, 2020 | COS-5.4.49 | v1.18.9 | v19.03.9 |
Upgraded kernel to upstream 5.4.
Improved eBPF debug and tracing functionality by enabling:
Compressed kernel headers
BTF (BPF Type Format) debug info.
Improved security by enabling more Kernel Self Protection Project (KSPP) settings:
Incorporate lockdown LSM.
Enable Clang's stack initialization.
Added XFS in preview mode.
Added NVMe userspace utilities support sys-apps/nvm-cli.
Added file system ACL userspace utilities sys-apps/acl.
Added FUSE userspace utilities support sys-fs/fuse.
Added cos-extensions userspace utilities support app-admin/extensions-manager.
Added nfs utils packages.
Added ext4 block bitmap prefetching feature.
Made chrony the default NTP client.
Made Python3 the default Python interpreter.
Reduced user home directory permissions to 750.
Disabled hung_on_panic by default.
Enforced kernel module signature verification by default.
Added the cos-extensions-manager package.
Removed the metrics daemon.
Backported upstream patch 'perf_event: support for LSM and SELinux check'.
Enabled utmp in systemd to allow creation of utmp files.
Upgraded KTD to its beta.
Upgraded gVNIC driver to v1.1.0.
Upgraded Nvidia GPU driver support to 450.51.06.
Upgraded containerd to v1.4.1.
Upgraded docker to v19.03.9.
Upgraded the built-in kubectl/kubelet to v1.18.9.
Upgraded docker-credential-gcr to v2.0.2.
Upgraded cloud-init to v19.4.
Upgraded node-problem-detector to v0.8.1.
Upgraded cos-toolbox to 20200715-00.
Upgraded oslogin to v20200507.00.
Upgraded compute-image-packages to v20191210.
Upgraded dump-capture-kernel to 4.19.
Upgraded makedumpfile to v1.6.7.
Upgraded Konlet to v0.11.0.
Upgraded runc to v1.1.0-rc10.
Upgraded openssl to 1.1.0l.
Updated toolbox base container image to include security patches.
Upgraded libseccomp to v2.4.2 to address CVE-2019-9893.
Disabled CONFIG_PPP to mitigate Linux Kernel CVE-2020-14416.
Fixed Linux kernel vulnerability CVE-2020-14386.
Fixed a kernel bug where eBPF programs can cause softlockups.
Removed size limit on /etc/ to fix cluster creation failure because of large number of addons.
Fixed a bug that caused OS login to use excessive amounts of memory.
Updated e2fsprogs to fix partition resize issue.
Enabled utmp in systemd to allow creation of utmp files.
Made dioread_nolock non-default.
Increased kdump memory reservation to 256M for 8G-16G instances.
Added rsync back into the image, which was removed in cos-dev-77-12293-0-0.
Added mount exec option to /var/lib/containerd.