A new release of the Ubuntu Cloud Images for stable Ubuntu release 22.04 (Jammy Jellyfish) is available at [1]. These new images superseded the existing images [2]. Images are available for download or immediate use on EC2 via publish AMI ids. Users who wish to update their existing installations can do so with: 'sudo apt-get update && sudo apt-get dist-upgrade && sudo reboot'. The following packages have been updated. Please see the full changelogs for a complete listing of changes: * base-files: 12ubuntu4 => 12ubuntu4.1 * curl: 7.81.0-1 => 7.81.0-1ubuntu1.1 * distro-info-data: 0.52 => 0.52ubuntu0.1 * fribidi: 1.0.8-2ubuntu3 => 1.0.8-2ubuntu3.1 * git: 1:2.34.1-1ubuntu1 => 1:2.34.1-1ubuntu1.2 * linux-meta: 5.15.0.25.27 => 5.15.0.27.30 * linux-signed: 5.15.0-25.25 => 5.15.0-27.28 * networkd-dispatcher: 2.1-2 => 2.1-2ubuntu0.22.04.2 * openssl: 3.0.2-0ubuntu1 => 3.0.2-0ubuntu1.1 * rsyslog: 8.2112.0-2ubuntu2 => 8.2112.0-2ubuntu2.2 * snapd: 2.55.3+22.04 => 2.55.3+22.04ubuntu1 * systemd: 249.11-0ubuntu3 => 249.11-0ubuntu3.1 * twisted: 22.1.0-2ubuntu2 => 22.1.0-2ubuntu2.1 * ubuntu-advantage-tools: 27.7~22.04.1 => 27.8~22.04.1 The following is a complete changelog for this image. new: {'linux-headers-5.15.0-27-generic': '5.15.0-27.28', 'linux-headers-5.15.0-27': '5.15.0-27.28', 'linux-modules-5.15.0-27-generic': '5.15.0-27.28'} removed: {'linux-modules-5.15.0-25-generic': '5.15.0-25.25', 'linux-headers-5.15.0-25-generic': '5.15.0-25.25', 'linux-headers-5.15.0-25': '5.15.0-25.25'} changed: ['base-files', 'curl', 'distro-info-data', 'git', 'git-man', 'libcurl3-gnutls:amd64', 'libcurl4:amd64', 'libfribidi0:amd64', 'libnss-systemd:amd64', 'libpam-systemd:amd64', 'libssl3:amd64', 'libsystemd0:amd64', 'libudev1:amd64', 'linux-headers-generic', 'linux-headers-virtual', 'linux-image-5.15.0-27-generic', 'linux-image-virtual', 'linux-virtual', 'motd-news-config', 'networkd-dispatcher', 'openssl', 'python3-twisted', 'rsyslog', 'snapd', 'systemd', 'systemd-sysv', 'systemd-timesyncd', 'ubuntu-advantage-tools', 'udev'] new snaps: {} removed snaps: {} changed snaps: ['core20', 'snapd'] ==== base-files: 12ubuntu4 => 12ubuntu4.1 ==== ==== base-files motd-news-config * /etc/os-release: add missing LTS to VERSION (LP: #1969960) ==== curl: 7.81.0-1 => 7.81.0-1ubuntu1.1 ==== ==== curl libcurl3-gnutls:amd64 libcurl4:amd64 * SECURITY UPDATE: OAUTH2 bypass - debian/patches/CVE-2022-22576.patch: check sasl additional parameters for conn resuse in lib/strcase.c, lib/strcase.h, lib/url.c, lib/urldata.h, lib/vtls/vtls.c. - CVE-2022-22576 * SECURITY UPDATE: Credential leak on redirect - debian/patches/CVE-2022-27774-1.patch: store conn_remote_port in the info struct to make it available after the connection ended in lib/connect.c, lib/urldata.h. - debian/patches/CVE-2022-27774-2.patch: redirects to other protocols or ports clear auth in lib/transfer.c. - debian/patches/CVE-2022-27774-3.patch: adds tests to verify these fix in tests/data/Makefile.inc, tests/data/test973, tests/data/test974, tests/data/test975, tests/data/test976. - CVE-2022-27774 * SECURITY UPDATE: Bad local IPV6 connection reuse - debian/patches/CVE-2022-27775.patch: include the zone id in the 'bundle' haskey in lib/conncache.c. - CVE-2022-27775 * SECURITY UPDATE: Auth/cookie leak on redirect - debian/patches/CVE-2022-27776.patch: avoid auth/cookie on redirects same host diff port in lib/http.c, lib/urldata.h. - CVE-2022-27776 ==== distro-info-data: 0.52 => 0.52ubuntu0.1 ==== ==== distro-info-data * Add Ubuntu 22.10, Kinetic Kudu (LP: #1970227) ==== fribidi: 1.0.8-2ubuntu3 => 1.0.8-2ubuntu3.1 ==== ==== libfribidi0:amd64 * SECURITY UPDATE: Incorrect length checking in processing of line input could result in a stack buffer overflow, resulting in a crash or potential code execution. - debian/patches/CVE-2022-25308.patch: add checking to length of string buffer before processing in bin/fribidi-main.c - CVE-2022-25308 * SECURITY UPDATE: Insufficient sanitization of input data to the CapRTL encoder could result in a heap buffer overflow, resulting in a crash or potential code execution. - debian/patches/CVE-2022-25309.patch: add checking and removal of dangerous characters before encoding stage, in lib/fribidi-char-sets-cap-rtl.c - CVE-2022-25309 * SECURITY UPDATE: Incorrect handling of string pointer can result in a crash in fribidi_remove_bidi_marks(). - debian/patches/CVE-2022-25310.patch: add checking for NULL strings, to avoid potential use-after-free in lib/fribidi.c - CVE-2022-25310 ==== git: 1:2.34.1-1ubuntu1 => 1:2.34.1-1ubuntu1.2 ==== ==== git git-man * SECURITY REGRESSION: Previous update was incomplete causing regressions and not correctly fixing the issue. - debian/patches/CVE-2022-24765-5.patch: fix safe.directory key not being checked in setup.c. - debian/patches/CVE-2022-24765-6.patch: opt-out of check with safe.directory=* in setup.c. (LP: #1970260) * SECURITY UPDATE: Run commands in diff users - debian/patches/CVE-2022-24765-*.patch: fix GIT_CEILING_DIRECTORIES; add an owner check for the top-level-directory; add a function to determine whether a path is owned by the current user in patch.c, t/t0060-path-utils.sh, setup.c, compat/mingw.c, compat/mingw.h, git-compat-util.h. - CVE-2022-24765 ==== linux-meta: 5.15.0.25.27 => 5.15.0.27.30 ==== ==== linux-headers-generic linux-headers-virtual linux-image-virtual linux-virtual * Bump ABI 5.15.0-27 * Bump ABI 5.15.0-26 ==== linux-signed: 5.15.0-25.25 => 5.15.0-27.28 ==== ==== linux-image-5.15.0-27-generic * Master version: 5.15.0-27.28 * Master version: 5.15.0-26.27 * Master version: 5.15.0-26.26 ==== networkd-dispatcher: 2.1-2 => 2.1-2ubuntu0.22.04.2 ==== ==== networkd-dispatcher * SECURITY REGRESSION: Incomplete security fix (LP: #1971550) - debian/patches/CVE-2022-29799-regression.patch: Add initialized state in ADMIN_STATES in networkd-dispatcher. * SECURITY UPDATE: Directory traversal - debian/patches/CVE-2022-29799-pre.patch: Add a word that is missing in exception messages in networkd-dispatcher and tests/test_networkd-dispatcher.py. - debian/patches/CVE-2022-29799.patch: Add allowed admin and operational states in networkd-dispatcher and throw exceptions in handle_state function if the current state is not one of those and add a test case test_handle_state in tests/test_networkd-dispatcher.py. - CVE-2022-29799 * SECURITY UPDATE: Time-of-check-time-of-use race condition - debian/patches/CVE-2022-29800-1.patch: Add check_perms function that will be invoked in scripts_in_path function before appending a file path to the script_list in networkd-dispatcher and change test_scripts_in_path test case in tests/test_networkd-dispatcher.py with follow_symlinks set to false. - debian/patches/CVE-2022-29800-2.patch: Passes os.path.dirname(path) when checking for permissions in scripts_in_path function in networkd-dispatcher. - CVE-2022-29800 ==== openssl: 3.0.2-0ubuntu1 => 3.0.2-0ubuntu1.1 ==== ==== libssl3:amd64 openssl * SECURITY UPDATE: c_rehash script allows command injection - debian/patches/CVE-2022-1292.patch: do not use shell to invoke openssl in tools/c_rehash.in. - CVE-2022-1292 * SECURITY UPDATE: OCSP_basic_verify may incorrectly verify the response signing certificate - debian/patches/CVE-2022-1343-1.patch: fix OCSP_basic_verify signer certificate validation in crypto/ocsp/ocsp_vfy.c. - debian/patches/CVE-2022-1343-2.patch: test ocsp with invalid responses in test/recipes/80-test_ocsp.t. - CVE-2022-1343 * SECURITY UPDATE: incorrect MAC key used in the RC4-MD5 ciphersuite - debian/patches/CVE-2022-1434.patch: fix the RC4-MD5 cipher in providers/implementations/ciphers/cipher_rc4_hmac_md5.c, test/recipes/30-test_evp_data/evpciph_aes_stitched.txt, test/recipes/30-test_evp_data/evpciph_rc4_stitched.txt. - CVE-2022-1434 * SECURITY UPDATE: resource leakage when decoding certificates and keys - debian/patches/CVE-2022-1473.patch: fix bug in OPENSSL_LH_flush in crypto/lhash/lhash.c. - CVE-2022-1473 ==== rsyslog: 8.2112.0-2ubuntu2 => 8.2112.0-2ubuntu2.2 ==== ==== rsyslog * SECURITY UPDATE: Heap buffer overflow - debian/patches/CVE-2022-24903.patch: fix a potential heap buffer overflow adding boundary checks in contrib/imhttp/imhttp.c, plugins/imptcp/imptcp.c, runtime/tcps_sess.c. - CVE-2022-24903 ==== snapd: 2.55.3+22.04 => 2.55.3+22.04ubuntu1 ==== ==== snapd * Cherry-pick https://github.com/snapcore/snapd/pull/11680 - This fixes a bad interaction between snapd and update-notifier during a release upgrade (LP: #1969162) ==== systemd: 249.11-0ubuntu3 => 249.11-0ubuntu3.1 ==== ==== libnss-systemd:amd64 libpam-systemd:amd64 libsystemd0:amd64 libudev1:amd64 systemd systemd-sysv systemd-timesyncd udev [ Andy Chi ] * Add mic mute key support for HP Elite x360 series (LP: #1967038) Author: Andy Chi File: debian/patches/hwdb-Add-mic-mute-key-mapping-for-HP-Elite-x360.patch https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=45e809103de9c356c75b692d35089e8770602617 ==== twisted: 22.1.0-2ubuntu2 => 22.1.0-2ubuntu2.1 ==== ==== python3-twisted * SECURITY UPDATE: Parsing of SSH version identifier field during an SSH handshake can result in a denial of service when excessively large packets are received - debian/patches/CVE-2022-21716-*.patch: Ensure that length of received handshake buffer is checked, prior to processing version string in src/twisted/conch/ssh/transport.py and src/twisted/conch/test/test_transport.py - CVE-2022-21716 ==== ubuntu-advantage-tools: 27.7~22.04.1 => 27.8~22.04.1 ==== ==== ubuntu-advantage-tools * New upstream release 27.8 (LP: #1969125) - entitlements: apply overrides from the contract response - fips: + unhold fips packages when enabling fips-updates + Automatically disable fips service before enabling fips-updates + unhold more packages when enabling fips - lib: fix upgrade script for unsupported releases (LP: #1968067) - realtime: add support for realtime kernel beta service on Jammy * fips: - make fips service incompatible with fips-updates - unhold more packages when enabling fips -- [1] http://cloud-images.ubuntu.com/releases/jammy/release-20220506/ [2] http://cloud-images.ubuntu.com/releases/jammy/release-20220420/