A new release of the Ubuntu Cloud Images for stable Ubuntu release 16.04 LTS (Xenial Xerus) is available at [1]. These new images superseded the existing images [2]. Images are available for download or immediate use on EC2 via publish AMI ids. Users who wish to update their existing installations can do so with:
   'sudo apt-get update && sudo apt-get dist-upgrade && sudo reboot'.

The following packages have been updated. Please see the full changelogs
for a complete listing of changes:
 * linux-meta: 4.4.0.200.206 => 4.4.0.201.207 
 * linux-signed: 4.4.0-200.232 => 4.4.0-201.233 
 * sudo: 1.8.16-0ubuntu1.9 => 1.8.16-0ubuntu1.10 


The following is a complete changelog for this image.
new: {'linux-headers-4.4.0-201': '4.4.0-201.233', 'linux-headers-4.4.0-201-generic': '4.4.0-201.233', 'linux-modules-4.4.0-201-generic': '4.4.0-201.233'}
removed: {'linux-headers-4.4.0-200': '4.4.0-200.232', 'linux-headers-4.4.0-200-generic': '4.4.0-200.232', 'linux-modules-4.4.0-200-generic': '4.4.0-200.232'}
changed: ['linux-headers-generic', 'linux-headers-virtual', 'linux-image-4.4.0-201-generic', 'linux-image-virtual', 'linux-virtual', 'sudo']
new snaps: {}
removed snaps: {}
changed snaps: []
==== linux-meta: 4.4.0.200.206 => 4.4.0.201.207 ====
====     linux-headers-generic linux-headers-virtual linux-image-virtual linux-virtual
  * Bump ABI 4.4.0-201
==== linux-signed: 4.4.0-200.232 => 4.4.0-201.233 ====
====     linux-image-4.4.0-201-generic
  * Master version: 4.4.0-201.233
==== sudo: 1.8.16-0ubuntu1.9 => 1.8.16-0ubuntu1.10 ====
====     sudo
  * SECURITY UPDATE: dir existence issue via sudoedit race
    - debian/patches/CVE-2021-23239.patch: fix potential directory existing
      info leak in sudoedit in src/sudo_edit.c.
    - CVE-2021-23239
  * SECURITY UPDATE: heap-based buffer overflow
    - debian/patches/CVE-2021-3156-pre1.patch: check lock record size in
      plugins/sudoers/timestamp.c.
    - debian/patches/CVE-2021-3156-pre2.patch: sanity check size when
      converting the first record to TS_LOCKEXCL in
      plugins/sudoers/timestamp.c.
    - debian/patches/CVE-2021-3156-1.patch: reset valid_flags to
      MODE_NONINTERACTIVE for sudoedit in src/parse_args.c.
    - debian/patches/CVE-2021-3156-2.patch: add sudoedit flag checks in
      plugin in plugins/sudoers/policy.c.
    - debian/patches/CVE-2021-3156-3.patch: fix potential buffer overflow
      when unescaping backslashes in plugins/sudoers/sudoers.c.
    - debian/patches/CVE-2021-3156-4.patch: fix the memset offset when
      converting a v1 timestamp to TS_LOCKEXCL in
      plugins/sudoers/timestamp.c.
    - debian/patches/CVE-2021-3156-5.patch: don't assume that argv is
      allocated as a single flat buffer in src/parse_args.c.
    - CVE-2021-3156

--
[1] http://cloud-images.ubuntu.com/releases/xenial/release-20210128/
[2] http://cloud-images.ubuntu.com/releases/xenial/release-20210119/