Flatcar Container Linux Release - January 18, 2024 5/5

* [CVE-2023-28321](https://nvd.nist.gov/vuln/detail/CVE-2023-28321) CVSSv3 score: 5.9(Medium) An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`. * [CVE-2023-28320](https://nvd.nist.gov/vuln/detail/CVE-2023-28320) CVSSv3 score: 5.9(Medium) A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous resolver, it allows name resolves to time-out slow operations using `alarm()` and `siglongjmp()`. When doing this, libcurl used a global buffer that was not mutex protected and a multi-threaded application might therefore crash or otherwise misbehave. * [CVE-2023-28319](https://nvd.nist.gov/vuln/detail/CVE-2023-28319) CVSSv3 score: 7.5(High) A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the (now freed) hash. This flaw risks inserting sensitive heap-based data into the error message that might be shown to users or otherwise get leaked and revealed. * git * [CVE-2023-29007](https://nvd.nist.gov/vuln/detail/CVE-2023-29007) CVSSv3 score: 7.8(High) Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug in `config.c::git_config_copy_or_rename_section_in_file()`. This bug can be used to inject arbitrary configuration into a user's `$GIT_DIR/config` when attempting to remove the configuration section associated with that submodule. When the attacker injects configuration values which specify executables to run (such as `core.pager`, `core.editor`, `core.sshCommand`, etc.) this can lead to a remote code execution. A fix A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid running `git submodule deinit` on untrusted repositories or without prior inspection of any submodule sections in `$GIT_DIR/config`. * [CVE-2023-25815](https://nvd.nist.gov/vuln/detail/CVE-2023-25815) CVSSv3 score: 2.2(Low) In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the `gettext()` function's implicit initialization no longer uses the runtime prefix but uses the hard-coded path `C:\mingw64\share\locale` to look for localized messages. And since any authenticated user has the permission to create folders in `C:\` (and since `C:\mingw64` does not typically exist), it is possible for low-privilege users to place fake messages in that location where `git.exe` will pick them up in version 2.40.1. This vulnerability is relatively hard to exploit and requires social engineering. For example, a legitimate message at the end of a clone could be maliciously modified to ask the user to direct their web browser to a malicious website, and the user might think that the message comes from Git and is legitimate. It does require local write access by the attacker, though, which makes this attack vector less likely. Version 2.40.1 contains a patch for this issue. Some workarounds are available. Do not work on a Windows machine with shared accounts, or alternatively create a `C:\mingw64` folder and leave it empty. Users who have administrative rights may remove the permission to create folders in `C:\`. * [CVE-2023-25652](https://nvd.nist.gov/vuln/detail/CVE-2023-25652) CVSSv3 score: n/a Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid using `git apply` with `--reject` when applying patches from an untrusted source. Use `git apply --stat` to inspect a patch before applying; avoid applying one that create a conflict where a link corresponding to the `*.rej` file exists. * glibc * [CVE-2023-4911](https://nvd.nist.gov/vuln/detail/CVE-2023-4911) CVSSv3 score: n/a A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges. * [CVE-2023-4806](https://nvd.nist.gov/vuln/detail/CVE-2023-4806) CVSSv3 score: n/a A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags. * [CVE-2023-4527](https://nvd.nist.gov/vuln/detail/CVE-2023-4527) CVSSv3 score: n/a A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash. * go * [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325) CVSSv3 score: 7.5(High) A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function. * grub * [CVE-2023-4693](https://nvd.nist.gov/vuln/detail/CVE-2023-4693) CVSSv3 score: 4.6(Medium) An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI variable values to be leaked, presenting a high Confidentiality risk. * [CVE-2023-4692](https://nvd.nist.gov/vuln/detail/CVE-2023-4692) CVSSv3 score: 7.8(High) An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved. * [CVE-2022-3775](https://nvd.nist.gov/vuln/detail/CVE-2022-3775) CVSSv3 score: 7.1(High) When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded. * [CVE-2022-28737](https://nvd.nist.gov/vuln/detail/CVE-2022-28737) CVSSv3 score: 7.8(High) There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables; The handle_image() function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memory. Arbitrary code execution is not discarded in such scenario. * [CVE-2022-28736](https://nvd.nist.gov/vuln/detail/CVE-2022-28736) CVSSv3 score: 7.8(High) There's a use-after-free vulnerability in grub_cmd_chainloader() function; The chainloader command is used to boot up operating systems that doesn't support multiboot and do not have direct support from GRUB2. When executing chainloader more than once a use-after-free vulnerability is triggered. If an attacker can control the GRUB2's memory allocation pattern sensitive data may be exposed and arbitrary code execution can be achieved. * [CVE-2022-28735](https://nvd.nist.gov/vuln/detail/CVE-2022-28735) CVSSv3 score: 7.8(High) The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain. * [CVE-2022-28734](https://nvd.nist.gov/vuln/detail/CVE-2022-28734) CVSSv3 score: 7(High) Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte past the buffer. It's conceivable that an attacker controlled set of packets can lead to corruption of the GRUB2's internal memory metadata. * [CVE-2022-28733](https://nvd.nist.gov/vuln/detail/CVE-2022-28733) CVSSv3 score: n/a Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm->total_len value. Under certain circumstances the total_len value may end up wrapping around to a small integer number which will be used in memory allocation. If the attack succeeds in such way, subsequent operations can write past the end of the buffer. * [CVE-2022-2601](https://nvd.nist.gov/vuln/detail/CVE-2022-2601) CVSSv3 score: 8.6(High) A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism. * [CVE-2021-3981](https://nvd.nist.gov/vuln/detail/CVE-2021-3981) CVSSv3 score: 3.3(Low) A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue, as those users can eventually read any encrypted passwords present in grub.cfg. This flaw affects grub2 2.06 and previous versions. This issue has been fixed in grub upstream but no version with the fix is currently released. * [CVE-2021-3697](https://nvd.nist.gov/vuln/detail/CVE-2021-3697) CVSSv3 score: 7(High) A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12. * [CVE-2021-3696](https://nvd.nist.gov/vuln/detail/CVE-2021-3696) CVSSv3 score: 4.5(Medium) A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12. * [CVE-2021-3695](https://nvd.nist.gov/vuln/detail/CVE-2021-3695) CVSSv3 score: 4.5(Medium) A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12. * [CVE-2021-20233](https://nvd.nist.gov/vuln/detail/CVE-2021-20233) CVSSv3 score: 8.2(High) A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. * [CVE-2021-20225](https://nvd.nist.gov/vuln/detail/CVE-2021-20225) CVSSv3 score: 6.7(Medium) A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. * [CVE-2020-27779](https://nvd.nist.gov/vuln/detail/CVE-2020-27779) CVSSv3 score: 7.5(High) A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub's memory layout. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. * [CVE-2020-27749](https://nvd.nist.gov/vuln/detail/CVE-2020-27749) CVSSv3 score: 6.7(Medium) A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that references a variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack frame and control execution which could also circumvent Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. * [CVE-2020-25647](https://nvd.nist.gov/vuln/detail/CVE-2020-25647) CVSSv3 score: 7.6(High) A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. * [CVE-2020-25632](https://nvd.nist.gov/vuln/detail/CVE-2020-25632) CVSSv3 score: 8.2(High) A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. * [CVE-2020-14372](https://nvd.nist.gov/vuln/detail/CVE-2020-14372) CVSSv3 score: 7.5(High) A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability is to data confidentiality and integrity, as well as system availability. * [CVE-2020-10713](https://nvd.nist.gov/vuln/detail/CVE-2020-10713) CVSSv3 score: 8.2(High) A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. With this access, an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. * intel-microcode * [CVE-2023-23908](https://nvd.nist.gov/vuln/detail/CVE-2023-23908) CVSSv3 score: 4.4(Medium) Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalable processors may allow a privileged user to potentially enable information disclosure via local access. * [CVE-2022-41804](https://nvd.nist.gov/vuln/detail/CVE-2022-41804) CVSSv3 score: 6.7(Medium) Unauthorized error injection in Intel(R) SGX or Intel(R) TDX for some Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. * [CVE-2022-40982](https://nvd.nist.gov/vuln/detail/CVE-2022-40982) CVSSv3 score: n/a Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. * libcap * [CVE-2023-2603](https://nvd.nist.gov/vuln/detail/CVE-2023-2603) CVSSv3 score: 7.8(High) A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB. * [CVE-2023-2602](https://nvd.nist.gov/vuln/detail/CVE-2023-2602) CVSSv3 score: 3.3(Low) A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory. * libmicrohttpd * [CVE-2023-27371](https://nvd.nist.gov/vuln/detail/CVE-2023-27371) CVSSv3 score: n/a GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHD_create_post_processor() method. This allows an attacker to remotely send a malicious HTTP POST packet that includes one or more '\0' bytes in a multipart/form-data boundary field, which - assuming a specific heap layout - will result in an out-of-bounds read and a crash in the find_boundary() function. * lua * [CVE-2022-33099](https://nvd.nist.gov/vuln/detail/CVE-2022-33099) CVSSv3 score: 7.5(High) An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs. * mit-krb5 * [CVE-2023-36054](https://nvd.nist.gov/vuln/detail/CVE-2023-36054) CVSSv3 score: 6.5(Medium) lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count. * ncurses * [CVE-2023-29491](https://nvd.nist.gov/vuln/detail/CVE-2023-29491) CVSSv3 score: 7.8(High) ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable. * nvidia-drivers * [CVE-2023-25516](https://nvd.nist.gov/vuln/detail/CVE-2023-25516) CVSSv3 score: n/a NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an unprivileged user can cause an integer overflow, which may lead to information disclosure and denial of service. * [CVE-2023-25515](https://nvd.nist.gov/vuln/detail/CVE-2023-25515) CVSSv3 score: 7.6(High) NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where unexpected untrusted data is parsed, which may lead to code execution, denial of service, escalation of privileges, data tampering, or information disclosure. * openldap * [CVE-2023-2953](https://nvd.nist.gov/vuln/detail/CVE-2023-2953) CVSSv3 score: 7.5(High) A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function. * procps * [CVE-2023-4016](https://nvd.nist.gov/vuln/detail/CVE-2023-4016) CVSSv3 score: 3.3(Low) Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap. * protobuf * [CVE-2022-1941](https://nvd.nist.gov/vuln/detail/CVE-2022-1941) CVSSv3 score: 7.5(High) A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. We recommend upgrading to versions 3.18.3, 3.19.5, 3.20.2, 3.21.6 for protobuf-cpp and 3.18.3, 3.19.5, 3.20.2, 4.21.6 for protobuf-python. Versions for 3.16 and 3.17 are no longer updated. * qemu * [CVE-2023-2861](https://nvd.nist.gov/vuln/detail/CVE-2023-2861) CVSSv3 score: 7.1(High) A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the shared folder. * [CVE-2023-0330](https://nvd.nist.gov/vuln/detail/CVE-2023-0330) CVSSv3 score: 6(Medium) A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or use-after-free. * samba * [CVE-2022-1615](https://nvd.nist.gov/vuln/detail/CVE-2022-1615) CVSSv3 score: 5.5(Medium) In Samba, GnuTLS gnutls_rnd() can fail and give predictable random values. * [CVE-2021-44142](https://nvd.nist.gov/vuln/detail/CVE-2021-44142) CVSSv3 score: 8.8(High) The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root. * shadow * [CVE-2023-29383](https://nvd.nist.gov/vuln/detail/CVE-2023-29383) CVSSv3 score: 3.3(Low) In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account. * sudo * [CVE-2023-28487](https://nvd.nist.gov/vuln/detail/CVE-2023-28487) CVSSv3 score: 5.3(Medium) Sudo before 1.9.13 does not escape control characters in sudoreplay output. * [CVE-2023-28486](https://nvd.nist.gov/vuln/detail/CVE-2023-28486) CVSSv3 score: 5.3(Medium) Sudo before 1.9.13 does not escape control characters in log messages. * [CVE-2023-27320](https://nvd.nist.gov/vuln/detail/CVE-2023-27320) CVSSv3 score: 7.2(High) Sudo before 1.9.13p2 has a double free in the per-command chroot feature. * torcx * [CVE-2022-28948](https://nvd.nist.gov/vuln/detail/CVE-2022-28948) CVSSv3 score: 7.5(High) An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input. * vim * [CVE-2023-2610](https://nvd.nist.gov/vuln/detail/CVE-2023-2610) CVSSv3 score: 7.8(High) Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532. * [CVE-2023-2609](https://nvd.nist.gov/vuln/detail/CVE-2023-2609) CVSSv3 score: 5.5(Medium) NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531. * [CVE-2023-2426](https://nvd.nist.gov/vuln/detail/CVE-2023-2426) CVSSv3 score: 5.5(Medium) Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499. Best, The Flatcar Container Linux Maintainers --- ### Communication #### Go/No-Go message for Matrix/Slack Go/No-Go Meeting for Alpha 3850.0.0, Beta 3815.1.0, Stable 3760.2.0 Pre-view images are available in https://bincache.flatcar-linux.net/images/amd64/$VERSION/ Tracking issue: https://github.com/flatcar/Flatcar/issues/XY The Go/No-Go document is in our HackMD @flatcar namespace Link: https://hackmd.io/stjMbwGHQqyH8_PNPoCafQ?view Please give your Go/No-Go vote with 💚 for Go, ❌ for No-Go, and ✋ for Wait. Contributors & community feel free to put your suggestions, thoughts or comments on the document or here in the chat. @MAINTAINER @MAINTAINER @MAINTAINER #### Mastodon _The toot (from [@flatcar](https://hachyderm.io/@flatcar)) goes out after the changelog update has been published; it includes a link to the web changelog._ New Flatcar Alpha, Beta, Stable releases now available! 📦 Many package updates: Linux, GRUB, glibc 🔒 CVE fixes & security patches: Linux, GRUB, glibc 📜 Release notes at the usual spot: https://www.flatcar.org/releases/ #### Kubernetes Slack _This goes in the #flatcar channel_ Please welcome Flatcar releases of this month: - Alpha 3850.0.0 (new major) - Beta 3815.1.0 (new major) - Stable 3760.2.0 (new major) These releases include: 📦 Many package updates: Linux, GRUB, glibc 🔒 CVE fixes & security patches: Linux, GRUB, glibc 📜 Release notes at the usual spot: https://www.flatcar.org/releases/