Microsoft has released an update to its Azure Linux distro, bosting a slew of fixes and bringing the version to 2.0.20240403.

Azure Linux is based on Microsoft’s CBL-Mariner distro, and is used as for Azure Linux Container Host workloads. The company has released an updated version of Azure Linux, incorporating a plethora of bug and security fixes.

The release notes were announced on GitHub:

• Add patch for cloud-init pkg install error
• Add patch to limit pytest-mypy-plugins version for python-attrs test
• Disabled experimental c-ares module from python-gevent (also fixes CVE-2021-22931)
• Enabled ccache and artifact suffixes for fast-track PR check
• Exclude overlayfs module from main dracut package.
• Explicitly add libgcc as a requires to distroless base
• Fix imagegen tools (toolkit) to Write fstab file in correct order.
• Fix kata-containers to use system OpenSSL
• Fix kata-containers-cc to fix macro expansion (use grub2-rpm-macros)
• Fix kata-containers-cc virtiofsd dependency
• Fix mariner_2_initrd_use_suffix kdump.conf option
• Fix moby-compose license for ASL 2.0
• Fix msft-golang to include go.env in GOROOT
• Fix python-prettytables ptest.
• Fix python-remoto ptest
• Fix toolchain rebuilds for delta builds.
• Force systemd coredump to use LZ4 compression
• Limited cascading rebuilds for the fast-track PR check to 1.
• Modify cython to skip long tests.
• Patch CVE-2023-52160 for wpa_supplicant
• Patch libtiff to fix CVE-2023-52356
• Patch PAM to fix CVE-2024-22365
• Patch azure-iot-sdk-c to address CVE-2024-25110 and CVE-2024-27099 – bran
• Patch clamav to fix CVE-2024-20328
• Patch expat to fix CVE-2023-52426
• Patch kubervirt for CVE-2022-41723
• Patch less to fix CVE-2022-48624
• Patch libvirt to fix CVE-2024-1441 and CVE-2024-2496
• Patch nodejs18 to fix CVE-2024-22025 (NOTE: nodejs[16] is end of life and will be removed from build at next monthly update)
• Patch open-vm-tools to address CVE-2023-34058 & CVE-2023-34059
• Patch to package qt5-qtbase to address CVE-2022-25643
• Patch unixODBC to fix CVE-2024-1013
• Patch xorg-x11-server to fix CVE-2023-5574, CVE-2023-5367 & CVE-2023-5380, CVE-2023-6816, CVE-2024-21885
• Removed the runOnHost flag to fix the fast-track PR check pipelines.
• Switch qemu-guest base image to kernel instead of kernel-hci
• Update expat changelog
• Update guava to 32.1.3 in Javapackages-bootstrap
• Update toolchain container bootstrap to 2.0.20240123
• Upgrade Kernel to 5.15.153.1 to address kernel CVE-2014-3185, CVE-2015-5157, CVE-2022-2585, CVE-2022-2586, CVE-2022-2588,CVE-2022-2602, CVE-2023-5090, CVE-2023-5633, CVE-2023-6040, CVE-2023-6200, CVE-2023-6560, > CVE-2023-35827, CVE-2023-46838, CVE-2023-52429, CVE-2023-50431, CVE-2023-52434, CVE-2023-52435, CVE-2024-0340, CVE-2024-0562, CVE-2024-0646, CVE-2024-0775, CVE-2024-1086, CVE-2024-23849, CVE-2024-23850, CVE-2024-23851
• Upgrade ansible to 2.14.4 fix CVE-2024-0690
• Upgrade ca-certificates Msft cert change
• Upgrade emacs to 29.3 to fix CVE-2024-30202, CVE-2024-30204, CVE-2024-30205
• Upgrade expat to 2.6.2 CVE-2023-52425 and CVE-2024-28757
• Upgrade helm to 3.14.2 CVE-2024-26147
• Upgrade libreswan to 4.14
• Upgrade msft-golang to 1.21.8 to fix CVEs
• Upgrade nmi to 1.8.17 CVE-2022-41717, CVE-2022-23551
• Upgrade node-problem-detector to version v0.8.17 and patch CVE-2024-24786
• Upgrade python to 3.9.19: address CVE-2023-6597 and other security concerns
• Upgrade zstd to 1.5.4 CVE-2022-4899
• Upgrade etcd to version 3.5.12.
• Patch gnutls to fix CVE-2024-0567
• Patch telegraf for CVE-2024-27304 and CVE-2024-28110
• Kata: Release v3.2.0.azl0 for both vanilla and CC based on aligned sources
• Kata: upgrade kernel-uvm and kata-conatainers-cc for LSG release v2402.26.1