microsoft/azurelinux 3.0.20260401-3.0

3.0.20260401

Repository: microsoft/azurelinux

Tag: 3.0.20260401-3.0

Published: 2026-04-07T00:31:17Z

Prerelease: no

Release notes: ---------------- Generic Kernel version-release: kernel-6.6.130.1-3 ---------------- Add azure-vm-utils to SPECS/SPECS-EXTENDED Add bootengine to SPECS/SPECS-EXTENDED Add coreos-cloudinit to SPECS/SPECS-EXTENDED Add coreos-init to SPECS/SPECS-EXTENDED Add kata-containers-preview to SPECS/SPECS-EXTENDED Add Kernel config validation tool Add Nodejs24 container and distroless image Add support for kernel flavor versioning Add update-ssh-keys to SPECS/SPECS-EXTENDED Add uvm micro kernel to SPECS/SPECS-EXTENDED Enable crypto kernel configs in kernel version 6.12 Enable lz4, lz4hc and zstd zram compression Fix Cisco Telegraf Fix docker engine multiarch image push Fix espeak-ng ptest Fix fontconfig ptest Fix libsoup with_check condition Fix ntpdate-wrapper binary path Fix python-daemon ptest regression Fix python-fields ptest Fix shim-unsigned-* separately from shim Patch azurelinux-image-tools for CVE-2026-27141 Patch cmake for CVE-2026-27135 Patch coredns for CVE-2026-26018, CVE-2026-26017 Patch dcos-cli for CVE-2025-30204 Patch edk2 for CVE-2025-69419 and align edk2-hvloader-signed release Patch flannel for CVE-2026-32241 Patch freetype for CVE-2026-23865 Patch giflib for CVE-2026-23868 Patch glibc for CVE-2026-4437, CVE-2026-4438 Patch grub2 for CVE-2025-0622 and increase SBAT to grub,5 Patch hdf5 for CVE-2025-2915 Patch kernel to enable CONFIG_TCP_CONG_BBR3 Patch kernel-mshv to enable CONFIG_WIREGUARD Patch libarrow for CVE-2026-25087 Patch libarchive for CVE-2026-4111 Patch libexif for CVE-2026-32775 Patch libssh for CVE-2026-3731 Patch libsoup for CVE-2026-0716, CVE-2026-2443, CVE-2026-2369 Patch libvirt for TPM patches Patch nasm for CVE-2022-46456 Patch ncurses for CVE-2025-69720 Patch netavark for CVE-2026-25541 Patch nghttp2 for CVE-2026-27135 Patch nodejs for CVE-2026-27135 Patch ocaml for CVE-2026-28364 Patch plexus-utils for CVE-2025-67030 Patch pyOpenSSL for CVE-2026-27459, CVE-2026-27448 Patch python-pyasn1 for CVE-2026-30922 Patch python3 for CVE-2026-4519 Patch python-requests for CVE-2026-25645 Patch python-virtualenv for CVE-2025-50181, CVE-2026-24049, CVE-2026-1703 Patch rpm-ostree for CVE-2026-25541, CVE-2025-58160 Patch rust for CVE-2026-25541, CVE-2026-25727, CVE-2023-48795 Patch skopeo for CVE-2026-24117 Patch squid for CVE-2026-33526, CVE-2026-33515, CVE-2026-32748 Patch strongswan for CVE-2026-25075 Patch telegraf for CVE-2026-4645 Patch vim for CVE-2026-32249 CVE-2026-33412 Upgrade bind to 9.20.21 for CVE-2026-3591, CVE-2026-3119, CVE-2026-3104, CVE-2026-1519 Upgrade erlang to 26.2.5.18 for CVE-2026-23941, CVE-2026-23942, CVE-2026-23943 Upgrade etcd to 3.5.28 for CVE-2026-33413, CVE-2026-33343 Upgrade frr to 10.5.0 Upgrade golang to 1.26.1-1 Upgrade kernel to 6.6.130.1 and reapply recent BBR3 and zram compressions. Includes crackarmor fix CVE-2026-23269 Upgrade kernel-hwe to 6.12.78.2.1 for CVE-2026-23269. Upgrade KubeVirt to v1.7.1 Upgrade libpng to 1.6.56 for CVE-2026-33636, CVE-2026-33416 Upgrade mariadb to 10.11.16 for CVE-2026-3494 Upgrade nginx to 1.28.3 for CVE-2026-27654, CVE-2026-27784, CVE-2026-32647, CVE-2026-27651, CVE-2026-28753, CVE-2026-28755 Upgrade shim to v16.1 Upgrade SymCrypt-OpenSSL to 1.9.5 Upgrade trident to v0.22

Additional Notes: Kernel-hwe was upgraded to 6.12.78.2.1 resulting in a rebuild of cuda-open-hwe OOT module (cuda-open-hwe-580.105.08-7_6.12.78.2.1.azl3.aarch64.rpm)

Note that in a bare metal test scenario, running nvidia-smi caused the kernel to crash with "Trying to vfree() nonexistent vm area (000000001f7525a8)". In virtualized scenarios all testing passed.