pkg syscall (darwin-arm64), const EPERM = 1
pkg syscall (darwin-arm64), const EPFNOSUPPORT = 46
pkg syscall (darwin-arm64), const EPIPE = 32
pkg syscall (darwin-arm64), const EPROCLIM = 67
pkg syscall (darwin-arm64), const EPROCLIM Errno
pkg syscall (darwin-arm64), const EPROCUNAVAIL = 76
pkg syscall (darwin-arm64), const EPROCUNAVAIL Errno
pkg syscall (darwin-arm64), const EPROGMISMATCH = 75

		// -- Default for Reduced Redundancy Storage class is, parity = 2
		// -- Default for Standard Storage class is, parity = 2 - disks 4, 5
		// -- Default for Standard Storage class is, parity = 3 - disks 6, 7
		// -- Default for Standard Storage class is, parity = 4 - disks 8 to 16
		if commonParityDrives == 0 {
			commonParityDrives, err = ecDrivesNoConfig(ep.DrivesPerSet)
			if err != nil {
				return nil, err
			}

- Updates `debian-iptables` to v1.6.7 to pick up CVE fixes. ([#104970](https://github.com/kubernetes/kubernetes/pull/104970), [@PushkarJ](https://github.com/PushkarJ))
- Updates the following images to pick up CVE fixes:
  - `debian` to v1.9.0

	// Prepare request
	request, err = newTestSignedRequest(http.MethodGet, getGetObjectURL(s.endPoint, bucketName, "bar"),
		0, nil, s.accessKey, s.secretKey, s.signer)
	c.Assert(err, nil)
	request.Header.Set("Range", "bytes=6-7")

	response, err = s.client.Do(request)
	c.Assert(err, nil)
	c.Assert(response.StatusCode, http.StatusPartialContent)
	partialObject, err := io.ReadAll(response.Body)
	c.Assert(err, nil)

**Fixed Versions**:
  - kube-apiserver v1.31.12
  - kube-apiserver v1.32.8
  - kube-apiserver v1.33.4

This vulnerability was reported by Paul Viossat.


**CVSS Rating:** Medium (6.7) [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L)

## Changes by Kind

### API Change

pkg syscall (netbsd-arm64-cgo), const EPERM = 1
pkg syscall (netbsd-arm64-cgo), const EPFNOSUPPORT = 46
pkg syscall (netbsd-arm64-cgo), const EPIPE = 32
pkg syscall (netbsd-arm64-cgo), const EPROCLIM = 67
pkg syscall (netbsd-arm64-cgo), const EPROCLIM Errno
pkg syscall (netbsd-arm64-cgo), const EPROCUNAVAIL = 76
pkg syscall (netbsd-arm64-cgo), const EPROCUNAVAIL Errno
pkg syscall (netbsd-arm64-cgo), const EPROGMISMATCH = 75

- VSphere releases less than 7.0u2 are deprecated as of v1.24. Please consider upgrading vSphere to 7.0u2 or above. vSphere CSI Driver requires minimum vSphere 7.0u2.

  General Support for vSphere 6.7 will end on October 15, 2022. vSphere 6.7 Update 3 is deprecated in Kubernetes v1.24.  Customers are recommended to upgrade vSphere (both ESXi and vCenter) to 7.0u2 or above.  vSphere CSI Driver 2.2.3 and higher supports CSI Migration.

* The alpha KubeletConfiguration.ConfigTrialDuration field is no longer available. ([#59628](https://github.com/kubernetes/kubernetes/pull/59628), [@mtaufen](https://github.com/mtaufen))

* Fix a broken configuration of prometheus-to-sd for fluentd and event-exporter. ([#58959](https://github.com/kubernetes/kubernetes/pull/58959), [@loburm](https://github.com/loburm))

**Fixed Versions**:
  - kube-apiserver v1.31.12
  - kube-apiserver v1.32.8
  - kube-apiserver v1.33.4

This vulnerability was reported by Paul Viossat.


**CVSS Rating:** Medium (6.7) [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L)

## Changes by Kind

### Feature