A new release of the Ubuntu Cloud Images for stable Ubuntu release 16.04 LTS (Xenial Xerus) is available at [1]. These new images superseded the existing images [2]. Images are available for download or immediate use on EC2 via publish AMI ids. Users who wish to update their existing installations can do so with: 'sudo apt-get update && sudo apt-get dist-upgrade && sudo reboot'. The following packages have been updated. Please see the full changelogs for a complete listing of changes: * cloud-init: 20.4-0ubuntu1~16.04.1 => 20.4-0ubuntu1~16.04.2 * p11-kit: 0.23.2-5~ubuntu16.04.1 => 0.23.2-5~ubuntu16.04.2 * tzdata: 2020d-0ubuntu0.16.04 => 2020f-0ubuntu0.16.04 * update-notifier: 3.168.10 => 3.168.13 The following is a complete changelog for this image. new: {} removed: {} changed: ['cloud-init', 'grub-legacy-ec2', 'libp11-kit0:amd64', 'tzdata', 'update-notifier-common'] new snaps: {} removed snaps: {} changed snaps: [] ==== cloud-init: 20.4-0ubuntu1~16.04.1 => 20.4-0ubuntu1~16.04.2 ==== ==== cloud-init grub-legacy-ec2 * cherry-pick 4f62ae8d: Fix regression with handling of IMDS ssh keys (#760) (LP: #1910835) ==== p11-kit: 0.23.2-5~ubuntu16.04.1 => 0.23.2-5~ubuntu16.04.2 ==== ==== libp11-kit0:amd64 * SECURITY UPDATE: multiple integer overflows - debian/patches/CVE-2020-29361-1.patch: check for arithmetic overflows before allocating in p11-kit/iter.c, p11-kit/lists.c, p11-kit/proxy.c, p11-kit/rpc-message.c, p11-kit/rpc-message.h, p11-kit/rpc-server.c, trust/index.c. - debian/patches/CVE-2020-29361-2.patch: add reallocarray and follow-up to arithmetic overflow fix in common/compat.c, common/compat.h, p11-kit/rpc-message.c. - CVE-2020-29361 * SECURITY UPDATE: heap over-read in the RPC protocol - debian/patches/CVE-2020-29362.patch: fix bounds check in p11-kit/rpc-message.c. - CVE-2020-29362 ==== tzdata: 2020d-0ubuntu0.16.04 => 2020f-0ubuntu0.16.04 ==== ==== tzdata * New upstream version (LP: #1909698), affecting the following timestamp: - Volgograd switches to Moscow time on 2020-12-27 at 02:00. ==== update-notifier: 3.168.10 => 3.168.13 ==== ==== update-notifier-common * Fix pep8 autopkgtest failures in the right control file (LP: #1906436) - d/control: remove pep8 from Build-Depends as no tests run by override_dh_auto_test use pep8. - d/tests/control: add pep8 to Depends as it is only used by python-based autopkgtests via subprocess in test_motd.py. - d/tests/test_package-data-downloader.py: mock subprocess calls to apt-helper for expected failure tests to avoid emitting error messages to console * data/apt_check.py: Update UA Infra: ESM product name and doc url (LP: #1901627) - data/apt_check.py: Update name and URL - tests/test_motd.py: adapt unittests to match new behavior - po/*.po: translation files with intltool-update -r * Fix pep8 autopkgtest failures (LP: 1906436) - d/control: add expilicit pep8 build-requires dependency - data/apt_check.py: fix over-indent pep8 errors - data/apt_check & data/backend_helper: resolve underindent pep8 issues backport of 9e0f7ee50 [ Brian Murray ] - data/apt_check.py, data/package-data-downloader, tests/test_pep8.py: + update the code formating to be not hit W504 warnings, change to ignore W503 and be consistent with update-manager. [ Andrea Azzarone ] - INSTALL, data/hooks.py, tests/test_package-data-downloader.py: Fix E117 over-indented pep issues. [ Gianfranco Costamagna ] [ Julian Andres Klode ] * Handle missing cases of LP: #1822340, where we told people ESM is not enabled, but not how to enable it. * Fix multiple disabled ESM repositories being counted as enabled ones. [ Brian Murray ] * data/apt_check.py: modify wording and output regarding ESM support. (LP: #1842508) [ Andreas Hasenack ] * data/apt_check.py: Update ESM security pockets names (LP: #1881632) - the UbuntuESM pocket was renamed from -security to -infra-security - new origin UbuntuESMApps, with a corresponding pocket of -apps-security -- [1] http://cloud-images.ubuntu.com/releases/xenial/release-20210112/ [2] http://cloud-images.ubuntu.com/releases/xenial/release-20210105/