- Updates `debian-iptables` to v1.6.7 to pick up CVE fixes. ([#104970](https://github.com/kubernetes/kubernetes/pull/104970), [@PushkarJ](https://github.com/PushkarJ))
- Updates the following images to pick up CVE fixes:
  - `debian` to v1.9.0
  - `debian-iptables` to v1.6.6

- Updates the following images to pick up CVE fixes:
  - `debian` to v1.8.0
  - `debian-iptables` to v1.6.5

## Changelog since v1.20.12

## Changes by Kind

### Feature

- Update debian-base, debian-iptables, setcap images to pick up CVE fixes
  - Debian-base to v1.9.0
  - Debian-iptables to v1.6.7 (#106148, @cpanato) [SIG Release and Testing]

### Failing Test

### Feature

- Kubernetes is now built with Go 1.20.8 ([#120497](https://github.com/kubernetes/kubernetes/pull/120497), [@cpanato](https://github.com/cpanato)) [SIG Release and Testing]

### Bug or Regression

- Cherry-pick #115769: Fix the problem Pod terminating stuck because of trying to umount not actual mounted dir. ([#119832](https://github.com/kubernetes/kubernetes/pull/119832), [@cartermckinnon](https://github.com/cartermckinnon)) [SIG Node and Storage]

* Update GCE ContainerVM deployment to container-vm-v20170117 to pick up CVE fixes in base image. ([#40094](https://github.com/kubernetes/kubernetes/pull/40094), [@zmerlynn](https://github.com/zmerlynn))

the pool of Service IP addresses thereby reducing the risk of collision.

A Service `ClusterIP` can be assigned:

* dynamically, which means the cluster will automatically pick a free IP within the configured Service IP range.
* statically, which means the user will set one IP within the configured Service IP range.

* Fix LoadBalancer rule checking so that no unexpected LoadBalancer updates are made ([#85990](https://github.com/kubernetes/kubernetes/pull/85990), [@feiskyer](https://github.com/feiskyer))
* cherry pick of [#85885](https://github.com/kubernetes/kubernetes/pull/85885): Provider/Azure: Add cache for VMSS. ([#86049](https://github.com/kubernetes/kubernetes/pull/86049), [@nilo19](https://github.com/nilo19))

- [stackdriver addon] Bumped prometheus-to-sd to v0.5.0 to pick up security fixes.
[fluentd-gcp addon] Bumped fluentd-gcp-scaler to v0.5.1 to pick up security fixes.
[fluentd-gcp addon] Bumped event-exporter to v0.2.4 to pick up security fixes.
[fluentd-gcp addon] Bumped prometheus-to-sd to v0.5.0 to pick up security fixes.

* Update GCE ContainerVM deployment to container-vm-v20170117 to pick up CVE fixes in base image. ([#40094](https://github.com/kubernetes/kubernetes/pull/40094), [@zmerlynn](https://github.com/zmerlynn))

  * to container-vm-v20170201 to address CVE-2016-9962. ([#40828](https://github.com/kubernetes/kubernetes/pull/40828), [@zmerlynn](https://github.com/zmerlynn))
  * to container-vm-v20170117 to pick up CVE fixes in base image. ([#40094](https://github.com/kubernetes/kubernetes/pull/40094), [@zmerlynn](https://github.com/zmerlynn))