Flatcar Container Linux
lts-4081.3.8Provisioning & RuntimeFlatcar LTS 4081.3.8 is a security-focused update that bundles 12 kernel releases (6.6.128-6.6.141) worth of CVE fixes plus a ca-certificates refresh. No feature or config changes — just patch and move on.
securityUpgrade from 4081.3.7 without delay
This release rolls up 12 kernel point releases (6.6.128 through 6.6.141) covering several hundred CVEs, mostly memory-safety and use-after-free fixes across drivers, filesystems, and networking subsystems. If you're running LTS 4081.3.7 or earlier, treat this as a mandatory upgrade rather than routine maintenance given the sheer volume of kernel-level fixes since the last release.
enhancementCheck TLS trust store assumptions after ca-certificates bump
ca-certificates moved to NSS 3.124 (including 3.123.1). If you pin certificate bundle versions or vendor your own trust store on top of Flatcar, verify your TLS validation still works as expected after the update, since NSS releases occasionally drop or distrust certain root CAs.
主な変更 (4)
- Linux kernel updated to 6.6.141, rolling up fixes from 6.6.128 through 6.6.140
- Hundreds of CVEs patched in the kernel, spanning memory corruption, use-after-free, and out-of-bounds issues across many subsystems
- ca-certificates updated to include NSS 3.124 and 3.123.1
- No application-level or Flatcar-specific behavior changes noted beyond the kernel and cert store updates