Flatcar Container Linux
      • Sharing URL Link copied
      • /edit
      • View mode
        • Edit mode
        • View mode
        • Book mode
        • Slide mode
        Edit mode View mode Book mode Slide mode
      • Customize slides
      • Note Permission
      • Read
        • Owners
        • Signed-in users
        • Everyone
        Owners Signed-in users Everyone
      • Write
        • Owners
        • Signed-in users
        • Everyone
        Owners Signed-in users Everyone
      • Engagement control Commenting, Suggest edit, Emoji Reply
    • Invite by email
      Invitee

      This note has no invitees

    • Publish Note

      Share your work with the world Congratulations! 🎉 Your note is out in the world Publish Note

      Your note will be visible on your profile and discoverable by anyone.
      Your note is now live.
      This note is visible on your profile and discoverable online.
      Everyone on the web can find and read all notes of this public team.
      See published notes
      Unpublish note
      Please check the box to agree to the Community Guidelines.
      View profile
    • Commenting
      Permission
      Disabled Forbidden Owners Signed-in users Everyone
    • Enable
    • Permission
      • Forbidden
      • Owners
      • Signed-in users
      • Everyone
    • Suggest edit
      Permission
      Disabled Forbidden Owners Signed-in users Everyone
    • Enable
    • Permission
      • Forbidden
      • Owners
      • Signed-in users
    • Emoji Reply
    • Enable
    • Versions and GitHub Sync
    • Note settings
    • Note Insights
    • Engagement control
    • Transfer ownership
    • Delete this note
    • Insert from template
    • Import from
      • Dropbox
      • Google Drive
      • Gist
      • Clipboard
    • Export to
      • Dropbox
      • Google Drive
      • Gist
    • Download
      • Markdown
      • HTML
      • Raw HTML
Menu Note settings Versions and GitHub Sync Note Insights Sharing URL Help
Menu
Options
Engagement control Transfer ownership Delete this note
Import from
Dropbox Google Drive Gist Clipboard
Export to
Dropbox Google Drive Gist
Download
Markdown HTML Raw HTML
Back
Sharing URL Link copied
/edit
View mode
  • Edit mode
  • View mode
  • Book mode
  • Slide mode
Edit mode View mode Book mode Slide mode
Customize slides
Note Permission
Read
Owners
  • Owners
  • Signed-in users
  • Everyone
Owners Signed-in users Everyone
Write
Owners
  • Owners
  • Signed-in users
  • Everyone
Owners Signed-in users Everyone
Engagement control Commenting, Suggest edit, Emoji Reply
  • Invite by email
    Invitee

    This note has no invitees

    • Publish Note

    Share your work with the world Congratulations! 🎉 Your note is out in the world Publish Note

    Your note will be visible on your profile and discoverable by anyone.
    Your note is now live.
    This note is visible on your profile and discoverable online.
    Everyone on the web can find and read all notes of this public team.
    See published notes
    Unpublish note
    Please check the box to agree to the Community Guidelines.
    View profile
    Engagement control
    Commenting
    Permission
    Disabled Forbidden Owners Signed-in users Everyone
    Enable
    Permission
    • Forbidden
    • Owners
    • Signed-in users
    • Everyone
    Suggest edit
    Permission
    Disabled Forbidden Owners Signed-in users Everyone
    Enable
    Permission
    • Forbidden
    • Owners
    • Signed-in users
    Emoji Reply
    Enable
    Import from Dropbox Google Drive Gist Clipboard
       owned this note    owned this note      
    Published Linked with GitHub
    Subscribed
    • Any changes
      Be notified of any changes
    • Mention me
      Be notified of mention me
    • Unsubscribe
    Subscribe
    # Flatcar Container Linux Release - 2022-08-30 ## Flatcar-linux-Alpha-3346.0.0 - AMD64-usr - Platforms succeeded: All except for AWS, Digital Ocean, Qemu - Platforms failed: AWS, Digital Ocean, Qemu - AWS: `kubeadm.v1.24.1.cilium.base`, flaky test, already known issue - Digital Ocean: `kubeadm.v1.24.1.cilium.base`, flaky test, already known issue - Qemu: `kubeadm.v1.24.1.cilium.base`, flaky test, already known issue - Platforms not tested: None - ARM64-usr - Platforms succeeded: All - Platforms failed: None - Platforms not tested: None VERDICT: _GO_ ## Flatcar-linux-Beta-3277.1.2 - AMD64-usr - Platforms succeeded: All except for Azure, Digital Ocean, Qemu_uefi - Platforms failed: Azure, Digital Ocean, Qemu_uefi - Azure: `kubeadm.v1.24.1.cilium.base`, flaky test, already known issue - Digital Ocean: `kubeadm.v1.24.1.cilium.base`, flaky test, already known issue - Qemu_uefi: `kubeadm.v1.24.1.cilium.base`, flaky test, already known issue - Platforms not tested: None - ARM64-usr - Platforms succeeded: All except for AWS, Azure, Equinix Metal, Qemu_uefi - Platforms failed: AWS, Azure, Equinix Metal, Qemu_uefi - AWS: `kubeadm.*.calico.base`, `kubeadm.*.cilium.base`, flaky test, already known issue - Azure: `kubeadm.v1.24.1.cilium.base`, flaky test, already known issue - Equinix Metal: `kubeadm.v1.24.1.cilium.base`, flaky test, already known issue - Qemu_uefi: `kubeadm.v1.24.1.cilium.base`, flaky test, already known issue - Platforms not tested: None VERDICT: _GO_ ## Flatcar-linux-Stable-3227.2.2 - AMD64-usr - Platforms succeeded: All except for AWS, Azure, Digital Ocean, Equinix Metal, Qemu, Qemu_uefi - Platforms failed: AWS, Azure, Digital Ocean, Equinix Metal, Qemu, Qemu_uefi - AWS: `kubeadm.v1.24.1.cilium.base`, flaky test, already known issue - Azure: `kubeadm.v1.24.1.cilium.base`, flaky test, already known issue - Digital Ocean: `kubeadm.v1.24.1.cilium.base`, flaky test, already known issue - Equinix Metal: `kubeadm.v1.24.1.cilium.base`, `cl.internet` for s3.xlarge, already known issue - Qemu: `kubeadm.v1.24.1.cilium.base`, flaky test, already known issue - Qemu_uefi: `kubeadm.v1.24.1.cilium.base`, flaky test, already known issue - Platforms not tested: None - ARM64-usr - Platforms succeeded: All except for AWS - Platforms failed: None - Platforms not tested: AWS - The whole test could not run due to an unknown corrupted AMI issue. VERDICT: _GO_ ## Flatcar-linux-LTS-2022-3033.3.5 - AMD64-usr - Platforms succeeded: All except for Equinix Metal, Qemu - Platforms failed: Equinix Metal, Qemu - Equinix Metal: `kubeadm.v1.24.1.cilium.base`, `cl.internet` for s3.xlarge already known issue - Qemu: `kubeadm.v1.24.1.cilium.base`, flaky test, already known issue - Platforms not tested: None - ARM64-usr - Platforms succeeded: All - Platforms failed: None - Platforms not tested: None VERDICT: _GO_ ## Flatcar-linux-LTS-2021-2605.31.1 - AMD64-usr - Platforms succeeded: All - Platforms failed: None - Platforms not tested: None VERDICT: _GO_ ## Communication --- #### Guidelines / Things to Remember - Release notes are used in a PR and will appear on https://www.flatcar-linux.org/releases/ - [Announcement Message](#Announcement-Message) is posted in [Flatcar-Linux-user](https://groups.google.com/g/flatcar-linux-user). Make sure to post as “Flatcar Container Linux User”, not with your personal user (this can be selected when drafting the post). - Make sure the the LTS is referred to as `LTS-2021`, and not `LTS-2605` --- ### Announcement Message Subject: Announcing new Alpha 3346.0.0, Beta 3277.1.2, Stable 3227.2.2, LTS-2022 3033.3.5, LTS-2021 2605.31.1 Hello, We are pleased to announce a new Flatcar Container Linux release for the Alpha, Beta, Stable, LTS-2022, LTS-2021 channels. The images are signed with a [new image signing subkey](https://www.flatcar.org/security/image-signing-key/). If you verify the images, you need to update it. The new key is also updated in the embedded flatcar-install script and you should use, e.g., the new PXE images to install the latest releases to disk. **NOTE** LTS-2021 is near the designated end of its 18 month lifespan and will only receive 1 more update by the end of September. If you use a fixed LTS channel please switch to LTS-2022, the new LTS which has been published in May. After the next update by end of September there will be no more releases for the LTS-2021 channel as it will enter EOL. Please check your nodes' `GROUP=` setting in `/etc/flatcar/update.conf` to determine if you need to take action: - `GROUP=lts` points to the latest LTS release. No need to take action as you are already using LTS-2022, which is the latest release. - `GROUP=lts-2022` you have pinned your nodes to the LTS-2022 channel. No need to take action as you are already using the latest release (however, you will need to take action in about 12 months to switch to LTS-2023. Check the release notes of upcoming LTS releases to stay up to date). - `GROUP=lts-2021` you have pinned your nodes to the LTS-2021 channel. Nodes will receive one more update by the end of September; after that, LTS-2021 will be EOL. Please refer to the Flatcar documentation on [switching channels](https://flatcar-linux.org/docs/latest/setup/releases/switching-channels/#freezing-an-lts-stream) to switch to LTS-2022. # New **Alpha** Release **3346.0.0** _Changes since **Alpha 3305.0.1**_ #### Security fixes: - Linux ([CVE-2022-1679](https://nvd.nist.gov/vuln/detail/CVE-2022-1679), [CVE-2022-2585](https://nvd.nist.gov/vuln/detail/CVE-2022-2585), [CVE-2022-2586](https://nvd.nist.gov/vuln/detail/CVE-2022-2586), [CVE-2022-2588](https://nvd.nist.gov/vuln/detail/CVE-2022-2588), [CVE-2022-26373](https://nvd.nist.gov/vuln/detail/CVE-2022-26373), [CVE-2022-36946](https://nvd.nist.gov/vuln/detail/CVE-2022-36946)) - Go ([CVE-2022-32189](https://nvd.nist.gov/vuln/detail/CVE-2022-32189)) - binutils ([CVE-2021-45078](https://nvd.nist.gov/vuln/detail/CVE-2021-45078)) - git ([CVE-2022-29187](https://nvd.nist.gov/vuln/detail/CVE-2022-29187)) - gnutls ([CVE-2022-2509](https://nvd.nist.gov/vuln/detail/CVE-2022-2509)) - libtirpc ([CVE-2021-46828](https://nvd.nist.gov/vuln/detail/CVE-2021-46828)) - oniguruma ([oss-fuzz issues fixed 2022-04-30](https://bugs.gentoo.org/841893)) - shadow ([CVE-2013-4235](https://nvd.nist.gov/vuln/detail/CVE-2013-4235)) - vim ([CVE-2022-0629](https://nvd.nist.gov/vuln/detail/CVE-2022-0629), [CVE-2022-0685](https://nvd.nist.gov/vuln/detail/CVE-2022-0685), [CVE-2022-0714](https://nvd.nist.gov/vuln/detail/CVE-2022-0714), [CVE-2022-0729](https://nvd.nist.gov/vuln/detail/CVE-2022-0729), [CVE-2022-0943](https://nvd.nist.gov/vuln/detail/CVE-2022-0943), [CVE-2022-1154](https://nvd.nist.gov/vuln/detail/CVE-2022-1154), [CVE-2022-1160](https://nvd.nist.gov/vuln/detail/CVE-2022-1160), [CVE-2022-1381](https://nvd.nist.gov/vuln/detail/CVE-2022-1381), [CVE-2022-1420](https://nvd.nist.gov/vuln/detail/CVE-2022-1420), [CVE-2022-1616](https://nvd.nist.gov/vuln/detail/CVE-2022-1616), [CVE-2022-1619](https://nvd.nist.gov/vuln/detail/CVE-2022-1619), [CVE-2022-1620](https://nvd.nist.gov/vuln/detail/CVE-2022-1620), [CVE-2022-1621](https://nvd.nist.gov/vuln/detail/CVE-2022-1621), [CVE-2022-1629](https://nvd.nist.gov/vuln/detail/CVE-2022-1629), [CVE-2022-1674](https://nvd.nist.gov/vuln/detail/CVE-2022-1674), [CVE-2022-1733](https://nvd.nist.gov/vuln/detail/CVE-2022-1733), [CVE-2022-1735](https://nvd.nist.gov/vuln/detail/CVE-2022-1735), [CVE-2022-1769](https://nvd.nist.gov/vuln/detail/CVE-2022-1769), [CVE-2022-1771](https://nvd.nist.gov/vuln/detail/CVE-2022-1771), [CVE-2022-1785](https://nvd.nist.gov/vuln/detail/CVE-2022-1785), [CVE-2022-1796](https://nvd.nist.gov/vuln/detail/CVE-2022-1796), [CVE-2022-1897](https://nvd.nist.gov/vuln/detail/CVE-2022-1897), [CVE-2022-1898](https://nvd.nist.gov/vuln/detail/CVE-2022-1898), [CVE-2022-1886](https://nvd.nist.gov/vuln/detail/CVE-2022-1886), [CVE-2022-1851](https://nvd.nist.gov/vuln/detail/CVE-2022-1851), [CVE-2022-1927](https://nvd.nist.gov/vuln/detail/CVE-2022-1927), [CVE-2022-1942](https://nvd.nist.gov/vuln/detail/CVE-2022-1942), [CVE-2022-1968](https://nvd.nist.gov/vuln/detail/CVE-2022-1968), [CVE-2022-2000](https://nvd.nist.gov/vuln/detail/CVE-2022-2000)) - VMware: open-vm-tools ([CVE-2022-31676](https://nvd.nist.gov/vuln/detail/CVE-2022-31676)) #### Bug fixes: - AWS: added EKS support for version 1.22 and 1.23. ([coreos-overlay#2110](https://github.com/flatcar-linux/coreos-overlay/pull/2110), [Flatcar#829](https://github.com/flatcar-linux/Flatcar/issues/829)) - VMWare: excluded `wireguard` (and others) from `systemd-networkd` management. ([init#80](https://github.com/flatcar-linux/init/pull/80)) #### Changes: - Added symlink from `nc` to `ncat`. `-q` option is [not yet supported](https://github.com/nmap/nmap/issues/2422) ([flatcar#545](https://github.com/flatcar-linux/Flatcar/issues/545)) - The new image signing subkey was added to the public key embedded into `flatcar-install` (the old expired on 10th August 2022), only an updated `flatcar-install` script can verify releases signed with the new key ([init#79](https://github.com/flatcar-linux/init/pull/79)) - AWS: Added AWS IMDSv2 support to coreos-cloudinit ([flatcar-linux/coreos-cloudinit#13](https://github.com/flatcar-linux/coreos-cloudinit/pull/13)) #### Updates: - Linux ([5.15.63](https://lwn.net/Articles/906061) (includes [5.15.62](https://lwn.net/Articles/905533), [5.15.61](https://lwn.net/Articles/904959), [5.15.60](https://lwn.net/Articles/904461), [5.15.59](https://lwn.net/Articles/903688)) - Linux Firmware ([20220815](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20220815)) - binutils ([2.38](https://lwn.net/Articles/884264/)) - boost ([1.79](https://www.boost.org/users/history/version_1_79_0.html)) - ca-certificates ([3.82](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_82.html)) - containerd ([1.6.8](https://github.com/containerd/containerd/releases/tag/v1.6.8)) - Cyrus SASL ([2.1.28](https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28)) - gcc ([11.3.0](https://gcc.gnu.org/gcc-11/changes.html)) - git ([2.37.1](https://github.com/git/git/blob/v2.37.1/Documentation/RelNotes/2.37.1.txt)) - glib ([2.72.3](https://gitlab.gnome.org/GNOME/glib/-/tags/2.73.3)) - gnutls ([3.7.7](https://gitlab.com/gnutls/gnutls/-/tags/3.7.7)) - oniguruma ([6.9.8](https://github.com/kkos/oniguruma/releases/tag/v6.9.8)) - shadow ([4.12.3](https://github.com/shadow-maint/shadow/releases/tag/4.12.3)) - vim ([8.2.5066](https://github.com/vim/vim/releases/tag/v8.2.5066)) - SDK: automake ([1.16.5](https://savannah.gnu.org/forum/forum.php?forum_id=10055)) - SDK: bison ([3.8.2](https://lists.gnu.org/archive/html/bug-bison/2021-09/msg00056.html)) - SDK: libtool ([2.4.7](https://savannah.gnu.org/forum/forum.php?forum_id=10139)) - SDK: perl ([5.34.1](https://perldoc.perl.org/5.34.1/perldelta)) - SDK: pkgconf ([1.8.0](https://gitea.treehouse.systems/ariadne/pkgconf/src/tag/pkgconf-1.8.0/NEWS)) - SDK: Rust ([1.63.0](https://github.com/rust-lang/rust/releases/tag/1.63.0)) - VMware: open-vm-tools ([12.1.0](https://github.com/vmware/open-vm-tools/releases/tag/stable-12.1.0)) # New **Beta** Release **3277.1.2** _Changes since **Beta 3277.1.1**_ #### Security fixes: - Linux ([CVE-2022-1679](https://nvd.nist.gov/vuln/detail/CVE-2022-1679), [CVE-2022-2585](https://nvd.nist.gov/vuln/detail/CVE-2022-2585), [CVE-2022-2586](https://nvd.nist.gov/vuln/detail/CVE-2022-2586), [CVE-2022-2588](https://nvd.nist.gov/vuln/detail/CVE-2022-2588), [CVE-2022-26373](https://nvd.nist.gov/vuln/detail/CVE-2022-26373), [CVE-2022-36946](https://nvd.nist.gov/vuln/detail/CVE-2022-36946)) #### Bug fixes: - AWS: added EKS support for version 1.22 and 1.23. ([coreos-overlay#2110](https://github.com/flatcar-linux/coreos-overlay/pull/2110), [Flatcar#829](https://github.com/flatcar-linux/Flatcar/issues/829)) - VMWare: excluded `wireguard` (and others) from `systemd-networkd` management. ([init#80](https://github.com/flatcar-linux/init/pull/80)) #### Changes: - The new image signing subkey was added to the public key embedded into `flatcar-install` (the old expired on 10th August 2022), only an updated `flatcar-install` script can verify releases signed with the new key ([init#79](https://github.com/flatcar-linux/init/pull/79)) - AWS: Added AWS IMDSv2 support to coreos-cloudinit ([flatcar-linux/coreos-cloudinit#13](https://github.com/flatcar-linux/coreos-cloudinit/pull/13)) #### Updates: - Linux ([5.15.63](https://lwn.net/Articles/906061) (includes [5.15.62](https://lwn.net/Articles/905533), [5.15.61](https://lwn.net/Articles/904959), [5.15.60](https://lwn.net/Articles/904461), [5.15.59](https://lwn.net/Articles/903688)) - ca-certificates ([3.82](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_82.html)) # New **Stable** Release **3227.2.2** _Note: The ARM64 AWS AMI of the Stable release has an unknown issue of corrupted images which we are still investigating. We will release the AMI as soon as we have resolved the issue. Follow [#840](https://github.com/flatcar-linux/Flatcar/issues/840) for more information_ _Changes since **Stable 3227.2.1**_ #### Security fixes: - Linux ([CVE-2022-1679](https://nvd.nist.gov/vuln/detail/CVE-2022-1679), [CVE-2022-2585](https://nvd.nist.gov/vuln/detail/CVE-2022-2585), [CVE-2022-2586](https://nvd.nist.gov/vuln/detail/CVE-2022-2586), [CVE-2022-2588](https://nvd.nist.gov/vuln/detail/CVE-2022-2588), [CVE-2022-26373](https://nvd.nist.gov/vuln/detail/CVE-2022-26373), [CVE-2022-36946](https://nvd.nist.gov/vuln/detail/CVE-2022-36946)) #### Bug fixes: - AWS: added EKS support for version 1.22 and 1.23. ([coreos-overlay#2110](https://github.com/flatcar-linux/coreos-overlay/pull/2110), [Flatcar#829](https://github.com/flatcar-linux/Flatcar/issues/829)) - VMWare: excluded `wireguard` (and others) from `systemd-networkd` management. ([init#80](https://github.com/flatcar-linux/init/pull/80)) #### Changes: - The new image signing subkey was added to the public key embedded into `flatcar-install` (the old expired on 10th August 2022), only an updated `flatcar-install` script can verify releases signed with the new key ([init#79](https://github.com/flatcar-linux/init/pull/79)) #### Updates: - Linux ([5.15.63](https://lwn.net/Articles/906061) (includes [5.15.62](https://lwn.net/Articles/905533), [5.15.61](https://lwn.net/Articles/904959), [5.15.60](https://lwn.net/Articles/904461), [5.15.59](https://lwn.net/Articles/903688)) - ca-certificates ([3.82](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_82.html)) # New **LTS-2022** Release **3033.3.5** _Changes since **LTS 3033.3.4**_ #### Security fixes: - Linux ([CVE-2022-1679](https://nvd.nist.gov/vuln/detail/CVE-2022-1679), [CVE-2022-2153](https://nvd.nist.gov/vuln/detail/CVE-2022-2153), [CVE-2022-2585](https://nvd.nist.gov/vuln/detail/CVE-2022-2585), [CVE-2022-2586](https://nvd.nist.gov/vuln/detail/CVE-2022-2586), [CVE-2022-2588](https://nvd.nist.gov/vuln/detail/CVE-2022-2588), [CVE-2022-26373](https://nvd.nist.gov/vuln/detail/CVE-2022-26373), [CVE-2022-36946](https://nvd.nist.gov/vuln/detail/CVE-2022-36946)) #### Changes: - The new image signing subkey was added to the public key embedded into `flatcar-install` (the old expired on 10th August 2022), only an updated `flatcar-install` script can verify releases signed with the new key ([init#79](https://github.com/flatcar-linux/init/pull/79)) #### Updates: - Linux ([5.10.137](https://lwn.net/Articles/905534) (includes [5.10.136](https://lwn.net/Articles/904462), [5.10.135](https://lwn.net/Articles/903689))) - ca-certificates ([3.82](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_82.html)) # New **LTS-2021** Release **2605.31.1** **NOTE** LTS-2021 is near the designated end of its 18 month lifespan and will only receive 1 more update by the end of September. If you use a fixed LTS channel please switch to LTS-2022, the new LTS which has been published in May. After the next update by end of September there will be no more releases for the LTS-2021 channel. Please check your nodes' `GROUP=` setting in `/etc/flatcar/update.conf` to determine if you need to take action. Please refer to the Flatcar documentation on [switching channels](https://flatcar-linux.org/docs/latest/setup/releases/switching-channels/#freezing-an-lts-stream) to switch to LTS-2022. _Changes since **LTS 2605.30.1**_ #### Security fixes: - Linux ([CVE-2021-4159](https://nvd.nist.gov/vuln/detail/CVE-2021-4159), [CVE-2022-1462](https://nvd.nist.gov/vuln/detail/CVE-2022-1462), [CVE-2022-20369](https://nvd.nist.gov/vuln/detail/CVE-2022-20369), [CVE-2022-21505](https://nvd.nist.gov/vuln/detail/CVE-2022-21505), [CVE-2022-26373](https://nvd.nist.gov/vuln/detail/CVE-2022-26373), [CVE-2022-36123](https://nvd.nist.gov/vuln/detail/CVE-2022-36123), [CVE-2022-36879](https://nvd.nist.gov/vuln/detail/CVE-2022-36879), [CVE-2022-36946](https://nvd.nist.gov/vuln/detail/CVE-2022-36946)) #### Changes: - The new image signing subkey was added to the public key embedded into `flatcar-install` (the old expired on 10th August 2022), only an updated `flatcar-install` script can verify releases signed with the new key ([init#79](https://github.com/flatcar-linux/init/pull/79)) #### Updates: - Linux ([5.4.210](https://lwn.net/Articles/904463) (includes [5.4.209](https://lwn.net/Articles/903690), [5.4.208](https://lwn.net/Articles/902919), [5.4.207](https://lwn.net/Articles/902103))) - ca-certificates ([3.82](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_82.html)) Note: LTS 2605.32.1 i.e the next release to be release in the month of September would be the last release for LTS-2021. Post that there will be no more releases for the channel. Please upgrade your workloads to LTS-2022 as soon as possible. Best, The Flatcar Container Linux Maintainers --- --- ### Security **Subject**: Security issues fixed with the latest Alpha 3346.0.0, Beta 3277.1.2, Stable 3227.2.2, LTS-2022 3033.3.5, LTS-2021 2605.31.1 releases **Security fix**: With the Alpha 3346.0.0, Beta 3277.1.2, Stable 3227.2.2, LTS-2022 3033.3.5, LTS-2021 2605.31.1 releases we ship fixes for the CVEs listed below. #### Alpha 3346.0.0 * Go * [CVE-2022-32189](https://nvd.nist.gov/vuln/detail/CVE-2022-32189) CVSSv3 score: 7.5(High) A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service. * Linux * [CVE-2022-1679](https://nvd.nist.gov/vuln/detail/CVE-2022-1679) CVSSv3 score: 7.8(High) A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. * [CVE-2022-2585](https://nvd.nist.gov/vuln/detail/CVE-2022-2585) It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU timers would be left on a list but freed, leading to a use-after-free. An independent security researcher working with SSD Secure Disclosure discovered that this vulnerability could be exploited for Local Privilege Escalation. This bug was introduced by commit 55e8c8eb2c7b ("posix-cpu-timers: Store a reference to a pid not a task"), which is present since v5.7-rc1. * [CVE-2022-2586](https://nvd.nist.gov/vuln/detail/CVE-2022-2586) When doing lookups for chains on the same batch by using its ID, a chain from a different table can be used. If a rule is added to a table but refers to a chain in a different table, it will be linked to the chain in table2, but would have expressions referring to objects in table1. Then, when table1 is removed, the rule will not be removed as its linked to a chain in table2. When expressions in the rule are processed or removed, that will lead to a use-after-free. When looking for chains by ID, use the table that was used for the lookup by name, and only return chains belonging to that same table. * [CVE-2022-2588](https://nvd.nist.gov/vuln/detail/CVE-2022-2588) It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0. Zhenpeng Lin working with Trend Micro's Zero Day Initiative discovered that this vulnerability could be exploited for Local Privilege Escalation. This bug has been present since the first Linux commit git, v2.6.12-rc2. * [CVE-2022-26373](https://nvd.nist.gov/vuln/detail/CVE-2022-26373) CVSSv3 score: 5.5(Medium) Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. * [CVE-2022-36946](https://nvd.nist.gov/vuln/detail/CVE-2022-36946) CVSSv3 score: 7.5(High) nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. * VMware: open-vm-tools * [CVE-2022-31676](https://nvd.nist.gov/vuln/detail/CVE-2022-31676) CVSSv3 score: 7.8(High) VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine. * binutils * [CVE-2021-45078](https://nvd.nist.gov/vuln/detail/CVE-2021-45078) CVSSv3 score: 7.8(High) stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699. * git * [CVE-2022-29187](https://nvd.nist.gov/vuln/detail/CVE-2022-29187) CVSSv3 score: n/a Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when navigating as root into a shared tmp directory that is owned by them, but where an attacker could create a git repository. Versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5 contain a patch for this issue. The simplest way to avoid being affected by the exploit described in the example is to avoid running git as root (or an Administrator in Windows), and if needed to reduce its use to a minimum. While a generic workaround is not possible, a system could be hardened from the exploit described in the example by removing any such repository if it exists already and creating one as root to block any future attacks. * gnutls * [CVE-2022-2509](https://nvd.nist.gov/vuln/detail/CVE-2022-2509) CVSSv3 score: 7.5(High) A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function. * libtirpc * [CVE-2021-46828](https://nvd.nist.gov/vuln/detail/CVE-2021-46828) CVSSv3 score: 7.5(High) In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections. * shadow * [CVE-2013-4235](https://nvd.nist.gov/vuln/detail/CVE-2013-4235) CVSSv3 score: 4.7(Medium) shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees * vim * [CVE-2022-0629](https://nvd.nist.gov/vuln/detail/CVE-2022-0629) CVSSv3 score: 7.8(High) Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. * [CVE-2022-0685](https://nvd.nist.gov/vuln/detail/CVE-2022-0685) CVSSv3 score: 7.8(High) Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418. * [CVE-2022-0714](https://nvd.nist.gov/vuln/detail/CVE-2022-0714) CVSSv3 score: 5.5(Medium) Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436. * [CVE-2022-0729](https://nvd.nist.gov/vuln/detail/CVE-2022-0729) CVSSv3 score: 8.8(High) Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440. * [CVE-2022-0943](https://nvd.nist.gov/vuln/detail/CVE-2022-0943) CVSSv3 score: 7.8(High) Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563. * [CVE-2022-1154](https://nvd.nist.gov/vuln/detail/CVE-2022-1154) CVSSv3 score: 7.8(High) Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646. * [CVE-2022-1160](https://nvd.nist.gov/vuln/detail/CVE-2022-1160) CVSSv3 score: 7.8(High) heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647. * [CVE-2022-1381](https://nvd.nist.gov/vuln/detail/CVE-2022-1381) CVSSv3 score: 7.8(High) global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution * [CVE-2022-1420](https://nvd.nist.gov/vuln/detail/CVE-2022-1420) CVSSv3 score: 5.5(Medium) Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774. * [CVE-2022-1616](https://nvd.nist.gov/vuln/detail/CVE-2022-1616) CVSSv3 score: 7.8(High) Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution * [CVE-2022-1619](https://nvd.nist.gov/vuln/detail/CVE-2022-1619) CVSSv3 score: 7.8(High) Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable of crashing software, modify memory, and possible remote execution * [CVE-2022-1620](https://nvd.nist.gov/vuln/detail/CVE-2022-1620) CVSSv3 score: 7.5(High) NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows attackers to cause a denial of service (application crash) via a crafted input. * [CVE-2022-1621](https://nvd.nist.gov/vuln/detail/CVE-2022-1621) CVSSv3 score: 7.8(High) Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution * [CVE-2022-1629](https://nvd.nist.gov/vuln/detail/CVE-2022-1629) CVSSv3 score: 7.8(High) Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution * [CVE-2022-1674](https://nvd.nist.gov/vuln/detail/CVE-2022-1674) CVSSv3 score: 5.5(Medium) NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allows attackers to cause a denial of service (application crash) via a crafted input. * [CVE-2022-1733](https://nvd.nist.gov/vuln/detail/CVE-2022-1733) CVSSv3 score: 7.8(High) Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968. * [CVE-2022-1735](https://nvd.nist.gov/vuln/detail/CVE-2022-1735) CVSSv3 score: 7.8(High) Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969. * [CVE-2022-1769](https://nvd.nist.gov/vuln/detail/CVE-2022-1769) CVSSv3 score: 7.8(High) Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974. * [CVE-2022-1771](https://nvd.nist.gov/vuln/detail/CVE-2022-1771) CVSSv3 score: 5.5(Medium) Uncontrolled Recursion in GitHub repository vim/vim prior to 8.2.4975. * [CVE-2022-1785](https://nvd.nist.gov/vuln/detail/CVE-2022-1785) CVSSv3 score: 7.8(High) Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977. * [CVE-2022-1796](https://nvd.nist.gov/vuln/detail/CVE-2022-1796) CVSSv3 score: 7.8(High) Use After Free in GitHub repository vim/vim prior to 8.2.4979. * [CVE-2022-1897](https://nvd.nist.gov/vuln/detail/CVE-2022-1897) CVSSv3 score: 7.8(High) Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. * [CVE-2022-1898](https://nvd.nist.gov/vuln/detail/CVE-2022-1898) CVSSv3 score: 7.8(High) Use After Free in GitHub repository vim/vim prior to 8.2. * [CVE-2022-1886](https://nvd.nist.gov/vuln/detail/CVE-2022-1886) CVSSv3 score: 7.8(High) Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. * [CVE-2022-1851](https://nvd.nist.gov/vuln/detail/CVE-2022-1851) CVSSv3 score: 7.8(High) Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. * [CVE-2022-1927](https://nvd.nist.gov/vuln/detail/CVE-2022-1927) CVSSv3 score: 9.8(Critical) Buffer Over-read in GitHub repository vim/vim prior to 8.2. * [CVE-2022-1942](https://nvd.nist.gov/vuln/detail/CVE-2022-1942) CVSSv3 score: 7.8(High) Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. * [CVE-2022-1968](https://nvd.nist.gov/vuln/detail/CVE-2022-1968) CVSSv3 score: 7.8(High) Use After Free in GitHub repository vim/vim prior to 8.2. * [CVE-2022-2000](https://nvd.nist.gov/vuln/detail/CVE-2022-2000) CVSSv3 score: 7.8(High) Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. #### Beta 3277.1.2 * Linux * [CVE-2022-1679](https://nvd.nist.gov/vuln/detail/CVE-2022-1679) CVSSv3 score: 7.8(High) A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. * [CVE-2022-2585](https://nvd.nist.gov/vuln/detail/CVE-2022-2585) It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU timers would be left on a list but freed, leading to a use-after-free. An independent security researcher working with SSD Secure Disclosure discovered that this vulnerability could be exploited for Local Privilege Escalation. This bug was introduced by commit 55e8c8eb2c7b ("posix-cpu-timers: Store a reference to a pid not a task"), which is present since v5.7-rc1. * [CVE-2022-2586](https://nvd.nist.gov/vuln/detail/CVE-2022-2586) When doing lookups for chains on the same batch by using its ID, a chain from a different table can be used. If a rule is added to a table but refers to a chain in a different table, it will be linked to the chain in table2, but would have expressions referring to objects in table1. Then, when table1 is removed, the rule will not be removed as its linked to a chain in table2. When expressions in the rule are processed or removed, that will lead to a use-after-free. When looking for chains by ID, use the table that was used for the lookup by name, and only return chains belonging to that same table. * [CVE-2022-2588](https://nvd.nist.gov/vuln/detail/CVE-2022-2588) It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0. Zhenpeng Lin working with Trend Micro's Zero Day Initiative discovered that this vulnerability could be exploited for Local Privilege Escalation. This bug has been present since the first Linux commit git, v2.6.12-rc2. * [CVE-2022-26373](https://nvd.nist.gov/vuln/detail/CVE-2022-26373) CVSSv3 score: 5.5(Medium) Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. * [CVE-2022-36946](https://nvd.nist.gov/vuln/detail/CVE-2022-36946) CVSSv3 score: 7.5(High) nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. #### Stable 3227.2.2 * Linux * [CVE-2022-1679](https://nvd.nist.gov/vuln/detail/CVE-2022-1679) CVSSv3 score: 7.8(High) A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. * [CVE-2022-2585](https://nvd.nist.gov/vuln/detail/CVE-2022-2585) It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU timers would be left on a list but freed, leading to a use-after-free. An independent security researcher working with SSD Secure Disclosure discovered that this vulnerability could be exploited for Local Privilege Escalation. This bug was introduced by commit 55e8c8eb2c7b ("posix-cpu-timers: Store a reference to a pid not a task"), which is present since v5.7-rc1. * [CVE-2022-2586](https://nvd.nist.gov/vuln/detail/CVE-2022-2586) When doing lookups for chains on the same batch by using its ID, a chain from a different table can be used. If a rule is added to a table but refers to a chain in a different table, it will be linked to the chain in table2, but would have expressions referring to objects in table1. Then, when table1 is removed, the rule will not be removed as its linked to a chain in table2. When expressions in the rule are processed or removed, that will lead to a use-after-free. When looking for chains by ID, use the table that was used for the lookup by name, and only return chains belonging to that same table. * [CVE-2022-2588](https://nvd.nist.gov/vuln/detail/CVE-2022-2588) It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0. Zhenpeng Lin working with Trend Micro's Zero Day Initiative discovered that this vulnerability could be exploited for Local Privilege Escalation. This bug has been present since the first Linux commit git, v2.6.12-rc2. * [CVE-2022-26373](https://nvd.nist.gov/vuln/detail/CVE-2022-26373) CVSSv3 score: 5.5(Medium) Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. * [CVE-2022-36946](https://nvd.nist.gov/vuln/detail/CVE-2022-36946) CVSSv3 score: 7.5(High) nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. #### LTS-2022 3033.3.5 * Linux * [CVE-2022-1679](https://nvd.nist.gov/vuln/detail/CVE-2022-1679) CVSSv3 score: 7.8(High) A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. * [CVE-2022-2153](https://nvd.nist.gov/vuln/detail/CVE-2022-2153) CVSSv3 score: n/a A flaw was found in the Linux kernel’s KVM when attempting to set a SynIC IRQ. This issue makes it possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service. * [CVE-2022-2585](https://nvd.nist.gov/vuln/detail/CVE-2022-2585) It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU timers would be left on a list but freed, leading to a use-after-free. An independent security researcher working with SSD Secure Disclosure discovered that this vulnerability could be exploited for Local Privilege Escalation. This bug was introduced by commit 55e8c8eb2c7b ("posix-cpu-timers: Store a reference to a pid not a task"), which is present since v5.7-rc1. * [CVE-2022-2586](https://nvd.nist.gov/vuln/detail/CVE-2022-2586) When doing lookups for chains on the same batch by using its ID, a chain from a different table can be used. If a rule is added to a table but refers to a chain in a different table, it will be linked to the chain in table2, but would have expressions referring to objects in table1. Then, when table1 is removed, the rule will not be removed as its linked to a chain in table2. When expressions in the rule are processed or removed, that will lead to a use-after-free. When looking for chains by ID, use the table that was used for the lookup by name, and only return chains belonging to that same table. * [CVE-2022-2588](https://nvd.nist.gov/vuln/detail/CVE-2022-2588) It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0. Zhenpeng Lin working with Trend Micro's Zero Day Initiative discovered that this vulnerability could be exploited for Local Privilege Escalation. This bug has been present since the first Linux commit git, v2.6.12-rc2. * [CVE-2022-26373](https://nvd.nist.gov/vuln/detail/CVE-2022-26373) CVSSv3 score: 5.5(Medium) Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. * [CVE-2022-36946](https://nvd.nist.gov/vuln/detail/CVE-2022-36946) CVSSv3 score: 7.5(High) nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. #### LTS-2021 2605.31.1 * Linux * [CVE-2021-4159](https://nvd.nist.gov/vuln/detail/CVE-2021-4159) CVSSv3 score: 4.4(Medium) A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel. * [CVE-2022-1462](https://nvd.nist.gov/vuln/detail/CVE-2022-1462) CVSSv3 score: 6.3(Medium) An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory. * [CVE-2022-20369](https://nvd.nist.gov/vuln/detail/CVE-2022-20369) CVSSv3 score: 6.7(Medium) In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-223375145References: Upstream kernel * [CVE-2022-21505](https://nvd.nist.gov/vuln/detail/CVE-2022-21505) CVSSv3 score: n/a * [CVE-2022-26373](https://nvd.nist.gov/vuln/detail/CVE-2022-26373) CVSSv3 score: 5.5(Medium) Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. * [CVE-2022-36123](https://nvd.nist.gov/vuln/detail/CVE-2022-36123) CVSSv3 score: 7.8(High) The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol (.bss). This allows Xen PV guest OS users to cause a denial of service or gain privileges. * [CVE-2022-36879](https://nvd.nist.gov/vuln/detail/CVE-2022-36879) CVSSv3 score: 5.5(Medium) An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. * [CVE-2022-36946](https://nvd.nist.gov/vuln/detail/CVE-2022-36946) CVSSv3 score: 7.5(High) nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. --- ### Communication #### Twitter _The tweet (from [@flatcar](https://twitter.com/flatcar)) goes out after the changelog update has been published; it includes a link to the web changelog._ New Flatcar releases now available for all channels! 📦 Package updates (with 🔒CVE fixes) for Linux, gnutls, git, vim and others in Alpha 📜 Release notes at the usual spot: https://www.flatcar.org/releases/ #### Kubernetes Slack _This goes in the #flatcar channel_ Please welcome Flatcar releases of this month: - Alpha 3346.0.0 (new major) - Beta 3277.1.2 (maintenance release) - Stable 3227.2.2 (maintenance release) - LTS-2022 3033.3.5 (maintenance release) - LTS-2021 2605.31.1 (maintenance release) These releases include: 🚀 new features include AWS IMDSv2 support to coreos-cloudinit, EKS support for version 1.22 and 1.23 📦 Many package updates (with 🔒 CVE fixes) for Linux, gnutls, git, vim and others in Alpha 📜 Release notes in usual spot: https://www.flatcar.org/releases/

    Import from clipboard

    Paste your markdown or webpage here...

    Advanced permission required

    Your current role can only read. Ask the system administrator to acquire write and comment permission.

    This team is disabled

    Sorry, this team is disabled. You can't edit this note.

    This note is locked

    Sorry, only owner can edit this note.

    Reach the limit

    Sorry, you've reached the max length this note can be.
    Please reduce the content or divide it to more notes, thank you!

    Import from Gist

    Import from Snippet

    or

    Export to Snippet

    Are you sure?

    Do you really want to delete this note?
    All users will lose their connection.

    Create a note from template

    Create a note from template

    Oops...
    This template has been removed or transferred.
    Upgrade
    All
    • All
    • Team
    No template.

    Create a template

    Upgrade

    Delete template

    Do you really want to delete this template?
    Turn this template into a regular note and keep its content, versions, and comments.

    This page need refresh

    You have an incompatible client version.
    Refresh to update.
    New version available!
    See releases notes here
    Refresh to enjoy new features.
    Your user state has changed.
    Refresh to load new user state.

    Sign in

    Forgot password

    or

    By clicking below, you agree to our terms of service.

    Sign in via Facebook Sign in via Twitter Sign in via GitHub Sign in via Dropbox Sign in with Wallet
    Wallet ( )
    Connect another wallet

    New to HackMD? Sign up

    Help

    • English
    • 中文
    • Français
    • Deutsch
    • 日本語
    • Español
    • Català
    • Ελληνικά
    • Português
    • italiano
    • Türkçe
    • Русский
    • Nederlands
    • hrvatski jezik
    • język polski
    • Українська
    • हिन्दी
    • svenska
    • Esperanto
    • dansk

    Documents

    Help & Tutorial

    How to use Book mode

    Slide Example

    API Docs

    Edit in VSCode

    Install browser extension

    Contacts

    Feedback

    Discord

    Send us email

    Resources

    Releases

    Pricing

    Blog

    Policy

    Terms

    Privacy

    Cheatsheet

    Syntax Example Reference
    # Header Header 基本排版
    - Unordered List
    • Unordered List
    1. Ordered List
    1. Ordered List
    - [ ] Todo List
    • Todo List
    > Blockquote
    Blockquote
    **Bold font** Bold font
    *Italics font* Italics font
    ~~Strikethrough~~ Strikethrough
    19^th^ 19th
    H~2~O H2O
    ++Inserted text++ Inserted text
    ==Marked text== Marked text
    [link text](https:// "title") Link
    ![image alt](https:// "title") Image
    `Code` Code 在筆記中貼入程式碼
    ```javascript
    var i = 0;
    ```    		 
    var i = 0;
    :smile: :smile: Emoji list
    {%youtube youtube_id %} Externals
    $L^aT_eX$ LaTeX
    :::info
    This is a alert area.
    :::

    This is a alert area.
    Versions and GitHub Sync
    Get Full History Access

    • Edit version name
    • Delete

    revision author avatar     named on  

    More Less

    Note content is identical to the latest version.
    Compare
      Choose a version
      No search result
      Version not found
    Sign in to link this note to GitHub
    Learn more
    This note is not linked with GitHub
     

    Feedback

    Submission failed, please try again

    Thanks for your support.

    On a scale of 0-10, how likely is it that you would recommend HackMD to your friends, family or business associates?

    Please give us some advice and help us improve HackMD.

     

    Thanks for your feedback

    Remove version name

    Do you want to remove this version name and description?

    Transfer ownership

    Transfer to
      Warning: is a public team. If you transfer note to this team, everyone on the web can find and read this note.

        Link with GitHub

        Please authorize HackMD on GitHub
        • Please sign in to GitHub and install the HackMD app on your GitHub repo.
        • HackMD links with GitHub through a GitHub App. You can choose which repo to install our App.
        Learn more  Sign in to GitHub

        Push the note to GitHub Push to GitHub Pull a file from GitHub

          Authorize again
         

        Choose which file to push to

        Select repo
        Refresh Authorize more repos
        Select branch
        Select file
        Select branch
        Choose version(s) to push
        • Save a new version and push
        • Choose from existing versions
        Include title and tags
        Available push count

        Pull from GitHub

         
        File from GitHub
        File from HackMD

        GitHub Link Settings

        File linked

        Linked by
        File path
        Last synced branch
        Available push count

        Danger Zone

        Unlink
        You will no longer receive notification when GitHub file changes after unlink.

        Syncing

        Push failed

        Push successfully