Container-Optimized OS Release Notes: Milestone 89

cos-89-16108-534-13

Date Kernel Kubernetes Docker Containerd Default GPU Driver
Oct 11, 2021 COS-5.4.144 v1.20.5 v20.10.3 v1.4.8 v450.119.04

Fixed an issue where GPU drivers wouldn't load due to being incorrectly linked.

Fixed CVE-2021-41103 in containerd.

cos-89-16108-534-9

Date Kernel Kubernetes Docker Containerd Default GPU Driver
Oct 04, 2021 COS-5.4.144 v1.20.5 v20.10.3 v1.4.8 v450.119.04

Fixed CVE-2020-12403 in dev-libs/nss.

cos-89-16108-534-8

Date Kernel Kubernetes Docker Containerd Default GPU Driver
Sep 27, 2021 COS-5.4.144 v1.20.5 v20.10.3 v1.4.8 v450.119.04

Rolled back "Stackdriver logs now record Docker container names by default" due to breaking change to docker daemon.json.

Updated containerd to v1.4.8.

Fixed CVE-2021-28153 in glib and glib-utils.

Upgraded app-arch/libarchive to v3.5.1. This resolves CVE-2021-36976.

cos-89-16108-534-2

Date Kernel Kubernetes Docker Containerd Default GPU Driver
Sep 20, 2021 COS-5.4.144 v1.20.5 v20.10.3 v1.4.4 v450.119.04

Stackdriver logs now record Docker container names by default.

Updated nanopb to 0.4.5 in Container Threat Detection.

Updated the Linux kernel to v5.4.144. This resolves CVE-2021-38198, CVE-2021-38199, CVE-2021-38205, CVE-2021-40490 and CVE-2021-33200.

Fixed CVE-2020-10029 in glibc.

Upgraded openssl to 1.1.1k to resolve CVE-2021-3449 and CVE-2021-3450.

Upgraded wget to v1.21.1. This also resolves CVE-2021-31879.

Fixed CVE-2019-17594 and CVE-2019-17595 in ncurses.

Upgraded libgcrypt to 1.9.3. This fixes CVE-2021-33560.

cos-89-16108-470-25

Date Kernel Kubernetes Docker Containerd Default GPU Driver
Sep 13, 2021 COS-5.4.120 v1.20.5 v20.10.3 v1.4.4 v450.119.04

Upgraded net-misc/curl to v7.78.0. This resolves CVE-2021-22876, CVE-2021-22898, CVE-2021-22897, CVE-2021-22890, CVE-2021-22926 and CVE-2021-22924.

Fixed CVE-2021-32760 in app-emulation/containerd.

cos-89-16108-470-16

Date Kernel Kubernetes Docker Containerd Default GPU Driver
Aug 23, 2021 COS-5.4.120 v1.20.5 v20.10.3 v1.4.4 v450.119.04

Fixed cleanup context of teardownPodNetwork.

cos-89-16108-470-11

Date Kernel Kubernetes Docker Containerd Default GPU Driver
Jul 26, 2021 COS-5.4.120 v1.20.5 v20.10.3 v1.4.4 v450.119.04

Added the cos.enable_ipv6 kernel command line option that enables IPv6 configuration. This option does not disable IPv4 configuration; COS always configures IPv4 by default.

Fixed an issue where enabling both IPv6 and IPv4 configuration on IPv4-exclusive networks resulted in slow boot times.

Fixed CVE-2021-33910 in systemd.

Fixed CVE-2021-33909 in the Linux kernel.

Fixed CVE-2021-3612 in the Linux kernel.

cos-89-16108-470-1

Date Kernel Kubernetes Docker Containerd Default GPU Driver
Jun 24, 2021 COS-5.4.120 v1.20.5 v20.10.3 v1.4.4 v450.119.04

Upgraded dev-db/sqlite to v3.34.1. This resolves CVE-2021-20227.

Upgraded app-arch/tar to v1.34. This resolves CVE-2021-20193.

Upgraded dev-vcs/git to v2.29.3. This resolves CVE-2021-21300.

Updated the Linux kernel to v5.4.120. This resolves CVE-2021-31916, CVE-2021-31829, CVE-2021-28950, CVE-2020-27170 and CVE-2021-22555.

Updated containerd to v1.4.4. This resolves CVE-2021-21334.

Fixed CVE-2021-3537, CVE-2021-3517, CVE-2021-3518 and CVE-2020-24977 in dev-libs/libxml2.

Updated kubernetes to v1.20.5.

Upgraded Google OS Config Agent(aka VMManager) to version 20210607.00.

Automatically mount OEM partition if it is sealed.

cos-89-16108-403-51

Date Kernel Kubernetes Docker Containerd Default GPU Driver
Jun 21, 2021 COS-5.4.104 v1.20.2 v20.10.3 v1.4.3 v450.119.04

Fixed a memory leak in the GVE kernel driver.

cos-89-16108-403-47

Date Kernel Kubernetes Docker Containerd Default GPU Driver
Jun 14, 2021 COS-5.4.104 v1.20.2 v20.10.3 v1.4.3 v450.119.04

Fixed a network regression on single-core systems when using the GVE network interface.

cos-89-16108-403-46

Date Kernel Kubernetes Docker Containerd Default GPU Driver
Jun 08, 2021 COS-5.4.104 v1.20.2 v20.10.3 v1.4.3 v450.119.04

Fixed a low network bandwidth issue in the Linux kernel.

Updated runc to v1.0.0_rc95. This resolves CVE-2021-30465.

cos-89-16108-403-42

Date Kernel Kubernetes Docker Containerd Default GPU Driver
Jun 07, 2021 COS-5.4.104 v1.20.2 v20.10.3 v1.4.3 v450.119.04

Upgraded the default GPU drver version to 450.119.04.

Fixed a network regression while using gve network interface.

Fixed CPU usage for workloads with heavy page cache usage.

cos-89-16108-403-26

Date Kernel Kubernetes Docker Containerd
May 03, 2021 COS-5.4.104 v1.20.2 v20.10.3 v1.4.3

Updated google-guest-agent to v20210408.00.

Updated sshd.service to not drop active ssh sessions when sshd is restarted.

cos-89-16108-403-22

Date Kernel Kubernetes Docker Containerd
Apr 22, 2021 COS-5.4.104 v1.20.2 v20.10.3 v1.4.3

Fixed an out-of-bounds write issue in the Linux kernel.

Fixed CVE-2021-29154 in the Linux kernel.

cos-89-16108-403-15 (vs Milestone 85)

Date Kernel Kubernetes Docker
Apr 07, 2021 COS-5.4.104 v1.20.2 v20.10.3

Added support for experimental EXT4 fast commit.

Added support for CIFS.

Added support for detecting dockerhung, corruptdockeroverlays, docker start-up failures and hung-tasks in node-problem-detector.

Added support for geneve virtual interfaces.

Added futex support for gVisor.

Added cri-tools package.

Added cifs-utils package.

Made node-problem-detector the default monitoring agent.

Denied login to users that do not have 2-step verification setup when oslogin and oslogin-2fa are enabled.

Included no_ssh.sh script in /usr/share/google/no_ssh.sh for disabling SSH via guest policy.

Added compile time dependencies to cos-package-info.json.

Removed read/write/execute permissions of group and other user accounts for systemd timer files.

Upgraded Docker to v20.10.3.

Upgraded Docker-cli to v20.10.3.

Upgraded the built-in kubectl/kubelet to v1.20.2.

Upgraded google-guest-agent to v20201102.00.

Upgraded libcrypt to libcrypt-1.

Upgraded e2fsprogs to v1.46.2.

Upgraded e2fsprogs-libs to v1.46.2.

Upgraded cloud-init to v20.1.

Upgraded stackdriver logging agent to v1.8.4.

Upgraded sosreport to v4.0.

Upgraded default GPU driver version to 450.80.02.

Updated Google OS Config Agent to v20210331.00.

Updated openssl to v1.1.1j.

Updated glib and glib-util to v2.66.7.

Updated runc to v1.0.0_rc92.

Updated docker-proxy to v0.8.0_p20201215.

Updated OpenSSH to v8.3_p1.

Updated oslogin to v20201216.00.

Updated shadow to v4.8.1.

Updated apparmor to v2.13.5.

Updated iptables to v1.8.5.

Updated audit to v2.8.5.

Updated node-problem-detector to v0.8.6.

Updated toolbox to v20201104-00.

Updated tini to v0.19.0.

Updated systemd to systemd-stable v239.

Updated docker-credential-gcr to v2.0.4.

Fixed CVE-2019-5815 in libxslt.

Fixed CVE-2019-19956 in libxml2.

Fixed CVE-2021-3347 in the Linux Kernel.

Fixed CVE-2021-23840 and CVE-2021-23841 in openssl.

Fixed CVE-2021-27218 and CVE-2021-27219 in glib and glib-util.

Fixed warning in docker when homedir is not present.

Deprecated stackdriver monitoring.