Flatcar Container Linux
      • Sharing URL Link copied
      • /edit
      • View mode
        • Edit mode
        • View mode
        • Book mode
        • Slide mode
        Edit mode View mode Book mode Slide mode
      • Customize slides
      • Note Permission
      • Read
        • Owners
        • Signed-in users
        • Everyone
        Owners Signed-in users Everyone
      • Write
        • Owners
        • Signed-in users
        • Everyone
        Owners Signed-in users Everyone
      • Engagement control Commenting, Suggest edit, Emoji Reply
    • Invite by email
      Invitee

      This note has no invitees

    • Publish Note

      Share your work with the world Congratulations! 🎉 Your note is out in the world Publish Note

      Your note will be visible on your profile and discoverable by anyone.
      Your note is now live.
      This note is visible on your profile and discoverable online.
      Everyone on the web can find and read all notes of this public team.
      See published notes
      Unpublish note
      Please check the box to agree to the Community Guidelines.
      View profile
    • Commenting
      Permission
      Disabled Forbidden Owners Signed-in users Everyone
    • Enable
    • Permission
      • Forbidden
      • Owners
      • Signed-in users
      • Everyone
    • Suggest edit
      Permission
      Disabled Forbidden Owners Signed-in users Everyone
    • Enable
    • Permission
      • Forbidden
      • Owners
      • Signed-in users
    • Emoji Reply
    • Enable
    • Versions and GitHub Sync
    • Note settings
    • Note Insights New
    • Engagement control
    • Transfer ownership
    • Delete this note
    • Insert from template
    • Import from
      • Dropbox
      • Google Drive
      • Gist
      • Clipboard
    • Export to
      • Dropbox
      • Google Drive
      • Gist
    • Download
      • Markdown
      • HTML
      • Raw HTML
Menu Note settings Note Insights Versions and GitHub Sync Sharing URL Help
Menu
Options
Engagement control Transfer ownership Delete this note
Import from
Dropbox Google Drive Gist Clipboard
Export to
Dropbox Google Drive Gist
Download
Markdown HTML Raw HTML
Back
Sharing URL Link copied
/edit
View mode
  • Edit mode
  • View mode
  • Book mode
  • Slide mode
Edit mode View mode Book mode Slide mode
Customize slides
Note Permission
Read
Owners
  • Owners
  • Signed-in users
  • Everyone
Owners Signed-in users Everyone
Write
Owners
  • Owners
  • Signed-in users
  • Everyone
Owners Signed-in users Everyone
Engagement control Commenting, Suggest edit, Emoji Reply
  • Invite by email
    Invitee

    This note has no invitees

    • Publish Note

    Share your work with the world Congratulations! 🎉 Your note is out in the world Publish Note

    Your note will be visible on your profile and discoverable by anyone.
    Your note is now live.
    This note is visible on your profile and discoverable online.
    Everyone on the web can find and read all notes of this public team.
    See published notes
    Unpublish note
    Please check the box to agree to the Community Guidelines.
    View profile
    Engagement control
    Commenting
    Permission
    Disabled Forbidden Owners Signed-in users Everyone
    Enable
    Permission
    • Forbidden
    • Owners
    • Signed-in users
    • Everyone
    Suggest edit
    Permission
    Disabled Forbidden Owners Signed-in users Everyone
    Enable
    Permission
    • Forbidden
    • Owners
    • Signed-in users
    Emoji Reply
    Enable
    Import from Dropbox Google Drive Gist Clipboard
       Owned this note    Owned this note      
    Published Linked with GitHub
    • Any changes
      Be notified of any changes
    • Mention me
      Be notified of mention me
    • Unsubscribe
    # Flatcar Container Linux Release - 2022-09-29 ## Flatcar-linux-Alpha-3374.0.0 - AMD64-usr - Platforms succeeded: all - Platforms failed: none - Platforms not tested: none - ARM64-usr - Platforms succeeded: all - Platforms failed: none - Platforms not tested: none VERDICT: _GO_ / _WAIT_ / _NO-GO_ ## Flatcar-linux-Beta-3346.1.0 - AMD64-usr - Platforms succeeded: all - Platforms failed: none - Platforms not tested: none - ARM64-usr - Platforms succeeded: all - Platforms failed: none - Platforms not tested: none VERDICT: _GO_ / _WAIT_ / _NO-GO_ ## Communication --- #### Guidelines / Things to Remember - Release notes are used in a PR and will appear on https://www.flatcar-linux.org/releases/ - [Announcement Message](#Announcement-Message) is posted in [Flatcar-Linux-user](https://groups.google.com/g/flatcar-linux-user). Make sure to post as “Flatcar Container Linux User”, not with your personal user (this can be selected when drafting the post). - Make sure the the LTS is referred to as `LTS-2021`, and not `LTS-2605` --- ### Announcement Message Subject: Announcing new Alpha 3374.0.0, Beta 3346.1.0 Hello, We are pleased to announce a new Flatcar Container Linux release for the Alpha, Beta channel. # New **Alpha** Release **3374.0.0** _Changes since **Alpha 3346.0.0**_ #### Security fixes: - Linux ([CVE-2022-0171](https://nvd.nist.gov/vuln/detail/CVE-2022-0171), [CVE-2022-2663](https://nvd.nist.gov/vuln/detail/CVE-2022-2663), [CVE-2022-2905](https://nvd.nist.gov/vuln/detail/CVE-2022-2905), [CVE-2022-3028](https://nvd.nist.gov/vuln/detail/CVE-2022-3028), [CVE-2022-3061](https://nvd.nist.gov/vuln/detail/CVE-2022-3061), [CVE-2022-3176](https://nvd.nist.gov/vuln/detail/CVE-2022-3176), [CVE-2022-3303](https://nvd.nist.gov/vuln/detail/CVE-2022-3303), [CVE-2022-39190](https://nvd.nist.gov/vuln/detail/CVE-2022-39190), [CVE-2022-39842](https://nvd.nist.gov/vuln/detail/CVE-2022-39842), [CVE-2022-40307](https://nvd.nist.gov/vuln/detail/CVE-2022-40307)) - Go ([CVE-2022-27664](https://nvd.nist.gov/vuln/detail/CVE-2022-27664), [CVE-2022-32190](https://nvd.nist.gov/vuln/detail/CVE-2022-32190)) - Docker ([CVE-2022-36109](https://nvd.nist.gov/vuln/detail/CVE-2022-36109)) - expat ([CVE-2022-40674](https://nvd.nist.gov/vuln/detail/CVE-2022-40674)) - intel-microcode ([CVE-2022-21233](https://nvd.nist.gov/vuln/detail/CVE-2022-21233)) - GNU Libtasn1 ([Gentoo#866237](https://bugs.gentoo.org/866237)) - libxml2 ([CVE-2016-3709](https://nvd.nist.gov/vuln/detail/CVE-2016-3709), [CVE-2022-2309](https://nvd.nist.gov/vuln/detail/CVE-2022-2309)) - polkit ([CVE-2021-4115](https://nvd.nist.gov/vuln/detail/CVE-2021-4115)) - rsync ([CVE-2022-29154](https://nvd.nist.gov/vuln/detail/CVE-2022-29154)) - unzip ([CVE-2022-0529](https://nvd.nist.gov/vuln/detail/CVE-2022-0529), [CVE-2022-0530](https://nvd.nist.gov/vuln/detail/CVE-2022-0530), [CVE-2021-4217](https://nvd.nist.gov/vuln/detail/CVE-2021-4217)) - zlib ([CVE-2022-37434](https://nvd.nist.gov/vuln/detail/CVE-2022-37434)) #### Bug fixes: - Added back `gettext` to the OS ([Flatcar#849](https://github.com/flatcar-linux/Flatcar/issues/849)) - Added merging of Ignition systemd duplicated units when auto-translating from Ignition 2 to Ignition 3. ([coreos-overlay#2187](https://github.com/flatcar/coreos-overlay/pull/2187)) - Equinix Metal: Fixed serial console settings for the `m3.small.x86` instance by expanding the GRUB check for `i386` to `x86_64` ([coreos-overlay#2122](https://github.com/flatcar-linux/coreos-overlay/pull/2122)) #### Changes: - emerge-gitclone: Migrate emerge-gitclone to use scripts repo tags and submodule refs #### Updates: - Linux ([5.15.70](https://lwn.net/Articles/909212) (includes [5.15.69](https://lwn.net/Articles/908782), [5.15.68](https://lwn.net/Articles/908140), [5.15.67](https://lwn.net/Articles/907526), [5.15.66](https://lwn.net/Articles/907524), [5.15.65](https://lwn.net/Articles/907204), [5.15.64](https://lwn.net/Articles/906630))) - Linux Firmware ([20220913](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20220913)) - Go ([1.18.6](https://go.dev/doc/devel/release#go1.18.6)) - ca-certificates ([3.83](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_83.html)) - Docker ([20.10.18](https://docs.docker.com/engine/release-notes/#201018)) - expat ([2.4.9](https://github.com/libexpat/libexpat/blob/R_2_4_9/expat/Changes)) - gettext ([0.21](https://www.gnu.org/software/gettext/)) - intel-microcode ([20220809](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20220809)) - GNU Libtasn1 ([4.19.0](https://lists.gnu.org/archive/html/help-libtasn1/2022-08/msg00001.html)) - libxml2 ([2.10.2](https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.2)) - locksmith([0.7.0](https://github.com/flatcar/locksmith/blob/v0.7.0/CHANGELOG.md#v070--30112021)) - polkit ([121](https://gitlab.freedesktop.org/polkit/polkit/-/commit/827b0ddac5b1ef00a47fca4526fcf057bee5f1db)) - rsync ([3.2.6](https://github.com/WayneD/rsync/releases/tag/v3.2.6)) - runc ([1.1.4](https://github.com/opencontainers/runc/releases/tag/v1.1.4)) - unzip ([6.0_p27](https://metadata.ftp-master.debian.org/changelogs//main/u/unzip/unzip_6.0-27_changelog)) - SDK: libxslt ([1.1.35](https://gitlab.gnome.org/GNOME/libxslt/-/tags/v1.1.35)) # New **Beta** Release **3346.1.0** _Changes since **Beta 3277.1.2**_ #### Security fixes: - Linux ([CVE-2022-0171](https://nvd.nist.gov/vuln/detail/CVE-2022-0171), [CVE-2022-2663](https://nvd.nist.gov/vuln/detail/CVE-2022-2663), [CVE-2022-2905](https://nvd.nist.gov/vuln/detail/CVE-2022-2905), [CVE-2022-3028](https://nvd.nist.gov/vuln/detail/CVE-2022-3028), [CVE-2022-3061](https://nvd.nist.gov/vuln/detail/CVE-2022-3061), [CVE-2022-3176](https://nvd.nist.gov/vuln/detail/CVE-2022-3176), [CVE-2022-3303](https://nvd.nist.gov/vuln/detail/CVE-2022-3303), [CVE-2022-39190](https://nvd.nist.gov/vuln/detail/CVE-2022-39190), [CVE-2022-39842](https://nvd.nist.gov/vuln/detail/CVE-2022-39842), [CVE-2022-40307](https://nvd.nist.gov/vuln/detail/CVE-2022-40307)) - Go ([CVE-2022-27664](https://nvd.nist.gov/vuln/detail/CVE-2022-27664), [CVE-2022-32190](https://nvd.nist.gov/vuln/detail/CVE-2022-32190), ([CVE-2022-32189](https://nvd.nist.gov/vuln/detail/CVE-2022-32189))) - binutils ([CVE-2021-45078](https://nvd.nist.gov/vuln/detail/CVE-2021-45078)) - cifs-utils ([CVE-2022-27239](https://nvd.nist.gov/vuln/detail/CVE-2022-27239), [CVE-2022-29869](https://nvd.nist.gov/vuln/detail/CVE-2022-29869)) - curl ([CVE-2022-32205](https://nvd.nist.gov/vuln/detail/CVE-2022-32205), [CVE-2022-32206](https://nvd.nist.gov/vuln/detail/CVE-2022-32206), [CVE-2022-32207](https://nvd.nist.gov/vuln/detail/CVE-2022-32207), [CVE-2022-32208](https://nvd.nist.gov/vuln/detail/CVE-2022-32208)) - expat ([CVE-2022-40674](https://nvd.nist.gov/vuln/detail/CVE-2022-40674)) - git ([CVE-2022-29187](https://nvd.nist.gov/vuln/detail/CVE-2022-29187)) - gnupg ([CVE-2022-34903](https://nvd.nist.gov/vuln/detail/CVE-2022-34903)) - gnutls ([CVE-2022-2509](https://nvd.nist.gov/vuln/detail/CVE-2022-2509)) - libtirpc ([CVE-2021-46828](https://nvd.nist.gov/vuln/detail/CVE-2021-46828)) - oniguruma ([oniguruma-20220430](https://bugs.gentoo.org/841893)) - open-vm-tools ([CVE-2022-31676](https://nvd.nist.gov/vuln/detail/CVE-2022-31676)) - shadow ([CVE-2013-4235](https://nvd.nist.gov/vuln/detail/CVE-2013-4235)) - vim ([CVE-2022-0629](https://nvd.nist.gov/vuln/detail/CVE-2022-0629), [CVE-2022-0685](https://nvd.nist.gov/vuln/detail/CVE-2022-0685), [CVE-2022-0714](https://nvd.nist.gov/vuln/detail/CVE-2022-0714), [CVE-2022-0729](https://nvd.nist.gov/vuln/detail/CVE-2022-0729), [CVE-2022-0943](https://nvd.nist.gov/vuln/detail/CVE-2022-0943), [CVE-2022-1154](https://nvd.nist.gov/vuln/detail/CVE-2022-1154), [CVE-2022-1160](https://nvd.nist.gov/vuln/detail/CVE-2022-1160), [CVE-2022-1381](https://nvd.nist.gov/vuln/detail/CVE-2022-1381), [CVE-2022-1420](https://nvd.nist.gov/vuln/detail/CVE-2022-1420), [CVE-2022-1616](https://nvd.nist.gov/vuln/detail/CVE-2022-1616), [CVE-2022-1619](https://nvd.nist.gov/vuln/detail/CVE-2022-1619), [CVE-2022-1620](https://nvd.nist.gov/vuln/detail/CVE-2022-1620), [CVE-2022-1621](https://nvd.nist.gov/vuln/detail/CVE-2022-1621), [CVE-2022-1629](https://nvd.nist.gov/vuln/detail/CVE-2022-1629), [CVE-2022-1674](https://nvd.nist.gov/vuln/detail/CVE-2022-1674), [CVE-2022-1733](https://nvd.nist.gov/vuln/detail/CVE-2022-1733), [CVE-2022-1735](https://nvd.nist.gov/vuln/detail/CVE-2022-1735), [CVE-2022-1769](https://nvd.nist.gov/vuln/detail/CVE-2022-1769), [CVE-2022-1771](https://nvd.nist.gov/vuln/detail/CVE-2022-1771), [CVE-2022-1785](https://nvd.nist.gov/vuln/detail/CVE-2022-1785), [CVE-2022-1796](https://nvd.nist.gov/vuln/detail/CVE-2022-1796), [CVE-2022-1897](https://nvd.nist.gov/vuln/detail/CVE-2022-1897), [CVE-2022-1898](https://nvd.nist.gov/vuln/detail/CVE-2022-1898), [CVE-2022-1886](https://nvd.nist.gov/vuln/detail/CVE-2022-1886), [CVE-2022-1851](https://nvd.nist.gov/vuln/detail/CVE-2022-1851), [CVE-2022-1927](https://nvd.nist.gov/vuln/detail/CVE-2022-1927), [CVE-2022-1942](https://nvd.nist.gov/vuln/detail/CVE-2022-1942), [CVE-2022-1968](https://nvd.nist.gov/vuln/detail/CVE-2022-1968), [CVE-2022-2000](https://nvd.nist.gov/vuln/detail/CVE-2022-2000)) #### Bug fixes: - Added back `gettext` to the OS ([Flatcar#849](https://github.com/flatcar-linux/Flatcar/issues/849)) - Added merging of Ignition systemd duplicated units when auto-translating from Ignition 2 to Ignition 3. ([coreos-overlay#2187](https://github.com/flatcar/coreos-overlay/pull/2187)) - Equinix Metal: Fixed serial console settings for the `m3.small.x86` instance by expanding the GRUB check for `i386` to `x86_64` ([coreos-overlay#2122](https://github.com/flatcar-linux/coreos-overlay/pull/2122)) - Removed outdated LTS channel information printed on login ([init#75](https://github.com/flatcar-linux/init/pull/75)) #### Changes: - Added symlink from `nc` to `ncat`. `-q` option is [not yet supported](https://github.com/nmap/nmap/issues/2422) ([flatcar#545](https://github.com/flatcar-linux/Flatcar/issues/545)) - emerge-gitclone: Migrate emerge-gitclone to use scripts repo tags and submodule refs #### Updates: - Linux ([5.15.70](https://lwn.net/Articles/909212) (includes [5.15.69](https://lwn.net/Articles/908782), [5.15.68](https://lwn.net/Articles/908140), [5.15.67](https://lwn.net/Articles/907526), [5.15.66](https://lwn.net/Articles/907524), [5.15.65](https://lwn.net/Articles/907204), [5.15.64](https://lwn.net/Articles/906630), [5.15.51](https://lwn.net/Articles/899370))) - Linux Firmware ([20220815](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20220815) (includes [20220708](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20220708))) - Go ([1.18.6](https://go.dev/doc/devel/release#go1.18.6)) - adcli ([0.9.1](https://gitlab.freedesktop.org/realmd/adcli/-/releases#0.9.1)) - automake ([1.16.5](https://savannah.gnu.org/forum/forum.php?forum_id=10055)) - binutils ([2.38](https://lwn.net/Articles/884264/)) - bison ([3.8.2](https://lists.gnu.org/archive/html/bug-bison/2021-09/msg00056.html)) - boost ([1.79](https://www.boost.org/users/history/version_1_79_0.html)) - ca-certificates ([3.83](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_83.html)) - cifs-utils ([6.15](https://lists.samba.org/archive/samba-technical/2022-April/137335.html)) - containerd ([1.6.8](https://github.com/containerd/containerd/releases/tag/v1.6.8) (includes [1.6.7](https://github.com/containerd/containerd/releases/tag/v1.6.7))) - curl ([7.84.0](https://github.com/curl/curl/releases/tag/curl-7_84_0)) - Cyrus SASL ([2.1.28](https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28)) - expat ([2.4.9](https://github.com/libexpat/libexpat/blob/R_2_4_9/expat/Changes)) - gcc ([11.3.0](https://gcc.gnu.org/gcc-11/changes.html)) - gdb ([11.2](https://lists.gnu.org/archive/html/info-gnu/2022-01/msg00009.html)) - gettext ([0.21](https://www.gnu.org/software/gettext/)) - git ([2.37.1](https://github.com/git/git/blob/v2.37.1/Documentation/RelNotes/2.37.1.txt)) - glib ([2.72.3](https://gitlab.gnome.org/GNOME/glib/-/tags/2.73.3)) - gnupg ([2.2.35](https://dev.gnupg.org/T5928)) - gnutls ([3.7.7](https://gitlab.com/gnutls/gnutls/-/tags/3.7.7)) - libtool ([2.4.7](https://savannah.gnu.org/forum/forum.php?forum_id=10139)) - locksmith([0.7.0](https://github.com/flatcar/locksmith/blob/v0.7.0/CHANGELOG.md#v070--30112021)) - oniguruma ([6.9.8](https://github.com/kkos/oniguruma/releases/tag/v6.9.8)) - perl ([5.34.1](https://perldoc.perl.org/5.34.1/perldelta)) - pkgconf ([1.8.0](https://gitea.treehouse.systems/ariadne/pkgconf/src/tag/pkgconf-1.8.0/NEWS)) - shadow ([4.12.3](https://github.com/shadow-maint/shadow/releases/tag/4.12.3)) - sudo ([1.9.10](https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_10)) - vim ([8.2.5066](https://github.com/vim/vim/releases/tag/v8.2.5066)) - SDK: Rust ([1.63.0](https://github.com/rust-lang/rust/releases/tag/1.63.0) (includes [1.62.1](https://github.com/rust-lang/rust/releases/tag/1.62.1), [1.62.0](https://github.com/rust-lang/rust/releases/tag/1.62.0))) - VMware: open-vm-tools ([12.1.0](https://github.com/vmware/open-vm-tools/releases/tag/stable-12.1.0)) _Changes since **Alpha 3346.0.0**_ #### Security fixes: - Linux ([CVE-2022-0171](https://nvd.nist.gov/vuln/detail/CVE-2022-0171), [CVE-2022-2663](https://nvd.nist.gov/vuln/detail/CVE-2022-2663), [CVE-2022-2905](https://nvd.nist.gov/vuln/detail/CVE-2022-2905), [CVE-2022-3028](https://nvd.nist.gov/vuln/detail/CVE-2022-3028), [CVE-2022-3061](https://nvd.nist.gov/vuln/detail/CVE-2022-3061), [CVE-2022-3176](https://nvd.nist.gov/vuln/detail/CVE-2022-3176), [CVE-2022-3303](https://nvd.nist.gov/vuln/detail/CVE-2022-3303), [CVE-2022-39190](https://nvd.nist.gov/vuln/detail/CVE-2022-39190), [CVE-2022-39842](https://nvd.nist.gov/vuln/detail/CVE-2022-39842), [CVE-2022-40307](https://nvd.nist.gov/vuln/detail/CVE-2022-40307)) - Go ([CVE-2022-27664](https://nvd.nist.gov/vuln/detail/CVE-2022-27664), [CVE-2022-32190](https://nvd.nist.gov/vuln/detail/CVE-2022-32190)) - expat ([CVE-2022-40674](https://nvd.nist.gov/vuln/detail/CVE-2022-40674)) #### Bug fixes: - Added back `gettext` to the OS ([Flatcar#849](https://github.com/flatcar-linux/Flatcar/issues/849)) - Added merging of Ignition systemd duplicated units when auto-translating from Ignition 2 to Ignition 3. ([coreos-overlay#2187](https://github.com/flatcar/coreos-overlay/pull/2187)) - Equinix Metal: Fixed serial console settings for the `m3.small.x86` instance by expanding the GRUB check for `i386` to `x86_64` ([coreos-overlay#2122](https://github.com/flatcar-linux/coreos-overlay/pull/2122)) #### Changes: - emerge-gitclone: Migrate emerge-gitclone to use scripts repo tags and submodule refs #### Updates: - Linux ([5.15.70](https://lwn.net/Articles/909212) (includes [5.15.69](https://lwn.net/Articles/908782), [5.15.68](https://lwn.net/Articles/908140), [5.15.67](https://lwn.net/Articles/907526), [5.15.66](https://lwn.net/Articles/907524), [5.15.65](https://lwn.net/Articles/907204), [5.15.64](https://lwn.net/Articles/906630))) - Go ([1.18.6](https://go.dev/doc/devel/release#go1.18.6)) - ca-certificates ([3.83](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_83.html)) - gettext ([0.21](https://www.gnu.org/software/gettext/)) - locksmith([0.7.0](https://github.com/flatcar/locksmith/blob/v0.7.0/CHANGELOG.md#v070--30112021)) - expat ([2.4.9](https://github.com/libexpat/libexpat/blob/R_2_4_9/expat/Changes)) Best, The Flatcar Container Linux Maintainers --- ### Security **Subject**: Security issues fixed with the latest Alpha 3374.0.0, Beta 3346.1.0 releases **Security fix**: With the Alpha 3374.0.0, Beta 3346.1.0 releases we ship fixes for the CVEs listed below. #### Alpha 3374.0.0 * Docker * [CVE-2022-36109](https://nvd.nist.gov/vuln/detail/CVE-2022-36109) CVSSv3 score: n/a Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where supplementary groups are not set up properly. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. This bug is fixed in Moby (Docker Engine) 20.10.18. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade, this problem can be worked around by not using the `"USER $USERNAME"` Dockerfile instruction. Instead by calling `ENTRYPOINT ["su", "-", "user"]` the supplementary groups will be set up properly. * Go * [CVE-2022-27664](https://nvd.nist.gov/vuln/detail/CVE-2022-27664) CVSSv3 score: 7.5(High) In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error. * [CVE-2022-32190](https://nvd.nist.gov/vuln/detail/CVE-2022-32190) CVSSv3 score: 9.8(Critical) JoinPath and URL.JoinPath do not remove ../ path elements appended to a relative path. For example, JoinPath("https://go.dev", "../go") returns the URL "https://go.dev/../go", despite the JoinPath documentation stating that ../ path elements are removed from the result. * Linux * [CVE-2022-0171](https://nvd.nist.gov/vuln/detail/CVE-2022-0171) CVSSv3 score: 5.5(Medium) A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV). * [CVE-2022-2663](https://nvd.nist.gov/vuln/detail/CVE-2022-2663) CVSSv3 score: 5.3(Medium) An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured. * [CVE-2022-2905](https://nvd.nist.gov/vuln/detail/CVE-2022-2905) CVSSv3 score: 5.5(Medium) An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map. This flaw allows a local user to gain unauthorized access to data. * [CVE-2022-3028](https://nvd.nist.gov/vuln/detail/CVE-2022-3028) CVSSv3 score: 7(High) A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket. * [CVE-2022-3061](https://nvd.nist.gov/vuln/detail/CVE-2022-3061) CVSSv3 score: 5.5(Medium) Found Linux Kernel flaw in the i740 driver. The Userspace program could pass any values to the driver through ioctl() interface. The driver doesn't check the value of 'pixclock', so it may cause a divide by zero error. * [CVE-2022-3176](https://nvd.nist.gov/vuln/detail/CVE-2022-3176) CVSSv3 score: n/a There exists a use-after-free in io_uring in the Linux kernel. Signalfd_poll() and binder_poll() use a waitqueue whose lifetime is the current task. It will send a POLLFREE notification to all waiters before the queue is freed. Unfortunately, the io_uring poll doesn't handle POLLFREE. This allows a use-after-free to occur if a signalfd or binder fd is polled with io_uring poll, and the waitqueue gets freed. We recommend upgrading past commit fc78b2fc21f10c4c9c4d5d659a685710ffa63659 * [CVE-2022-3303](https://nvd.nist.gov/vuln/detail/CVE-2022-3303) CVSSv3 score: 4.7(Medium) A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition * [CVE-2022-39190](https://nvd.nist.gov/vuln/detail/CVE-2022-39190) CVSSv3 score: 5.5(Medium) An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of service can occur upon binding to an already bound chain. * [CVE-2022-39842](https://nvd.nist.gov/vuln/detail/CVE-2022-39842) CVSSv3 score: 7.8(High) An issue was discovered in the Linux kernel before 5.19. In pxa3xx_gcu_write in drivers/video/fbdev/pxa3xx-gcu.c, the count parameter has a type conflict of size_t versus int, causing an integer overflow and bypassing the size check. After that, because it is used as the third argument to copy_from_user(), a heap overflow may occur. * [CVE-2022-40307](https://nvd.nist.gov/vuln/detail/CVE-2022-40307) CVSSv3 score: 4.7(Medium) An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free. * expat * [CVE-2022-40674](https://nvd.nist.gov/vuln/detail/CVE-2022-40674) CVSSv3 score: 9.8(Critical) libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. * intel-microcode * [CVE-2022-21233](https://nvd.nist.gov/vuln/detail/CVE-2022-21233) CVSSv3 score: 5.5(Medium) Improper isolation of shared resources in some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. * libxml2 * [CVE-2016-3709](https://nvd.nist.gov/vuln/detail/CVE-2016-3709) CVSSv3 score: 6.1(Medium) Possible cross-site scripting vulnerability in libxml after commit 960f0e2. * [CVE-2022-2309](https://nvd.nist.gov/vuln/detail/CVE-2022-2309) CVSSv3 score: 7.5(High) NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes through forged input data, given a vulnerable code sequence in the application. The vulnerability is caused by the iterwalk function (also used by the canonicalize function). Such code shouldn't be in wide-spread use, given that parsing + iterwalk would usually be replaced with the more efficient iterparse function. However, an XML converter that serialises to C14N would also be vulnerable, for example, and there are legitimate use cases for this code sequence. If untrusted input is received (also remotely) and processed via iterwalk function, a crash can be triggered. * polkit * [CVE-2021-4115](https://nvd.nist.gov/vuln/detail/CVE-2021-4115) CVSSv3 score: 5.5(Medium) There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and a new one being spawned * rsync * [CVE-2022-29154](https://nvd.nist.gov/vuln/detail/CVE-2022-29154) CVSSv3 score: 7.4(High) An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A malicious rsync server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory and subdirectories (for example, overwrite the .ssh/authorized_keys file). * unzip * [CVE-2022-0529](https://nvd.nist.gov/vuln/detail/CVE-2022-0529) CVSSv3 score: 5.5(Medium) A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. * [CVE-2022-0530](https://nvd.nist.gov/vuln/detail/CVE-2022-0530) CVSSv3 score: 5.5(Medium) A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. * [CVE-2021-4217](https://nvd.nist.gov/vuln/detail/CVE-2021-4217) CVSSv3 score: 7.8(High) A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. * zlib * [CVE-2022-37434](https://nvd.nist.gov/vuln/detail/CVE-2022-37434) CVSSv3 score: 9.8(Critical) zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference). #### Beta 3346.1.0 * Go * [CVE-2022-27664](https://nvd.nist.gov/vuln/detail/CVE-2022-27664) CVSSv3 score: 7.5(High) In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error. * [CVE-2022-32190](https://nvd.nist.gov/vuln/detail/CVE-2022-32190) CVSSv3 score: 9.8(Critical) JoinPath and URL.JoinPath do not remove ../ path elements appended to a relative path. For example, JoinPath("https://go.dev", "../go") returns the URL "https://go.dev/../go", despite the JoinPath documentation stating that ../ path elements are removed from the result. * [CVE-2022-32189](https://nvd.nist.gov/vuln/detail/CVE-2022-32189) CVSSv3 score: 7.5(High) A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service. * Linux * [CVE-2022-0171](https://nvd.nist.gov/vuln/detail/CVE-2022-0171) CVSSv3 score: 5.5(Medium) A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV). * [CVE-2022-2663](https://nvd.nist.gov/vuln/detail/CVE-2022-2663) CVSSv3 score: 5.3(Medium) An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured. * [CVE-2022-2905](https://nvd.nist.gov/vuln/detail/CVE-2022-2905) CVSSv3 score: 5.5(Medium) An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map. This flaw allows a local user to gain unauthorized access to data. * [CVE-2022-3028](https://nvd.nist.gov/vuln/detail/CVE-2022-3028) CVSSv3 score: 7(High) A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket. * [CVE-2022-3061](https://nvd.nist.gov/vuln/detail/CVE-2022-3061) CVSSv3 score: 5.5(Medium) Found Linux Kernel flaw in the i740 driver. The Userspace program could pass any values to the driver through ioctl() interface. The driver doesn't check the value of 'pixclock', so it may cause a divide by zero error. * [CVE-2022-3176](https://nvd.nist.gov/vuln/detail/CVE-2022-3176) CVSSv3 score: n/a There exists a use-after-free in io_uring in the Linux kernel. Signalfd_poll() and binder_poll() use a waitqueue whose lifetime is the current task. It will send a POLLFREE notification to all waiters before the queue is freed. Unfortunately, the io_uring poll doesn't handle POLLFREE. This allows a use-after-free to occur if a signalfd or binder fd is polled with io_uring poll, and the waitqueue gets freed. We recommend upgrading past commit fc78b2fc21f10c4c9c4d5d659a685710ffa63659 * [CVE-2022-3303](https://nvd.nist.gov/vuln/detail/CVE-2022-3303) CVSSv3 score: 4.7(Medium) A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition * [CVE-2022-39190](https://nvd.nist.gov/vuln/detail/CVE-2022-39190) CVSSv3 score: 5.5(Medium) An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of service can occur upon binding to an already bound chain. * [CVE-2022-39842](https://nvd.nist.gov/vuln/detail/CVE-2022-39842) CVSSv3 score: 7.8(High) An issue was discovered in the Linux kernel before 5.19. In pxa3xx_gcu_write in drivers/video/fbdev/pxa3xx-gcu.c, the count parameter has a type conflict of size_t versus int, causing an integer overflow and bypassing the size check. After that, because it is used as the third argument to copy_from_user(), a heap overflow may occur. * [CVE-2022-40307](https://nvd.nist.gov/vuln/detail/CVE-2022-40307) CVSSv3 score: 4.7(Medium) An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free. * binutils * [CVE-2021-45078](https://nvd.nist.gov/vuln/detail/CVE-2021-45078) CVSSv3 score: 7.8(High) stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699. * cifs-utils * [CVE-2022-27239](https://nvd.nist.gov/vuln/detail/CVE-2022-27239) CVSSv3 score: 7.8(High) In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges. * [CVE-2022-29869](https://nvd.nist.gov/vuln/detail/CVE-2022-29869) CVSSv3 score: 5.3(Medium) cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file. * curl * [CVE-2022-32205](https://nvd.nist.gov/vuln/detail/CVE-2022-32205) CVSSv3 score: 4.3(Medium) A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven't expired. Due to cookie matching rules, a server on `foo.example.com` can set cookies that also would match for `bar.example.com`, making it it possible for a "sister server" to effectively cause a denial of service for a sibling site on the same second level domain using this method. * [CVE-2022-32206](https://nvd.nist.gov/vuln/detail/CVE-2022-32206) CVSSv3 score: 6.5(Medium) curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors. * [CVE-2022-32207](https://nvd.nist.gov/vuln/detail/CVE-2022-32207) CVSSv3 score: 9.8(Critical) When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended. * [CVE-2022-32208](https://nvd.nist.gov/vuln/detail/CVE-2022-32208) CVSSv3 score: 5.9(Medium) When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client. * expat * [CVE-2022-40674](https://nvd.nist.gov/vuln/detail/CVE-2022-40674) CVSSv3 score: 9.8(Critical) libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. * git * [CVE-2022-29187](https://nvd.nist.gov/vuln/detail/CVE-2022-29187) CVSSv3 score: n/a Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when navigating as root into a shared tmp directory that is owned by them, but where an attacker could create a git repository. Versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5 contain a patch for this issue. The simplest way to avoid being affected by the exploit described in the example is to avoid running git as root (or an Administrator in Windows), and if needed to reduce its use to a minimum. While a generic workaround is not possible, a system could be hardened from the exploit described in the example by removing any such repository if it exists already and creating one as root to block any future attacks. * gnupg * [CVE-2022-34903](https://nvd.nist.gov/vuln/detail/CVE-2022-34903) CVSSv3 score: 6.5(Medium) GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line. * gnutls * [CVE-2022-2509](https://nvd.nist.gov/vuln/detail/CVE-2022-2509) CVSSv3 score: 7.5(High) A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function. * libtirpc * [CVE-2021-46828](https://nvd.nist.gov/vuln/detail/CVE-2021-46828) CVSSv3 score: 7.5(High) In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections. * open-vm-tools * [CVE-2022-31676](https://nvd.nist.gov/vuln/detail/CVE-2022-31676) CVSSv3 score: 7.8(High) VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine. * shadow * [CVE-2013-4235](https://nvd.nist.gov/vuln/detail/CVE-2013-4235) CVSSv3 score: 4.7(Medium) shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees * vim * [CVE-2022-0629](https://nvd.nist.gov/vuln/detail/CVE-2022-0629) CVSSv3 score: 7.8(High) Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. * [CVE-2022-0685](https://nvd.nist.gov/vuln/detail/CVE-2022-0685) CVSSv3 score: 7.8(High) Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418. * [CVE-2022-0714](https://nvd.nist.gov/vuln/detail/CVE-2022-0714) CVSSv3 score: 5.5(Medium) Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436. * [CVE-2022-0729](https://nvd.nist.gov/vuln/detail/CVE-2022-0729) CVSSv3 score: 8.8(High) Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440. * [CVE-2022-0943](https://nvd.nist.gov/vuln/detail/CVE-2022-0943) CVSSv3 score: 7.8(High) Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563. * [CVE-2022-1154](https://nvd.nist.gov/vuln/detail/CVE-2022-1154) CVSSv3 score: 7.8(High) Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646. * [CVE-2022-1160](https://nvd.nist.gov/vuln/detail/CVE-2022-1160) CVSSv3 score: 7.8(High) heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647. * [CVE-2022-1381](https://nvd.nist.gov/vuln/detail/CVE-2022-1381) CVSSv3 score: 7.8(High) global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution * [CVE-2022-1420](https://nvd.nist.gov/vuln/detail/CVE-2022-1420) CVSSv3 score: 5.5(Medium) Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774. * [CVE-2022-1616](https://nvd.nist.gov/vuln/detail/CVE-2022-1616) CVSSv3 score: 7.8(High) Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution * [CVE-2022-1619](https://nvd.nist.gov/vuln/detail/CVE-2022-1619) CVSSv3 score: 7.8(High) Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable of crashing software, modify memory, and possible remote execution * [CVE-2022-1620](https://nvd.nist.gov/vuln/detail/CVE-2022-1620) CVSSv3 score: 7.5(High) NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows attackers to cause a denial of service (application crash) via a crafted input. * [CVE-2022-1621](https://nvd.nist.gov/vuln/detail/CVE-2022-1621) CVSSv3 score: 7.8(High) Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution * [CVE-2022-1629](https://nvd.nist.gov/vuln/detail/CVE-2022-1629) CVSSv3 score: 7.8(High) Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution * [CVE-2022-1674](https://nvd.nist.gov/vuln/detail/CVE-2022-1674) CVSSv3 score: 5.5(Medium) NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allows attackers to cause a denial of service (application crash) via a crafted input. * [CVE-2022-1733](https://nvd.nist.gov/vuln/detail/CVE-2022-1733) CVSSv3 score: 7.8(High) Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968. * [CVE-2022-1735](https://nvd.nist.gov/vuln/detail/CVE-2022-1735) CVSSv3 score: 7.8(High) Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969. * [CVE-2022-1769](https://nvd.nist.gov/vuln/detail/CVE-2022-1769) CVSSv3 score: 7.8(High) Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974. * [CVE-2022-1771](https://nvd.nist.gov/vuln/detail/CVE-2022-1771) CVSSv3 score: 5.5(Medium) Uncontrolled Recursion in GitHub repository vim/vim prior to 8.2.4975. * [CVE-2022-1785](https://nvd.nist.gov/vuln/detail/CVE-2022-1785) CVSSv3 score: 7.8(High) Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977. * [CVE-2022-1796](https://nvd.nist.gov/vuln/detail/CVE-2022-1796) CVSSv3 score: 7.8(High) Use After Free in GitHub repository vim/vim prior to 8.2.4979. * [CVE-2022-1897](https://nvd.nist.gov/vuln/detail/CVE-2022-1897) CVSSv3 score: 7.8(High) Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. * [CVE-2022-1898](https://nvd.nist.gov/vuln/detail/CVE-2022-1898) CVSSv3 score: 7.8(High) Use After Free in GitHub repository vim/vim prior to 8.2. * [CVE-2022-1886](https://nvd.nist.gov/vuln/detail/CVE-2022-1886) CVSSv3 score: 7.8(High) Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. * [CVE-2022-1851](https://nvd.nist.gov/vuln/detail/CVE-2022-1851) CVSSv3 score: 7.8(High) Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. * [CVE-2022-1927](https://nvd.nist.gov/vuln/detail/CVE-2022-1927) CVSSv3 score: 9.8(Critical) Buffer Over-read in GitHub repository vim/vim prior to 8.2. * [CVE-2022-1942](https://nvd.nist.gov/vuln/detail/CVE-2022-1942) CVSSv3 score: 7.8(High) Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. * [CVE-2022-1968](https://nvd.nist.gov/vuln/detail/CVE-2022-1968) CVSSv3 score: 7.8(High) Use After Free in GitHub repository vim/vim prior to 8.2. * [CVE-2022-2000](https://nvd.nist.gov/vuln/detail/CVE-2022-2000) CVSSv3 score: 7.8(High) Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. --- ### Communication #### Go/No-Go message for Matrix/Slack Go/No-Go Meeting for Alpha 3374.0.0 Beta 3346.1.0 Pre-view images are available in https://bincache.flatcar-linux.net/images/amd64/3346.1.0/ https://bincache.flatcar-linux.net/images/amd64/3374.0.0/ Tracking issue: https://github.com/flatcar/Flatcar/issues/860 The Go/No-Go document is in our HackMD @flatcar namespace Link: https://hackmd.io/NuLz3rKZQl2B44jbZrSaRw?view Please give your Go/No-Go vote with 💚 for Go, ❌ for No-Go, and ✋ for Wait. Contributors & community feel free to put your suggestions, thoughts or comments on the document or here in the chat. @MAINTAINER @MAINTAINER @MAINTAINER #### Twitter _The tweet (from [@flatcar](https://twitter.com/flatcar)) goes out after the changelog update has been published; it includes a link to the web changelog._ New Flatcar releases now available for [all channels|Alpha|Alpha+Beta|...]! 📦 Many package updates: [highlight], [highlight] ... 🔒 CVE fixes & security patches: [highlight fix], [highlight fix] ... 📜 Release notes at the usual spot: https://www.flatcar.org/releases/ #### Kubernetes Slack _This goes in the #flatcar channel_ Please welcome Flatcar releases of this month: - Alpha ${VERSION} (new major) - Beta ${VERSION} (maintenance release) These releases include: 🚀 new features ... 🩹 Fix bugs ... 📦 Many package updates: ... 📜 Release notes in usual spot: https://www.flatcar.org/releases/

    Import from clipboard

    Paste your markdown or webpage here...

    Advanced permission required

    Your current role can only read. Ask the system administrator to acquire write and comment permission.

    This team is disabled

    Sorry, this team is disabled. You can't edit this note.

    This note is locked

    Sorry, only owner can edit this note.

    Reach the limit

    Sorry, you've reached the max length this note can be.
    Please reduce the content or divide it to more notes, thank you!

    Import from Gist

    Import from Snippet

    or

    Export to Snippet

    Are you sure?

    Do you really want to delete this note?
    All users will lose their connection.

    Create a note from template

    Create a note from template

    Oops...
    This template has been removed or transferred.
    Upgrade
    All
    • All
    • Team
    No template.

    Create a template

    Upgrade

    Delete template

    Do you really want to delete this template?
    Turn this template into a regular note and keep its content, versions, and comments.

    This page need refresh

    You have an incompatible client version.
    Refresh to update.
    New version available!
    See releases notes here
    Refresh to enjoy new features.
    Your user state has changed.
    Refresh to load new user state.

    Sign in

    Forgot password

    or

    By clicking below, you agree to our terms of service.

    Sign in via Facebook Sign in via Twitter Sign in via GitHub Sign in via Dropbox Sign in with Wallet
    Wallet ( )
    Connect another wallet

    New to HackMD? Sign up

    Help

    • English
    • 中文
    • Français
    • Deutsch
    • 日本語
    • Español
    • Català
    • Ελληνικά
    • Português
    • italiano
    • Türkçe
    • Русский
    • Nederlands
    • hrvatski jezik
    • język polski
    • Українська
    • हिन्दी
    • svenska
    • Esperanto
    • dansk

    Documents

    Help & Tutorial

    How to use Book mode

    Slide Example

    API Docs

    Edit in VSCode

    Install browser extension

    Contacts

    Feedback

    Discord

    Send us email

    Resources

    Releases

    Pricing

    Blog

    Policy

    Terms

    Privacy

    Cheatsheet

    Syntax Example Reference
    # Header Header 基本排版
    - Unordered List
    • Unordered List
    1. Ordered List
    1. Ordered List
    - [ ] Todo List
    • Todo List
    > Blockquote
    Blockquote
    **Bold font** Bold font
    *Italics font* Italics font
    ~~Strikethrough~~ Strikethrough
    19^th^ 19th
    H~2~O H2O
    ++Inserted text++ Inserted text
    ==Marked text== Marked text
    [link text](https:// "title") Link
    ![image alt](https:// "title") Image
    `Code` Code 在筆記中貼入程式碼
    ```javascript
    var i = 0;
    ```    		 
    var i = 0;
    :smile: :smile: Emoji list
    {%youtube youtube_id %} Externals
    $L^aT_eX$ LaTeX
    :::info
    This is a alert area.
    :::

    This is a alert area.
    Versions and GitHub Sync
    Get Full History Access

    • Edit version name
    • Delete

    revision author avatar     named on  

    More Less

    Note content is identical to the latest version.
    Compare
      Choose a version
      No search result
      Version not found
    Sign in to link this note to GitHub
    Learn more
    This note is not linked with GitHub
     

    Feedback

    Submission failed, please try again

    Thanks for your support.

    On a scale of 0-10, how likely is it that you would recommend HackMD to your friends, family or business associates?

    Please give us some advice and help us improve HackMD.

     

    Thanks for your feedback

    Remove version name

    Do you want to remove this version name and description?

    Transfer ownership

    Transfer to
      Warning: is a public team. If you transfer note to this team, everyone on the web can find and read this note.

        Link with GitHub

        Please authorize HackMD on GitHub
        • Please sign in to GitHub and install the HackMD app on your GitHub repo.
        • HackMD links with GitHub through a GitHub App. You can choose which repo to install our App.
        Learn more  Sign in to GitHub

        Push the note to GitHub Push to GitHub Pull a file from GitHub

          Authorize again
         

        Choose which file to push to

        Select repo
        Refresh Authorize more repos
        Select branch
        Select file
        Select branch
        Choose version(s) to push
        • Save a new version and push
        • Choose from existing versions
        Include title and tags
        Available push count

        Pull from GitHub

         
        File from GitHub
        File from HackMD

        GitHub Link Settings

        File linked

        Linked by
        File path
        Last synced branch
        Available push count

        Danger Zone

        Unlink
        You will no longer receive notification when GitHub file changes after unlink.

        Syncing

        Push failed

        Push successfully