cos-121-18867-381-162

cos-121-18867-381-161

Change

Updated minijail to r188.

Security

Fixed CVE-2026-43303 in the Linux kernel.

Security

Fixed CVE-2026-43499 in the Linux kernel.

Security

Fixed CVE-2026-43503 in the Linux kernel.

Security

Fixed CVE-2026-45838 in the Linux kernel.

Security

Fixed CVE-2026-45839 in the Linux kernel.

Security

Fixed CVE-2026-45841 in the Linux kernel.

Security

Fixed CVE-2026-45842 in the Linux kernel.

Security

Fixed CVE-2026-45843 in the Linux kernel.

Security

Fixed CVE-2026-45844 in the Linux kernel.

Security

Fixed CVE-2026-45987 in the Linux kernel.

Security

Fixed CVE-2026-45991 in the Linux kernel.

Security

Fixed CVE-2026-45997 in the Linux kernel.

Security

Fixed CVE-2026-46005 in the Linux kernel.

Security

Fixed CVE-2026-46015 in the Linux kernel.

Security

Fixed CVE-2026-46021 in the Linux kernel.

Security

Fixed CVE-2026-46033 in the Linux kernel.

Security

Fixed CVE-2026-46037 in the Linux kernel.

Security

Fixed CVE-2026-46040 in the Linux kernel.

Security

Fixed CVE-2026-46046 in the Linux kernel.

Security

Fixed CVE-2026-46050 in the Linux kernel.

Security

Fixed CVE-2026-46051 in the Linux kernel.

Security

Fixed CVE-2026-46065 in the Linux kernel.

Security

Fixed CVE-2026-46070 in the Linux kernel.

Security

Fixed CVE-2026-46082 in the Linux kernel.

Security

Fixed CVE-2026-46086 in the Linux kernel.

Security

Fixed CVE-2026-46089 in the Linux kernel.

Security

Fixed CVE-2026-46094 in the Linux kernel.

Security

Fixed CVE-2026-46101 in the Linux kernel.

Security

Fixed CVE-2026-46102 in the Linux kernel.

Security

Fixed CVE-2026-46106 in the Linux kernel.

Security

Fixed CVE-2026-46107 in the Linux kernel.

Security

Fixed CVE-2026-46115 in the Linux kernel.

Security

Fixed CVE-2026-46116 in the Linux kernel.

Security

Fixed CVE-2026-46120 in the Linux kernel.

Security

Fixed CVE-2026-46124 in the Linux kernel.

Security

Fixed CVE-2026-46131 in the Linux kernel.

Security

Fixed CVE-2026-46132 in the Linux kernel.

Security

Fixed CVE-2026-46149 in the Linux kernel.

Security

Fixed CVE-2026-46150 in the Linux kernel.

Security

Fixed CVE-2026-46155 in the Linux kernel.

Security

Fixed CVE-2026-46161 in the Linux kernel.

Security

Fixed CVE-2026-46172 in the Linux kernel.

Security

Fixed CVE-2026-46173 in the Linux kernel.

Security

Fixed CVE-2026-46174 in the Linux kernel.

Security

Fixed CVE-2026-46176 in the Linux kernel.

Security

Fixed CVE-2026-46185 in the Linux kernel.

Security

Fixed CVE-2026-46195 in the Linux kernel.

Security

Fixed CVE-2026-46196 in the Linux kernel.

Security

Fixed CVE-2026-46209 in the Linux kernel.

Security

Fixed CVE-2026-46214 in the Linux kernel.

Security

Fixed CVE-2026-46234 in the Linux kernel.

Security

Fixed CVE-2026-46300 in the Linux kernel.

cos-121-18867-381-148

Change

Added dev-libs/mpdecimal and dev-python/gentoo-common.

Change

Updated app-containers/runc from v1.2.8 to v1.2.9

Change

Updated dev-lang/python to v3.11.15.

Fixed

Added support for NVIDIA driver v580.159.04.

Fixed

Upgraded app-shells/dash to v0.5.13.4.

Security

Fixed EFI variable OOB read in grub config parsing.

cos-121-18867-381-144

Announcement

This update contains several package upgrades to the latest patch version to ensure security, along with package patches for known CVEs.

Change

Update sys-process/audit to v3.0.9.

Change

Upgrade app-admin/fluent-bit to v3.2.10

Change

Updated glib to v2.86.5.

Change

Updated sys-libs/pam to v1.5.3.

Fixed

Upgraded cos-gpu-installer to v2.7.2.

Security

Fixed CVE-2026-23171 in the Linux kernel.

Security

Fixed CVE-2026-23473 in the Linux kernel.

Security

Fixed CVE-2026-31449 in the Linux kernel.

Security

Fixed CVE-2026-31709 in the Linux kernel.

Security

Fixed CVE-2026-43109 in the Linux kernel.

Security

Fixed CVE-2026-44431 in dev-python/urllib3.

Security

Fixed CVE-2026-6732 in dev-libs/libxml2.

Security

Fixed KCTF-9e6bf14 in the Linux kernel.

Security

Updated dev-lang/go to 1.25.10. This fixes CVE-2026-33814,CVE-2026-39823,CVE-2026-39826,CVE-2026-39817,CVE-2026-39819,CVE-2026-39820,CVE-2026-39836,CVE-2026-42499,CVE-2026-39825.

Security

Updated net-misc/curl to v8.20. This fixes CVE-2026-5545,CVE-2026-4873,CVE-2026-6429,CVE-2026-7168,CVE-2026-6253,CVE-2026-6276,CVE-2026-7009,CVE-2026-5773.

cos-121-18867-381-132

Announcement

This is an LTS Refresh release.

Fixed

Added support for NVIDIA driver v535.309.01.

Fixed

Added support for NVIDIA driver v580.159.03.

Fixed

Upgraded app-admin/google-guest-configs to v20251014.00.

Fixed

Upgraded app-containers/docker-credential-helpers to v0.9.4.

Fixed

Upgraded cos-gpu-installer to v2.7.1.

Fixed

Upgraded net-libs/libnetfilter_conntrack to v1.1.1.

Fixed

Upgraded net-libs/libtirpc to v1.3.7.

Fixed

Upgraded net-nds/rpcbind to v1.2.8.

Fixed

Upgraded sys-apps/acl to v2.3.2-r3.

Fixed

Upgraded sys-apps/gentoo-functions to v1.7.4.

Fixed

Upgraded sys-auth/pambase to v20251104.

Fixed

Upgraded sys-libs/libcap to v2.77.

Fixed

Upgraded sys-libs/libseccomp to v2.6.0-r3.

Security

Fixed CVE-2026-43187 in the Linux kernel.

Security

Fixed CVE-2026-46333 in the Linux kernel.

Security

Fixed argument injection in toolbox.

Change

Runtime sysctl changes:

• Added: net.ipv4.tcp_pingpong_thresh: 1

cos-121-18867-381-125

Security

Fixed CVE-2026-43284 (dirtyfrag) in the Linux kernel.

Security

Fixed CVE-2026-31693 in the Linux kernel.

Security

Fixed CVE-2026-31694 in the Linux kernel.

Security

Fixed CVE-2026-31700 in the Linux kernel.

Security

Fixed CVE-2026-31708 in the Linux kernel.

Security

Fixed CVE-2026-31738 in the Linux kernel.

Security

Fixed CVE-2026-31752 in the Linux kernel.

Security

Fixed CVE-2026-31781 in the Linux kernel.

Security

Fixed CVE-2026-43013 in the Linux kernel.

Security

Fixed CVE-2026-43016 in the Linux kernel.

Security

Fixed CVE-2026-43024 in the Linux kernel.

Security

Fixed CVE-2026-43026 in the Linux kernel.

Security

Fixed CVE-2026-43027 in the Linux kernel.

Security

Fixed CVE-2026-43028 in the Linux kernel.

Security

Fixed CVE-2026-43030 in the Linux kernel.

Security

Fixed CVE-2026-43035 in the Linux kernel.

Security

Fixed CVE-2026-43037 in the Linux kernel.

Security

Fixed CVE-2026-43038 in the Linux kernel.

Security

Fixed CVE-2026-43040 in the Linux kernel.

Security

Fixed CVE-2026-43043 in the Linux kernel.

Security

Fixed CVE-2026-43054 in the Linux kernel.

Security

Fixed CVE-2026-43057 in the Linux kernel.

Security

Upgraded dev-libs/libgcrypt to v1.10.4 to fix CVE-2026-41989.

cos-121-18867-381-121

Security

Fixed CVE-2026-35385 in net-misc/openssh.

Security

Upgraded cos-gpu-installer to v2.6.8.

cos-121-18867-381-118

Fixed

Upgraded app-admin/sosreport to v4.11.1.

Fixed

Upgraded app-shells/dash to v0.5.13.3.

Fixed

Upgraded sys-apps/makedumpfile to v1.7.9.

Security

Fixed CVE-2025-22125 in the Linux kernel.

Security

Fixed CVE-2026-23255 in the Linux kernel.

Security

Fixed CVE-2026-23302 in the Linux kernel.

Security

Fixed CVE-2026-23374 in the Linux kernel.

Security

Fixed CVE-2026-23399 in the Linux kernel.

Security

Fixed CVE-2026-23442 in the Linux kernel.

Security

Fixed CVE-2026-31407 in the Linux kernel.

Security

Fixed CVE-2026-31429 in the Linux kernel.

Security

Fixed CVE-2026-31555 in the Linux kernel.

Security

Fixed CVE-2026-31628 in the Linux kernel.

Security

Fixed CVE-2026-31648 in the Linux kernel.

Security

Fixed CVE-2026-31664 in the Linux kernel.

Security

Fixed CVE-2026-31665 in the Linux kernel.

Security

Fixed CVE-2026-31671 in the Linux kernel.

Security

Fixed CVE-2026-31673 in the Linux kernel.

Security

Fixed CVE-2026-31675 in the Linux kernel.

Security

Fixed CVE-2026-31680 in the Linux kernel.

Security

Fixed CVE-2026-31681 in the Linux kernel.

Security

Fixed CVE-2026-31682 in the Linux kernel.

Security

Fixed CVE-2026-31688 in the Linux kernel.

Security

Upgraded openssl to v3.0.20 to fix CVE-2026-28387, CVE-2026-28388,CVE-2026-28389,CVE-2026-28390,CVE-2026-31790.

cos-121-18867-381-113

Fixed

Optimized IOMMU reference counting using atomic64_inc_return().

Fixed

Serialized sequence allocation to prevent timeouts during concurrent TLB invalidations.

Security

Fixed CVE-2026-31431 (copy.fail) in the Linux kernel.

Security

Fixed CVE-2026-31454 in the Linux kernel.

Security

Fixed CVE-2026-31546 in the Linux kernel.

Security

Fixed CVE-2026-31667 in the Linux kernel.

cos-121-18867-381-106

Fixed

Added support for NVIDIA drivers v580.126.16 and v580.126.20.

Security

Fixed CVE-2025-70873 in dev-db/sqlite.

Security

Fixed CVE-2026-31430 in the Linux kernel.

Security

Fixed CVE-2026-31446 in the Linux kernel.

Security

Fixed CVE-2026-31447 in the Linux kernel.

Security

Fixed CVE-2026-31450 in the Linux kernel.

Security

Fixed CVE-2026-31451 in the Linux kernel.

Security

Fixed CVE-2026-31452 in the Linux kernel.

Security

Fixed CVE-2026-31453 in the Linux kernel.

Security

Fixed CVE-2026-31455 in the Linux kernel.

Security

Fixed CVE-2026-31466 in the Linux kernel.

Security

Fixed CVE-2026-31469 in the Linux kernel.

Security

Fixed CVE-2026-31495 in the Linux kernel.

Security

Fixed CVE-2026-31496 in the Linux kernel.

Security

Fixed CVE-2026-31515 in the Linux kernel.

Security

Fixed CVE-2026-31521 in the Linux kernel.

Security

Fixed CVE-2026-31523 in the Linux kernel.

Security

Fixed CVE-2026-31525 in the Linux kernel.

Security

Fixed CVE-2026-32280, CVE-2026-32281, CVE-2026-32283, CVE-2026-27140, CVE-2026-27144 in dev-lang/go.

Security

Fixed CVE-2026-34743 in app-arch/xz-utils.

Security

Fixed KCTF-42156f9 in the Linux kernel.

cos-121-18867-381-95

Fixed

Resolved an issue that could cause soft lockups in stressed environments when iommu.strict=1.

Fixed

Upgraded app-admin/node-problem-detector to v0.8.25.

Fixed

Upgraded sys-apps/hwdata to v0.401.

Fixed

Upgraded sys-process/lsof to v4.99.6.

Fixed

Upgraded virtual/logger to v0-r3.

Security

Fixed CVE-2026-0994 in dev-libs/protobuf.

Security

Fixed CVE-2026-31414 in the Linux kernel.

Security

Fixed CVE-2026-31415 in the Linux kernel.

Security

Fixed CVE-2026-31416 in the Linux kernel.

Security

Fixed CVE-2026-31418 in the Linux kernel.

Security

Fixed CVE-2026-31421 in the Linux kernel.

Security

Fixed CVE-2026-31423 in the Linux kernel.

Security

Fixed CVE-2026-31424 in the Linux kernel.

Security

Fixed CVE-2026-31426 in the Linux kernel.

Security

Fixed CVE-2026-31427 in the Linux kernel.

Security

Fixed CVE-2026-31428 in the Linux kernel.

Security

Fixed CVE-2026-35414 in net-misc/openssh.

Security

Fixed CVE-2026-4046 in sys-libs/glibc.

Security

Fixed CVE-2026-4437,CVE-2026-4438 in sys-libs/glibc.

Security

Fixed KCTF-a9b8b18 in the Linux kernel.

Security

Upgraded containerd to v2.0.8. This fixes CVE-2026-35469.

cos-121-18867-381-81

Fixed

Upgraded app-shells/dash to v0.5.13.2.

Security

Fixed CVE-2024-14027 in the Linux kernel.

Security

Fixed CVE-2024-43826 in the Linux kernel.

Security

Fixed CVE-2025-38704 in the Linux kernel.

Security

Fixed CVE-2025-39748 in the Linux kernel.

Security

Fixed CVE-2025-39764 in the Linux kernel.

Security

Fixed CVE-2026-23154 in the Linux kernel.

Security

Fixed CVE-2026-23243 in the Linux kernel.

Security

Fixed CVE-2026-23343 in the Linux kernel.

Security

Fixed CVE-2026-23360 in the Linux kernel.

Security

Fixed CVE-2026-23401 in the Linux kernel.

Security

Fixed CVE-2026-23412 in the Linux kernel.

Security

Fixed CVE-2026-23413 in the Linux kernel.

Security

Fixed CVE-2026-23414 in the Linux kernel.

Security

Fixed CVE-2026-23439 in the Linux kernel.

Security

Fixed CVE-2026-23441 in the Linux kernel.

Security

Fixed CVE-2026-23449 in the Linux kernel.

Security

Fixed CVE-2026-23452 in the Linux kernel.

Security

Fixed CVE-2026-23455 in the Linux kernel.

Security

Fixed CVE-2026-23456 in the Linux kernel.

Security

Fixed CVE-2026-23457 in the Linux kernel.

Security

Fixed CVE-2026-23458 in the Linux kernel.

Security

Fixed CVE-2026-23471 in the Linux kernel.

Security

Fixed CVE-2026-31392 in the Linux kernel.

Security

Fixed CVE-2026-31400 in the Linux kernel.

Security

Fixed CVE-2026-31402 in the Linux kernel.

Security

Fixed CVE-2026-31403 in the Linux kernel.

Security

Fixed CVE-2026-33997 and CVE-2026-34040 in Docker.

cos-121-18867-381-63

Security

Fixed CVE-2025-40135 in the Linux kernel.

Security

Fixed CVE-2025-68206 in the Linux kernel.

Security

Fixed CVE-2025-68239 in the Linux kernel.

Security

Fixed CVE-2025-71161 in the Linux kernel.

Security

Fixed CVE-2026-23004 in the Linux kernel.

Security

Fixed CVE-2026-23050 in the Linux kernel.

Security

Fixed CVE-2026-23138 in the Linux kernel.

Security

Fixed CVE-2026-23245 in the Linux kernel.

Security

Fixed CVE-2026-23270 in the Linux kernel.

Security

Fixed CVE-2026-23271 in the Linux kernel.

Security

Fixed CVE-2026-23277 in the Linux kernel.

Security

Fixed CVE-2026-23388 in the Linux kernel.

Security

Fixed CVE-2026-23391 in the Linux kernel.

Security

Fixed CVE-2026-23397 in the Linux kernel.

Security

Fixed CVE-2026-23398 in the Linux kernel.

cos-121-18867-381-56

Feature

Added support for loading the ublk kernel module.

Security

Fixed CVE-2026-23292 in the Linux kernel.

Security

Fixed CVE-2026-23293 in the Linux kernel.

Security

Fixed CVE-2026-23296 in the Linux kernel.

Security

Fixed CVE-2026-23300 in the Linux kernel.

Security

Fixed CVE-2026-23303 in the Linux kernel.

Security

Fixed CVE-2026-23304 in the Linux kernel.

Security

Fixed CVE-2026-23310 in the Linux kernel.

Security

Fixed CVE-2026-23340 in the Linux kernel.

Security

Fixed CVE-2026-23352 in the Linux kernel.

Security

Fixed CVE-2026-23359 in the Linux kernel.

Security

Fixed CVE-2026-23368 in the Linux kernel.

Security

Fixed CVE-2026-23381 in the Linux kernel.

Security

Fixed CVE-2026-23386 in the Linux kernel.

Security

Fixed CVE-2026-23392 in the Linux kernel.

Security

Fixed CVE-2026-27135 in net-libs/nghttp2.

Security

Fixed CVE-2026-27448 in dev-python/pyopenssl.

Security

Fixed CVE-2026-27459 in dev-python/pyopenssl.

Security

Fixed CVE-2026-32597 with pyjwt package upgrade to 2.12.1.

Security

Fixed KCTF-329f0b9 in the Linux kernel.

Security

Fixed KCTF-9df9578 in the Linux kernel.

Security

Fixed the "CrackArmor" vulnerability in the Linux kernel.

Change

Runtime sysctl changes:

• Changed: kernel.threads-max: 63487 -> 63199
• Changed: user.max_cgroup_namespaces: 31743 -> 31599
• Changed: user.max_ipc_namespaces: 31743 -> 31599
• Changed: user.max_mnt_namespaces: 31743 -> 31599
• Changed: user.max_net_namespaces: 31743 -> 31599
• Changed: user.max_pid_namespaces: 31743 -> 31599
• Changed: user.max_time_namespaces: 31743 -> 31599
• Changed: user.max_user_namespaces: 31743 -> 31599
• Changed: user.max_uts_namespaces: 31743 -> 31599

cos-121-18867-381-45

Change

Added support for the Lustre 2.14.0_p249 drivers.

Fixed

Updated cos-gpu-installer to v2.6.1.

Fixed

Upgraded app-admin/google-osconfig-agent to v20260119.00.

Fixed

Upgraded sys-apps/file to v5.47-r1.

Security

Fixed CVE-2025-22026 in the Linux kernel.

Security

Fixed CVE-2025-69647 in binutils-libs.

Security

Fixed CVE-2025-69648 in binutils-libs.

Security

Fixed CVE-2026-23254 in the Linux kernel.

Security

Fixed KCTF-71e99ee in the Linux kernel.

Security

Updated net-misc/curl to v8.19.0. This resolves CVE-2026-1965 and CVE-2026-3783.

Security

Updated sys-libs/binutils-libs to 2.46.0. This resolves CVE-2025-69644.

cos-121-18867-381-35

Security

Fixed CVE-2025-38162 in the Linux kernel.

Security

Fixed CVE-2025-38201 in the Linux kernel.

Security

Fixed CVE-2026-23102 in the Linux kernel.

cos-121-18867-381-30

Fixed

Upgraded app-admin/sosreport to v4.11.0.

Fixed

Upgraded net-misc/socat to v1.8.1.1.

Fixed

Upgraded sys-apps/file to v5.47.

Security

Fixed CVE-2025-38234 in the Linux kernel.

Security

Fixed CVE-2026-23100 in the Linux kernel.

cos-121-18867-381-24

Change

Fixed an issue where most platforms would use only half of the available GVNIC TX queues.

Fixed

Upgraded dev-util/gdbus-codegen to v2.86.3.

Security

Fixed CVE-2025-58187 in dev-lang/go.

Security

Fixed CVE-2026-23216 in the Linux kernel.

Security

Fixed CVE-2026-23229 in the Linux kernel.

Security

Fixed CVE-2026-23230 in the Linux kernel.

Security

Upgraded dev-libs/glib to v2.86.3. This fixes CVE-2025-14087, CVE-2025-14512 and CVE-2025-13601.

cos-121-18867-381-14

Change

Added support for the Lustre 2.14.0_p246 drivers.

Security

Fixed CVE-2025-60753 in libarchive.

Security

Fixed CVE-2026-23112 in the Linux kernel.

Security

Fixed CVE-2026-23176 in the Linux kernel.

Security

Fixed CVE-2026-23179 in the Linux kernel.

Security

Fixed CVE-2026-23193 in the Linux kernel.

Security

Fixed CVE-2026-23198 in the Linux kernel.

Security

Fixed CVE-2026-23200 in the Linux kernel.

Security

Fixed CVE-2026-23204 in the Linux kernel.

Security

Fixed CVE-2026-23205 in the Linux kernel.

Security

Fixed CVE-2026-23212 in the Linux kernel.

Security

Fixed KCTF-e3f000f in the Linux kernel.

cos-121-18867-381-1

Fixed

Upgraded net-misc/socat to v1.8.1.0-r1.

Fixed

Upgraded sys-apps/less to v692.

Security

Fixed CVE-2026-23156 in the Linux kernel.

Security

Fixed CVE-2026-23159 in the Linux kernel.

Security

Fixed CVE-2026-23168 in the Linux kernel.

Security

Upgraded net-misc/curl to version 8.18.0. This fixes CVE-2025-10148, CVE-2025-10966, CVE-2025-13034, CVE-2025-14017, CVE-2025-14524, CVE-2025-14819, CVE-2025-15079, and CVE-2025-15224.

cos-121-18867-294-134

Announcement

This is an LTS Refresh release.

Security

Fixed CVE-2024-57994 in the Linux kernel.

Security

Fixed CVE-2025-37920 in the Linux kernel.

Security

Fixed CVE-2025-38232 in the Linux kernel.

Security

Fixed CVE-2025-68725 in the Linux kernel.

Security

Fixed CVE-2026-22998 in the Linux kernel.

Security

Fixed CVE-2026-22999 in the Linux kernel.

Security

Fixed CVE-2026-23001 in the Linux kernel.

Security

Fixed CVE-2026-23003 in the Linux kernel.

Security

Fixed CVE-2026-23005 in the Linux kernel.

Security

Fixed CVE-2026-23010 in the Linux kernel.

Security

Fixed CVE-2026-23011 in the Linux kernel.

Security

Fixed CVE-2026-23038 in the Linux kernel.

Security

Fixed CVE-2026-23069 in the Linux kernel.

Security

Fixed CVE-2026-23083 in the Linux kernel.

Security

Fixed CVE-2026-23085 in the Linux kernel.

Security

Fixed CVE-2026-23095 in the Linux kernel.

Security

Fixed CVE-2026-23097 in the Linux kernel.

Security

Fixed CVE-2026-23099 in the Linux kernel.

Security

Fixed CVE-2026-23103 in the Linux kernel.

Security

Fixed CVE-2026-23105 in the Linux kernel.

Security

Fixed KCTF-f41c5d1 in the Linux kernel.

Security

Fixed KCTF-f8db647 in the Linux kernel.

Security

Updated dev-libs/libxml2 to version 2.14.6. This resolves CVE-2025-6021.

Change

Runtime sysctl changes:

• Changed: kernel.tainted: 4608 -> 4096

cos-121-18867-294-116

Feature

Added support for NVIDIA driver v535.288.01, v570.211.01 and v580.126.09.

Security

Fixed CVE-2024-49968 in the Linux kernel.

Security

Fixed CVE-2024-57982 in the Linux kernel.

cos-121-18867-294-112

Feature

Enabled TC Traffic Police as a module.

Security

Fixed CVE-2025-22111 in the Linux kernel.

Security

Fixed CVE-2025-71148 in the Linux kernel.

Security

Fixed CVE-2025-71149 in the Linux kernel.

Security

Fixed CVE-2025-71151 in the Linux kernel.

Security

Fixed CVE-2025-71160 in the Linux kernel.

Security

Fixed CVE-2026-0915 in sys-apps/glibc.

Security

Fixed CVE-2026-22976 in the Linux kernel.

Security

Fixed CVE-2026-22977 in the Linux kernel.

Security

Fixed CVE-2026-22979 in the Linux kernel.

Security

Fixed CVE-2026-22980 in the Linux kernel.

Security

Fixed CVE-2026-22988 in the Linux kernel.

Security

Fixed CVE-2026-22994 in the Linux kernel.

Security

Fixed KCTF-2397e92 in the Linux kernel.

Security

Fixed KCTF-50da4b9 in the Linux kernel.

Change

Runtime sysctl changes:

• Changed: kernel.tainted: 4096 -> 4608

cos-121-18867-294-100

Fixed

Installed app-misc/c_rehash, which was unintentionally removed after the dev-libs/openssl update.

Fixed

Upgraded app-admin/sosreport to v4.10.2.

Fixed

Upgraded sys-apps/less to v691.

Security

Fixed CVE-2025-13836 in dev-lang/python.

Security

Fixed CVE-2025-13837 in dev-lang/python.

Security

Fixed CVE-2025-38022 in the Linux kernel.

Security

Fixed CVE-2025-38129 in the Linux kernel.

Security

Fixed CVE-2025-68259 in the Linux kernel.

Security

Fixed CVE-2025-68261 in the Linux kernel.

Security

Fixed CVE-2025-68264 in the Linux kernel.

Security

Fixed CVE-2025-68265 in the Linux kernel.

Security

Fixed CVE-2025-68337 in the Linux kernel.

Security

Fixed CVE-2025-68349 in the Linux kernel.

Security

Fixed CVE-2025-68363 in the Linux kernel.

Security

Fixed CVE-2025-68724 in the Linux kernel.

Security

Fixed CVE-2025-68740 in the Linux kernel.

Security

Fixed CVE-2025-68744 in the Linux kernel.

Security

Fixed CVE-2025-68756 in the Linux kernel.

Security

Fixed CVE-2025-68764 in the Linux kernel.

Security

Fixed CVE-2025-68775 in the Linux kernel.

Security

Fixed CVE-2025-68780 in the Linux kernel.

Security

Fixed CVE-2025-68782 in the Linux kernel.

Security

Fixed CVE-2025-68788 in the Linux kernel.

Security

Fixed CVE-2025-68794 in the Linux kernel.

Security

Fixed CVE-2025-68795 in the Linux kernel.

Security

Fixed CVE-2025-68798 in the Linux kernel.

Security

Fixed CVE-2025-68813 in the Linux kernel.

Security

Fixed CVE-2025-68814 in the Linux kernel.

Security

Fixed CVE-2025-68816 in the Linux kernel.

Security

Fixed CVE-2025-68820 in the Linux kernel.

Security

Fixed CVE-2025-68821 in the Linux kernel.

Security

Fixed CVE-2025-71068 in the Linux kernel.

Security

Fixed CVE-2025-71077 in the Linux kernel.

Security

Fixed CVE-2025-71084 in the Linux kernel.

Security

Fixed CVE-2025-71089 in the Linux kernel.

Security

Fixed CVE-2025-71096 in the Linux kernel.

Security

Fixed CVE-2025-71097 in the Linux kernel.

Security

Fixed CVE-2025-71098 in the Linux kernel.

Security

Fixed CVE-2025-71102 in the Linux kernel.

Security

Fixed CVE-2025-71104 in the Linux kernel.

Security

Fixed CVE-2025-71113 in the Linux kernel.

Security

Fixed CVE-2025-71118 in the Linux kernel.

Security

Fixed CVE-2025-71120 in the Linux kernel.

Security

Fixed CVE-2025-71123 in the Linux kernel.

Security

Fixed CVE-2025-71125 in the Linux kernel.

Security

Fixed CVE-2025-71131 in the Linux kernel.

Security

Fixed CVE-2026-21441 in dev-python/urllib3.

Security

Updated dev-libs/openssl to v3.0.19. This resolves CVE-2025-15467.

cos-121-18867-294-88

Change

Updated dev-libs/openssl to v3.0.18.

Security

Applied urllib3 patch for CVE-2024-37891.

Security

Fixed CVE-2025-12084 in dev-lang/python.

Security

Fixed CVE-2025-61727 in dev-lang/go.

Security

Fixed CVE-2025-61729 in dev-lang/go.

cos-121-18867-294-78

Security

Fixed CVE-2025-40350 in the Linux kernel.

Security

Fixed CVE-2025-40350 in the Linux kernel.

Security

Fixed CVE-2025-40350 in the Linux kernel.

Change

Runtime sysctl changes:

• Changed: net.ipv4.tcp_mem: 94044 125392 188088 -> 94041 125391 188082
• Changed: net.ipv4.udp_mem: 188088 250784 376176 -> 188085 250783 376170

cos-121-18867-294-76

Change

Updated app-admin/sosreport to v4.10.1. Enabled containerd stack dump by default.

Fixed

Upgraded net-misc/socat to v1.8.1.0.

Fixed

Upgraded sys-apps/dmidecode to v3.7.

Security

Fixed CVE-2025-40346 in the Linux kernel.

Security

Fixed CVE-2025-40360 in the Linux kernel.

Security

Fixed CVE-2025-40361 in the Linux kernel.

Security

Fixed CVE-2025-66471 and CVE-2025-66418 in dev-python/urllib3.

Security

Fixed CVE-2025-68171 in the Linux kernel.

Security

Fixed CVE-2025-68173 in the Linux kernel.

Security

Fixed CVE-2025-68178 in the Linux kernel.

Security

Fixed CVE-2025-68183 in the Linux kernel.

Security

Fixed CVE-2025-68185 in the Linux kernel.

Security

Fixed CVE-2025-68191 in the Linux kernel.

Security

Fixed CVE-2025-68198 in the Linux kernel.

Security

Fixed CVE-2025-68200 in the Linux kernel.

Security

Fixed CVE-2025-68208 in the Linux kernel.

Security

Fixed CVE-2025-68214 in the Linux kernel.

Security

Fixed CVE-2025-68219 in the Linux kernel.

Security

Fixed CVE-2025-68224 in the Linux kernel.

Security

Fixed CVE-2025-68229 in the Linux kernel.

Security

Fixed CVE-2025-68231 in the Linux kernel.

Security

Fixed CVE-2025-68241 in the Linux kernel.

Security

Fixed CVE-2025-68295 in the Linux kernel.

Security

Fixed CVE-2025-68321 in the Linux kernel.

Change

Runtime sysctl changes:

• Changed: fs.file-max: 811762 -> 811813
• Changed: net.ipv4.tcp_mem: 94041 125391 188082 -> 94044 125392 188088
• Changed: net.ipv4.udp_mem: 188085 250783 376170 -> 188088 250784 376176

cos-121-18867-294-68

Fixed

Backported upstream commit to reduce bcache gc latency.

Security

Fixed KCTF-f05a4f9 in the Linux kernel.

Change

Runtime sysctl changes:

• Changed: fs.file-max: 811817 -> 811762

cos-121-18867-294-66

Security

Fixed CVE-2025-40220 in the Linux kernel.

Security

Fixed CVE-2025-40231 in the Linux kernel.

Security

Fixed CVE-2025-40292 in the Linux kernel.

Security

Fixed CVE-2025-40293 in the Linux kernel.

Security

Fixed CVE-2025-40297 in the Linux kernel.

Security

Fixed CVE-2025-40319 in the Linux kernel.

Security

Fixed CVE-2025-40324 in the Linux kernel.

Security

Fixed CVE-2025-40328 in the Linux kernel.

Security

Fixed CVE-2025-40341 in the Linux kernel.

Security

Updated app-containers/containerd and app-containers/containerd-test to v2.0.7. This resolves CVE-2024-25621 and CVE-2025-64329.

Change

Runtime sysctl changes:

• Changed: fs.file-max: 811799 -> 811817

cos-121-18867-294-60

Feature

Applied critical tx timeout patch series to fix idpf bug.

Fixed

Upgraded app-admin/google-guest-configs to v20251014.00.

Security

Fixed CVE-2025-21868 in the Linux kernel.

Security

Fixed CVE-2025-22103 in the Linux kernel.

Security

Fixed CVE-2025-38057 in the Linux kernel.

Security

Fixed CVE-2025-38678 in the Linux kernel.

Security

Fixed CVE-2025-40248 in the Linux kernel.

Security

Fixed CVE-2025-40250 in the Linux kernel.

Security

Fixed CVE-2025-40251 in the Linux kernel.

Security

Fixed CVE-2025-40256 in the Linux kernel.

Security

Fixed CVE-2025-40266 in the Linux kernel.

Security

Fixed CVE-2025-40268 in the Linux kernel.

Security

Fixed CVE-2025-40271 in the Linux kernel.

Security

Fixed CVE-2025-40272 in the Linux kernel.

Security

Fixed CVE-2025-40273 in the Linux kernel.

Security

Fixed CVE-2025-40320 in the Linux kernel.

Security

Fixed CVE-2025-47914 and CVE-2025-58181 in dev-go/crypto.

Change

Runtime sysctl changes:

• Changed: fs.file-max: 811755 -> 811799