A new release of the Ubuntu Cloud Images for stable Ubuntu release 20.04 LTS (Focal Fossa) is available at [1]. These new images superseded the existing images [2]. Images are available for download or immediate use on EC2 via publish AMI ids. Users who wish to update their existing installations can do so with: 'sudo apt-get update && sudo apt-get dist-upgrade && sudo reboot'. The following packages have been updated. Please see the full changelogs for a complete listing of changes: * linux-meta: 5.4.0.96.100 => 5.4.0.97.101 * linux-signed: 5.4.0-96.109 => 5.4.0-97.110 * policykit-1: 0.105-26ubuntu1.1 => 0.105-26ubuntu1.2 * vim: 2:8.1.2269-1ubuntu5.4 => 2:8.1.2269-1ubuntu5.6 The following is a complete changelog for this image. new: {'linux-headers-5.4.0-97': '5.4.0-97.110', 'linux-headers-5.4.0-97-generic': '5.4.0-97.110', 'linux-modules-5.4.0-97-generic': '5.4.0-97.110'} removed: {'linux-headers-5.4.0-96': '5.4.0-96.109', 'linux-modules-5.4.0-96-generic': '5.4.0-96.109', 'linux-headers-5.4.0-96-generic': '5.4.0-96.109'} changed: ['libpolkit-agent-1-0:amd64', 'libpolkit-gobject-1-0:amd64', 'linux-headers-generic', 'linux-headers-virtual', 'linux-image-5.4.0-97-generic', 'linux-image-virtual', 'linux-virtual', 'policykit-1', 'vim', 'vim-common', 'vim-runtime', 'vim-tiny', 'xxd'] new snaps: {} removed snaps: {} changed snaps: ['core20', 'snapd'] ==== linux-meta: 5.4.0.96.100 => 5.4.0.97.101 ==== ==== linux-headers-generic linux-headers-virtual linux-image-virtual linux-virtual * Bump ABI 5.4.0-97 ==== linux-signed: 5.4.0-96.109 => 5.4.0-97.110 ==== ==== linux-image-5.4.0-97-generic * Master version: 5.4.0-97.110 ==== policykit-1: 0.105-26ubuntu1.1 => 0.105-26ubuntu1.2 ==== ==== libpolkit-agent-1-0:amd64 libpolkit-gobject-1-0:amd64 policykit-1 * SECURITY UPDATE: Local Privilege Escalation in pkexec - debian/patches/CVE-2021-4034.patch: properly handle command-line arguments in src/programs/pkcheck.c, src/programs/pkexec.c. - CVE-2021-4034 ==== vim: 2:8.1.2269-1ubuntu5.4 => 2:8.1.2269-1ubuntu5.6 ==== ==== vim vim-common vim-runtime vim-tiny xxd * SECURITY UPDATE: Use-after-free issue in regular expression engine when using a mark, could lead to a denial of service or code execution. - debian/patches/CVE-2021-3974.patch: Ensure check for free is made when processing mark in src/regexp_nfa.c, src/testdir/test_regexp_latin.vim - CVE-2021-3974 * SECURITY UPDATE: Heap-based buffer overflow could lead to a denial of service or possible code execution when C-indenting - debian/patches/CVE-2021-3984.patch: Fix memory access issue by correctly dereferencing cursor position in src/cindent.c and src/testdir/test_cindent.vim - CVE-2021-3984 * SECURITY UPDATE: Heap-based buffer overflow could lead to a denial of service when help functions are provided with long command strings - debian/patches/CVE-2021-4019.patch: Fix handling of strcpy to use safer vim_snprintf in src/ex_cmds.c and src/testdir/test_help.vim - CVE-2021-4019 * SECURITY UPDATE: Use-after-free issue in open command can lead to a denial of service or possible code execution - debian/patches/CVE-2021-4069.patch: Fix issue making a copy of the current line and its address in src/ex_docmd.c - CVE-2021-4069 -- [1] http://cloud-images.ubuntu.com/releases/focal/release-20220131/ [2] http://cloud-images.ubuntu.com/releases/focal/release-20220118/