Container-Optimized OS Release Notes: Milestone 109

cos-109-17800-570-50

Upgraded dev-libs/libxml2 to version 2.13.9. This fixes CVE-2025-9714.

Updated the Linux kernel to v6.1.151.

Upgraded dev-libs/libxslt to version 1.1.43-r1.

Updated cos-gpu-installer to v2.5.7.

Updated golang.org/x/crypto in google-osconfig-agent to v0.31.0.

Runtime sysctl changes:

• Changed: fs.file-max: 812272 -> 812258

Enabled Coherent Driver Memory Management by default when installing GPU drivers on GB2000.

cos-109-17800-570-46

Fixed CVE-2025-38528 in the Linux kernel.

Fixed CVE-2025-38639 in the Linux kernel.

Fixed CVE-2025-38588 in the Linux kernel.

Fixed CVE-2025-38645 in the Linux kernel.

Fixed CVE-2025-38565 in the Linux kernel.

Fixed CVE-2025-38587 in the Linux kernel.

Fixed CVE-2025-38608 in the Linux kernel.

Fixed CVE-2025-38572 in the Linux kernel.

Fixed CVE-2025-38550 in the Linux kernel.

Runtime sysctl changes:

• Changed: fs.file-max: 812270 -> 812272

Fixed CVE-2025-38563 in the Linux kernel.

Fixed CVE-2025-38527 in the Linux kernel.

Fixed CVE-2025-38622 in the Linux kernel.

Fixed CVE-2025-38553 in the Linux kernel.

Added GDRCopy kernel module for NVIDIA drivers.

Fixed CVE-2025-38539 in the Linux kernel.

cos-109-17800-570-43

Fixed CVE-2025-38322 in the Linux kernel.

Fixed CVE-2025-38676 in the Linux kernel.

Runtime sysctl changes:

• Changed: fs.file-max: 812262 -> 812270

Fixed CVE-2024-58240 in the Linux kernel.

cos-109-17800-570-40

Runtime sysctl changes:

• Changed: fs.file-max: 812214 -> 812262

Fixed KCTF-62708b9 in the Linux kernel.

Fixed KCTF-aba0c94 in the Linux kernel.

cos-109-17800-570-37

Fixed KCTF-abad3d0 in the Linux kernel.

Runtime sysctl changes:

• Changed: fs.file-max: 812258 -> 812214

Disabled DNSSEC by default for COS TPU VMs.

cos-109-17800-570-33

Added NVIDIA GPU driver's R580 branch. Updated the LATEST GPU driver label to version 580.65.06.

Fixed CVE-2025-38499 in the linux kernel.

Fixed KCTF-01d3c84 in the Linux kernel.

Runtime sysctl changes:

• Changed: fs.file-max: 812266 -> 812258

Upgraded sys-libs/binutils-libs to version 2.45. This fixes CVE-2025-8224,CVE-2025-8225 and CVE-2025-1153.

Fixed CVE-2025-38499 in the Linux kernel.

cos-109-17800-570-26

Upgraded sys-process/lsof to v4.99.5.

Upgraded virtual/logger to v0-r2.

Upgraded dev-vcs/git to version 2.49.1. This fixes CVE-2025-48385, CVE-2025-27613, CVE-2025-27614, CVE-2025-48384, CVE-2025-46835.

Fixed CVE-2024-6174 in cloud-init.

Fixed CVE-2024-11584 in cloud-init.

Runtime sysctl changes:

• Changed: fs.file-max: 812262 -> 812266

Added support for Nvidia driver version 570.172.08. This fixes CVE-2025-23279.

Upgraded net-misc/netplan to 1.1.2. This fixes CVE-2022-4968.

Updated dev-python/requests to v2.32.4.

Patched openssl to fix CVE-2023-50782 affecting dev-python/crytography.

Added support for Nvidia driver version 535.261.03. This fixes CVE-2025-23286 and CVE-2025-23279.

Fixed CVE-2025-8058 in glibc.

Fixed KCTF-bfebdb8 in the kernel.

Fixed CVE-2024-52533 in dev-libs/glib.

Upgraded urllib3 to version 1.26.18. This fixes CVE-2021-33503, CVE-2023-43804, and CVE-2023-45803.

cos-109-17800-570-23

Fixed CVE-2024-6174 in cloud-init.

Updated dev-python/requests to v2.32.4.

Fixed CVE-2024-11584 in cloud-init.

Upgraded sys-process/lsof to v4.99.5.

Upgraded net-misc/netplan to 1.1.2. This fixes CVE-2022-4968.

Added support for Nvidia driver version 570.172.08. This fixes CVE-2025-23279.

Upgraded dev-vcs/git to version 2.49.1. This fixes CVE-2025-48385, CVE-2025-27613, CVE-2025-27614, CVE-2025-48384, CVE-2025-46835.

Patched openssl to fix CVE-2023-50782 affecting dev-python/cryptography.

Added support for Nvidia driver version 535.261.03. This fixes CVE-2025-23286 and CVE-2025-23279.

Runtime sysctl changes:

• Changed: fs.file-max: 812262 -> 812283

cos-109-17800-570-8

Runtime sysctl changes:

• Changed: fs.file-max: 812234 -> 812262

Fixed KCTF-5e28d5a in the Linux kernel.

Upgraded sqlite to v3.50.2. This resolves CVE-2025-6965.

cos-109-17800-570-5

This is an LTS Refresh release.

Upgraded sys-libs/libcap to v2.76.

Runtime sysctl changes:

• Changed: fs.file-max: 812258 -> 812234

Updated the NVIDIA GPU driver policy for New Feature Branch (NFB) drivers. The LATEST tag has been updated to point to the stable 570.133.20 Production Branch. The 575.57.08 NFB driver remains available for development and testing but must now be selected by its specific version number.

Upgraded net-fs/cifs-utils to v7.4.

Fixed KCTF-103406b in the Linux kernel

Updated app-misc/jq to v1.8.1.

Upgraded sys-libs/talloc to v2.4.3.

Fixed an issue where some workloads could cause a full system hang when running close to their memory limit.

Upgraded app-admin/google-guest-configs to v20250516.00.

Upgraded app-arch/unzip to v6.0_p29.

Upgraded app-arch/gzip to v1.14.

Upgraded dev-db/sqlite to v3.50.1.

Upgraded app-containers/docker-credential-helpers to v0.9.3.

cos-109-17800-519-47

Upgraded vim, vim-core to version 9.1.1500. This fixes CVE-2025-26603, CVE-2025-27423, CVE-2025-29768, CVE-2025-1215, CVE-2025-24014, CVE-2025-22134.

Updated app-editors/nano to v8.5. This resolves CVE-2024-5742.

Runtime sysctl changes:

• Changed: fs.file-max: 812201 -> 812258

Upgraded sys-apps/less to v679.

Upgraded nvidia-container-toolkit to v1.17.8. This fixes CVE-2025-23266.

cos-109-17800-519-41

Upgraded app-admin/sudo to v1.9.17_p1. This resolves CVE-2025-32462 and CVE-2025-32463.

cos-109-17800-519-40

Upgraded dev-libs/libusb to v1.0.29.

Upgraded elfutils to version 0.193. This fixes CVE-2025-1365, CVE-2025-1371, CVE-2025-1372, and CVE-2025-1377.

Upgrade libarchive to version 3.8.1. This fixes CVE-2025-5914.

Runtime sysctl changes:

• Changed: fs.file-max: 812288 -> 812258

cos-109-17800-519-36

Updated the Linux kernel to v6.1.141. This includes mitigations for CVE-2024-28956, which may negatively impact the performance of Intel machine types.

Fixed KCTF-d35acc1 in the Linux kernel.

Runtime sysctl changes:

• Changed: fs.file-max: 812276 -> 812288

cos-109-17800-519-32

Upgraded app-misc/jq to v1.8.0. This fixes CVE-2025-48060.

Runtime sysctl changes:

• Changed: fs.file-max: 812266 -> 812276

cos-109-17800-519-30

Fixed CVE-2024-41110 in Docker.

Fixed CVE-2025-47273 in dev-python/setuptools.

Fixed CVE-2024-36903 in the Linux kernel.

Updated systemd to v253.33. This resolves CVE-2025-4598.

Added support for Nvidia driver version 575.57.08.

Runtime sysctl changes:

• Changed: fs.file-max: 812283 -> 812266

Fixed CVE-2024-43840 in the Linux kernel.

Fixed KCTF-ac9fe7d in the kernel.

Fixed CVE-2024-36927 in the Linux kernel.

Updated cos-gpu-installer to v2.5.3.

cos-109-17800-519-18

Fixed KCTF-8478a72 in the Linux kernel.

Updated cos-gpu-installer to v2.5.2: Added support for OTHER/NO_GPU cases to enable GPU driver preloading on the ARM64 architecture and added support for IMEX Driver configuration installation for NVIDIA_GB200 machine.

Fixed CVE-2024-26783 in the Linux kernel.

Upgraded sys-apps/less to v678.

Fixed KCTF-3f98113 in the Linux kernel.

cos-109-17800-519-12

Support NVIDIA MFT Tools on COS.

Fixed CVE-2025-46836 in sys-apps/net-tools.

Runtime sysctl changes:

• Changed: fs.file-max: 812270 -> 812274

Fixed CVE-20250-3198 in sys-libs/bintuils-libs.

cos-109-17800-519-7

Fixed CVE-2024-26739 in the Linux kernel.

Runtime sysctl changes:

• Changed: fs.file-max: 812287 -> 812270

Fixed KCTF-3df275e in the Linux kernel.

Updated apparmor to 3.1.6. This fixes CVE-2016-1585.

Upgraded containerd to 1.7.27. Fixes CVE-2024-40635.

Updated NVIDIA GPU drivers to v535.247.01 for default/ R535, v550.163.01 for R550 and v570.133.20 for latest/R570. This resolves CVE-2025-23244.

Fixed issue where modinfo could not display module signatures.

cos-109-17800-519-1

This is an LTS Refresh release.

Upgraded net-libs/libtirpc to v1.3.6.

Upgraded net-nds/rpcbind to v1.2.7.

Upgraded dev-python/configobj to v5.0.9.

Upgraded app-admin/sudo to v1.9.16_p2-r1.

Upgraded app-arch/gzip to v1.13-r1.

Upgraded dev-db/sqlite to v3.49.1.

Upgraded net-fs/cifs-utils to v7.3, Upgraded sys-libs/talloc to v2.4.2.

Upgraded net-libs/libnetfilter_conntrack to v1.1.0.

Upgraded sys-libs/libcap to v2.71.

Upgraded sys-apps/grep to v3.12.

Upgraded dev-libs/expat to v2.6.4.

Updated dev-vcs/git to version 2.49.0. This fixed CVE-2024-52006, CVE-2024-50349

Fixed CVE-2025-32728 in net-misc/openssh.

Fixed CVE-2025-32414, CVE-2025-32415 in dev-libs/libxml2.

Upgraded app-containers/docker-credential-helpers to v0.9.2.

Upgraded dev-lang/go to v1.21.13.

Fixed CVE-2025-22035 in the Linux kernel.

Upgraded sys-auth/pambase to v20250228.

Runtime sysctl changes:

• Changed: fs.file-max: 812262 -> 812287

Upgraded dev-libs/nss to v3.107.

Updated dev-go/protobuf to v1.33.0. This fixes CVE-2024-24786.

Updated dev-go/net to v0.39.0. This fixes CVE-2025-22870.

Upgraded app-admin/google-guest-configs to v20250124.00.

Upgraded app-admin/google-guest-configs to v20250221.00.

Upgraded net-firewall/iptables to v1.8.11-r1.

Upgraded sys-apps/acl to v2.3.2-r2.

Fixed CVE-2025-1178,CVE-2025-1182 and CVE-2025-1181 in sys-libs/binutils-libs.

Upgraded net-dns/libidn2 to v2.3.8.

Upgraded sys-apps/makedumpfile to v1.7.7.

cos-109-17800-436-106

Reverted a change in the linux kernel which caused nfs directories to unexpectedly be mounted as ro instead of rw.

Fixed CVE-2025-21962 in the Linux kernel.

Fixed CVE-2025-21980 in the Linux kernel.

Fixed CVE-2025-22005 in the Linux kernel.

Fixed CVE-2025-21922 in the Linux kernel.

Fixed CVE-2025-21919 in the Linux kernel.

Runtime sysctl changes:

• Changed: fs.file-max: 812288 -> 812262

Fixed CVE-2025-21963 in the Linux kernel.

Fixed CVE-2024-48615 in app-arch/libarchive.

Fixed CVE-2025-21964 in the Linux kernel.

Fixed CVE-2025-21999 in the Linux kernel.

Fixed CVE-2025-21920 in the Linux kernel.

Fixed CVE-2025-21997 in the Linux kernel.

Fixed CVE-2025-21959 in the Linux kernel.

Fixed CVE-2025-21898 in the Linux kernel.

cos-109-17800-436-99

Fixed CVE-2024-35866 in the Linux kernel.

Runtime sysctl changes:

• Changed: fs.file-max: 812258 -> 812288

Fixed CVE-2025-22868 in dev-go/oauth2.

Fixed CVE-2025-21887 in the Linux kernel.

Upgraded sys-apps/diffutils to v3.11-r2.

Modified toolbox to use unified cgroup hierarchy mode, when possible, instead of hybrid mode.

Updated dev-libs/expat to v2.7.0. This fixes CVE-2024-8176.

Fixed KCTF-0c3057a in the Linux kernel.

Upgraded net-firewall/iptables to v1.8.11-r1.

Upgraded dev-libs/libusb to v1.0.28.

Fixed CVE-2025-21867 in the Linux kernel.

Fixed CVE-2024-58083 in the Linux kernel.

cos-109-17800-436-91

Fixed CVE-2025-21762 in the Linux kernel.

Fixed CVE-2025-21764 in the Linux kernel.

Fixed CVE-2024-56549 in the Linux kernel.

Fixed KCTF-fcdd224 in the Linux kernel.

Fixed CVE-2025-21727 in the Linux kernel.

Fixed CVE-2024-58005 in the Linux kernel.

Fixed CVE-2023-52927 in the Linux kernel.

Fixed CVE-2025-21796 in the Linux kernel.

Fixed CVE-2025-21760 in the Linux kernel.

Fixed CVE-2024-57979 in the Linux kernel.

Runtime sysctl changes:

• Changed: fs.file-max: 812224 -> 812258

Fixed CVE-2025-21726 in the Linux kernel.

Fixed CVE-2025-21763 in the Linux kernel.

Updated dev-go/net to v0.33.0. This fixed CVE-2023-45288.

Fixed CVE-2025-21812 in the Linux kernel.

Fixed CVE-2024-57977 in the Linux kernel.

cos-109-17800-436-79

Fixed CVE-2025-21779 in the Linux kernel.

Fixed CVE-2023-45288 in app-containers/docker.

Added support for NVIDIA 570.124.06 GPU driver. Updated the R570, LATEST GPU driver label to version 570.124.06 for all GPU devices. Updated the DEFAULT GPU driver label to version 570.124.06 for NVIDIA_B200 and NVIDIA_H200 GPU devices.

Fixed KCTF-647cef2 in the Linux kernel.

Upgraded sys-apps/which to v2.23.

Fixed CVE-2024-57996 in the Linux kernel.

Fixed CVE-2024-53166 in the Linux kernel.

Runtime sysctl changes:

• Changed: fs.file-max: 812258 -> 812224

Fixed CVE-2025-21785 in the Linux kernel.

Fixed CVE-2025-21716 in the Linux kernel.

Fixed a race condition that could cause a kernel panic.

Fixed CVE-2025-21858 in the Linux kernel.

Fixed CVE-2025-21844 in the Linux kernel.

Fixed CVE-2025-21846 in the Linux kernel.

Fixed CVE-2024-26982 in the Linux kernel.

Fixed CVE-2025-21864 in the Linux kernel.

Fixed CVE-2025-21791 in the Linux kernel.

cos-109-17800-436-64

Fixed CVE-2024-58017 in the Linux kernel.

Fixed CVE-2025-21814 in the Linux kernel.

Fixed CVE-2025-21745 in the Linux kernel.

Runtime sysctl changes:

• Changed: fs.file-max: 812157 -> 812258

cos-109-17800-436-60

Fixed CVE-2024-53589 in sys-libs/libutils-libs.

Fixed CVE-2025-26465 and CVE-2025-26466 in net-misc/openssh.

Updated google.golang.org/grpc to v1.56.3 and upgrade golang.org/x/net to v0.23.0 in docker and cri-tools. This fixes CVE-2023-44487 and CVE-2023-45288.

Upgraded dev-go/crypto to v0.35.0. This fixes CVE-2025-22869.

Updated gzip to v1.13.

Fixed console TTY leak in runc shim in containerd.

Runtime sysctl changes:

• Changed: fs.file-max: 812266 -> 812157

Fixed KCTF-638ba50 in the Linux kernel.

Upgraded dev-libs/libxml2 to v1.12.10. This fixes CVE-2024-56171, CVE-2025-27113 and CVE-2025-24928.

Upgraded net-misc/wget to v1.25.0. This fixes CVE-2024-10524.

cos-109-17800-436-48

Upgraded moby/buildkit to v0.12.5. This fixes CVE-2024-23653 in app-containers/docker v24.0.9.

Updated cos-gpu-installer to v2.4.8: Add the -skip-nvidia-smi flag to disable the execution of nvidia-smi verification during gpu driver installation.

Upgraded sys-apps/diffutils to v3.11-r1.

Fixed CVE-2025-21690 in the Linux kernel.

cos-109-17800-436-42

Fixed CVE-2025-0395 in sys-libs/glibc.

Fixed CVE-2024-13176 in dev-libs/openssl.

Fixed CVE-2024-57951 in the Linux kernel.

Fixed CVE-2024-56664 in the Linux kernel.

Runtime sysctl changes:

• Changed: fs.file-max: 812276 -> 812258

Updated app-admin/google-guest-configs to v20250207.00.

Fixed CVE-2024-9287 in dev-lang/python.

Fixed CVE-2024-57949 in the Linux kernel.

cos-109-17800-436-37

Fixed CVE-2024-9287 in dev-lang/python.

Runtime sysctl changes:

• Changed: fs.file-max: 812276 -> 812258

Fixed CVE-2025-0395 in sys-libs/glibc.

cos-109-17800-436-33

Added support for TPU v6 devices.

Runtime sysctl changes:

• Changed: fs.file-max: 812272 -> 812276

cos-109-17800-436-32

Fixed CVE-2025-21631 in the Linux kernel.

Fixed CVE-2025-21666 in the Linux kernel.

Fixed CVE-2024-49994 in the Linux kernel.

Fixed CVE-2025-21667 in the Linux kernel.

Fixed CVE-2024-50304 in the Linux kernel.

Support for NVIDIA B200 GPU – Added support for the R570 driver series, including version 570.86.15. This version has been assigned the latest, default, and R570 tags.

Updated Konlet to v0.13.4.

Fixed CVE-2025-0840 in binutils.

Fixed CVE-2024-50014 in the Linux kernel.

Updated cos-gpu-installer to v2.4.7: Added Support for NVIDIA B200 GPU.

Fixed CVE-2025-21671 in the Linux kernel.

Fixed CVE-2025-21665 in the Linux kernel.

Fixed CVE-2024-50047 in the Linux kernel.

Upgraded sys-apps/diffutils to v3.11.

Fixed CVE-2025-21669 in the Linux kernel.

Fixed CVE-2024-40945 in the Linux kernel.

Updated the default tag of the GPU driver supporting the NVIDIA H200 GPU device to 570.86.15.

Fixed CVE-2025-21683 in the Linux kernel.

cos-109-17800-436-19

Added NVIDIA GPU driver's R570 branch. Updated the LATEST GPU driver label to version 570.86.15.

Fixed CVE-2024-40896 in libxml2.

Fixed CVE-2024-53170 in the Linux kernel.

Runtime sysctl changes:

• Changed: fs.file-max: 812276 -> 812300

Fixed KCTF-bc50835 in the Linux kernel.

Fixed CVE-2024-53124 in the Linux kernel.

cos-109-17800-436-14

Fixed CVE-2024-53128 in the Linux kernel.

Fixed CVE-2024-45306 and CVE-2024-47814 in vim.

Fixed CVE-2024-45306 and CVE-2024-47814 in vim-core.

Update NVIDIA GPU drivers to v535.230.02 for default/R535 and v550.144.03 for R550 for all GPUs. This resolves CVE-2024-53869, CVE-2024-0150, CVE-2024-0149, CVE-2024-0147 and CVE-2024-0131.

Upgraded sys-apps/file to v5.46-r2.

Fixed CVE-2024-49926 in the Linux kernel.

Upgraded dev-go/crypto to v0.31.0. This fixes CVE-2024-45337.

Fixed KCTF-8ea6073 and CVE-2024-50164 in the Linux kernel.

Added NVIDIA GPU drivers R565 branch - Update R565, latest driver to v565.57.01.

Runtime sysctl changes:

• Changed: fs.file-max: 812258 -> 812276

cos-109-17800-436-4

Fixed CVE-2024-56783 in the Linux kernel.

Fixed CVE-2024-56755 in the Linux kernel.

Fixed CVE-2024-56720 in the Linux kernel.

Upgraded rsync to version 3.3.0-r2. This fixes CVE-2024-12084, CVE-2024-12085, CVE-2024-12086, CVE-2024-12087, CVE-2024-12088, and CVE-2024-12747.

This is an LTS Refresh release.

Fixed CVE-2024-56672 in the Linux kernel.

Fixed CVE-2024-56756 in the Linux kernel.

Runtime sysctl changes:

• Changed: fs.file-max: 812257 -> 812258

Added NVIDIA GPU drivers R560 branch. Updates both the LATEST and R560 GPU driver label to v560.35.03.

Fixed CVE-2024-56675 in the Linux kernel.

Fixed CVE-2024-50146 in the Linux kernel.

Fixed CVE-2024-56658 in the Linux kernel.

Fixed KCTF-35f56c5 in the Linux kernel.

cos-109-17800-372-99

Upgraded sys-apps/file to v5.46-r1.

Fixed CVE-2024-56763 in the Linux kernel.

Fixed CVE-2024-53093 in the Linux kernel.

Fixed CVE-2024-56694 in the Linux kernel.

Fixed CVE-2024-56739 in the Linux kernel.

Upgraded nvidia-container-toolkit to v1.17.3.

Fixed CVE-2024-53151 in the Linux kernel.

Fixed CVE-2024-56745 in the Linux kernel.

Fixed CVE-2024-56614 in the Linux kernel.

Fixed CVE-2024-56688 in the Linux kernel.

Fixed CVE-2024-56606 in the Linux kernel.

Fixed CVE-2024-53146 in the Linux kernel.

Fixed CVE-2024-56780 in the Linux kernel.

Fixed CVE-2024-53096 in the Linux kernel.

Fixed CVE-2024-53052 in the Linux kernel.

cos-109-17800-372-87

Runtime sysctl changes:

• Changed: fs.file-max: 812261 -> 812257

Fixed CVE-2024-53099 in the Linux kernel.

Fixed KCTF-5eb7de8 in the Linux kernel.

Fixed KCTF-f8d4bc4 in the Linux kernel.

cos-109-17800-372-84

Fixed CVE-2024-53121 in the Linux kernel.

Fixed CVE-2024-53135 in the Linux kernel.

Upgraded nvidia-container-toolkit to v1.17.0. This fixes CVE-2024-0134.

Fixed CVE-2024-50194 in the linux kernel.

Fixed CVE-2024-49996 in the Linux kernel.

Disabled CONFIG_DEBUG_PREEMPT in the Linux kernel. This should improve performance for some workloads.

Fixed CVE-2024-53113 in the Linux kernel.

Fixed CVE-2024-50191 in the Linux kernel.

Fixed CVE-2024-49861 in the Linux kernel.

Fixed CVE-2024-50055 in the Linux kernel.

Upgraded sys-apps/file to v5.46.

Runtime sysctl changes:

• Changed: fs.file-max: 812271 -> 812261

Fixed CVE-2024-53119 in the Linux kernel.

Fixed CVE-2024-47745 in the Linux kernel.

Fixed CVE-2024-50256 in the Linux kernel.

Fixed CVE-2024-53136 in the Linux kernel.

Fixed CVE-2024-53140 in the Linux kernel.

Fixed CVE-2024-50186 in the Linux kernel.

cos-109-17800-372-71

Updated app-admin/google-guest-configs to v20241205.00.

cos-109-17800-372-69

Support NVIDIA_H200 GPU - Added support for the R560 series, including driver versions 560.35.03. Added support for the R550 series, including driver versions 550.127.05 and 550.90.12. Assigned the latest, default, and R560 tags to driver version 560.35.03. Assigned the R550 tag to driver version 550.127.05.

Fixed CVE-2024-50278 in the Linux kernel.

Upgraded cos-gpu-installer to v2.4.6: Support NVIDIA_H200 GPU in cos-gpu-installer

Runtime sysctl changes:

• Changed: fs.file-max: 812253 -> 812265

cos-109-17800-372-64

Upgraded containerd from 1.7.23 to 1.7.24.

Fixed CVE-2024-50251 in the Linux kernel.

Fixed CVE-2024-50162 in the Linux kernel.

Fixed CVE-2024-49948 in the Linux kernel.

Fixed CVE-2024-50060 in the Linux kernel.

Fixed CVE-2024-50154 in the Linux kernel.

Fixed CVE-2024-50192 in the Linux kernel.

Fixed CVE-2024-50046 in the Linux kernel.

Fixed CVE-2024-50262 in the Linux kernel.

Fixed CVE-2024-50163 in the Linux kernel.

Fixed CVE-2024-50147 in the Linux kernel.

Upgraded cos-gpu-installer to v2.4.4. This fixes an issue where GPU drivers that only have two numeric version components could not be loaded.

Fixed CVE-2024-49946 in the Linux kernel.

Upgraded sys-apps/less to v668.

Fixed CVE-2024-49878 in the Linux kernel.

Upgraded sys-process/lsof to v4.99.4.

Fixed CVE-2024-50072 in the Linux kernel.

Fixed CVE-2024-49949 in the Linux kernel.

Fixed CVE-2024-50095 in the Linux kernel.

Fixed CVE-2024-50279 in the Linux kernel.

Fixed CVE-2024-49927 in the Linux kernel.

Fixed CVE-2024-53054 in the Linux kernel.

Upgraded sys-apps/makedumpfile to v1.7.6.

Fixed CVE-2024-50228 in the Linux kernel.

Fixed KCTF-6ca5753 in the Linux kernel.

Fixed CVE-2024-50142 in the Linux kernel.

Fixed CVE-2024-50099 in the Linux kernel.

Fixed CVE-2024-50036 in the Linux kernel.

Upgraded app-shells/dash to v0.5.12-r1.

Updated app-admin/google-guest-configs to 20241121.00. This enables intent based NIC naming scheme.

Runtime sysctl changes:

• Changed: fs.file-max: 812261 -> 812253

Fixed CVE-2024-50271 in the Linux kernel.

Fixed CVE-2024-50101 in the Linux kernel.

Updated net-misc/curl to v8.11.0. This fixes CVE-2024-9681. Added duphandle-init-netrc.patch, netrc-large-file.patch, setopt-http_content_decoding.patch to fix regression issues in curl v8.11.0.

Fixed CVE-2024-50257 in the Linux kernel.

Fixed CVE-2024-53042 in the Linux kernel.

Fixed CVE-2024-50153 in the Linux kernel.

Fixed CVE-2024-49952 in the Linux kernel.

Fixed CVE-2024-50272 in the Linux kernel.

Fixed CVE-2024-53082 in the Linux kernel.

Fixed CVE-2024-50143 in the Linux kernel.

Fixed CVE-2024-50151 in the Linux kernel.

Fixed CVE-2024-53066 in the Linux kernel.

Fixed CVE-2024-50195 in the Linux kernel.

Fixed CVE-2024-50141 in the Linux kernel.

cos-109-17800-372-45

Fixed CVE-2024-45310 in app-containers/runc.

Fixed CVE-2024-50115 in the Linux kernel.

Fixed CVE-2024-49959 in the Linux kernel.

Fixed CVE-2024-50010 in the Linux kernel.

Fixed CVE-2024-49954 in the Linux kernel.

Fixed CVE-2024-50138 in the Linux kernel.

Fixed CVE-2024-50110 in the Linux kernel.

Fixed CVE-2024-50131 in the Linux kernel.

cos-109-17800-372-38

Runtime sysctl changes:

• Changed: fs.file-max: 812248 -> 812209

Fixed CVE-2024-50083 in the Linux kernel.

Fixed KCTF-2e95c43 in the Linux kernel.

Fixed CVE-2024-50602 in dev-libs/expat.

Fixed CVE-2024-50038 in the Linux kernel.

Fixed CVE-2024-50024 in the Linux kernel.

Fixed CVE-2024-50082 in the Linux kernel.

cos-109-17800-372-31

Fixed CVE-2024-47706 in the Linux kernel.

Fixed CVE-2024-47737 in the Linux kernel.

Fixed CVE-2024-50006 in the Linux kernel.

Fixed CVE-2024-47693 in the Linux kernel.

Fixed CVE-2024-49850 in the Linux kernel.

Fixed CVE-2024-49883 in the Linux kernel.

Fixed CVE-2024-47678 in the Linux kernel.

Runtime sysctl changes:

• Changed: fs.file-max: 812253 -> 812248

Fixed CVE-2024-49851 in the Linux kernel.

Fixed CVE-2024-49870 in the Linux kernel.

Fixed CVE-2024-49860 in the Linux kernel.

Fixed CVE-2024-49983 in the Linux kernel.

Fixed CVE-2024-49975 in the Linux kernel.

Added NVIDIA GPU drivers R560 branch - Update R560, latest driver to v560.35.03.

Fixed CVE-2024-47742 in the Linux kernel.

Fixed CVE-2024-49884 in the Linux kernel.

Fixed CVE-2024-50002 in the Linux kernel.

Fixed CVE-2024-50045 in the Linux kernel.

Fixed CVE-2024-47696 in the Linux kernel.

Fixed CVE-2024-47692 in the Linux kernel.

Fixed CVE-2024-49875 in the Linux kernel.

Fixed CVE-2024-50039 in the Linux kernel.

Fixed CVE-2024-49858 in the Linux kernel.

Fixed CVE-2024-49967 in the Linux kernel.

Fixed CVE-2024-47682 in the Linux kernel.

Fixed CVE-2024-50035 in the Linux kernel.

Fixed CVE-2024-49978 in the Linux kernel.

Fixed CVE-2024-50001 in the Linux kernel.

Fixed CVE-2024-47727 in the Linux kernel.

Fixed CVE-2024-50019 in the Linux kernel.

Fixed CVE-2024-47701 in the Linux kernel.

Fixed CVE-2024-47734 in the Linux kernel.

Fixed CVE-2024-49889 in the Linux kernel.

Fixed CVE-2024-47684 in the Linux kernel.

Fixed CVE-2024-49881 in the Linux kernel.

Fixed CVE-2024-47707 in the Linux kernel.

Fixed CVE-2024-49993 in the Linux kernel.

Fixed CVE-2024-47739 in the Linux kernel.

Fixed CVE-2024-47728 in the Linux kernel.

Fixed CVE-2024-47705 in the Linux kernel.

Fixed CVE-2024-50033 in the Linux kernel.

Fixed CVE-2024-47710 in the Linux kernel.

Fixed CVE-2024-47743 in the Linux kernel.

Fixed CVE-2024-49936 in the Linux kernel.

Fixed CVE-2024-50000 in the Linux kernel.

Fixed CVE-2024-50015 in the Linux kernel.

Updated NVIDIA GPU drivers to v535.216.01 for default/R535 and v550.127.05 for R550 for all GPUs. This resolves CVE-2024-0126.

Fixed CVE-2024-47679 in the Linux kernel.

cos-109-17800-372-12

Runtime sysctl changes:

• Changed: fs.file-max: 812259 -> 812253

Fixed CVE-2024-38632 in the Linux kernel.

Fixed CVE-2024-47685 in the Linux kernel.

cos-109-17800-372-7

Upgraded dev-db/sqlite to v3.46.0.

Upgraded app-arch/unzip to v6.0_p27-r1.

Upgraded dev-libs/nss to v3.103.

Upgraded dev-python/configobj to v5.0.8.

Upgraded dev-python/six to v1.16.0-r1.

Upgraded sys-libs/gdbm to v1.24.

Upgraded app-admin/google-guest-configs to v20240725.00.

Upgraded net-libs/libtirpc to v1.3.4-r3.

Upgraded app-arch/pigz to v2.8.

Upgraded dev-python/pyserial to v3.5-r2.

Runtime sysctl changes:

• Changed: fs.file-max: 812253 -> 812259

Upgraded sys-apps/acl to v2.3.2-r1.

Upgraded app-arch/libarchive to version 3.7.6. This fixed CVE-2024-48957, CVE-2024-48958.

Upgraded sys-libs/libcap-ng to v0.8.5.

Upgraded sys-fs/xfsprogs to v6.8.0.

Upgraded dev-python/jsonpatch to v1.33.

Upgraded dev-python/netifaces to v0.11.0-r2.

Upgraded dev-lang/python-exec to v2.4.10.

Upgraded app-containers/containerd to 1.7.23.

This is an LTS Refresh release.

Upgraded sys-libs/libcap to v2.70.

Updated R550, latest driver to v550.90.12.

Upgraded net-fs/cifs-utils to v7.0-r1, Upgraded sys-libs/talloc to v2.4.2.

Upgraded app-containers/docker-credential-gcr to v2.1.23.

Upgraded sys-libs/zlib to v1.3.1-r1.

Upgraded dev-python/jinja to v3.1.4.

Upgraded app-containers/cni-plugins to v1.5.1.

Upgraded app-containers/containerd, app-containers/containerd-test to v1.7.20.

Upgraded app-arch/lz4 to v1.10.0-r1.

Upgraded app-containers/docker-credential-helpers to v0.8.2.

cos-109-17800-309-93

Runtime sysctl changes:

• Changed: fs.file-max: 812261 -> 812253

Fixed CVE-2024-44958 in the Linux kernel.

Fixed CVE-2024-43892 in the Linux kernel.

cos-109-17800-309-88

Fixed CVE-2024-45003 in the Linux kernel.

Runtime sysctl changes:

• Changed: fs.file-max: 812257 -> 812261

Fixed CVE-2024-46829 in the Linux kernel.

Fixed CVE-2024-44970 in the Linux kernel.

Fixed CVE-2024-46848 in the Linux kernel.

Fixed CVE-2024-46855 in the Linux kernel.

Fixed CVE-2024-44965 in the Linux kernel.

Fixed CVE-2024-43853 in the Linux kernel.

cos-109-17800-309-84

Update R535, default driver to v535.183.06.

Fixed CVE-2024-46750 in the Linux kernel.

Updated the GPU installer to v2.4.1.

Fixed CVE-2024-46744 in the Linux kernel.

Upgraded nvidia-container-toolkit to v1.16.2. Fixed CVE-2024-0132 and CVE-2024-0133.

cos-109-17800-309-77

Fixed CVE-2024-46721 in the Linux kernel

Fixed CVE-2024-46738 in the Linux kernel

Fixed CVE-2024-46763 in the Linux kernel.

Upgraded app-admin/google-guest-configs to v20240725.00.

Fixed CVE-2024-46800 in the Linux kernel

Updated cos-gpu-installer to v2.4.0. It identifies GPU drivers before installation.

Fixed CVE-2024-46743 in the Linux kernel

Fixed CVE-2024-46679 in the Linux kernel.

Fixed A3 Edge VM names in google guest agent configs.

cos-109-17800-309-69

Updated net-misc/curl to 8.10.0.

Fixed CVE-2024-46686 in the Linux kernel

Fixed CVE-2024-41012 in the Linux kernel

Fixed CVE-2024-45021 in the Linux kernel

Runtime sysctl changes:

• Changed: fs.file-max: 812257 -> 812253

Fixed CVE-2024-45022 in the Linux kernel

Fixed CVE-2024-44947 in the Linux kernel

Fixed CVE-2024-44940 in the Linux kernel

Fixed CVE-2024-45025 in the Linux kernel

Fixed CVE-2024-43817 in the Linux kernel

Fixed CVE-2024-45018 in the Linux kernel

cos-109-17800-309-59

Fixed CVE-2024-44985 in the Linux kernel

Runtime sysctl changes:

• Changed: fs.file-max: 812274 -> 812257

Fixed CVE-2023-27043 in dev-lang/python.

Fixed CVE-2024-6119 in net-libs/openssl.

Fixed CVE-2024-42302 in the Linux kernel

Fixed CVE-2024-45000 in the Linux kernel

Fixed CVE-2024-7592 in dev-lang/python.

Fixed CVE-2024-43873 in the Linux kernel

Updated dev-libs/expat to v2.6.3. This fixed CVE-2024-45492, CVE-2024-45490, CVE-2024-45491.

Fixed CVE-2024-6232 in dev-lang/python.

Fixed CVE-2024-43914 in the Linux kernel

Fixed CVE-2024-43882 in the Linux kernel

Fixed CVE-2024-43871 in the Linux kernel

Fixed CVE-2024-42307 in the Linux kernel

Updated dev-lang/python to 3.8.19_p1. This fixes

Fixed CVE-2024-43893 in the Linux kernel

Fixed CVE-2024-44989 in the Linux kernel

Fixed CVE-2024-44944 in the Linux kernel

Updated app-containers/containerd to v1.7.22.

Fixed CVE-2024-44990 in the Linux kernel

Fixed CVE-2024-44986 in the Linux kernel

Fixed CVE-2024-44983 in the Linux kernel

cos-109-17800-309-46

Fixes CVE-2024-43837 in the Linux kernel.

Fixes CVE-2024-43855 in the Linux kernel.

Fixes CVE-2024-41073 in the Linux kernel.

Fixes CVE-2024-41057 in the linux kernel.

Fixes CVE-2024-42302 in the Linux kernel.

Fixes CVE-2024-44987 in the Linux kernel.

Fixes CVE-2024-43828 in the Linux kernel.

Fixes CVE-2024-41076 in the Linux kernel.

Upgraded app-containers/containerd to v1.7.20, Upgraded app-containers/containerd-test to v1.7.20.

Fixes CVE-2023-7256 in net-libs/libpcap.

Fixes CVE-2024-44934 in the Linux kernel.

Fixes CVE-2024-42316 in the Linux kernel

Fixes CVE-2024-43889 in the Linux kernel.

Fixes CVE-2024-43856 in the Linux kernel.

Runtime sysctl changes:

• Changed: fs.file-max: 812248 -> 812274

Updated app-containers/containerd to 1.7.21.

cos-109-17800-309-33

Fixed CVE-2023-52889 in the Linux kernel.

Fixed CVE-2024-37370, CVE-2024-37371 in app-crypt/mit-krb5.

Fixed CVE-2024-42283 in the Linux kernel.

Fixed CVE-2024-42269 in the Linux kernel.

Fixed CVE-2024-42268 in the Linux kernel.

Fixed CVE-2024-42285 in the Linux kernel.

Fixed CVE-2024-43854 in the Linux kernel.

Fixed CVE-2024-41058 in the Linux kernel.

Fixed CVE-2024-41098 in the Linux kernel.

Fixed CVE-2024-42270 in the Linux kernel.

Updated app-editors/vim, app-editors/vim-core to version 9.1.0686. This fixed CVE-2023-46246, CVE-2024-41957, CVE-2024-41965.

Fixed KCTF-c07ff85 in the Linux kernel.

Runtime sysctl changes:

• Changed: fs.file-max: 812259 -> 812248

cos-109-17800-309-24

Updated google-osconfig-agent to v20240822.00.

cos-109-17800-309-20

Fixed CVE-2024-6602 in dev-libs/nss.

Downgraded setuptools to v65.6.3. Cherry-picked upstream fix for CVE-2024-6345.

Runtime sysctl changes:

• Added: vm.unprivileged_userfaultfd: 0
• Changed: fs.file-max: 812257 -> 812229
• Changed: net.ipv4.tcp_rto_min_us: 200000 -> 5000

cos-109-17800-309-13

Runtime sysctl changes:

• Changed: fs.file-max: 812261 -> 812257

Updated net-misc/curl to version 8.9.1. This fixed CVE-2024-7264.

Updated dev-libs/openssl to version 3.0.14 and added patch for CVE-2024-5535. This fixed CVE-2024-2511, CVE-2024-4603, CVE-2024-4741, CVE-2024-5535.

Downgraded sys-apps/ethtool to v6.3.

Fixed CVE-2024-39472 in the Linux kernel.

Upgraded sys-apps/less to v661.

cos-109-17800-309-7

This is an LTS Refresh release.

Enabled the feature to utilize the gpu_driver_versions proto file for controlling the specific GPU driver version to be installed for each GPU type.

Upgraded app-containers/docker, app-containers/docker-test, app-containers/docker-cli to v24.0.9.

Runtime sysctl changes:

• Added: net.core.mem_pcpu_rsv: 256

Removed crash-reporter KVM support.

Removed dev-go/grpc.

Upgraded app-containers/docker-credential-gcr to v2.1.22.

Upgraded dev-python/setuptools to v70.3.0. This fixes CVE-2024-6345.

Upgraded curl to v8.9.0. This fixes CVE-2024-6197.

Upgraded app-containers/docker-credential-helpers to v0.8.1.

Upgraded app-admin/google-guest-configs to 20240607.00.

Upgraded app-containers/cni-plugins to v1.4.1.

Upgraded sys-auth/pambase to v20240128.

Upgraded cos-gpu-installer to v2.3.5 - Improved error messaging for incompatible GPU driver input.

Upgraded net-misc/rsync to v3.2.7-r5.

Fixed CVE-2021-36084, CVE-2021-36085, CVE-2021-36086, CVE-2021-36087 in sys-libs/libsepol.

Upgraded app-containers/containerd to 1.7.19.

cos-109-17800-218-88

Fixed CVE-2024-39894.

Upgraded app-arch/libarchive to version 3.7.4. This fixes CVE-2024-26256.

Runtime sysctl changes:

• Changed: fs.file-max: 812285 -> 812261

Fixed CVE-2024-36891 in the Linux kernel.

cos-109-17800-218-83

Fixed CVE-2024-39474 in the Linux kernel

Fixed CVE-2024-39476 in the Linux kernel

Fixed CVE-2024-38662 in the Linux kernel

Fixed CVE-2024-39482 in the Linux kernel

Disable NVIDIA persistence mode with -no-verify flag

cos-109-17800-218-76

Added the package revision number to the SSH banner in net-misc/openssh.

Upgraded sys-block/thin-provisioning-tools to v0.9.0-r4.

Upgraded net-misc/rsync to v3.2.7-r4.

Upgraded sys-apps/grep to v3.11-r1.

Upgraded sys-process/lsof to v4.99.3.

Upgraded sys-apps/ethtool to v6.9.

Upgraded net-dns/libidn2 to v2.3.7.

Upgraded sys-apps/sed to v4.9-r1.

Upgraded dev-libs/libusb to v1.0.27-r1.

Upgraded sys-apps/dmidecode to v3.6.

Fixed CVE-2024-36978 in the Linux kernel.

Upgraded app-editors/vim to v9.1.0470, Upgraded app-editors/vim-core to v9.1.0470.

Updated net-misc/wget to version 1.24.5. This fixed CVE-2024-38428.

Upgraded sys-apps/attr to v2.5.2-r1.

Updated cos-gpu-installer to v2.3.5 - Improved error messaging for incompatible GPU driver input.

Upgraded net-misc/curl to v8.8.0-r1.

Upgraded sys-apps/file to v5.45-r4.

Upgraded app-admin/logrotate to v3.22.0.

cos-109-17800-218-69

Fixed CVE-2024-6387 in net-misc/openssh.

Fixed CVE-2024-36901 in the Linux kernel.

Fixed CVE-2024-35195 in dev-python/requests.

Runtime sysctl changes:

• Added: net.ipv4.tcp_rto_min_us: 200000
• Changed: fs.file-max: 812261 -> 812270

cos-109-17800-218-62

Fixed a crash in the Linux kernel.

Runtime sysctl changes:

• Changed: fs.file-max: 812259 -> 812261

cos-109-17800-218-61

Fixes CVE-2024-36902 in the Linux kernel.

Runtime sysctl changes:

• Changed: fs.file-max: 812271 -> 812259

Upgraded app-arch/lz4 to 1.9.4. Fixes CVE-2021-3520.

Fixes CVE-2024-36938 in the Linux kernel.

Update R550, latest driver to v550.90.07.This fixes CVE-2024-0090, CVE-2024-0091, CVE-2024-0092 Update R535, default driver to v535.183.01.This fixes CVE-2024-0090, CVE-2024-0092 Update R470 to v470.256.02.This fixes CVE-2024-0090, CVE-2024-0092

cos-109-17800-218-52

Fixed a performance issue observed in some Postgres databases.

Updated cos-gpu-installer to v2.3.4 - This fixes CVEs: CVE-2023-29402, CVE-2023-29405, CVE-2023-29404, CVE-2023-24540, CVE-2023-24538, CVE-2022-41721, GHSA-m425-mq94-257g, CVE-2022-41715, CVE-2022-30633, CVE-2022-41724, CVE-2022-2880, CVE-2022-30631, CVE-2021-29923, CVE-2022-24675, CVE-2022-30580, CVE-2022-41723, CVE-2023-24534, CVE-2022-41725, CVE-2022-2879, CVE-2023-24539, CVE-2022-30635, CVE-2023-45285, CVE-2022-32149, CVE-2023-24537, CVE-2022-32189, CVE-2022-28131, CVE-2023-39323, CVE-2022-28327, CVE-2022-30630, CVE-2023-44487, CVE-2023-39325, CVE-2022-27664, CVE-2023-45287, CVE-2023-29400, CVE-2023-24536, CVE-2023-29403, CVE-2022-30632, CVE-2023-39318, CVE-2020-29511, CVE-2024-24786, CVE-2023-3978, CVE-2022-41717, CVE-2022-32148, CVE-2023-39326, CVE-2023-45288, CVE-2022-1962, CVE-2023-24532, CVE-2023-39319, CVE-2022-1705, CVE-2020-29509, CVE-2023-29406, CVE-2023-29409, CVE-2022-30629

Runtime sysctl changes:

• Changed: fs.file-max: 812253 -> 812271

cos-109-17800-218-50

Fixed frequent restarts in fluent-bit stackdriver plugin.

Fixed CVE-2024-26987, CVE-2024-27020, CVE-2024-27014, CVE-2024-27022, CVE-2024-27019 ,CVE-2024-27013, CVE-2024-36008, CVE-2024-27018 ,CVE-2024-27016 and CVE-2024-27015 in the Linux kernel

Runtime sysctl changes:

• Changed: fs.file-max: 812257 -> 812253

Updated cos-gpu-installer to v2.3.3. This resolves potential synchronization issues and ensures proper cleanup of mounts in GPU driver installation directory configuration.

cos-109-17800-218-44

Updated cos-gpu-installer to v2.3.2.

Fixed a bug in auto update engine when confidential VMs are enabled.

Fixed CVE-2024-34459 in the libxml2 package.

cos-109-17800-218-37

Updated dev-vcs/git to v2.45.1. This resolves CVE-2024-32002, CVE-2024-32020, CVE-2024-32465, CVE-2024-32004, CVE-2024-32021.

Improved boot time on A3 machines by around 5 seconds.

Runtime sysctl changes:

• Changed: fs.file-max: 812597 -> 812196

Fixed CVE-2024-21626 in runc in kubelet.

cos-109-17800-218-32

Upgraded app-editors/vim to v9.1.0366, Upgraded app-editors/vim-core to v9.1.0366.

Upgraded sys-libs/timezone-data to v2024a-r1.

Upgraded app-eselect/eselect-iptables to v20220320.

Updated cos-gpu-installer to v2.3.1.

Upgraded sys-apps/less to v643-r2.

cos-109-17800-218-26

Fixed CVE-2024-26900 in the Linux kernel.

Uprev GPU driver version to v470.239.06.

cos-109-17800-218-20

Upgraded app-admin/node-problem-detector to v0.8.18.

Updated cos-gpu-installer to v2.3.0.

Fixed CVE-2023-0687, CVE-2024-2961, CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602 in sys-libs/glibc.

Upgraded sys-apps/makedumpfile to v1.7.5.

Updated net-dns/c-ares to v1.27. This fixed CVE-2024-25629.

Fixed CVE-2023-32681 in dev-python/requests.

cos-109-17800-218-14

This is an LTS Refresh release.

Fixed CVE-2024-28182 in net-libs/nghttp2.

Fixed CVE-2024-3772 in dev-python/pydantic.

Updated dev-vcs/git to v2.44.0 This fixed CVE-2023-22490, CVE-2023-23946, CVE-2023-25652, CVE-2023-25815, CVE-2023-29007.

Updated app-admin/sudo to v1.9.15_p5. This fixed CVE-2023-42465.

Fixed CVE-2024-26642 in the Linux kernel.

Set serial port baudrate to 115200.

Updated cos-gpu-installer to v2.1.11. Added major version specification for GPU driver installation.

Fixed CVE-2024-26642,CVE-2024-26643 in the Linux kernel.

Updated dev-python/pyyaml to v6.0.1. This fixed CVE-2017-18342, CVE-2019-20477, CVE-2020-14343, CVE-2020-1747.

Fixed CVE-2023-0767, CVE-2023-5388, CVE-2023-6135, CVE-2024-0743 in dev-libs/nss.

Included nvidia plugin in sosreport.

Updated dev-libs/expat to v2.6.2. This fixed CVE-2023-52425, CVE-2023-52426, CVE-2024-28757.

Fixed CVE-2023-50387, CVE-2023-50868, CVE-2023-7008 in sys-apps/systemd.

Fixed CVE-2024-26808 in the Linux kernel.

Fixed issues with the SRSO vulnerability mitigation (CVE-2023-20569). This fix might negatively impact the performance of your workloads on AMD machine types.

Fixed CVE-2023-4641 in sys-apps/shadow.

Updated net-misc/curl to v8.7.1. This fixed CVE-2024-2004, CVE-2024-2379, CVE-2024-2398, CVE-2024-2466.

Runtime sysctl changes:

• Changed: fs.file-max: 812605 -> 812597
• Changed: kernel.threads-max: 63520 -> 63519
• Changed: net.ipv4.tcp_mem: 94092 125456 188184 -> 94089 125455 188178
• Changed: net.ipv4.udp_mem: 188184 250912 376368 -> 188181 250911 376362
• Changed: user.max_cgroup_namespaces: 31760 -> 31759
• Changed: user.max_ipc_namespaces: 31760 -> 31759
• Changed: user.max_mnt_namespaces: 31760 -> 31759
• Changed: user.max_net_namespaces: 31760 -> 31759
• Changed: user.max_pid_namespaces: 31760 -> 31759
• Changed: user.max_time_namespaces: 31760 -> 31759
• Changed: user.max_user_namespaces: 31760 -> 31759
• Changed: user.max_uts_namespaces: 31760 -> 31759

Updated app-containers/containerd to v1.7.15.

cos-109-17800-147-60

Updated NVIDIA GPU drivers to v535.161.08. Fixed a potential corruption when launching kernels on H100 GPUs.

Updated NVIDIA GPU drivers to v550.54.15. Fixed a potential corruption when launching kernels on H100 GPUs, which is more likely to occur when the GPU is shared between multiple processes.

cos-109-17800-147-54

Fixed CVE-2024-26584 in the Linux kernel.

Updated app-containers/nvidia-container-toolkit to v1.14.6.

Added NVIDIA GPU drivers R550 branch and update latest to 550.54.14.

Upgraded sys-apps/makedumpfile to v1.7.4.

Upgraded localtoast to v1.1.7 and opted out of logging-service-running benchmark by default for cis-level2.

Fixed CVE-2024-26585 in the Linux kernel.

Upgraded app-admin/fluent-bit to v1.9.10.

Upgraded net-misc/chrony to v4.5.

Upgraded app-admin/node-problem-detector to v0.8.17.

Fixed a bug in google-guest-agent service enablement.

cos-109-17800-147-41

Fixed CVE-2024-26582 in the Linux kernel.

Fixed CVE-2023-52434 in the Linux kernel.

Fixed CVE-2023-52435 in the Linux kernel.

Fixed CVE-2024-26583 in the Linux kernel.

cos-109-17800-147-38

Updated app-editors/vim to 9.0.2167. This fixed CVE-2023-48231, CVE-2023-48232, CVE-2023-48233, CVE-2023-48234, CVE-2023-48235, CVE-2023-48236, CVE-2023-48237, CVE-2023-48706, CVE-2024-22667.

Added support for iSCSI targets and RAM block devices.

cos-109-17800-147-33

Updated NVIDIA GPU drivers to v470.239.06 and v535.161.07. This fixes CVE-2024-0074, CVE-2024-0075 and CVE-2022-42265.

Updated cos-gpu-installer to v2.2.1. Fixed cached driver installation error with network disabled. Added force-fallback flag, major version specification for GPU driver installation and fixed ordering of kernel module loading for nvidia-modeset and nvidia-drm

cos-109-17800-147-28

Fixed CVE-2024-23851 in the Linux kernel.

cos-109-17800-147-22

Fixed CVE-2024-0684 in sys-apps/coreutils.

Fixed CVE-2024-26581 in the Linux kernel.

Upgraded Docker to v24.0.9. This fixes CVE-2024-24557.

cos-109-17800-147-15

Upgraded net-misc/curl to v8.6.0. This fixes CVE-2024-0853.

Updated dev-libs/libxml2 to v2.11.7. This fixes CVE-2024-25062.

Updated app-containers/containerd to v1.7.13.

cos-109-17800-147-9

This is an LTS Refresh Release.

Updated dev-libs/openssl to v3.0.13. This resolves CVE-2024-0727 and CVE-2023-6129.

Updated cos-gpu-installer to v2.1.10.

Fixed CVE-2023-40546, CVE-2023-40547, CVE-2023-40548, CVE-2023-40549, CVE-2023-40550 and CVE-2023-40551 in sys-boot/shim.

Update default NVIDIA GPU drivers to 535.154.05.

Backported support for TCP RTO configuration in networkd.

Fixed CVE-2024-1086 in the linux kernel.

Runtime sysctl changes:

• Added: net.ipv4.tcp_backlog_ack_defer: 1
• Added: net.ipv4.tcp_shrink_window: 0
• Changed: fs.file-max: 812608 -> 812605
• Changed: net.core.optmem_max: 20480 -> 131072
• Changed: net.ipv6.route.max_size: 4096 -> 2147483647
• Changed: vm.lowmem_reserve_ratio: 256 256 32 0 -> 256 256 32 0 0

Fragmented nvidia-drivers and nvidia-drivers-open pkg into separate packages per major version.

cos-109-17800-66-81

Fixed CVE-2024-0607 in the Linux kernel.

Fixed CVE-2023-6531 in the Linux kernel.

Update latest NVIDIA GPU driver to v535.154.05.

cos-109-17800-66-78

Upgraded dev-python/jinja to v3.1.3. This resolves CVE-2024-22195.

Fixed CVE-2023-6915 in the Linux kernel.

Fixed CVE-2024-0193 in the Linux kernel.

Fixed CVE-2024-21626 in app-containers/runc.

Fixed CVE-2024-0646 in the Linux kernel.

Runtime sysctl changes:

• Added: net.netfilter.nf_flowtable_tcp_timeout: 30
• Added: net.netfilter.nf_flowtable_udp_timeout: 30

Fixed CVE-2024-0565 in the Linux kernel.

Added kernel compatibility with iptables-nft.

cos-109-17800-66-65

Fixed a performance issue observed in Postgres databases.

cos-109-17800-66-58

Upgraded dev-db/sqlite to v3.44.2-r2. This fixes CVE-2023-7104.

cos-109-17800-66-57

Upgraded sys-apps/dbus to v1.12.28. This fixes CVE-2023-34969.

Upgraded dev-go/crypto to v0.17.0. This fixes CVE-2023-48795.

Updated net-misc/openssh to v9.6_p1-r1.

cos-109-17800-66-54

Fixed CVE-2023-6817 in the Linux kernel.

Updated net-misc/curl to v8.5.0. This resolves CVE-2023-46218.

Updated dev-lang/go to v1.21.5. This resolves CVE-2023-45285 and CVE-2023-39326.

Fixed CVE-2023-6932 in the Linux kernel.

Updated docker-credential-gcr to v2.1.21.

Fixed a performance issue that was observed in Postgres databases.

Fixed CVE-2023-6931 in the Linux kernel.

cos-109-17800-66-43

Fixed a kernel crash that occurred when running Postgres databases.

Fixed a container performance issue that occurred after running systemctl start cloud-audit-setup.

Fixed CVE-2023-6622 in the Linux kernel.

Fixed CVE-2023-49083 in package dev-python/cryptography.

Updated app-containers/containerd to 1.7.10.

cos-109-17800-66-33

Fixed CVE-2023-6111 in the Linux kernel.

cos-109-17800-66-32

Updated NVIDIA GPU drivers. This resolves CVE-2023-31022.

Fixed CVE-2023-5090 in the linux kernel.

Updated dev-libs/libxml2 to v2.11.5. This resolves CVE-2023-45322.

Updated dev-libs/openssl to v3.0.12. This resolves CVE-2023-5363 and CVE-2023-5678.

cos-109-17800-66-27

Fixed CVE-2023-46813 in the Linux kernel.

Updated app-editors/vim,app-editors/vim-core to v9.0.2092. This resolves CVE-2023-4733, CVE-2023-4734, CVE-2023-4735, CVE-2023-4736, CVE-2023-4738, CVE-2023-4750, CVE-2023-4752, CVE-2023-4781, CVE-2023-5344, CVE-2023-5441, CVE-2023-5535.

Fixed CVE-2023-46862 in the Linux kernel.

Updated dev-go/net to v0.17.0. This fixes CVE-2023-44487 and CVE-2023-39325.

Updated dev-lang/go to v1.21.3. This resolves CVE-2023-44487 and CVE-2023-39325.

Updated net-libs/nghttp2 to v1.57.0. This resolves CVE-2023-44487 and CVE-2023-35945.

cos-109-17800-66-27

Fixed CVE-2023-46862 in the Linux kernel.

Update dev-lang/go to 1.21.3. This resolves CVE-2023-44487 and CVE-2023-39325.

Fixed CVE-2023-46813 in the Linux kernel.

Updated app-editors/vim,app-editors/vim-core to v9.0.2092. This resolves CVE-2023-4733, CVE-2023-4734, CVE-2023-4735, CVE-2023-4736, CVE-2023-4738, CVE-2023-4750, CVE-2023-4752, CVE-2023-4781, CVE-2023-5344, CVE-2023-5441, CVE-2023-5535.

Updated dev-go/net to v0.17.0. This fixes CVE-2023-44487 and CVE-2023-39325.

Updated net-libs/nghttp2 to v1.57.0. This resolves CVE-2023-44487 and CVE-2023-35945.

cos-109-17800-66-19

Fixed CVE-2023-5717 in the Linux kernel.

Updated google-guest-configs to 20230929.00.

cos-109-17800-66-15

This is an LTS Refresh Release

Updated default and latest NVIDIA GPU drivers to v535.104.12.

Updated app-containers/containerd to v1.7.7.

Updated the Linux kernel to v6.1.58.

Fixed CVE-2023-4244 in the Linux kernel.

Updated dev-lang/go to v1.21.2. This resolves CVE-2023-39323.

Restore systemd-logind restart behavior when dbus restarts.

Enable portmapper registration reporting for lsof. This also fixes an issue where lsof is missing from SOS reports.

Upgraded net-misc/curl to v8.4.0. This resolves CVE-2023-38545.

Runtime sysctl changes:

• Added: net.ipv6.conf.all.accept_ra_min_lft: 0
• Added: net.ipv6.conf.default.accept_ra_min_lft: 0
• Added: net.ipv6.conf.docker0.accept_ra_min_lft: 0
• Added: net.ipv6.conf.eth0.accept_ra_min_lft: 0
• Added: net.ipv6.conf.lo.accept_ra_min_lft: 0
• Changed: fs.file-max: 812619 -> 812608
• Changed: kernel.threads-max: 63519 -> 63520
• Changed: net.netfilter.nf_conntrack_sctp_timeout_shutdown_recd: 0 -> 3
• Changed: net.netfilter.nf_conntrack_sctp_timeout_shutdown_sent: 0 -> 3
• Changed: user.max_cgroup_namespaces: 31759 -> 31760
• Changed: user.max_ipc_namespaces: 31759 -> 31760
• Changed: user.max_mnt_namespaces: 31759 -> 31760
• Changed: user.max_net_namespaces: 31759 -> 31760
• Changed: user.max_pid_namespaces: 31759 -> 31760
• Changed: user.max_time_namespaces: 31759 -> 31760
• Changed: user.max_user_namespaces: 31759 -> 31760
• Changed: user.max_uts_namespaces: 31759 -> 31760

cos-109-17800-0-51

Fixed CVE-2023-5197 in the Linux kernel.

Fixed CVE-2023-38039 in net-misc/curl.

cos-109-17800-0-47

Updated cos-gpu-installer to v2.1.9.

Fixed CVE-2023-42753 in the Linux kernel.

cos-109-17800-0-45

Promoted to stable.

cos-beta-109-17800-0-45

Fixed CVE-2023-4569 in the Linux kernel.

Fixed CVE-2023-4921 in the Linux kernel.

Fixed an issue where IPv6 networking would fail under high CPU load.

Fixed CVE-2023-40217 in the dev-lang/python package.

Updated dev-lang/go to 1.21.1. This fixes CVE-2023-39318 and CVE-2023-39319.

cos-beta-109-17800-0-37

Updated cos-gpu-installer to v2.1.8.

Fixed an issue with NFS reconnects on GKE.

Fixed CVE-2023-4015, CVE-2023-4622, CVE-2023-4623 in the kernel.

Fixed an issue where symlinks could not be moved.

cos-beta-109-17800-0-32

Updated latest GPU driver to v535.104.05.

cos-beta-109-17800-0-31

Runtime sysctl changes:

• Added: kernel.io_uring_disabled: 0

The get_metadata_value script will now retry if it experiences a connection error.

Enabled persistence mode with Nvidia GPU driver installation.

Fixed an issue in ip6tables where the -C option did not work correctly.

Updated dev-go/go-tools to v0.11.1_p20230712.

Fixed CVE-2023-4016 in sys-process/procps.

Fixed CVE-2022-40896 in pygments package.

Fixed CVE-2023-33953 in the Linux kernel.

Updated dev-lang/go to v1.21.0.

Upgraded sys-fs/mdadm to v4.2. This resolves CVE-2023-28938 and CVE-2023-28736.

cos-beta-109-17800-0-13

Updated dev-libs/openssl to v3.0.10. This resolves CVE-2023-3817.

Updated app-containers/docker to 24.0.5.

Updated app-containers/docker-cli to 24.0.5.

Fixed CVE-2023-4147 in the Linux kernel.

Fixed CVE-2023-4194 in the Linux kernel.

Updated dev-go/yaml to v3.0.1. This resolves CVE-2022-28948.

cos-beta-109-17800-0-8

Updates to Major Packages:

Updated cloud-init to v23.1.2.

Updated runc to 1.1.7. This also resolves CVE-2023-25809 and CVE-2023-27561.

Updated oslogin to v20230531.00.

Updated default and latest drivers to v535.54.03 (NVIDIA LTSB). This also resolves: CVE-2023-0184, CVE-2023-0189, CVE-2023-0180, CVE-2023-0183, CVE-2023-0185, CVE-2023-0187, CVE-2023-0198, CVE-2023-0199, CVE-2023-0188, CVE-2023-0190, CVE-2023-0194, CVE-2023-0195, CVE-2023-0191. CVE-2023-25515 and CVE-2023-25516.

Also updated R470 drivers to 470.199.02. This also resolves: CVE-2023-0184, CVE-2023-0189, CVE-2023-0180, CVE-2023-0185, CVE-2023-0187, CVE-2023-0198, CVE-2023-0199, CVE-2023-0188, CVE-2023-0190, CVE-2023-0194, CVE-2023-0195, CVE-2023-0191.

Updated systemd to v253.3.

Updated google-guest-configs to v20230526.00.

Updated sosreport to v4.5.4.

Updated cos-gpu-installer to v2.1.4. Some key features of this update include:

• Support for gsp_tu10x.bin and gsp_ad10x.bin gsp firmware files and removes the container dependency on python2.
• Simplifies GPU driver installation by remounting driver installation path as executable from cos-extensions.
• Support for L4 GPU in cos-gpu-installer and fixed cached driver installation for prebuilt driver modules.
• Fallback to installing compatible drivers when installer is invoked for certain GPU devices and incompatible drivers.
• Switch precompiled driver and signature location to COS build artifacts.
• Added flag --no-verify to preload GPU drivers with no GPU attached.
• Added support for NVIDIA R535 drivers by preparing gsp_ga10x.bin firmware file.
• Added flag --module-arg to specify kernel module parameters.
• Switch generic NVIDIA driver installer download url in cos-gpu-installer from us.downloads.nvidia to gs://nvidia-drivers--public.
• Fix permission issue in GPU driver install directory with OSS drivers.

Updated kubernetes to v1.27.3.

Updated containerd to 1.7.2. This also resolves CVE-2023-25173 and CVE-2023-25153.

Updated Docker and docker-cli to v24.0.4.

Updated toolbox to v20230714.

Updated google-guest-agent to v20230628.00.

Updated google-osconfig-agent to v20230706.02.

Updated docker-credential-gcr to v2.1.10.

Upgraded localtoast from v1.1.5.1 to v1.1.6.

Upgraded app-admin/sudo to v1.9.13_p3-r1.

Upgraded net-misc/bridge-utils to v1.7.1-r1.

Upgraded net-fs/autofs to v5.1.8-r1.

Updated net-fs/cifs-utils to v6.15. This resolves CVE-2022-29869, CVE-2021-20208, and CVE-2022-27239.

Upgraded sys-apps/acl to v2.3.1-r2.

Added nvidia-container-toolkit v1.13.5.

Upgraded sys-apps/file to v5.44-r3.

Upgraded app-arch/xz-utils to v5.4.3.

Enabled support for MGLRU in the Linux kernel.

Use the Fluent-bit logging agent when the google-logging-use-fluentbit metadata key is true and logging is enabled.

Upgraded dev-libs/libgpg-error to v1.46-r1.

Fixed ncurses upgrade to 6.4p20220423. This resolves CVE-2023-29491.

Upgraded sys-libs/libcap to v2.68.

Upgraded net-misc/wget to v1.21.3-r1.

Enabled vrf, ip_gre, and ip6_gre modules.

Upgraded sys-apps/dmidecode to v3.5-r2.

Add MAX_SKB_FRAGS configuration in the Linux kernel.

Add noexec, nodev, nosuid to /etc/resolv.conf bind mount. Fixes EPERM errors when running a pod in UserNS in COS.

Upgraded sys-apps/kexec-tools to v2.0.24.

Upgraded app-shells/dash to v0.5.12.

Enabled KVM-based nested virtualization for the x86 architecture.

Upgraded net-analyzer/netcat to v110.20180111-r2.

Upgraded dev-libs/libyaml to v0.2.5.

Upgraded sys-apps/attr to v2.5.1-r2.

Upgraded sys-apps/acl to v2.3.1-r1.

Fixed CVE-2023-24329, CVE-2015-20107, CVE-2020-10735, CVE-2021-28861, and CVE-2022-45061 in dev-lang/python.

Updated the dev-libs/libxml2 package to 2.10.4. This resolves CVE-2023-28484.

CVE/Security Fixes:

Updated binutils-libs to v2.40. This resolves CVE-2022-4285.

Fixed containers losing access to GPUs with error "Failed to initialize NVML: Unknown error".

Updated dev-lang/go to v1.20.5 and dev-go/net to v0.7.0. This resolves CVE-2023-29403, CVE-2023-29404, CVE-2023-29402, CVE-2023-29405, CVE-2023-24532, CVE-2023-24536, CVE-2023-24537, CVE-2023-24538, CVE-2023-24539, CVE-2023-24540, CVE-2023-29400, CVE-2022-41723 and CVE-2022-41725.

Removed support for Rust symbol demangling in google-breakpad.

Upgraded net-libs/libnfnetlink to v1.0.2.

Updated app-editors/vim, app-editors/vim-core to v9.0.1562. This resolves CVE-2023-2609, CVE-2023-2610, CVE-2023-2426, CVE-2023-0512, CVE-2023-1127, CVE-2023-1175, CVE-2023-1170, CVE-2023-1355 and CVE-2023-1264.

Upgraded dev-libs/libevent to v2.1.12-r1.

Upgraded sys-apps/ethtool to v6.3.

Enabled fluent-bit to use customized configuration.

Upgraded sys-apps/gentoo-functions to v0.19.

Enabled the following kernel configs: CONFIG_AMD_IOMMU, CONFIG_AMD_IOMMU_V2 and INET_DIAG_DESTROY.

Added kernel modules for SquashFS, RAID1, and DM RAID.

Upgraded dev-libs/expat to v2.5.0.

Updated to pick up CVE-2023-0386 and CVE-2023-1281 patches for net-sched in the kernel.

Update open-vm-tools to v12.2.5. This resolves CVE-2023-20867.

Disabled CONFIG_DEBUG_CREDENTIALS in the kernel due to its performance impact on some container workloads.

Upgraded sys-apps/net-tools to v2.10.

Updated dev-go/go-sys to v0.5.0.

Upgraded net-dns/libidn2 to v2-2.3.4.

Added kernel support for nftables.

Upgraded net-misc/curl to v8.1.2. This resolves CVE-2022-43552.

Upgraded net-misc/openssh package to v9.3. This resolves CVE-2023-28531 and CVE-2023-25136.

Retry starting systemd-networkd permanently in case of failure instead of default limit of 5.

Updated dev-libs/openssl to v3.0.9. This resolves CVE-2023-2650, CVE-2022-4450, CVE-2023-0215, CVE-2022-4304, CVE-2023-0286, CVE-2023-0464, CVE-2023-1255, CVE-2023-0465 and CVE-2023-0466.

New Features and Changes in the Linux Kernel:

Upgraded app-misc/jq to v1.7_pre20201109-r1.

Upgraded app-misc/mime-types to v2.1.54.

Upgraded net-dns/c-ares to v1.19.1.

Upgraded dev-libs/gmp to v6.2.1-r5.

Upgraded net-nds/rpcbind to v1.2.6.

Upgraded dev-libs/confuse to v3.3 and fixed CVE-2022-40320.

Upgraded sys-libs/libcap-ng to v0.8.3.

Fixed CVE-2022-48303 in app-arch/tar.

Fixed CVE-2021-27291 and CVE-2021-20270 in dev-python/pygments.

Upgraded net-misc/rsync to v3.2.7-r2.

Updated to pick up CVE-2023-0179 patch for netfilter in kernel.

Fixed CVE-2022-2928 and CVE-2022-2929 in net-misc/dhcp.

Updated the Linux kernel to v6.1.40.

Upgraded net-libs/libnetfilter_queue to v1.0.5.

Upgraded sys-fs/lvm2 to v2-2.03.20.

Increase /dev/stateful wait timeout with protected stateful partition.

Upgraded bind-tools to v9.16.37.

Upgraded dev-libs/popt to v1.19.

Upgraded app-misc/ca-certificates to v20230311.3.90.

Upgraded sys-libs/timezone-data to v2023c.

Upgraded dev-libs/libgcrypt to v1.10.1-r3.

Upgraded sys-fs/xfsprogs to v6.2.0.

Upgraded app-arch/pigz to v2.7-r1.

Upgraded sys-libs/libcap to v2.69.

Updated to pick up CVE-2023-0394 patch for ipv6 raw.

Upgraded sys-apps/diffutils to v3.10.

Enabled TDX Guest support in the Linux Kernel.

Upgraded sys-apps/ethtool to v6.2.

New Features and Changes in the Image:

Upgraded net-libs/libmnl to v1.0.5.

Upgraded sys-apps/coreutils to v9.3.

Fixed an issue where chronyd does not restart after failure, resulting in the system time being out of sync.

Installed fluent-bit for stackdriver logging in x86 images. See this page for more details.

Updated open-iscsi to v2.1.8. This resolves CVE-2020-17437.

Toolbox is now compatible with both Artifact Registry (AR) and Google Container Registry (GCR).

Upgraded dev-libs/libpcre to v8.45-r1.

Upgraded net-libs/gnutls to v3.8.0.

Upgraded sys-apps/less to v633-r1. This resolves CVE-2022-46663.

Upgraded sys-apps/coreutils to v9.3-r1.

Upgraded net-libs/libnetfilter_conntrack to v1.0.9-r1.

Upgraded dev-libs/dbus-glib to v0.112.

Allowed preloading GPU driver dependencies through cos-extensions.

Upgraded dev-libs/elfutils to v0.189.

Upgraded dev-db/sqlite to v3.41.0.

Updated the gvnic driver in the Linux kernel.

Upgraded dev-libs/userspace-rcu to v0.13.2.

Upgraded dev-libs/libzip to v1.9.2.

Upgraded sys-apps/grep to v3.11.

Upgraded sys-fs/e2fsprogs to v1.47.0-r2.

Upgraded net-firewall/iptables to v1.8.9.

Updated iproute2 to v6.2.0.

Upgraded net-libs/libnetfilter_cthelper to v1.0.1-r1.

Updates for Minor packages:

Upgraded dev-libs/re2 to v2-0.2022.12.01.

Upgraded sys-process/lsof to v4.98.0.

Upgraded net-misc/wget to v1.21.4.

Upgraded sys-fs/cryptsetup from 2.3.4 to 2.4.3. This resolves CVE-2021-4122.

Upgraded dev-python/cryptography to v39.0.1. This resolves CVE-2023-23931.

Upgraded dev-libs/nettle to v3.8.1.

Fixed an issue where pstore is not cleaned at boot time if COS metrics are disabled.

Upgraded dev-libs/nspr to v4.35-r1.

Upgraded app-admin/logrotate to v3.21.0.

Updated dev-go/go-tools to 070db2996ebe3aa00667288f8e5749e867deeb39.

Upgraded dev-libs/libpcre2 to v2-10.42-r1.

Upgraded net-dns/c-ares to v1.19.0.

Upgraded dev-libs/libverto to v0.3.2.

Upgraded net-libs/libnetfilter_cttimeout to v1.0.1.