Container-Optimized OS Release Notes: Milestone 89

cos-89-16108-798-22

Date Kernel Docker Containerd GPU Drivers
Apr 03, 2023 COS-5.4.228 v20.10.3 v1.4.13 v450.216.04(default),v470.161.03(R470),v510.108.03

Fixed CVE-2023-27561 in runc.

cos-89-16108-798-21

Date Kernel Docker Containerd GPU Drivers
Mar 27, 2023 COS-5.4.228 v20.10.3 v1.4.13 v450.216.04(default),v470.161.03(R470),v510.108.03

Removed CONFIG_NET_CLS_TCINDEX kernel config entry.

Fixed CVE-2023-28466 in the Linux kernel.

cos-89-16108-798-18

Date Kernel Docker Containerd GPU Drivers
Mar 20, 2023 COS-5.4.228 v20.10.3 v1.4.13 v450.216.04(default),v470.161.03(R470),v510.108.03

Fixed CVE-2023-26604 in sys-apps/systemd.

cos-89-16108-798-17

Date Kernel Docker Containerd GPU Drivers
Mar 06, 2023 COS-5.4.228 v20.10.3 v1.4.13 v450.216.04(default),v470.161.03(R470),v510.108.03

Updated dev-go/text to v0.3.8. This fixes CVE-2022-32149.

Fixed CVE-2019-9924 in app-shells/bash.

Fixed CVE-2022-48303 in app-arch/tar.

Fixed CVE-2019-18276 in app-shells/bash.

Fixed CVE-2020-11080 in net-libs/nghttp2.

Update net-fs/cifs-utils to v6.15. Fixes CVE-2022-29869, CVE-2021-20208, and CVE-2022-27239 in net-fs/cifs-utils.

Fixed CVE-2021-27291 and CVE-2021-20270 in dev-python/pygments.

cos-89-16108-798-10

Date Kernel Docker Containerd GPU Drivers
Feb 14, 2023 COS-5.4.228 v20.10.3 v1.4.13 v450.216.04(default),v470.161.03(R470),v510.108.03

Updated dev-libs/openssl to v1.1.1t. This resolves CVE-2022-4450, CVE-2023-0215, CVE-2022-4304 and CVE-2023-0286.

cos-89-16108-798-7

Date Kernel Docker Containerd GPU Drivers
Jan 31, 2023 COS-5.4.228 v20.10.3 v1.4.13 v450.216.04(default),v470.161.03(R470),v510.108.03

Fixed CVE-2022-40897 in dev-python/setuptools.

Fixed CVE-2022-47929 in the Linux kernel.

Fixed CVE-2023-23454 in the Linux Kernel.

cos-89-16108-798-3

Date Kernel Docker Containerd GPU Drivers
Jan 23, 2023 COS-5.4.228 v20.10.3 v1.4.13 v450.216.04(default),v470.161.03(R470),v510.108.03

Fixed a use-after-free bug in TCP in the Linux kernel.

cos-89-16108-798-1

Date Kernel Docker Containerd GPU Drivers
Jan 17, 2023 COS-5.4.228 v20.10.3 v1.4.13 v450.216.04(default),v470.161.03(R470),v510.108.03

Updated the Linux kernel to v5.4.228.

cos-89-16108-766-29

Date Kernel Docker Containerd GPU Drivers
Jan 09, 2023 COS-5.4.217 v20.10.3 v1.4.13 v450.216.04(default),v470.161.03(R470),v510.108.03

Fixed proc_skip_spaces in the Linux kernel to follow existing convention instead of acting as a wrapper to skip_spaces.

Updated Nvidia default drivers to v450.216.04 fixing CVE-2022-34670, CVE-2022-34674, CVE-2022-34675, CVE-2022-34677, CVE-2022-34679, CVE-2022-34680, CVE-2022-34682, CVE-2022-42254, CVE-2022-42256, CVE-2022-42257, CVE-2022-42258, CVE-2022-42259, CVE-2022-42260, CVE-2022-42261, CVE-2022-42262, CVE-2022-42263, CVE-2022-42264, R470 drivers to v470.161.03 fixing CVE-2022-34670, CVE-2022-34674, CVE-2022-34675, CVE-2022-34677, CVE-2022-34679, CVE-2022-34680, CVE-2022-34682, CVE-2022-42254, CVE-2022-42255, CVE-2022-42256, CVE-2022-42257, CVE-2022-42258, CVE-2022-42259, CVE-2022-42260, CVE-2022-42261, CVE-2022-42262, CVE-2022-42263, CVE-2022-42264 and latest to v510.108.03 fixing CVE-2022-34670, CVE-2022-34674, CVE-2022-34675, CVE-2022-34677, CVE-2022-34679,CVE-2022-34680, CVE-2022-34682, CVE-2022-34684, CVE-2022-42254, CVE-2022-42255,CVE-2022-42256, CVE-2022-42257, CVE-2022-42258, CVE-2022-42259, CVE-2022-42260,CVE-2022-42261, CVE-2022-42262, CVE-2022-42263, CVE-2022-42264.

Fixed CVE-2022-23471 in app-emulation/containerd.

Fixed CVE-2022-35260 and CVE-2022-32221 in net-misc/curl.

Fixed CVE-2022-42328, CVE-2022-42329 and CVE-2022-3169 in the Linux kernel.

Fixed a type error in proc_get_long. This resolves CVE-2022-4378.

cos-89-16108-766-19

Date Kernel Docker Containerd GPU Drivers
Dec 12, 2022 COS-5.4.217 v20.10.3 v1.4.13 v450.203.03(default),v470.141.03(R470),v510.47.03

Fixed issue where thread would get stuck in epoll_wait.

Updated dev-libs/libxml2 to v2.10.3. This resolves CVE-2022-40304 and CVE-2022-40303.

Fixed CVE-2022-36227 in app-arch/libarchive package.

cos-89-16108-766-15

Date Kernel Docker Containerd GPU Drivers
Dec 05, 2022 COS-5.4.217 v20.10.3 v1.4.13 v450.203.03(default),v470.141.03(R470),v510.47.03

Fixed CVE-2022-3821 in sys-apps/systemd.

cos-89-16108-766-13

Date Kernel Docker Containerd GPU Drivers
Nov 10, 2022 COS-5.4.217 v20.10.3 v1.4.13 v450.203.03(default),v470.141.03(R470),v510.47.03

Updated cos-gpu-installer to v2.0.29. This addresses CVE-2022-3602 in cos-gpu-installer.

cos-89-16108-766-9

Date Kernel Docker Containerd GPU Drivers
Nov 07, 2022 COS-5.4.217 v20.10.3 v1.4.13 v450.203.03(default),v470.141.03(R470),v510.47.03

Updated app-editors/vim and app-editors/vim-core to v9.0.0828. This resolves CVE-2022-3234, CVE-2022-3235, CVE-2022-3256, CVE-2022-3278, CVE-2022-3296, CVE-2022-3297, CVE-2022-3324, CVE-2022-3352 and CVE-2022-3705.

Fixed CVE-2022-42915 in curl.

cos-89-16108-766-5

Date Kernel Docker Containerd GPU Drivers
Oct 31, 2022 COS-5.4.217 v20.10.3 v1.4.13 v450.203.03(default),v470.141.03(R470),v510.47.03

Fixed CVE-2022-3524 in the Linux kernel.

cos-89-16108-766-3

Date Kernel Docker Containerd GPU Drivers
Oct 24, 2022 COS-5.4.217 v20.10.3 v1.4.13 v450.203.03(default),v470.141.03(R470),v510.47.03

Fixed CVE-2022-2602 in the Linux kernel.

cos-89-16108-766-1

Date Kernel Docker Containerd GPU Drivers
Oct 17, 2022 COS-5.4.217 v20.10.3 v1.4.13 v450.203.03(default),v470.141.03(R470),v510.47.03

Updated the Linux kernel to v5.4.217.

Updated open-vm-tools package to v12.1.0. This resolves CVE-2022-31676.

Updated net-misc/curl package to v7.85.0-r2. This resolves the following CVEs: CVE-2022-35252,CVE-2022-22576,CVE-2022-27774,CVE-2022-27775, CVE-2022-27776,CVE-2022-27778,CVE-2022-27779,CVE-2022-27780,CVE-2022-27781, CVE-2022-27782,CVE-2022-30115.

Updated vim/vim-core to v9.0.0467. This resolves the following CVEs: CVE-2022-3153,CVE-2022-3134,CVE-2022-3099,CVE-2022-3037,CVE-2022-3016, CVE-2022-2980,CVE-2022-2946,CVE-2022-2923,CVE-2022-2889,CVE-2022-2874, CVE-2022-2862,CVE-2022-2849,CVE-2022-2845,CVE-2022-2819,CVE-2022-2817, CVE-2022-2816,CVE-2022-2598,CVE-2022-2581,CVE-2022-2580,CVE-2022-2571, CVE-2022-2175,CVE-2022-2182,CVE-2022-2183,CVE-2022-2206,CVE-2022-2207, CVE-2022-2208,CVE-2022-2210,CVE-2022-2231,CVE-2022-2257,CVE-2022-2264, CVE-2022-2284,CVE-2022-2285,CVE-2022-2286,CVE-2022-2287,CVE-2022-2288, CVE-2022-2289,CVE-2022-2304,CVE-2022-2343,CVE-2022-2344,CVE-2022-2345, CVE-2022-2522,CVE-2022-2982.

Fixed CVE-2022-41222 in the Linux Kernel.

cos-89-16108-717-35

Date Kernel Docker Containerd GPU Drivers
Sep 26, 2022 COS-5.4.202 v20.10.3 v1.4.13 v450.203.03(default),v470.141.03(R470),v510.47.03

Fixed CVE-2022-2526 in systemd.

cos-89-16108-717-34

Date Kernel Docker Containerd GPU Drivers
Sep 19, 2022 COS-5.4.202 v20.10.3 v1.4.13 v450.203.03(default),v470.141.03(R470),v510.47.03

Updated cos-gpu-installer to v2.0.27. This resolves the issue where multiple installers can be started in the same VM.

Updated app-arch/gzip to v1.12. This resolves CVE-2022-1271.

Fixed CVE-2022-3028 and CVE-2022-39188 in the Linux kernel.

cos-89-16108-717-30

Date Kernel Docker Containerd GPU Drivers
Sep 12, 2022 COS-5.4.202 v20.10.3 v1.4.13 v450.203.03(default),v470.141.03(R470),v510.47.03

Upgraded the GPU driver version in the "latest" track to v510.47.03.

Updated cos-gpu-installer to v2.0.26. This resolves the compatibility issue with K80 GPU devices. When an incompatible driver version (R510+) is chosen in an instance with K80 GPU, the installer will automatically fall back to an available R470 driver version.

Fixed CVE 2021-3999 in glibc.

Fixed CVE-2021-3999 in sys-libs/glibc.

Upgraded libtirpc to v1.3.3 fixing CVE-2021-46828.

Fixed CVE-2022-36946,CVE-2022-0168, CVE-2021-4159, CVE-2021-4037 and CVE-2022-3176 in the Linux kernel.

cos-89-16108-717-20

Date Kernel Docker Containerd GPU Drivers
Sep 06, 2022 COS-5.4.202 v20.10.3 v1.4.13 v450.203.03(default),v470.141.03

Fixed CVE-2021-3669 in the Linux kernel.

cos-89-16108-717-17

Date Kernel Docker Containerd GPU Drivers
Aug 29, 2022 COS-5.4.202 v20.10.3 v1.4.13 v450.203.03(default),v470.141.03

Fixed issues in cos-gpu-installer where nvidia-peermem.ko was not installed and where driver signatures were included in the cached build tools.

Fixed CVE-2022-1158 in Linux Kernel.

cos-89-16108-717-14

Date Kernel Docker Containerd GPU Drivers
Aug 22, 2022 COS-5.4.202 v20.10.3 v1.4.13 v450.203.03(default),v470.141.03

Updated net-misc/rsync to v3.2.5 and fixed CVE-2022-29154.

Updated dev-db/sqlite to v3.39.2 to fix CVE-2022-35737.

Fixed CVE-2022-36123 in the Linux kernel.

cos-89-16108-717-11

Date Kernel Docker Containerd GPU Drivers
Aug 15, 2022 COS-5.4.202 v20.10.3 v1.4.13 v450.203.03(default),v470.141.03

Enable IOMMU_SUPPORT and IRQ_REMAP kernel configurations.

Runtime sysctl changes:

  • Changed: fs.file-max: 814139 -> 814137

cos-89-16108-717-9

Date Kernel Docker Containerd GPU Drivers
Aug 08, 2022 COS-5.4.202 v20.10.3 v1.4.13 v450.203.03(default),v470.141.03

Updated default Nvidia driver to v450.203.03 and latest Nvidia driver to v470.141.03.

Fixed CVE-2022-21505 in the Linux kernel.

cos-89-16108-717-6

Date Kernel Docker Containerd GPU Drivers
Aug 01, 2022 COS-5.4.202 v20.10.3 v1.4.13 v450.172.01(default),v470.82.01

Moved the toolchain source from gs://chromiumos-sdk to gs://cos-sdk.

Updated toolbox to v20220722.

cos-89-16108-717-4

Date Kernel Docker Containerd GPU Drivers
Jul 25, 2022 COS-5.4.202 v20.10.3 v1.4.13 v450.172.01(default),v470.82.01

Upgraded openssl to v1.1.1q to resolve CVE-2022-2097.

cos-89-16108-717-3

Date Kernel Docker Containerd GPU Drivers
Jul 18, 2022 COS-5.4.202 v20.10.3 v1.4.13 v450.172.01(default),v470.82.01

Updated net-misc/curl to v7.84.0. This resolves CVE-2022-32205, CVE-2022-32206, CVE-2022-32207, and CVE-2022-32208.

cos-89-16108-717-1

Date Kernel Docker Containerd GPU Drivers
Jul 13, 2022 COS-5.4.202 v20.10.3 v1.4.13 v450.172.01(default),v470.82.01

Updated cos-gpu-installer to fetch the COS toolchain from gs://cos-tools instead of gs://chromiumos-sdk.

Added pci=clearmsi option for kdump stackdriver.

Updated the Linux kernel to v5.4.202.

Updated toolbox to v20220630.

Updated net-dns/c-ares to v1.17.2. This resolves CVE-2022-27778, CVE-2022-27779, CVE-2022-27780, CVE-2022-27775, CVE-2022-30115, CVE-2022-27776, CVE-2022-27774, CVE-2022-27781, CVE-2022-22576.

Updated app-editors/vim and app-editors/vim-core to v8.2.5066. This resolves CVE-2022-2126,CVE-2022-2125,CVE-2022-2124,CVE-2022-2129,CVE-2022-1720, CVE-2022-1942,CVE-2022-1886,CVE-2022-1851,CVE-2022-1160,CVE-2022-1154, CVE-2022-1381,CVE-2022-1420,CVE-2022-1733,CVE-2022-1796,CVE-2022-1769, CVE-2022-1735,CVE-2022-1674,CVE-2022-1771,CVE-2022-1620,CVE-2022-1785, CVE-2022-1629,CVE-2022-1616,CVE-2022-1621,CVE-2022-1619,CVE-2022-1927, CVE-2022-1898.

Updated net-misc/curl to v7.83.1. This resolves CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776, CVE-2022-27778, CVE-2022-27779, CVE-2022-27780, CVE-2022-27781, CVE-2022-27782, CVE-2022-30115.

Runtime sysctl changes:

  • Changed: kernel.random.poolsize: 4096 -> 256
  • Changed: kernel.random.write_wakeup_threshold: 896 -> 256
  • Deleted: kernel.random.read_wakeup_threshold: 64

cos-89-16108-659-29

Date Kernel Docker Containerd GPU Drivers
Jul 11, 2022 COS-5.4.188 v20.10.3 v1.4.13 v450.172.01(default),v470.82.01

Upgraded openssl to 1.1.1p to resolve CVE-2022-2068.

cos-89-16108-659-28

Date Kernel Docker Containerd GPU Drivers
Jul 06, 2022 COS-5.4.188 v20.10.3 v1.4.13 v450.172.01(default),v470.82.01

Fixed CVE-2022-29217 in dev-python/pyjwt

Updated app-editors/vim and app-editors/vim-core to v8.2.4586. This resolves CVE-2022-0696,CVE-2022-0729,CVE-2022-0572,CVE-2022-0685, CVE-2022-0714,CVE-2022-0629 and CVE-2022-0943.

cos-89-16108-659-24

Date Kernel Docker Containerd GPU Drivers
Jun 27, 2022 COS-5.4.188 v20.10.3 v1.4.13 v450.172.01(default),v470.82.01

Fixed CVE-2022-29162 in app-emulation/runc.

Fixed CVE-2022-31030 in app-emulation/containerd.

Fixed CVE-2022-1516 in the Linux Kernel.

cos-89-16108-659-19

Date Kernel Docker Containerd GPU Drivers
Jun 03, 2022 COS-5.4.188 v20.10.3 v1.4.13 v450.172.01(default),v470.82.01

Fixed CVE-2022-30594 and CVE-2022-28893 in the Linux Kernel.

Fixed a bug in KTD LSM xattr handling.

cos-89-16108-659-15

Date Kernel Docker Containerd GPU Drivers
May 25, 2022 COS-5.4.188 v20.10.3 v1.4.13 v450.172.01(default),v470.82.01

Fixed CVE-2022-1729 in the Linux Kernel.

cos-89-16108-659-14

Date Kernel Docker Containerd GPU Drivers
May 23, 2022 COS-5.4.188 v20.10.3 v1.4.13 v450.172.01(default),v470.82.01

Fixed an issue that prevented large cloud-configs (~256KB) from working properly.

Upgraded openssl to v1.1.1o. This resolves CVE-2022-1292.

Upgraded dev-libs/libxml2 to v2.9.14. This resolves CVE-2022-29824.

Upgraded dev-libs/libxslt to v1.1.35. This resolves CVE-2022-29824.

Updated sys-libs/ncurses to v6.3_p20220423. This resolves CVE-2022-29458.

Fixed CVE-2022-0494 in the Linux kernel.

cos-89-16108-659-8

Date Kernel Docker Containerd GPU Drivers
Apr 25, 2022 COS-5.4.188 v20.10.3 v1.4.13 v450.172.01(default),v470.82.01

Fixed CVE-2022-29581 and CVE-2022-1116 in the Linux kernel.

cos-89-16108-659-6

Date Kernel Docker Containerd GPU Drivers
Apr 18, 2022 COS-5.4.188 v20.10.3 v1.4.13 v450.172.01(default),v470.82.01

Fixed CVE-2022-24769 in containerd.

cos-89-16108-659-1

Date Kernel Docker Containerd GPU Drivers
Apr 12, 2022 COS-5.4.188 v20.10.3 v1.4.13 v450.172.01(default),v470.82.01

Updated default GPU driver version to v450.172.01.

Upgraded latest GPU driver version to v470.82.01.

Updated containerd to v1.4.13.

Updated the built-in kubectl/kubelet to v1.20.15.

Added command cos-extensions list -- --gpu-installer to show the default cos-gpu-installer.

Enabled flag --version=latest when installing GPU drivers.

Added support for NFSv4 Kerberos authentication.

Enabled IBLOCK and FILEIO iSCSI backing stores kernel configuration.

Upgraded cos-gpu-installer-v2 to v2.0.17 in cos-extensions. Refined error message for installing latest driver. Preinstalled dependencies are now detected separately.

Fixed CVE-2020-13529 in systemd.

Upgraded dev-libs/libxml2 to v2.9.13-r1. This resolves CVE-2022-23308.

Fixed CVE-2022-0617 in the Linux kernel.

cos-89-16108-604-31

Date Kernel Docker Containerd GPU Drivers
Apr 05, 2022 COS-5.4.170 v20.10.3 v1.4.8 v450.119.04(default),v470.82.01

Fixed the issue where IPv4 times out by waiting for IPv4 address indefinitely.

Increased the number of vCPUs supported from 256 to 512.

Runtime sysctl changes:

  • Changed: fs.epoll.max_user_watches: 1668300 -> 1667870
  • Changed: kernel.threads-max: 63640 -> 63624
  • Changed: net.ipv4.tcp_mem: 94272 125697 188544 -> 94248 125665 188496
  • Changed: net.ipv4.udp_mem: 188544 251395 377088 -> 188496 251331 376992
  • Changed: user.max_cgroup_namespaces: 31820 -> 31812
  • Changed: user.max_ipc_namespaces: 31820 -> 31812
  • Changed: user.max_mnt_namespaces: 31820 -> 31812
  • Changed: user.max_net_namespaces: 31820 -> 31812
  • Changed: user.max_pid_namespaces: 31820 -> 31812
  • Changed: user.max_user_namespaces: 31820 -> 31812
  • Changed: user.max_uts_namespaces: 31820 -> 31812

cos-89-16108-604-28

Date Kernel Docker Containerd GPU Drivers
Mar 25, 2022 COS-5.4.170 v20.10.3 v1.4.8 v450.119.04(default),v470.82.01

Fixed CVE-2022-27666, CVE-2022-1055 and CVE-2020-36516 in the Linux Kernel.

Upgraded openssl package to v1.1.1n to fix CVE-2022-0778.

cos-89-16108-604-22

Date Kernel Docker Containerd GPU Drivers
Mar 21, 2022 COS-5.4.170 v20.10.3 v1.4.8 v450.119.04(default),v470.82.01

Fixed an issue in systemd to consider primary network interface configured only after non-link-local IPv4 address is available.

Fixed CVE-2021-22570 in libprotobuf.

cos-89-16108-604-19

Date Kernel Docker Containerd Default GPU Driver
Mar 07, 2022 COS-5.4.170 v20.10.3 v1.4.8 v450.119.04

Fixed CVE-2022-0847 in the Linux kernel.

Fixed CVE-2022-23648 in containerd.

cos-89-16108-604-17

Date Kernel Kubernetes Docker Containerd Default GPU Driver
Feb 28, 2022 COS-5.4.170 v1.20.11 v20.10.3 v1.4.8 v450.119.04

Fixed CVE-2021-45346 in dev-db/sqlite.

Fixed segmentation fault in ebtables.

Fixed get_status API in device policy manager.

cos-89-16108-604-11

Date Kernel Kubernetes Docker Containerd Default GPU Driver
Feb 14, 2022 COS-5.4.170 v1.20.11 v20.10.3 v1.4.8 v450.119.04

Fixed an issue in containerd where pods returned "failed to reserve container name".

Added retries while fetching metadata in cloud-init.

Updated app-editors/vim and app-editors/vim-core to v8.2.4328. This resolves CVE-2021-4187, CVE-2022-0128, CVE-2022-0156, CVE-2022-0158, CVE-2022-0261, CVE-2022-0318, CVE-2022-0319, CVE-2022-0392, CVE-2022-0368, CVE-2022-0393, CVE-2022-0361, CVE-2022-0359, CVE-2022-0413, CVE-2022-0408, CVE-2022-0407, and CVE-2022-0443.

Fixed CVE-2022-0492 in the Linux kernel.

cos-89-16108-604-5

Date Kernel Kubernetes Docker Containerd Default GPU Driver
Feb 07, 2022 COS-5.4.170 v1.20.11 v20.10.3 v1.4.8 v450.119.04

Fixed an issue in containerd where layer hashes were sometimes computed incorrectly for large self-hosted containers.

Runtime sysctl changes:

  • Changed: fs.file-max: 814342 -> 814343

cos-89-16108-604-3

Date Kernel Kubernetes Docker Containerd Default GPU Driver
Jan 19, 2022 COS-5.4.170 v1.20.11 v20.10.3 v1.4.8 v450.119.04

Fixed a privilege escalation vulnerability in fs_context in the Linux kernel. This resolves CVE-2022-0185.

cos-89-16108-604-1

Date Kernel Kubernetes Docker Containerd Default GPU Driver
Jan 18, 2022 COS-5.4.170 v1.20.11 v20.10.3 v1.4.8 v450.119.04

Updated oslogin to v20210707.00.

Updated google-guest-agent to v20210707.00.

Updated the built-in kubectl/kubelet to v1.20.11.

Updated the Linux kernel to v5.4.170.

Upgraded app-arch/libarchive to version v3.5.1.

Enabled cos-extensions to fetch artifacts with geo-redundancy when installing GPU driver.

Added crictl commands to sosreport.

Created kernel config file under /boot directory.

Added support for consistent device naming for NVMe disks.

Fix kernel crash dump collection.

Fixed an issue where GPU drivers wouldn't load due to being incorrectly linked.

Upgraded libgcrypt to v1.9.4. This resolves CVE-2021-40528.

Runtime sysctl changes:

  • Added: dev.cdrom.autoclose: 1
  • Added: dev.cdrom.autoeject: 0
  • Added: dev.cdrom.check_media: 0
  • Added: dev.cdrom.debug: 0
  • Added: dev.cdrom.info:
  • Added: dev.cdrom.lock: 1
  • Changed: fs.epoll.max_user_watches: 1669181 -> 1668300
  • Changed: fs.file-max: 814780 -> 814342
  • Changed: kernel.threads-max: 63674 -> 63640
  • Changed: net.ipv4.tcp_mem: 94323 125765 188646 -> 94272 125697 188544
  • Changed: net.ipv4.udp_mem: 188646 251530 377292 -> 188544 251395 377088
  • Changed: user.max_cgroup_namespaces: 31837 -> 31820
  • Changed: user.max_ipc_namespaces: 31837 -> 31820
  • Changed: user.max_mnt_namespaces: 31837 -> 31820
  • Changed: user.max_net_namespaces: 31837 -> 31820
  • Changed: user.max_pid_namespaces: 31837 -> 31820
  • Changed: user.max_user_namespaces: 31837 -> 31820
  • Changed: user.max_uts_namespaces: 31837 -> 31820

cos-89-16108-534-43

Date Kernel Kubernetes Docker Containerd Default GPU Driver
Jan 13, 2022 COS-5.4.144 v1.20.5 v20.10.3 v1.4.8 v450.119.04

Updated vim and vim-core to v8.2.3950. This resolves CVE-2021-4193, CVE-2021-4192, CVE-2021-4173, CVE-2021-4166, and CVE-2021-4136.

Fixed a double-free issue in packet_set_ring in the Linux kernel.

cos-89-16108-534-41

Date Kernel Kubernetes Docker Containerd Default GPU Driver
Jan 11, 2022 COS-5.4.144 v1.20.5 v20.10.3 v1.4.8 v450.119.04

Upgraded dev-libs/nspr to v3.42. This resolves CVE-2021-43527.

Upgraded dev-libs/nss to v3.73. This resolves CVE-2021-43527.

Upgraded app-crypt/nss to v3.73. This resolves CVE-2021-43527.

Upgraded app-emulation/runc to v1.0.3. This resolves CVE-2021-43784.

Updated vim and vim-core to v8.2.3741. This resolves CVE-2021-3973, CVE-2021-3968, CVE-2021-4069, CVE-2021-4019, CVE-2021-3984 and CVE-2021-3974.

Fixed CVE-2021-4155 in the Linux kernel.

cos-89-16108-534-34

Date Kernel Kubernetes Docker Containerd Default GPU Driver
Dec 13, 2021 COS-5.4.144 v1.20.5 v20.10.3 v1.4.8 v450.119.04

Fixed CVE-2021-4002 in the linux kernel.

cos-89-16108-534-27

Date Kernel Kubernetes Docker Containerd Default GPU Driver
Dec 01, 2021 COS-5.4.144 v1.20.5 v20.10.3 v1.4.8 v450.119.04

Fixed CVE-2021-41190 in app-emulation/docker.

Fixed CVE-2021-41190 in app-emulation/containerd.

Fixed CVE-2021-41617 in openssh.

Updated vim and vim-core to v8.2.3582. This resolves CVE-2021-3928 and CVE-2021-3927.

cos-89-16108-534-22

Date Kernel Kubernetes Docker Containerd Default GPU Driver
Nov 15, 2021 COS-5.4.144 v1.20.5 v20.10.3 v1.4.8 v450.119.04

Fixed UUID parsing in kernel crash dump collection.

Updated vim and vim-core to v8.2.3567. This fixes CVE-2021-3872, CVE-2021-3903 and CVE-2021-3875.

Upgraded app-arch/libarchive to v3.5.2. This fixes CVE-2021-36976.

cos-89-16108-534-18

Date Kernel Kubernetes Docker Containerd Default GPU Driver
Nov 03, 2021 COS-5.4.144 v1.20.5 v20.10.3 v1.4.8 v450.119.04

Upgraded openssl to 1.1.1l. This fixes CVE-2021-3711.

cos-89-16108-534-17

Date Kernel Kubernetes Docker Containerd Default GPU Driver
Oct 18, 2021 COS-5.4.144 v1.20.5 v20.10.3 v1.4.8 v450.119.04

Updated vim to v8.2.3428. This resolves CVE-2021-3796, CVE-2021-3778, and CVE-2021-3770.

Fixed CVE-2021-22945 in net-misc/curl.

Fixed CVE-2021-39537 in sys-libs/ncurses.

Fixed CVE-2021-41864 in Linux kernel.

cos-89-16108-534-13

Date Kernel Kubernetes Docker Containerd Default GPU Driver
Oct 11, 2021 COS-5.4.144 v1.20.5 v20.10.3 v1.4.8 v450.119.04

Fixed an issue where GPU drivers wouldn't load due to being incorrectly linked.

Fixed CVE-2021-41103 in containerd.

cos-89-16108-534-9

Date Kernel Kubernetes Docker Containerd Default GPU Driver
Oct 04, 2021 COS-5.4.144 v1.20.5 v20.10.3 v1.4.8 v450.119.04

Fixed CVE-2020-12403 in dev-libs/nss.

cos-89-16108-534-8

Date Kernel Kubernetes Docker Containerd Default GPU Driver
Sep 27, 2021 COS-5.4.144 v1.20.5 v20.10.3 v1.4.8 v450.119.04

Rolled back "Stackdriver logs now record Docker container names by default" due to breaking change to docker daemon.json.

Updated containerd to v1.4.8.

Fixed CVE-2021-28153 in glib and glib-utils.

Upgraded app-arch/libarchive to v3.5.1. This resolves CVE-2021-36976.

cos-89-16108-534-2

Date Kernel Kubernetes Docker Containerd Default GPU Driver
Sep 20, 2021 COS-5.4.144 v1.20.5 v20.10.3 v1.4.4 v450.119.04

Stackdriver logs now record Docker container names by default.

Updated nanopb to 0.4.5 in Container Threat Detection.

Updated the Linux kernel to v5.4.144. This resolves CVE-2021-38198, CVE-2021-38199, CVE-2021-38205, CVE-2021-40490 and CVE-2021-33200.

Fixed CVE-2020-10029 in glibc.

Upgraded openssl to 1.1.1k to resolve CVE-2021-3449 and CVE-2021-3450.

Upgraded wget to v1.21.1. This also resolves CVE-2021-31879.

Fixed CVE-2019-17594 and CVE-2019-17595 in ncurses.

Upgraded libgcrypt to 1.9.3. This fixes CVE-2021-33560.

cos-89-16108-470-25

Date Kernel Kubernetes Docker Containerd Default GPU Driver
Sep 13, 2021 COS-5.4.120 v1.20.5 v20.10.3 v1.4.4 v450.119.04

Upgraded net-misc/curl to v7.78.0. This resolves CVE-2021-22876, CVE-2021-22898, CVE-2021-22897, CVE-2021-22890, CVE-2021-22926 and CVE-2021-22924.

Fixed CVE-2021-32760 in app-emulation/containerd.

cos-89-16108-470-16

Date Kernel Kubernetes Docker Containerd Default GPU Driver
Aug 23, 2021 COS-5.4.120 v1.20.5 v20.10.3 v1.4.4 v450.119.04

Fixed cleanup context of teardownPodNetwork.

cos-89-16108-470-11

Date Kernel Kubernetes Docker Containerd Default GPU Driver
Jul 26, 2021 COS-5.4.120 v1.20.5 v20.10.3 v1.4.4 v450.119.04

Added the cos.enable_ipv6 kernel command line option that enables IPv6 configuration. This option does not disable IPv4 configuration; COS always configures IPv4 by default.

Fixed an issue where enabling both IPv6 and IPv4 configuration on IPv4-exclusive networks resulted in slow boot times.

Fixed CVE-2021-33910 in systemd.

Fixed CVE-2021-33909 in the Linux kernel.

Fixed CVE-2021-3612 in the Linux kernel.

cos-89-16108-470-1

Date Kernel Kubernetes Docker Containerd Default GPU Driver
Jun 24, 2021 COS-5.4.120 v1.20.5 v20.10.3 v1.4.4 v450.119.04

Upgraded dev-db/sqlite to v3.34.1. This resolves CVE-2021-20227.

Upgraded app-arch/tar to v1.34. This resolves CVE-2021-20193.

Upgraded dev-vcs/git to v2.29.3. This resolves CVE-2021-21300.

Updated the Linux kernel to v5.4.120. This resolves CVE-2021-31916, CVE-2021-31829, CVE-2021-28950, CVE-2020-27170 and CVE-2021-22555.

Updated containerd to v1.4.4. This resolves CVE-2021-21334.

Fixed CVE-2021-3537, CVE-2021-3517, CVE-2021-3518 and CVE-2020-24977 in dev-libs/libxml2.

Updated kubernetes to v1.20.5.

Upgraded Google OS Config Agent(aka VMManager) to version 20210607.00.

Automatically mount OEM partition if it is sealed.

cos-89-16108-403-51

Date Kernel Kubernetes Docker Containerd Default GPU Driver
Jun 21, 2021 COS-5.4.104 v1.20.2 v20.10.3 v1.4.3 v450.119.04

Fixed a memory leak in the GVE kernel driver.

cos-89-16108-403-47

Date Kernel Kubernetes Docker Containerd Default GPU Driver
Jun 14, 2021 COS-5.4.104 v1.20.2 v20.10.3 v1.4.3 v450.119.04

Fixed a network regression on single-core systems when using the GVE network interface.

cos-89-16108-403-46

Date Kernel Kubernetes Docker Containerd Default GPU Driver
Jun 08, 2021 COS-5.4.104 v1.20.2 v20.10.3 v1.4.3 v450.119.04

Fixed a low network bandwidth issue in the Linux kernel.

Updated runc to v1.0.0_rc95. This resolves CVE-2021-30465.

cos-89-16108-403-42

Date Kernel Kubernetes Docker Containerd Default GPU Driver
Jun 07, 2021 COS-5.4.104 v1.20.2 v20.10.3 v1.4.3 v450.119.04

Upgraded the default GPU drver version to 450.119.04.

Fixed a network regression while using gve network interface.

Fixed CPU usage for workloads with heavy page cache usage.

cos-89-16108-403-26

Date Kernel Kubernetes Docker Containerd
May 03, 2021 COS-5.4.104 v1.20.2 v20.10.3 v1.4.3

Updated google-guest-agent to v20210408.00.

Updated sshd.service to not drop active ssh sessions when sshd is restarted.

cos-89-16108-403-22

Date Kernel Kubernetes Docker Containerd
Apr 22, 2021 COS-5.4.104 v1.20.2 v20.10.3 v1.4.3

Fixed an out-of-bounds write issue in the Linux kernel.

Fixed CVE-2021-29154 in the Linux kernel.

cos-89-16108-403-15 (vs Milestone 85)

Date Kernel Kubernetes Docker
Apr 07, 2021 COS-5.4.104 v1.20.2 v20.10.3

Added support for experimental EXT4 fast commit.

Added support for CIFS.

Added support for detecting dockerhung, corruptdockeroverlays, docker start-up failures and hung-tasks in node-problem-detector.

Added support for geneve virtual interfaces.

Added futex support for gVisor.

Added cri-tools package.

Added cifs-utils package.

Made node-problem-detector the default monitoring agent.

Denied login to users that do not have 2-step verification setup when oslogin and oslogin-2fa are enabled.

Included no_ssh.sh script in /usr/share/google/no_ssh.sh for disabling SSH via guest policy.

Added compile time dependencies to cos-package-info.json.

Removed read/write/execute permissions of group and other user accounts for systemd timer files.

Upgraded Docker to v20.10.3.

Upgraded Docker-cli to v20.10.3.

Upgraded the built-in kubectl/kubelet to v1.20.2.

Upgraded google-guest-agent to v20201102.00.

Upgraded libcrypt to libcrypt-1.

Upgraded e2fsprogs to v1.46.2.

Upgraded e2fsprogs-libs to v1.46.2.

Upgraded cloud-init to v20.1.

Upgraded stackdriver logging agent to v1.8.4.

Upgraded sosreport to v4.0.

Upgraded default GPU driver version to 450.80.02.

Updated Google OS Config Agent to v20210331.00.

Updated openssl to v1.1.1j.

Updated glib and glib-util to v2.66.7.

Updated runc to v1.0.0_rc92.

Updated docker-proxy to v0.8.0_p20201215.

Updated OpenSSH to v8.3_p1.

Updated oslogin to v20201216.00.

Updated shadow to v4.8.1.

Updated apparmor to v2.13.5.

Updated iptables to v1.8.5.

Updated audit to v2.8.5.

Updated node-problem-detector to v0.8.6.

Updated toolbox to v20201104-00.

Updated tini to v0.19.0.

Updated systemd to systemd-stable v239.

Updated docker-credential-gcr to v2.0.4.

Fixed CVE-2019-5815 in libxslt.

Fixed CVE-2019-19956 in libxml2.

Fixed CVE-2021-3347 in the Linux Kernel.

Fixed CVE-2021-23840 and CVE-2021-23841 in openssl.

Fixed CVE-2021-27218 and CVE-2021-27219 in glib and glib-util.

Fixed warning in docker when homedir is not present.

Deprecated stackdriver monitoring.