Container-Optimized OS Release Notes: Milestone 117

You can see the latest product updates for all of Google Cloud on the Google Cloud page, browse and filter all release notes in the Google Cloud console, or programmatically access release notes in BigQuery.

To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly.

September 16, 2024

cos-beta-117-18613-0-41

Kernel Docker Containerd GPU Drivers
COS-6.6.44 v24.0.9 v1.7.22 See List

Updated app-containers/containerd to v1.7.22.

Fixed CVE-2023-27043 in dev-lang/python.

Fixed CVE-2024-7592 in dev-lang/python.

Fixed CVE-2024-6232 in dev-lang/python.

Fixed CVE-2024-6119 in net-libs/openssl.

Updated dev-lang/python to v3.8.19_p1. This fixes CVE-2007-4559.

Updated dev-libs/expat to version v2.6.3. This fixed CVE-2024-45492, CVE-2024-45490, CVE-2024-45491.

Fixed CVE-2023-7256 in net-libs/libpcap.

Fixed CVE-2024-43893 in the Linux kernel

Fixed CVE-2024-44943 in the Linux kernel

Fixed CVE-2024-43891 in the Linux kernel

Fixed CVE-2024-43892 in the Linux kernel

Fixed CVE-2024-43914 in the Linux kernel

Fixed CVE-2024-44952 in the Linux kernel

Fixed CVE-2024-44957 in the Linux kernel

Fixed CVE-2024-44989 in the Linux kernel

Fixed CVE-2024-44990 in the Linux kernel

Fixed CVE-2024-45000 in the Linux kernel

Fixed CVE-2024-43882 in the Linux kernel

Fixed CVE-2024-44985 in the Linux kernel

Fixed CVE-2024-44987 in the Linux kernel

Fixed CVE-2024-44986 in the Linux kernel

Runtime sysctl changes:

  • Changed: fs.file-max: 811784 -> 811711

September 09, 2024

cos-beta-117-18613-0-25

Kernel Docker Containerd GPU Drivers
COS-6.6.44 v24.0.9 v1.7.21 See List

Fixes CVE-2024-43889 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 811778 -> 811784

September 03, 2024

cos-beta-117-18613-0-24

Kernel Docker Containerd GPU Drivers
COS-6.6.44 v24.0.9 v1.7.21 See List

Updated app-containers/containerd to 1.7.21.

Fixed CVE-2024-37370, CVE-2024-37371 in app-crypt/mit-krb5.

Updated app-editors/vim, app-editors/vim-core to version 9.1.0686. This fixed CVE-2024-41957, CVE-2024-41965.

Fixed CVE-2024-44934 in the Linux kernel.

Fixed CVE-2024-42269 in the Linux kernel.

Fixed CVE-2024-42268 in the Linux kernel.

Fixed CVE-2024-42270 in the Linux kernel.

Fixed KCTF-c07ff85 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 811697 -> 811778
  • Changed: net.ipv4.tcp_rto_min_us: 200000 -> 5000

August 26, 2024

cos-beta-117-18613-0-10

Kernel Docker Containerd GPU Drivers
COS-6.6.44 v24.0.9 v1.7.20 See List

Upgraded app-admin/fluent-bit to v3.1.6.

Upgraded sys-apps/pv to v1.8.12.

Updated google-osconfig-agent to v20240822.00.

August 20, 2024

cos-beta-117-18613-0-3

Kernel Docker Containerd GPU Drivers
COS-6.6.44 v24.0.9 v1.7.20 See List

Updates to Major Packages:

Upgraded app-admin/node-problem-detector to v0.8.19.

Upgraded app-admin/google-guest-configs to v20240607.00.

Upgraded app-admin/logrotate to v3.22.0.

Upgraded app-containers/docker-credential-helpers to v0.8.2.

Upgraded app-admin/google-guest-agent to v20240716.00.

Upgraded app-admin/google-osconfig-agent to v20240501.00.

Upgraded Konlet to v.0.12.0. This fixes an iptables compatibility issue.

Upgraded go to version 1.22.3.

Upgraded sys-boot/grub-lakitu to the FC 39's current version.

Upgraded localtoast to v1.1.7 and opted out of logging-service-running benchmark by default for cis-level2.

Upgraded app-containers/docker, app-containers/docker-test and app-containers/docker-cli to v24.0.9.

Updated app-containers/nvidia-container-toolkit to v1.14.6.

Upgraded app-emulation/cloud-init to v23.4.3.

Updated sys-apps/systemd to v254.9.

Updated app-emulation/kubernetes to v1.30.3.

Updated docker-credential-gcr to v2.1.22.

Updated app-containers/runc to v1.1.12.

Updated net-misc/openssh to v9.6_p1-r1.

Updated toolbox to v20230714.

Upgraded app-admin/fluent-bit to v3.1.3.

New Features and Changes in the Linux Kernel:

Runtime sysctl changes:

  • Added: dev.tty.legacy_tiocsti: 1
  • Added: kernel.io_uring_group: -1
  • Added: kernel.kexec_load_limit_panic: -1
  • Added: kernel.kexec_load_limit_reboot: -1
  • Added: kernel.loadpin.enforce: 1
  • Added: net.core.mem_pcpu_rsv: 256
  • Added: net.core.rps_default_mask: 00
  • Added: net.ipv4.tcp_plb_cong_thresh: 128
  • Added: net.ipv4.tcp_plb_enabled: 0
  • Added: net.ipv4.tcp_plb_idle_rehash_rounds: 3
  • Added: net.ipv4.tcp_plb_rehash_rounds: 12
  • Added: net.ipv4.tcp_plb_suspend_rto_sec: 60
  • Added: net.ipv4.tcp_rto_min_us: 200000
  • Added: net.ipv4.tcp_shrink_window: 0
  • Added: net.ipv4.tcp_syn_linear_timeouts: 4
  • Added: net.ipv4.udp_child_hash_entries: 0
  • Added: net.ipv4.udp_hash_entries: 4096
  • Added: net.ipv6.conf.all.accept_ra_min_lft: 0
  • Added: net.ipv6.conf.default.accept_ra_min_lft: 0
  • Added: net.ipv6.conf.docker0.accept_ra_min_lft: 0
  • Added: net.ipv6.conf.eth0.accept_ra_min_lft: 0
  • Added: net.ipv6.conf.lo.accept_ra_min_lft: 0
  • Added: net.ipv6.icmp.error_anycast_as_unicast: 0
  • Added: vm.memfd_noexec: 0
  • Added: kernel.io_uring_disabled: 0
  • Added: fs.overflowgid: 65534
  • Changed: net.core.optmem_max: 131072 -> 20480
  • Changed: vm.lowmem_reserve_ratio: 256 256 32 0 0 -> 256 256 32 0
  • Changed: fs.epoll.max_user_watches: 1809452 -> 1809007
  • Changed: fs.fanotify.max_user_marks: 67560 -> 67544
  • Changed: fs.file-max: 811776 -> 811724
  • Changed: fs.inotify.max_user_watches: 63441 -> 63425
  • Changed: kernel.threads-max: 63503 -> 63487
  • Changed: net.ipv4.tcp_mem: 94065 125423 188130 -> 94041 125391 188082
  • Changed: net.ipv4.udp_mem: 188133 250847 376266 -> 188085 250783 376170
  • Changed: user.max_cgroup_namespaces: 31751 -> 31743
  • Changed: user.max_fanotify_marks: 67560 -> 67544
  • Changed: user.max_inotify_watches: 63441 -> 63425
  • Changed: user.max_ipc_namespaces: 31751 -> 31743
  • Changed: user.max_mnt_namespaces: 31751 -> 31743
  • Changed: user.max_net_namespaces: 31751 -> 31743
  • Changed: user.max_pid_namespaces: 31751 -> 31743
  • Changed: user.max_time_namespaces: 31751 -> 31743
  • Changed: user.max_user_namespaces: 31751 -> 31743
  • Changed: user.max_uts_namespaces: 31751 -> 31743
  • Changed: net.ipv6.route.max_size: 4096 -> 2147483647
  • Changed: net.netfilter.nf_conntrack_sctp_timeout_shutdown_recd: 0 -> 3
  • Changed: net.netfilter.nf_conntrack_sctp_timeout_shutdown_sent: 0 -> 3

Added support for iSCSI targets and RAM block devices.

Added support for dm-zero and dm-clone.

Enabled support for MGLRU in the Linux kernel.

Enabled vrf, ip_gre, and ip6_gre modules.

Updated the Linux kernel to v6.6.44.

New Features and Changes in the Image:

Disable NVIDIA persistence mode with -no-verify flag

Added support for TPU v6 devices.

Updated cos-gpu-installer to v2.3.5.

Added the package revision number to the SSH banner in net-misc/openssh.

Disabled default automatic updates. Automatic updates must now be explicitly enabled by setting the cos-update-strategy metadata to "update_enabled".

Mount efivarfs fs by default on EFI-enabled systems.

Added igzip CLI tool.

Enabled the feature to utilize the gpu_driver_versions proto file for controlling the specific GPU driver version to be installed for each GPU type.

Removed support for NVIDIA 470 drivers.

Fixed bug that cause constant restarts in fluent-bit stackdriver plugin.

Installed the google_optimize_local_ssd script.

Updated NVIDIA GPU drivers to v550.54.15. Fixed a potential corruption when launching kernels on H100 GPUs, which is more likely to occur when the GPU is shared between multiple processes.

Updated NVIDIA GPU drivers to v535.161.08. Fixed a potential corruption when launching kernels on H100 GPUs.

Added NVIDIA GPU drivers R550 branch and updated latest to 550.54.14.

Fixed a bug in google-guest-agent service enablement.

Fixed integrity-fs dm-crypt creation flakiness.

Added automatic generation of known modules list to image build process.

Included nvidia plugin into sosreport.

Fixed a time-to-login slowdown introduced by cloud-init changes.

Changed default umask value for a user to 027.

Removed legacy logging agent (fluentd).

Fragmented nvidia-drivers and nvidia-drivers-open pkg into separate packages per major version.

Enhanced integrity-fs with disk resize and dm-clone.

Removed deprecated R525 NVIDIA GPU drivers.

Added more service logs to the default Cloud Logging configuration.

Allow GPU driver installation on dev-channel images without the -test flag.

CVE/Security Fixes:

Fixed CVE-2024-39894 in net-misc/openssh.

Upgraded sys-apps/dbus to v1.14.10-r192. This fixes CVE-2023-34969.

Upgraded dev-lang/go to v1.22.4. This fixes CVE-2023-39323, CVE-2023-44487, CVE-2023-39325, CVE-2024-24790 and CVE-2024-24789.

Fixed CVE-2024-35195 in dev-python/requests.

Updated R550, latest driver to v550.90.07. This fixes CVE‑2024‑0090, CVE‑2024‑0091 and CVE‑2024‑0092.

Updated R535, default driver to v535.183.01. This fixes CVE‑2024‑0090 and CVE‑2024‑0092.

Fixed CVE-2024-21626 in github.com/opencontainers/runc in kubelet.

Fixed CVE-2023-4641 in sys-apps/shadow.

Fixed CVE-2023-50387, CVE-2023-50868 in sys-apps/systemd.

Fixed CVE-2023-0687, CVE-2024-2961, CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602 in sys-libs/glibc.

Upgraded app-arch/lz4 to 1.9.4. Fixes CVE-2021-3520.

Upgraded app-arch/libarchive to version 3.7.4. Fixes CVE-2024-26256.

Fixed CVE-2024-34459 in the libxml2 package.

Updated dev-vcs/git to v2.45.1. This resolves CVE-2024-32002,CVE-2024-32020,CVE-2024-32465,CVE-2024-32004,CVE-2024-32021.

Fixed CVE-2023-32681 in dev-python/requests.

Fixed CVE-2024-3772 in dev-python/pydantic.

Fixed CVE-2023-5388 in dev-libs/nss.

Fixed CVE-2021-36084, CVE-2021-36085, CVE-2021-36086, CVE-2021-36087 in sys-libs/libsepol.

Updated dev-python/pyyaml to version 6.0.1. This fixed CVE-2017-18342, CVE-2020-14343, CVE-2020-1747.

Updated dev-vcs/git to version VERSION. This fixed CVE-2023-22490, CVE-2023-23946, CVE-2023-25652, CVE-2023-25815, CVE-2023-29007.

Updated net-misc/curl to version 8.9.1. This fixed CVE-2024-2004, CVE-2024-2379, CVE-2024-2398, CVE-2024-2466, CVE-2023-38545, CVE-2024-7264, CVE-2024-6197.

Updated dev-libs/expat to version 2.6.2. This fixed CVE-2024-28757.

Fixed CVE-2024-28182 in net-libs/nghttp2.

Upgraded docker to v24.0.9. This fixes CVE-2024-24557.

Fixed CVE-2023-40546, CVE-2023-40548, CVE-2023-40549 and CVE-2023-40550 in sys-boot/shim.

Fixed CVE-2023-40551 in sys-boot/shim.

Fixed CVE-2023-40547 in sys-boot/shim.

Updated dev-libs/openssl to v3.0.14. This resolves CVE-2024-0727, CVE-2023-6129, CVE-2024-2511, CVE-2024-4603, CVE-2024-4741 and CVE-2024-5535.

Fixed CVE-2024-0684 in sys-apps/coreutils.

Updated dev-libs/libxml2 to 2.11.7. This fixes CVE-2024-25062.

Fixed CVE-2024-23851 in the Linux kernel.

Fixed CVE-2024-21626 in app-containers/runc.

Upgraded dev-go/crypto to v0.17.0. This fixes CVE-2023-48795.

Updated dev-go/net to v0.27.0. This resolves CVE-2023-44487, CVE-2023-39325 and CVE-2023-45288.

Updated app-editors/vim, app-editors/vim-core to v9.0.2092. This resolves CVE-2023-4733, CVE-2023-4734, CVE-2023-4735, CVE-2023-4736, CVE-2023-4738, CVE-2023-4750, CVE-2023-4752, CVE-2023-4781, CVE-2023-5344, CVE-2023-5441, CVE-2023-5535, CVE-2023-2609, CVE-2023-2610, CVE-2023-2426.

Updated net-libs/nghttp2 to v1.57.0. This resolves CVE-2023-44487 and CVE-2023-35945.

Upgraded sys-fs/mdadm to v4.2. This resolves CVE-2023-28938 and CVE-2023-28736.

Fixed CVE-2023-4016 in sys-process/procps.

Fixed CVE-2023-1255 in the dev-libs/openssl package.

Update dev-go/protobuf to v1.33.0. This fixes CVE-2024-24786.

Updated dev-python/setuptools to v70.3.0. This resolves CVE-2024-6345.

Fixed CVE-2024-39472 in the linux kernel.

Updates for Minor Packages:

Upgraded app-containers/cni-plugins to v1.5.1.

Upgraded chromeos-base/session_manager-client to v0.0.1-r2796.

Upgraded chromeos-base/update_engine-client to v0.0.1-r2441.

Upgraded chromeos-base/shill-client to v0.0.1-r4612.

Upgraded chromeos-base/debugd-client to v0.0.1-r2707.

Upgraded chromeos-base/power_manager-client to v0.0.1-r2942.

Upgraded chromeos-base/minijail to v18-r142.

Upgraded chromeos-base/chromeos-common-script to v0.0.1-r637.

Upgraded dev-embedded/libftdi to v1.5-r7.

Upgraded sys-apps/pv to v1.8.10.

Upgraded net-dns/c-ares to v1.31.0.

Upgraded dev-python/pygobject to v3.46.0-r1.

Upgraded dev-db/sqlite to v3.46.0.

Upgraded dev-libs/nss to v3.97.

Upgraded sys-apps/hwdata to v0.383.

Upgraded net-misc/rsync to v3.3.0-r1.

Upgraded sys-apps/findutils to v4.10.0.

Upgraded sys-libs/libseccomp to v2.5.5-r1.

Upgraded sys-apps/ethtool to v6.9.

Upgraded sys-block/thin-provisioning-tools to v0.9.0-r4.

Fixed glibc-2.36 build errors in sys-boot/syslinux.

Upgraded sys-apps/makedumpfile to v1.7.5.

Upgraded app-admin/sosreport to v4.7.1.

Upgraded chromeos-base/chromeos-dbus-bindings to v0.0.1-r2795.

Upgraded sys-apps/rootdev to v0.0.1-r50.

Upgraded dev-util/puffin to v1.0.0-r451.

Upgraded dev-libs/double-conversion to v3.3.0.

Upgraded sys-apps/sed to v4.9-r1.

Upgraded sys-process/procps to v4.0.4-r1.

Upgraded sys-fs/e2fsprogs to v1.47.0-r3.

Upgraded sys-libs/libcap to v2.70.

Upgraded dev-python/jinja to v3.1.4.

Upgraded net-libs/gnutls to v3.8.6.

Upgraded sys-apps/dmidecode to v3.6.

Upgraded sys-fs/xfsprogs to v6.8.0.

Upgraded sys-apps/less to v661.

Upgraded sys-apps/acl to v2.3.2-r1.

Upgraded sys-apps/grep to v3.11-r1.

Upgraded net-libs/libtirpc to v1.3.4-r2.

Upgraded sys-apps/gentoo-functions to v1.6.

Upgraded net-misc/wget to v1.24.5.

Upgraded dev-libs/libusb to v1.0.27-r1.

Upgraded sys-libs/timezone-data to v2024a-r1.

Upgraded sys-libs/libcap-ng to v0.8.5.

Removed net-libs/grpc.

Removed crash-reporter KVM support.

Removed dev-go/grpc.

Updated dev-go/pprof to v0.0.0_p20230811.

Updated dev-go/go-tools to v0.16.2_p20231218.

Updated dev-go/term to v0.15.0.

Updated dev-go/go-sys to v0.15.0.

Updated dev-go/sync to v0.5.0.

Updated dev-go/mod to v0.14.0.

Updated dev-go/demangle to v0.0.0_p20230524.

Updated dev-go/go-arch to v0.6.0.

Upgraded chromeos-base/vm_protos to v0.0.1-r563.

Upgraded chromeos-base/hiberman-client to v0.0.1-r470.

Upgraded app-benchmarks/bootchart to v0.9.2-r5.

Downgraded app-misc/ca-certificates to v20230311.3.96.1.

Upgraded sys-auth/pambase to v20240128.

Upgraded net-misc/chrony to v4.5.

Upgraded chromeos-base/system_api to v0.0.1-r5653.

Upgraded chromeos-base/dlcservice-client to v0.0.1-r886.

Upgraded chromeos-base/google-breakpad to v2024.01.16.190249-r226.

Upgraded sys-fs/squashfs-tools to v4.6.1.

Upgraded sys-apps/sandbox to v2.29-r1.

Upgraded app-arch/xz-utils to v5.4.6-r1.

Upgraded dev-util/bsdiff to v4.3.1-r42.

Upgraded app-arch/pigz to v2.8.

Upgraded sys-apps/coreutils to v9.3-r1.

Upgraded net-dns/libidn2 to v2.3.7.

Upgraded sys-apps/attr to v2.5.2-r1.

Upgraded sys-apps/file to v5.45-r4.

Upgraded sys-libs/timezone-data to v2024a.

Upgraded sys-libs/zlib to v1.3.1-r1.

Updated gzip to v1.13-r1.

Upgraded app-eselect/eselect-iptables to v20220320.

Upgraded sys-libs/libcap-ng to v0.8.4-r1.

Upgraded dev-python/netifaces to v0.11.0-r2.

Upgraded sys-libs/gdbm to v1.24.

Updated protobuf-legacy-api to v1.5.4.