A new release of the Ubuntu Cloud Images for stable Ubuntu release 18.04 LTS (Bionic Beaver) is available at [1]. These new images superseded the existing images [2]. Images are available for download or immediate use on EC2 via publish AMI ids. Users who wish to update their existing installations can do so with:
   'sudo apt-get update && sudo apt-get dist-upgrade && sudo reboot'.

The following packages have been updated. Please see the full changelogs
for a complete listing of changes:
 * curl: 7.58.0-2ubuntu3.10 => 7.58.0-2ubuntu3.12 
 * linux-meta: 4.15.0.126.113 => 4.15.0.20.23 
 * linux-signed: 4.15.0-126.129 => 4.15.0-20.21 
 * openssl1.0: 1.0.2n-1ubuntu5.4 => 1.0.2n-1ubuntu5.5 
 * openssl: 1.1.1-1ubuntu2.1~18.04.6 => 1.1.1-1ubuntu2.1~18.04.7 


The following is a complete changelog for this image.
new: {'linux-modules-4.15.0-20-generic': '4.15.0-20.21', 'linux-headers-4.15.0-20-generic': '4.15.0-20.21', 'linux-headers-4.15.0-20': '4.15.0-20.21'}
removed: {'linux-headers-4.15.0-126': '4.15.0-126.129', 'linux-headers-4.15.0-126-generic': '4.15.0-126.129', 'linux-modules-4.15.0-126-generic': '4.15.0-126.129'}
changed: ['curl', 'libcurl3-gnutls:amd64', 'libcurl4:amd64', 'libssl1.0.0:amd64', 'libssl1.1:amd64', 'linux-headers-generic', 'linux-headers-virtual', 'linux-image-4.15.0-20-generic', 'linux-image-virtual', 'linux-virtual', 'openssl']
new snaps: {}
removed snaps: {}
changed snaps: []
==== curl: 7.58.0-2ubuntu3.10 => 7.58.0-2ubuntu3.12 ====
====     curl libcurl3-gnutls:amd64 libcurl4:amd64
  * SECURITY UPDATE: FTP redirect to malicious host via PASV response
    - debian/patches/CVE-2020-8284.patch: use CURLOPT_FTP_SKIP_PASV_IP by
      default in lib/url.c, src/tool_cfgable.c, docs/*, tests/data/*.
    - CVE-2020-8284
  * SECURITY UPDATE: FTP wildcard stack buffer overflow in libcurl
    - debian/patches/CVE-2020-8285.patch: make wc_statemach loop instead of
      recurse in lib/ftp.c.
    - CVE-2020-8285
  * SECURITY UPDATE: Inferior OCSP verification
    - debian/patches/CVE-2020-8286.patch: make the OCSP verification verify
      the certificate id in lib/vtls/openssl.c.
    - CVE-2020-8286
==== linux-meta: 4.15.0.126.113 => 4.15.0.20.23 ====
====     linux-headers-generic linux-headers-virtual linux-image-virtual linux-virtual
==== linux-signed: 4.15.0-126.129 => 4.15.0-20.21 ====
====     linux-image-4.15.0-20-generic
==== openssl: 1.1.1-1ubuntu2.1~18.04.6 => 1.1.1-1ubuntu2.1~18.04.7 ====
====     libssl1.1:amd64 openssl
  * SECURITY UPDATE: EDIPARTYNAME NULL pointer de-ref
    - debian/patches/CVE-2020-1971-1.patch: use explicit tagging for
      DirectoryString in crypto/x509v3/v3_genn.c.
    - debian/patches/CVE-2020-1971-2.patch: correctly compare EdiPartyName
      in crypto/x509v3/v3_genn.c.
    - debian/patches/CVE-2020-1971-3.patch: check that multi-strings/CHOICE
      types don't use implicit tagging in crypto/asn1/asn1_err.c,
      crypto/asn1/tasn_dec.c, crypto/err/openssl.txt,
      include/openssl/asn1err.h.
    - debian/patches/CVE-2020-1971-4.patch: complain if we are attempting
      to encode with an invalid ASN.1 template in crypto/asn1/asn1_err.c,
      crypto/asn1/tasn_enc.c, crypto/err/openssl.txt,
      include/openssl/asn1err.h.
    - debian/patches/CVE-2020-1971-5.patch: add a test for GENERAL_NAME_cmp
      in test/v3nametest.c.
    - debian/patches/CVE-2020-1971-6.patch: add a test for
      encoding/decoding using an invalid ASN.1 Template in
      test/asn1_decode_test.c, test/asn1_encode_test.c.
    - CVE-2020-1971
==== openssl1.0: 1.0.2n-1ubuntu5.4 => 1.0.2n-1ubuntu5.5 ====
====     libssl1.0.0:amd64
  * SECURITY UPDATE: EDIPARTYNAME NULL pointer de-ref
    - debian/patches/CVE-2020-1971-1.patch: use explicit tagging for
      DirectoryString in crypto/x509v3/v3_genn.c.
    - debian/patches/CVE-2020-1971-2.patch: correctly compare EdiPartyName
      in crypto/x509v3/v3_genn.c.
    - debian/patches/CVE-2020-1971-3.patch: check that multi-strings/CHOICE
      types don't use implicit tagging in crypto/asn1/asn1_err.c,
      crypto/asn1/tasn_dec.c, crypto/asn1/asn1.h.
    - debian/patches/CVE-2020-1971-4.patch: complain if we are attempting
      to encode with an invalid ASN.1 template in crypto/asn1/asn1_err.c,
      crypto/asn1/tasn_enc.c, crypto/asn1/asn1.h.
    - debian/patches/CVE-2020-1971-5.patch: add a test for GENERAL_NAME_cmp
      in crypto/x509v3/v3nametest.c.
    - CVE-2020-1971

--
[1] http://cloud-images.ubuntu.com/releases/bionic/release-20201209/
[2] http://cloud-images.ubuntu.com/releases/bionic/release-20201207/