Releases: microsoft/azurelinux
Release list
3.0.20260706
Generic Kernel version-release: kernel-6.6.143.1-1
Add argparse-manpage to SPECS-EXTENDED
Add Koji message-bus packages to SPECS-EXTENDED
Add nftables patch to fix segfault when listing ruleset containing user-data (udata) in rule expressions
Add ukify-fix-insertion-of-padding-in-merged-sections patch to systemd
Fix failing core ptest in systemd and libguestfs
Fix gd ptest issue
Fix krb5 Backport upstream SPNEPO mechListMIC parsing fix (ticket 9183)
Fix libstoragemgmt: Address ptest and package installation failure
Fix openmpi runtime dependencies
Fix openmpi subpackages
Fix openmpi Restore openmpi-devel subpackages
Fix ptest failure in rng-tools
Fix ptest failures in perl-IO-Socket-SSL package
Fix ptest failures in python-beautifulsoup4 package
Fix ptest failures in python-zope-interface package
Fix ptest for gperftools
Fix ptest for python-omegaconf
Fix ptests failure in openvswitch package
Fix ptests failure in runc package
Fix ptests failure in subversion package
Fix selinux-policy to allow container engines to mmap runtime files
Fix selinux-policy to update policy for irqbalance v1.9.5
Fix waagent-network-setup.service failure and update to teardown the specific interface
freeradius: move from specs-extended to specs
libssh2: patch CVE-2026-55200 (OOB write in transport read)
Merge PR Patch perl for CVE-2026-48962, CVE-2026-48959, CVE-2026-42496, CVE-2025-15649
Merge PR Patch perl-DBI for CVE-2026-10879
mlnx-ofa_kernel-hwe-modules-signed: drop fwctl.ko (broken since DOCA 3.3.0 bump)
Patch bzip2 for CVE-2026-42250
Patch cf-cli for CVE-2026-42502, CVE-2026-39835, CVE-2026-39828, CVE-2026-39827, CVE-2026-25681, CVE-2026-25680
Patch cloud-provider-kubevirt for CVE-2026-42502, CVE-2026-25681, CVE-2026-25680
Patch cmake for CVE-2026-4873, CVE-2026-6276, CVE-2026-6253, CVE-2026-6429, CVE-2026-5545
Patch cni-plugins for CVE-2026-42506, CVE-2026-27136, CVE-2026-42502, CVE-2026-25681, CVE-2026-25680
Patch containerd2 for CVE-2026-42502, CVE-2026-25681, CVE-2026-25680
Patch crash for CVE-2025-11083
Patch curl for CVE-2026-6253, CVE-2026-6429, CVE-2026-5545
Patch dasel for CVE-2026-42506, CVE-2026-27136, CVE-2026-25680, CVE-2026-42502, CVE-2026-25681
Patch dhcpcd for CVE-2026-14258, CVE-2026-56113, CVE-2026-56117, CVE-2026-56116, CVE-2026-56114
Patch docker-buildx for CVE-2026-39833, CVE-2026-46598, CVE-2026-42502, CVE-2026-39835, CVE-2026-39827, CVE-2026-25681, CVE-2026-25680
Patch docker-compose for CVE-2026-46598, CVE-2026-42502, CVE-2026-39835, CVE-2026-39827, CVE-2026-25681, CVE-2026-25680
Patch edk2 for CVE-2026-9076, CVE-2026-7383, CVE-2026-45447, CVE-2026-45445, CVE-2026-42767, CVE-2026-42766, CVE-2026-34182, CVE-2026-34180
Patch elixir for CVE-2026-49762
Patch gdb for CVE-2025-11083
Patch gh for CVE-2026-42502, CVE-2026-39835, CVE-2026-39828, CVE-2026-39827, CVE-2026-25681, CVE-2026-25680
Patch gh for CVE-2026-45803
Patch glib for CVE-2026-0988
Patch glib-networking for CVE-2026-10028
Patch gnupg2 for CVE-2026-57062
Patch golang & golang-1.25 for CVE-2026-39821
Patch gzip for CVE-2026-41992
Patch haproxy for CVE-2026-55204, CVE-2026-55203
Patch jq for CVE-2026-49839, CVE-2026-47770, CVE-2025-9403
Patch kata-containers for CVE-2025-58160 and CVE-2026-27171
Patch kata-containers-cc for CVE-2025-5791 and CVE-2025-4574, CVE-2026-42250
Patch keda for CVE-2026-41889, CVE-2026-42502, CVE-2026-25681, CVE-2026-25680
Patch ldns for CVE-2026-10846
Patch libinput for CVE-2026-50292
Patch libnfs for CVE-2026-53689
Patch libsolv for CVE-2026-9150, CVE-2026-9149
Patch libsoup for CVE-2026-2708, CVE-2026-6324
Patch libssh2 for CVE-2026-55199, CVE-2025-15661
Patch libxml2 for CVE-2026-0989
Patch multus for CVE-2026-42502, CVE-2026-25681, CVE-2026-25680
Patch nginx for CVE-2026-49975, CVE-2026-48142
Patch nmap for CVE-2026-58058
Patch opensc for CVE-2026-10275
Patch openssh for CVE-2026-35387, CVE-2026-35414
Patch openssl for CVE-2026-34182, CVE-2026-9076, CVE-2026-7383, CVE-2026-45446, CVE-2026-45445, CVE-2026-42768, CVE-2026-42766, CVE-2026-34183, CVE-2026-34180, CVE-2026-42767
Patch opentelemetry-cpp for CVE-2026-44967
Patch packer for CVE-2026-39833, CVE-2026-45570, CVE-2026-45571
Patch perl for CVE-2026-48962, CVE-2026-48959, CVE-2026-42496, CVE-2025-15649, CVE-2026-12087, CVE-2026-8376
Patch perl-Bytes-Random-Secure for CVE-2026-11625
Patch perl-DBI for CVE-2026-10879, CVE-2026-9698
Patch perl-HTML-Parser for CVE-2026-8829
Patch poetry for CVE-2026-41140
Patch python-pip for CVE-2026-8643
Patch python-virtualenv for CVE-2026-8643
Patch python3 for CVE-2025-13462, CVE-2026-8328, CVE-2026-7774
Patch qemu for CVE-2026-3195, CVE-2026-3196, CVE-2026-48914
Patch rabbitmq-server for CVE-2026-43973
Patch rrdtool for CVE-2026-43958
Patch rust for CVE-2026-40034, CVE-2026-5222, CVE-2026-5223
Patch sqlite for CVE-2026-11822, CVE-2026-11824
Patch telegraf for CVE-2026-46598, CVE-2026-42502, CVE-2026-39835, CVE-2026-39828, CVE-2026-39827, CVE-2026-25681, CVE-2026-25680
Patch tmux for CVE-2026-11623
Patch util-linux for CVE-2026-13595
Prevent corruption from stale alias state on daemon-reload
refactor(openssl-fips-provider): Better align with openssl's fips provider
Upgrade acl to 2.4.0 for CVE-2026-54369, CVE-2026-54370, CVE-2026-54371
Upgrade alsa-lib to 1.2.16.1 for CVE-2026-56109
Upgrade attr to 2.6.0 for CVE-2026-54369, CVE-2026-54370, CVE-2026-54371
Upgrade azurelinux-image-tools to v1.5.0
Upgrade cloud-hypervisor to 51.1.101
Upgrade dnsmasq to 2.93 for CVE-2026-12969, CVE-2026-12725
Upgrade doca to 3.3.0
Upgrade erlang to 26.2.5.21 for CVE-2026-42789, CVE-2026-42790, CVE-2026-49760, CVE-2026-49759, CVE-2026-48860, CVE-2026-48858, CVE-2026-48856, CVE-2026-48855
Upgrade expat to 2.8.2 for multiple CVEs
Upgrade freeipmi to 1.6.18 for CVE-2026-50031
Upgrade gnutls to 3.8.13 for CVE-2026-42012, CVE-2026-42013, CVE-2026-5260
Upgrade golang to 1.25.11-1
Upgrade golang to 1.26.4-1
Upgrade httpd to 2.4.68 for CVE-2026-49975
Upgrade icu component version for package nodejs
Upgrade kernel-hwe to 6.18.36.1 and doca to 3.3.0 (first version with 6.18 series kernel)
Upgrade kernel to version 6.6.143.1
Upgrade kernel-mshv to 6.6.137.mshv2
Upgrade libslirp to 4.9.3 for CVE-2026-9539
Upgrade libusb to 1.0.30 for CVE-2026-23679, CVE-2026-47104
Upgrade libXpm to 3.5.19 for CVE-2026-4367
Upgrade lldpd to 1.0.22 for CVE-2026-46433
Upgrade mock to 6.7 and add dependent package argparse-manpage version 4.7
Upgrade nodejs to 24.17.0 for multiple CVEs
Upgrade openssl to 3.3.7
Upgrade openvswitch to 3.3.9
Upgrade postfix to 3.9.11 for CVE-2026-43964
Upgrade python-mistune to 3.3.0 for CVE-2026-49851
Upgrade python-webob to 1.8.10 for CVE-2026-44889
Upgrade radvd to 2.21 for CVE-2026-48715
Upgrade rubygem-concurrent-ruby to 1.3.7 for CVE-2026-54904, CVE-2026-54905, CVE-2026-54906
Upgrade rubygem-nokogiri to 1.19.4 for CVE-2026-57438, CVE-2026-57435, CVE-2026-57236, CVE-2026-57437, CVE-2026-57434, CVE-2026-57436, CVE-2026-57234, CVE-2026-57235
Upgrade runc to 1.3.6 for CVE-2026-41579
Upgrade trident to 0.24.0
Upgrade vim to 9.2.0735 for CVE-2026-52858, CVE-2026-52859, CVE-2026-52860, CVE-2026-47162, CVE-2026-47167, CVE-2026-57452, CVE-2026-57455, CVE-2026-55895, CVE-2026-55693, CVE-2026-57456, CVE-2026-55892, CVE-2026-57451, CVE-2026-57453, CVE-2026-57454
Upgrade xorg-x11-server-Xwayland to 24.1.12 for CVE-2026-50256, CVE-2026-50257, CVE-2026-50258, CVE-2026-50259, CVE-2026-50260, CVE-2026-50261, CVE-2026-50262 and CVE-2026-50263
3.0.20260616
Generic Kernel version-release: kernel-6.6.141.1-1
This targeted 3.0 release upgrades the kernel to 6.6.141.1 to reinstate the CX3 Driver support unintentionally dropped in the 6.6.139.1 kernel.
3.0.20260602
Generic Kernel version-release: kernel-6.6.139.1-1
Add gcab 1.6 cabinet archive library package
Add koji.
Add support for Azure Container Linux in WALinuxAgent
Enable edk2 aarch64 VMF build.
Enable missing kernel-mshv configs per customer request
Fix azcopy ptest
Fix azcopy ptests failure
Fix Cython ptest
Fix docs: remove/deprecate references to 2.0
Fix docs: update readme
Fix docs: update readme text
Fix git-lfs ptest
Fix git-lfs ptests failure
Fix haproxy config file overwrite on upgrade
Fix libical ptest
Fix librelp ptest
Fix lujavrite ptest
Fix ptest issue for libmicrohttpd
Fix python‑markdown ptest
Fix python‑tqdm ptest
Fix systemd unmanaged interface in networkd
Fix systemd unnecessary nftables initialization by backporting upstream
Patch application-gateway-kubernetes-ingress for CVE-2026-42506, CVE-2026-39821, CVE-2026-27136, CVE-2026-42502, CVE-2026-25681, CVE-2026-25680, CVE-2026-33814
Patch azcopy for CVE-2026-39821
Patch azurelinux-image-tools for CVE-2026-39821, CVE-2026-33814
Patch binutils for CVE-2025-3198
Patch binutils for CVE-2026-6846
Patch cert-manager for CVE-2026-46597, CVE-2026-42506, CVE-2026-39834, CVE-2026-39830, CVE-2026-39829, CVE-2026-39821, CVE-2026-27136, CVE-2026-42502, CVE-2026-39835, CVE-2026-39828, CVE-2026-39827, CVE-2026-25681, CVE-2026-25680, CVE-2026-35469, CVE-2026-33814
Patch cf-cli for CVE-2026-46597, CVE-2026-42506, CVE-2026-39834, CVE-2026-39830, CVE-2026-39829, CVE-2026-39821, CVE-2026-27136
Patch cloud-provider-kubevirt for CVE-2026-42506, CVE-2026-39821, CVE-2026-27136
Patch containerd2 for CVE-2026-27136, CVE-2026-39821, CVE-2026-39882, CVE-2026-33814, CVE-2026-42506,
Patch containerized-data-importer for CVE-2026-25681, CVE-2026-25680, CVE-2026-27136, CVE-2026-33814, CVE-2026-35469, CVE-2026-39821, CVE-2026-42502, CVE-2026-42506,
Patch coredns for CVE-2026-32936, CVE-2026-32934, CVE-2026-33489, CVE-2026-33190, CVE-2026-39821
Patch cri-tools for CVE-2026-35469, CVE-2026-42506, CVE-2026-39821, CVE-2026-27136, CVE-2026-42502, CVE-2026-25681, CVE-2026-25680
Patch curl for CVE-2026-7168, CVE-2026-6276, CVE-2026-4873
Patch docker-buildx for CVE-2026-46597, CVE-2026-42506, CVE-2026-39834, CVE-2026-39832, CVE-2026-39830, CVE-2026-39829, CVE-2026-39821, CVE-2026-27136, CVE-2026-35469
Patch docker-cli for CVE-2026-39821
Patch docker-compose for CVE-2026-35469, CVE-2026-46597, CVE-2026-42506, CVE-2026-39834, CVE-2026-39832, CVE-2026-39830, CVE-2026-39829, CVE-2026-39821, CVE-2026-27136
Patch etcd for CVE-2026-39821, CVE-2026-29181
Patch fio for CVE-2026-30656
Patch firewalld for CVE-2026-4948
Patch flannel for CVE-2026-39821
Patch gdb for CVE-2025-1178, CVE-2025-1176, CVE-2026-6846
Patch gh for CVE-2026-46597, CVE-2026-42506, CVE-2026-39834, CVE-2026-39830, CVE-2026-39829, CVE-2026-39821, CVE-2026-27136
Patch git-lfs for CVE-2026-39821
Patch glibc for CVE-2026-4046
Patch gnutls for CVE-2026-33845, CVE-2026-3832, CVE-2026-33846, CVE-2026-42010, CVE-2026-42009
Patch ignition-flatcar for CVE-2026-29181, CVE-2026-33814, CVE-2026-39821
Patch influxdb for CVE-2026-41602, CVE-2026-42506, CVE-2026-39821, CVE-2026-27136, CVE-2026-42502, CVE-2026-25681, CVE-2026-25680
Patch jq for CVE-2026-43896, CVE-2026-43895, CVE-2026-41257, CVE-2026-41256, CVE-2026-40612, CVE-2026-44777
Patch jx for CVE-2026-39821
Patch kata-containers for CVE-2026-41602, CVE-2026-39821, CVE-2026-33814
Patch kata-containers-cc for CVE-2026-41602, CVE-2026-39821, CVE-2026-33814
Patch keda for CVE-2026-42506, CVE-2026-39821, CVE-2026-27136, CVE-2026-35469
Patch kf-kcoreaddons for CVE-2026-41526
Patch krb5 for CVE-2026-40356
Patch kube-vip-cloud-provider for CVE-2026-42506, CVE-2026-39821, CVE-2026-27136, CVE-2026-42502, CVE-2026-25681, CVE-2026-25680
Patch kubernetes for CVE-2026-46597, CVE-2026-42506, CVE-2026-39834, CVE-2026-39830, CVE-2026-39829, CVE-2026-39821, CVE-2026-27136, CVE-2026-42502, CVE-2026-39835, CVE-2026-39827, CVE-2026-25681, CVE-2026-25680
Patch kubevirt for CVE-2026-7374, CVE-2026-33814, CVE-2026-35469, CVE-2026-46597, CVE-2026-42506, CVE-2026-39829, CVE-2026-39834, CVE-2026-39830, CVE-2026-39821, CVE-2026-27136, CVE-2026-42502, CVE-2026-39835, CVE-2026-39828, CVE-2026-39827, CVE-2026-25681, CVE-2026-25680
Patch kured for CVE-2026-35469, CVE-2026-39821
Patch libssh for CVE-2026-0968
Patch libyang for CVE-2026-41401, CVE-2026-44673
Patch memcached for CVE-2026-47783, CVE-2026-47784
Patch moby-containerd-cc for CVE-2026-35469, CVE-2026-39821
Patch moby-engine for CVE-2026-46597, CVE-2026-39834, CVE-2026-39830, CVE-2026-39829, CVE-2026-39821, CVE-2026-39835, CVE-2026-39827
Patch multus for CVE-2026-42506, CVE-2026-39821, CVE-2026-27136
Patch nano for CVE-2026-6843, CVE-2026-6842
Patch nginx for CVE-2026-8711, CVE-2026-9256,CVE-2026-42946, CVE-2026-42945, CVE-2026-42934, CVE-2026-40701, CVE-2026-40460
Patch nvidia-container-toolkit for CVE-2026-39834, CVE-2026-39830
Patch opa for CVE-2026-39821
Patch openvswitch for CVE-2026-34956
Patch packer for CVE-2026-33814, CVE-2026-46597, CVE-2026-42508, CVE-2026-42506, CVE-2026-39834, CVE-2026-39832, CVE-2026-39830, CVE-2026-39829, CVE-2026-39821, CVE-2026-27136, CVE-2026-46598, CVE-2026-42502, CVE-2026-39835, CVE-2026-39828, CVE-2026-39827, CVE-2026-25681, CVE-2026-25680
Patch perl-XML-LibXML for CVE-2026-8177
Patch prometheus-adapter for CVE-2026-42506, CVE-2026-39821, CVE-2026-27136, CVE-2026-42502, CVE-2026-25681, CVE-2026-25680
Patch prometheus-node-exporter for CVE-2026-39821
Patch prometheus-process-exporter for CVE-2026-39821
Patch python-click for CVE-2026-7246
Patch python-pip for CVE-2026-3219, CVE-2026-6357
Patch python-twisted for CVE-2026-42304
Patch python-urllib3 for CVE-2026-44431
Patch Python-virtualenv for CVE-2026-3219, CVE-2026-6357
Patch python3 for CVE-2026-1502
Patch pytorch for CVE-2025-51480
Patch rabbitmq-server for CVE-2026-8466, CVE-2026-7790, CVE-2026-43968
Patch rust-afterburn for CVE-2026-25541
Patch skopeo for CVE-2026-39821
Patch sriov-network-device-plugin for CVE-2026-42506, CVE-2026-39821, CVE-2026-27136, CVE-2026-42502, CVE-2026-25681, CVE-2026-25680
Patch systemd for CVE-2026-40226, CVE-2026-40225
Patch telegraf for CVE-2026-41602, CVE-2026-42154, CVE-2026-46597, CVE-2026-42508, CVE-2026-42506, CVE-2026-39834, CVE-2026-39832, CVE-2026-39830, CVE-2026-39829, CVE-2026-39821, CVE-2026-27136, CVE-2026-42151, CVE-2026-41889
Patch thrift for CVE-2026-41636, CVE-2026-41605, CVE-2026-41603, CVE-2026-41602, CVE-2025-48431
Patch vitess for CVE-2026-39821
qemu: Enable user_static builds for providing user mode emulation.
Remove nodejs 20 package and make nodejs 24 as default nodejs package
Resolved ptest failure in azcopy package
Resolved ptest failure in git-lfs package
Resolved ptest failure in libical by upgrading to version 3.0.10
Resolved ptest failure in lujavrite package
Upgrade azurelinux-image-tools to 1.4.0 (fasttrack)
Upgrade bind to 9.20.23 for CVE-2026-3039, CVE-2026-3592, CVE-2026-3593, CVE-2026-5946, CVE-2026-5947, CVE-2026-5950
Upgrade containerd2 to 2.2.4
Upgrade cups to 2.4.19 for CVE-2026-41079
Upgrade dnsmasq to 2.92 for CVE-2026-2291, CVE-2026-4890, CVE-2026-4891, CVE-2026-4892, CVE-2026-4893, CVE-2026-5172
Upgrade etcd to 3.5.30 for CVE-2026-44283
Upgrade frr to 10.5.4 for CVE-2026-37457
Upgrade golang to 1.25.10-1
Upgrade golang to 1.26.3-1
Upgrade haveged to 1.9.22 for CVE-2026-41054
Upgrade httpd to 2.4.67 for CVE-2026-29168, CVE-2026-24072, CVE-2026-34059, CVE-2026-23918, CVE-2026-33857, CVE-2026-34032, CVE-2026-33006, CVE-2026-33007, CVE-2026-29169, CVE-2026-33523
Upgrade kernel-mshv and kernel-uvm to 6.6.137.mshv1
Upgrade libpng to 1.6.58 for a regression introduced in version 1.6.56 that caused to return stale palette data after applying gamma and background transforms in-place
Upgrade mariadb to 10.11.18 for CVE-2026-44168, CVE-2026-44169, CVE-2026-44170, CVE-2026-44171, CVE-2026-44172, CVE-2026-44173, CVE-2026-48165, CVE-2026-48163
Upgrade perl-libwww-perl to 6.83 for CVE-2026-8368
Upgrade pgbouncer to 1.25.2 for CVE-2026-6664, CVE-2026-6665, CVE-2026-6666, CVE-2026-6667
Upgrade php to 8.3.31 for CVE-2026-7261, CVE-2026-7258, CVE-2026-6722, CVE-2026-6735, CVE-2026-7262, CVE-2025-14179, CVE-2026-7568, CVE-2026-7259
Upgrade postgresql to 16.14 for CVE-2026-6473, CVE-2026-6479, CVE-2026-6638, CVE-2026-6474, CVE-2026-6475, CVE-2026-6477, CVE-2026-6478, CVE-2026-6472, CVE-2026-6637
Upgrade python-mistune to 3.2.1 for CVE-2026-33079
Upgrade rsync to 3.4.3 for CVE-2026-43617, CVE-2026-43618, CVE-2026-43619, CVE-2026-43620, CVE-2026-45232, CVE-2026-29518, CVE-2026-41035
Upgrade unbound to 1.25.1 for CVE-2026-33278, CVE-2026-42944, CVE-2026-42959, CVE-2026-32792, CVE-2026-40622, CVE-2026-41292, CVE-2026-42534, CVE-2026-42923, CVE-2026-42960, CVE-2026-44390, CVE-2026-44608
Upgrade valkey to 8.0.9 for CVE-2026-23479, CVE-2026-25243, CVE-2026-23631
Upgrade vim to 9.2.0488 for CVE-2026-45130, CVE-2026-44656, CVE-2026-46483
3.0.20260517
Generic Kernel version-release: kernel-6.6.139.1-1
Upgrade kernel to 6.6.139.1-1 for CVE-2026-46333
Upgrade kernel-hwe to 6.12.89.1-1 for CVE-2026-46333
3.0.20260510
Generic Kernel version-release: kernel-6.6.138.1-1
This kernel only release is to resolve the "CopyFail2" aka "dirty-frag" security vulnerability: CVE-2026-43284 / CVE-2026-43500
Upgrade kernel to version 6.6.138.1-1
Upgrade kernel to version 6.12.87.1
3.0.20260506
Generic Kernel version-release: kernel-6.6.137.1-2
Add extra macros parameter to PackageBuild.yml
Add ignition to SPECS/SPECS-EXTENDED
Add rust-afterburn to SPECS/SPECS-EXTENDED
Build Wireshark package with Lua support
Cleanup unwanted files for coreos-init
Enable CONFIG_IKCONFIG_PROC on arm64 kernel
Fix c-ares ptest
Fix check before copying cfg.SrpmsDir
Fix IC golden container pip install failure under CFSClean network isolation
Fix python-google-auth-oauthlib ptest
Fix python-pytest-xdist ptest
Fix qemu-guest-agent startup failure by replacing --blacklist with --block-rpcs
Fix shim update sbat csv to match architecture
Fix systemd pcrlock failure on Hyper-V VMs with vTPM
Improve Live Migration support in QEMU
Patch avahi for CVE-2026-34933
Patch binutils for CVE-2025-69652, CVE-2025-69649, CVE-2025-69646, CVE-2025-69645, CVE-2025-11839, CVE-2025-1148, CVE-2025-1147, CVE-2025-69647, CVE-2026-4647
Patch clamav for CVE-2026-33056, CVE-2026-33055
patch containerd2 for CVE-2026-35469, CVE-2026-34986
Patch containerized-data-importer for CVE-2026-32288
Patch crash for CVE-2026-4647
Patch curl for CVE-2026-3784, CVE-2026-3783, CVE-2026-1965
Patch edk2 for CVE-2026-28390, CVE-2026-28389
Patch emacs for CVE-2026-6861
Patch erlang for CVE-2026-28808, CVE-2026-32147
Patch expat for CVE-2026-32778, CVE-2026-32777, CVE-2026-32776
Patch fluent-bit for CVE-2025-63652 and CVE-2025-63657
Patch frr for CVE-2026-28532, CVE-2026-5107
Patch gdb for CVE-2026-4647
Patch gdk-pixbuf2 for CVE-2026-5201
Patch gh for CVE-2026-32288, CVE-2026-5160
Patch haproxy for CVE-2026-33555
Patch ignition-flatcar for CVE-2026-27141
Patch jq for CVE-2026-40164, CVE-2026-39979, CVE-2026-39956, CVE-2026-33948, CVE-2026-33947, CVE-2026-32316
Patch keras for CVE-2026-1669
Patch kubernetes for CVE-2026-35469
Patch lcms2 for CVE-2026-41254
Patch libarchive for CVE-2026-5121, CVE-2026-4426, CVE-2026-4424
Patch libcap for CVE-2026-4878
Patch libexif for CVE-2026-40386, CVE-2026-40385
Patch libgcrypt for CVE-2026-41989
Patch libsoup for CVE-2026-2436
Patch libssh for CVE-2026-0967, CVE-2026-0966, CVE-2026-0965, CVE-2026-0964
Patch libssh2 for CVE-2026-7598
Patch libtiff for CVE-2026-4775
Patch mesa for CVE-2026-40393
Patch moby-containerd-cc for CVE-2026-39882
Patch moby-engine for CVE-2026-32288, CVE-2026-39882
Patch nodejs for CVE-2026-21716, CVE-2026-21715, CVE-2026-21714, CVE-2026-21713, CVE-2026-21710
Patch nodejs24 for CVE-2026-33672, CVE-2026-33671, CVE-2026-21710, CVE-2026-21637, CVE-2026-21717, CVE-2026-21713, CVE-2026-21714, CVE-2026-21712, CVE-2026-21716, CVE-2026-21715
Patch ntfs-3g for CVE-2026-40706
Patch openssh for CVE-2026-35414, CVE-2026-35388, CVE-2026-35386, CVE-2026-35385
Patch openssl for ....
Patch perl-XML-Parser for CVE-2006-10003, CVE-2006-10002
Patch poetry for CVE-2026-34591
Patch protobuf for CVE-2026-6409
Patch python-lxml for CVE-2026-41066
Patch python-mako for CVE-2026-41205
Patch python-wheel for CVE-2026-24049
Patch pytorch for CVE-2026-34446, CVE-2026-34445
Patch rpm-ostree for CVE-2026-33056, CVE-2026-33055
Patch ruby for CVE-2026-27820
Patch rubygem-faraday for CVE-2026-25765
Patch rubygem-rdiscount for CVE-2026-35201
Patch rust for CVE-2026-2006, CVE-2026-33056, CVE-2026-33055, CVE-2026-34743
Patch sed for CVE-2026-5958
Patch skopeo for CVE-2026-32288
Patch sleuthkit for CVE-2026-40026, CVE-2026-40025, CVE-2026-40024
Patch sqlite for CVE-2025-70873
Patch sudo for CVE-2026-35535
Patch systemd-bootstrap for CVE-2026-29111
Patch telegraf for CVE-2026-33216, CVE-2026-29785 CVE-2026-5160
Patch util-linux for CVE-2026-3184, CVE-2026-27456
Patch vim for CVE-2026-34714, CVE-2026-34982, CVE-2026-35177, CVE-2026-39881, CVE-2026-41411
Patch xorg-x11-server-Xwayland for CVE-2026-34003, CVE-2026-34001, CVE-2026-33999
Patch xz for CVE-2026-34743
Update kernel-uvm-micro config to be able to start kata pod
Upgrade buildah to 1.43.1
upgrade clamav to 1.5.2
Upgrade cloud-hypervisor to v51.1.56
Upgrade containerd2 version to 2.1.6
Upgrade cups to 2.4.18 for CVE-2026-39316, CVE-2026-39314, CVE-2026-34979, CVE-2026-34980 and to fix cupsd crash if user does not exist.
Upgrade erlang to 26.2.5.20 for CVE-2026-28808 and CVE-2026-32147
Upgrade freeipmi to 1.6.17 for CVE-2026-33554
Upgrade golang to 1.26.2-1 and 1.25.9-1
Upgrade irqbalance to 1.9.5 and patch for ENOSPC handling
Upgrade kernel to 6.6.137.1
Upgrade kernel version-release: kernel-6.6.137.1-2
Upgrade kernel-mshv to 6.6.135.mshv2
Upgrade kernel-uvm to 6.6.130.mshv1
Upgrade libpng to 1.6.57 for CVE-2026-34757
Upgrade mysql to 8.0.46
Upgrade python-ecdsa to 0.19.2 for CVE-2026-33936
Upgrade rubygem-addressable to 2.9.0 for CVE-2026-35611
Upgrade vim to 9.2.0323 for CVE-2026-34714, CVE-2026-34982, CVE-2026-35177, CVE-2026-39881, CVE-2026-41411
Note
On the next monthly update (the June Update) the nodejs package will automatically redirect to nodejs24. nodejs20 is End of Life and no longer supported.
3.0.20260401
Generic Kernel version-release: kernel-6.6.130.1-3
Add azure-vm-utils to SPECS/SPECS-EXTENDED
Add bootengine to SPECS/SPECS-EXTENDED
Add coreos-cloudinit to SPECS/SPECS-EXTENDED
Add coreos-init to SPECS/SPECS-EXTENDED
Add kata-containers-preview to SPECS/SPECS-EXTENDED
Add Kernel config validation tool
Add Nodejs24 container and distroless image
Add support for kernel flavor versioning
Add update-ssh-keys to SPECS/SPECS-EXTENDED
Add uvm micro kernel to SPECS/SPECS-EXTENDED
Enable crypto kernel configs in kernel version 6.12
Enable lz4, lz4hc and zstd zram compression
Fix Cisco Telegraf
Fix docker engine multiarch image push
Fix espeak-ng ptest
Fix fontconfig ptest
Fix libsoup with_check condition
Fix ntpdate-wrapper binary path
Fix python-daemon ptest regression
Fix python-fields ptest
Fix shim-unsigned-* separately from shim
Patch azurelinux-image-tools for CVE-2026-27141
Patch cmake for CVE-2026-27135
Patch coredns for CVE-2026-26018, CVE-2026-26017
Patch dcos-cli for CVE-2025-30204
Patch edk2 for CVE-2025-69419 and align edk2-hvloader-signed release
Patch flannel for CVE-2026-32241
Patch freetype for CVE-2026-23865
Patch giflib for CVE-2026-23868
Patch glibc for CVE-2026-4437, CVE-2026-4438
Patch grub2 for CVE-2025-0622 and increase SBAT to grub,5
Patch hdf5 for CVE-2025-2915
Patch kernel to enable CONFIG_TCP_CONG_BBR3
Patch kernel-mshv to enable CONFIG_WIREGUARD
Patch libarrow for CVE-2026-25087
Patch libarchive for CVE-2026-4111
Patch libexif for CVE-2026-32775
Patch libssh for CVE-2026-3731
Patch libsoup for CVE-2026-0716, CVE-2026-2443, CVE-2026-2369
Patch libvirt for TPM patches
Patch nasm for CVE-2022-46456
Patch ncurses for CVE-2025-69720
Patch netavark for CVE-2026-25541
Patch nghttp2 for CVE-2026-27135
Patch nodejs for CVE-2026-27135
Patch ocaml for CVE-2026-28364
Patch plexus-utils for CVE-2025-67030
Patch pyOpenSSL for CVE-2026-27459, CVE-2026-27448
Patch python-pyasn1 for CVE-2026-30922
Patch python3 for CVE-2026-4519
Patch python-requests for CVE-2026-25645
Patch python-virtualenv for CVE-2025-50181, CVE-2026-24049, CVE-2026-1703
Patch rpm-ostree for CVE-2026-25541, CVE-2025-58160
Patch rust for CVE-2026-25541, CVE-2026-25727, CVE-2023-48795
Patch skopeo for CVE-2026-24117
Patch squid for CVE-2026-33526, CVE-2026-33515, CVE-2026-32748
Patch strongswan for CVE-2026-25075
Patch telegraf for CVE-2026-4645
Patch vim for CVE-2026-32249 CVE-2026-33412
Upgrade bind to 9.20.21 for CVE-2026-3591, CVE-2026-3119, CVE-2026-3104, CVE-2026-1519
Upgrade erlang to 26.2.5.18 for CVE-2026-23941, CVE-2026-23942, CVE-2026-23943
Upgrade etcd to 3.5.28 for CVE-2026-33413, CVE-2026-33343
Upgrade frr to 10.5.0
Upgrade golang to 1.26.1-1
Upgrade kernel to 6.6.130.1 and reapply recent BBR3 and zram compressions. Includes crackarmor fix CVE-2026-23269
Upgrade kernel-hwe to 6.12.78.2.1 for CVE-2026-23269.
Upgrade KubeVirt to v1.7.1
Upgrade libpng to 1.6.56 for CVE-2026-33636, CVE-2026-33416
Upgrade mariadb to 10.11.16 for CVE-2026-3494
Upgrade nginx to 1.28.3 for CVE-2026-27654, CVE-2026-27784, CVE-2026-32647, CVE-2026-27651, CVE-2026-28753, CVE-2026-28755
Upgrade shim to v16.1
Upgrade SymCrypt-OpenSSL to 1.9.5
Upgrade trident to v0.22
Additional Notes:
Kernel-hwe was upgraded to 6.12.78.2.1 resulting in a rebuild of cuda-open-hwe OOT module (cuda-open-hwe-580.105.08-7_6.12.78.2.1.azl3.aarch64.rpm)
Note that in a bare metal test scenario, running nvidia-smi caused the kernel to crash with "Trying to vfree() nonexistent vm area (000000001f7525a8)". In virtualized scenarios all testing passed.
2.0.20260331
Generic Kernel version-release: kernel-5.15.202.1-1
Bump collectd and keepalived releases
Fix systemd ipc dbus communication issue
Patch cmake for CVE-2025-14524, CVE-2025-10966, CVE-2026-27135
Patch coredns for CVE-2026-26018, CVE-2026-26017
Patch erlang for CVE-2026-23943, CVE-2026-23942, CVE-2026-23941
Patch freetype for CVE-2026-23865
Patch giflib for CVE-2026-23868
Patch glib for CVE-2026-1489, CVE-2026-0988
Patch hdf5 for CVE-2025-2915
Patch libarchive for CVE-2026-4111
Patch libexif for CVE-2026-32775
Patch libsoup for CVE-2026-1801, CVE-2026-1761, CVE-2026-1467
Patch mariadb for CVE-2026-3494
Patch mysql for CVE-2025-0838, CVE-2024-2410
Patch nasm for CVE-2022-46456
Patch ncurses for CVE-2025-69720
Patch nghttp2 for CVE-2026-27135
Patch nginx for CVE-2026-32647, CVE-2026-28753, CVE-2026-27784, CVE-2026-27654, CVE-2026-27651, CVE-2026-28755
Patch nodejs18 for CVE-2026-27135
Patch ocaml for CVE-2026-28364
Patch openssl for PKCS12_item_decrypt_d2i_ex(): Check oct argument for NULL
Patch plexus-utils for CVE-2025-67030
Patch python-pyasn1 for CVE-2026-30922
Patch python-urllib3 for CVE-2025-66471
Patch python-virtualenv for CVE-2026-1703, CVE-2026-24049
Patch qemu for CVE-2024-8354
Patch qt5-qtdeclarative for CVE-2025-12385
Patch rook for CVE-2025-30204, CVE-2025-11065
Patch rust for CVE-2026-25541, CVE-2026-25727, CVE-2025-58160, CVE-2026-27171
Patch skopeo for CVE-2026-24117
Patch systemd-bootstrap for CVE-2026-29111
Patch telegraf for CVE-2026-4645
Patch terraform for CVE-2026-4645
Patch vim for CVE-2026-32249, CVE-2026-33412
Patch vitess for CVE-2026-27969, CVE-2026-27965
Rebuild lldpd & rsyslog for net-snmp-libs to version 5.9.5.2-1
Upgrade etcd to 3.5.28 for CVE-2026-33413, CVE-2026-33343
Upgrade libpng to 1.6.56 for CVE-2026-33636, CVE-2026-33416
Upgrade msft-golang to 1.25.8
3.0.20260304
Generic Kernel version-release: kernel-6.6.126.1-1
Add 6.6 kernel config options to 6.12 for Aquantia AQtion DMA P2P DM cache
Add OpenSSL FIPS provider
Add Trident RPM for 0.21.0 and Upgrade ImageCustomizer RPM to 1.2.0
Enable additional tracing in kernel-mshv
Enable kernel LWTUNNEL_BPF and SCHED_CORE
Enable kernel-hwe lwtunnel,lwtunnel_bpf,sched_core
First iteration fips boot support for 6.12 kernel
Patch abseil-cpp for CVE-2025-0838
Patch alsa-lib for CVE-2026-25068
Patch application-gateway-kubernetes-ingress for CVE-2025-58190, CVE-2025-47911
Patch binutils for CVE-2025-0840, CVE-2025-1176, CVE-2025-1178, CVE-2025-1181, CVE-2025-1182
Patch cert-manager for CVE-2025-11065, CVE-2025-58190, CVE-2025-47911
Patch cf-cli for CVE-2025-47911, CVE-2025-58190
Patch cloud-hypervisor for CVE-2026-27211
Patch cloud-provider-kubevirt for CVE-2025-58190, CVE-2025-47911
Patch cmake for CVE-2025-10966, CVE-2025-14524
Patch cni for CVE-2025-47911
Patch cni-plugins for CVE-2025-47911, CVE-2025-58190
Patch containerd2 for CVE-2025-58190, CVE-2025-47911
Patch containerized-data-importer for CVE-2025-58190, CVE-2025-47911
Patch coredns for CVE-2025-11065
Patch cri-tools for CVE-2025-58190, CVE-2025-47911
Patch dasel for CVE-2025-58190, CVE-2025-47911
Patch docker-buildx for CVE-2025-11065, CVE-2025-58190, CVE-2025-47911
Patch docker-cli for CVE-2025-11065
Patch docker-compose for CVE-2025-11065, CVE-2025-58190, CVE-2025-47911
Patch gh for CVE-2025-11065, CVE-2026-23991, CVE-2026-23992, CVE-2026-24117, CVE-2025-58190, CVE-2025-47911
Patch glib for CVE-2026-1489
Patch influxdb for CVE-2025-11065, CVE-2025-58190, CVE-2025-47911, CVE-2025-30204
Patch javapackages-bootstrap for CVE-2026-24400
Patch kata-containers for CVE-2026-24834, CVE-2026-25727, CVE-2025-65637, CVE-2026-25541, CVE-2025-11065
Patch keda for CVE-2025-11065, CVE-2026-2303, CVE-2025-58190, CVE-2025-47911
Patch kube-vip-cloud-provider for CVE-2025-58190, CVE-2025-47911
Patch kubernetes for CVE-2025-47911, CVE-2025-58190
Patch kubevirt for CVE-2025-11065, CVE-2025-58190, CVE-2025-47911
Patch kured for CVE-2025-11065
Patch libsoup for CVE-2026-1801, CVE-2026-1761, CVE-2026-1536, CVE-2025-32049, CVE-2026-1467
Patch libtiff for CVE-2025-61144, CVE-2025-61143
Patch libxml2 for CVE-2026-0990, CVE-2026-0992, CVE-2025-8732
Patch multus for CVE-2025-47911, CVE-2025-58190
Patch nodejs24 for CVE-2025-69418
Patch npm coexistence with respective nodejs versions
Patch opa for CVE-2025-11065
Patch packer for CVE-2025-11065, CVE-2025-58190, CVE-2025-47911
Patch prometheus-adapter for CVE-2025-47911, CVE-2025-58190
Patch protobuf for CVE-2026-0994
Patch python-cryptography for CVE-2026-26007
Patch python-pip for CVE-2026-1703
Patch python3 for CVE-2026-1299
Patch pytorch for CVE-2026-0994
Patch rust for CVE-2025-68114, CVE-2025-4207, CVE-2025-55159, CVE-2025-12818, CVE-2025-67873, CVE-2026-24116, CVE-2025-58160
Patch skopeo for CVE-2025-11065
Patch sriov-network-device-plugin for CVE-2025-47911, CVE-2025-58190
Patch systemd for ipc issue (Fixes issue relating to dbus-based ipc communication)
Patch telegraf for CVE-2025-11065, CVE-2025-47911, CVE-2026-27571, CVE-2026-26014, CVE-2026-2303, CVE-2025-58190,
Patch tensorflow for CVE-2026-2492
Patch vitess for CVE-2025-11065,CVE-2026-27969, CVE-2026-27965
Upgrade erlang to 26.2.5.17 for CVE-2026-21620
Upgrade golang to 1.26.0-1
Upgrade kernel to 6.6.126.1
Upgrade kernel-mshv to 6.6.121.mshv1
Upgrade kubevirt to 1.7.0, libvirt to 10.10.0 and QEMU to 9.1.0
Upgrade libpng to 1.6.55 for CVE-2026-25646
Upgrade munge to 0.5.18 for CVE-2026-25506
Upgrade nginx to 1.28.2 for CVE-2026-1642
Upgrade postgresql to 16.12 for CVE-2026-2003, CVE-2026-2004, CVE-2026-2005, CVE-2026-2006, CVE-2026-2007
Upgrade python-virtualenv to 20.36.1 for CVE-2026-22702
Upgrade valkey to 8.0.7 for CVE-2026-21863, CVE-2025-67733
Upgrade vim to 9.2.0088 for CVE-2026-25749, CVE-2026-26269, CVE-2026-28417, CVE-2026-28418, CVE-2026-28419, CVE-2026-28420, CVE-2026-28421, CVE-2026-28422
Upgrade zlib to 1.3.2 for CVE-2026-27171
2.0.20260304
Generic Kernel version-release: kernel-5.15.200.1-1
Patch abseil-cpp for CVE-2025-0838
Patch alsa-lib for CVE-2026-25068
Patch application-gateway-kubernetes-ingress for CVE-2025-30204, CVE-2025-47911
Patch azl-compliance for CVE-2026-25541, CVE-2026-25727
Patch binutils for CVE-2025-1147, CVE-2025-1148, CVE-2025-11839
Patch busybox for CVE-2026-26157
Patch cert-manager for CVE-2025-11065, CVE-2025-58190, CVE-2025-47911
Patch cf-cli for CVE-2025-47911, CVE-2025-30204
Patch cni for CVE-2025-47911
Patch cni-plugins for CVE-2025-58190, CVE-2025-47911
Patch containerized-data-importer for CVE-2025-47911
Patch cri-o for CVE-2025-11065, CVE-2025-47911
Patch cri-tools for CVE-2025-58190, CVE-2025-47911
Patch dcos-cli for CVE-2025-30204
Patch edk2 for CVE-2026-22795, CVE-2025-69421, CVE-2025-69419, CVE-2025-69420, CVE-2026-22796, CVE-2025-69418, CVE-2025-68160
Patch expat for CVE-2026-25210
Patch gh for CVE-2025-47911
Patch glibc for CVE-2025-15281
Patch helm for CVE-2025-58190, CVE-2025-47911
Patch influxdb for CVE-2025-47911, CVE-2025-30204, CVE-2025-11065
Patch jx for CVE-2025-30204
Patch keda for CVE-2025-11065, CVE-2025-47911, CVE-2025-30204
Patch kube-vip-cloud-provider for CVE-2025-11065, CVE-2025-30204
Patch kubernetes for CVE-2025-47911, CVE-2025-58190
Patch kubevirt for CVE-2025-11065, CVE-2025-47911, CVE-2025-30204
Patch kured for CVE-2025-11065
Patch libpcap for CVE-2025-11961
Patch libsoup for CVE-2025-32049, CVE-2026-1536, CVE-2026-0716
Patch libxml2 for CVE-2025-8732
Patch moby-buildx for CVE-2025-11065
Patch moby-cli for CVE-2025-11065
Patch moby-compose for CVE-2025-11065
Patch multus for CVE-2025-58190, CVE-2025-47911
Patch opa for CVE-2025-11065
Patch openssl for ASN1 validation, BIO buffer overflow, OCB encryption, UTF8 encoding, and PKCS12 NULL checks
Patch packer for CVE-2025-11065, CVE-2025-47911, CVE-2025-58190
Patch prometheus for CVE-2025-11065
Patch prometheus-adapter for CVE-2025-47911
Patch python3 for CVE-2026-0865, CVE-2025-12084
Patch skopeo for CVE-2025-11065
Patch sriov-network-device-plugin for CVE-2025-58190, CVE-2025-47911
Patch telegraf for CVE-2026-27571, CVE-2026-26014, CVE-2026-2303, CVE-2025-58190, CVE-2025-47911, CVE-2025-11065
Patch terraform for CVE-2025-11065, CVE-2025-47911
Patch vitess for CVE-2025-11065, CVE-2025-47911, CVE-2025-58190
Upgrade python-virtualenv to 20.36.1 for CVE-2026-22702
Upgrade vim to 9.2.0088 for CVE-2026-28417, CVE-2026-28418, CVE-2026-28419, CVE-2026-28420, CVE-2026-28421, CVE-2026-28422