A new release of the Ubuntu Cloud Images for stable Ubuntu release 22.04 (Jammy Jellyfish) is available at [1]. These new images superseded the existing images [2]. Images are available for download or immediate use on EC2 via publish AMI ids. Users who wish to update their existing installations can do so with: 'sudo apt-get update && sudo apt-get dist-upgrade && sudo reboot'. The following packages have been updated. Please see the full changelogs for a complete listing of changes: * apport: 2.20.11-0ubuntu82.1 => 2.20.11-0ubuntu82.2 * expat: 2.4.7-1 => 2.4.7-1ubuntu0.2 * multipath-tools: 0.8.8-1ubuntu1 => 0.8.8-1ubuntu1.22.04.1 * rsync: 3.2.3-8ubuntu3 => 3.2.3-8ubuntu3.1 The following is a complete changelog for this image. new: {} removed: {} changed: ['apport', 'kpartx', 'libexpat1:amd64', 'multipath-tools', 'python3-apport', 'python3-problem-report', 'rsync'] new snaps: {} removed snaps: {} changed snaps: [] ==== apport: 2.20.11-0ubuntu82.1 => 2.20.11-0ubuntu82.2 ==== ==== apport python3-apport python3-problem-report * Point Vcs-* URIs to git * Grab a slice of JournalErrors around the crash time (LP: #1962454) * data/apport: - Initialize error log as first step (LP: #1989467) - Fix PermissionError for setuid programs inside container (LP: #1982487) - Fix reading from stdin inside containers (LP: #1982555) * Fix autopkgtest test case failures (LP: #1989467): - Mark autopkgtest with isolation-container restriction - Fix failure if kernel module isofs is not installed - Do not check recommended dependencies - Skip UI test if kernel thread is not found - Fix race in test_crash_system_slice - Fix check for not running test executable - Use shadow in *_different_binary_source - Mock kernel package version in UI test - Fix test_kerneloops_nodetails if kernel is not installed - Drop broken test_crash_setuid_drop_and_kill - Expect linux-signed on arm64/s390x as well - Skip SegvAnalysis for non x86 architectures - Use unlimited core ulimit for SIGQUIT test - Fix race with progress window in GTK UI tests - Use sleep instead of yes for tests - Fix test_add_gdb_info_script on armhf - Fix wrong Ubuntu archive URI on ports - Fix KeyError in test_install_packages_unversioned - Depend on python3-systemd for container tests - Depend on psmisc for killall binary - Replace missing oxideqt-codecs - Drop broken test_install_packages_from_launchpad - Fix test_install_packages_permanent_sandbox* for s390x ==== expat: 2.4.7-1 => 2.4.7-1ubuntu0.2 ==== ==== libexpat1:amd64 * SECURITY UPDATE: use-after-free - debian/patches/CVE-2022-43680-1.patch: adds tests to cover DTD destruction in XML_ExternalEntityParserCreate in expat/tests/runtests.c. - debian/patches/CVE-2022-43680-2.patch: fix overeager DTD destruction in XML_ExternalEntityParserCreate in expat/lib/xmlparse.c. - CVE-2022-43680 * SECURITY UPDATE: Use-after-free in doContent - debian/patches/CVE-2022-40674.patch: ensure storeRawNames() is always called in func internalEntityProcessor if handling unbalanced tags in expat/lib/xmlparse.c. - CVE-2022-40674 ==== multipath-tools: 0.8.8-1ubuntu1 => 0.8.8-1ubuntu1.22.04.1 ==== ==== kpartx multipath-tools * SECURITY UPDATE: symlink attack - debian/patches/CVE-2022-41973.patch: use /run instead of /dev/shm in .gitignore, Makefile.inc, libmultipath/defaults.h, multipath/Makefile, multipath/multipath.rules.in, multipath/tmpfiles.conf.in. - debian/multipath-tools.install: install tmpfiles.d/multipath.conf. - debian/rules: copy udev rule after build. - CVE-2022-41973 * SECURITY UPDATE: authorization bypass - debian/patches/CVE-2022-41974-pre1.patch: fix command completion in interactive mode in multipathd/callbacks.c, multipathd/cli.c, multipathd/cli_handlers.c, multipathd/main.c. - debian/patches/CVE-2022-41974.patch: more robust command parsing in multipathd/callbacks.c, multipathd/cli.c, multipathd/cli.h, multipathd/cli_handlers.c, multipathd/uxlsnr.c. - debian/patches/CVE-2022-41974-2.patch: fix command completion with robust parser in multipathd/cli.c, multipathd/cli.h, multipathd/uxlsnr.c. - debian/patches/CVE-2022-41974-3.patch: add test for command parsing in Makefile.inc, tests/Makefile, tests/cli.c, multipathd/cli.h, multipathd/cli.c. - debian/patches/CVE-2022-41974-4.patch: fix memory leak handling invalid commands in multipathd/uxlsnr.c. - CVE-2022-41974 ==== rsync: 3.2.3-8ubuntu3 => 3.2.3-8ubuntu3.1 ==== ==== rsync * d/p/avoid_spurious_is_newer_messages_with_update.patch: New patch from upstream (LP: #1965076) -- [1] http://cloud-images.ubuntu.com/releases/jammy/release-20221124/ [2] http://cloud-images.ubuntu.com/releases/jammy/release-20221117/