A new release of the Ubuntu Cloud Images for stable Ubuntu release 18.04 LTS (Bionic Beaver) is available at [1]. These new images superseded the existing images [2]. Images are available for download or immediate use on EC2 via publish AMI ids. Users who wish to update their existing installations can do so with: 'sudo apt-get update && sudo apt-get dist-upgrade && sudo reboot'. The following packages have been updated. Please see the full changelogs for a complete listing of changes: * cron: 3.0pl1-128.1ubuntu1.1 => 3.0pl1-128.1ubuntu1.2 * curl: 7.58.0-2ubuntu3.17 => 7.58.0-2ubuntu3.18 * dbus: 1.12.2-1ubuntu1.2 => 1.12.2-1ubuntu1.3 * dnsmasq: 2.79-1ubuntu0.5 => 2.79-1ubuntu0.6 * linux-meta: 4.15.0.176.165 => 4.15.0.177.166 * linux-signed: 4.15.0-176.185 => 4.15.0-177.186 * open-iscsi: 2.0.874-5ubuntu2.10 => 2.0.874-5ubuntu2.11 * openssh: 1:7.6p1-4ubuntu0.6 => 1:7.6p1-4ubuntu0.7 * rsyslog: 8.32.0-1ubuntu4 => 8.32.0-1ubuntu4.2 * sbsigntool: 0.9.2-2ubuntu1~18.04.1 => 0.9.2-2ubuntu1~18.04.2 The following is a complete changelog for this image. new: {'linux-modules-4.15.0-177-generic': '4.15.0-177.186', 'linux-headers-4.15.0-177': '4.15.0-177.186', 'linux-headers-4.15.0-177-generic': '4.15.0-177.186'} removed: {'linux-headers-4.15.0-176-generic': '4.15.0-176.185', 'linux-modules-4.15.0-176-generic': '4.15.0-176.185', 'linux-headers-4.15.0-176': '4.15.0-176.185'} changed: ['cron', 'curl', 'dbus', 'dbus-user-session', 'dnsmasq-base', 'libcurl3-gnutls:amd64', 'libcurl4:amd64', 'libdbus-1-3:amd64', 'linux-headers-generic', 'linux-headers-virtual', 'linux-image-4.15.0-177-generic', 'linux-image-virtual', 'linux-virtual', 'open-iscsi', 'openssh-client', 'openssh-server', 'openssh-sftp-server', 'rsyslog', 'sbsigntool'] new snaps: {} removed snaps: {} changed snaps: [] ==== cron: 3.0pl1-128.1ubuntu1.1 => 3.0pl1-128.1ubuntu1.2 ==== ==== cron * SECURITY REGRESSION: CVE-2017-9525 regression (LP: #1971895) - debian/postinst: add tab_name emptiness check - https://salsa.debian.org/debian/cron/-/commit/23047851 ==== curl: 7.58.0-2ubuntu3.17 => 7.58.0-2ubuntu3.18 ==== ==== curl libcurl3-gnutls:amd64 libcurl4:amd64 * SECURITY UPDATE: CERTINFO never-ending busy-loop - debian/patches/CVE-2022-27781.patch: return error if seemingly stuck in a cert loop in lib/vtls/nss.c. - CVE-2022-27781 * SECURITY UPDATE: TLS and SSH connection too eager reuse - debian/patches/CVE-2022-27782.patch: check more TLS details for connection reuse in lib/setopt.c, lib/url.c, lib/urldata.h, lib/vtls/gtls.c, lib/vtls/openssl.c, lib/vtls/nss.c, lib/vtls/vtls.c. - CVE-2022-27782 ==== dbus: 1.12.2-1ubuntu1.2 => 1.12.2-1ubuntu1.3 ==== ==== dbus dbus-user-session libdbus-1-3:amd64 * SECURITY UPDATE: use-after-free when users share UID - debian/patches/CVE-2020-35512.patch: apply reference-counting to the user and group data structures in dbus/dbus-userdb.h, dbus/dbus-sysdeps-unix.h, dbus/dbus-userdb-util.c and dbus/dbus-userdb.c. - CVE-2020-35512 ==== dnsmasq: 2.79-1ubuntu0.5 => 2.79-1ubuntu0.6 ==== ==== dnsmasq-base * SECURITY UPDATE: Heap use after free - debian/patches/CVE-2022-0934.patch: Fix write-after-free error in DHCPv6 code in src/rfc3315.c. - CVE-2022-0934 ==== linux-meta: 4.15.0.176.165 => 4.15.0.177.166 ==== ==== linux-headers-generic linux-headers-virtual linux-image-virtual linux-virtual * Bump ABI 4.15.0-177 ==== linux-signed: 4.15.0-176.185 => 4.15.0-177.186 ==== ==== linux-image-4.15.0-177-generic * Master version: 4.15.0-177.186 ==== open-iscsi: 2.0.874-5ubuntu2.10 => 2.0.874-5ubuntu2.11 ==== ==== open-iscsi * d/extra/initramfs.local-{top,bottom}: move removal of open-iscsi.interface file from local-top to local-bottom, and fix shell quoting issue that would result in /run/initramfs/open-iscsi.interface always being removed (LP: #1872813) ==== openssh: 1:7.6p1-4ubuntu0.6 => 1:7.6p1-4ubuntu0.7 ==== ==== openssh-client openssh-server openssh-sftp-server * d/p/fix-connect-timeout-overflow.patch: prevent ConnectTimeout overflow. (LP: #1903516) [ Sergio Durigan Junior ] * d/p/lp1966591-upstream-preserve-group-world-read-permission-on-kno.patch: Preserve group/world read permissions on known_hosts. (LP: #1966591) ==== rsyslog: 8.32.0-1ubuntu4 => 8.32.0-1ubuntu4.2 ==== ==== rsyslog * SECURITY UPDATE: Heap buffer overflow - debian/patches/CVE-2022-24903.patch: fix a potential heap buffer overflow adding boundary checks in contrib/imhttp/imhttp.c, plugins/imptcp/imptcp.c, runtime/tcps_sess.c. - CVE-2022-24903 ==== sbsigntool: 0.9.2-2ubuntu1~18.04.1 => 0.9.2-2ubuntu1~18.04.2 ==== ==== sbsigntool * Enable signing riscv64 EFI binaries (LP: #1964510) -- [1] http://cloud-images.ubuntu.com/releases/bionic/release-20220513/ [2] http://cloud-images.ubuntu.com/releases/bionic/release-20220505/