A new release of the Ubuntu Cloud Images for stable Ubuntu release 22.04 (Jammy Jellyfish) is available at [1]. These new images superseded the existing images [2]. Images are available for download or immediate use on EC2 via publish AMI ids. Users who wish to update their existing installations can do so with: 'sudo apt-get update && sudo apt-get dist-upgrade && sudo reboot'. The following packages have been updated. Please see the full changelogs for a complete listing of changes: * expat: 2.4.7-1 => 2.4.7-1ubuntu0.1 * multipath-tools: 0.8.8-1ubuntu1 => 0.8.8-1ubuntu1.22.04.1 The following is a complete changelog for this image. new: {} removed: {} changed: ['kpartx', 'libexpat1:amd64', 'multipath-tools'] new snaps: {} removed snaps: {} changed snaps: [] ==== expat: 2.4.7-1 => 2.4.7-1ubuntu0.1 ==== ==== libexpat1:amd64 * SECURITY UPDATE: Use-after-free in doContent - debian/patches/CVE-2022-40674.patch: ensure storeRawNames() is always called in func internalEntityProcessor if handling unbalanced tags in expat/lib/xmlparse.c. - CVE-2022-40674 ==== multipath-tools: 0.8.8-1ubuntu1 => 0.8.8-1ubuntu1.22.04.1 ==== ==== kpartx multipath-tools * SECURITY UPDATE: symlink attack - debian/patches/CVE-2022-41973.patch: use /run instead of /dev/shm in .gitignore, Makefile.inc, libmultipath/defaults.h, multipath/Makefile, multipath/multipath.rules.in, multipath/tmpfiles.conf.in. - debian/multipath-tools.install: install tmpfiles.d/multipath.conf. - debian/rules: copy udev rule after build. - CVE-2022-41973 * SECURITY UPDATE: authorization bypass - debian/patches/CVE-2022-41974-pre1.patch: fix command completion in interactive mode in multipathd/callbacks.c, multipathd/cli.c, multipathd/cli_handlers.c, multipathd/main.c. - debian/patches/CVE-2022-41974.patch: more robust command parsing in multipathd/callbacks.c, multipathd/cli.c, multipathd/cli.h, multipathd/cli_handlers.c, multipathd/uxlsnr.c. - debian/patches/CVE-2022-41974-2.patch: fix command completion with robust parser in multipathd/cli.c, multipathd/cli.h, multipathd/uxlsnr.c. - debian/patches/CVE-2022-41974-3.patch: add test for command parsing in Makefile.inc, tests/Makefile, tests/cli.c, multipathd/cli.h, multipathd/cli.c. - debian/patches/CVE-2022-41974-4.patch: fix memory leak handling invalid commands in multipathd/uxlsnr.c. - CVE-2022-41974 -- [1] http://cloud-images.ubuntu.com/releases/jammy/release-20221120/ [2] http://cloud-images.ubuntu.com/releases/jammy/release-20221117/