You can see the latest product updates for all of Google Cloud on the Google Cloud page, browse and filter all release notes in the Google Cloud console, or programmatically access release notes in BigQuery.
To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly.
October 24, 2023
cos-93-16623-461-42
Kernel | Docker | Containerd | GPU Drivers |
COS-5.10.177 | v20.10.24 | v1.6.20 | v450.248.02(default),v535.104.12(latest),v470.199.02(R470 for compatibility with K80 GPUs) |
Update latest NVIDIA GPU drivers to 535.104.12.
Fixed CVE-2023-42752 in the Linux kernel.
October 16, 2023
cos-93-16623-461-40
Kernel | Docker | Containerd | GPU Drivers |
COS-5.10.177 | v20.10.24 | v1.6.20 | v450.248.02(default),v535.104.05(latest),v470.199.02(R470 for compatibility with K80 GPUs) |
Upgraded net-misc/curl to v8.4.0. This resolves CVE-2023-38545.
October 11, 2023
cos-93-16623-461-39
Kernel | Docker | Containerd | GPU Drivers |
COS-5.10.177 | v20.10.24 | v1.6.20 | v450.248.02(default),v535.104.05(latest),v470.199.02(R470 for compatibility with K80 GPUs) |
Upgraded cos-gpu-installer to v2.1.9.
Fixed CVE-2023-38039 in net-misc/curl.
Fixed CVE-2023-42753 in the Linux Kernel.
October 03, 2023
cos-93-16623-461-36
Kernel | Docker | Containerd | GPU Drivers |
COS-5.10.177 | v20.10.24 | v1.6.20 | v450.248.02(default),v470.199.02(R470),v535.104.05 |
Fixes CVE-2023-2163 in the Linux Kernel.
September 26, 2023
cos-93-16623-461-35
Kernel | Docker | Containerd | GPU Drivers |
COS-5.10.177 | v20.10.24 | v1.6.20 | v450.248.02(default),v470.199.02(R470),v535.104.05 |
Fixed CVE-2023-4921 in the Linux kernel.
Fixed CVE-2023-4623 in the Linux kernel.
Fixed CVE-2023-4622 in the Linux kernel.
September 11, 2023
cos-93-16623-461-30
Kernel | Docker | Containerd | GPU Drivers |
COS-5.10.177 | v20.10.24 | v1.6.20 | v450.248.02(default),v470.199.02(R470),v535.104.05 |
Updated cos-gpu-installer to v2.1.7. Switched precompiled driver and signature location to COS build artifacts.
Updated latest GPU driver to v535.104.05.
Changed error handling in get_metadata_value script to retry if connection error happens during instance metadata check.
Fixed the following CVEs in sys-libs/binutils-libs: CVE-2022-47007 CVE-2022-47008, CVE-2022-47010, CVE-2022-47011, CVE-2022-48063, CVE-2022-48064, CVE-2022-48065.
September 07, 2023
cos-93-16623-461-21
Kernel | Docker | Containerd | GPU Drivers |
COS-5.10.177 | v20.10.24 | v1.6.20 | v450.248.02(default),v470.199.02(R470),v525.125.06 |
Fixed CVE-2018-17846, CVE-2018-17142, CVE-2018-17847, CVE-2018-17143, CVE-2018-17075, CVE-2018-17848 in dev-go/net.
Updated xz-utils to 5.2.9. This resolves CVE-2020-22916.
Upgraded sys-process/procps to 3.3.17. This fixed CVE-2018-1121 and CVE-2023-4016.
Upgraded sys-fs/mdadm to v4.2. This resolves CVE-2023-28938 and CVE-2023-28736.
Fixed CVE-2023-33953 in the Linux kernel.
August 21, 2023
cos-93-16623-461-15
Kernel | Docker | Containerd | GPU Drivers |
COS-5.10.177 | v20.10.24 | v1.6.20 | v450.248.02(default),v470.199.02(R470),v525.125.06 |
Simplified GPU driver installation by remounting the driver installation path as executable from cos-extensions.
Updated dev-libs/openssl to v1.1.1v. This resolves CVE-2023-3817.
Upgrade app-misc/jq to v1.7_pre20201109-r1. This fixes CVE-2016-4074.
Fixed CVE-2023-4147 in the Linux kernel.
Fixed CVE-2023-4194 in the Linux kernel.
August 14, 2023
cos-93-16623-461-8
Kernel | Docker | Containerd | GPU Drivers |
COS-5.10.177 | v20.10.24 | v1.6.20 | v450.248.02(default),v470.199.02(R470),v525.125.06 |
Fixed CVE-2022-28737 in sys-boot/shim.
Fixed CVE-2023-32001 in net-misc/curl.
Fixed CVE-2023-38408 in net-misc/openssh.
Fixed CVE-2022-40896 in dev-python/pygments.
Fixed CVE-2023-4004, CVE-2023-3777, CVE-2023-3776, CVE-2023-1206, CVE-2023-0160 and CVE-2023-3611 in the Linux kernel.
August 07, 2023
cos-93-16623-461-1
Kernel | Docker | Containerd | GPU Drivers |
COS-5.10.186 | v20.10.24 | v1.6.20 | v450.248.02(default),v470.199.02(R470),v525.125.06 |
Updated app-emulation/docker and app-emulation/docker-cli to v20.10.24.
Updated containerd to v1.6.20.
Updated app-admin/google-osconfig-agent to v20230222.00.
Updated open-vm-tools to 12.2.5 to fix CVE-2023-20867
July 25, 2023
cos-93-16623-402-50
Kernel | Docker | Containerd | GPU Drivers |
COS-5.10.177 | v20.10.14 | v1.5.18 | v450.248.02(default),v470.199.02(R470),v525.125.06 |
Fix CVE-2023-2269 in the kernel.
Fixed CVE-2023-35001 in the Linux kernel.
Fix CVE-2023-3389 in kernel.
Fixed CVE-2023-31248 in the Linux kernel.
July 18, 2023
cos-93-16623-402-45
Kernel | Docker | Containerd | GPU Drivers |
COS-5.10.177 | v20.10.14 | v1.5.18 | v450.248.02(default),v470.199.02(R470),v525.125.06 |
Updated default GPU driver to v450.248.02, R470 GPU driver to v470.199.02 and latest GPU driver to v525.125.06. This resolves CVE-2023-25515 and CVE-2023-25516. CVE-2023-25515, CVE-2023-25516.
Fixed CVE-2023-3609 in the Linux kernel.
July 13, 2023
cos-93-16623-402-43
Kernel | Docker | Containerd | GPU Drivers |
COS-5.10.177 | v20.10.14 | v1.5.18 | v450.236.01(default),v470.182.03(R470),v525.105.17 |
Fixed CVE-2023-31486 in perl.
Fixed CVE-2023-3090 in the Linux kernel.
July 05, 2023
cos-93-16623-402-40
Kernel | Docker | Containerd | GPU Drivers |
COS-5.10.177 | v20.10.14 | v1.5.18 | v450.236.01(default),v470.182.03(R470),v525.105.17 |
Fixed CVE-2023-3268 in the Linux kernel.
June 29, 2023
cos-93-16623-402-39
Kernel | Docker | Containerd | GPU Drivers |
COS-5.10.177 | v20.10.14 | v1.5.18 | v450.236.01(default),v470.182.03(R470),v525.105.17 |
Upgraded sys-apps/file to v5.43-r1 to fix CVE-2019-18218.
June 26, 2023
cos-93-16623-402-36
Kernel | Docker | Containerd | GPU Drivers |
COS-5.10.177 | v20.10.14 | v1.5.18 | v450.236.01(default),v470.182.03(R470),v525.105.17 |
Updated cloud-udev-nvme-config to v20230526.00.
Updated toolbox to v20230615.
June 20, 2023
cos-93-16623-402-30
Kernel | Docker | Containerd | GPU Drivers |
COS-5.10.177 | v20.10.14 | v1.5.18 | v450.236.01(default),v470.182.03(R470),v525.105.17 |
Fixed CVE-2023-1972 in binutils.
Fixed CVE-2023-1972 in binutils-libs.
Fixed CVE-2023-34256 in the Linux kernel.
June 12, 2023
cos-93-16623-402-27
Kernel | Docker | Containerd | GPU Drivers |
COS-5.10.177 | v20.10.14 | v1.5.18 | v450.236.01(default),v470.182.03(R470),v525.105.17 |
Updated dev-libs/openssl to v1.1.1u. This resolves CVE-2023-2650.
Updated net-misc/curl to v8.1.0-r1. This resolves CVE-2023-28319, CVE-2023-28320, CVE-2023-28321, and CVE-2023-28322.
Fixed CVE-2022-4269 in the Linux kernel.
Fixed CVE-2022-4269 in the Linux kernel.
Fixed CVE-2022-4269 in the Linux kernel.
Fixed CVE-2023-2124 in the Linux kernel.
June 05, 2023
cos-93-16623-402-22
Kernel | Docker | Containerd | GPU Drivers |
COS-5.10.177 | v20.10.14 | v1.5.18 | v450.236.01(default),v470.182.03(R470),v525.105.17 |
Updated ncurses to v6.4p20220423. This resolves CVE-2023-29491.
May 30, 2023
cos-93-16623-402-21
Kernel | Docker | Containerd | GPU Drivers |
COS-5.10.177 | v20.10.14 | v1.5.18 | v450.236.01(default),v470.182.03(R470),v525.105.17 |
Fixed CVE-2023-28842 in docker.
May 22, 2023
cos-93-16623-402-17
Kernel | Docker | Containerd | GPU Drivers |
COS-5.10.177 | v20.10.14 | v1.5.18 | v450.236.01(default),v470.182.03(R470),v525.105.17 |
Updated app-emulation/cloud-init to 23.1.2 which fixes CVE-2023-1786.
Fixed CVE-2022-36109 in app-emulation/docker.
Updated app-editors/vim, app-editors/vim-core to v9.0.1562. This resolves CVE-2023-2609, CVE-2023-2610, CVE-2023-2426.
May 09, 2023
cos-93-16623-402-10
Kernel | Docker | Containerd | GPU Drivers |
COS-5.10.177 | v20.10.14 | v1.5.18 | v450.236.01(default),v470.182.03(R470),v525.105.17 |
Updated app-emulation/docker to v20.10.14. This resolves CVE-2023-28840, CVE-2023-28841, CVE-2023-28842, CVE-2022-36109, CVE-2022-27652.
Updated dev-libs/libxml2 to v2.10.4. This resolves CVE-2023-28484.
May 01, 2023
cos-93-16623-402-7
Kernel | Docker | Containerd | GPU Drivers |
COS-5.10.177 | v20.10.6 | v1.5.18 | v450.236.01(default),v470.182.03(R470),v525.105.17 |
Fixed an issue where chronyd does not restart after failure, resulting in the system time being out of sync.
Updated ncurses to v6.4p20220423. This resolves CVE-2023-29491.
Upgraded net-misc/curl to v8.0.1. This resolves CVE-2023-27534.
cos-93-16623-402-2
Date | Kernel | Docker | Containerd | GPU Drivers |
Apr 17, 2023 | COS-5.10.177 | v20.10.6 | v1.5.18 | v450.236.01(default),v470.182.03(R470),v525.105.17 |
Updated the Linux kernel to v5.10.177.
Add support for L4 GPU in cos-gpu-installer and fix cached driver installation for prebuilt driver modules.
Fixed an issue where pstore is not cleaned at boot time if COS metrics are disabled.
Updated google-guest-agent to v20230330.00.
Fixed race condition in io_uring in the Linux kernel.
Fixed CVE-2023-25809 in app-containers/runc.
Fixed CVE-2023-0465, CVE-2023-0466 in dev-libs/openssl.
Fix CVE-2022-4285 in binutils-libs
Runtime sysctl changes:
- Added: kernel.oops_limit: 10000
- Added: kernel.warn_limit: 0
- Changed: net.core.bpf_jit_limit: 264241152 -> 528482304
- Changed: net.netfilter.nf_conntrack_sctp_timeout_established: 432000 -> 210
- Deleted: net.netfilter.nf_conntrack_sctp_timeout_heartbeat_acked: 210
cos-93-16623-341-46
Date | Kernel | Docker | Containerd | GPU Drivers |
Apr 10, 2023 | COS-5.10.162 | v20.10.6 | v1.5.18 | v450.236.01(default),v470.182.03(R470),v525.105.17 |
Update default driver to 450.236.01. This resolves CVE CVE-2023-0184, CVE-2023-0189, CVE-2023-0180, CVE-2023-0185, CVE-2023-0198, CVE-2023-0199, CVE-2023-0188, CVE-2023-0190, CVE-2023-0194, CVE-2023-0195, CVE-2023-0191.
Updates the R470 driver to 470.182.03. This resolves CVE
CVE-2023-0184, CVE-2023-0189, CVE-2023-0180, CVE-2023-0185,
CVE-2023-0187, CVE-2023-0198, CVE-2023-0199, CVE-2023-0188,
CVE-2023-0190, CVE-2023-0194, CVE-2023-0195, CVE-2023-0191.
Also update latest driver to 525.105.17. This resolves CVE-2023-0184, CVE-2023-0189, CVE-2023-0180, CVE-2023-0183, CVE-2023-0185, CVE-2023-0187,
CVE-2023-0198, CVE-2023-0199, CVE-2023-0188, CVE-2023-0190,
CVE-2023-0194, CVE-2023-0195, CVE-2023-0191.
Fixed CVE-2023-0464 in dev-libs/openssl.
cos-93-16623-341-43
Date | Kernel | Docker | Containerd | GPU Drivers |
Apr 03, 2023 | COS-5.10.162 | v20.10.6 | v1.5.18 | v450.216.04(default),v470.161.03(R470),v525.60.13 |
Fixed CVE-2023-27561 in runc.
cos-93-16623-341-40
Date | Kernel | Docker | Containerd | GPU Drivers |
Mar 27, 2023 | COS-5.10.162 | v20.10.6 | v1.5.18 | v450.216.04(default),v470.161.03(R470),v525.60.13 |
Removed CONFIG_NET_CLS_TCINDEX
kernel config entry.
Fixed CVE-2023-23931 in dev-python/cryptography.
Fixed CVE-2023-28466 in the Linux kernel.
cos-93-16623-341-29
Date | Kernel | Docker | Containerd | GPU Drivers |
Mar 16, 2023 | COS-5.10.162 | v20.10.6 | v1.5.18 | v450.216.04(default),v470.161.03(R470),v525.60.13 |
Fixed a use-after-free issue in net/sched in the Linux kernel.
Updated app-editors/vim,app-editors/vim-core to v9.0.1403. This resolves CVE-2022-4292, CVE-2022-4141, CVE-2023-0049, CVE-2023-0433, CVE-2023-0288, CVE-2023-0512, CVE-2023-1127, CVE-2023-1170, CVE-2023-0051, CVE-2023-0054, CVE-2023-1175, CVE-2023-1355 and CVE-2023-1264.
cos-93-16623-341-27
Date | Kernel | Docker | Containerd | GPU Drivers |
Mar 06, 2023 | COS-5.10.162 | v20.10.6 | v1.5.18 | v450.216.04(default),v470.161.03(R470),v525.60.13 |
Updated app-emulation/containerd to v1.6.18. This resolves CVE-2023-25173 and CVE-2023-25153.
Update open-iscsi to 2.1.8 to fix CVE-2020-17437
Updated dev-go/text to v0.3.8. This fixes CVE-2022-32149.
Fix CVE-2022-4285 in binutils and CVE-2022-4285 in binutils-libs
Fixed CVE-2022-48303 in app-arch/tar
Fixed CVE-2019-13636 in the sys-devel/patch package.
Fixed CVE-2022-2928 and CVE-2022-2929 in net-misc/dhcp.
Fixed CVE-2020-11080 in net-libs/nghttp2.
Fixed CVE-2022-46663 in sys-apps/less and upgraded sys-apps/less to v608.
Fixed CVE-2019-18276 in app-shells/bash.
Update net-fs/cifs-utils to v6.15. Fixes CVE-2022-29869, CVE-2021-20208, and CVE-2022-27239 in net-fs/cifs-utils.
Fixed CVE-2021-27291 and CVE-2021-20270 in dev-python/pygments.
cos-93-16623-341-12
Date | Kernel | Docker | Containerd | GPU Drivers |
Feb 14, 2023 | COS-5.10.162 | v20.10.6 | v1.5.13 | v450.216.04(default),v470.161.03(R470),v525.60.13 |
Updated cos-gpu-installer to v2.0.31. This adds support for gsp_tu10x.bin and gsp_ad10x.bin gsp firmware files and removes the container dependency on python2.
Upgraded Nvidia latest drivers from v510.108.03 to v525.60.13.
Updated dev-libs/openssl to v1.1.1t. This resolves CVE-2022-4450, CVE-2023-0215, CVE-2022-4304 and CVE-2023-0286.
cos-93-16623-341-8
Date | Kernel | Docker | Containerd | GPU Drivers |
Jan 31, 2023 | COS-5.10.162 | v20.10.6 | v1.5.13 | v450.216.04(default),v470.161.03(R470),v510.108.03 |
Fixed CVE-2022-40897 in dev-python/setuptools.
Fixed CVE-2022-47929 in the Linux kernel.
Fixed CVE-2023-23454 in the Linux Kernel.
cos-93-16623-341-4
Date | Kernel | Docker | Containerd | GPU Drivers |
Jan 23, 2023 | COS-5.10.162 | v20.10.6 | v1.5.13 | v450.216.04(default),v470.161.03(R470),v510.108.03 |
Fixed a use-after-free bug in TCP in the Linux kernel.
cos-93-16623-341-1
Date | Kernel | Docker | Containerd | GPU Drivers |
Jan 17, 2023 | COS-5.10.162 | v20.10.6 | v1.5.13 | v450.216.04(default),v470.161.03(R470),v510.108.03 |
Updated the Linux kernel to v5.10.162.
Updated lxml to v4.6.5. This fixes CVE-2021-43818.
Fixed CVE-2022-47946 in the Linux kernel.
cos-93-16623-295-31
Date | Kernel | Docker | Containerd | GPU Drivers |
Jan 09, 2023 | COS-5.10.147 | v20.10.6 | v1.5.13 | v450.216.04(default),v470.161.03(R470),v510.108.03 |
Fixed no CNI info for pod sandbox on restart in app-emulation/containerd.
Fixed proc_skip_spaces in the Linux kernel to follow existing convention instead of acting as a wrapper to skip_spaces.
Updated Nvidia default drivers to v450.216.04 fixing CVE-2022-34670, CVE-2022-34674, CVE-2022-34675, CVE-2022-34677, CVE-2022-34679, CVE-2022-34680, CVE-2022-34682, CVE-2022-42254, CVE-2022-42256, CVE-2022-42257, CVE-2022-42258, CVE-2022-42259, CVE-2022-42260, CVE-2022-42261, CVE-2022-42262, CVE-2022-42263, CVE-2022-42264, R470 drivers to v470.161.03 fixing CVE-2022-34670, CVE-2022-34674, CVE-2022-34675, CVE-2022-34677, CVE-2022-34679, CVE-2022-34680, CVE-2022-34682, CVE-2022-42254, CVE-2022-42255, CVE-2022-42256, CVE-2022-42257, CVE-2022-42258, CVE-2022-42259, CVE-2022-42260, CVE-2022-42261, CVE-2022-42262, CVE-2022-42263, CVE-2022-42264 and latest to v510.108.03 fixing CVE-2022-34670, CVE-2022-34674, CVE-2022-34675, CVE-2022-34677, CVE-2022-34679,CVE-2022-34680, CVE-2022-34682, CVE-2022-34684, CVE-2022-42254, CVE-2022-42255,CVE-2022-42256, CVE-2022-42257, CVE-2022-42258, CVE-2022-42259, CVE-2022-42260,CVE-2022-42261, CVE-2022-42262, CVE-2022-42263, CVE-2022-42264.
Fixed CVE-2022-23471 in app-emulation/containerd.
Fixed CVE-2022-35260 and CVE-2022-32221 in net-misc/curl.
Fixed CVE-2022-42328,CVE-2022-42329 and CVE-2022-4696 in the Linux kernel.
cos-93-16623-295-22
Date | Kernel | Docker | Containerd | GPU Drivers |
Dec 12, 2022 | COS-5.10.147 | v20.10.6 | v1.5.13 | v450.203.03(default),v470.141.03(R470),v510.47.03 |
Updated dev-libs/libxml2 to v2.10.3. This resolves CVE-2022-40304 and CVE-2022-40303.
Fixed CVE-2022-36227 in app-arch/libarchive package.
cos-93-16623-295-19
Date | Kernel | Docker | Containerd | GPU Drivers |
Dec 05, 2022 | COS-5.10.147 | v20.10.6 | v1.5.13 | v450.203.03(default),v470.141.03(R470),v510.47.03 |
Set ManageForeignRoutes and ManageForeignRoutingPolicyRules to no
in case cos.disable_systemd_route_mgmt
is present in the kernel command line.
Fixed an IP-leakage issue in containerd caused by improper resource cleanup handling.
Fixed CVE-2022-3821 in sys-apps/systemd.
Fixed CVE-2022-3169 in the Linux kernel.
cos-93-16623-295-14
Date | Kernel | Docker | Containerd | GPU Drivers |
Nov 10, 2022 | COS-5.10.147 | v20.10.6 | v1.5.13 | v450.203.03(default),v470.141.03(R470),v510.47.03 |
Updated cos-gpu-installer to v2.0.29. This addresses CVE-2022-3602 in cos-gpu-installer.
cos-93-16623-295-11
Date | Kernel | Docker | Containerd | GPU Drivers |
Nov 07, 2022 | COS-5.10.147 | v20.10.6 | v1.5.13 | v450.203.03(default),v470.141.03(R470),v510.47.03 |
Updated app-editors/vim and app-editors/vim-core to v9.0.0828. This resolves CVE-2022-3234, CVE-2022-3235, CVE-2022-3256, CVE-2022-3278, CVE-2022-3296, CVE-2022-3297, CVE-2022-3324, CVE-2022-3352 and CVE-2022-3705.
Fixed CVE-2022-42915 in curl.
cos-93-16623-295-7
Date | Kernel | Docker | Containerd | GPU Drivers |
Oct 31, 2022 | COS-5.10.147 | v20.10.6 | v1.5.13 | v450.203.03(default),v470.141.03(R470),v510.47.03 |
Fixed CVE-2021-46848 in libtasn1.
Fixed CVE-2022-3524 in the Linux kernel.
cos-93-16623-295-5
Date | Kernel | Docker | Containerd | GPU Drivers |
Oct 24, 2022 | COS-5.10.147 | v20.10.6 | v1.5.13 | v450.203.03(default),v470.141.03(R470),v510.47.03 |
Fixed CVE-2022-2602 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 814064 -> 814062
cos-93-16623-295-3
Date | Kernel | Docker | Containerd | GPU Drivers |
Oct 17, 2022 | COS-5.10.147 | v20.10.6 | v1.5.13 | v450.203.03(default),v470.141.03(R470),v510.47.03 |
Enabled FANOTIFY_ACCESS_PERMISSIONS
configuration in kernel.
Updated the Linux kernel to v5.10.147.
Updated stackdriver logging agent to v1.9.8.
Fixed an issue related to systemd deleting iprules.
Updated open-vm-tools package to v12.1.0. This resolves CVE-2022-31676.
Updated net-misc/curl package to v7.85.0-r2. This resolves the following CVEs: CVE-2022-35252,CVE-2022-22576,CVE-2022-27774,CVE-2022-27775, CVE-2022-27776,CVE-2022-27778,CVE-2022-27779,CVE-2022-27780,CVE-2022-27781, CVE-2022-27782,CVE-2022-30115.
Fixed an out-of-bounds read in libarchive. This resolves CVE-2022-26280.
Updated vim/vim-core to v9.0.0467. This resolves the following CVEs: CVE-2022-3153,CVE-2022-3134,CVE-2022-3099,CVE-2022-3037,CVE-2022-3016, CVE-2022-2980,CVE-2022-2946,CVE-2022-2923,CVE-2022-2889,CVE-2022-2874, CVE-2022-2862,CVE-2022-2849,CVE-2022-2845,CVE-2022-2819,CVE-2022-2817, CVE-2022-2816,CVE-2022-2598,CVE-2022-2581,CVE-2022-2580,CVE-2022-2571, CVE-2022-2175,CVE-2022-2182,CVE-2022-2183,CVE-2022-2206,CVE-2022-2207, CVE-2022-2208,CVE-2022-2210,CVE-2022-2231,CVE-2022-2257,CVE-2022-2264, CVE-2022-2284,CVE-2022-2285,CVE-2022-2286,CVE-2022-2287,CVE-2022-2288, CVE-2022-2289,CVE-2022-2304,CVE-2022-2343,CVE-2022-2344,CVE-2022-2345, CVE-2022-2522,CVE-2022-2982.
Fixed CVE-2022-41222 in the Linux Kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 814062 -> 814064
cos-93-16623-227-41
Date | Kernel | Docker | Containerd | GPU Drivers |
Oct 06, 2022 | COS-5.10.133 | v20.10.6 | v1.5.13 | v450.203.03(default),v470.141.03(R470),v510.47.03 |
Fixed CVE-2022-20409 in the Linux Kernel.
cos-93-16623-227-38
Date | Kernel | Docker | Containerd | GPU Drivers |
Sep 26, 2022 | COS-5.10.133 | v20.10.6 | v1.5.13 | v450.203.03(default),v470.141.03(R470),v510.47.03 |
Fixed CVE-2022-2905 in the Linux kernel.
cos-93-16623-227-37
Date | Kernel | Docker | Containerd | GPU Drivers |
Sep 19, 2022 | COS-5.10.133 | v20.10.6 | v1.5.13 | v450.203.03(default),v470.141.03(R470),v510.47.03 |
Updated cos-gpu-installer to v2.0.27. This resolves the issue where multiple installers can be started in the same VM.
Updated app-arch/gzip to v1.12. This resolves CVE-2022-1271.
Fixed CVE-2022-3028 and CVE-2022-39188 in the Linux kernel.
cos-93-16623-227-33
Date | Kernel | Docker | Containerd | GPU Drivers |
Sep 12, 2022 | COS-5.10.133 | v20.10.6 | v1.5.13 | v450.203.03(default),v470.141.03(R470),v510.47.03 |
Upgraded the GPU driver version in the "latest" track to v510.47.03.
Updated cos-gpu-installer to v2.0.26. This resolves the compatibility issue with K80 GPU devices. When an incompatible driver version (R510+) is chosen in an instance with K80 GPU, the installer will automatically fall back to an available R470 driver version.
Fixed an issue causing zero verifier for FILE_SYNC and DATA_SYNC WRITEs.
Fixed a scenario of high contention state of the system in case filesystem is almost full and processes is trying to write content.
Fixed memory leak in the seccomp subsystem.
Updated gnutls to v3.7.7 fixing CVE-2022-2509.
Upgraded libtirpc to v1.3.3 fixing CVE-2021-46828.
Fixed CVE-2022-36946, CVE-2021-4037 in the Linux kernel.
cos-93-16623-227-24
Date | Kernel | Docker | Containerd | GPU Drivers |
Sep 06, 2022 | COS-5.10.133 | v20.10.6 | v1.5.13 | v450.203.03(default),v470.141.03 |
Updated gnutls to v3.7.6. This resolves CVE-2021-4209.
Fixed CVE-2021-3669 in the Linux kernel.
cos-93-16623-227-22
Date | Kernel | Docker | Containerd | GPU Drivers |
Aug 29, 2022 | COS-5.10.133 | v20.10.6 | v1.5.13 | v450.203.03(default),v470.141.03 |
Fixed issues in cos-gpu-installer where nvidia-peermem.ko was not installed and where driver signatures were included in the cached build tools.
Fixed CVE-2022-1158 in Linux Kernel.
cos-93-16623-227-19
Date | Kernel | Docker | Containerd | GPU Drivers |
Aug 22, 2022 | COS-5.10.133 | v20.10.6 | v1.5.13 | v450.203.03(default),v470.141.03 |
Updated net-misc/rsync to v3.2.5 and fixed CVE-2022-29154.
Updated dev-db/sqlite to v3.39.2 to fix CVE-2022-35737.
cos-93-16623-227-16
Date | Kernel | Docker | Containerd | GPU Drivers |
Aug 12, 2022 | COS-5.10.133 | v20.10.6 | v1.5.13 | v450.203.03(default),v470.141.03 |
Updated gvnic drivers to match M97.
Enable IOMMU_SUPPORT and IRQ_REMAP kernel configurations.
Runtime sysctl changes:
- Changed: fs.file-max: 814064 -> 814062
cos-93-16623-227-13
Date | Kernel | Docker | Containerd | GPU Drivers |
Aug 08, 2022 | COS-5.10.133 | v20.10.6 | v1.5.13 | v450.203.03(default),v470.141.03 |
Updated default Nvidia driver to v450.203.03 and latest Nvidia driver to v470.141.03.
Fixed CVE-2022-21505 in the Linux kernel.
cos-93-16623-227-10
Date | Kernel | Docker | Containerd | GPU Drivers |
Aug 01, 2022 | COS-5.10.133 | v20.10.6 | v1.5.13 | v450.172.01(default),v470.82.01 |
Updated toolbox to v20220722.
Updated the Linux kernel to v5.10.133. This includes mitigations for the Retbleed speculative execution vulnerability. This may have non-trivial performance impact on your workloads.
Runtime sysctl changes:
- Changed: fs.file-max: 814065 -> 814063
cos-93-16623-227-7
Date | Kernel | Docker | Containerd | GPU Drivers |
Jul 25, 2022 | COS-5.10.127 | v20.10.6 | v1.5.13 | v450.172.01(default),v470.82.01 |
Upgraded openssl to v1.1.1q to resolve CVE-2022-2097.
cos-93-16623-227-6
Date | Kernel | Docker | Containerd | GPU Drivers |
Jul 18, 2022 | COS-5.10.127 | v20.10.6 | v1.5.13 | v450.172.01(default),v470.82.01 |
Moved the toolchain source from gs://chromiumos-sdk to gs://cos-sdk.
Updated net-misc/curl to v7.84.0. This resolves CVE-2022-32205, CVE-2022-32206, CVE-2022-32207, and CVE-2022-32208.
Fixed CVE-2022-33743 in the Linux kernel.
cos-93-16623-227-1
Date | Kernel | Docker | Containerd | GPU Drivers |
Jul 11, 2022 | COS-5.10.127 | v20.10.6 | v1.5.13 | v450.172.01(default),v470.82.01 |
Updated the built-in kubectl/kubelet to 1.21.14.
Updated cos-gpu-installer to fetch the COS toolchain from gs://cos-tools instead of gs://chromiumos-sdk.
Update runc to v1.1.2.
Added pci=clearmsi option for kdump stackdriver.
Updated the Linux kernel to v5.10.127.
Updated toolbox to v20220630.
Updated net-dns/c-ares to 1.17.2.
Upgraded contanerd to 1.5.11 and fixed CVE-2022-24769.
Updated app-editors/vim and app-editors/vim-core to v8.2.5066. This resolves CVE-2022-2126,CVE-2022-2125,CVE-2022-2124,CVE-2022-2129,CVE-2022-1720, CVE-2022-1942,CVE-2022-1886,CVE-2022-1851,CVE-2022-1160,CVE-2022-1154, CVE-2022-1381,CVE-2022-1420,CVE-2022-1733,CVE-2022-1796,CVE-2022-1769, CVE-2022-1735,CVE-2022-1674,CVE-2022-1771,CVE-2022-1620,CVE-2022-1785, CVE-2022-1629,CVE-2022-1616,CVE-2022-1621,CVE-2022-1619,CVE-2022-1927, CVE-2022-1898, CVE-2022-0696,CVE-2022-0729,CVE-2022-0572,CVE-2022-0685, CVE-2022-0714,CVE-2022-0629 and CVE-2022-0943.
Updated net-misc/curl to 7.83.1. This resolves CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776, CVE-2022-27778, CVE-2022-27779, CVE-2022-27780, CVE-2022-27781, CVE-2022-27782, CVE-2022-30115.
Upgraded dev-libs/libxml2 to 2.9.13-r1. This resolves CVE-2022-23308.
Fixed CVE-2022-28893, CVE-2022-0494 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 814062 -> 814063
- Changed: kernel.random.poolsize: 4096 -> 256
- Changed: kernel.random.write_wakeup_threshold: 896 -> 256
cos-93-16623-171-33
Date | Kernel | Docker | Containerd | GPU Drivers |
Jul 06, 2022 | COS-5.10.109 | v20.10.6 | v1.5.13 | v450.172.01(default),v470.82.01 |
Fixed CVE-2022-29217 in dev-python/pyjwt.
Upgraded openssl to v1.1.1p to resolve CVE-2022-2068.
cos-93-16623-171-31
Date | Kernel | Docker | Containerd | GPU Drivers |
Jun 21, 2022 | COS-5.10.109 | v20.10.6 | v1.5.13 | v450.172.01(default),v470.82.01 |
Fixed CVE-2022-29162 in runc.
cos-93-16623-171-26
Date | Kernel | Docker | Containerd | GPU Drivers |
Jun 13, 2022 | COS-5.10.109 | v20.10.6 | v1.5.13 | v450.172.01(default),v470.82.01 |
Fixed a Linux kernel write IOPS regression with nfsd.
Updated containerd to v1.5.13. This resolves CVE-2022-31030.
cos-93-16623-171-24
Date | Kernel | Docker | Containerd | GPU Drivers |
Jun 03, 2022 | COS-5.10.109 | v20.10.6 | v1.5.11 | v450.172.01(default),v470.82.01 |
Fixed the toolbox creation issue when service account is not available.
Fixed CVE-2022-30594 and CVE-2022-1516 in the Linux Kernel.
Fixed a bug in KTD LSM xattr handling.
cos-93-16623-171-20
Date | Kernel | Docker | Containerd | GPU Drivers |
May 25, 2022 | COS-5.10.109 | v20.10.6 | v1.5.11 | v450.172.01(default),v470.82.01 |
Fixed CVE-2022-1729 in the Linux Kernel.
cos-93-16623-171-19
Date | Kernel | Docker | Containerd | GPU Drivers |
May 23, 2022 | COS-5.10.109 | v20.10.6 | v1.5.11 | v450.172.01(default),v470.82.01 |
Fixed an issue that prevented large cloud-configs (~256KB) from working properly.
Upgraded openssl to v1.1.1o. This resolves CVE-2022-1292.
Upgraded dev-libs/libxml2 to v2.9.14. This resolves CVE-2022-29824.
Upgraded dev-libs/libxslt to v1.1.35. This resolves CVE-2022-29824.
Updated sys-libs/ncurses to v6.3_p20220423. This resolves CVE-2022-29458.
Fixed CVE-2022-1786, CVE-2022-28893 and CVE-2022-0494 in the Linux kernel.
cos-93-16623-171-10
Date | Kernel | Docker | Containerd | GPU Drivers |
Apr 25, 2022 | COS-5.10.109 | v20.10.6 | v1.5.11 | v450.172.01(default),v470.82.01 |
Made /var/lib/chrony owned by chrony user.
Fixed CVE-2022-29581 and CVE-2022-29582 in the Linux kernel.
cos-93-16623-171-6
Date | Kernel | Docker | Containerd | GPU Drivers |
Apr 18, 2022 | COS-5.10.109 | v20.10.6 | v1.5.11 | v450.172.01(default),v470.82.01 |
Upgraded containerd to 1.5.11. This fixes CVE-2022-24769.
Upgraded dev-libs/libxml2 to 2.9.13-r1. This fixes CVE-2022-23308.
Updated app-editors/vim and app-editors/vim-core to v8.2.4586. This fixes CVE-2022-0696,CVE-2022-0729,CVE-2022-0572,CVE-2022-0685, CVE-2022-0714,CVE-2022-0629 and CVE-2022-0943.
cos-93-16623-171-1
Date | Kernel | Docker | Containerd | GPU Drivers |
Apr 07, 2022 | COS-5.10.109 | v20.10.6 | v1.5.10 | v450.172.01(default),v470.82.01 |
Updated default GPU driver version to v450.172.01.
Upgraded app-admin/google-guest-agent to v20220104.00.
Updated oslogin to v20220113.00.
Updated containerd to v1.5.10.
Updated the built-in kubectl/kubelet to v1.21.9.
Updated the Linux kernel to v5.10.109.
Added option to GPU driver installation script for populating and resetting toolchain cache.
Added command "cos-extensions list -- --gpu-installer" to show the default cos-gpu-installer.
Added support for NFSv4 Kerberos authentication.
Fixed the issue where IPv4 times out by waiting for IPv4 address indefinitely.
Increased the number of vCPUs supported from 256 to 512.
Updated CIS compliance scripts to fix the "ambiguous redirect" error in the 5440-configure-default-user-umask.sh script.
Enabled IBLOCK and FILEIO iSCSI backing stores kernel configuration.
Fixed the bug that created excessive warning logs on missing attrs.tag from container logs.
Upgraded cos-gpu-installer-v2 to v2.0.17 in cos-extensions. Refined error message for installing latest driver. Preinstalled dependencies are now detected separately.
Upgraded net-misc/dhcp to v4.4.2. This fixes CVE-2021-25217.
Runtime sysctl changes:
- Added: dev.cdrom.autoclose: 1
- Added: dev.cdrom.autoeject: 0
- Added: dev.cdrom.check_media: 0
- Added: dev.cdrom.debug: 0
- Added: dev.cdrom.info:
- Added: dev.cdrom.lock: 1
cos-93-16623-102-34
Date | Kernel | Docker | Containerd | GPU Drivers |
Mar 25, 2022 | COS-5.10.90 | v20.10.6 | v1.5.4 | v450.119.04(default),v470.82.01 |
Fixed CVE-2022-27666, CVE-2022-1055 and CVE-2020-36516 in the Linux Kernel.
Upgraded openssl package to v1.1.1n to fix CVE-2022-0778.
cos-93-16623-102-28
Date | Kernel | Docker | Containerd | GPU Drivers |
Mar 21, 2022 | COS-5.10.90 | v20.10.6 | v1.5.4 | v450.119.04(default),v470.82.01 |
Fixed CVE-2021-22570 in libprotobuf.
cos-93-16623-102-27
Date | Kernel | Docker | Containerd | Default GPU Driver |
Mar 15, 2022 | COS-5.10.90 | v20.10.6 | v1.5.4 | v450.119.04 |
Fixed an issue in systemd to consider primary network interface configured only after non-link-local IPv4 address is available.
cos-93-16623-102-23
Date | Kernel | Docker | Containerd | Default GPU Driver |
Mar 07, 2022 | COS-5.10.90 | v20.10.6 | v1.5.4 | v450.119.04 |
Enabled disk_setup module in cloud-init.
Fixed CVE-2022-0847 in the Linux kernel.
Fixed CVE-2022-23648 in containerd.
cos-93-16623-102-19
Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
Feb 28, 2022 | COS-5.10.90 | v1.21.8 | v20.10.6 | v1.5.4 | v450.119.04 |
Fixed CVE-2021-45346 in dev-db/sqlite.
Fixed segmentation fault in ebtables.
Fixed get_status API in device policy manager.
Renamed cos-alphabet-compliance package to cis-compliance.
cos-93-16623-102-12
Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
Feb 14, 2022 | COS-5.10.90 | v1.21.8 | v20.10.6 | v1.5.4 | v450.119.04 |
Fixed issue related to shim exiting during system shutdown.
Fixed an issue in containerd where pods returned "failed to reserve container name".
Updated app-editors/vim and app-editors/vim-core to v8.2.4328. This resolves CVE-2021-4187, CVE-2022-0128, CVE-2022-0156, CVE-2022-0158, CVE-2022-0261, CVE-2022-0318, CVE-2022-0319, CVE-2022-0392, CVE-2022-0368, CVE-2022-0393, CVE-2022-0361, CVE-2022-0359, CVE-2022-0413, CVE-2022-0408, CVE-2022-0407, and CVE-2022-0443.
Fixed CVE-2022-0492 in the Linux kernel.
cos-93-16623-102-8
Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
Feb 07, 2022 | COS-5.10.90 | v1.21.8 | v20.10.6 | v1.5.4 | v450.119.04 |
Upgraded latest GPU driver version to v470.82.01.
Fixed an issue in containerd where layer hashes were sometimes computed incorrectly for large self-hosted containers.
Runtime sysctl changes:
- Changed: net.ipv4.tcp_mem: 94245 125663 188490 -> 94248 125664 188496
- Changed: net.ipv4.udp_mem: 188493 251327 376986 -> 188496 251328 376992
cos-93-16623-102-5
Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
Jan 31, 2022 | COS-5.10.90 | v1.21.8 | v20.10.6 | v1.5.4 | v450.119.04 |
Backported fixes for CVE-2021-43816 in containerd.
cos-93-16623-102-4
Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
Jan 20, 2022 | COS-5.10.90 | v1.21.8 | v20.10.6 | v1.5.4 | v450.119.04 |
Fixed an issue where IPv6 address allocation sometimes fails in systemd.
Fixed a privilege escalation vulnerability in fs_context in the Linux kernel. This resolves CVE-2022-0185.
Runtime sysctl changes:
- Changed: net.ipv6.conf.all.forwarding: 1 -> 0
- Changed: net.ipv6.conf.default.forwarding: 1 -> 0
- Changed: net.ipv6.conf.docker0.forwarding: 1 -> 0
- Changed: net.ipv6.conf.eth0.forwarding: 1 -> 0
- Changed: net.ipv6.conf.lo.forwarding: 1 -> 0
cos-93-16623-102-1
Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
Jan 18, 2022 | COS-5.10.90 | v1.21.8 | v20.10.6 | v1.5.4 | v450.119.04 |
Updated the built-in kubernetes version to v1.21.8.
Updated the Linux kernel to v5.10.90.
Enabled cos-extensions to fetch artifacts with geo-redundancy when installing GPU driver.
Added crictl commands to sosreport.
Created kernel config file under /boot directory.
Added support for consistent device naming for NVMe disks.
Fixed kernel crash dump collection.
Fixed resolv.conf in toolbox.
Update vim and vim-core to v8.2.3950. This resolves the following CVEs: CVE-2021-4193, CVE-2021-4192, CVE-2021-4173, CVE-2021-4166, CVE-2021-4136.
Upgraded dev-libs/libgcrypt to v1.9.4. This resolves CVE-2021-40528.
Runtime sysctl changes:
- Changed: fs.epoll.max_user_watches: 1667911 -> 1667850
- Changed: fs.file-max: 814099 -> 814074
- Changed: kernel.threads-max: 63625 -> 63623
- Changed: net.ipv4.tcp_mem: 94251 125668 188502 -> 94245 125663 188490
- Changed: net.ipv4.udp_mem: 188502 251336 377004 -> 188493 251327 376986
- Changed: user.max_cgroup_namespaces: 31812 -> 31811
- Changed: user.max_ipc_namespaces: 31812 -> 31811
- Changed: user.max_mnt_namespaces: 31812 -> 31811
- Changed: user.max_net_namespaces: 31812 -> 31811
- Changed: user.max_pid_namespaces: 31812 -> 31811
- Changed: user.max_time_namespaces: 31812 -> 31811
- Changed: user.max_user_namespaces: 31812 -> 31811
- Changed: user.max_uts_namespaces: 31812 -> 31811
cos-93-16623-39-40
Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
Jan 11, 2022 | COS-5.10.68 | v1.21.3 | v20.10.6 | v1.5.4 | v450.119.04 |
Upgraded dev-libs/nspr to v3.42. This resolves CVE-2021-43527.
Upgraded dev-libs/nss to v3.73. This resolves CVE-2021-43527.
Upgraded app-crypt/nss to v3.73. This resolves CVE-2021-43527.
Upgraded app-emulation/runc to v1.0.3. This resolves CVE-2021-43784.
Updated vim and vim-core to v8.2.3741. This resolves CVE-2021-3973, CVE-2021-3968, CVE-2021-4069, CVE-2021-4019, CVE-2021-3984 and CVE-2021-3974.
Fixed a double-free issue in packet_set_ring in the Linux kernel.
Fixed CVE-2021-4155 in the Linux kernel.
Fixed access to private toolbox images hosted on GCR.
cos-93-16623-39-30
Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
Dec 07, 2021 | COS-5.10.68 | v1.21.3 | v20.10.6 | v1.5.4 | v450.119.04 |
Fixed the bug that resolv.conf can be broken by toolbox.
Fixed CVE-2021-4002 in the Linux Kernel.
cos-93-16623-39-28
Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
Dec 01, 2021 | COS-5.10.68 | v1.21.3 | v20.10.6 | v1.5.4 | v450.119.04 |
Fixed CVE-2021-41190 in app-emulation/docker.
Fixed CVE-2021-41190 in app-emulation/containerd.
Fixed CVE-2021-41617 in openssh.
Fixed CVE-2021-43618 in gmp.
Fixed CVE-2020-14387 in rsync.
cos-93-16623-39-21
Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
Nov 15, 2021 | COS-5.10.68 | v1.21.3 | v20.10.6 | v1.5.4 | v450.119.04 |
Fixed UUID parsing in kernel crash dump collection.
Updated vim and vim-core to v8.2.3582. This fixes CVE-2021-3872, CVE-2021-3875, CVE-2021-3903, CVE-2021-3927 and CVE-2021-3928.
Updated dev-libs/nettle to v3.7.3. This fixes CVE-2021-3580.
cos-93-16623-39-16
Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
Nov 08, 2021 | COS-5.10.68 | v1.21.3 | v20.10.6 | v1.5.4 | v450.119.04 |
Upgraded app-arch/libarchive to v3.5.2. This fixes CVE-2021-36976.
cos-93-16623-39-13
Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
Nov 03, 2021 | COS-5.10.68 | v1.21.3 | v20.10.6 | v1.5.4 | v450.119.04 |
Fixed plugin timeout for checking boot disk size inconsistencies.
Backported fixes for CVE-2021-41103 in containerd.
Upgraded openssl to 1.1.1l. This fixes CVE-2021-3711.
Fixed CVE-2021-22945 in net-misc/curl.
Fixed CVE-2021-39537 in ncurses package.
Updated vim to v8.2.3428. This resolves CVE-2021-3796, CVE-2021-3778, and CVE-2021-3770.
Fixes CVE-2021-41864 in the Linux kernel.
cos-93-16623-39-6
Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
Oct 18, 2021 | COS-5.10.68 | v1.21.3 | v20.10.6 | v1.5.4 | v450.119.04 |
This is a Stable release.
cos-beta-93-16623-39-6
Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
Oct 07, 2021 | COS-5.10.68 | v1.21.3 | v20.10.6 | v1.5.4 | v450.119.04 |
Installed the kernel configuration in the /boot directory.
Fixed an issue where GPU drivers wouldn't load due to being incorrectly linked.
Fixed an issue where docker stats
returned zeroes for some containers.
cos-beta-93-16623-39-1
Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
Sep 29, 2021 | COS-5.10.68 | v1.21.3 | v20.10.6 | v1.5.4 | v450.119.04 |
Updated the Linux kernel to v5.10.68.
Fixed CVE-2020-12403 in dev-libs/nss.
Fixed CVE-2019-17594 and CVE-2019-17595 in sys-libs/ncurses.
cos-beta-93-16623-0-23
Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
Sep 27, 2021 | COS-5.10.57 | v1.21.3 | v20.10.6 | v1.5.4 | v450.119.04 |
Updated app-emulation/containerd to v1.5.4. This resolves CVE-2021-32760.
Updated glib, glib-utils and gdbus-codegen to v2.68.3. This resolves CVE-2021-28153.
cos-beta-93-16623-0-15
Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
Sep 07, 2021 | COS-5.10.57 | v1.21.3 | v20.10.6 | v1.5.3 | v450.119.04 |
Upgraded net-misc/curl to v7.78.0. This resolves CVE-2021-22924 and CVE-2021-22926.
cos-beta-93-16623-0-13
Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
Sep 02, 2021 | COS-5.10.57 | v1.21.3 | v20.10.6 | v1.5.3 | v450.119.04 |
Fixed an issue where some NFS clients ran out of memory and crashed.
Runtime sysctl changes:
- Changed: fs.file-max: 9223372036854775807 -> 814100
- Changed: fs.nr_open: 1073741816 -> 1048576
- Changed: net.ipv4.tcp_fastopen_key: 763328f0-eed1e25b-33ba5cd4-36e8e00d -> 11665687-fa208935-2719c70f-e7f2feb2
cos-beta-93-16623-0-5 (vs Milestone 89)
Date | Kernel | Kubernetes | Docker | Containerd | Default GPU Driver |
Aug 23, 2021 | COS-5.10.57 | v1.21.3 | v20.10.6 | v1.5.3 | v450.119.04 |
Upgraded systemd to v248.6.
Upgraded sys-apps/cloud-disk-resize to commit edbe236.
Updated oslogin to v20210707.00.
Updated google-guest-agent to v20210707.00.
Upgraded the Linux kernel to v5.10.57.
Updated the built-in kubectl/kubelet to v1.21.3.
Upgraded containerd to v1.5.3.
Updated sosreport to v4.1.
Updated chronyd to v4.1.
Updated docker-credential-gcr to v2.0.5.
Updated docker-cli to v20.10.6.
Updated ChromeOS base to ChromeOS version v14056.0.0.
Upgraded Linux Audit (sys-process/audit) to v3.0.2.
Upgraded xfsprogs to version v5.10.
Upgraded dev-util/gdbus-codegen to version v2.66.7 on x86.
Updated the stackdriver logging agent to v1.8.9.
Updated app-emulation/docker-proxy to v0.8.0_p20210525.
Updated app-emulation/docker-credential-helpers to v0.6.4.
Upgraded cloud-init to v21.2.
Updated docker to v20.10.6.
Updated makedumpfile package to v1.6.9.
Upgraded sys-auth/pambase to version v20201103.
Upgraded sys-libs/pam to version v1.5.1.
Upgraded sys-auth/passwdqc to version v1.4.0.
Updated chronyd to run as the chrony user instead of the root user.
Runtime sysctl changes:
- Added: kernel.hung_task_all_cpu_backtrace: 0
- Added: kernel.oops_all_cpu_backtrace: 0
- Added: kernel.sched_deadline_period_max_us: 4194304
- Added: kernel.sched_deadline_period_min_us: 100
- Added: net.ipv4.ip_autobind_reuse: 0
- Added: net.ipv4.nexthop_compat_mode: 1
- Added: net.ipv4.tcp_comp_sack_slack_ns: 100000
- Added: net.ipv4.tcp_no_ssthresh_metrics_save: 1
- Added: net.ipv4.tcp_reflect_tos: 0
- Added: net.ipv6.conf.all.rpl_seg_enabled: 0
- Added: net.ipv6.conf.default.rpl_seg_enabled: 0
- Added: net.ipv6.conf.docker0.rpl_seg_enabled: 0
- Added: net.ipv6.conf.eth0.rpl_seg_enabled: 0
- Added: net.ipv6.conf.lo.rpl_seg_enabled: 0
- Added: user.max_time_namespaces: 31820
- Added: vm.compaction_proactiveness: 20
- Added: vm.page_lock_unfairness: 5
- Changed: fs.epoll.max_user_watches: 1668751 -> 1668321
- Changed: fs.file-max: 814576 -> 9223372036854775807
- Changed: fs.nr_open: 1048576 -> 1073741816
- Changed: fs.epoll.max_user_watches: 1668321 -> 1667911
- Changed: kernel.printk_devkmsg: ratelimit -> on
- Changed: kernel.threads-max: 63658 -> 63625
- Changed: kernel.cap_last_cap: 37 -> 40
- Changed: kernel.usermodehelper.bset: 4294967295 63 -> 4294967295 511
- Changed: kernel.usermodehelper.inheritable: 4294967295 63 -> 4294967295 511
- Changed: net.ipv4.tcp_fastopen_blackhole_timeout_sec: 3600 -> 0
- Changed: net.ipv4.tcp_fastopen_key: 00000000-00000000-00000000-00000000 -> 763328f0-eed1e25b-33ba5cd4-36e8e00d
- Changed: net.ipv4.tcp_mem: 94299 125733 188598 -> 94251 125668 188502
- Changed: net.ipv4.udp_mem: 188598 251466 377196 -> 188502 251336 377004
- Changed: net.ipv6.conf.all.forwarding: 0 -> 1
- Changed: net.ipv6.conf.default.forwarding: 0 -> 1
- Changed: net.ipv6.conf.docker0.forwarding: 0 -> 1
- Changed: net.ipv6.conf.eth0.forwarding: 0 -> 1
- Changed: net.ipv6.conf.lo.forwarding: 0 -> 1
- Changed: net.core.bpf_jit_kallsyms: 0 -> 1
- Changed: user.max_cgroup_namespaces: 31829 -> 31812
- Changed: user.max_ipc_namespaces: 31829 -> 31812
- Changed: user.max_mnt_namespaces: 31829 -> 31812
- Changed: user.max_net_namespaces: 31829 -> 31812
- Changed: user.max_pid_namespaces: 31829 -> 31812
- Changed: user.max_time_namespaces: 31820 -> 31812
- Changed: user.max_user_namespaces: 31829 -> 31812
- Changed: user.max_uts_namespaces: 31829 -> 31812
- Deleted: kernel.random.read_wakeup_threshold: 64
Removed toolbox's dependency on docker command.
Added sys-block/open-iscsi package.
Renamed 99-virtio.network to 99-default.network to include gve driver support.
Enabled IPV6 configuration by default. This does not disable IPV4 configuration. In addition, fixed an issue where enabling both IPv6 and IPv4 configuration on IPv4-exclusive networks resulted in slow boot times.
Upgraded cos-gpu-installer-v2 to v2.0.9 in cos-extensions. Users can now specify --version=latest when installing GPU drivers.
Added support for ext4 journal checkpointing in the Linux kernel.
Enabled ip6table_nat as module.
Enabled CONFIG_TLS and CONFIG_TLS_DEVICE in the kernel to support kTLS.
Enabled CONFIG_MEMORY_FAILURE and CONFIG_X86_MCE in the Linux kernel.
Enabled CONFIG_IP6_NF_MANGLE to allow ip6table_mangle kernel module.
Enabled CONFIG_TLS in the kernel to support OpenSSL3.0.
Added support for multiple architectures in toolbox.
Fixed 32 x truesize under-estimation for tiny skbs in the Linux kernel.
Fixed an issue in google-guest-agent where the GID of a user's home directory referred to a different user after a reboot.
Fixed a kernel crash due to fast commit changes.
Configured google-guest-agent to use usermod instead of gpasswd to add users to groups. This fixes an issue where users created through cloud-init sometimes were not added to the appropriate groups.
Upgraded openssl package to v1.1.1k to resolve CVEs CVE-2021-3449 and CVE-2021-3450.
Upgraded net-misc/wget to v1.21.1. This also resolves CVE-2021-31879.
Upgraded libgcrypt to v1.9.3. This fixes CVE-2021-33560.
Upgraded OpenSSH to v8.5_p1. This resolved CVE-2021-28041.
Upgraded libgcrypt to v1.9.1. This addresses CVE-2021-3345.
Upgraded dev-python/jinja to v2.11.3. This addresses CVE-2020-28493.