A new release of the Ubuntu Cloud Images for stable Ubuntu release 16.04 LTS (Xenial Xerus) is available at [1]. These new images superseded the existing images [2]. Images are available for download or immediate use on EC2 via publish AMI ids. Users who wish to update their existing installations can do so with:
   'sudo apt-get update && sudo apt-get dist-upgrade && sudo reboot'.

The following packages have been updated. Please see the full changelogs
for a complete listing of changes:
 * libseccomp: 2.4.3-1ubuntu3.16.04.3 => 2.5.1-1ubuntu1~16.04.1 
 * nettle: 3.2-1ubuntu0.16.04.1 => 3.2-1ubuntu0.16.04.2 


The following is a complete changelog for this image.
new: {}
removed: {}
changed: ['libhogweed4:amd64', 'libnettle6:amd64', 'libseccomp2:amd64']
new snaps: {}
removed snaps: {}
changed snaps: []
==== libseccomp: 2.4.3-1ubuntu3.16.04.3 => 2.5.1-1ubuntu1~16.04.1 ====
====     libseccomp2:amd64
  * Updated to new upstream 2.5.1 version for updated syscalls support
    (LP: #1891810)
   - Removed the following patches that are now included in the new version:
     + d/p/fix-aarch64-syscalls.patch
     + d/p/db-consolidate-some-of-the-code-which-adds-rules.patch
     + d/p/db-add-shadow-transactions.patch
   - Deleted the patch to add a local copy of architecture specific header
     files from linux-libc-dev/focal as this is not needed anymore
     + d/p/add-5.4-local-syscall-headers.patch
   - debian/control: Added gperf to Build-Depends as this is now required
     by upstream
   - debian/libseccomp2.symbols: Added new symbols
  * Add system call headers for powerpc required for backport to xenial
    - d/p/add-5.8-powerpc-syscall-headers.patch
==== nettle: 3.2-1ubuntu0.16.04.1 => 3.2-1ubuntu0.16.04.2 ====
====     libhogweed4:amd64 libnettle6:amd64
  * SECURITY UPDATE: Out of Bound memory access in signature verification
    - debian/patches/CVE-2021-20305-1.patch: new functions
      ecc_mod_mul_canonical and ecc_mod_sqr_canonical in
      curve25519-eh-to-x.c, curve448-eh-to-x.c, ecc-eh-to-a.c,
      ecc-internal.h, ecc-j-to-a.c, ecc-mod-arith.c, ecc-mul-m.c.
    - debian/patches/CVE-2021-20305-2.patch: use ecc_mod_mul_canonical for
      point comparison in eddsa-verify.c.
    - debian/patches/CVE-2021-20305-3.patch: fix bug in ecc_ecdsa_verify in
      ecc-ecdsa-verify.c, testsuite/ecdsa-sign-test.c.
    - debian/patches/CVE-2021-20305-4.patch: ensure ecdsa_sign output is
      canonically reduced in ecc-ecdsa-sign.c.
    - debian/patches/CVE-2021-20305-6.patch: similar fix for eddsa in
      eddsa-hash.c.
    - debian/libhogweed4.symbols: added new symbols.
    - CVE-2021-20305

--
[1] http://cloud-images.ubuntu.com/releases/xenial/release-20210414/
[2] http://cloud-images.ubuntu.com/releases/xenial/release-20210413/