Releases: microsoft/azurelinux
3.0.20251206
Generic Kernel version-release: kernel-6.6.117.1-1
Added DigiCert root CAs to 'ca-certificates-base'
Enable dm-cache module
Enable kernel CONFIG_LWTUNNEL and CONFIG_SCHED_CORE
Enabled kata build on aarch64
Fix glibc ptest
Fix imagecustomizer golden container telemetry
Fix jakarta-taglibs-standard build
Fix javacc-bootstrap build
Fix jboss-interceptors build
Fix kata build on aarch64
Fix objectweb-anttask build issue
Fix python-uamqp build
Fix uw-imap build
Patch atop for CVE-2025-31160
Patch ceph for CVE-2024-47866
Patch containerd2 for CVE-2024-25621
Patch containerized-data-importer for CVE-2025-58183
Patch cups for CVE-2025-58436, CVE-2025-61915
Patch docker-buildx for CVE-2025-47913
Patch docker-compose for CVE-2025-47913
Patch fluent-bit for CVE-2025-12970
Patch gh for CVE-2025-58183
Patch glib for CVE-2025-13601
Patch haproxy for CVE-2025-11230
Patch kubernetes for CVE-2025-31133 and CVE-2025-52565
Patch libmicrohttpd for CVE-2025-59777
Patch libssh for CVE-2025-8114
Patch libtiff for CVE-2025-8961
Patch libvirt for CVE-2025-13193
Patch libxslt for CVE-2025-11731
Patch libxslt for CVE-2025-7424
Patch moby-containerd-cc for CVE-2025-64329, CVE-2024-25621
Patch moby-engine for CVE-2025-58183
Patch nodejs for CVE-2025-5222
Patch packer for CVE-2025-47913
Patch postgresql for CVE-2025-12817, CVE-2025-12818
Patch pytorch for CVE-2025-55552,CVE-2025-55560, CVE-2025-46152
Patch python3 for CVE-2025-6075
Patch qemu for CVE-2025-12464
Patch rsync for CVE-2025-10158
Patch skopeo for CVE-2025-58183
Patch unbound for CVE-2025-11411
Patch telegraf for CVE-2025-47913
Patch qemu for CVE-2025-12464
Upgrade apache-commons-collections4 to 4.4
Upgrade apache-commons-net to 3.11.0
Upgrade cups to 2.4.16 for CVE-2025-58436, CVE-2025-61915
Upgrade golang to 1.25.5 and 1.24.11
Upgrade gupnp to 1.6.9
Upgrade jdepend to 2.10
Upgrade kernel to 6.6.117.1
Upgrade kernel-hwe to 6.12.57.1
Upgrade kubevirt to 1.5.3 for CVE-2025-47913, CVE-2025-64437, CVE-2025-64433, CVE-2025-64434, CVE-2025-64432
Upgrade libpng to 1.6.52 for CVE-2025-66293, CVE-2025-64505, CVE-2025-64506, CVE-2025-65018, CVE-2025-64720
Upgrade libusbmuxd to 2.1.0, libimobiledevice to 1.3.0, libplist to 2.7.0 and usbmuxd to 1.1.1
Upgrade perl-Business-ISBN to 3.009
Upgrade perl-IO-Socket-INET6 to 2.73
Upgrade perl-Test2-Plugin-NoWarnings to 0.10
Upgrade postgresql to 16.11 for CVE-2025-12817, CVE-2025-12818
Upgrade pylint to 4.0.2 and python-astroid to 4.0.1
Upgrade python-gssapi to 1.10.0
Upgrade tzdata to 2025b
Upgrade xmlunit to 1.6
2.0.20251206
Generic Kernel version-release: kernel-5.15.186.1-1
Add DigiCert root CAs to ca-certificates-base
Fix check of unwrapped key size in openssl
Patch atop for CVE-2025-31160
Patch bind for CVE-2025-8677, CVE-2025-40778 and CVE-2025-40780
Patch ceph for CVE-2024-47866
Patch cmake for CVE-2025-5916, CVE-2025-5917, CVE-2025-5918
Patch containerized-data-importer for CVE-2025-58183
Patch cri-o for CVE-2025-58183
Patch dhcp for CVE-2024-11187
Patch fluent-bit for CVE-2025-12977 and CVE-2025-12969, CVE-2025-12970
Patch gcc for CVE-2021-32256
Patch glib for CVE-2025-13601
Patch haproxy for CVE-2025-11230
Patch kubevirt for CVE-2025-64324
Patch libssh for CVE-2025-8114, CVE-2025-8277
Patch libtiff for CVE-2025-8961
Patch libxslt for CVE-2025-11731
Patch moby-engine for CVE-2025-58183
Patch moby-containerd for CVE-2025-64329, CVE-2024-25621
Patch moby-compose for CVE-2025-47913
Patch moby-containerd-cc for CVE-2025-64329, CVE-2024-25621
Patch nodejs18 for CVE-2025-5222
Patch packer for CVE-2025-47913
Patch postgresql for CVE-2025-12817, CVE-2025-12818
Patch python3 for CVE-2025-6075
Patch pytorch for CVE-2025-55552, CVE-2025-55560
Patch qemu for CVE-2024-7409
Patch reaper for CVE-2018-19827, CVE-2018-19797, CVE-2025-12816, CVE-2025-66031 and CVE-2025-66030
Patch rsync for CVE-2025-10158
Patch skopeo for CVE-2025-58183
Patch unbound for CVE-2025-11411
Upgrade libpng to 1.6.52 for CVE-2025-64505, CVE-2025-64506, CVE-2025-65018, CVE-2025-64720, CVE-2025-66293
Upgrade msft-golang to 1.24.11
Upgrade postgresql to 14.20 for CVE-2025-12817, CVE-2025-12818
Upgrade runc to v1.2.8
Upgrade tzdata to 2025b
3.0.20251106
Generic Kernel version-release: kernel-6.6.112.1-2
Fix iperf3 for compatibility with openssl 3.3.5
Fix junitperf build issue
Fix libthai license path issue
Fix mlnx-ofa_kernel-hwe-modules conflict package name
Fix oro build error
Fix samba netlog
Patch binutils for CVE-2025-11414, CVE-2025-11412
Patch elfutils for CVE-2024-25260
Patch glibc for CVE-2025-8058
Patch libssh for CVE-2025-8277
Patch libxml2 for CVE-2025-49795
Patch lz4 for CVE-2025-62813
Patch mysql for 8 CVEs, CVE-2025-62813
Patch openssh for CVE-2025-61985, CVE-2025-61984
Patch rabbitmq-server for CVE-2025-50200
Patch python-pip for CVE-2025-50181
Patch rubygem-rexml for CVE-2025-58767
Patch qemu for CVE-2025-11234
Remove apache-commons-lang from SPECS-EXTENDED
Remove CGO_ENABLED flag from azl-otel-collector package since we have moved to go 1.25
Upgrade aspell-en to 2020.12.07
Upgrade gtk-vnc to 1.5.0
Upgrade kernel to 6.6.112.1
Upgrade kernel to enable block device writeback throttling support
Upgrade kernel version to kernel-6.6.112.1-2
Upgrade lensfun to 0.3.4
Upgrade libselinux to support SELinux policy tree at /usr/etc/selinux
Upgrade mysql to 8.0.44
Upgrade osgi-annotation to 8.1.0
Upgrade python-alsa to 1.2.14
2.0.20251106
Generic Kernel version-release: kernel-5.15.186.1-1
Enable vitess debuginfo package generation
Fix Libtiff missed release bump
Fix Samba-winbind netlogon issues
Patch binutils for CVE-2025-11082, CVE-2025-11083, CVE-2025-11412, CVE-2025-11414
Patch crash for CVE-2025-11082
Patch gdb for CVE-2021-32256, CVE-2025-11082, CVE-2025-11083, CVE-2025-5244, CVE-2025-11412, CVE-2025-11414
Patch jq for CVE-2025-9403
Patch libxml2 for CVE-2025-49795
Patch lz4 for CVE-2025-62813
Patch mysql for CVE-2025-62813
Patch openssh for CVE-2025-61985
Patch python3 for CVE-2025-8291
Patch qemu for CVE-2025-11234
Patch Rust for CVE-2025-53605
Set Kernel version: kernel-5.15.186.1-1
Upgrade Ca-certificates Msft cert change
Upgrade mysql to 8.0.44
3.0.20251030
Generic Kernel version-release: kernel-6.6.104.2-4
This release removes the self-signed, Microsoft TLS RSA Root G2 cert, from the ca-certificates-base package. The incorrect cert was added to ca-certificates-base-1:3.0.0-10. Earlier packages were not impacted. Upgrade to ca-certificates-base-1:3.0.0-13 or prebuilt-ca-certificates-base-1:3.0.0-13.
The following certificates were removed:
Microsoft TLS RSA Root G2 (self-signed, fingerprint: 21734D95A2473BE25CBFD12A84C6FBC5BC8E2414)
Microsoft TLS ECC Root G2 (self-signed, fingerprint: F82BB951BA6B8A85ADFA7515028560D1250E7237)
This release also includes a patch to fix an iperf3 regression. The regression was introduced when version 3.3.5 of OpenSSL was published
2.0.20251030
Generic Kernel version-release: kernel-5.15.186.1-1
This release solely removes the self-signed, Microsoft TLS RSA Root G2 cert, from the ca-certificates-base package. The incorrect cert was added to ca-certificates-base-2.0.0-22. Earlier packages were not impacted. Upgrade to ca-certificates-base-2.0.0-24 or prebuilt-ca-certificates-base-2.0.0-24.
The following certificates were removed:
Microsoft TLS RSA Root G2 (self-signed, fingerprint: 21734D95A2473BE25CBFD12A84C6FBC5BC8E2414)
Microsoft TLS ECC Root G2 (self-signed, fingerprint: F82BB951BA6B8A85ADFA7515028560D1250E7237)
3.0.20251021
Generic Kernel version-release: kernel-6.6.104.2-4
Add apparmor into Azure Linux 3.0
Add libimobiledevice-glue to SPECS-EXTENDED
Add python-spnego to SPECS-EXTENDED
Enable ARM64 build for ibarr/ibsim/mlnx-ethtool/multiperf
Enable Aquantia AQtion ethernet driver kernel configs
Enable DMA P2P
Enable arm64 build for OFED stack kernel modules
Enable ipmi panic string for kernel-64k
Fix apache-commons-pool2 build error
Fix cglib License Check build error
Fix coredns random rebuilds bug
Fix gl-manpages build error
Fix nginx stream ssl preread
Fix perl-Locale-Msgfmt build
Patch binutils for CVE-2025-11083, CVE-2025-11082, CVE-2025-8225, CVE-2025-0840, CVE-2025-1176, CVE-2025-1178, CVE-2025-1181, CVE-2025-1182
Patch cmake for CVE-2025-10148
Patch containerized-data-importer for CVE-2025-58058
Patch coredns for CVE-2025-58063
Patch curl for CVE-2025-10148
Patch erlang for CVE-2025-48038, CVE-2025-48039, CVE-2025-48040, CVE-2025-48041
Patch expat for CVE-2025-59375
Patch fio for CVE-2025-10823
Patch glib for CVE-2025-7039
Patch glibc for CVE-2025-4802
Patch glibc for upstream patch bug #25847
Patch gdb for CVE-2025-11082
Patch jx for CVE-2025-58058
Patch keras for CVE-2025-9905, CVE-2025-9906
Patch libtiff for CVE-2024-13978
Patch openssl for CVEs
Patch packer for CVE-2025-58058
Patch perl-JSON-XS for CVE-2025-40928
Patch python-pip for CVE-2025-8869
Patch python3 for CVE-2025-8291
Patch skopeo for CVE-2025-58058
Patch systemd for CVE-2025-4598
Patch x/crypto and x/net for CVEs
Remove libyami-1.3.2 from SPECS_EXTENDED
Remove python-unittest2 from SPECS_EXTENDED
Switch to bootstrap toolchain from 3.0 container
Upgrade buildah to 1.41.4
Upgrade ca-certificates
Upgrade cppcheck to 2.18.3
Upgrade ImageCustomizer to 1.0.0 and add semantic version and latest tag support for imagecustomizer golden container
Upgrade kernels to 6.6.104.2
Upgrade kronosnet to 1.29
Upgrade libpeas to 1.36.0
Upgrade mod_md to 2.4.26
Upgrade mod_security to 2.9.7
Upgrade mythes to 1.2.5
Upgrade mythes-ca to 2.3.1
Upgrade netsniff-ng to 0.6.9
Upgrade perl-File-Find-Object to 0.3.8
Upgrade perl-File-MimeInfo to 0.35
Upgrade perl-Test-Script to 1.29
Upgrade podman to 5.6.1
Upgrade python-aiodns to 3.2.0
Upgrade python-mutagen to 1.47.0
Upgrade python-pyperclip to 1.8.2
Upgrade python-testtools and python-fixtures
Upgrade rubygem-rouge to 4.4.0
Upgrade SymCrypt-OpenSSL to 1.9.3
Upgrade virt-top to 1.1.1
2.0.20251010
Generic Kernel version-release: kernel-5.15.186.1-1
Enable vitess debuginfo package generation
Patch aide for CVE-2025-54389, CVE-2025-54409
Patch binutils for CVE-2025-8225
Patch cmake for CVE-2025-9301
Patch containerized-data-importer for CVE-2025-58058
Patch cri-o for CVE-2025-58058
Patch cups for CVE-2025-58364, CVE-2025-58060
Patch curl for CVE-2025-10148
Patch erlang for CVE-2025-48041, CVE-2025-48040, CVE-2025-48038, CVE-2025-48039
Patch expat for CVE-2025-59375
Patch Fio for CVE-2025-10823
Patch fluent-bit for CVE-2025-58749
Patch gdb for CVE-2025-7546
Patch glib for CVE-2025-7039
Patch grub2 for multiple CVEs
Patch helm for CVE-2025-55198
Patch jx for CVE-2025-58058
Patch libssh for CVE-2025-4878
Patch libtiff for CVE-2025-9900, CVE-2024-13978
Patch packer for CVE-2025-58058
Patch perl-JSON-XS for CVE-2025-40928
Patch python-virtualenv for CVE-2025-50181
Patch skopeo for CVE-2025-58058
Patch systemd for CVE-2025-4598
Patch terraform for CVE-2025-58058
Remove blobfuse2
Upgrade msft-golang to 1.24.7
2.0.20250930
Generic Kernel version-release: kernel-5.15.186.1-1
Patch apache-commons-lang3 for CVE-2025-48924
Patch apparmor for CVE-2023-53154
Patch binutils for CVE-2025-7545, CVE-2025-7546
Patch ceph for CVE-2024-48916
Patch cri-tools for CVE-2025-22872
Patch edk2 for CVE-2025-3770
Patch fluent-bit for CVE-2025-54126
Patch glib for CVE-2024-34397, CVE-2025-4373
Patch golang for CVE-2025-47907, CVE-2025-4674, CVE-2025-47906, CVE-2025-4673
Patch hvloader for CVE-2025-3770
Patch icu for CVE-2025-5222
Patch iperf3 for CVE-2025-54350, CVE-2025-54349
Patch iputils for CVE-2025-48964
Patch jasper for CVE-2025-8837, CVE-2025-8836
Patch krb5 for CVE-2025-3576
Patch libarchive for CVE-2025-5914, CVE-2025-5915, CVE-2025-5916, CVE-2025-5917, CVE-2025-5918
Patch libsndfile for CVE-2024-50612
Patch libtiff for CVE-2025-8534, CVE-2025-8177, CVE-2025-8176, CVE-2025-9165, CVE-2025-8851
Patch libsoup for CVE-2025-4948, CVE-2025-4969
Patch luajit for CVE-2024-25177
Patch nginx for CVE-2025-53859
Patch nodejs18 for CVE-2025-5889
Patch nvidia-container-toolkit for CVE-2025-22872
Patch postgresql for CVE-2025-8714, CVE-2025-8715, CVE-2025-8713
Patch ruby for CVE-2025-24294
Patch sqlite for CVE-2025-6965, CVE-2025-7458
Patch vim for CVE-2025-9390
Upgrade ca-certificates
Upgrade msft-golang from 1.24.1 to 1.24.5
Upgrade python3-junit-xml
3.0.20250910
Generic Kernel version-release: kernel-6.6.96.2-2
Add kernel-hwe and support files for building 6.12.40.1
Add rubygem-scanf to SPECS-EXTENDED
Add systemd-boot-signed aarch64 package
Add which package to OS Guard base images
Fix args4j build issues
Fix dbus-c++ build issues
Fix missing build-id issue in toolchain (glibc and openssl explicitly bumped with fix)
Fix selinux-policy by restoring excluded policy.kern.
Fix xpp3 build
Patch aide for CVE-2025-54409, CVE-2025-54389
Patch cmake for CVE-2025-9301
Patch fluent-bit for CVE-2025-54126
Patch gdb for CVE-2025-7546
Patch jasper for CVE-2025-8837, CVE-2025-8836, CVE-2025-8835
Patch keras for CVE-2025-8747
Patch libarchive for CVE-2025-5914, CVE-2025-5915, CVE-2025-5916, CVE-2025-5917, CVE-2025-5918
Patch libssh for CVE-2025-4878
Patch libtiff for CVE-2025-9165, CVE-2025-8851
Patch nginx for CVE-2025-53859
Patch nvidia-container-toolkit for CVE-2025-22872
Patch opensc for multiple CVEs and upgrade to 0.26.1
Patch qemu for CVE-2024-7409
Patch rust for CVE-2024-11738
Update Arm64 64k ISO to produce with 6.12 HWE kernel
Upgrade azurelinux-image-tools version to 0.19.0 and fix imagecustomizer file location to comply with RPM guidelines
Upgrade ca-certificates Msft cert change
Upgrade httpcomponents-core to 4.4.16
Upgrade Kata packages to GA
Upgrade kubevirt.spec to 1.5.0
Upgrade perl-Cpanel-JSON-XS to 4.39
Upgrade perl-Crypt-OpenSSL-RSA to 0.33
Upgrade perl-Params-Validate to 1.31
Upgrade perl-Variable-Magic to 0.64
Upgrade perl-XML-Writer to 0.900
Upgrade perl-YAML-LibYAML to 0.902.0
Upgrade pkcs11-helper to 1.30.0
Upgrade python-betamax to 0.9.0
Upgrade python-genshi to 0.7.9
Upgrade python3-pycares to 4.5.0
Upgrade resource-agents to 4.16.0
Upgrade tbb to 2021.13.0
Upgrade toolkit to enable downloads using Azure CLI credentials
Upgrade xmlrpc-c to 1.60.04
Upgrade z3 to 4.13.3
Upgrade Kernel version: kernel-6.6.96.2-2