Container Optimized OS

Fixed CVE-2026-32597 with pyjwt package upgrade to 2.12.1.

Fixed KCTF-c9bc175 in the Linux kernel.

Fixed an ek-cpu-balloon bug which would result in CPUs being underreported on ek machines with SMT enabled.

Updated net-misc/curl to v8.19.0. This resolves CVE-2026-1965 and CVE-2026-3783.

Fixed CVE-2026-23107 in the Linux kernel.

Fixed CVE-2026-27459 in dev-python/pyopenssl.

Updated sys-libs/binutils-libs to 2.46.0. This resolves CVE-2025-69644.

Upgraded app-admin/google-osconfig-agent to v20260119.00.

Fixed CVE-2026-23086 in the Linux kernel.

Fixed CVE-2025-71268 in the Linux kernel.

Upgraded sys-apps/file to v5.47-r1.

Updated dev-libs/openssl to v3.5.5. This resolves CVE-2025-15467.

Fixed CVE-2026-23243 in the Linux kernel.

Fixed KCTF-329f0b9 in the Linux kernel.

Updated cos-gpu-installer to v2.6.1.

Upgraded virtual/logger to v0-r3.

Upgraded sys-apps/file to v5.47-r1.

Upgraded app-admin/google-osconfig-agent to v20260119.00.

Updated sys-libs/binutils-libs to 2.46.0. This resolves CVE-2025-69644.

Fixed an ek-cpu-balloon bug which would result in CPUs being underreported on ek machines with SMT enabled.

Fixed KCTF-329f0b9 in the Linux kernel.

Upgraded dev-db/sqlite to v3.51.3.

Added CPU balloon support for Arm CPUs.

Fixed CVE-2025-71265 in the Linux kernel.

Fixed CVE-2026-32597 with pyjwt package upgrade to 2.12.1.

Updated net-misc/curl to v8.19.0. This resolves CVE-2026-1965 and CVE-2026-3783.

Upgraded dev-libs/expat to v2.7.5.

Fixed CVE-2026-23262 in the Linux kernel.

Fixed KCTF-c9bc175 in the Linux kernel.

Fixed CVE-2025-22026 in the Linux kernel.

Fixed KCTF-c9bc175 in the Linux kernel.

Fixed KCTF-71e99ee in the Linux kernel.

Updated net-misc/curl to v8.19.0. This resolves CVE-2026-1965 and CVE-2026-3783.

Upgraded dev-libs/expat to v2.7.4.

Updated cos-gpu-installer to v2.6.1.

Fixed CVE-2024-26822 in the Linux kernel.

Added CPU balloon support for Arm CPUs.

Upgraded net-firewall/iptables to v1.8.13.

Fixed CVE-2025-71266 in the Linux kernel.

Fixed CVE-2025-69647 in binutils-libs.

Upgraded chromeos-base/google-breakpad to v2026.03.03.162944-r270.

Upgraded app-admin/google-osconfig-agent to v20260119.00.

Updated sys-libs/binutils-libs to 2.46.0. This resolves CVE-2025-69644.

Upgraded sys-apps/file to v5.47-r1.

Fixed CVE-2026-23254 in the Linux kernel.

Fixed CVE-2026-23229 in the Linux kernel.

Fixed performance and efficiency issues in TCPX through optimized netmem handling and scatter-gather list coalescing for large memory mappings.

Updated cos-gpu-installer to v2.6.1.

Fixed a packet header clobbering issue in the IDPF driver occurring when SWIOTLB and header split are enabled.

/run is now mounted with the noexec option.

Upgraded dev-util/gdbus-codegen to v2.86.3.

Upgraded net-misc/socat to v1.8.1.1.

Upgraded sys-apps/acl to v2.3.2-r3.

Fixed CVE-2025-38162 in the Linux kernel.

Upgraded dev-utils/gdbus-codegen to v2.86.3.

Upgraded sys-apps/file to v5.47.

Fixed CVE-2026-23054 in the Linux kernel.

Upgraded dev-libs/glib to v2.86.3. This fixes CVE-2025-14087, CVE-2025-14512 and CVE-2025-13601.

Upgraded dev-libs/glib to v2.86.3. This fixes CVE-2025-14087, CVE-2025-14512 and CVE-2025-13601.

Upgraded app-admin/fluent-bit to v4.2.3.1.

Fixed KCTF-71e99ee in the Linux kernel.

Enabled buffer overflow detection for kernel str/mem functions.

Fixed CVE-2025-38201 in the Linux kernel.

Upgraded dev-util/gn to v2331.

Upgraded app-admin/sosreport to v4.11.0.

Fixed CVE-2026-23102 in the Linux kernel.

Upgraded the galog version to v0.0.0-20250924170816-9dbf105986f4 in google-guest-agent to fix an issue with high CPU consumption.

/dev/hugepages is now mounted with the noexec option.

Fixed a kernel bug which could cause traffic drops after NIC resets.

Downgraded ek-cpu-balloon driver to version 1.1.0 to address efficiency daemon issues.

Fixed CVE-2026-23176 in the Linux kernel.

Upgraded net-misc/socat to v1.8.1.1.

Upgraded dev-libs/glib to v2.86.3 and gdbus-codegen to v2.86.3. This fixes CVE-2025-14087, CVE-2025-14512 and CVE-2025-13601.

Fixed CVE-2023-53421 in the Linux kernel.

Upgraded app-admin/sosreport to v4.11.0.

Fixed CVE-2025-38591 in the Linux kernel.

Fixed CVE-2025-22026 in the Linux kernel.

Upgraded sys-apps/file to v5.47.

Fixed CVE-2025-13601, CVE-2025-14512, CVE-2025-14087 in dev-libs/glib.

Fixed CVE-2026-23216 in the Linux kernel.

Fixed CVE-2025-37920 in the Linux kernel.

Fixed CVE-2025-71089 in the Linux kernel.