Flatcar Container Linux Release - October 4th, 2023 page 9

* [CVE-2022-29824](https://nvd.nist.gov/vuln/detail/CVE-2022-29824) CVSSv3 score: 6.5(Medium) In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well. * [CVE-2022-40303](https://nvd.nist.gov/vuln/detail/CVE-2022-40303) CVSSv3 score: 7.5(High) An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault. * [CVE-2022-40304](https://nvd.nist.gov/vuln/detail/CVE-2022-40304) CVSSv3 score: 7.8(High) An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked. * logrotate * [CVE-2022-1348](https://nvd.nist.gov/vuln/detail/CVE-2022-1348) CVSSv3 score: 6.5(Medium) A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist, it is created with world-readable permission, allowing an unprivileged user to lock the state file, stopping any rotation. This flaw affects logrotate versions before 3.20.0. * multipath-tools * [CVE-2022-41973](https://nvd.nist.gov/vuln/detail/CVE-2022-41973) CVSSv3 score: 7.8(High) multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which could lead to controlled file writes outside of the /dev/shm directory. This could be used indirectly for local privilege escalation to root. * [CVE-2022-41974](https://nvd.nist.gov/vuln/detail/CVE-2022-41974) CVSSv3 score: 7.8(High) multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This can lead to local privilege escalation to root. This occurs because an attacker can repeat a keyword, which is mishandled because arithmetic ADD is used instead of bitwise OR. * ncurses * [CVE-2022-29458](https://nvd.nist.gov/vuln/detail/CVE-2022-29458) CVSSv3 score: 7.1(High) ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library. * nvidia-drivers * [CVE-2022-28181](https://nvd.nist.gov/vuln/detail/CVE-2022-28181) CVSSv3 score: n/a NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user on the network can cause an out-of-bounds write through a specially crafted shader, which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. The scope of the impact may extend to other components. * [CVE-2022-28183](https://nvd.nist.gov/vuln/detail/CVE-2022-28183) CVSSv3 score: 7.1(High) NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause an out-of-bounds read, which may lead to denial of service and information disclosure. * [CVE-2022-28184](https://nvd.nist.gov/vuln/detail/CVE-2022-28184) CVSSv3 score: 7.8(High) NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where an unprivileged regular user can access administrator- privileged registers, which may lead to denial of service, information disclosure, and data tampering. * [CVE-2022-28185](https://nvd.nist.gov/vuln/detail/CVE-2022-28185) CVSSv3 score: 7.1(High) NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the ECC layer, where an unprivileged regular user can cause an out-of-bounds write, which may lead to denial of service and data tampering. * open-vm-tools * [CVE-2022-31676](https://nvd.nist.gov/vuln/detail/CVE-2022-31676) CVSSv3 score: 7.8(High) VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine. * polkit * [CVE-2021-4115](https://nvd.nist.gov/vuln/detail/CVE-2021-4115) CVSSv3 score: 5.5(Medium) There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and a new one being spawned * rsync * [CVE-2018-25032](https://nvd.nist.gov/vuln/detail/CVE-2018-25032) CVSSv3 score: 7.5(High) zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. * [CVE-2022-29154](https://nvd.nist.gov/vuln/detail/CVE-2022-29154) CVSSv3 score: 7.4(High) An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A malicious rsync server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory and subdirectories (for example, overwrite the .ssh/authorized_keys file). * runc * [CVE-2022-29162](https://nvd.nist.gov/vuln/detail/CVE-2022-29162) CVSSv3 score: 7.8(High) runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where `runc exec --cap` created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve(2). This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in runc 1.1.2. This fix changes `runc exec --cap` behavior such that the additional capabilities granted to the process being executed (as specified via `--cap` arguments) do not include inheritable capabilities. In addition, `runc spec` is changed to not set any inheritable capabilities in the created example OCI spec (`config.json`) file. * shadow * [CVE-2013-4235](https://nvd.nist.gov/vuln/detail/CVE-2013-4235) CVSSv3 score: 4.7(Medium) shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees * [CVE-2013-4235](https://nvd.nist.gov/vuln/detail/CVE-2013-4235) CVSSv3 score: 4.7(Medium) shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees * sudo * [CVE-2022-43995](https://nvd.nist.gov/vuln/detail/CVE-2022-43995) CVSSv3 score: 7.1(High) Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the system libraries, compiler, and processor architecture. * [CVE-2023-22809](https://nvd.nist.gov/vuln/detail/CVE-2023-22809) CVSSv3 score: 7.8(High) In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value. * systemd * [CVE-2021-3997](https://nvd.nist.gov/vuln/detail/CVE-2021-3997) CVSSv3 score: 5.5(Medium) A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp. * [CVE-2022-3821](https://nvd.nist.gov/vuln/detail/CVE-2022-3821) CVSSv3 score: 5.5(Medium) An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service. * [CVE-2022-4415](https://nvd.nist.gov/vuln/detail/CVE-2022-4415) CVSSv3 score: 5.5(Medium) A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting. * unzip * [CVE-2022-0529](https://nvd.nist.gov/vuln/detail/CVE-2022-0529) CVSSv3 score: 5.5(Medium) A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. * [CVE-2022-0530](https://nvd.nist.gov/vuln/detail/CVE-2022-0530) CVSSv3 score: 5.5(Medium) A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. * [CVE-2021-4217](https://nvd.nist.gov/vuln/detail/CVE-2021-4217) CVSSv3 score: 3.3(Low) A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. * util-linux * [CVE-2021-3995](https://nvd.nist.gov/vuln/detail/CVE-2021-3995) CVSSv3 score: 5.5(Medium) A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE filesystems that belong to certain other users who have a UID that is a prefix of the UID of the attacker in its string form. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems. * [CVE-2021-3996](https://nvd.nist.gov/vuln/detail/CVE-2021-3996) CVSSv3 score: 5.5(Medium) A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable directory. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems. * [CVE-2022-0563](https://nvd.nist.gov/vuln/detail/CVE-2022-0563) CVSSv3 score: 5.5(Medium) A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4. * vim * [CVE-2022-2042](https://nvd.nist.gov/vuln/detail/CVE-2022-2042) CVSSv3 score: 7.8(High) Use After Free in GitHub repository vim/vim prior to 8.2. * [CVE-2022-2124](https://nvd.nist.gov/vuln/detail/CVE-2022-2124) CVSSv3 score: 7.8(High) Buffer Over-read in GitHub repository vim/vim prior to 8.2. * [CVE-2022-2125](https://nvd.nist.gov/vuln/detail/CVE-2022-2125) CVSSv3 score: 7.8(High) Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. * [CVE-2022-2126](https://nvd.nist.gov/vuln/detail/CVE-2022-2126) CVSSv3 score: 7.8(High) Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. * [CVE-2022-2129](https://nvd.nist.gov/vuln/detail/CVE-2022-2129) CVSSv3 score: 7.8(High) Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. * [CVE-2022-2175](https://nvd.nist.gov/vuln/detail/CVE-2022-2175) CVSSv3 score: 7.8(High) Buffer Over-read in GitHub repository vim/vim prior to 8.2. * [CVE-2022-2182](https://nvd.nist.gov/vuln/detail/CVE-2022-2182) CVSSv3 score: 7.8(High) Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. * [CVE-2022-2183](https://nvd.nist.gov/vuln/detail/CVE-2022-2183) CVSSv3 score: 7.8(High) Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. * [CVE-2022-2206](https://nvd.nist.gov/vuln/detail/CVE-2022-2206) CVSSv3 score: 7.8(High) Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. * [CVE-2022-2207](https://nvd.nist.gov/vuln/detail/CVE-2022-2207) CVSSv3 score: 7.8(High) Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. * [CVE-2022-2208](https://nvd.nist.gov/vuln/detail/CVE-2022-2208) CVSSv3 score: 5.5(Medium) NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163. * [CVE-2022-2210](https://nvd.nist.gov/vuln/detail/CVE-2022-2210) CVSSv3 score: 7.8(High) Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. * [CVE-2022-2231](https://nvd.nist.gov/vuln/detail/CVE-2022-2231) CVSSv3 score: 5.5(Medium) NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2. * [CVE-2022-2257](https://nvd.nist.gov/vuln/detail/CVE-2022-2257) CVSSv3 score: 7.8(High) Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. * [CVE-2022-2264](https://nvd.nist.gov/vuln/detail/CVE-2022-2264) CVSSv3 score: 7.8(High) Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. * [CVE-2022-2284](https://nvd.nist.gov/vuln/detail/CVE-2022-2284) CVSSv3 score: 7.8(High) Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. * [CVE-2022-2285](https://nvd.nist.gov/vuln/detail/CVE-2022-2285) CVSSv3 score: 7.8(High) Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0. * [CVE-2022-2286](https://nvd.nist.gov/vuln/detail/CVE-2022-2286) CVSSv3 score: 7.8(High) Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. * [CVE-2022-2287](https://nvd.nist.gov/vuln/detail/CVE-2022-2287) CVSSv3 score: 7.1(High) Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. * [CVE-2022-2288](https://nvd.nist.gov/vuln/detail/CVE-2022-2288) CVSSv3 score: 7.8(High) Out-of-bounds Write in GitHub repository vim/vim prior to 9.0. * [CVE-2022-2289](https://nvd.nist.gov/vuln/detail/CVE-2022-2289) CVSSv3 score: 7.8(High) Use After Free in GitHub repository vim/vim prior to 9.0. * [CVE-2022-2304](https://nvd.nist.gov/vuln/detail/CVE-2022-2304) CVSSv3 score: 7.8(High) Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. * [CVE-2022-2343](https://nvd.nist.gov/vuln/detail/CVE-2022-2343) CVSSv3 score: 7.8(High) Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0044. * [CVE-2022-2344](https://nvd.nist.gov/vuln/detail/CVE-2022-2344) CVSSv3 score: 7.8(High) Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045. * [CVE-2022-2345](https://nvd.nist.gov/vuln/detail/CVE-2022-2345) CVSSv3 score: 7.8(High) Use After Free in GitHub repository vim/vim prior to 9.0.0046. * [CVE-2022-2522](https://nvd.nist.gov/vuln/detail/CVE-2022-2522) CVSSv3 score: 7.8(High) Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0061. * [CVE-2022-2816](https://nvd.nist.gov/vuln/detail/CVE-2022-2816) CVSSv3 score: 7.8(High) Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0212. * [CVE-2022-2817](https://nvd.nist.gov/vuln/detail/CVE-2022-2817) CVSSv3 score: 7.8(High) Use After Free in GitHub repository vim/vim prior to 9.0.0213. * [CVE-2022-2819](https://nvd.nist.gov/vuln/detail/CVE-2022-2819) CVSSv3 score: 7.8(High) Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0211. * [CVE-2022-2845](https://nvd.nist.gov/vuln/detail/CVE-2022-2845) CVSSv3 score: n/a Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218. * [CVE-2022-2849](https://nvd.nist.gov/vuln/detail/CVE-2022-2849) CVSSv3 score: 7.8(High) Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220. * [CVE-2022-2862](https://nvd.nist.gov/vuln/detail/CVE-2022-2862) CVSSv3 score: 7.8(High) Use After Free in GitHub repository vim/vim prior to 9.0.0221. * [CVE-2022-2874](https://nvd.nist.gov/vuln/detail/CVE-2022-2874) CVSSv3 score: 5.5(Medium) NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0224. * [CVE-2022-2889](https://nvd.nist.gov/vuln/detail/CVE-2022-2889) CVSSv3 score: 7.8(High) Use After Free in GitHub repository vim/vim prior to 9.0.0225. * [CVE-2022-2923](https://nvd.nist.gov/vuln/detail/CVE-2022-2923) CVSSv3 score: 5.5(Medium) NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240. * [CVE-2022-2946](https://nvd.nist.gov/vuln/detail/CVE-2022-2946) CVSSv3 score: 7.8(High) Use After Free in GitHub repository vim/vim prior to 9.0.0246. * [CVE-2022-2980](https://nvd.nist.gov/vuln/detail/CVE-2022-2980) CVSSv3 score: 5.5(Medium) NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0259. * [CVE-2022-2982](https://nvd.nist.gov/vuln/detail/CVE-2022-2982) CVSSv3 score: 7.8(High) Use After Free in GitHub repository vim/vim prior to 9.0.0260. * [CVE-2022-3016](https://nvd.nist.gov/vuln/detail/CVE-2022-3016) CVSSv3 score: 7.8(High) Use After Free in GitHub repository vim/vim prior to 9.0.0286. * [CVE-2022-3099](https://nvd.nist.gov/vuln/detail/CVE-2022-3099) CVSSv3 score: 7.8(High) Use After Free in GitHub repository vim/vim prior to 9.0.0360. * [CVE-2022-3134](https://nvd.nist.gov/vuln/detail/CVE-2022-3134) CVSSv3 score: 7.8(High) Use After Free in GitHub repository vim/vim prior to 9.0.0389. * [CVE-2022-3153](https://nvd.nist.gov/vuln/detail/CVE-2022-3153) CVSSv3 score: 5.5(Medium) NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404. * [CVE-2021-3872](https://nvd.nist.gov/vuln/detail/CVE-2021-3872) CVSSv3 score: 7.8(High) vim is vulnerable to Heap-based Buffer Overflow * [CVE-2021-3875](https://nvd.nist.gov/vuln/detail/CVE-2021-3875) CVSSv3 score: 5.5(Medium) vim is vulnerable to Heap-based Buffer Overflow * [CVE-2021-3903](https://nvd.nist.gov/vuln/detail/CVE-2021-3903) CVSSv3 score: 7.8(High) vim is vulnerable to Heap-based Buffer Overflow * [CVE-2021-3927](https://nvd.nist.gov/vuln/detail/CVE-2021-3927) CVSSv3 score: 7.8(High) vim is vulnerable to Heap-based Buffer Overflow * [CVE-2021-3928](https://nvd.nist.gov/vuln/detail/CVE-2021-3928) CVSSv3 score: 7.8(High) vim is vulnerable to Use of Uninitialized Variable * [CVE-2021-3968](https://nvd.nist.gov/vuln/detail/CVE-2021-3968) CVSSv3 score: 8(High) vim is vulnerable to Heap-based Buffer Overflow * [CVE-2021-3973](https://nvd.nist.gov/vuln/detail/CVE-2021-3973) CVSSv3 score: 7.8(High) vim is vulnerable to Heap-based Buffer Overflow * [CVE-2021-3974](https://nvd.nist.gov/vuln/detail/CVE-2021-3974) CVSSv3 score: 7.8(High) vim is vulnerable to Use After Free * [CVE-2021-3984](https://nvd.nist.gov/vuln/detail/CVE-2021-3984) CVSSv3 score: 7.8(High) vim is vulnerable to Heap-based Buffer Overflow * [CVE-2021-4019](https://nvd.nist.gov/vuln/detail/CVE-2021-4019) CVSSv3 score: 7.8(High) vim is vulnerable to Heap-based Buffer Overflow * [CVE-2021-4069](https://nvd.nist.gov/vuln/detail/CVE-2021-4069) CVSSv3 score: 7.8(High) vim is vulnerable to Use After Free * [CVE-2021-4136](https://nvd.nist.gov/vuln/detail/CVE-2021-4136) CVSSv3 score: 7.8(High) vim is vulnerable to Heap-based Buffer Overflow * [CVE-2021-4173](https://nvd.nist.gov/vuln/detail/CVE-2021-4173) CVSSv3 score: 7.8(High) vim is vulnerable to Use After Free * [CVE-2021-4166](https://nvd.nist.gov/vuln/detail/CVE-2021-4166) CVSSv3 score: 7.1(High) vim is vulnerable to Out-of-bounds Read * [CVE-2021-4187](https://nvd.nist.gov/vuln/detail/CVE-2021-4187) CVSSv3 score: 7.8(High) vim is vulnerable to Use After Free * [CVE-2021-4192](https://nvd.nist.gov/vuln/detail/CVE-2021-4192) CVSSv3 score: 7.8(High) vim is vulnerable to Use After Free * [CVE-2021-4193](https://nvd.nist.gov/vuln/detail/CVE-2021-4193) CVSSv3 score: 5.5(Medium) vim is vulnerable to Out-of-bounds Read * [CVE-2022-0128](https://nvd.nist.gov/vuln/detail/CVE-2022-0128) CVSSv3 score: 7.8(High) vim is vulnerable to Out-of-bounds Read * [CVE-2022-0156](https://nvd.nist.gov/vuln/detail/CVE-2022-0156) CVSSv3 score: 5.5(Medium) vim is vulnerable to Use After Free * [CVE-2022-0158](https://nvd.nist.gov/vuln/detail/CVE-2022-0158) CVSSv3 score: 3.3(Low) vim is vulnerable to Heap-based Buffer Overflow * [CVE-2022-0213](https://nvd.nist.gov/vuln/detail/CVE-2022-0213) CVSSv3 score: 6.6(Medium) vim is vulnerable to Heap-based Buffer Overflow * [CVE-2022-0261](https://nvd.nist.gov/vuln/detail/CVE-2022-0261) CVSSv3 score: 7.8(High) Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. * [CVE-2022-0318](https://nvd.nist.gov/vuln/detail/CVE-2022-0318) CVSSv3 score: 9.8(Critical) Heap-based Buffer Overflow in vim/vim prior to 8.2. * [CVE-2022-0319](https://nvd.nist.gov/vuln/detail/CVE-2022-0319) CVSSv3 score: 5.5(Medium) Out-of-bounds Read in vim/vim prior to 8.2. * [CVE-2022-0351](https://nvd.nist.gov/vuln/detail/CVE-2022-0351) CVSSv3 score: 7.8(High) Access of Memory Location Before Start of Buffer in GitHub repository vim/vim prior to 8.2. * [CVE-2022-0359](https://nvd.nist.gov/vuln/detail/CVE-2022-0359) CVSSv3 score: 7.8(High) Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. * [CVE-2022-0361](https://nvd.nist.gov/vuln/detail/CVE-2022-0361) CVSSv3 score: 7.8(High) Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. * [CVE-2022-0368](https://nvd.nist.gov/vuln/detail/CVE-2022-0368) CVSSv3 score: 7.8(High) Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. * [CVE-2022-0392](https://nvd.nist.gov/vuln/detail/CVE-2022-0392) CVSSv3 score: 7.8(High) Heap-based Buffer Overflow in GitHub repository vim prior to 8.2. * [CVE-2022-0393](https://nvd.nist.gov/vuln/detail/CVE-2022-0393) CVSSv3 score: 7.1(High) Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. * [CVE-2022-0407](https://nvd.nist.gov/vuln/detail/CVE-2022-0407) CVSSv3 score: 7.8(High) Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. * [CVE-2022-0408](https://nvd.nist.gov/vuln/detail/CVE-2022-0408) CVSSv3 score: 7.8(High) Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. * [CVE-2022-0413](https://nvd.nist.gov/vuln/detail/CVE-2022-0413) CVSSv3 score: 7.8(High) Use After Free in GitHub repository vim/vim prior to 8.2. * [CVE-2022-0417](https://nvd.nist.gov/vuln/detail/CVE-2022-0417) CVSSv3 score: 7.8(High) Heap-based Buffer Overflow GitHub repository vim/vim prior to 8.2. * [CVE-2022-0443](https://nvd.nist.gov/vuln/detail/CVE-2022-0443) CVSSv3 score: 7.8(High) Use After Free in GitHub repository vim/vim prior to 8.2. * [CVE-2022-0629](https://nvd.nist.gov/vuln/detail/CVE-2022-0629) CVSSv3 score: 7.8(High) Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. * [CVE-2022-0685](https://nvd.nist.gov/vuln/detail/CVE-2022-0685) CVSSv3 score: 7.8(High) Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418. * [CVE-2022-0714](https://nvd.nist.gov/vuln/detail/CVE-2022-0714) CVSSv3 score: 5.5(Medium) Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436. * [CVE-2022-0729](https://nvd.nist.gov/vuln/detail/CVE-2022-0729) CVSSv3 score: 8.8(High) Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440. * [CVE-2022-0943](https://nvd.nist.gov/vuln/detail/CVE-2022-0943) CVSSv3 score: 7.8(High) Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563. * [CVE-2022-1154](https://nvd.nist.gov/vuln/detail/CVE-2022-1154) CVSSv3 score: 7.8(High) Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646. * [CVE-2022-1160](https://nvd.nist.gov/vuln/detail/CVE-2022-1160) CVSSv3 score: 7.8(High) heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647. * [CVE-2022-1381](https://nvd.nist.gov/vuln/detail/CVE-2022-1381) CVSSv3 score: 7.8(High) global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution * [CVE-2022-1420](https://nvd.nist.gov/vuln/detail/CVE-2022-1420) CVSSv3 score: 5.5(Medium) Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774. * [CVE-2022-1616](https://nvd.nist.gov/vuln/detail/CVE-2022-1616) CVSSv3 score: 7.8(High) Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution * [CVE-2022-1619](https://nvd.nist.gov/vuln/detail/CVE-2022-1619) CVSSv3 score: 7.8(High) Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable of crashing software, modify memory, and possible remote execution * [CVE-2022-1620](https://nvd.nist.gov/vuln/detail/CVE-2022-1620) CVSSv3 score: 7.5(High) NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows attackers to cause a denial of service (application crash) via a crafted input. * [CVE-2022-1621](https://nvd.nist.gov/vuln/detail/CVE-2022-1621) CVSSv3 score: 7.8(High) Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution * [CVE-2022-1629](https://nvd.nist.gov/vuln/detail/CVE-2022-1629) CVSSv3 score: 7.8(High) Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution * [CVE-2022-1674](https://nvd.nist.gov/vuln/detail/CVE-2022-1674) CVSSv3 score: 5.5(Medium) NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allows attackers to cause a denial of service (application crash) via a crafted input. * [CVE-2022-1733](https://nvd.nist.gov/vuln/detail/CVE-2022-1733) CVSSv3 score: 7.8(High) Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968. * [CVE-2022-1735](https://nvd.nist.gov/vuln/detail/CVE-2022-1735) CVSSv3 score: 7.8(High) Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969. * [CVE-2022-1769](https://nvd.nist.gov/vuln/detail/CVE-2022-1769) CVSSv3 score: 7.8(High) Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974. * [CVE-2022-1771](https://nvd.nist.gov/vuln/detail/CVE-2022-1771) CVSSv3 score: 5.5(Medium) Uncontrolled Recursion in GitHub repository vim/vim prior to 8.2.4975. * [CVE-2022-1785](https://nvd.nist.gov/vuln/detail/CVE-2022-1785) CVSSv3 score: 7.8(High) Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977. * [CVE-2022-1796](https://nvd.nist.gov/vuln/detail/CVE-2022-1796) CVSSv3 score: 7.8(High) Use After Free in GitHub repository vim/vim prior to 8.2.4979. * [CVE-2022-1897](https://nvd.nist.gov/vuln/detail/CVE-2022-1897) CVSSv3 score: 7.8(High) Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. * [CVE-2022-1898](https://nvd.nist.gov/vuln/detail/CVE-2022-1898) CVSSv3 score: 7.8(High) Use After Free in GitHub repository vim/vim prior to 8.2. * [CVE-2022-1886](https://nvd.nist.gov/vuln/detail/CVE-2022-1886) CVSSv3 score: 7.8(High) Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. * [CVE-2022-1851](https://nvd.nist.gov/vuln/detail/CVE-2022-1851) CVSSv3 score: 7.8(High) Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. * [CVE-2022-1927](https://nvd.nist.gov/vuln/detail/CVE-2022-1927) CVSSv3 score: 7.8(High) Buffer Over-read in GitHub repository vim/vim prior to 8.2. * [CVE-2022-1942](https://nvd.nist.gov/vuln/detail/CVE-2022-1942) CVSSv3 score: 7.8(High) Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. * [CVE-2022-1968](https://nvd.nist.gov/vuln/detail/CVE-2022-1968) CVSSv3 score: 7.8(High) Use After Free in GitHub repository vim/vim prior to 8.2. * [CVE-2022-2000](https://nvd.nist.gov/vuln/detail/CVE-2022-2000) CVSSv3 score: 7.8(High) Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. * [CVE-2022-1725](https://nvd.nist.gov/vuln/detail/CVE-2022-1725) CVSSv3 score: 5.5(Medium) NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4959. * [CVE-2022-3234](https://nvd.nist.gov/vuln/detail/CVE-2022-3234) CVSSv3 score: 7.8(High) Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483. * [CVE-2022-3235](https://nvd.nist.gov/vuln/detail/CVE-2022-3235) CVSSv3 score: 7.8(High) Use After Free in GitHub repository vim/vim prior to 9.0.0490. * [CVE-2022-3278](https://nvd.nist.gov/vuln/detail/CVE-2022-3278) CVSSv3 score: 5.5(Medium) NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0552. * [CVE-2022-3256](https://nvd.nist.gov/vuln/detail/CVE-2022-3256) CVSSv3 score: 7.8(High) Use After Free in GitHub repository vim/vim prior to 9.0.0530. * [CVE-2022-3296](https://nvd.nist.gov/vuln/detail/CVE-2022-3296) CVSSv3 score: 7.8(High) Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0577. * [CVE-2022-3297](https://nvd.nist.gov/vuln/detail/CVE-2022-3297) CVSSv3 score: 7.8(High) Use After Free in GitHub repository vim/vim prior to 9.0.0579. * [CVE-2022-3324](https://nvd.nist.gov/vuln/detail/CVE-2022-3324) CVSSv3 score: 7.8(High) Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598. * [CVE-2022-3352](https://nvd.nist.gov/vuln/detail/CVE-2022-3352) CVSSv3 score: 7.8(High) Use After Free in GitHub repository vim/vim prior to 9.0.0614. * [CVE-2022-3491](https://nvd.nist.gov/vuln/detail/CVE-2022-3491) CVSSv3 score: 7.8(High) Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0742. * [CVE-2022-3520](https://nvd.nist.gov/vuln/detail/CVE-2022-3520) CVSSv3 score: 9.8(Critical) Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0765. * [CVE-2022-3591](https://nvd.nist.gov/vuln/detail/CVE-2022-3591) CVSSv3 score: 7.8(High) Use After Free in GitHub repository vim/vim prior to 9.0.0789. * [CVE-2022-4141](https://nvd.nist.gov/vuln/detail/CVE-2022-4141) CVSSv3 score: 7.8(High) Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker to CTRL-W gf in the expression used in the RHS of the substitute command. * [CVE-2022-4292](https://nvd.nist.gov/vuln/detail/CVE-2022-4292) CVSSv3 score: 7.8(High) Use After Free in GitHub repository vim/vim prior to 9.0.0882. * [CVE-2022-4293](https://nvd.nist.gov/vuln/detail/CVE-2022-4293) CVSSv3 score: 5.5(Medium) Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804. * [CVE-2022-3705](https://nvd.nist.gov/vuln/detail/CVE-2022-3705) CVSSv3 score: 7.5(High) A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to address this issue. The name of the patch is d0fab10ed2a86698937e3c3fed2f10bd9bb5e731. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-212324. * [CVE-2023-0049](https://nvd.nist.gov/vuln/detail/CVE-2023-0049) CVSSv3 score: 7.8(High) Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143. * [CVE-2023-0051](https://nvd.nist.gov/vuln/detail/CVE-2023-0051) CVSSv3 score: 7.8(High) Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1144. * [CVE-2023-0054](https://nvd.nist.gov/vuln/detail/CVE-2023-0054) CVSSv3 score: 7.8(High) Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145. * xz-utils * [CVE-2022-1271](https://nvd.nist.gov/vuln/detail/CVE-2022-1271) CVSSv3 score: 8.8(High) An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system. * zlib * [CVE-2018-25032](https://nvd.nist.gov/vuln/detail/CVE-2018-25032) CVSSv3 score: 7.5(High) zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. * [CVE-2022-37434](https://nvd.nist.gov/vuln/detail/CVE-2022-37434) CVSSv3 score: 9.8(Critical) zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference). ### Communication #### Go/No-Go message for Matrix/Slack Go/No-Go Meeting for Alpha 3745.0.0, Beta 3732.1.0, Stable 3602.2.0, LTS 3510.3.0 Pre-view images are available in https://bincache.flatcar-linux.net/images/amd64/$VERSION/ Tracking issue: https://github.com/flatcar/Flatcar/issues/1196 The Go/No-Go document is in our HackMD @flatcar namespace Link: https://hackmd.io/XnuvS255RVyq0VgVboxxVw?view Please give your Go/No-Go vote with 💚 for Go, ❌ for No-Go, and ✋ for Wait. Contributors & community feel free to put your suggestions, thoughts or comments on the document or here in the chat. @MAINTAINER @MAINTAINER @MAINTAINER #### Mastodon _The toot (from [@flatcar](https://hachyderm.io/@flatcar)) goes out after the changelog update has been published; it includes a link to the web changelog._ New Flatcar releases for all channels now available! 🚀 systemd-sysext OEM - AWS & VMware, qcow2 compressed format in Qemu images 🩹 Fix adding partitions to the boot disk 📦 Many package updates: Linux Kernel, OpenSSH, ignition, intel-microcode 🔒 CVE fixes & security patches: CVE-2023-24538 (Go), CVE-2023-28531 (OpenSSH) 📜 Release notes at the usual spot: https://www.flatcar.org/releases/ #linux #cloudnative #containers #updates #### Kubernetes Slack _This goes in the #flatcar channel_ Please welcome Flatcar releases of this month: - Alpha 3745.0.0 (new major) - Beta 3732.1.0 (new major) - Stable 3602.2.0 (new major) - LTS 3510.3.0 (new major) These releases include: 🚀 systemd-sysext OEM - AWS & VMware, qcow2 compressed format in Qemu images 🩹 Fix adding partitions to the boot disk 📦 Many package updates: Linux Kernel, OpenSSH, ignition, intel-microcode 🔒 CVE fixes & security patches: CVE-2023-24538 (Go), CVE-2023-28531 (OpenSSH) 📜 Release notes in usual spot: https://www.flatcar.org/releases/