A new release of the Ubuntu Cloud Images for stable Ubuntu release 18.04 LTS (Bionic Beaver) is available at [1]. These new images superseded the existing images [2]. Images are available for download or immediate use on EC2 via publish AMI ids. Users who wish to update their existing installations can do so with:
   'sudo apt-get update && sudo apt-get dist-upgrade && sudo reboot'.

The following packages have been updated. Please see the full changelogs
for a complete listing of changes:
 * git: 1:2.17.1-1ubuntu0.7 => 1:2.17.1-1ubuntu0.8 
 * glib2.0: 2.56.4-0ubuntu0.18.04.6 => 2.56.4-0ubuntu0.18.04.8 
 * iproute2: 4.15.0-2ubuntu1.2 => 4.15.0-2ubuntu1.3 
 * libzstd: 1.3.3+dfsg-2ubuntu1.1 => 1.3.3+dfsg-2ubuntu1.2 
 * linux-meta: 4.15.0.136.123 => 4.15.0.137.124 
 * linux-signed: 4.15.0-136.140 => 4.15.0-137.141 
 * python3.6: 3.6.9-1~18.04ubuntu1.3 => 3.6.9-1~18.04ubuntu1.4 


The following is a complete changelog for this image.
new: {'linux-headers-4.15.0-137-generic': '4.15.0-137.141', 'linux-headers-4.15.0-137': '4.15.0-137.141', 'linux-modules-4.15.0-137-generic': '4.15.0-137.141'}
removed: {'linux-headers-4.15.0-136-generic': '4.15.0-136.140', 'linux-modules-4.15.0-136-generic': '4.15.0-136.140', 'linux-headers-4.15.0-136': '4.15.0-136.140'}
changed: ['git', 'git-man', 'iproute2', 'libglib2.0-0:amd64', 'libglib2.0-data', 'libpython3.6-minimal:amd64', 'libpython3.6-stdlib:amd64', 'libpython3.6:amd64', 'libzstd1:amd64', 'linux-headers-generic', 'linux-headers-virtual', 'linux-image-4.15.0-137-generic', 'linux-image-virtual', 'linux-virtual', 'python3.6', 'python3.6-minimal']
new snaps: {}
removed snaps: {}
changed snaps: []
==== git: 1:2.17.1-1ubuntu0.7 => 1:2.17.1-1ubuntu0.8 ====
====     git git-man
  * SECURITY UPDATE: remote code exec during clone on case-insensitive FS
    - debian/patches/CVE-2021-21300.patch: fix bug that makes checkout
      follow symlinks in leading path in cache.h, compat/mingw.c,
      git-compat-util.h, run-command.c, symlinks.c, t/t0021-conversion.sh,
      t/t0021/rot13-filter.pl, t/t2006-checkout-index-basic.sh,
      unpack-trees.c.
    - CVE-2021-21300
==== glib2.0: 2.56.4-0ubuntu0.18.04.6 => 2.56.4-0ubuntu0.18.04.8 ====
====     libglib2.0-0:amd64 libglib2.0-data
  * SECURITY UPDATE: incorrect g_file_replace() symlink handling
    - debian/patches/CVE-2021-28153-pre1.patch: allow g_test_bug() to be
      used without g_test_bug_base() in /glib/gtestutils.c.
    - debian/patches/CVE-2021-28153-1.patch: fix a typo in a comment in
      gio/glocalfileoutputstream.c.
    - debian/patches/CVE-2021-28153-2.patch: stop using g_test_bug_base()
      in file tests in gio/tests/file.c.
    - debian/patches/CVE-2021-28153-3.patch: factor out a flag check in
      gio/glocalfileoutputstream.c.
    - debian/patches/CVE-2021-28153-4.patch: fix CREATE_REPLACE_DESTINATION
      with symlinks in gio/glocalfileoutputstream.c, gio/tests/file.c.
    - debian/patches/CVE-2021-28153-5.patch: add a missing O_CLOEXEC flag
      to replace() in gio/glocalfileoutputstream.c.
    - CVE-2021-28153
  * SECURITY UPDATE: g_byte_array_new_take length truncation
    - debian/patches/CVE-2021-2721x/CVE-2021-27218.patch: do not accept too
      large byte arrays in glib/garray.c, glib/gbytes.c,
      glib/tests/bytes.c.
    - CVE-2021-27218
  * SECURITY UPDATE: integer overflow in g_bytes_new
    - debian/patches/CVE-2021-2721x/CVE-2021-27219*.patch: add internal
      g_memdup2() function and use it instead of g_memdup() in a bunch of
      places.
    - CVE-2021-27219
==== iproute2: 4.15.0-2ubuntu1.2 => 4.15.0-2ubuntu1.3 ====
====     iproute2
  * Fix: NULL dereference when rendering without header (LP: #1913187)
    - d/p/lp1913187-ss-fix-NULL-dereference-when-rendering.patch
==== libzstd: 1.3.3+dfsg-2ubuntu1.1 => 1.3.3+dfsg-2ubuntu1.2 ====
====     libzstd1:amd64
  * SECURITY UPDATE: race condition allows attacker to access
    world-readable destination file
    - debian/patches/0017-fix-file-permissions-on-compression.patch: set
      umask in programs/fileio.c, programs/util.h.
    - CVE-2021-24031
    - CVE-2021-24032
==== linux-meta: 4.15.0.136.123 => 4.15.0.137.124 ====
====     linux-headers-generic linux-headers-virtual linux-image-virtual linux-virtual
  * Bump ABI 4.15.0-137
==== linux-signed: 4.15.0-136.140 => 4.15.0-137.141 ====
====     linux-image-4.15.0-137-generic
  * Master version: 4.15.0-137.141
==== python3.6: 3.6.9-1~18.04ubuntu1.3 => 3.6.9-1~18.04ubuntu1.4 ====
====     libpython3.6-minimal:amd64 libpython3.6-stdlib:amd64 libpython3.6:amd64 python3.6 python3.6-minimal
  * SECURITY UPDATE: Code execution from content received via HTTP
    - debian/patches/CVE-2020-27619-3.6.patch: no longer call eval() on
      content received via HTTP in Lib/test/multibytecodec_support.py.
    - CVE-2020-27619
  * SECURITY UPDATE: Buffer overflow
    - debian/patches/CVE-2021-3177-3.6.patch: replace snprintf with Python unicode
      formatting in ctypes param reprs in Lib/ctypes/test/test_parameters.py,
      Modules/_ctypes/callproc.c.
    - CVE-2021-3177

--
[1] http://cloud-images.ubuntu.com/releases/bionic/release-20210315.1/
[2] http://cloud-images.ubuntu.com/releases/bionic/release-20210224/