A new release of the Ubuntu Cloud Images for stable Ubuntu release 20.10 (Groovy Gorilla) is available at [1]. These new images superseded the existing images [2]. Images are available for download or immediate use on EC2 via publish AMI ids. Users who wish to update their existing installations can do so with: 'sudo apt-get update && sudo apt-get dist-upgrade && sudo reboot'. The following packages have been updated. Please see the full changelogs for a complete listing of changes: * apport: 2.20.11-0ubuntu50.3 => 2.20.11-0ubuntu50.5 * ca-certificates: 20201027ubuntu0.20.10.1 => 20210119~20.10.1 * gnupg2: 2.2.20-1ubuntu1 => 2.2.20-1ubuntu1.1 * linux-meta: 5.8.0.41.45 => 5.8.0.43.48 * linux-signed: 5.8.0-41.46 => 5.8.0-43.49 * openldap: 2.4.53+dfsg-1ubuntu1.2 => 2.4.53+dfsg-1ubuntu1.3 The following is a complete changelog for this image. new: {'linux-modules-5.8.0-43-generic': '5.8.0-43.49', 'linux-headers-5.8.0-43-generic': '5.8.0-43.49', 'linux-headers-5.8.0-43': '5.8.0-43.49'} removed: {'linux-headers-5.8.0-41': '5.8.0-41.46', 'linux-modules-5.8.0-41-generic': '5.8.0-41.46', 'linux-headers-5.8.0-41-generic': '5.8.0-41.46'} changed: ['apport', 'ca-certificates', 'dirmngr', 'gnupg', 'gnupg-l10n', 'gnupg-utils', 'gpg', 'gpg-agent', 'gpg-wks-client', 'gpg-wks-server', 'gpgconf', 'gpgsm', 'gpgv', 'libldap-2.4-2:amd64', 'libldap-common', 'linux-headers-generic', 'linux-headers-virtual', 'linux-image-5.8.0-43-generic', 'linux-image-virtual', 'linux-virtual', 'python3-apport', 'python3-problem-report'] new snaps: {} removed snaps: {} changed snaps: ['core18', 'lxd', 'snapd'] ==== apport: 2.20.11-0ubuntu50.3 => 2.20.11-0ubuntu50.5 ==== ==== apport python3-apport python3-problem-report * SECURITY UPDATE: multiple security issues (LP: #1912326) - CVE-2021-25682: error parsing /proc/pid/status - CVE-2021-25683: error parsing /proc/pid/stat - CVE-2021-25684: stuck reading fifo - data/apport: make sure existing report is a regular file. - apport/fileutils.py: move some logic here to skip over manipulated process names and filenames. - test/test_fileutils.py: added some parsing tests. ==== ca-certificates: 20201027ubuntu0.20.10.1 => 20210119~20.10.1 ==== ==== ca-certificates * Update ca-certificates database to 20210119 (LP: #1914064): - mozilla/{certdata.txt,nssckbi.h}: Update Mozilla certificate authority bundle to version 2.46. - backport certain changes from the Ubuntu 20.10 20210119 package * mozilla/blacklist.txt: revert Symantec CA blacklist (LP: #1913951) The following root certificates were added back (+): + "GeoTrust Primary Certification Authority - G2" + "VeriSign Universal Root Certification Authority" ==== gnupg2: 2.2.20-1ubuntu1 => 2.2.20-1ubuntu1.1 ==== ==== dirmngr gnupg gnupg-l10n gnupg-utils gpg gpg-agent gpg-wks-client gpg-wks-server gpgconf gpgsm gpgv * d/p/dirmngr-handle-EAFNOSUPPORT-at-connect_server.patch: - Fix IPv6 connectivity for dirmngr (LP: #1910432) ==== linux-meta: 5.8.0.41.45 => 5.8.0.43.48 ==== ==== linux-headers-generic linux-headers-virtual linux-image-virtual linux-virtual * Packaging resync (LP: #1786013) - [Packaging] resync debian/dkms-versions from main package * Bump ABI 5.8.0-43 * Packaging resync (LP: #1786013) - [Packaging] resync debian/dkms-versions from main package * Bump ABI 5.8.0-42 * Packaging resync (LP: #1786013) - [Packaging] resync debian/dkms-versions from main package ==== linux-signed: 5.8.0-41.46 => 5.8.0-43.49 ==== ==== linux-image-5.8.0-43-generic * Master version: 5.8.0-43.49 * Master version: 5.8.0-43.48 * Master version: 5.8.0-42.47 ==== openldap: 2.4.53+dfsg-1ubuntu1.2 => 2.4.53+dfsg-1ubuntu1.3 ==== ==== libldap-2.4-2:amd64 libldap-common * SECURITY UPDATE: integer underflow in Certificate Exact Assertion processing - debian/patches/CVE-2020-36221-1.patch: fix serialNumberAndIssuerCheck in servers/slapd/schema_init.c. - debian/patches/CVE-2020-36221-2.patch: fix serialNumberAndIssuerCheck in servers/slapd/schema_init.c. - CVE-2020-36221 * SECURITY UPDATE: assert failure in saslAuthzTo validation - debian/patches/CVE-2020-36222-1.patch: remove saslauthz asserts in servers/slapd/saslauthz.c. - debian/patches/CVE-2020-36222-2.patch: fix debug msg in servers/slapd/saslauthz.c. - CVE-2020-36222 * SECURITY UPDATE: crash in Values Return Filter control handling - debian/patches/CVE-2020-36223.patch: fix vrfilter double-free in servers/slapd/controls.c. - CVE-2020-36223 * SECURITY UPDATE: DoS in saslAuthzTo processing - debian/patches/CVE-2020-36224-1.patch: use ch_free on normalized DN in servers/slapd/saslauthz.c. - debian/patches/CVE-2020-36224-2.patch: use slap_sl_free in prev commit in servers/slapd/saslauthz.c. - CVE-2020-36224 * SECURITY UPDATE: DoS in saslAuthzTo processing - debian/patches/CVE-2020-36225.patch: fix AVA_Sort on invalid RDN in servers/slapd/dn.c. - CVE-2020-36225 * SECURITY UPDATE: DoS in saslAuthzTo processing - debian/patches/CVE-2020-36226.patch: fix slap_parse_user in servers/slapd/saslauthz.c. - CVE-2020-36226 * SECURITY UPDATE: infinite loop in cancel_extop Cancel operation - debian/patches/CVE-2020-36227.patch: fix cancel exop in servers/slapd/cancel.c. - CVE-2020-36227 * SECURITY UPDATE: DoS in Certificate List Exact Assertion processing - debian/patches/CVE-2020-36228.patch: fix issuerAndThisUpdateCheck in servers/slapd/schema_init.c. - CVE-2020-36228 * SECURITY UPDATE: DoS in X.509 DN parsing in ad_keystring - debian/patches/CVE-2020-36229.patch: add more checks to ldap_X509dn2bv in libraries/libldap/tls2.c. - CVE-2020-36229 * SECURITY UPDATE: DoS in X.509 DN parsing in ber_next_element - debian/patches/CVE-2020-36230.patch: check for invalid BER after RDN count in libraries/libldap/tls2.c. - CVE-2020-36230 -- [1] http://cloud-images.ubuntu.com/releases/groovy/release-20210209/ [2] http://cloud-images.ubuntu.com/releases/groovy/release-20210130/