Enhancements¶
This section outlines enhancements introduced in the MOSK 24.1.1 patch release.
Delivery mechanism for CVE fixes for Ubuntu¶
Introduced the ability to update Ubuntu packages including kernel minor version update, when available in a product release, to address CVE issues on a host operating system.
On management clusters, the update of Ubuntu mirror along with the update of minor kernel version occurs automatically with cordon-drain and reboot of machines.
On MOSK clusters, the update of Ubuntu mirror along with the update of
minor kernel version applies during a manual cluster update without automatic
cordon-drain and reboot of machines. After a managed cluster update, all
cluster machines have the reboot is required
notification.
The kernel update is not obligatory on MOSK clusters. Though, if you prefer obtaining the latest CVE fixes for Ubuntu, update the kernel by manually rebooting machines during a convenient maintenance window using GracefulRebootRequest.
In MOSK 24.1.1, the kernel version has been updated to
5.15.0-97-generic
.