A new release of the Ubuntu Cloud Images for stable Ubuntu release 20.04 LTS (Focal Fossa) is available at [1]. These new images superseded the existing images [2]. Images are available for download or immediate use on EC2 via publish AMI ids. Users who wish to update their existing installations can do so with: 'sudo apt-get update && sudo apt-get dist-upgrade && sudo reboot'. The following packages have been updated. Please see the full changelogs for a complete listing of changes: * apport: 2.20.11-0ubuntu27.21 => 2.20.11-0ubuntu27.23 * git: 1:2.25.1-1ubuntu3.2 => 1:2.25.1-1ubuntu3.3 * gzip: 1.10-0ubuntu4 => 1.10-0ubuntu4.1 * klibc: 2.0.7-1ubuntu5 => 2.0.7-1ubuntu5.1 * linux-meta: 5.4.0.107.111 => 5.4.0.109.113 * linux-signed: 5.4.0-107.121 => 5.4.0-109.123 * systemd: 245.4-4ubuntu3.15 => 245.4-4ubuntu3.16 * ubuntu-release-upgrader: 1:20.04.37 => 1:20.04.38 * xz-utils: 5.2.4-1ubuntu1 => 5.2.4-1ubuntu1.1 The following is a complete changelog for this image. new: {'linux-modules-5.4.0-109-generic': '5.4.0-109.123', 'linux-headers-5.4.0-109': '5.4.0-109.123', 'linux-headers-5.4.0-109-generic': '5.4.0-109.123'} removed: {'linux-headers-5.4.0-107': '5.4.0-107.121', 'linux-modules-5.4.0-107-generic': '5.4.0-107.121', 'linux-headers-5.4.0-107-generic': '5.4.0-107.121'} changed: ['apport', 'git', 'git-man', 'gzip', 'klibc-utils', 'libklibc:amd64', 'liblzma5:amd64', 'libnss-systemd:amd64', 'libpam-systemd:amd64', 'libsystemd0:amd64', 'libudev1:amd64', 'linux-headers-generic', 'linux-headers-virtual', 'linux-image-5.4.0-109-generic', 'linux-image-virtual', 'linux-virtual', 'python3-apport', 'python3-distupgrade', 'python3-problem-report', 'systemd', 'systemd-sysv', 'systemd-timesyncd', 'ubuntu-release-upgrader-core', 'udev', 'xz-utils'] new snaps: {} removed snaps: {} changed snaps: [] ==== apport: 2.20.11-0ubuntu27.21 => 2.20.11-0ubuntu27.23 ==== ==== apport python3-apport python3-problem-report * Fix expanded symlinks from the previous build * apport/ui.py: Error out when -w option is used on wayland (LP: #1952947). ==== git: 1:2.25.1-1ubuntu3.2 => 1:2.25.1-1ubuntu3.3 ==== ==== git git-man * SECURITY UPDATE: Run commands in diff users - debian/patches/CVE-2022-24765-*.patch: fix GIT_CEILING_DIRECTORIES; add an owner check for the top-level-directory; add a function to determine whether a path is owned by the current user in patch.c, t/t0060-path-utils.sh, setup.c, compat/mingw.c, compat/mingw.h, git-compat-util.h. - CVE-2022-24765 ==== gzip: 1.10-0ubuntu4 => 1.10-0ubuntu4.1 ==== ==== gzip * SECURITY UPDATE: arbitrary file override with crafted file names - debian/patches/CVE-2022-1271-1.patch: avoid exploit via multi-newline file names in zgrep.in. - debian/patches/CVE-2022-1271-2.patch: add test in tests/Makefile.am, tests/zgrep-abuse. - debian/patches/CVE-2022-1271-3.patch: port to POSIX sed in zgrep.in. - debian/patches/CVE-2022-1271-4.patch: optimize out a grep in gzexe.in. - debian/patches/CVE-2022-1271-5.patch: use C locale more often in gzexe.in, sample/zfile, zdiff.in, zgrep.in, znew.in. - debian/patches/CVE-2022-1271-6.patch: fix "binary file matches" mislabeling in tests/Makefile.am, tests/zgrep-binary, zgrep.in. - debian/rules: fix permissions on new test scripts. - CVE-2022-1271 ==== klibc: 2.0.7-1ubuntu5 => 2.0.7-1ubuntu5.1 ==== ==== klibc-utils libklibc:amd64 * SECURITY UPDATE: integer overflow in calloc - debian/patches/CVE-2021-31870.patch: add overflow check when performing the multiplication in usr/klibc/calloc.c. - CVE-2021-31870 * SECURITY UPDATE: integer overflow in cpio - debian/patches/CVE-2021-31871.patch: remove cast to unsigned to avoid a possible overflow in 64 bit systems in usr/utils/cpio.c. - CVE-2021-31871 * SECURITY UPDATE: integer overflow in read_in_new_ascii - debian/patches/CVE-2021-31872.patch: ensure that c_namesize and c_filesize are smaller than LONG_MAX in usr/utils/cpio.c. - CVE-2021-31872 * SECURITY UPDATE: integer overflow in malloc - debian/patches/CVE-2021-31873.patch: ensure that size is smaller than PTRDIFF_MAX in usr/klibc/malloc.c. - CVE-2021-31873 ==== linux-meta: 5.4.0.107.111 => 5.4.0.109.113 ==== ==== linux-headers-generic linux-headers-virtual linux-image-virtual linux-virtual * Bump ABI 5.4.0-109 * Bump ABI 5.4.0-108 * Packaging resync (LP: #1786013) - [Packaging] resync debian/dkms-versions from main package ==== linux-signed: 5.4.0-107.121 => 5.4.0-109.123 ==== ==== linux-image-5.4.0-109-generic * Master version: 5.4.0-109.123 * Master version: 5.4.0-108.122 ==== systemd: 245.4-4ubuntu3.15 => 245.4-4ubuntu3.16 ==== ==== libnss-systemd:amd64 libpam-systemd:amd64 libsystemd0:amd64 libudev1:amd64 systemd systemd-sysv systemd-timesyncd udev [ Dan Streetman ] * d/p/lp1946388-sd-journal-don-t-check-namespaces-if-we-have-no-name.patch: Avoid journalctl segfault (LP: #1946388) [ Jeremy Szu ] * Add a allowlist to unblock intel-hid on new HP machines (LP: #1955997) Author: Jeremy Szu File: debian/patches/lp1955997-add-a-allowlist-to-unblock-intel-hid-on-HP-mach.patch https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=88a859eaddb6c9a611fcbc44edab441aef4c4355 [ Nick Rosbrook ] * Prevent arguments from being overwritten with defaults at shutdown (LP: #1958284) File: debian/patches/lp1958284-core-move-reset_arguments-to-the-end-of-main-s-finish.patch https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=e61052bd1f20bcc54e7417542c6d445cf5040f56 [ Lukas Mrdian ] * Fix deadlock between pid1 and dbus-daemon (LP: #1871538) Author: Lukas Mrdian File: debian/patches/pid1-set-SYSTEMD_NSS_DYNAMIC_BYPASS-1-env-var-for-dbus-da.patch https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=e3aacfa26e3fc6df369e6f28e740389ae0020907 ==== ubuntu-release-upgrader: 1:20.04.37 => 1:20.04.38 ==== ==== python3-distupgrade ubuntu-release-upgrader-core * do-release-upgrade: Preserve env vars needed for screen lock prevention (LP: #1968607). * Run pre-build.sh: updating translations. * Manually run utils/update_mirrors.py to update mirrors. ==== xz-utils: 5.2.4-1ubuntu1 => 5.2.4-1ubuntu1.1 ==== ==== liblzma5:amd64 xz-utils * SECURITY UPDATE: arbitrary file overwrite or code execution with crafted file names - debian/patches/CVE-2022-1271.patch: fix escaping of malicious filenames in src/scripts/xzgrep.in. - CVE-2022-1271 -- [1] http://cloud-images.ubuntu.com/releases/focal/release-20220419/ [2] http://cloud-images.ubuntu.com/releases/focal/release-20220411.2/