A new release of the Ubuntu Cloud Images for stable Ubuntu release 16.04 LTS (Xenial Xerus) is available at [1]. These new images superseded the existing images [2]. Images are available for download or immediate use on EC2 via publish AMI ids. Users who wish to update their existing installations can do so with:
   'sudo apt-get update && sudo apt-get dist-upgrade && sudo reboot'.

The following packages have been updated. Please see the full changelogs
for a complete listing of changes:
 * bind9: 1:9.10.3.dfsg.P4-8ubuntu1.16 => 1:9.10.3.dfsg.P4-8ubuntu1.17 
 * curl: 7.47.0-1ubuntu2.15 => 7.47.0-1ubuntu2.16 


The following is a complete changelog for this image.
new: {}
removed: {}
changed: ['bind9-host', 'curl', 'dnsutils', 'libbind9-140:amd64', 'libcurl3-gnutls:amd64', 'libdns-export162', 'libdns162:amd64', 'libisc-export160', 'libisc160:amd64', 'libisccc140:amd64', 'libisccfg140:amd64', 'liblwres141:amd64']
new snaps: {}
removed snaps: {}
changed snaps: []
==== bind9: 1:9.10.3.dfsg.P4-8ubuntu1.16 => 1:9.10.3.dfsg.P4-8ubuntu1.17 ====
====     bind9-host dnsutils libbind9-140:amd64 libdns-export162 libdns162:amd64 libisc-export160 libisc160:amd64 libisccc140:amd64 libisccfg140:amd64 liblwres141:amd64
  * SECURITY UPDATE: A truncated TSIG response can lead to an assertion
    failure
    - debian/patches/CVE-2020-8622.patch: move code in lib/dns/message.c.
    - CVE-2020-8622
  * SECURITY UPDATE: A flaw in native PKCS#11 code can lead to a remotely
    triggerable assertion failure
    - debian/patches/CVE-2020-8623.patch: add extra checks in
      lib/dns/pkcs11dh_link.c, lib/dns/pkcs11dsa_link.c,
      lib/dns/pkcs11rsa_link.c, lib/isc/include/pk11/internal.h,
      lib/isc/pk11.c.
    - CVE-2020-8623
==== curl: 7.47.0-1ubuntu2.15 => 7.47.0-1ubuntu2.16 ====
====     curl libcurl3-gnutls:amd64
  * SECURITY UPDATE: wrong connect-only connection
    - debian/patches/CVE-2020-8231.patch: remember last connection by id,
      not by pointer in lib/connect.c, lib/easy.c, lib/multi.c, lib/url.c,
      lib/urldata.h.
    - CVE-2020-8231

--
[1] http://cloud-images.ubuntu.com/releases/xenial/release-20200822/
[2] http://cloud-images.ubuntu.com/releases/xenial/release-20200814/