cos-89-16108-798-22
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Apr 03, 2023 | COS-5.4.228 | v20.10.3 | v1.4.13 | v450.216.04(default),v470.161.03(R470),v510.108.03 |
Fixed CVE-2023-27561 in runc.
cos-89-16108-798-21
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Mar 27, 2023 | COS-5.4.228 | v20.10.3 | v1.4.13 | v450.216.04(default),v470.161.03(R470),v510.108.03 |
Removed CONFIG_NET_CLS_TCINDEX kernel config entry.
Fixed CVE-2023-28466 in the Linux kernel.
cos-89-16108-798-18
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Mar 20, 2023 | COS-5.4.228 | v20.10.3 | v1.4.13 | v450.216.04(default),v470.161.03(R470),v510.108.03 |
Fixed CVE-2023-26604 in sys-apps/systemd.
cos-89-16108-798-17
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Mar 06, 2023 | COS-5.4.228 | v20.10.3 | v1.4.13 | v450.216.04(default),v470.161.03(R470),v510.108.03 |
Updated dev-go/text to v0.3.8. This fixes CVE-2022-32149.
Fixed CVE-2019-9924 in app-shells/bash.
Fixed CVE-2022-48303 in app-arch/tar.
Fixed CVE-2019-18276 in app-shells/bash.
Fixed CVE-2020-11080 in net-libs/nghttp2.
Update net-fs/cifs-utils to v6.15. Fixes CVE-2022-29869, CVE-2021-20208, and CVE-2022-27239 in net-fs/cifs-utils.
Fixed CVE-2021-27291 and CVE-2021-20270 in dev-python/pygments.
cos-89-16108-798-10
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Feb 14, 2023 | COS-5.4.228 | v20.10.3 | v1.4.13 | v450.216.04(default),v470.161.03(R470),v510.108.03 |
Updated dev-libs/openssl to v1.1.1t. This resolves CVE-2022-4450, CVE-2023-0215, CVE-2022-4304 and CVE-2023-0286.
cos-89-16108-798-7
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Jan 31, 2023 | COS-5.4.228 | v20.10.3 | v1.4.13 | v450.216.04(default),v470.161.03(R470),v510.108.03 |
Fixed CVE-2022-40897 in dev-python/setuptools.
Fixed CVE-2022-47929 in the Linux kernel.
Fixed CVE-2023-23454 in the Linux Kernel.
cos-89-16108-798-3
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Jan 23, 2023 | COS-5.4.228 | v20.10.3 | v1.4.13 | v450.216.04(default),v470.161.03(R470),v510.108.03 |
Fixed a use-after-free bug in TCP in the Linux kernel.
cos-89-16108-798-1
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Jan 17, 2023 | COS-5.4.228 | v20.10.3 | v1.4.13 | v450.216.04(default),v470.161.03(R470),v510.108.03 |
Updated the Linux kernel to v5.4.228.
cos-89-16108-766-29
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Jan 09, 2023 | COS-5.4.217 | v20.10.3 | v1.4.13 | v450.216.04(default),v470.161.03(R470),v510.108.03 |
Fixed proc_skip_spaces in the Linux kernel to follow existing convention instead of acting as a wrapper to skip_spaces.
Updated Nvidia default drivers to v450.216.04 fixing CVE-2022-34670, CVE-2022-34674, CVE-2022-34675, CVE-2022-34677, CVE-2022-34679, CVE-2022-34680, CVE-2022-34682, CVE-2022-42254, CVE-2022-42256, CVE-2022-42257, CVE-2022-42258, CVE-2022-42259, CVE-2022-42260, CVE-2022-42261, CVE-2022-42262, CVE-2022-42263, CVE-2022-42264, R470 drivers to v470.161.03 fixing CVE-2022-34670, CVE-2022-34674, CVE-2022-34675, CVE-2022-34677, CVE-2022-34679, CVE-2022-34680, CVE-2022-34682, CVE-2022-42254, CVE-2022-42255, CVE-2022-42256, CVE-2022-42257, CVE-2022-42258, CVE-2022-42259, CVE-2022-42260, CVE-2022-42261, CVE-2022-42262, CVE-2022-42263, CVE-2022-42264 and latest to v510.108.03 fixing CVE-2022-34670, CVE-2022-34674, CVE-2022-34675, CVE-2022-34677, CVE-2022-34679,CVE-2022-34680, CVE-2022-34682, CVE-2022-34684, CVE-2022-42254, CVE-2022-42255,CVE-2022-42256, CVE-2022-42257, CVE-2022-42258, CVE-2022-42259, CVE-2022-42260,CVE-2022-42261, CVE-2022-42262, CVE-2022-42263, CVE-2022-42264.
Fixed CVE-2022-23471 in app-emulation/containerd.
Fixed CVE-2022-35260 and CVE-2022-32221 in net-misc/curl.
Fixed CVE-2022-42328, CVE-2022-42329 and CVE-2022-3169 in the Linux kernel.
Fixed a type error in proc_get_long. This resolves CVE-2022-4378.
cos-89-16108-766-19
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Dec 12, 2022 | COS-5.4.217 | v20.10.3 | v1.4.13 | v450.203.03(default),v470.141.03(R470),v510.47.03 |
Fixed issue where thread would get stuck in epoll_wait.
Updated dev-libs/libxml2 to v2.10.3. This resolves CVE-2022-40304 and CVE-2022-40303.
Fixed CVE-2022-36227 in app-arch/libarchive package.
cos-89-16108-766-15
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Dec 05, 2022 | COS-5.4.217 | v20.10.3 | v1.4.13 | v450.203.03(default),v470.141.03(R470),v510.47.03 |
Fixed CVE-2022-3821 in sys-apps/systemd.
cos-89-16108-766-13
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Nov 10, 2022 | COS-5.4.217 | v20.10.3 | v1.4.13 | v450.203.03(default),v470.141.03(R470),v510.47.03 |
Updated cos-gpu-installer to v2.0.29. This addresses CVE-2022-3602 in cos-gpu-installer.
cos-89-16108-766-9
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Nov 07, 2022 | COS-5.4.217 | v20.10.3 | v1.4.13 | v450.203.03(default),v470.141.03(R470),v510.47.03 |
Updated app-editors/vim and app-editors/vim-core to v9.0.0828. This resolves CVE-2022-3234, CVE-2022-3235, CVE-2022-3256, CVE-2022-3278, CVE-2022-3296, CVE-2022-3297, CVE-2022-3324, CVE-2022-3352 and CVE-2022-3705.
Fixed CVE-2022-42915 in curl.
cos-89-16108-766-5
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Oct 31, 2022 | COS-5.4.217 | v20.10.3 | v1.4.13 | v450.203.03(default),v470.141.03(R470),v510.47.03 |
Fixed CVE-2022-3524 in the Linux kernel.
cos-89-16108-766-3
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Oct 24, 2022 | COS-5.4.217 | v20.10.3 | v1.4.13 | v450.203.03(default),v470.141.03(R470),v510.47.03 |
Fixed CVE-2022-2602 in the Linux kernel.
cos-89-16108-766-1
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Oct 17, 2022 | COS-5.4.217 | v20.10.3 | v1.4.13 | v450.203.03(default),v470.141.03(R470),v510.47.03 |
Updated the Linux kernel to v5.4.217.
Updated open-vm-tools package to v12.1.0. This resolves CVE-2022-31676.
Updated net-misc/curl package to v7.85.0-r2. This resolves the following CVEs: CVE-2022-35252,CVE-2022-22576,CVE-2022-27774,CVE-2022-27775, CVE-2022-27776,CVE-2022-27778,CVE-2022-27779,CVE-2022-27780,CVE-2022-27781, CVE-2022-27782,CVE-2022-30115.
Updated vim/vim-core to v9.0.0467. This resolves the following CVEs: CVE-2022-3153,CVE-2022-3134,CVE-2022-3099,CVE-2022-3037,CVE-2022-3016, CVE-2022-2980,CVE-2022-2946,CVE-2022-2923,CVE-2022-2889,CVE-2022-2874, CVE-2022-2862,CVE-2022-2849,CVE-2022-2845,CVE-2022-2819,CVE-2022-2817, CVE-2022-2816,CVE-2022-2598,CVE-2022-2581,CVE-2022-2580,CVE-2022-2571, CVE-2022-2175,CVE-2022-2182,CVE-2022-2183,CVE-2022-2206,CVE-2022-2207, CVE-2022-2208,CVE-2022-2210,CVE-2022-2231,CVE-2022-2257,CVE-2022-2264, CVE-2022-2284,CVE-2022-2285,CVE-2022-2286,CVE-2022-2287,CVE-2022-2288, CVE-2022-2289,CVE-2022-2304,CVE-2022-2343,CVE-2022-2344,CVE-2022-2345, CVE-2022-2522,CVE-2022-2982.
Fixed CVE-2022-41222 in the Linux Kernel.
cos-89-16108-717-35
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Sep 26, 2022 | COS-5.4.202 | v20.10.3 | v1.4.13 | v450.203.03(default),v470.141.03(R470),v510.47.03 |
Fixed CVE-2022-2526 in systemd.
cos-89-16108-717-34
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Sep 19, 2022 | COS-5.4.202 | v20.10.3 | v1.4.13 | v450.203.03(default),v470.141.03(R470),v510.47.03 |
Updated cos-gpu-installer to v2.0.27. This resolves the issue where multiple installers can be started in the same VM.
Updated app-arch/gzip to v1.12. This resolves CVE-2022-1271.
Fixed CVE-2022-3028 and CVE-2022-39188 in the Linux kernel.
cos-89-16108-717-30
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Sep 12, 2022 | COS-5.4.202 | v20.10.3 | v1.4.13 | v450.203.03(default),v470.141.03(R470),v510.47.03 |
Upgraded the GPU driver version in the "latest" track to v510.47.03.
Updated cos-gpu-installer to v2.0.26. This resolves the compatibility issue with K80 GPU devices. When an incompatible driver version (R510+) is chosen in an instance with K80 GPU, the installer will automatically fall back to an available R470 driver version.
Fixed CVE 2021-3999 in glibc.
Fixed CVE-2021-3999 in sys-libs/glibc.
Upgraded libtirpc to v1.3.3 fixing CVE-2021-46828.
Fixed CVE-2022-36946,CVE-2022-0168, CVE-2021-4159, CVE-2021-4037 and CVE-2022-3176 in the Linux kernel.
cos-89-16108-717-20
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Sep 06, 2022 | COS-5.4.202 | v20.10.3 | v1.4.13 | v450.203.03(default),v470.141.03 |
Fixed CVE-2021-3669 in the Linux kernel.
cos-89-16108-717-17
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Aug 29, 2022 | COS-5.4.202 | v20.10.3 | v1.4.13 | v450.203.03(default),v470.141.03 |
Fixed issues in cos-gpu-installer where nvidia-peermem.ko was not installed and where driver signatures were included in the cached build tools.
Fixed CVE-2022-1158 in Linux Kernel.
cos-89-16108-717-14
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Aug 22, 2022 | COS-5.4.202 | v20.10.3 | v1.4.13 | v450.203.03(default),v470.141.03 |
Updated net-misc/rsync to v3.2.5 and fixed CVE-2022-29154.
Updated dev-db/sqlite to v3.39.2 to fix CVE-2022-35737.
Fixed CVE-2022-36123 in the Linux kernel.
cos-89-16108-717-11
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Aug 15, 2022 | COS-5.4.202 | v20.10.3 | v1.4.13 | v450.203.03(default),v470.141.03 |
Enable IOMMU_SUPPORT and IRQ_REMAP kernel configurations.
Runtime sysctl changes:
- Changed: fs.file-max: 814139 -> 814137
cos-89-16108-717-9
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Aug 08, 2022 | COS-5.4.202 | v20.10.3 | v1.4.13 | v450.203.03(default),v470.141.03 |
Updated default Nvidia driver to v450.203.03 and latest Nvidia driver to v470.141.03.
Fixed CVE-2022-21505 in the Linux kernel.
cos-89-16108-717-6
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Aug 01, 2022 | COS-5.4.202 | v20.10.3 | v1.4.13 | v450.172.01(default),v470.82.01 |
Moved the toolchain source from gs://chromiumos-sdk to gs://cos-sdk.
Updated toolbox to v20220722.
cos-89-16108-717-4
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Jul 25, 2022 | COS-5.4.202 | v20.10.3 | v1.4.13 | v450.172.01(default),v470.82.01 |
Upgraded openssl to v1.1.1q to resolve CVE-2022-2097.
cos-89-16108-717-3
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Jul 18, 2022 | COS-5.4.202 | v20.10.3 | v1.4.13 | v450.172.01(default),v470.82.01 |
Updated net-misc/curl to v7.84.0. This resolves CVE-2022-32205, CVE-2022-32206, CVE-2022-32207, and CVE-2022-32208.
cos-89-16108-717-1
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Jul 13, 2022 | COS-5.4.202 | v20.10.3 | v1.4.13 | v450.172.01(default),v470.82.01 |
Updated cos-gpu-installer to fetch the COS toolchain from gs://cos-tools instead of gs://chromiumos-sdk.
Added pci=clearmsi option for kdump stackdriver.
Updated the Linux kernel to v5.4.202.
Updated toolbox to v20220630.
Updated net-dns/c-ares to v1.17.2. This resolves CVE-2022-27778, CVE-2022-27779, CVE-2022-27780, CVE-2022-27775, CVE-2022-30115, CVE-2022-27776, CVE-2022-27774, CVE-2022-27781, CVE-2022-22576.
Updated app-editors/vim and app-editors/vim-core to v8.2.5066. This resolves CVE-2022-2126,CVE-2022-2125,CVE-2022-2124,CVE-2022-2129,CVE-2022-1720, CVE-2022-1942,CVE-2022-1886,CVE-2022-1851,CVE-2022-1160,CVE-2022-1154, CVE-2022-1381,CVE-2022-1420,CVE-2022-1733,CVE-2022-1796,CVE-2022-1769, CVE-2022-1735,CVE-2022-1674,CVE-2022-1771,CVE-2022-1620,CVE-2022-1785, CVE-2022-1629,CVE-2022-1616,CVE-2022-1621,CVE-2022-1619,CVE-2022-1927, CVE-2022-1898.
Updated net-misc/curl to v7.83.1. This resolves CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776, CVE-2022-27778, CVE-2022-27779, CVE-2022-27780, CVE-2022-27781, CVE-2022-27782, CVE-2022-30115.
Runtime sysctl changes:
- Changed: kernel.random.poolsize: 4096 -> 256
- Changed: kernel.random.write_wakeup_threshold: 896 -> 256
- Deleted: kernel.random.read_wakeup_threshold: 64
cos-89-16108-659-29
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Jul 11, 2022 | COS-5.4.188 | v20.10.3 | v1.4.13 | v450.172.01(default),v470.82.01 |
Upgraded openssl to 1.1.1p to resolve CVE-2022-2068.
cos-89-16108-659-28
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Jul 06, 2022 | COS-5.4.188 | v20.10.3 | v1.4.13 | v450.172.01(default),v470.82.01 |
Fixed CVE-2022-29217 in dev-python/pyjwt
Updated app-editors/vim and app-editors/vim-core to v8.2.4586. This resolves CVE-2022-0696,CVE-2022-0729,CVE-2022-0572,CVE-2022-0685, CVE-2022-0714,CVE-2022-0629 and CVE-2022-0943.
cos-89-16108-659-24
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Jun 27, 2022 | COS-5.4.188 | v20.10.3 | v1.4.13 | v450.172.01(default),v470.82.01 |
Fixed CVE-2022-29162 in app-emulation/runc.
Fixed CVE-2022-31030 in app-emulation/containerd.
Fixed CVE-2022-1516 in the Linux Kernel.
cos-89-16108-659-19
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Jun 03, 2022 | COS-5.4.188 | v20.10.3 | v1.4.13 | v450.172.01(default),v470.82.01 |
Fixed CVE-2022-30594 and CVE-2022-28893 in the Linux Kernel.
Fixed a bug in KTD LSM xattr handling.
cos-89-16108-659-15
| Date | Kernel | Docker | Containerd | GPU Drivers |
| May 25, 2022 | COS-5.4.188 | v20.10.3 | v1.4.13 | v450.172.01(default),v470.82.01 |
Fixed CVE-2022-1729 in the Linux Kernel.
cos-89-16108-659-14
| Date | Kernel | Docker | Containerd | GPU Drivers |
| May 23, 2022 | COS-5.4.188 | v20.10.3 | v1.4.13 | v450.172.01(default),v470.82.01 |
Fixed an issue that prevented large cloud-configs (~256KB) from working properly.
Upgraded openssl to v1.1.1o. This resolves CVE-2022-1292.
Upgraded dev-libs/libxml2 to v2.9.14. This resolves CVE-2022-29824.
Upgraded dev-libs/libxslt to v1.1.35. This resolves CVE-2022-29824.
Updated sys-libs/ncurses to v6.3_p20220423. This resolves CVE-2022-29458.
Fixed CVE-2022-0494 in the Linux kernel.
cos-89-16108-659-8
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Apr 25, 2022 | COS-5.4.188 | v20.10.3 | v1.4.13 | v450.172.01(default),v470.82.01 |
Fixed CVE-2022-29581 and CVE-2022-1116 in the Linux kernel.
cos-89-16108-659-6
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Apr 18, 2022 | COS-5.4.188 | v20.10.3 | v1.4.13 | v450.172.01(default),v470.82.01 |
Fixed CVE-2022-24769 in containerd.
cos-89-16108-659-1
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Apr 12, 2022 | COS-5.4.188 | v20.10.3 | v1.4.13 | v450.172.01(default),v470.82.01 |
Updated default GPU driver version to v450.172.01.
Upgraded latest GPU driver version to v470.82.01.
Updated containerd to v1.4.13.
Updated the built-in kubectl/kubelet to v1.20.15.
Added command cos-extensions list -- --gpu-installer to show
the default cos-gpu-installer.
Enabled flag --version=latest when installing GPU drivers.
Added support for NFSv4 Kerberos authentication.
Enabled IBLOCK and FILEIO iSCSI backing stores kernel configuration.
Upgraded cos-gpu-installer-v2 to v2.0.17 in cos-extensions. Refined error message for installing latest driver. Preinstalled dependencies are now detected separately.
Fixed CVE-2020-13529 in systemd.
Upgraded dev-libs/libxml2 to v2.9.13-r1. This resolves CVE-2022-23308.
Fixed CVE-2022-0617 in the Linux kernel.
cos-89-16108-604-31
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Apr 05, 2022 | COS-5.4.170 | v20.10.3 | v1.4.8 | v450.119.04(default),v470.82.01 |
Fixed the issue where IPv4 times out by waiting for IPv4 address indefinitely.
Increased the number of vCPUs supported from 256 to 512.
Runtime sysctl changes:
- Changed: fs.epoll.max_user_watches: 1668300 -> 1667870
- Changed: kernel.threads-max: 63640 -> 63624
- Changed: net.ipv4.tcp_mem: 94272 125697 188544 -> 94248 125665 188496
- Changed: net.ipv4.udp_mem: 188544 251395 377088 -> 188496 251331 376992
- Changed: user.max_cgroup_namespaces: 31820 -> 31812
- Changed: user.max_ipc_namespaces: 31820 -> 31812
- Changed: user.max_mnt_namespaces: 31820 -> 31812
- Changed: user.max_net_namespaces: 31820 -> 31812
- Changed: user.max_pid_namespaces: 31820 -> 31812
- Changed: user.max_user_namespaces: 31820 -> 31812
- Changed: user.max_uts_namespaces: 31820 -> 31812
cos-89-16108-604-28
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Mar 25, 2022 | COS-5.4.170 | v20.10.3 | v1.4.8 | v450.119.04(default),v470.82.01 |
Fixed CVE-2022-27666, CVE-2022-1055 and CVE-2020-36516 in the Linux Kernel.
Upgraded openssl package to v1.1.1n to fix CVE-2022-0778.
cos-89-16108-604-22
| Date | Kernel | Docker | Containerd | GPU Drivers |
| Mar 21, 2022 | COS-5.4.170 | v20.10.3 | v1.4.8 | v450.119.04(default),v470.82.01 |
Fixed an issue in systemd to consider primary network interface configured only after non-link-local IPv4 address is available.
Fixed CVE-2021-22570 in libprotobuf.
cos-89-16108-604-19
| Date | Kernel | Docker | Containerd | Default GPU Driver |
| Mar 07, 2022 | COS-5.4.170 | v20.10.3 | v1.4.8 | v450.119.04 |
Fixed CVE-2022-0847 in the Linux kernel.
Fixed CVE-2022-23648 in containerd.
cos-89-16108-604-17
| Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
| Feb 28, 2022 | COS-5.4.170 | v1.20.11 | v20.10.3 | v1.4.8 | v450.119.04 |
Fixed CVE-2021-45346 in dev-db/sqlite.
Fixed segmentation fault in ebtables.
Fixed get_status API in device policy manager.
cos-89-16108-604-11
| Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
| Feb 14, 2022 | COS-5.4.170 | v1.20.11 | v20.10.3 | v1.4.8 | v450.119.04 |
Fixed an issue in containerd where pods returned "failed to reserve container name".
Added retries while fetching metadata in cloud-init.
Updated app-editors/vim and app-editors/vim-core to v8.2.4328. This resolves CVE-2021-4187, CVE-2022-0128, CVE-2022-0156, CVE-2022-0158, CVE-2022-0261, CVE-2022-0318, CVE-2022-0319, CVE-2022-0392, CVE-2022-0368, CVE-2022-0393, CVE-2022-0361, CVE-2022-0359, CVE-2022-0413, CVE-2022-0408, CVE-2022-0407, and CVE-2022-0443.
Fixed CVE-2022-0492 in the Linux kernel.
cos-89-16108-604-5
| Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
| Feb 07, 2022 | COS-5.4.170 | v1.20.11 | v20.10.3 | v1.4.8 | v450.119.04 |
Fixed an issue in containerd where layer hashes were sometimes computed incorrectly for large self-hosted containers.
Runtime sysctl changes:
- Changed: fs.file-max: 814342 -> 814343
cos-89-16108-604-3
| Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
| Jan 19, 2022 | COS-5.4.170 | v1.20.11 | v20.10.3 | v1.4.8 | v450.119.04 |
Fixed a privilege escalation vulnerability in fs_context in the Linux kernel. This resolves CVE-2022-0185.
cos-89-16108-604-1
| Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
| Jan 18, 2022 | COS-5.4.170 | v1.20.11 | v20.10.3 | v1.4.8 | v450.119.04 |
Updated oslogin to v20210707.00.
Updated google-guest-agent to v20210707.00.
Updated the built-in kubectl/kubelet to v1.20.11.
Updated the Linux kernel to v5.4.170.
Upgraded app-arch/libarchive to version v3.5.1.
Enabled cos-extensions to fetch artifacts with geo-redundancy when installing GPU driver.
Added crictl commands to sosreport.
Created kernel config file under /boot directory.
Added support for consistent device naming for NVMe disks.
Fix kernel crash dump collection.
Fixed an issue where GPU drivers wouldn't load due to being incorrectly linked.
Upgraded libgcrypt to v1.9.4. This resolves CVE-2021-40528.
Runtime sysctl changes:
- Added: dev.cdrom.autoclose: 1
- Added: dev.cdrom.autoeject: 0
- Added: dev.cdrom.check_media: 0
- Added: dev.cdrom.debug: 0
- Added: dev.cdrom.info:
- Added: dev.cdrom.lock: 1
- Changed: fs.epoll.max_user_watches: 1669181 -> 1668300
- Changed: fs.file-max: 814780 -> 814342
- Changed: kernel.threads-max: 63674 -> 63640
- Changed: net.ipv4.tcp_mem: 94323 125765 188646 -> 94272 125697 188544
- Changed: net.ipv4.udp_mem: 188646 251530 377292 -> 188544 251395 377088
- Changed: user.max_cgroup_namespaces: 31837 -> 31820
- Changed: user.max_ipc_namespaces: 31837 -> 31820
- Changed: user.max_mnt_namespaces: 31837 -> 31820
- Changed: user.max_net_namespaces: 31837 -> 31820
- Changed: user.max_pid_namespaces: 31837 -> 31820
- Changed: user.max_user_namespaces: 31837 -> 31820
- Changed: user.max_uts_namespaces: 31837 -> 31820
cos-89-16108-534-43
| Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
| Jan 13, 2022 | COS-5.4.144 | v1.20.5 | v20.10.3 | v1.4.8 | v450.119.04 |
Updated vim and vim-core to v8.2.3950. This resolves CVE-2021-4193, CVE-2021-4192, CVE-2021-4173, CVE-2021-4166, and CVE-2021-4136.
Fixed a double-free issue in packet_set_ring in the Linux kernel.
cos-89-16108-534-41
| Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
| Jan 11, 2022 | COS-5.4.144 | v1.20.5 | v20.10.3 | v1.4.8 | v450.119.04 |
Upgraded dev-libs/nspr to v3.42. This resolves CVE-2021-43527.
Upgraded dev-libs/nss to v3.73. This resolves CVE-2021-43527.
Upgraded app-crypt/nss to v3.73. This resolves CVE-2021-43527.
Upgraded app-emulation/runc to v1.0.3. This resolves CVE-2021-43784.
Updated vim and vim-core to v8.2.3741. This resolves CVE-2021-3973, CVE-2021-3968, CVE-2021-4069, CVE-2021-4019, CVE-2021-3984 and CVE-2021-3974.
Fixed CVE-2021-4155 in the Linux kernel.
cos-89-16108-534-34
| Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
| Dec 13, 2021 | COS-5.4.144 | v1.20.5 | v20.10.3 | v1.4.8 | v450.119.04 |
Fixed CVE-2021-4002 in the linux kernel.
cos-89-16108-534-27
| Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
| Dec 01, 2021 | COS-5.4.144 | v1.20.5 | v20.10.3 | v1.4.8 | v450.119.04 |
Fixed CVE-2021-41190 in app-emulation/docker.
Fixed CVE-2021-41190 in app-emulation/containerd.
Fixed CVE-2021-41617 in openssh.
Updated vim and vim-core to v8.2.3582. This resolves CVE-2021-3928 and CVE-2021-3927.
cos-89-16108-534-22
| Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
| Nov 15, 2021 | COS-5.4.144 | v1.20.5 | v20.10.3 | v1.4.8 | v450.119.04 |
Fixed UUID parsing in kernel crash dump collection.
Updated vim and vim-core to v8.2.3567. This fixes CVE-2021-3872, CVE-2021-3903 and CVE-2021-3875.
Upgraded app-arch/libarchive to v3.5.2. This fixes CVE-2021-36976.
cos-89-16108-534-18
| Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
| Nov 03, 2021 | COS-5.4.144 | v1.20.5 | v20.10.3 | v1.4.8 | v450.119.04 |
Upgraded openssl to 1.1.1l. This fixes CVE-2021-3711.
cos-89-16108-534-17
| Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
| Oct 18, 2021 | COS-5.4.144 | v1.20.5 | v20.10.3 | v1.4.8 | v450.119.04 |
Updated vim to v8.2.3428. This resolves CVE-2021-3796, CVE-2021-3778, and CVE-2021-3770.
Fixed CVE-2021-22945 in net-misc/curl.
Fixed CVE-2021-39537 in sys-libs/ncurses.
Fixed CVE-2021-41864 in Linux kernel.
cos-89-16108-534-13
| Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
| Oct 11, 2021 | COS-5.4.144 | v1.20.5 | v20.10.3 | v1.4.8 | v450.119.04 |
Fixed an issue where GPU drivers wouldn't load due to being incorrectly linked.
Fixed CVE-2021-41103 in containerd.
cos-89-16108-534-9
| Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
| Oct 04, 2021 | COS-5.4.144 | v1.20.5 | v20.10.3 | v1.4.8 | v450.119.04 |
Fixed CVE-2020-12403 in dev-libs/nss.
cos-89-16108-534-8
| Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
| Sep 27, 2021 | COS-5.4.144 | v1.20.5 | v20.10.3 | v1.4.8 | v450.119.04 |
Rolled back "Stackdriver logs now record Docker container names by default" due to breaking change to docker daemon.json.
Updated containerd to v1.4.8.
Fixed CVE-2021-28153 in glib and glib-utils.
Upgraded app-arch/libarchive to v3.5.1. This resolves CVE-2021-36976.
cos-89-16108-534-2
| Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
| Sep 20, 2021 | COS-5.4.144 | v1.20.5 | v20.10.3 | v1.4.4 | v450.119.04 |
Stackdriver logs now record Docker container names by default.
Updated nanopb to 0.4.5 in Container Threat Detection.
Updated the Linux kernel to v5.4.144. This resolves CVE-2021-38198, CVE-2021-38199, CVE-2021-38205, CVE-2021-40490 and CVE-2021-33200.
Fixed CVE-2020-10029 in glibc.
Upgraded openssl to 1.1.1k to resolve CVE-2021-3449 and CVE-2021-3450.
Upgraded wget to v1.21.1. This also resolves CVE-2021-31879.
Fixed CVE-2019-17594 and CVE-2019-17595 in ncurses.
Upgraded libgcrypt to 1.9.3. This fixes CVE-2021-33560.
cos-89-16108-470-25
| Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
| Sep 13, 2021 | COS-5.4.120 | v1.20.5 | v20.10.3 | v1.4.4 | v450.119.04 |
Upgraded net-misc/curl to v7.78.0. This resolves CVE-2021-22876, CVE-2021-22898, CVE-2021-22897, CVE-2021-22890, CVE-2021-22926 and CVE-2021-22924.
Fixed CVE-2021-32760 in app-emulation/containerd.
cos-89-16108-470-16
| Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
| Aug 23, 2021 | COS-5.4.120 | v1.20.5 | v20.10.3 | v1.4.4 | v450.119.04 |
Fixed cleanup context of teardownPodNetwork.
cos-89-16108-470-11
| Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
| Jul 26, 2021 | COS-5.4.120 | v1.20.5 | v20.10.3 | v1.4.4 | v450.119.04 |
Added the cos.enable_ipv6 kernel command line option that enables IPv6 configuration. This option does not disable IPv4 configuration; COS always configures IPv4 by default.
Fixed an issue where enabling both IPv6 and IPv4 configuration on IPv4-exclusive networks resulted in slow boot times.
Fixed CVE-2021-33910 in systemd.
Fixed CVE-2021-33909 in the Linux kernel.
Fixed CVE-2021-3612 in the Linux kernel.
cos-89-16108-470-1
| Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
| Jun 24, 2021 | COS-5.4.120 | v1.20.5 | v20.10.3 | v1.4.4 | v450.119.04 |
Upgraded dev-db/sqlite to v3.34.1. This resolves CVE-2021-20227.
Upgraded app-arch/tar to v1.34. This resolves CVE-2021-20193.
Upgraded dev-vcs/git to v2.29.3. This resolves CVE-2021-21300.
Updated the Linux kernel to v5.4.120. This resolves CVE-2021-31916, CVE-2021-31829, CVE-2021-28950, CVE-2020-27170 and CVE-2021-22555.
Updated containerd to v1.4.4. This resolves CVE-2021-21334.
Fixed CVE-2021-3537, CVE-2021-3517, CVE-2021-3518 and CVE-2020-24977 in dev-libs/libxml2.
Updated kubernetes to v1.20.5.
Upgraded Google OS Config Agent(aka VMManager) to version 20210607.00.
Automatically mount OEM partition if it is sealed.
cos-89-16108-403-51
| Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
| Jun 21, 2021 | COS-5.4.104 | v1.20.2 | v20.10.3 | v1.4.3 | v450.119.04 |
Fixed a memory leak in the GVE kernel driver.
cos-89-16108-403-47
| Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
| Jun 14, 2021 | COS-5.4.104 | v1.20.2 | v20.10.3 | v1.4.3 | v450.119.04 |
Fixed a network regression on single-core systems when using the GVE network interface.
cos-89-16108-403-46
| Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
| Jun 08, 2021 | COS-5.4.104 | v1.20.2 | v20.10.3 | v1.4.3 | v450.119.04 |
Fixed a low network bandwidth issue in the Linux kernel.
Updated runc to v1.0.0_rc95. This resolves CVE-2021-30465.
cos-89-16108-403-42
| Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
| Jun 07, 2021 | COS-5.4.104 | v1.20.2 | v20.10.3 | v1.4.3 | v450.119.04 |
Upgraded the default GPU drver version to 450.119.04.
Fixed a network regression while using gve network interface.
Fixed CPU usage for workloads with heavy page cache usage.
cos-89-16108-403-26
| Date | Kernel | Kubernetes | Docker | Containerd |
| May 03, 2021 | COS-5.4.104 | v1.20.2 | v20.10.3 | v1.4.3 |
Updated google-guest-agent to v20210408.00.
Updated sshd.service to not drop active ssh sessions when sshd is restarted.
cos-89-16108-403-22
| Date | Kernel | Kubernetes | Docker | Containerd |
| Apr 22, 2021 | COS-5.4.104 | v1.20.2 | v20.10.3 | v1.4.3 |
Fixed an out-of-bounds write issue in the Linux kernel.
Fixed CVE-2021-29154 in the Linux kernel.
cos-89-16108-403-15 (vs Milestone 85)
| Date | Kernel | Kubernetes | Docker |
| Apr 07, 2021 | COS-5.4.104 | v1.20.2 | v20.10.3 |
Added support for experimental EXT4 fast commit.
Added support for CIFS.
Added support for detecting dockerhung, corruptdockeroverlays, docker start-up failures and hung-tasks in node-problem-detector.
Added support for geneve virtual interfaces.
Added futex support for gVisor.
Added cri-tools package.
Added cifs-utils package.
Made node-problem-detector the default monitoring agent.
Denied login to users that do not have 2-step verification setup when oslogin and oslogin-2fa are enabled.
Included no_ssh.sh script in /usr/share/google/no_ssh.sh for disabling SSH via guest policy.
Added compile time dependencies to cos-package-info.json.
Removed read/write/execute permissions of group and other user accounts for systemd timer files.
Upgraded Docker to v20.10.3.
Upgraded Docker-cli to v20.10.3.
Upgraded the built-in kubectl/kubelet to v1.20.2.
Upgraded google-guest-agent to v20201102.00.
Upgraded libcrypt to libcrypt-1.
Upgraded e2fsprogs to v1.46.2.
Upgraded e2fsprogs-libs to v1.46.2.
Upgraded cloud-init to v20.1.
Upgraded stackdriver logging agent to v1.8.4.
Upgraded sosreport to v4.0.
Upgraded default GPU driver version to 450.80.02.
Updated Google OS Config Agent to v20210331.00.
Updated openssl to v1.1.1j.
Updated glib and glib-util to v2.66.7.
Updated runc to v1.0.0_rc92.
Updated docker-proxy to v0.8.0_p20201215.
Updated OpenSSH to v8.3_p1.
Updated oslogin to v20201216.00.
Updated shadow to v4.8.1.
Updated apparmor to v2.13.5.
Updated iptables to v1.8.5.
Updated audit to v2.8.5.
Updated node-problem-detector to v0.8.6.
Updated toolbox to v20201104-00.
Updated tini to v0.19.0.
Updated systemd to systemd-stable v239.
Updated docker-credential-gcr to v2.0.4.
Fixed CVE-2019-5815 in libxslt.
Fixed CVE-2019-19956 in libxml2.
Fixed CVE-2021-3347 in the Linux Kernel.
Fixed CVE-2021-23840 and CVE-2021-23841 in openssl.
Fixed CVE-2021-27218 and CVE-2021-27219 in glib and glib-util.
Fixed warning in docker when homedir is not present.
Deprecated stackdriver monitoring.