A new release of the Ubuntu Cloud Images for stable Ubuntu release 18.04 LTS (Bionic Beaver) is available at [1]. These new images superseded the existing images [2]. Images are available for download or immediate use on EC2 via publish AMI ids. Users who wish to update their existing installations can do so with: 'sudo apt-get update && sudo apt-get dist-upgrade && sudo reboot'. The following packages have been updated. Please see the full changelogs for a complete listing of changes: * accountsservice: 0.6.45-1ubuntu1 => 0.6.45-1ubuntu1.3 * apport: 2.20.9-0ubuntu7.18 => 2.20.9-0ubuntu7.19 * glibc: 2.27-3ubuntu1.2 => 2.27-3ubuntu1.3 * linux-meta: 4.15.0.122.109 => 4.15.0.123.110 * linux-signed: 4.15.0-122.124 => 4.15.0-123.126 * openldap: 2.4.45+dfsg-1ubuntu1.6 => 2.4.45+dfsg-1ubuntu1.7 * python-cryptography: 2.1.4-1ubuntu1.3 => 2.1.4-1ubuntu1.4 The following is a complete changelog for this image. new: {'linux-headers-4.15.0-123': '4.15.0-123.126', 'linux-modules-4.15.0-123-generic': '4.15.0-123.126', 'linux-headers-4.15.0-123-generic': '4.15.0-123.126'} removed: {'linux-headers-4.15.0-122-generic': '4.15.0-122.124', 'linux-headers-4.15.0-122': '4.15.0-122.124', 'linux-modules-4.15.0-122-generic': '4.15.0-122.124'} changed: ['accountsservice', 'apport', 'libaccountsservice0:amd64', 'libc-bin', 'libc6:amd64', 'libldap-2.4-2:amd64', 'libldap-common', 'linux-headers-generic', 'linux-headers-virtual', 'linux-image-4.15.0-123-generic', 'linux-image-virtual', 'linux-virtual', 'locales', 'multiarch-support', 'python3-apport', 'python3-cryptography', 'python3-problem-report'] new snaps: {} removed snaps: {} changed snaps: [] ==== accountsservice: 0.6.45-1ubuntu1 => 0.6.45-1ubuntu1.3 ==== ==== accountsservice libaccountsservice0:amd64 * SECURITY UPDATE: accountsservice drop privileges SIGSTOP DoS (LP: #1900255) - debian/patches/0010-set-language.patch: updated to not drop real uid and real gid in user_drop_privileges_to_user. - debian/patches/0009-language-tools.patch: updated to not reset effective uid. - CVE-2020-16126 * SECURITY UPDATE: directory traversal issue - debian/patches/CVE-2018-14036.patch: fix insufficient path prefix check in src/user.c. - CVE-2018-14036 ==== apport: 2.20.9-0ubuntu7.18 => 2.20.9-0ubuntu7.19 ==== ==== apport python3-apport python3-problem-report * data/apport: In the event that the crashing executable does not exist on disk any more the path name of the executable (passed by core) is appended with '(deleted)' because apport is currently using sys.argv for argument parsing there end up being too many arguments and apport crashes. This is fixed by adding handling for six arguments. (LP: #1899195) ==== glibc: 2.27-3ubuntu1.2 => 2.27-3ubuntu1.3 ==== ==== libc-bin libc6:amd64 locales multiarch-support [ Balint Reczey ] * debian/gbp.conf: Add initial configuration * debian/control.in/main: Add Vcs-* pointing to Ubuntu packaging repository * arm64: Enable searching shared libraries in atomics/ on LSE HW * Ship arm64 variant with LSE support in libc6-lse (LP: #1885012) * Run tests of libc6-lse on HW supporting LSE * debian/patches/git-updates.diff: update from upstream stable branch - pthread_cond_broadcast: Fix waiters-after-spinning case - Fix SSe2-based memmove corrupting memory (CVE-2017-18269) - Fix strstr() performance regression on Haswell processors - Support Japanese new era " (Reiwa)" - io: Remove copy_file_range emulation (LP: #1851263, #1858203, #1838327, #1797335, #1756209, #1853193) * XFAIL stdlib/tst-getrandom (LP: #1891403) * debian/testsuite-xfail-debian.mk: XFAIL new tst-support_descriptors [ Thadeu Lima de Souza Cascardo ] * tests: Make preadwritev2 invalid flags tests unsupported (LP: #1770480) [ Andreas Hasenack ] * branch-pthread_rwlock_trywrlock-hang-23844.patch: nptl: Fix pthread_rwlock_try*lock stalls (Bug 23844) (LP: #1864864) ==== linux-meta: 4.15.0.122.109 => 4.15.0.123.110 ==== ==== linux-headers-generic linux-headers-virtual linux-image-virtual linux-virtual * Bump ABI 4.15.0-123 ==== linux-signed: 4.15.0-122.124 => 4.15.0-123.126 ==== ==== linux-image-4.15.0-123-generic * Master version: 4.15.0-123.126 ==== openldap: 2.4.45+dfsg-1ubuntu1.6 => 2.4.45+dfsg-1ubuntu1.7 ==== ==== libldap-2.4-2:amd64 libldap-common * SECURITY UPDATE: DoS via NULL pointer dereference - debian/patches/CVE-2020-25692.patch: skip normalization if there's no equality rule in servers/slapd/modrdn.c. - CVE-2020-25692 ==== python-cryptography: 2.1.4-1ubuntu1.3 => 2.1.4-1ubuntu1.4 ==== ==== python3-cryptography * SECURITY UPDATE: Bleichenbacher timing oracle attack - debian/patches/CVE-2020-25659.patch: Attempt to mitigate Bleichenbacher attacks on RSA decryption docs/spelling_wordlist.txt, src/cryptography/hazmat/backends/openssl/rsa.py. - CVE-2020-25659 -- [1] http://cloud-images.ubuntu.com/releases/bionic/release-20201111/ [2] http://cloud-images.ubuntu.com/releases/bionic/release-20201031/