Skip to content

2.0.20241006

Compare
Choose a tag to compare
@jslobodzian jslobodzian released this 12 Oct 20:18
· 2118 commits to 3.0 since this release

Generic Kernel version-release: kernel-5.15.167.1-1

"Reverted" krb5 1.21.3 to 1.19.4. Epoch bumped for "upgrade" continuity (that is 1.21.3 upgrades to 1.19.4). This change was to resolve an issue with krb5 where powershell's ssh woiuld hang during authentication. These CVE's were also patched in the 1.19.4 version CVE-2024-37371 and CVE-2024-37370. Note that these were also fixed in the 1.21.3 version.

Add Azure marketplace ARM64 FIPS image definition
Add azure proxy agent to cloud-init
Add patch to cloud-init for PPS support of auzre-proxy-agent
Backport trace-cmd and dependencies from 3.0
Enable USB_TMC kernel module
Fix CVE-2022-32149 by backporting the fix as a patch file
Fix cloud-hypervisor-cvm to prevent crash when SEV-SNP guest queries ext. att. report
Fix nfs-utils to build rsc.svcgssd and provide the missing rpc-gssd service
Fixed Busybox SBOM creation by not deleting the rpm db
Patch application-gateway-kubernetes-ingress to fix CVE-2022-32149
Patch cdi to fix CVE-2022-41717, CVE-2022-32149, CVE-2024-28180
Patch cert-manager to fix CVE-2023-3978, CVE-2024-24786, CVE-2024-28180, CVE-2023-2253
Patch cmake for CVE-2023-27534
Patch cri-o to fix CVE-2022-32149
Patch curl for CVE-2024-6197
Patch edk2 for CVE-2022-36763, CVE-2022-36764, CVE-2022-36765, CVE-2023-45230, CVE-2023-45236, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45237
Patch gdk-pixbuf2 for CVE-2022-48622.
Patch influxdb to resolve CVE-2022-32149
Patch jasper to resolve CVE-2023-51257
Patch keda to address CVE-2022-32149
Patch krb5 to fix CVE-2024-26458 and CVE-2024-26461
Patch kubevirt to fix CVE-2022-32149 and CVE-2023-26484
Patch libcontainers-common for CVE-2024-3727
Patch libcontainers-common to fix CVE-2022-32149
Patch libnbd to resolve cve-2024-7383
Patch libsndfile to resolve CVE-2022-33065
Patch libxml2 to resolve CVE-2024-25062
Patch moby-engine for CVE-2024-29018
Patch multiple CVEs in moby-buildx package
Patch multus to resolve CVE-2023-3978
Patch nginx to fix CVE-2024-7347
Patch prometheus-adapter CVE-2022-32149 in
Patch python-wheel to fix CVE-2022-40898 for
Patch python3 to fix CVE-2024-6232 and CVE-2024-8088 for python3 2.0
Patch qemu to fix CVE-2024-24474
Patch reaper for CVE-2024-43796
Patch reaper to address CVE-2024-42459, CVE-2024-42460, CVE-2024-42461
Patch ruby for CVE-2024-41946
Patch rubygem-rexml for CVE-2024-41946
Patch telegraf to fix CVE-2024-24786 & CVE-2024-28180
Patch tpm2-tss to resolve CVE-2024-29040
Patch vim for CVE-2024-43374 CVE-2024-41957 & CVE-2024-41965
Patch vte291 for cve-2024-37535 (corrected patch)
Patch xorg-x11-server for CVE-2024-0229, CVE-2024-0409 & CVE-2024-21886
Patch xorg-x11-server for CVE-2024-31080, CVE-2024-31081, CVE-2024-31082 & CVE-2024-31083
Removed hotplug detach grace period patch from kubevirt
Separated toolchain tests from non-toolchain package builds.
Update openssl to 3.3.2 under cloud-hypervisor-cvm in order to address CVE-2024-6119
Updated the upload-artifact GitHub Action to version 4.
Upgrade Kernel to 5.15.167.1 to address CVE-2024-43855 CVE-2024-42240 CVE-2024-39472 CVE-2024-42269 CVE-2024-42284 CVE-2024-42283 CVE-2023-52889 CVE-2024-42285 CVE-2024-42270 CVE-2024-42271 CVE-2024-43856 CVE-2024-43828 CVE-2024-42313 CVE-2024-43858 CVE-2024-43854 CVE-2024-42302 CVE-2024-42301 CVE-2024-42310 CVE-2024-43860 CVE-2024-42309 CVE-2024-43902 CVE-2024-43907 CVE-2024-44935 CVE-2024-43909 CVE-2024-42114 CVE-2024-43908 CVE-2024-44934 CVE-2024-43889
Upgrade expat to 2.6.3 to fix CVE-2024-45490, CVE-2024-45491, CVE-2024-45492
Upgrade msft-golang to 1.22.7 to address 3
Upgrade python-webob to 1.8.8 Fix CVE-2024-42353
Upgrade sysstat from version 12.7.1 -> 12.7.6 to address CVE-2018-19416
Upgraded keepalived to 2.3.1 and patch CVE-2024-41184.