A new release of the Ubuntu Cloud Images for stable Ubuntu release 18.04 LTS (Bionic Beaver) is available at [1]. These new images superseded the existing images [2]. Images are available for download or immediate use on EC2 via publish AMI ids. Users who wish to update their existing installations can do so with: 'sudo apt-get update && sudo apt-get dist-upgrade && sudo reboot'. The following packages have been updated. Please see the full changelogs for a complete listing of changes: * apport: 2.20.9-0ubuntu7.16 => 2.20.9-0ubuntu7.17 * bcache-tools: 1.0.8-2build1 => 1.0.8-2ubuntu0.18.04.1 * bind9: 1:9.11.3+dfsg-1ubuntu1.12 => 1:9.11.3+dfsg-1ubuntu1.13 * curl: 7.58.0-2ubuntu3.9 => 7.58.0-2ubuntu3.10 * grub2: 2.02-2ubuntu8.17 => 2.02-2ubuntu8.18 * grub2-signed: 1.93.19+2.02-2ubuntu8.17 => 1.93.20+2.02-2ubuntu8.18 * libpcap: 1.8.1-6ubuntu1.18.04.1 => 1.8.1-6ubuntu1.18.04.2 * pam: 1.1.8-3.6ubuntu2.18.04.1 => 1.1.8-3.6ubuntu2.18.04.2 * software-properties: 0.96.24.32.13 => 0.96.24.32.14 The following is a complete changelog for this image. new: {} removed: {} changed: ['apport', 'bcache-tools', 'bind9-host', 'curl', 'dnsutils', 'grub-common', 'grub-efi-amd64', 'grub-efi-amd64-bin', 'grub-efi-amd64-signed', 'grub-pc', 'grub-pc-bin', 'grub2-common', 'libbind9-160:amd64', 'libcurl3-gnutls:amd64', 'libcurl4:amd64', 'libdns-export1100', 'libdns1100:amd64', 'libirs160:amd64', 'libisc-export169:amd64', 'libisc169:amd64', 'libisccc160:amd64', 'libisccfg160:amd64', 'liblwres160:amd64', 'libpam-modules-bin', 'libpam-modules:amd64', 'libpam-runtime', 'libpam0g:amd64', 'libpcap0.8:amd64', 'python3-apport', 'python3-problem-report', 'python3-software-properties', 'software-properties-common'] new snaps: {} removed snaps: {} changed snaps: [] ==== apport: 2.20.9-0ubuntu7.16 => 2.20.9-0ubuntu7.17 ==== ==== apport python3-apport python3-problem-report [ Brian Murray ] * apport/hookutils.py: workaround the fact that pkexec does not work in non-graphical environments yet (LP #1821415) by skipping the gathering of information as root because it isn't strictly necessary for a bug report. (LP: #1861451) [ Matthieu Clemenceau ] * Add in a source package hook symlink for linux-firmware. (LP: #1872059) ==== bcache-tools: 1.0.8-2build1 => 1.0.8-2ubuntu0.18.04.1 ==== ==== bcache-tools [ Ryan Harper ] * Add helper script to read bcache devs superblock (LP: #1861941) ==== bind9: 1:9.11.3+dfsg-1ubuntu1.12 => 1:9.11.3+dfsg-1ubuntu1.13 ==== ==== bind9-host dnsutils libbind9-160:amd64 libdns-export1100 libdns1100:amd64 libirs160:amd64 libisc-export169:amd64 libisc169:amd64 libisccc160:amd64 libisccfg160:amd64 liblwres160:amd64 * SECURITY UPDATE: A truncated TSIG response can lead to an assertion failure - debian/patches/CVE-2020-8622.patch: move code in lib/dns/message.c. - CVE-2020-8622 * SECURITY UPDATE: A flaw in native PKCS#11 code can lead to a remotely triggerable assertion failure - debian/patches/CVE-2020-8623.patch: add extra checks in lib/dns/pkcs11dh_link.c, lib/dns/pkcs11dsa_link.c, lib/dns/pkcs11rsa_link.c, lib/isc/include/pk11/internal.h, lib/isc/pk11.c. - CVE-2020-8623 * SECURITY UPDATE: update-policy rules of type subdomain were enforced incorrectly - debian/patches/CVE-2020-8624.patch: add extra check in bin/named/zoneconf.c. - CVE-2020-8624 ==== curl: 7.58.0-2ubuntu3.9 => 7.58.0-2ubuntu3.10 ==== ==== curl libcurl3-gnutls:amd64 libcurl4:amd64 * SECURITY UPDATE: wrong connect-only connection - debian/patches/CVE-2020-8231.patch: remember last connection by id, not by pointer in lib/connect.c, lib/easy.c, lib/multi.c, lib/url.c, lib/urldata.h. - CVE-2020-8231 ==== grub2: 2.02-2ubuntu8.17 => 2.02-2ubuntu8.18 ==== ==== grub-common grub-efi-amd64 grub-efi-amd64-bin grub-pc grub-pc-bin grub2-common * debian/patches/ubuntu-flavour-order.patch: - Add a (hidden) GRUB_FLAVOUR_ORDER setting that can mark certain kernel flavours as preferred, and specify an order between those preferred flavours (LP: #1882663) * debian/patches/ubuntu-recovery-dis_ucode_ldr.patch: - Pass dis_ucode_ldr to kernel for recovery mode (LP: #1831789) ==== grub2-signed: 1.93.19+2.02-2ubuntu8.17 => 1.93.20+2.02-2ubuntu8.18 ==== ==== grub-efi-amd64-signed * Rebuild against grub2 2.02-2ubuntu8.18. ==== libpcap: 1.8.1-6ubuntu1.18.04.1 => 1.8.1-6ubuntu1.18.04.2 ==== ==== libpcap0.8:amd64 * Install pkg-config file for libpcap (LP: #1865501). - d/p/set-package-name-with-ac-init.patch: Set the PACKAGE_NAME variable using autoconf's AC_INIT macro, so that we can use it in the libpcap.pc.in file. - d/p/use-m4-macro-to-get-version.patch: Use an M4 macro to execute a "cat" command and obtain the version from the VERSION file. - d/p/install-pkg-config-file.patch: New patch from upstream, which creates a libpcap.pc.in file and adjusts the Makefile to install it. - d/libpcap0.8-dev.install: Install libpcap.pc pkg-config file. Thanks to Luca Boccassi for the Debian patch (Closes #922219). ==== pam: 1.1.8-3.6ubuntu2.18.04.1 => 1.1.8-3.6ubuntu2.18.04.2 ==== ==== libpam-modules-bin libpam-modules:amd64 libpam-runtime libpam0g:amd64 * debian/libpam-modules.postinst: Add /snap/bin to $PATH in /etc/environment. (LP: #1659719) ==== software-properties: 0.96.24.32.13 => 0.96.24.32.14 ==== ==== python3-software-properties software-properties-common * SECURITY UPDATE: malicious repo could send ANSI sequences to terminal (LP: #1890286) - add-apt-repository: strip ANSI sequences from the description. - CVE-2020-15709 -- [1] http://cloud-images.ubuntu.com/releases/bionic/release-20200831/ [2] http://cloud-images.ubuntu.com/releases/bionic/release-20200807/