A new release of the Ubuntu Cloud Images for stable Ubuntu release 18.04 LTS (Bionic Beaver) is available at [1]. These new images superseded the existing images [2]. Images are available for download or immediate use on EC2 via publish AMI ids. Users who wish to update their existing installations can do so with: 'sudo apt-get update && sudo apt-get dist-upgrade && sudo reboot'. The following packages have been updated. Please see the full changelogs for a complete listing of changes: * apt: 1.6.12ubuntu0.2 => 1.6.13 * curl: 7.58.0-2ubuntu3.12 => 7.58.0-2ubuntu3.13 * linux-meta: 4.15.0.140.127 => 4.15.0.141.128 * linux-signed: 4.15.0-140.144 => 4.15.0-141.145 * sbsigntool: 0.6-3.2ubuntu2 => 0.9.2-2ubuntu1~18.04.1 * ubuntu-keyring: 2018.09.18.1~18.04.0 => 2018.09.18.1~18.04.2 The following is a complete changelog for this image. new: {'linux-modules-4.15.0-141-generic': '4.15.0-141.145', 'linux-headers-4.15.0-141': '4.15.0-141.145', 'linux-headers-4.15.0-141-generic': '4.15.0-141.145'} removed: {'linux-headers-4.15.0-140-generic': '4.15.0-140.144', 'linux-modules-4.15.0-140-generic': '4.15.0-140.144', 'linux-headers-4.15.0-140': '4.15.0-140.144'} changed: ['apt', 'apt-utils', 'curl', 'libapt-inst2.0:amd64', 'libapt-pkg5.0:amd64', 'libcurl3-gnutls:amd64', 'libcurl4:amd64', 'linux-headers-generic', 'linux-headers-virtual', 'linux-image-4.15.0-141-generic', 'linux-image-virtual', 'linux-virtual', 'sbsigntool', 'ubuntu-keyring'] new snaps: {} removed snaps: {} changed snaps: [] ==== apt: 1.6.12ubuntu0.2 => 1.6.13 ==== ==== apt apt-utils libapt-inst2.0:amd64 libapt-pkg5.0:amd64 [ David Kalnischkies ] * Fix incorrect base64 encoding due to int promotion (LP: #1916050) * Harden test for no new acquires after transaction abort (Closes: #984966) (LP: #1918920) [ Julian Andres Klode ] * Implement update --error-on=any (Closes: #594813) (LP: #1693900) * Include all translations when building the cache (LP: #1907850) * Add basic support for the Protected field * Do not require force-loopbreak on Important packages (Closes: #983014) (LP: #1916725) * Protect currently running kernel at run-time (LP: #1615381) * Make ADDARG{,C}() macros expand to single statements * Improve immediate configuration handling (LP: #1871268) - Do not immediately configure m-a: same packages in lockstep - Ignore failures from immediate configuration. This does not change the actual installation ordering - we never passed the return code to the caller and installation went underway anyway if it could be ordered at a later stage, this just removes spurious after-the-fact errors. (Closes: #973305, #188161, #211075, #649588) * Default Acquire::AllowReleaseInfoChange::Suite to "true" (Closes: #931566) (LP: #1918907) [ Balint Reczey ] * Set LC_ALL=C.UTF-8 for unattended-upgrades environment when parsing its --help (LP: #1806076) ==== curl: 7.58.0-2ubuntu3.12 => 7.58.0-2ubuntu3.13 ==== ==== curl libcurl3-gnutls:amd64 libcurl4:amd64 * SECURITY UPDATE: data leak via referer header field - debian/patches/urlapi.patch: backport url api support in include/curl/Makefile.am, include/curl/curl.h, include/curl/urlapi.h, lib/Makefile.inc, lib/urlapi-int.h, lib/urlapi.c, lib/curl_setup_once.h, lib/url.c, lib/url.h, lib/escape.c, lib/escape.h, docs/libcurl/symbols-in-versions. - debian/libcurl*.symbols: added new symbols. - debian/patches/CVE-2021-22876.patch: strip credentials from the auto-referer header field in lib/transfer.c. - CVE-2021-22876 ==== linux-meta: 4.15.0.140.127 => 4.15.0.141.128 ==== ==== linux-headers-generic linux-headers-virtual linux-image-virtual linux-virtual * Bump ABI 4.15.0-141 * Packaging resync (LP: #1786013) - [Packaging] resync debian/dkms-versions from main package ==== linux-signed: 4.15.0-140.144 => 4.15.0-141.145 ==== ==== linux-image-4.15.0-141-generic * Master version: 4.15.0-141.145 ==== sbsigntool: 0.6-3.2ubuntu2 => 0.9.2-2ubuntu1~18.04.1 ==== ==== sbsigntool * No-change backport to bionic: - fix alignment of binaries and thus correct hash calculation LP: #1921387 * Merge from Debian unstable. Remaining changes: - d/p/ubuntu-kernel-module-signing.patch and d/p/ubuntu-kernel-module-signing-fixes.patch: add the kernel module signing tool to the package. - d/p/ubuntu-clear-image-before-use.patch: avoid use of uninitialised data causing a startup crash. * Dropped changes, included upstream: - d/p/ubuntu-handle-odd-buffer-lengths-in-checksum.patch: correctly handle odd byte length buffers. * Dropped changes, obsoleted upstream: - d/p/ubuntu-tests-disable-pie.patch: disable PIE * Change Maintainer to be the EFI team, with Pierre and me as Uploaders * Remove the old alignment patch, looks to be un-needed now * Fix PE/COFF checksum calculation - only count the cert_table struct once when performing the calculation and counting buffer sizes. * Add watch file * New upstream version 0.9.2 (Closes: #920013, #828696) * Remove test file after clean * Refreshed quilt patches, and removed all that were merged * Use priority optional ==== ubuntu-keyring: 2018.09.18.1~18.04.0 => 2018.09.18.1~18.04.2 ==== ==== ubuntu-keyring * Remove expiry of the ddebs.ubuntu.com key. LP: #1920640 * Update expiry of the ddebs.ubuntu.com key by one year. LP: #1920640 -- [1] http://cloud-images.ubuntu.com/releases/bionic/release-20210412/ [2] http://cloud-images.ubuntu.com/releases/bionic/release-20210325/