A new release of the Ubuntu Cloud Images for stable Ubuntu release 16.04 LTS (Xenial Xerus) is available at [1]. These new images superseded the existing images [2]. Images are available for download or immediate use on EC2 via publish AMI ids. Users who wish to update their existing installations can do so with: 'sudo apt-get update && sudo apt-get dist-upgrade && sudo reboot'. The following packages have been updated. Please see the full changelogs for a complete listing of changes: * linux-meta: 4.4.0.200.206 => 4.4.0.201.207 * linux-signed: 4.4.0-200.232 => 4.4.0-201.233 * sudo: 1.8.16-0ubuntu1.9 => 1.8.16-0ubuntu1.10 The following is a complete changelog for this image. new: {'linux-headers-4.4.0-201': '4.4.0-201.233', 'linux-headers-4.4.0-201-generic': '4.4.0-201.233', 'linux-modules-4.4.0-201-generic': '4.4.0-201.233'} removed: {'linux-headers-4.4.0-200': '4.4.0-200.232', 'linux-headers-4.4.0-200-generic': '4.4.0-200.232', 'linux-modules-4.4.0-200-generic': '4.4.0-200.232'} changed: ['linux-headers-generic', 'linux-headers-virtual', 'linux-image-4.4.0-201-generic', 'linux-image-virtual', 'linux-virtual', 'sudo'] new snaps: {} removed snaps: {} changed snaps: [] ==== linux-meta: 4.4.0.200.206 => 4.4.0.201.207 ==== ==== linux-headers-generic linux-headers-virtual linux-image-virtual linux-virtual * Bump ABI 4.4.0-201 ==== linux-signed: 4.4.0-200.232 => 4.4.0-201.233 ==== ==== linux-image-4.4.0-201-generic * Master version: 4.4.0-201.233 ==== sudo: 1.8.16-0ubuntu1.9 => 1.8.16-0ubuntu1.10 ==== ==== sudo * SECURITY UPDATE: dir existence issue via sudoedit race - debian/patches/CVE-2021-23239.patch: fix potential directory existing info leak in sudoedit in src/sudo_edit.c. - CVE-2021-23239 * SECURITY UPDATE: heap-based buffer overflow - debian/patches/CVE-2021-3156-pre1.patch: check lock record size in plugins/sudoers/timestamp.c. - debian/patches/CVE-2021-3156-pre2.patch: sanity check size when converting the first record to TS_LOCKEXCL in plugins/sudoers/timestamp.c. - debian/patches/CVE-2021-3156-1.patch: reset valid_flags to MODE_NONINTERACTIVE for sudoedit in src/parse_args.c. - debian/patches/CVE-2021-3156-2.patch: add sudoedit flag checks in plugin in plugins/sudoers/policy.c. - debian/patches/CVE-2021-3156-3.patch: fix potential buffer overflow when unescaping backslashes in plugins/sudoers/sudoers.c. - debian/patches/CVE-2021-3156-4.patch: fix the memset offset when converting a v1 timestamp to TS_LOCKEXCL in plugins/sudoers/timestamp.c. - debian/patches/CVE-2021-3156-5.patch: don't assume that argv is allocated as a single flat buffer in src/parse_args.c. - CVE-2021-3156 -- [1] http://cloud-images.ubuntu.com/releases/xenial/release-20210127/ [2] http://cloud-images.ubuntu.com/releases/xenial/release-20210119/