Skip to content

3.0.20241203

Latest
Compare
Choose a tag to compare
@jslobodzian jslobodzian released this 06 Dec 21:50
· 53 commits to 3.0 since this release

Note that this release of 3.0 is signed differently from the previous releases with respect to secure boot. The shim and kernel must be upgraded together for this release.


Generic Kernel version-release: kernel-6.6.57.1-5

Add kernel-64k.
Add make dependency to kata-packages-uvm
Add merge conflict github PR check
Add nftables
Add obsoletes and provides to fix errors in shim-unsigned upgrade to shim
Add tdnf installonlypkgs functionality to tdnf on Azure Linux 3.0
Change name produced for cvm and marketplace images
Enable Dracut's livenet rootfs handling when systemd-networkd is in use.
Enable Intel Ethernet Connection E800 networking driver
Enable lua support for fluent-bit
Enable signature verification of kexec kernel and use new Mariner Trusted Base CA in trusted keyring
Extended CVE-2024-10224 patch and fixed ptests in perl-Module-ScanDeps. (Note the previous CVE fix for CVE-2024-10224 in version 1.35-2 was only partially resolved. Upgrade to 1.35-3 for the full fix.)
Fix CVE-2024-24786 in multiple packages by patching
Fix Multus CVE-2023-39325, CVE-2023-44487 and CVE-2023-45288
Fix busybox CVE-2023-42366
Fix fluent-bit CVE-2024-25431
Fix glib CVE-2024-52533
Fix libsoup CVE-2024-52530, CVE-2024-52531, CVE-2024-52532
Fix mysql for CVE-2012-2677
Fix nano for CVE-2024-5742 for
Fix netplan CVE-2022-4968
Fix nmap for CVE-2023-7256 and CVE-2024-8006
Fix nodejs CVE-2024-21538
Fix python-pip for CVE-2024-37891 for
Fix python-werkzeug for CVE-2024-49767
Fix pytorch CVE-2024-5187
Fix unzip for CVE-2022-0529 and CVE-2022-0530
Fix xorg-x11-server-Xwayland for CVE-2024-9632
Fox Prometheus CVE-2023-45288

Modified mysql to explicitly not use curl (this was the mysql default but this intentional change clarifies that curl is not used from either the system or the bundled version)
Removed references to old dm-verity boot tooling
Toolkit: Use systemd-detect-virt instead of /.dockerenv to detect container builds.
Update CONFIG_DRM as loadable module and create sub-package for in-tree amdgpu modules
Update shim to v15.8
Upgrade SymCrypt to 103.6.0
Upgrade SymCrypt-OpenSSL to 1.6.1
Upgrade Valkey to 8.0.1 to fix CVE-2024-31449 CVE-2024-21228 CVE-2024-31227
Upgrade golang to version to 1.23.3-1
Upgrade mariadb to 10.11.10 none
Upgrade nvidia container toolkit and libnvidia-containers to v1.17.1
Upgrade postgresql to 16.5 to fix CVE-2024-10976, CVE-2024-10977, CVE-2024-10978, CVE-2024-10979

Image Customizer: Bump to v0.8
Image Customizer: generate PXE-bootable ISO images.