2.0.20240609
Generic Kernel version-release: kernel-5.15.158.2-1
Added azl-compliance
package.
Added tzdata
dependency for php-pecl-zip
.
Added back-compat symlink for docker-proxy
to moby-engine
.
Added fix for cloud-init growpart to selinux-policy
.
Added patch for kubevirt
CVE-2024-24786.
Added patch for pytorch
CVE-2024-27318.
Added patch for ruby CVE-2024-35176.
Added patch for rubygem-rexml CVE-2024-35176.
Added patch in cri-o
for CVE-2024-21626.
Added patch to moby-engine
to address CVE-2023-44487.
Added patch to nodejs18
to address CVE-2023-21100.
Added patch to add network interface renaming support for CAPM3 Met
.
Added stable release maintainers to CODEOWNERS
.
Addressed graphviz
CVE-2023-46045 & CVE-2020-18032.
Addressed hvloader
openssl related CVEs (CVE-2023-0286, CVE-2023-0215, CVE-2022-4450, CVE-2022-4304).
Addressed reaper
CVE-2024-4068.
Addressed hyperv-daemons CVE-2024-26951, CVE-2024-26961, CVE-2024-26965, CVE-2024-26966, CVE-2024-26973, CVE-2024-26977, CVE-2024-26984, CVE-2024-26993, CVE-2024-27000, CVE-2024-27018, CVE-2024-35848, CVE-2024-35912, CVE-2024-36008, CVE-2023-3269, CVE-2023-3338, CVE-2023-33951, CVE-2023-33952, CVE-2023-35826.
Addressed kernel CVE-2022-38096, CVE-2023-47233, CVE-2023-52827, CVE-2024-25739, CVE-2024-26900, CVE-2024-26902, CVE-2024-26929, CVE-2024-26934, CVE-2024-26949, CVE-2024-26952, CVE-2024-26979, CVE-2024-27013, CVE-2024-27015, CVE-2024-27016, CVE-2024-27018, CVE-2024-27019, CVE-2024-27020, CVE-2024-35978, CVE-2024-35982, CVE-2024-35984, CVE-2024-35990, CVE-2024-35997, CVE-2024-36008, CVE-2023-52447, CVE-2024-21803, CVE-2024-26587, CVE-2024-26588.
Attached EOL manifest to base containers as well.
Built redis
with BUILD_TLS=yes
.
CVE-2022-34169: docbook-style-xsl
- upgraded embedded xalan jar from 2.7.2 to 2.7.3.
Enabled KNI module in DPDK
build.
Fixed ceph
CVE-2023-43040.
Fixed dhcp
CVE-2022-38177, CVE-2022-38178, CVE-2022-2795 for bind
.
Fixed fluent-bit
CVE-2024-34250.
Fixed Fluent-bit
issues #8198 and #8025.
Fixed glibc
nscd breakage and patched CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602.
Fixed kubernetes
missing autopatch for CVE-2023-5408.
Fixed moby-compose
CVE-2024-24786, CVE-2024-23650, CVE-2023-2253.
Fixed openssl
CVE-2023-50782 affecting python-cryptography
.
Fixed openssl
to only free buffers when done.
Fixed prometheus-adapter
CVE-2024-24786.
Fixed python-jinja2
for CVE-2024-34064.
Fixed pytorch
CVE-2024-31584.
Fixed CVE-2023-45288 in multiple packages.
Fixed CVE-2023-48795 in moby-compose
by patching vendor packages.
Fixed CVE-2024-3154 in package cri-o
.
Fixed CVE-2024-34459 for libxml2
.
Fixed epoch matching in 'InstallPackageRegex'.
Fixed Kubernetes missing auto patch.
Fixed Perl automatic requires and provides.
Fixed Ptest zchunk
.
Mitigated libdwarf
CVE-2024-2002.
Moved nmi
from SPEC
to SPEC-EXTENDED
.
Moved src tarballs to AME
- mariner 2.0.
Patched apparmor
for CVE-2024-31755.
Patched bluez
for CVE-2023-50229.
Patched ceph
for multiple CVEs.
Patched coredns
cache plugin to address CVE-2024-0874.
Patched cups
CVE-2022-26691.
Patched dhcp
for CVE-2023-2828.
Patched frr
CVE-2024-27913 and CVE-2024-34088.
Patched libvirt
for CVE-2024-4418.
Patched python-requests
CVE-2024-35195.
Patched python-tqdm
CVE-2024-34062.
Patched python-werkzeug
CVE-2024-34069.
Patched ruby
CVE-2024-27282.
Patched CVE-2024-26147 for cert-manager
.
Re-fixed telegraf
CVE-2024-28110.
Refactored Golden Container main.
Removed newly added explicit version dependencies in gdal
and netcdf
.
Resolved hvloader
CVEs in edk2
's bundled openssl.
Resolved telegraf
CVE-2024-27289.
Resolved overflow warnings from installutils.go:ProvisionUserSSHCerts
.
Resolved regressed ansible
CVE-2023-5764.
Tuned some kernel configs for aarch64
.
Updated facter
version to support Mariner
.
Updated kernel-mos
to 5.15.158.2.
Updated python h5py
to fix build break caused by recent HDF5 update.
Updated and corrected ruby
CVE-2024035176.patch.
Updated OpenSSL version in python-cryptography
to fix CVE-2023-50782.
Upgraded azcopy
to 10.24.0 to fix multiple security issues.
Upgraded azl-compliance
to version 1.0.2.
Upgraded clamav
to 1.0.6.
Upgraded cri-o
to v1.22.3 to resolve regressed CVE-2022-0811.
Upgraded cri-tools
to 1.29.0 CVE-2023-45142.
Upgraded fluent-bit
to 2.2.3 to fix CVE-2024-4323.
Upgraded git
to 2.39.4 Fix CVE-2024-32002, CVE-2024-32004, CVE-2024-32020, CVE-2024-32021, CVE-2024-32465.
Upgraded hdf5
to 1.14.4. to fix several CVEs.
Upgraded httpd
to fix CVE-2024-27316, CVE-2023-38709, and CVE-2024-24795.
Upgraded iperf3
3.14 -> 3.17 to address CVE-2024-26306.
Upgraded kata(-cc)
to LSG release v2405.9.2.
Upgraded kernel
to 5.15.158.2.
Upgraded msft-golang
1.22.2 -> 1.22.3 to address CVE-2024-24787 & CVE-2024-24788.
Upgraded net-snmp
to 5.9.4 Fixes for CVE-2022-44792 and CVE-2022-44793.
Upgraded nodejs18
to 18.20.2 address CVEs.
Upgraded openvswitch
to 2.17.9 to fix CVE-2023-5366 and CVE-2023-3966.
Upgraded php
to 8.1.28 to fix CVE-2024-2756, CVE-2024-3096.
Upgraded postgresql
to 14.12 CVE-2024-4317.
Upgraded rubygem-rexml
to 3.2.7 to resolve CVE-2024-35176.
Upgraded zeromq
to 4.3.5.
Upgraded Kata to 3.2.0.azl1.
Used legacy builder for distroless golden containers.