Container-Optimized OS Release Notes: Milestone 113
February 10, 2026
Fixed
Upgraded app-admin/google-guest-configs to v20251014.00.
Fixed
Upgraded app-containers/docker-credential-helpers to v0.9.4.
Fixed
Upgraded net-libs/libtirpc to v1.3.7.
Fixed
Upgraded sys-libs/libcap to v2.77.
Security
Updated dev-libs/libxml2 to version 2.14.6. This resolves CVE-2025-6021.
February 03, 2026
Fixed
Upgraded sys-apps/less to v691.
Security
Fixed CVE-2024-49968 in the Linux kernel.
Security
Fixed CVE-2025-71149 in the Linux kernel.
Security
Fixed CVE-2026-0915 in sys-apps/glibc.
Security
Fixed CVE-2026-22976 in the Linux kernel.
Security
Fixed CVE-2026-22977 in the Linux kernel.
Security
Fixed CVE-2026-22979 in the Linux kernel.
Security
Fixed CVE-2026-22980 in the Linux kernel.
Security
Fixed CVE-2026-22988 in the Linux kernel.
Security
Fixed CVE-2026-22994 in the Linux kernel.
Security
Fixed KCTF-2397e92 in the Linux kernel.
Security
Fixed KCTF-50da4b9 in the Linux kernel.
January 28, 2026
Fixed
Installed app-misc/c_rehash, which was unintentionally removed after the dev-libs/openssl update.
Security
Fixed CVE-2025-13836 in dev-lang/python.
Security
Fixed CVE-2025-13837 in dev-lang/python.
Security
Fixed CVE-2025-68795 in the Linux kernel.
Security
Fixed CVE-2025-68816 in the Linux kernel.
Security
Fixed CVE-2025-71102 in the Linux kernel.
Security
Fixed CVE-2025-71104 in the Linux kernel.
Security
Fixed CVE-2025-71113 in the Linux kernel.
Security
Fixed CVE-2025-71118 in the Linux kernel.
Security
Fixed CVE-2025-71120 in the Linux kernel.
Security
Fixed CVE-2025-71123 in the Linux kernel.
Security
Fixed CVE-2025-71125 in the Linux kernel.
Security
Fixed CVE-2025-71131 in the Linux kernel.
Security
Fixed CVE-2026-21441 in dev-python/urllib3.
Security
Updated dev-libs/openssl to v3.0.19. This resolves CVE-2025-15467.
January 20, 2026
Security
Applied urllib3 patch for CVE-2024-37891.
Fixed
Updated dev-libs/openssl to v3.0.18
Security
Fixed CVE-2025-12084 in dev-lang/python.
Security
Fixed CVE-2025-22111 in the Linux kernel.
Security
Fixed CVE-2025-38022 in the Linux kernel.
Security
Fixed CVE-2025-38129 in the Linux kernel.
Security
Fixed CVE-2025-61727 in dev-lang/go.
Security
Fixed CVE-2025-61729 in dev-lang/go.
Security
Fixed CVE-2025-68261 in the Linux kernel.
Security
Fixed CVE-2025-68264 in the Linux kernel.
Security
Fixed CVE-2025-68337 in the Linux kernel.
Security
Fixed CVE-2025-68349 in the Linux kernel.
Security
Fixed CVE-2025-68363 in the Linux kernel.
Security
Fixed CVE-2025-68724 in the Linux kernel.
Security
Fixed CVE-2025-68740 in the Linux kernel.
Security
Fixed CVE-2025-68780 in the Linux kernel.
Security
Fixed CVE-2025-68782 in the Linux kernel.
Security
Fixed CVE-2025-68788 in the Linux kernel.
Security
Fixed CVE-2025-68798 in the Linux kernel.
Security
Fixed CVE-2025-68803 in the Linux kernel.
Security
Fixed CVE-2025-68813 in the Linux kernel.
Security
Fixed CVE-2025-68814 in the Linux kernel.
Security
Fixed CVE-2025-68820 in the Linux kernel.
Security
Fixed CVE-2025-68821 in the Linux kernel.
Security
Fixed CVE-2025-71077 in the Linux kernel.
Security
Fixed CVE-2025-71084 in the Linux kernel.
Security
Fixed CVE-2025-71096 in the Linux kernel.
Security
Fixed CVE-2025-71097 in the Linux kernel.
Security
Fixed CVE-2025-71098 in the Linux kernel.
January 05, 2026
Change
Updated app-admin/sosreport to v4.10.1. Enabled containerd stack dump by default.
Fixed
Upgraded net-misc/socat to v1.8.1.0.
Fixed
Upgraded sys-apps/dmidecode to v3.7.
Security
Fixed CVE-2025-40346 in the Linux kernel.
Security
Fixed CVE-2025-40361 in the Linux kernel.
Security
Fixed CVE-2025-66471 and CVE-2025-66418 in dev-python/urllib3.
Security
Fixed CVE-2025-68171 in the Linux kernel.
Security
Fixed CVE-2025-68173 in the Linux kernel.
Security
Fixed CVE-2025-68185 in the Linux kernel.
Security
Fixed CVE-2025-68191 in the Linux kernel.
Security
Fixed CVE-2025-68200 in the Linux kernel.
Security
Fixed CVE-2025-68224 in the Linux kernel.
Security
Fixed CVE-2025-68229 in the Linux kernel.
Security
Fixed CVE-2025-68231 in the Linux kernel.
Security
Fixed CVE-2025-68241 in the Linux kernel.
Security
Fixed CVE-2025-68295 in the Linux kernel.
Security
Fixed CVE-2025-68321 in the Linux kernel.
Change
Runtime sysctl changes:
- Changed: fs.file-max: 812054 -> 812031
December 16, 2025
Security
Fixed KCTF-f05a4f9 in the Linux kernel.
Change
Runtime sysctl changes:
- Changed: fs.file-max: 812044 -> 812054
December 15, 2025
Feature
Added support for NVIDIA drivers v580.95.05 and v580.105.08.
Fixed
Fixed CVE-2025-40271 in the Linux kernel.
Fixed
Fixed CVE-2025-40273 in the Linux kernel.
Security
Fixed CVE-2024-25621 and CVE-2025-64329 in app-containers/containerd.
Security
Fixed CVE-2025-38057 in the Linux kernel.
Security
Fixed CVE-2025-38678 in the Linux kernel.
Security
Fixed CVE-2025-40083 in the Linux kernel.
Security
Fixed CVE-2025-40220 in the Linux kernel.
Security
Fixed CVE-2025-40248 in the Linux kernel.
Security
Fixed CVE-2025-40256 in the Linux kernel.
Security
Fixed CVE-2025-40292 in the Linux kernel.
Security
Fixed CVE-2025-40293 in the Linux kernel.
Security
Fixed CVE-2025-40297 in the Linux kernel.
Security
Fixed CVE-2025-40319 in the Linux kernel.
Security
Fixed CVE-2025-40324 in the Linux kernel.
Security
Fixed CVE-2025-40341 in the Linux kernel.
Security
Fixed CVE-2025-47914 and CVE-2025-58181 in dev-go/crypto.
Change
Runtime sysctl changes:
- Changed: fs.file-max: 812052 -> 812044
December 10, 2025
Fixed
Upgraded app-admin/google-guest-configs to v20251014.00.
Security
Fixed CVE-2025-40231 in the Linux kernel.
Change
Runtime sysctl changes:
- Changed: fs.file-max: 811999 -> 812052
December 04, 2025
Fixed
Made the google-guest-agent more resilient to network link flakes.
Security
Updated vim & vim-core to version 9.1.1652. This fixes CVE-2025-53905, CVE-2025-53906, CVE-2025-9390.
Change
Runtime sysctl changes:
- Changed: fs.file-max: 812031 -> 811999
December 02, 2025
Fixed
Fixed an issue in app-containers/runc that caused runc to use more file descriptors than intended.
Security
Fixed CVE-2025-40123 in the Linux kernel.
Security
Fixed CVE-2025-40125 in the Linux kernel.
Security
Fixed CVE-2025-40153 in the Linux kernel.
Security
Fixed CVE-2025-40167 in the Linux kernel.
Security
Fixed CVE-2025-40173 in the Linux kernel.
Security
Fixed CVE-2025-40176 in the Linux kernel.
Security
Fixed CVE-2025-40178 in the Linux kernel.
Security
Fixed CVE-2025-40179 in the Linux kernel.
Security
Fixed CVE-2025-40183 in the Linux kernel.
Security
Fixed CVE-2025-40186 in the Linux kernel.
Security
Fixed CVE-2025-40190 in the Linux kernel.
Security
Fixed CVE-2025-40194 in the Linux kernel.
Security
Fixed CVE-2025-40198 in the Linux kernel.
Security
Fixed CVE-2025-40200 in the Linux kernel.
Security
Fixed CVE-2025-40201 in the Linux kernel.
Security
Fixed KCTF-60e6489 in the Linux Kernel.
Security
Fixed KCTF-b441cf3 in the Linux kernel.
November 17, 2025
Change
Updated app-containers/runc to v1.2.8.
Security
Fixed CVE-2025-40040 in the Linux kernel.
Security
Fixed CVE-2025-40109 in the Linux kernel.
Change
Runtime sysctl changes:
- Changed: fs.file-max: 812054 -> 812007
November 11, 2025
Security
Fixed CVE-2025-40070 in the Linux kernel.
Fixed
Upgraded sys-apps/makedumpfile to v1.7.8.
Change
Runtime sysctl changes:
- Changed: fs.file-max: 812016 -> 812054
Security
Fixed CVE-2025-40103 in the Linux kernel.
Security
Fixed CVE-2025-40105 in the Linux kernel.
Security
Fixed CVE-2025-40099 in the Linux kernel.
Security
Fixed CVE-2025-40078 in the Linux kernel.
November 07, 2025
Security
Fixed CVE-2025-40049 in the Linux kernel.
Security
Fixed CVE-2025-40027 in the Linux kernel.
Security
Fixed CVE-2025-40026 in the Linux kernel.
Security
Fixed CVE-2025-40035 in the Linux kernel.
Security
Fixed CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881 in app-containers/runc.
Security
Fixed CVE-2025-40042 in the Linux kernel.
Change
Runtime sysctl changes:
- Changed: fs.file-max: 812007 -> 812016
Security
Fixed CVE-2025-40044 in the Linux kernel.
November 03, 2025
Change
Runtime sysctl changes:
- Changed: fs.file-max: 812040 -> 812007
October 27, 2025
Security
Fixed CVE-2025-11413 and CVE-2025-11414 in binutils-libs.
Fixed
Upgraded dev-db/sqlite to v3.50.3.
Fixed
Upgraded sys-apps/less to v685.
Fixed
Added support for NVIDIA driver v535.274.02 and v570.195.03. Updated default driver version to v535.274.02 for devices using 535 as the default driver. Updated the default driver version to v570.195.03 for NVIDIA_H200.
Security
Fixed CVE-2025-11495 in binutils-libs.
Fixed
Upgraded app-admin/sudo to v1.9.17_p2.
Fixed
Upgraded net-nds/rpcbind to v1.2.8.
Security
Fixed CVE-2025-39996 in the Linux kernel.
Fixed
Upgraded app-admin/google-guest-configs to v20250805.00.
Security
Fixed CVE-2025-11494 in binutils-libs.
Security
Fixed CVE-2025-39998 in the Linux kernel.
Security
Fixed CVE-2025-11412 in binutils-libs.
Fixed
Upgraded sys-apps/hwdata to v0.400.
Change
Updated app-containers/runc to v1.2.7.
October 20, 2025
Fixed
Added task information collection to sosreports.
Security
Fixed CVE-2025-39977 in the Linux kernel.
Security
Fixed CVE-2025-39980 in the Linux kernel.
Security
Fixed CVE-2025-41244 in app-emulation/open-vm-tools.
Fixed
Reduced gcr_wait_online retry gap.
Security
Fixed KCTF-6bb73db in the Linux Kernel.
October 13, 2025
Security
Fixed KCTF-134121b in the Linux kernel.
Security
Fixed CVE-2025-39931 in the Linux kernel.
Fixed
Updated toolbox container image tag to v20251002.
Security
Fixed CVE-2025-11081, CVE-2025-11082 and CVE-2025-11083 in sys-libs/binutils-libs.
Change
Runtime sysctl changes:
- Changed: fs.file-max: 811950 -> 812035
Security
Fixed CVE-2025-39953 in the Linux kernel.
Fixed
Upgraded sys-apps/hwdata to v0.399.
Security
Fixed CVE-2025-23143 in the Linux kernel.
October 06, 2025
Change
Runtime sysctl changes:
- Changed: fs.file-max: 812039 -> 811950
Security
Fixed CVE-2025-50181 in dev-python/urllib3.
Security
Fixed CVE-2025-39914 in the Linux kernel.
Security
Fixed CVE-2025-39913 in the Linux kernel.
Security
Fixed KCTF-1b34cbb in the Linux kernel.
September 29, 2025
Fixed
Added support for NVIDIA driver v580.82.07. Updated all latest driver version and default driver versions for NVIDIA_B200 to v580.82.07.
Security
Updated dev-python/jinja to v3.1.6. This resolves CVE-2024-56326, CVE-2024-56201 and CVE-2025-27516.
Security
Fixed KCTF-0aeb54a in the Linux Kernel.
Security
Fixed CVE-2025-39881 in the Linux kernel.
Security
Fixed CVE-2025-39883 in the Linux kernel.
Security
Fixed CVE-2025-40300 in the Linux kernel.
September 24, 2025
Fixed
Updated golang.org/x/crypto in google-guest-agent to v0.31.0.
Security
Upgraded dev-libs/libxml2 to version 2.13.9. This fixes CVE-2025-9714.
Fixed
Updated the Linux kernel to v6.1.151.
Fixed
Upgraded dev-libs/libxslt to version 1.1.43-r1.
Change
Updated cos-gpu-installer to v2.5.7.
Change
Runtime sysctl changes:
- Changed: fs.file-max: 811983 -> 812054
Fixed
Updated golang.org/x/crypto in google-osconfig-agent to v0.31.0.
Change
Enabled Coherent Driver Memory Management by default when installing GPU drivers on GB2000.
September 16, 2025
Change
Runtime sysctl changes:
- Changed: fs.file-max: 812017 -> 811983
Security
Fixed CVE-2025-38528 in the Linux kernel.
Security
Fixed CVE-2025-38639 in the Linux kernel.
Security
Fixed CVE-2025-38588 in the Linux kernel.
Security
Fixed CVE-2025-38565 in the Linux kernel.
Feature
Added IPv6 support for machines using the IDPF driver.
Security
Fixed CVE-2025-38587 in the Linux kernel.
Security
Fixed CVE-2025-38608 in the Linux kernel.
Security
Fixed CVE-2025-38572 in the Linux kernel.
Security
Fixed CVE-2025-38550 in the Linux kernel.
Security
Fixed CVE-2025-38563 in the Linux kernel.
Security
Fixed CVE-2025-38527 in the Linux kernel.
Security
Fixed CVE-2025-38622 in the Linux kernel.
Security
Fixed CVE-2025-38553 in the Linux kernel.
Feature
Added GDRCopy kernel module for NVIDIA drivers.
Security
Fixed CVE-2025-38539 in the Linux kernel.
September 08, 2025
Security
Fixed CVE-2025-38322 in the Linux kernel.
Security
Fixed CVE-2025-38676 in the Linux kernel.
Change
Runtime sysctl changes:
- Changed: fs.file-max: 812049 -> 812017
Security
Fixed CVE-2024-58240 in the Linux kernel.
September 02, 2025
Change
Runtime sysctl changes:
- Changed: fs.file-max: 812035 -> 812049
Security
Fixed KCTF-62708b9 in the Linux kernel.
Security
Fixed KCTF-aba0c94 in the Linux kernel.
Fixed
Upgraded sys-apps/hwdata to v0.398.
Fixed
Upgraded sys-apps/file to v5.46-r3.
August 25, 2025
Change
Runtime sysctl changes:
- Changed: fs.file-max: 812040 -> 812035
Security
Fixed KCTF-abad3d0 in the Linux kernel.
Feature
Disabled DNSSEC by default for COS TPU VMs.
August 18, 2025
Feature
Added NVIDIA GPU driver's R580 branch. Updated the LATEST GPU driver label to version 580.65.06.
Security
Fixed CVE-2025-38499 in the linux kernel.
Security
Fixed KCTF-01d3c84 in the Linux kernel.
Security
Upgraded sys-libs/binutils-libs to version 2.45. This fixes CVE-2025-8224,CVE-2025-8225 and CVE-2025-1153.
Change
Runtime sysctl changes:
- Changed: fs.file-max: 812031 -> 812040
August 12, 2025
Fixed
Upgraded sys-process/lsof to v4.99.5.
Fixed
Upgraded virtual/logger to v0-r2.
Security
Upgraded dev-vcs/git to version 2.49.1. This fixes CVE-2025-48385, CVE-2025-27613, CVE-2025-27614, CVE-2025-48384, CVE-2025-46835.
Security
Fixed CVE-2024-6174 in cloud-init.
Security
Fixed CVE-2024-11584 in cloud-init.
Security
Added support for Nvidia driver version 570.172.08. This fixes CVE-2025-23279.
Security
Upgraded net-misc/netplan to 1.1.2. This fixes CVE-2022-4968.
Fixed
Updated dev-python/requests to v2.32.4.
Security
Added support for Nvidia driver version 535.261.03. This fixes CVE-2025-23286 and CVE-2025-23279.
Change
Runtime sysctl changes:
- Changed: fs.file-max: 812027 -> 812031
Security
Fixed CVE-2025-8058 in glibc.
Security
Fixed KCTF-bfebdb8 in the kernel.
Security
Fixed CVE-2024-52533 in dev-libs/glib.
Security
Upgraded urllib3 to version 1.26.18. This fixes CVE-2021-33503, CVE-2023-43804, and CVE-2023-45803.
August 06, 2025
Security
Fixed CVE-2024-6174 in cloud-init.
Fixed
Upgraded virtual/logger to v0-r2.
Fixed
Updated dev-python/requests to v2.32.4.
Security
Fixed CVE-2024-11584 in cloud-init.
Fixed
Upgraded sys-process/lsof to v4.99.5.
Security
Upgraded net-misc/netplan to 1.1.2. This fixes CVE-2022-4968.
Security
Fixed CVE-2024-52533 in dev-libs/glib.
Security
Added support for Nvidia driver version 570.172.08. This fixes CVE-2025-23279.
Change
Runtime sysctl changes:
- Changed: fs.file-max: 812027 -> 812046
Security
Upgraded dev-vcs/git to version 2.49.1. This fixes CVE-2025-48385, CVE-2025-27613, CVE-2025-27614, CVE-2025-48384, CVE-2025-46835.
Security
Added support for Nvidia driver version 535.261.03. This fixes CVE-2025-23286 and CVE-2025-23279.
July 28, 2025
Fixed
Upgraded sys-process/procps to v4.0.5-r2.
Fixed
Upgraded sys-libs/talloc to v2.4.3.
Fixed
Upgraded dev-db/sqlite to v3.50.1.
Change
Runtime sysctl changes:
- Changed: fs.file-max: 811983 -> 812027
Fixed
Upgraded app-containers/docker-credential-helpers to v0.9.3.
Security
Fixed KCTF-5e28d5a in the Linux kernel.
Security
Fixed CVE-2024-26130 in dev-python/cryptography.
Security
Patched openssl to fix CVE-2023-50782 affecting dev-python/crytography.
Security
Upgraded sqlite to v3.50.2. This resolves CVE-2025-6965.
Fixed
Upgraded net-fs/cifs-utils to v7.4.
Fixed
Upgraded app-admin/google-guest-configs to v20250501.00.
Fixed
Updated app-misc/jq to v1.8.1.
Fixed
Upgraded sys-libs/libcap to v2.76.
Fixed
Upgraded app-arch/gzip to v1.14.
July 21, 2025
Change
Updated the NVIDIA GPU driver policy for New Feature Branch (NFB) drivers. The LATEST tag has been updated to point to the stable 570.133.20 Production Branch. The 575.57.08 NFB driver remains available for development and testing but must now be selected by its specific version number.
Fixed
Fixed an issue where some workloads could cause a full system hang when running close to their memory limit.
Change
Runtime sysctl changes:
- Changed: fs.file-max: 812031 -> 811983
Security
Fixed KCTF-103406b in the Linux kernel.
July 14, 2025
Security
Upgraded vim, vim-core to version 9.1.1500. This fixes CVE-2025-26603, CVE-2025-27423, CVE-2025-29768, CVE-2025-1215, CVE-2025-24014, CVE-2025-22134.
Security
Updated app-editors/nano to v8.5. This resolves CVE-2024-5742.
Fixed
Upgraded sys-apps/less to v679.
Change
Upgraded nvidia-container-toolkit to v1.17.8. This fixes CVE-2025-23266.
July 07, 2025
Security
Upgraded app-admin/sudo to v1.9.17_p1. This resolves CVE-2025-32462 and CVE-2025-32463.
June 30, 2025
Fixed
Upgraded dev-libs/libusb to v1.0.29.
Security
Upgraded elfutils to version 0.193. This fixes CVE-2025-1365, CVE-2025-1371, CVE-2025-1372, and CVE-2025-1377.
Change
Runtime sysctl changes:
- Changed: fs.file-max: 812041 -> 812035
Security
Upgrade libarchive to version 3.8.1. This fixes CVE-2025-5914.
June 23, 2025
Security
Updated the Linux kernel to v6.1.141. This includes mitigations for CVE-2024-28956, which may negatively impact the performance of Intel machine types.
Security
Fixed KCTF-d35acc1 in the Linux kernel.
Change
Runtime sysctl changes:
- Changed: fs.file-max: 812035 -> 812041
June 18, 2025
Change
Runtime sysctl changes:
- Changed: fs.file-max: 812031 -> 812035
Security
Upgraded app-misc/jq to v1.8.0. This fixes CVE-2025-48060.
June 17, 2025
Feature
Fixed CVE-2024-41110 in Docker.
Security
Fixed CVE-2025-47273 in dev-python/setuptools.
Change
Runtime sysctl changes:
- Changed: fs.file-max: 812017 -> 812031
Security
Fixed CVE-2024-36903 in the Linux kernel.
Security
Updated systemd to v254.26. This resolves CVE-2025-4598.
Feature
Added support for Nvidia driver version 575.57.08.
Security
Fixed CVE-2024-26783 in the Linux kernel.
Security
Fixed CVE-2024-43840 in the Linux kernel.
Security
Fixed KCTF-ac9fe7d in the kernel.
Change
Updated cos-gpu-installer to v2.5.3.
June 02, 2025
Security
Fixed KCTF-8478a72 in the Linux kernel.
Security
Fixed CVE-2024-36927 in the Linux kernel.
Security
Fixed CVE-2024-23337 in app-misc/jq.
Fixed
Updated cos-gpu-installer to v2.5.2: Added support for OTHER/NO_GPU cases to enable GPU driver preloading on the ARM64 architecture and added support for IMEX Driver configuration installation for NVIDIA_GB200 machine.
Fixed
Upgraded sys-apps/less to v678.
Security
Fixed KCTF-3f98113 in the Linux kernel.
May 27, 2025
Feature
Support NVIDIA MFT Tools on COS.
Change
Runtime sysctl changes:
- Changed: fs.file-max: 812054 -> 812045
Security
Fixed CVE-2025-46836 in sys-apps/net-tools.
Security
Fixed CVE-20250-3198 in sys-libs/bintuils-libs.
Security
Fixed KCTF-b3bf8f6 in the Linux kernel.
May 12, 2025
Security
Fixed CVE-2024-26739 in the Linux kernel.
Security
Fixed KCTF-3df275e in the Linux kernel.
Change
Runtime sysctl changes:
- Changed: fs.file-max: 812040 -> 812054
Security
Updated apparmor to 3.1.6. This fixes CVE-2016-1585.
Security
Fixed CVE-2024-50063 in the Linux kernel.
Security
Fixed CVE-2025-21853 in the Linux kernel.
Security
Upgraded containerd to 1.7.27. Fixes CVE-2024-40635.
Security
Fixed KCTF-342debc in the Linux kernel.
Fixed
Fixed issue where modinfo could not display module signatures.
May 06, 2025
Security
Fixed CVE-2025-1178,CVE-2025-1182 and CVE-2025-1181 in sys-libs/binutils-libs.
Fixed
Upgraded sys-apps/grep to v3.12.
Security
Fixed CVE-2025-32414, CVE-2025-32415 in dev-libs/libxml2.
Fixed
Upgraded net-dns/libidn2 to v2.3.8.
Fixed
Updated dev-go/net to v0.39.0. This fixes CVE-2025-22870.
Security
Updated NVIDIA GPU drivers to v535.247.01 for default/ R535, v550.163.01 for R550 and v570.133.20 for latest/R570. This resolves CVE-2025-23244.
Fixed
Updated dev-go/protobuf to v1.33.0. This fixes CVE-2024-24786.
Fixed
Upgraded sys-apps/makedumpfile to v1.7.7.
Change
Added support for 7th generation TPU devices.
April 29, 2025
Announcement
This is an LTS Refresh Release.
Fixed
Upgraded sys-auth/pambase to v20250228.
Fixed
Upgraded dev-libs/double-conversion to v3.3.1.
Fixed
Upgraded app-arch/unzip to v6.0_p29.
Fixed
Upgraded net-libs/libtirpc to v1.3.6.
Fixed
Upgraded net-libs/libnetfilter_conntrack to v1.1.0.
Fixed
Upgraded app-admin/google-guest-configs to v20250221.00.
Fixed
Upgraded net-fs/cifs-utils to v7.3, Upgraded sys-libs/talloc to v2.4.2.
Fixed
Upgraded dev-db/sqlite to v3.49.1.
Security
Fixed CVE-2025-32728 in net-misc/openssh.
Fixed
Upgraded dev-lang/go to v1.21.13.
Fixed
Upgraded net-nds/rpcbind to v1.2.7.
Security
Updated dev-vcs/git to version 2.49.0. This fixed CVE-2024-52006, CVE-2024-50349
Fixed
Upgraded app-admin/sudo to v1.9.16_p2-r1.
Change
Runtime sysctl changes:
- Changed: fs.file-max: 812031 -> 812035
Fixed
Upgraded app-containers/docker-credential-helpers to v0.9.2.
Fixed
Upgraded sys-process/procps to v4.0.4-r2.
Fixed
Upgraded sys-apps/acl to v2.3.2-r2.
Fixed
Upgraded sys-libs/libcap to v2.71.
Fixed
Upgraded app-admin/google-guest-configs to v20250124.00.
Fixed
Upgraded dev-libs/nss to v3.107.
Fixed
Upgraded dev-libs/expat to v2.6.4.
April 25, 2025
Fixed
Reverted a change in the linux kernel which caused nfs directories to unexpectedly be mounted as ro instead of rw.
Change
Runtime sysctl changes:
- Changed: fs.file-max: 812031 -> 812016
Security
Fixed CVE-2025-21962 in the Linux kernel.
Security
Fixed CVE-2025-21980 in the Linux kernel.
Security
Fixed CVE-2025-22005 in the Linux kernel.
Security
Fixed CVE-2025-21922 in the Linux kernel.
Security
Fixed CVE-2025-21919 in the Linux kernel.
Security
Fixed CVE-2025-21963 in the Linux kernel.
Security
Fixed CVE-2024-48615 in app-arch/libarchive.
Security
Fixed CVE-2025-21964 in the Linux kernel.
Security
Fixed CVE-2025-21920 in the Linux kernel.
Security
Fixed CVE-2025-21997 in the Linux kernel.
Security
Fixed CVE-2025-21959 in the Linux kernel.
Security
Fixed CVE-2025-21898 in the Linux kernel.
April 14, 2025
Security
Fixed CVE-2024-35866 in the Linux kernel.
Security
Fixed CVE-2025-22868 in dev-go/oauth2.
Security
Fixed CVE-2025-21887 in the Linux kernel.
Fixed
Upgraded sys-apps/diffutils to v3.11-r2.
Fixed
Modified toolbox to use unified cgroup hierarchy mode, when possible, instead of hybrid mode.
Security
Updated dev-libs/expat to v2.7.0. This fixes CVE-2024-8176.
Security
Fixed KCTF-0c3057a in the Linux kernel.
Security
Fixed CVE-2025-21999 in the Linux kernel.
Change
Runtime sysctl changes:
- Changed: fs.file-max: 812050 -> 812031
Fixed
Upgraded dev-libs/libusb to v1.0.28.
Security
Fixed CVE-2025-21867 in the Linux kernel.
Security
Fixed CVE-2024-58083 in the Linux kernel.
March 31, 2025
Security
Fixed CVE-2025-21762 in the Linux kernel.
Security
Fixed CVE-2025-21764 in the Linux kernel.
Security
Fixed CVE-2024-56549 in the Linux kernel.
Security
Fixed KCTF-fcdd224 in the Linux kernel.
Security
Fixed CVE-2025-21727 in the Linux kernel.
Security
Fixed CVE-2023-52927 in the Linux kernel.
Security
Fixed CVE-2025-21796 in the Linux kernel.
Security
Fixed CVE-2025-21760 in the Linux kernel.
Security
Fixed CVE-2024-57979 in the Linux kernel.
Security
Fixed CVE-2025-21726 in the Linux kernel.
Security
Fixed CVE-2025-21763 in the Linux kernel.
Security
Update dev-go/net to v0.33.0. This fixed CVE-2023-45288.
Security
Fixed CVE-2025-21812 in the Linux kernel.
Security
Fixed CVE-2024-57977 in the Linux kernel.
March 24, 2025
Security
Fixed KCTF-647cef2 in the Linux kernel.
Security
Fixed CVE-2024-53166 in the Linux kernel.
Change
Runtime sysctl changes:
- Changed: fs.file-max: 812031 -> 812050
Security
Fixed CVE-2025-21716 in the Linux kernel.
Fixed
Fixed a race condition that could cause a kernel panic.
Change
Fixed an issue that resulted in missing grub boot measurements in some machine configurations.
Security
Fixed CVE-2024-58005 in the Linux kernel.
March 17, 2025
Security
Fixed CVE-2024-58017 in the Linux kernel.
Security
Fixed CVE-2025-21779 in the Linux kernel.
Security
Fixed CVE-2025-21858 in the Linux kernel.
Security
Fixed CVE-2023-45288 in app-containers/docker.
Security
Fixed CVE-2024-26982 in the Linux kernel.
Security
Fixed CVE-2024-57996 in the Linux kernel.
Security
Fixed CVE-2025-21844 in the Linux kernel.
Security
Fixed CVE-2025-21791 in the Linux kernel.
Security
Fixed CVE-2025-21814 in the Linux kernel.
Security
Fixed CVE-2025-21745 in the Linux kernel.
Feature
Added support for NVIDIA 570.124.06 GPU driver. Updated the R570, LATEST GPU driver label to version 570.124.06 for all GPU devices. Updated the DEFAULT GPU driver label to version 570.124.06 for NVIDIA_B200 and NVIDIA_H200 GPU devices.
Change
Runtime sysctl changes:
- Changed: fs.file-max: 812049 -> 812031
Security
Fixed CVE-2025-21864 in the Linux kernel.
Security
Fixed CVE-2025-21785 in the Linux kernel.
Security
Fixed CVE-2025-21846 in the Linux kernel.
March 12, 2025
Security
Fixed CVE-2024-53589 in sys-libs/libutils-libs.
Security
Fixed CVE-2025-26465 and CVE-2025-26466 in net-misc/openssh.
Security
Upgraded dev-go/crypto to v0.35.0. This fixes CVE-2025-22869.
Fixed
Fixed console TTY leak in runc shim in containerd.
Security
Upgraded dev-libs/libxml2 to v1.12.10. This fixes CVE-2025-27113.
Change
Runtime sysctl changes:
- Changed: fs.file-max: 812054 -> 812049
Security
Upgraded net-misc/wget to v1.25.0. This fixes CVE-2024-10524.
March 03, 2025
Fixed
Upgraded moby/buildkit to v0.12.5. This fixes CVE-2024-23653 in app-containers/docker v24.0.9.
Feature
Updated cos-gpu-installer to v2.4.8: Add the -skip-nvidia-smi flag to disable the execution of nvidia-smi verification during gpu driver installation.
Fixed
Upgraded sys-apps/diffutils to v3.11-r1.
Security
Fixed KCTF-638ba50 in the Linux kernel.
Fixed
Upgraded net-misc/socat to v1.8.0.3.
Security
Fixed CVE-2025-21690 in the Linux kernel.
Fixed
Upgraded sys-apps/which to v2.23.
February 24, 2025
Security
Fixed CVE-2025-0395 in sys-libs/glibc.
Security
Fixed CVE-2024-13176 in dev-libs/openssl.
Change
Runtime sysctl changes:
- Changed: fs.file-max: 812031 -> 812058
Security
Fixed CVE-2024-57951 in the Linux kernel.
Change
Updated app-admin/google-guest-configs to v20250207.00.
Security
Fixed CVE-2024-9287 in dev-lang/python.
Security
Fixed CVE-2024-57949 in the Linux kernel.
February 18, 2025
Security
Fixed CVE-2024-9287 in dev-lang/python.
Security
Fixed CVE-2025-0395 in sys-libs/glibc.
February 12, 2025
Security
Fixed CVE-2025-0840 in binutils.
Security
Fixed CVE-2025-21669 in the Linux kernel.
Security
Fixed CVE-2025-21667 in the Linux kernel.
Security
Fixed CVE-2025-21631 in the Linux kernel.
Security
Fixed CVE-2024-50047 in the Linux kernel.
Feature
Updated cos-gpu-installer to v2.4.7:
1.Added Support for NVIDIA B200 GPU.
2.Enabled --prepare-build-tools flag to preload GPU driver metadata for ARM64.
Fixed
Upgraded sys-apps/hwdata to v0.391.
Security
Fixed CVE-2024-49994 in the Linux kernel.
Security
Fixed CVE-2025-21683 in the Linux kernel.
Security
Fixed CVE-2024-40945 in the Linux kernel.
Change
Updated Konlet to v.0.13.4.
Fixed
Upgraded sys-apps/diffutils to v3.11.
Security
Fixed CVE-2024-56664 in the Linux kernel.
Change
Runtime sysctl changes:
- Changed: fs.file-max: 812027 -> 812031
Security
Fixed CVE-2024-50014 in the Linux kernel.
Security
Fixed CVE-2025-21666 in the Linux kernel.
Security
Fixed CVE-2024-50304 in the Linux kernel.
Security
Fixed CVE-2025-21665 in the Linux kernel.
Security
Fixed CVE-2025-21671 in the Linux kernel.
Feature
Support for NVIDIA B200 GPU – Added support for the R570 driver series, including version 570.86.15. This version has been assigned the latest, default, and R570 tags.
Change
Updated the default tag of the GPU driver supporting the NVIDIA H200 GPU device to 570.86.15.
February 03, 2025
Change
Runtime sysctl changes:
- Changed: fs.file-max: 812045 -> 812027
Feature
Added NVIDIA GPU driver's R570 branch. Updated the LATEST GPU driver label to version 570.86.15.
Security
Fixed CVE-2024-53170 in the Linux kernel.
Security
Fixed KCTF-bc50835 in the Linux kernel.
Security
Fixed CVE-2024-53124 in the Linux kernel.
Security
Fixed CVE-2024-53128 in the Linux kernel.
January 27, 2025
Security
Fixed CVE-2024-57890 in the Linux kernel.
Security
Fixed CVE-2024-45306 and CVE-2024-47814 in vim.
Change
Runtime sysctl changes:
- Changed: fs.file-max: 812035 -> 812045
Security
Fixed CVE-2024-45306 and CVE-2024-47814 in vim-core.
Security
Update NVIDIA GPU drivers to v535.230.02 for default/R535 and v550.144.03 for R550 for all GPUs. This resolves CVE-2024-53869, CVE-2024-0150, CVE-2024-0149, CVE-2024-0147 and CVE-2024-0131.
Fixed
Upgraded sys-apps/file to v5.46-r2.
Security
Fixed CVE-2024-49926 in the Linux kernel.
Security
Fixed CVE-2024-57841 in the Linux kernel.
Security
Upgraded net-misc/curl to version 8.11.1-r2. Fixes CVE-2024-11053.
Security
Upgraded dev-libs/libxml2 to version 2.12.9. This fixes CVE-2024-40896.
Security
Upgraded dev-go/crypto to v0.31.0. This fixes CVE-2024-45337.
Security
Fixed KCTF-8ea6073 and CVE-2024-50164 in the Linux kernel.
Feature
Added NVIDIA GPU drivers R565 branch - Update R565, latest driver to v565.57.01.
January 17, 2025
Change
Runtime sysctl changes:
- Changed: fs.file-max: 812027 -> 812035
Security
Upgraded rsync to version 3.3.0-r2. This fixes CVE-2024-12084, CVE-2024-12085, CVE-2024-12086, CVE-2024-12087, CVE-2024-12088, and CVE-2024-12747.
January 13, 2025
Fixed
Upgraded sys-apps/file to v5.46-r1.
Security
Fixed CVE-2024-53052 in the Linux kernel.
Security
Fixed CVE-2024-53096 in the Linux kernel.
Change
Upgraded nvidia-container-toolkit to v1.17.3.
Fixed
Upgraded dev-python/configobj to v5.0.9.
Fixed
Upgraded net-misc/socat to v1.8.0.2.
Change
Runtime sysctl changes:
- Changed: fs.file-max: 812045 -> 812027
Fixed
Upgraded dev-libs/nss to v3.105.
Fixed
Upgraded app-admin/google-osconfig-agent to v20240927.00.
January 06, 2025
Security
Fixed CVE-2024-53099 in the Linux kernel.
Security
Fixed KCTF-5eb7de8 in the Linux kernel.
Change
Runtime sysctl changes:
- Changed: fs.file-max: 812030 -> 812045
Security
Fixed KCTF-f8d4bc4 in the Linux kernel.
January 02, 2025
Security
Upgraded nvidia-container-toolkit to v1.17.0. This fixes CVE-2024-0134.
Security
Fixed CVE-2024-50194 in the linux kernel.
Security
Fixed CVE-2024-49996 in the Linux kernel.
Fixed
Updated google.golang.org/grpc to v1.56.3 and upgrade golang.org/x/net to v0.23.0 in docker and cri-tools. This fixes CVE-2023-44487 and CVE-2023-45288.
Security
Fixed CVE-2024-49861 in the Linux kernel.
Security
Fixed CVE-2024-53100 in the Linux kernel.
Security
Fixed CVE-2024-50055 in the Linux kernel.
Security
Fixed CVE-2024-47745 in the Linux kernel.
Change
Runtime sysctl changes:
- Changed: fs.file-max: 812036 -> 812030
Security
Fixed CVE-2024-50256 in the Linux kernel.
Security
Fixed CVE-2024-53140 in the Linux kernel.
Security
Fixed CVE-2024-53093 in the Linux kernel.
December 16, 2024
Security
Fixed CVE-2024-53113 in the Linux kernel.
Change
Upgraded sys-apps/hwdata to v0.390.
Security
Fixed CVE-2024-50191 in the Linux kernel.
Fixed
Disabled CONFIG_DEBUG_PREEMPT in the Linux kernel. This should improve performance for some workloads.
Security
Fixed CVE-2024-50186 in the Linux kernel.
Security
Fixed CVE-2024-53121 in the Linux kernel.
Security
Fixed CVE-2024-53119 in the Linux kernel.
Security
Fixed CVE-2024-53136 in the Linux kernel.
Security
Fixed CVE-2024-53135 in the Linux kernel.
Change
Upgraded sys-apps/file to v5.46.
Change
Updated app-admin/google-guest-configs to v20241205.00.
December 09, 2024
Feature
Support NVIDIA_H200 GPU - Added support for the R560 series, including driver versions 560.35.03. Added support for the R550 series, including driver versions 550.127.05 and 550.90.12. Assigned the latest, default, and R560 tags to driver version 560.35.03. Assigned the R550 tag to driver version 550.127.05.
Change
Runtime sysctl changes:
- Changed: fs.file-max: 812030 -> 812026
Security
Fixed CVE-2024-50278 in the Linux kernel.
Feature
Upgraded cos-gpu-installer to v2.4.6: Support NVIDIA_H200 GPU in cos-gpu-installer
December 04, 2024
Security
Fixed CVE-2024-50215 in the Linux kernel.
Change
Upgraded containerd from 1.7.23 to 1.7.24.
Security
Fixed CVE-2024-50251 in the Linux kernel.
Security
Fixed CVE-2024-50162 in the Linux kernel.
Security
Fixed CVE-2024-49948 in the Linux kernel.
Security
Fixed CVE-2024-50060 in the Linux kernel.
Security
Fixed CVE-2024-50154 in the Linux kernel.
Security
Fixed CVE-2024-50192 in the Linux kernel.
Security
Fixed CVE-2024-50262 in the Linux kernel.
Security
Fixed CVE-2024-50163 in the Linux kernel.
Security
Fixed CVE-2024-50147 in the Linux kernel.
Fixed
Upgraded cos-gpu-installer to v2.4.4. This fixes an issue where GPU drivers that only have two numeric version components could not be loaded.
Change
Upgraded net-misc/socat to v1.8.0.1.
Change
Upgraded sys-apps/less to v668.
Security
Fixed CVE-2024-49878 in the Linux kernel.
Change
Upgraded sys-process/lsof to v4.99.4.
Security
Fixed CVE-2024-50072 in the Linux kernel.
Security
Fixed CVE-2024-49949 in the Linux kernel.
Security
Fixed CVE-2024-50279 in the Linux kernel.
Security
Fixed CVE-2024-49927 in the Linux kernel.
Security
Fixed CVE-2024-53054 in the Linux kernel.
Change
Upgraded sys-apps/makedumpfile to v1.7.6.
Security
Fixed CVE-2024-50228 in the Linux kernel.
Security
Fixed KCTF-6ca5753 in the Linux kernel.
Security
Fixed CVE-2024-50142 in the Linux kernel.
Security
Fixed CVE-2024-50099 in the Linux kernel.
Change
Runtime sysctl changes:
- Changed: fs.file-max: 811954 -> 812030.
Security
Fixed CVE-2024-50036 in the Linux kernel.
Change
Upgraded app-shells/dash to v0.5.12-r1.
Change
Updated app-admin/google-guest-configs to 20241121.00. This enables intent based NIC naming scheme.
Security
Fixed CVE-2024-50271 in the Linux kernel.
Security
Fixed CVE-2024-50101 in the Linux kernel.
Security
Updated net-misc/curl to v8.11.0. This fixes CVE-2024-9681. Added duphandle-init-netrc.patch, netrc-large-file.patch, setopt-http_content_decoding.patch to fix regression issues in curl v8.11.0.
Security
Fixed CVE-2024-50257 in the Linux kernel.
Security
Fixed CVE-2024-53042 in the Linux kernel.
Security
Fixed CVE-2024-50153 in the Linux kernel.
Security
Fixed CVE-2024-50272 in the Linux kernel.
Security
Fixed CVE-2024-53082 in the Linux kernel.
Security
Fixed CVE-2024-50143 in the Linux kernel.
Security
Fixed CVE-2024-50151 in the Linux kernel.
Security
Fixed CVE-2024-53066 in the Linux kernel.
Security
Fixed CVE-2024-50195 in the Linux kernel.
Security
Fixed CVE-2024-50141 in the Linux kernel.
November 18, 2024
Security
Fixed CVE-2024-49952 in the Linux kernel.
Security
Fixed CVE-2024-50115 in the Linux kernel.
Security
Fixed CVE-2024-49959 in the Linux kernel.
Security
Fixed CVE-2024-50010 in the Linux kernel.
Security
Fixed CVE-2024-49954 in the Linux kernel.
Security
Fixed CVE-2024-50138 in the Linux kernel.
Security
Fixed CVE-2024-50095 in the Linux kernel.
Security
Fixed CVE-2024-50110 in the Linux kernel.
Security
Fixed CVE-2024-50131 in the Linux kernel.
Security
Fixed CVE-2024-49946 in the Linux kernel.
November 11, 2024
Security
Updated runc to version 1.1.14. This fixes CVE-2024-45310, CVE-2024-9341, CVE-2024-9407, and CVE-2024-9675.
Security
Fixed CVE-2024-50083 in the Linux kernel.
Security
Fixed KCTF-2e95c43 in the Linux kernel.
Security
Fixed CVE-2024-50602 in dev-libs/expat.
Security
Fixed CVE-2024-50038 in the Linux kernel.
Change
Runtime sysctl changes:
- Changed: fs.file-max: 812026 -> 812011
Security
Fixed CVE-2024-50024 in the Linux kernel.
Security
Fixed CVE-2024-50082 in the Linux kernel.
November 06, 2024
Security
Fixed CVE-2024-47706 in the Linux kernel.
Security
Fixed CVE-2024-47737 in the Linux kernel.
Security
Fixed CVE-2024-50006 in the Linux kernel.
Security
Fixed CVE-2024-47693 in the Linux kernel.
Security
Fixed CVE-2024-49850 in the Linux kernel.
Security
Fixed CVE-2024-49883 in the Linux kernel.
Change
Runtime sysctl changes:
- Changed: fs.file-max: 812035 -> 812026
Security
Fixed CVE-2024-47678 in the Linux kernel.
Security
Fixed CVE-2024-49851 in the Linux kernel.
Security
Fixed CVE-2024-49870 in the Linux kernel.
Security
Fixed CVE-2024-49860 in the Linux kernel.
Security
Fixed CVE-2024-49983 in the Linux kernel.
Security
Fixed CVE-2024-49975 in the Linux kernel.
Security
Fixed CVE-2024-47742 in the Linux kernel.
Security
Fixed CVE-2024-49884 in the Linux kernel.
Security
Fixed CVE-2024-50002 in the Linux kernel.
Security
Fixed CVE-2024-50045 in the Linux kernel.
Security
Fixed CVE-2024-47696 in the Linux kernel.
Security
Fixed CVE-2024-47692 in the Linux kernel.
Security
Fixed CVE-2024-49875 in the Linux kernel.
Security
Fixed CVE-2024-50039 in the Linux kernel.
Security
Fixed CVE-2024-49858 in the Linux kernel.
Security
Fixed CVE-2024-49967 in the Linux kernel.
Security
Fixed CVE-2024-47682 in the Linux kernel.
Security
Fixed CVE-2024-50035 in the Linux kernel.
Security
Fixed CVE-2024-49978 in the Linux kernel.
Security
Fixed CVE-2024-50001 in the Linux kernel.
Security
Fixed CVE-2024-47727 in the Linux kernel.
Security
Fixed CVE-2024-50046 in the Linux kernel.
Security
Fixed CVE-2024-50019 in the Linux kernel.
Security
Fixed CVE-2024-47701 in the Linux kernel.
Security
Fixed CVE-2024-47734 in the Linux kernel.
Security
Fixed CVE-2024-49889 in the Linux kernel.
Security
Fixed CVE-2024-47684 in the Linux kernel.
Security
Fixed CVE-2024-49881 in the Linux kernel.
Security
Fixed CVE-2024-47707 in the Linux kernel.
Security
Fixed CVE-2024-49993 in the Linux kernel.
Security
Fixed CVE-2024-47739 in the Linux kernel.
Security
Fixed CVE-2024-47728 in the Linux kernel.
Security
Fixed CVE-2024-47705 in the Linux kernel.
Security
Fixed CVE-2024-50033 in the Linux kernel.
Security
Fixed CVE-2024-47710 in the Linux kernel.
Security
Fixed CVE-2024-47743 in the Linux kernel.
Security
Fixed CVE-2024-49936 in the Linux kernel.
Security
Fixed CVE-2024-50000 in the Linux kernel.
Security
Fixed CVE-2024-50015 in the Linux kernel.
Security
Updated NVIDIA GPU drivers to v535.216.01 for default/R535 and v550.127.05 for R550 for all GPUs. This resolves CVE-2024-0126.
Security
Fixed CVE-2024-47679 in the Linux kernel.
October 28, 2024
Change
Runtime sysctl changes:
- Changed: fs.file-max: 812026 -> 812035
Security
Fixed CVE-2024-38632 in the Linux kernel.
Security
Fixed CVE-2024-47685 in the Linux kernel.
October 21, 2024
Change
Upgraded app-containers/cni-plugins to v1.5.1.
Change
Upgraded app-containers/docker-credential-gcr to v2.1.23.
Change
Upgraded app-admin/google-guest-configs to v20240725.00.
Change
Upgraded net-libs/libtirpc to v1.3.4-r3.
Change
Upgraded sys-apps/acl to v2.3.2-r1.
Change
Upgraded sys-libs/gdbm to v1.24.
Change
Upgraded sys-libs/libcap-ng to v0.8.5.
Change
Upgraded sys-process/procps to v4.0.4-r1.
Feature
Added NVIDIA GPU drivers R560 branch - Updated the R560 and latest drivers to v560.35.03.
Change
Upgraded dev-libs/double-conversion to v3.3.0.
Fixed
Identify GPU drivers before installation.
Change
Upgraded app-containers/docker-credential-helpers to v0.8.2.
Change
Upgraded sys-libs/libcap to v2.70.
Change
Upgraded app-arch/gzip to v1.13-r1.
Change
Upgraded sys-fs/xfsprogs to v6.8.0.
Security
Updated app-arch/libarchive to version 3.7.6. This fixed CVE-2024-48957, CVE-2024-48958.
Change
Upgraded dev-python/jinja to v3.1.4.
Security
Fixed CVE-2024-44958 in the Linux kernel.
Change
Upgraded dev-db/sqlite to v3.46.0.
Security
Fixed CVE-2024-43892 in the Linux kernel.
Change
Upgraded app-arch/lz4 to v1.10.0-r1.
Feature
Updated the R550 and latest drivers to v550.90.12.
Change
Updated app-containers/containerd to 1.7.23.
October 14, 2024
Security
Fixed CVE-2024-45003 in the Linux kernel.
Change
Runtime sysctl changes:
- Changed: fs.file-max: 812030 -> 812026
Security
Fixed CVE-2024-46829 in the Linux kernel.
Security
Fixed CVE-2024-44970 in the Linux kernel.
Security
Fixed CVE-2024-46848 in the Linux kernel.
Security
Fixed CVE-2024-46855 in the Linux kernel.
Security
Fixed CVE-2024-44965 in the Linux kernel.
Security
Fixed CVE-2024-43853 in the Linux kernel.
October 07, 2024
Security
Upgraded to v1.16.2. Fixed CVE-2024-0132 and CVE-2024-0133.
Change
Runtime sysctl changes:
- Changed: fs.file-max: 812026 -> 812030
Feature
Update R535, default driver to v535.183.06.
Security
Fixed CVE-2024-46750 in the Linux kernel.
Fixed
Updated the GPU installer to v2.4.1.
Fixed
Disabled MGLRU by default due to integration issues with Kubernetes.
Security
Fixed CVE-2024-46744 in the Linux kernel.
September 30, 2024
Security
Fixed CVE-2024-46721 in the Linux kernel
Security
Fixed CVE-2024-46738 in the Linux kernel
Security
Fixed CVE-2024-46763 in the Linux kernel.
Change
Upgraded app-admin/google-guest-configs to v20240725.00.
Security
Fixed CVE-2024-46737 in the Linux kernel
Security
Fixed CVE-2024-46800 in the Linux kernel
Fixed
Updated cos-gpu-installer to v2.4.0. It identifies GPU drivers before installation.
Security
Fixed CVE-2024-46743 in the Linux kernel
Security
Fixed CVE-2024-46679 in the Linux kernel.
Feature
Fixed A3 Edge VM names in google guest agent configs.
September 23, 2024
Security
Fixed CVE-2024-44944 in the Linux kernel
Security
Fixed CVE-2024-7592 in dev-lang/python.
Security
Fixed CVE-2024-44989 in the Linux kernel
Security
Fixed CVE-2024-45000 in the Linux kernel
Fixed
Updated net-misc/curl to 8.10.0.
Security
Fixed CVE-2024-46686 in the Linux kernel
Security
Fixed CVE-2024-41012 in the Linux kernel
Change
Updated app-containers/containerd to 1.7.22.
Security
Fixed CVE-2024-45021 in the Linux kernel
Security
Fixed CVE-2024-43893 in the Linux kernel
Security
Fixed CVE-2024-45022 in the Linux kernel
Security
Fixed CVE-2024-44952 in the Linux kernel
Security
Fixed CVE-2024-44947 in the Linux kernel
Security
Fixed CVE-2024-43871 in the Linux kernel
Security
Fixed CVE-2024-44940 in the Linux kernel
Security
Fixed CVE-2024-44983 in the Linux kernel
Security
Fixed CVE-2024-45025 in the Linux kernel
Security
Fixed CVE-2024-43817 in the Linux kernel
Security
Fixed CVE-2024-43914 in the Linux kernel
Security
Fixed CVE-2023-27043 in dev-lang/python.
Security
Fixed CVE-2024-44990 in the Linux kernel
Security
Fixed CVE-2024-42307 in the Linux kernel
Security
Fixed CVE-2024-45018 in the Linux kernel
September 16, 2024
Security
Updated dev-libs/expat to version v2.6.3. This fixed CVE-2024-45492, CVE-2024-45490, CVE-2024-45491.
Security
Fixed CVE-2024-44985 in the Linux kernel
Security
Fixed CVE-2024-6119 in net-libs/openssl.
Change
Runtime sysctl changes:
- Changed: fs.file-max: 812022 -> 812026
Security
Fixed CVE-2024-42302 in the Linux kernel
Security
Fixed CVE-2024-43873 in the Linux kernel
Fixed
Updated dev-lang/python to v3.8.19_p1. This fixes CVE-2007-4559.
Security
Fixed CVE-2024-6232 in dev-lang/python.
Security
Fixed CVE-2024-43882 in the Linux kernel
Security
Fixed CVE-2023-7256 in net-libs/libpcap.
Security
Fixed CVE-2024-44987 in the Linux kernel
Security
Fixed CVE-2024-44986 in the Linux kernel
September 09, 2024
Security
Fixes CVE-2024-43837 in the Linux kernel.
Security
Fixes CVE-2024-43855 in the Linux kernel.
Security
Fixes CVE-2024-41073 in the Linux kernel.
Security
Fixes CVE-2024-41057 in the linux kernel.
Change
Runtime sysctl changes:
- Changed: fs.file-max: 812039 -> 812022
Security
Fixes CVE-2024-42302 in the Linux kernel.
Security
Fixes CVE-2024-43828 in the Linux kernel.
Security
Fixes CVE-2024-41058 in the Linux kernel.
Security
Fixes CVE-2024-43889 in the Linux kernel.
Security
Fixes CVE-2024-43856 in the Linux kernel.
Security
Fixes CVE-2024-43854 in the Linux kernel.
Security
Fixes CVE-2024-42316 in the Linux kernel.
Security
Fixes CVE-2024-41098 in Linux kernel.
Security
Fixes CVE-2024-37370, CVE-2024-37371 in app-crypt/mit-krb5.
Change
Updated app-containers/containerd to 1.7.21.
September 03, 2024
Security
Fixed CVE-2023-52889 in the Linux kernel.
Security
Fixed CVE-2024-42283 in the Linux kernel.
Security
Updated app-editors/vim, app-editors/vim-core to version 9.1.0686. This fixed CVE-2024-41957, CVE-2024-41965.
Security
Fixed CVE-2024-42269 in the Linux kernel.
Security
Fixed CVE-2024-42268 in the Linux kernel.
Security
Fixed CVE-2024-42285 in the Linux kernel.
Security
Fixed CVE-2024-42270 in the Linux kernel.
Security
Fixed KCTF-c07ff85 in the Linux kernel.
Change
Runtime sysctl changes:
- Changed: fs.file-max: 812030 -> 812039
August 26, 2024
Fixed
Updated google-osconfig-agent to v20240822.00.
August 20, 2024
Security
Downgraded setuptools to v65.6.3. Cherry-picked upstream fix for CVE-2024-6345.
Security
Fixed CVE-2024-6602 in dev-libs/nss
Change
Upgraded sys-apps/pv to v1.8.12.
Change
Runtime sysctl changes:
- Added: vm.unprivileged_userfaultfd: 0
- Changed: fs.file-max: 812026 -> 812045
- Changed: net.ipv4.tcp_rto_min_us: 200000 -> 5000
August 12, 2024
Change
cos-113-18244-151-14
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.1.100 | v24.0.9 | v1.7.19 | v535.183.01(default),v550.90.07(latest),v470.256.02(R470 for compatibility with K80 GPUs) |
Change
Runtime sysctl changes:
- Changed: fs.file-max: 812030 -> 812026
Security
Updated net-misc/curl to version 8.9.1. This fixed CVE-2024-7264.
Security
Updated dev-libs/openssl to version 3.0.14 and added patch for CVE-2024-5535. This fixed CVE-2024-2511, CVE-2024-4603, CVE-2024-4741, CVE-2024-5535.
Security
Fixed CVE-2024-39472 in the Linux kernel.
Fixed
Downgraded sys-apps/ethtool to v6.7.
August 06, 2024
Change
cos-113-18244-151-9
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.1.100 | v24.0.9 | v1.7.19 | v535.183.01(default),v550.90.07(latest),v470.256.02(R470 for compatibility with K80 GPUs) |
Feature
Enabled the feature to utilize the gpu_driver_versions proto file for controlling the specific GPU driver version to be installed for each GPU type.
Feature
Removed crash-reporter KVM support.
Feature
Removed dev-go/grpc.
Security
Upgraded dev-python/setuptools to v70.3.0. This fixes CVE-2024-6345.
Security
Upgraded curl to v8.9.0. This fixes CVE-2024-6197.
Change
Upgraded sys-apps/less to v661.
Change
Upgraded app-admin/google-guest-configs to 20240607.00.
Feature
Upgraded cos-gpu-installer to v2.3.5 - Improved error messaging for incompatible GPU driver input.
Change
Upgraded net-misc/rsync to v3.2.7-r5.
Change
Upgraded app-containers/containerd to 1.7.19.
Change
Runtime sysctl changes:
- Changed: fs.file-max: 812026 -> 812030
July 31, 2024
Change
cos-113-18244-85-65
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.1.90 | v24.0.9 | v1.7.15 | v535.183.01(default),v550.90.07(latest),v470.256.02(R470 for compatibility with K80 GPUs) |
Change
Runtime sysctl changes:
- Changed: fs.file-max: 812041 -> 812026
July 22, 2024
Change
cos-113-18244-85-64
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.1.90 | v24.0.9 | v1.7.15 | v535.183.01(default),v550.90.07(latest),v470.256.02(R470 for compatibility with K80 GPUs) |
Security
Fixed CVE-2024-39474 in the Linux kernel
Security
Fixed CVE-2024-39476 in the Linux kernel
Security
Fixed CVE-2024-38662 in the Linux kernel
Security
Fixed CVE-2024-39482 in the Linux kernel
Fixed
Disable NVIDIA persistence mode with -no-verify flag
Security
Fixed CVE-2024-36891 in the Linux kernel
Security
Fixed CVE-2024-39894 in net-misc/openssh.
Change
Runtime sysctl changes:
- Changed: fs.file-max: 812036 -> 812041
July 15, 2024
Change
cos-113-18244-85-54
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.1.90 | v24.0.9 | v1.7.15 | v535.183.01(default),v550.90.07(latest),v470.256.02(R470 for compatibility with K80 GPUs) |
Feature
Added the package revision number to the SSH banner in net-misc/openssh.
Feature
Updated cos-gpu-installer to v2.3.5.
Security
Fixed CVE-2024-36978 in the Linux kernel.
Security
Updated net-misc/wget to version 1.24.5. This fixed CVE-2024-38428.
July 01, 2024
Change
cos-113-18244-85-49
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.1.90 | v24.0.9 | v1.7.15 | v535.183.01(default),v550.90.07(latest),v470.256.02(R470 for compatibility with K80 GPUs) |
Change
Upgraded net-misc/curl to v8.8.0-r1.
Security
Fixed CVE-2024-6387 in net-misc/openssh.
Change
Runtime sysctl changes:
- Added: net.ipv4.tcp_rto_min_us: 200000
- Changed: fs.file-max: 812039 -> 812035
Change
Upgraded sys-apps/grep to v3.11-r1.
Change
Upgraded sys-apps/hwdata to v0.383.
Security
Fixed CVE-2024-36901 in the Linux kernel.
Change
Upgraded sys-apps/sed to v4.9-r1.
Change
Upgraded sys-apps/pv to v1.8.10.
Change
Upgraded sys-block/thin-provisioning-tools to v0.9.0-r4.
Feature
Added tcp_rto_min_us sysctl.
Change
Upgraded dev-embedded/libftdi to v1.5-r7.
Security
Fixed CVE-2024-35195 in dev-python/requests.
Change
Upgraded dev-libs/libusb to v1.0.27-r1.
Change
Upgraded sys-apps/ethtool to v6.9.
Change
Upgraded sys-apps/dmidecode to v3.6.
Security
Upgraded dev-lang/go to v1.21.11. This fixes CVE-2024-24790 and CVE-2024-24789.
Change
Upgraded app-admin/logrotate to v3.22.0.
June 24, 2024
Change
cos-113-18244-85-39
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.1.90 | v24.0.9 | v1.7.15 | v535.183.01(default),v550.90.07(latest),v470.256.02(R470 for compatibility with K80 GPUs) |
Fixed
Fixed a crash in the Linux kernel.
Change
Added support for TPU v6 devices.
Change
Runtime sysctl changes:
- Changed: fs.file-max: 812036 -> 812039
June 18, 2024
Change
cos-113-18244-85-36
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.1.90 | v24.0.9 | v1.7.15 | v535.183.01(default),v550.90.07(latest),v470.256.02(R470 for compatibility with K80 GPUs) |
Security
Fixes CVE-2024-36902 in the Linux kernel.
Change
Runtime sysctl changes:
- Changed: fs.file-max: 812002 -> 812036
Security
Upgraded app-arch/lz4 to 1.9.4. Fixes CVE-2021-3520.
Security
Fixes CVE-2024-36938 in the Linux kernel.
Feature
Mount efivarfs fs by default on EFI-enabled systems.
Security
Upgraded app-arch/libarchive to version 3.7.4. Fixes CVE-2024-26256.
Security
Update R550, latest driver to v550.90.07.This fixes CVE-2024-0090, CVE-2024-0091, CVE-2024-0092 Update R535, default driver to v535.183.01.This fixes CVE-2024-0090, CVE-2024-0092 Update R470 to v470.256.02.This fixes CVE-2024-0090, CVE-2024-0092
June 10, 2024
Change
cos-beta-113-18244-85-29
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.1.90 | v24.0.9 | v1.7.15 | v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs) |
Security
Updated cos-gpu-installer to v2.3.4. This fixes CVEs: CVE-2023-29402, CVE-2023-29405, CVE-2023-29404, CVE-2023-24540, CVE-2023-24538, CVE-2022-41721, GHSA-m425-mq94-257g, CVE-2022-41715, CVE-2022-30633, CVE-2022-41724, CVE-2022-2880, CVE-2022-30631, CVE-2021-29923, CVE-2022-24675, CVE-2022-30580, CVE-2022-41723, CVE-2023-24534, CVE-2022-41725, CVE-2022-2879, CVE-2023-24539, CVE-2022-30635, CVE-2023-45285, CVE-2022-32149, CVE-2023-24537, CVE-2022-32189, CVE-2022-28131, CVE-2023-39323, CVE-2022-28327, CVE-2022-30630, CVE-2023-44487, CVE-2023-39325, CVE-2022-27664, CVE-2023-45287, CVE-2023-29400, CVE-2023-24536, CVE-2023-29403, CVE-2022-30632, CVE-2023-39318, CVE-2020-29511, CVE-2024-24786, CVE-2023-3978, CVE-2022-41717, CVE-2022-32148, CVE-2023-39326, CVE-2023-45288, CVE-2022-1962, CVE-2023-24532, CVE-2023-39319, CVE-2022-1705, CVE-2020-29509, CVE-2023-29406, CVE-2023-29409, CVE-2022-30629
Fixed
Fixed frequent restarts in fluent-bit stackdriver plugin.
Change
Runtime sysctl changes:
- Changed: fs.file-max: 812026 -> 812002
Fixed
Updated cos-gpu-installer to v2.3.3. This resolves potential synchronization issues and ensures proper cleanup of mounts in GPU driver installation directory configuration.
June 03, 2024
Change
cos-113-18244-85-24
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.1.90 | v24.0.9 | v1.7.15 | v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs) |
Fixed
Updated cos-gpu-installer to v2.3.2.
Fixed
Fixed a bug in auto update engine when confidential VMs are enabled.
Security
Fixed CVE-2024-34459 in the libxml2 package.
May 28, 2024
Change
cos-113-18244-85-17
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.1.90 | v24.0.9 | v1.7.15 | v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs) |
Security
Updated dev-vcs/git to v2.45.1. This resolves CVE-2024-32002, CVE-2024-32020, CVE-2024-32465, CVE-2024-32004, CVE-2024-32021.
Change
Runtime sysctl changes:
- Changed: fs.file-max: 812391 -> 812030
Feature
Improved boot time on A3 machines by around 5 seconds.
Security
Fixed CVE-2024-21626 in runc in kubelet.
May 20, 2024
Change
cos-113-18244-85-14
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.1.90 | v24.0.9 | v1.7.15 | v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs) |
Fixed
Added support for nft_fib family of modules in the Linux kernel.
Change
Upgraded sys-libs/timezone-data to v2024a-r1.
Change
Updated cos-gpu-installer to v2.3.1.
Change
Upgraded sys-apps/less to v643-r2.
May 13, 2024
Change
cos-113-18244-85-5
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.1.90 | v24.0.9 | v1.7.15 | v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs) |
Security
Fixed CVE-2024-26809 in the Linux kernel.
Security
Fixed CVE-2024-26900 in the Linux kernel.
Change
Upgraded app-containers/docker and app-containers/docker-cli to v24.0.9.
Security
Fixed CVE-2024-26884 in the Linux kernel.
Security
Fixed CVE-2024-26883 in the Linux kernel.
Change
Runtime sysctl changes:
- Added: net.core.mem_pcpu_rsv: 256
- Changed: fs.epoll.max_user_watches: 1809474 -> 1809452
- Changed: fs.file-max: 812400 -> 812391
- Changed: kernel.threads-max: 63504 -> 63503
- Changed: net.ipv4.tcp_mem: 94068 125424 188136 -> 94065 125423 188130
- Changed: net.ipv4.udp_mem: 188136 250848 376272 -> 188133 250847 376266
- Changed: user.max_cgroup_namespaces: 31752 -> 31751
- Changed: user.max_ipc_namespaces: 31752 -> 31751
- Changed: user.max_mnt_namespaces: 31752 -> 31751
- Changed: user.max_net_namespaces: 31752 -> 31751
- Changed: user.max_pid_namespaces: 31752 -> 31751
- Changed: user.max_time_namespaces: 31752 -> 31751
- Changed: user.max_user_namespaces: 31752 -> 31751
- Changed: user.max_uts_namespaces: 31752 -> 31751
Security
Fixed CVE-2024-26882 in the Linux kernel.
Security
Fixed issues with the SRSO vulnerability mitigation (CVE-2023-20569). This fix might negatively impact the performance of your workloads on AMD machine types.
Feature
Added support for i6300 watchdog timer device.
Security
Fixed CVE-2024-26885 in the Linux kernel.
Change
Upgraded sys-boot/grub-lakitu to the FC 39's current version.
Fixed
Uprev GPU driver version to v470.239.06.
Change
Upgraded app-admin/google-guest-agent to v20240314.00.
Security
Fixed CVE-2024-26907 in the Linux kernel.
Change
Upgraded app-emulation/cloud-init to v23.4.4.
Change
Upgraded app-admin/google-osconfig-agent to v20240501.00.
Change
Upgraded app-admin/google-guest-configs to v20240307.00.
Change
Upgraded app-admin/node-problem-detector to v0.8.18.
Security
Fixed CVE-2021-36084, CVE-2021-36085, CVE-2021-36086, CVE-2021-36087 in sys-libs/libsepol.
May 06, 2024
Change
cos-113-18244-1-65
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.1.77 | v24.0.9 | v1.7.15 | v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs) |
Security
Fixed CVE-2023-52620 in Linux kernel.
Change
Upgraded app-admin/sosreport to v4.7.1.
Change
Updated cos-gpu-installer to v2.3.0.
Change
Upgraded sys-apps/makedumpfile to v1.7.5.
May 01, 2024
Change
cos-113-18244-1-61
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.1.77 | v24.0.9 | v1.7.15 | v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs) |
Security
Fixed CVE-2023-50387, CVE-2023-50868 in sys-apps/systemd.
Security
Fixed CVE-2024-3772 in dev-python/pydantic.
Security
Fixed CVE-2023-4641 in sys-apps/shadow.
Security
Updated dev-vcs/git to version VERSION. This fixes CVE-2023-22490, CVE-2023-23946, CVE-2023-25652, CVE-2023-25815, CVE-2023-29007.
Fixed
Updated Konlet to v.0.12.0. This fixes an iptables compatibility issue.
Security
Updated net-misc/curl to version 8.7.1. This fixes CVE-2024-2004, CVE-2024-2379, CVE-2024-2398, CVE-2024-2466.
Security
Fixed CVE-2024-26601 in the Linux kernel.
Security
Fixed CVE-2023-32681 in dev-python/requests.
Security
Updated net-dns/c-ares to version 1.27. This fixes CVE-2024-25629.
Security
Fixed CVE-2024-26602 in the Linux kernel.
Security
Updated dev-libs/expat to version 2.6.2. This fixes CVE-2024-28757.
Security
Fixed CVE-2024-26603 in the Linux kernel.
Security
Fixed CVE-2023-0687, CVE-2024-2961, CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602 in sys-libs/glibc.
Security
Fixed CVE-2024-28182 in net-libs/nghttp2.
Security
Updated dev-python/pyyaml to version 6.0.1. This fixes CVE-2017-18342, CVE-2019-20477, CVE-2020-14343, CVE-2020-1747.
Security
Fixed CVE-2023-5388 in dev-libs/nss.
April 23, 2024
Change
cos-beta-113-18244-1-44
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.1.77 | v24.0.9 | v1.7.15 | v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs) |
Security
Fixed CVE-2024-26642 in the Linux kernel.
Security
Fixed CVE-2024-26642, CVE-2024-26643 in the Linux kernel.
Change
Runtime sysctl changes:
- Changed: fs.file-max: 812399 -> 812400
- Changed: kernel.threads-max: 63503 -> 63504
- Changed: user.max_cgroup_namespaces: 31751 -> 31752
- Changed: user.max_ipc_namespaces: 31751 -> 31752
- Changed: user.max_mnt_namespaces: 31751 -> 31752
- Changed: user.max_net_namespaces: 31751 -> 31752
- Changed: user.max_pid_namespaces: 31751 -> 31752
- Changed: user.max_time_namespaces: 31751 -> 31752
- Changed: user.max_user_namespaces: 31751 -> 31752
- Changed: user.max_uts_namespaces: 31751 -> 31752
Change
Updated app-containers/containerd to v1.7.15.
April 15, 2024
Change
cos-113-18244-1-37
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.1.77 | v24.0.9 | v1.7.10 | v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs) |
Feature
Fixed integrity-fs dm-crypt creation flakiness.
Change
Runtime sysctl changes:
- Changed: fs.file-max: 812400 -> 812399
- Changed: kernel.threads-max: 63504 -> 63503
- Changed: user.max_cgroup_namespaces: 31752 -> 31751
- Changed: user.max_ipc_namespaces: 31752 -> 31751
- Changed: user.max_mnt_namespaces: 31752 -> 31751
- Changed: user.max_net_namespaces: 31752 -> 31751
- Changed: user.max_pid_namespaces: 31752 -> 31751
- Changed: user.max_time_namespaces: 31752 -> 31751
- Changed: user.max_user_namespaces: 31752 -> 31751
- Changed: user.max_uts_namespaces: 31752 -> 31751
Fixed
Updated NVIDIA GPU drivers to v535.161.08. Fixed a potential corruption when launching kernels on H100 GPUs.
Fixed
Updated NVIDIA GPU drivers to v550.54.15. Fixed a potential corruption when launching kernels on H100 GPUs, which is more likely to occur when the GPU is shared between multiple processes.
April 01, 2024
Change
cos-beta-113-18244-1-33
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.1.77 | v24.0.9 | v1.7.10 | v535.161.07(default),v550.54.14(latest),v470.239.06(R470 for compatibility with K80 GPUs) |
Feature
Added NVIDIA GPU drivers R550 branch and update latest to 550.54.14.
Change
Update app-containers/nvidia-container-toolkit to v1.14.6.
March 27, 2024
Change
cos-beta-113-18244-1-31
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.1.77 | v24.0.9 | v1.7.10 | v535.161.07(default, latest),v470.239.06(R470 for compatibility with K80 GPUs) |
Change
Upgraded app-admin/fluent-bit to v1.9.10.
Security
Fixed CVE-2024-26584 in the Linux kernel.
Security
Fixed CVE-2024-26582 in the Linux kernel.
Fixed
Fixed bug in google-guest-agent service enablement.
Change
Upgraded app-admin/localtoast to v1.1.7.
Change
Upgraded localtoast to 1.1.7 and opted out of logging-service-running benchmark by default for cis-level2.
Change
Upgraded app-admin/sosreport to v4.7.0.
Security
Fixed CVE-2023-52434 in the Linux kernel.
Change
Upgraded app-admin/node-problem-detector to v0.8.17.
Security
Fixed CVE-2023-52435 in the Linux kernel.
Feature
Added infiniband and mlx5 device drivers.
Security
Fixed CVE-2024-26583 in the Linux kernel.
Security
Fixed CVE-2024-26585 in the Linux kernel.
March 25, 2024
Change
Upgraded app-admin/google-osconfig-agent to v20240126.00.
Change
Updated GPU drivers to v535.54.03 (R535 LTSB NVIDIA branch).
Announcement
Updates to Major Packages:
Change
Runtime sysctl changes:
- Added: net.ipv4.tcp_backlog_ack_defer: 1
- Changed: fs.epoll.max_user_watches: 1809920 -> 1809474
- Changed: fs.fanotify.max_user_marks: 67577 -> 67560
- Changed: fs.file-max: 812606 -> 812400
- Changed: fs.inotify.max_user_watches: 63456 -> 63441
- Changed: kernel.threads-max: 63520 -> 63504
- Changed: net.core.optmem_max: 20480 -> 131072
- Changed: net.ipv4.tcp_mem: 94092 125456 188184 -> 94068 125424 188136
- Changed: net.ipv4.udp_mem: 188184 250912 376368 -> 188136 250848 376272
- Changed: net.ipv6.route.max_size: 4096 -> 2147483647
- Changed: user.max_cgroup_namespaces: 31760 -> 31752
- Changed: user.max_fanotify_marks: 67577 -> 67560
- Changed: user.max_inotify_watches: 63456 -> 63441
- Changed: user.max_ipc_namespaces: 31760 -> 31752
- Changed: user.max_mnt_namespaces: 31760 -> 31752
- Changed: user.max_net_namespaces: 31760 -> 31752
- Changed: user.max_pid_namespaces: 31760 -> 31752
- Changed: user.max_time_namespaces: 31760 -> 31752
- Changed: user.max_user_namespaces: 31760 -> 31752
- Changed: user.max_uts_namespaces: 31760 -> 31752
- Changed: vm.lowmem_reserve_ratio: 256 256 32 0 -> 256 256 32 0 0
- Added: net.netfilter.nf_flowtable_tcp_timeout: 30
- Added: net.netfilter.nf_flowtable_udp_timeout: 30
- Changed: fs.file-max: 812608 -> 812606
- Added: net.ipv4.tcp_shrink_window: 0
- Added: net.ipv6.conf.all.accept_ra_min_lft: 0
- Added: net.ipv6.conf.default.accept_ra_min_lft: 0
- Added: net.ipv6.conf.docker0.accept_ra_min_lft: 0
- Added: net.ipv6.conf.eth0.accept_ra_min_lft: 0
- Added: net.ipv6.conf.lo.accept_ra_min_lft: 0
- Added: kernel.io_uring_disabled: 0
- Changed: fs.file-max: 812619 -> 812608
- Changed: kernel.threads-max: 63519 -> 63520
- Changed: net.netfilter.nf_conntrack_sctp_timeout_shutdown_recd: 0 -> 3
- Changed: net.netfilter.nf_conntrack_sctp_timeout_shutdown_sent: 0 -> 3
- Changed: user.max_cgroup_namespaces: 31759 -> 31760
- Changed: user.max_ipc_namespaces: 31759 -> 31760
- Changed: user.max_mnt_namespaces: 31759 -> 31760
- Changed: user.max_net_namespaces: 31759 -> 31760
- Changed: user.max_pid_namespaces: 31759 -> 31760
- Changed: user.max_time_namespaces: 31759 -> 31760
- Changed: user.max_user_namespaces: 31759 -> 31760
- Changed: user.max_uts_namespaces: 31759 -> 31760
- Changed: fs.epoll.max_user_watches: 1809474 -> 1809452
- Changed: fs.file-max: 812400 -> 812392
- Changed: kernel.threads-max: 63504 -> 63503
- Changed: net.ipv4.tcp_mem: 94068 125424 188136 -> 94065 125423 188130
- Changed: net.ipv4.udp_mem: 188136 250848 376272 -> 188133 250847 376266
- Changed: user.max_cgroup_namespaces: 31752 -> 31751
- Changed: user.max_ipc_namespaces: 31752 -> 31751
- Changed: user.max_mnt_namespaces: 31752 -> 31751
- Changed: user.max_net_namespaces: 31752 -> 31751
- Changed: user.max_pid_namespaces: 31752 -> 31751
- Changed: user.max_time_namespaces: 31752 -> 31751
- Changed: user.max_user_namespaces: 31752 -> 31751
- Changed: user.max_uts_namespaces: 31752 -> 31751
- Changed: fs.file-max: 812620 -> 812619
- Added: fs.overflowgid: 65534
- Added: fs.overflowuid: 65534
Change
Upgraded app-emulation/cloud-init to v23.4.3.
Breaking
The default iptables implementation has been changed from iptables-legacy to iptables-nft.
Change
Update default and latest NVIDIA GPU drivers to v535.154.05.
Fixed
Upgraded app-admin/oslogin to v20231004.00.
Change
Upgraded app-admin/google-guest-configs to v20240122.00.
Change
Updated app-containers/runc to v1.1.12.
Change
Updated sys-apps/systemd to v254.9.
Feature
Updated cos-gpu-installer to v2.2.0. Some key features of this update include:
- Switched precompiled driver and signature location to COS build artifacts for M109.
- This fixes a permissions issue in the GPU driver install directory with OSS drivers.
- Added major version specification for GPU driver installation.
Change
cos-beta-113-18244-1-7
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.1.77 | v24.0.9 | v1.7.10 | v535.154.05(default, latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Change
Updated app-admin/sosreport to v4.6.1.
Change
Updated latest GPU driver to v535.104.05.
Change
Upgraded app-admin/google-guest-agent to v20240213.00.
Change
Updated app-containers/docker-cli to v24.0.5.
Change
Upgraded app-containers/docker-credential-helpers to v0.8.1.
Change
Updated docker-credential-gcr to v2.1.22.
Change
Updated app-containers/containerd to v1.7.10.
Change
Updated app-emulation/kubernetes to v1.29.1.
Announcement
New Features and Changes in the Linux Kernel:
Feature
Added additional option to existing kernel cmdline flag that moves protected stateful partition integrity tags to memory.
Change
Updated the Linux kernel to v6.1.77.
Feature
Enabled TDX Guest support in the Linux Kernel.
Fixed
Fixed a kernel crash that occurred when running Postgres databases.
Feature
Fragmented nvidia-drivers and nvidia-drivers-open pkg into separate packages per major version.
Feature
Removed legacy logging agent (fluentd).
Feature
Add compiler mitigations to mitigate memory corruption vulnerabilities.
Feature
Added support for dm-zero and dm-clone.
Feature
Updated NVIDIA GPU drivers.
Feature
Enable portmapper registration reporting for lsof. This also fixes an issue where lsof is missing from SOS reports.
Announcement
New Features and Changes in the Image:
Change
Simplified GPU driver installation by remounting driver installation path as executable from cos-extensions.
Fixed
Enabled persistence mode with Nvidia GPU driver installation.
Feature
Enhanced integrity-fs with disk resize and dm-clone.
Fixed
The get_metadata_value script will now retry if it experiences a connection error.
Feature
Include nvidia plugin into sosreport.
Feature
Added support for iSCSI targets and RAM block devices.
Feature
Sequence named before nss-lookup.target.
Feature
Added automatic generation of known modules list to image build process.
Fixed
Fixed a time-to-login slowdown introduced by cloud-init changes.
Feature
Sosreport now includes GPU Installer logs.
Fixed
Fixed an issue in ip6tables where the -C option did not work correctly.
Fixed
Fixed a container performance issue that occurred after running systemctl start cloud-audit-setup.
Feature
Backported support for TCP RTO configuration in networkd.
Fixed
Fixed an issue where IPv6 networking would fail under high CPU load.
Fixed
Fixed a performance issue that was observed in Postgres databases.
Feature
Added support for user.* xattr on tmpfs.
Feature
Removed deprecated R525 NVIDIA GPU drivers.
Fixed
Restore systemd-logind restart behavior when dbus restarts.
Feature
Changed default umask value for a user to 027.
Change
Fixed an issue where symlinks could not be moved.
Fixed
Fixed an issue with NFS reconnects on GKE.
Security
Updated net-libs/nghttp2 to v1.57.0. This resolves CVE-2023-44487 and CVE-2023-35945.
Security
Upgraded dev-db/sqlite to v3.45.1-r1. This also fixes CVE-2023-7104.
Security
Fixed CVE-2023-38039 in net-misc/curl.
Security
Updated dev-libs/libxml2 to 2.11.7. This fixes CVE-2024-25062.
Security
Fixed ncurses upgrade to 6.4p20220423. This resolves CVE-2023-29491.
Security
Fixed CVE-2023-40546, CVE-2023-40548, CVE-2023-40549, CVE-2023-40551, CVE-2023-40547, and CVE-2023-40550 in sys-boot/shim.
Security
Fixed CVE-2023-4016 in sys-process/procps.
Security
Fixed CVE-2024-0684 in sys-apps/coreutils.
Security
Upgraded sys-apps/dbus to v1.12.28. This fixes CVE-2023-34969.
Security
Upgraded net-misc/curl to version 8.6.0. This fixes CVE-2024-0853 and CVE-2023-38545.
Security
Upgraded sys-fs/mdadm to v4.2. This resolves CVE-2023-28938 and CVE-2023-28736.
Security
Updated dev-lang/go to v1.21.5. This fixes CVE-2023-45285 and CVE-2023-39326.
Security
Updated dev-go/net to v0.17.0. This resolves CVE-2023-44487 and CVE-2023-39325.
Security
Updated default GPU driver to v470.199.02 and latest GPU driver to v525.125.06. This resolves CVE-2023-25515 and CVE-2023-25516.
Security
Upgraded app-editors/vim to v9.0.2167 and app-editors/vim-core to v9.0.2167. This resolves CVE-2023-4733, CVE-2023-4734, CVE-2023-4735, CVE-2023-4736, CVE-2023-4738, CVE-2023-4750, CVE-2023-4752, CVE-2023-4781, CVE-2023-5344, CVE-2023-5441, CVE-2023-5535.
Security
Fixed CVE-2023-49083 in package dev-python/cryptography.
Security
Fixed CVE-2023-24329 and CVE-2023-40217 in dev-lang/python.
Security
Fixed CVE-2024-21626 in app-containers/runc.
Security
Updated dev-go/yaml to v3.0.1. This resolves CVE-2022-28948.
Security
Upgraded dev-go/crypto to v0.17.0. This fixes CVE-2023-48795.
Announcement
CVE/Security Fixes:
Security
Upgrade docker to v24.0.9. This fixes CVE-2024-24557.
Security
Fixed CVE-2023-5345 and CVE-2023-42756 in COS kernel.
Security
Updated dev-libs/openssl to v3.0.13. This resolves CVE-2024-0727 and CVE-2023-6129.
Security
Fixed CVE-2023-32636, CVE-2023-29499, CVE-2023-32643, CVE-2023-32665, CVE-2023-32611 in glib and glib-utils.
Security
Fixed CVE-2022-40896 in pygments.
Security
Fixed CVE-2023-6622, CVE-2023-5197, CVE-2023-42753, CVE-2023-4921, CVE-2023-4623, CVE-2023-4194, CVE-2024-23851, CVE-2024-26581 in the Linux kernel.
Security
Fixed CVE-2023-4911 in sys-libs/glibc.
Change
Upgraded sys-apps/sandbox to v2.29-r1.
Fixed
Upgraded dev-python/jsonpatch to v1.33.
Fixed
Upgraded app-misc/jq to v1.7.1.
Change
Upgraded dev-libs/expat to v2.6.0.
Fixed
Updated net-misc/openssh to v9.6_p1-r1.
Change
Upgraded dev-python/jinja to v3.1.3.
Change
Upgraded sys-apps/file to v5.45-r4.
Change
Upgraded chromeos-base/hiberman-client to v0.0.1-r455.
Change
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r601.
Fixed
Upgraded chromeos-base/mojo_service_manager to v0.0.1-r271.
Change
Upgraded chromeos-base/power_manager-client to v0.0.1-r2859.
Fixed
Upgraded dev-lang/python-exec to v2.4.10.
Fixed
Upgraded chromeos-base/chromeos-dbus-bindings to v0.0.1-r2787.
Fixed
Upgraded dev-python/configobj to v5.0.8.
Fixed
Upgraded app-eselect/eselect-iptables to v20220320.
Change
Upgraded sys-apps/less to v643-r1.
Change
Upgraded sys-apps/attr to v2.5.2-r1.
Fixed
Upgraded sys-block/thin-provisioning-tools to v0.9.0-r2.
Fixed
Upgraded dev-libs/double-conversion to v3.2.1.
Change
Upgraded chromeos-base/system_api to v0.0.1-r5643.
Fixed
Upgraded dev-python/mock to v5.1.0.
Fixed
Upgraded sys-apps/pv to v1.8.5.
Change
Upgraded sys-libs/timezone-data to v2024a.
Fixed
Upgraded net-misc/rsync to v3.2.7-r4.
Fixed
Upgraded app-arch/pigz to v2.8.
Fixed
Upgraded sys-apps/hwdata to v0.376.
Fixed
Upgraded dev-util/gn to v2121.
Change
Upgraded chromeos-base/minijail to v18-r135.
Change
Upgraded chromeos-base/shill-client to v0.0.1-r4325.
Change
Updated dev-go/go-tools to v0.11.1_p20230712.
Fixed
Upgraded dev-python/pyyaml to v6.0.1-r1.
Fixed
Upgraded app-admin/node-problem-detector to v0.8.15.
Change
Upgraded dev-libs/nss to v3.97.
Fixed
Upgraded net-fs/cifs-utils to v7.0-r1, Upgraded sys-libs/talloc to v2.4.1.
Change
Upgraded net-dns/libidn2 to v2.3.7.
Change
Upgraded app-containers/cni-plugins to v1.4.0.
Fixed
Upgraded dev-util/bsdiff to v4.3.1-r42.
Fixed
Upgraded dev-python/pyserial to v3.5-r2.
Change
Upgraded chromeos-base/vm_protos to v0.0.1-r552.
Fixed
Upgraded app-arch/tar to v1.35.
Fixed
Upgraded net-libs/libtirpc to v1.3.4-r1.
Fixed
Upgraded app-arch/unzip to v6.0_p27-r1.
Change
Upgraded app-arch/xz-utils to v5.4.6-r1.
Change
Upgraded sys-fs/xfsprogs to v6.5.0.
Change
Upgraded sys-apps/ethtool to v6.7.
Change
Updated dev-embedded/libftdi to v1.5-r5.
Fixed
Upgraded sys-apps/dmidecode to v3.5-r3.
Fixed
Upgraded app-admin/sudo to v1.9.15_p5.
Fixed
Upgraded sys-process/lsof to v4.99.3.
Change
Updated gzip to v1.13.
Change
Upgraded sys-libs/libcap to v2.69-r1.
Fixed
Upgraded sys-process/procps to v4.0.4.
Change
Upgraded sys-apps/makedumpfile to v1.7.4.
Announcement
Updates for Minor Packages:
Fixed
Upgraded sys-apps/coreutils to v9.4.
Change
Upgraded net-libs/gnutls to v3.8.3.
Change
Upgraded chromeos-base/debugd-client to v0.0.1-r2641.
Fixed
Upgraded dev-python/netifaces to v0.11.0-r2.
Fixed
Upgraded sys-libs/libcap-ng to v0.8.4-r1.
Change
Upgraded net-misc/chrony to v4.5.
Fixed
Upgraded dev-python/six to v1.16.0-r1.
Fixed
Upgraded net-misc/socat to v1.8.0.0.
Change
Upgraded chromeos-base/update_engine-client to v0.0.1-r2385.
Change
Upgraded chromeos-base/session_manager-client to v0.0.1-r2722.
Change
Upgraded chromeos-base/dlcservice-client to v0.0.1-r884.
Change
Upgraded sys-libs/zlib to v1.3.1-r1.
Change
Upgraded dev-libs/libusb to v1.0.27.
Change
Upgraded dev-util/puffin to v1.0.0-r450.
Change
Upgraded dev-python/pygobject to v3.46.0.
Change
Upgraded net-dns/c-ares to v1.26.0.
Change
Upgraded app-misc/ca-certificates to v20230311.3.97.
Change
Upgraded sys-apps/acl to v2.3.2.
Change
Upgraded sys-auth/pambase to v20240128.
Change
Upgraded chromeos-base/google-breakpad to v2024.01.16.190249-r226.
Fixed
Upgraded dev-python/nose to v1.3.7_p20221026.
Change
Upgraded sys-fs/squashfs-tools to v4.6.1.
Fixed
Upgraded sys-devel/libtool to v2.4.6-r7.