A new release of the Ubuntu Cloud Images for stable Ubuntu release 20.10 (Groovy Gorilla) is available at [1]. These new images superseded the existing images [2]. Images are available for download or immediate use on EC2 via publish AMI ids. Users who wish to update their existing installations can do so with: 'sudo apt-get update && sudo apt-get dist-upgrade && sudo reboot'. The following packages have been updated. Please see the full changelogs for a complete listing of changes: * apt: 2.1.10 => 2.1.10ubuntu0.1 * linux-meta: 5.8.0.25.30 => 5.8.0.29.34 * linux-signed: 5.8.0-25.26 => 5.8.0-29.31 * python-apt: 2.1.3ubuntu1 => 2.1.3ubuntu1.2 The following is a complete changelog for this image. new: {'linux-headers-5.8.0-29': '5.8.0-29.31', 'linux-modules-5.8.0-29-generic': '5.8.0-29.31', 'linux-headers-5.8.0-29-generic': '5.8.0-29.31'} removed: {'linux-modules-5.8.0-25-generic': '5.8.0-25.26', 'linux-headers-5.8.0-25-generic': '5.8.0-25.26', 'linux-headers-5.8.0-25': '5.8.0-25.26'} changed: ['apt', 'apt-utils', 'libapt-pkg6.0:amd64', 'linux-headers-generic', 'linux-headers-virtual', 'linux-image-5.8.0-29-generic', 'linux-image-virtual', 'linux-virtual', 'python-apt-common', 'python3-apt'] new snaps: {} removed snaps: {} changed snaps: [] ==== apt: 2.1.10 => 2.1.10ubuntu0.1 ==== ==== apt apt-utils libapt-pkg6.0:amd64 * SECURITY UPDATE: Integer overflow in parsing (LP: #1899193) - apt-pkg/contrib/arfile.cc: add extra checks. - apt-pkg/contrib/tarfile.cc: limit tar item sizes to 128 GiB - apt-pkg/deb/debfile.cc: limit control file sizes to 64 MiB - test/*: add tests. - CVE-2020-27350 * Additional hardening: - apt-pkg/contrib/tarfile.cc: Limit size of long names and links to 1 MiB * .gitlab-ci.yml: Test on groovy, not unstable ==== linux-meta: 5.8.0.25.30 => 5.8.0.29.34 ==== ==== linux-headers-generic linux-headers-virtual linux-image-virtual linux-virtual * Bump ABI 5.8.0-29 * Packaging resync (LP: #1786013) - [Packaging] resync debian/dkms-versions from main package * Bump ABI 5.8.0-28 * Bump ABI 5.8.0-27 * Bump ABI 5.8.0-26 * Packaging resync (LP: #1786013) - [Packaging] resync debian/dkms-versions from main package ==== linux-signed: 5.8.0-25.26 => 5.8.0-29.31 ==== ==== linux-image-5.8.0-29-generic * Master version: 5.8.0-29.31 * Master version: 5.8.0-28.30 * Master version: 5.8.0-27.29 * Master version: 5.8.0-26.27 ==== python-apt: 2.1.3ubuntu1 => 2.1.3ubuntu1.2 ==== ==== python-apt-common python3-apt * Fix regression in data/templates/Ubuntu.info.in versus the release pocket. LP: #1907496. * SECURITY UPDATE: various memory and file descriptor leaks (LP: #1899193) - python/arfile.cc, python/generic.h, python/tag.cc, python/tarfile.cc: fix file descriptor and memory leaks - python/apt_instmodule.cc, python/apt_instmodule.h, python/arfile.h: Avoid reference cycle with control,data members in apt_inst.DebFile objects - tests/test_cve_2020_27351.py: Test cases for DebFile (others not easily testable) - CVE-2020-27351 * .gitlab-ci.yml: Fix mypy and Ubuntu version for CI * data/templates: Update mirror lists -- [1] http://cloud-images.ubuntu.com/releases/groovy/release-20201210/ [2] http://cloud-images.ubuntu.com/releases/groovy/release-20201209.1/