A new Fedora Atomic Host update is available via an OSTree commit:
Commit: d518b37c348eb814093249f035ae852e7723840521b4bcb4a271a80b5988c44a
Version: 26.150
The most notable changes in this release are a new version of the kernel, kubernetes, rpm-ostree and dnsmasq. The dnsmasq update fixes quite a few CVEs. Click through for a complete list.
- CVE-2017-14491 dnsmasq: heap overflow in the code responsible for building DNS replies
- CVE-2017-14492 dnsmasq: heap overflow in the IPv6 router advertisement code
- CVE-2017-14493 dnsmasq: stack buffer overflow in the DHCPv6 code
- CVE-2017-14494 dnsmasq: information leak in the DHCPv6 relay code
- CVE-2017-14495 dnsmasq: memory exhaustion vulnerability in the EDNS0 code
- CVE-2017-14496 dnsmasq: integer underflow leading to buffer over-read in the EDNS0 code
The diff between this and the previous released version is:
- ostree diff commit old: 541abd650d1ffb3929e2ba8114436a0b04ee41da76a691af669dd037589a1421
- ostree diff commit new: d518b37c348eb814093249f035ae852e7723840521b4bcb4a271a80b5988c44a
Upgraded:
- GeoIP-GeoLite-data 2017.07-1.fc26.noarch -> 2017.10-1.fc26.noarch
- boost-iostreams 1.63.0-8.fc26.x86_64 -> 1.63.0-9.fc26.x86_64
- boost-program-options 1.63.0-8.fc26.x86_64 -> 1.63.0-9.fc26.x86_64
- boost-random 1.63.0-8.fc26.x86_64 -> 1.63.0-9.fc26.x86_64
- boost-regex 1.63.0-8.fc26.x86_64 -> 1.63.0-9.fc26.x86_64
- boost-system 1.63.0-8.fc26.x86_64 -> 1.63.0-9.fc26.x86_64
- boost-thread 1.63.0-8.fc26.x86_64 -> 1.63.0-9.fc26.x86_64
- cockpit-bridge 151-1.fc26.x86_64 -> 151-2.fc26.x86_64
- cockpit-docker 151-1.fc26.x86_64 -> 151-2.fc26.x86_64
- cockpit-networkmanager 151-1.fc26.noarch -> 151-2.fc26.noarch
- cockpit-ostree 151-1.fc26.x86_64 -> 151-2.fc26.x86_64
- cockpit-system 151-1.fc26.noarch -> 151-2.fc26.noarch
- container-storage-setup 0.7.0-1.git4ca59c5.fc26.noarch -> 0.8.0-1.git1d27ecf.fc26.noarch
- criu 3.3-2.fc26.x86_64 -> 3.5-1.fc26.x86_64
- dnsmasq 2.76-3.fc26.x86_64 -> 2.76-5.fc26.x86_64
- kernel 4.12.14-300.fc26.x86_64 -> 4.13.5-200.fc26.x86_64
- kernel-core 4.12.14-300.fc26.x86_64 -> 4.13.5-200.fc26.x86_64
- kernel-modules 4.12.14-300.fc26.x86_64 -> 4.13.5-200.fc26.x86_64
- kubernetes 1.6.7-1.fc26.x86_64 -> 1.7.3-1.fc26.x86_64
- kubernetes-client 1.6.7-1.fc26.x86_64 -> 1.7.3-1.fc26.x86_64
- kubernetes-master 1.6.7-1.fc26.x86_64 -> 1.7.3-1.fc26.x86_64
- kubernetes-node 1.6.7-1.fc26.x86_64 -> 1.7.3-1.fc26.x86_64
- nspr 4.16.0-1.fc26.x86_64 -> 4.17.0-1.fc26.x86_64
- nss 3.32.1-1.0.fc26.x86_64 -> 3.33.0-1.0.fc26.x86_64
- nss-softokn 3.32.0-1.2.fc26.x86_64 -> 3.33.0-1.0.fc26.x86_64
- nss-softokn-freebl 3.32.0-1.2.fc26.x86_64 -> 3.33.0-1.0.fc26.x86_64
- nss-sysinit 3.32.1-1.0.fc26.x86_64 -> 3.33.0-1.0.fc26.x86_64
- nss-tools 3.32.1-1.0.fc26.x86_64 -> 3.33.0-1.0.fc26.x86_64
- nss-util 3.32.0-1.0.fc26.x86_64 -> 3.33.0-1.0.fc26.x86_64
- python3 3.6.2-7.fc26.x86_64 -> 3.6.2-8.fc26.x86_64
- python3-libs 3.6.2-7.fc26.x86_64 -> 3.6.2-8.fc26.x86_64
- rpm-ostree 2017.8-2.fc26.x86_64 -> 2017.9-1.fc26.x86_64
- rpm-ostree-libs 2017.8-2.fc26.x86_64 -> 2017.9-1.fc26.x86_64
- sudo 1.8.20p2-1.fc26.x86_64 -> 1.8.21p2-1.fc26.x86_64
- system-python 3.6.2-7.fc26.x86_64 -> 3.6.2-8.fc26.x86_64
- system-python-libs 3.6.2-7.fc26.x86_64 -> 3.6.2-8.fc26.x86_64
- vim-minimal 2:8.0.1097-1.fc26.x86_64 -> 2:8.0.1176-1.fc26.x86_64
Existing systems can be upgraded in place via e.g. atomic host upgrade
or
atomic host deploy
. Systems on Fedora Atomic 25 can be upgraded using rpm-ostree rebase
.
Refer to the upgrade guide
for more details.
Corresponding image media for new installations can be downloaded from GetFedora.org.
Respective signed CHECKSUM files can be found here:
For direct download, the latest
targets are always available at the following URLs:
Filename fetching URLs for downloading to remote systems are available by querying the following links:
For more information about the latest targets, please reference the Fedora Atomic Wiki space.
The Vagrant Cloud page with the new atomic host:
To provision using vagrant:
vagrant init fedora/26-atomic-host; vagrant up
or, if you already have the box, to get the new one:
vagrant box update --box fedora/26-atomic-host