A new release of the Ubuntu Cloud Images for stable Ubuntu release 22.04 (Jammy Jellyfish) is available at [1]. These new images superseded the existing images [2]. Images are available for download or immediate use on EC2 via publish AMI ids. Users who wish to update their existing installations can do so with: 'sudo apt-get update && sudo apt-get dist-upgrade && sudo reboot'. The following packages have been updated. Please see the full changelogs for a complete listing of changes: * apt: 2.4.5 => 2.4.6 * base-files: 12ubuntu4.1 => 12ubuntu4.2 * freetype: 2.11.1+dfsg-1build1 => 2.11.1+dfsg-1ubuntu0.1 * git: 1:2.34.1-1ubuntu1.2 => 1:2.34.1-1ubuntu1.4 * glibc: 2.35-0ubuntu3 => 2.35-0ubuntu3.1 * gnutls28: 3.7.3-4ubuntu1 => 3.7.3-4ubuntu1.1 * gstreamer1.0: 1.20.1-1 => 1.20.3-0ubuntu1 * libtirpc: 1.3.2-2build1 => 1.3.2-2ubuntu0.1 * linux-meta: 5.15.0.41.43 => 5.15.0.43.44 * linux-signed: 5.15.0-41.44 => 5.15.0-43.46 * netplan.io: 0.104-0ubuntu2 => 0.104-0ubuntu2.1 * pygobject: 3.42.0-3build1 => 3.42.1-0ubuntu1 * pyjwt: 2.3.0-1 => 2.3.0-1ubuntu0.1 * python-apt: 2.3.0ubuntu2 => 2.3.0ubuntu2.1 * python3.10: 3.10.4-3 => 3.10.4-3ubuntu0.1 * ubuntu-release-upgrader: 1:22.04.11 => 1:22.04.12 The following is a complete changelog for this image. new: {'linux-headers-5.15.0-43': '5.15.0-43.46', 'linux-modules-5.15.0-43-generic': '5.15.0-43.46', 'linux-headers-5.15.0-43-generic': '5.15.0-43.46'} removed: {'linux-headers-5.15.0-41': '5.15.0-41.44', 'linux-headers-5.15.0-41-generic': '5.15.0-41.44', 'linux-modules-5.15.0-41-generic': '5.15.0-41.44'} changed: ['apt', 'apt-utils', 'base-files', 'git', 'git-man', 'libapt-pkg6.0:amd64', 'libc-bin', 'libc6:amd64', 'libfreetype6:amd64', 'libgnutls30:amd64', 'libgstreamer1.0-0:amd64', 'libnetplan0:amd64', 'libpython3.10-minimal:amd64', 'libpython3.10-stdlib:amd64', 'libpython3.10:amd64', 'libtirpc-common', 'libtirpc3:amd64', 'linux-headers-generic', 'linux-headers-virtual', 'linux-image-5.15.0-43-generic', 'linux-image-virtual', 'linux-virtual', 'locales', 'motd-news-config', 'netplan.io', 'python-apt-common', 'python3-apt', 'python3-distupgrade', 'python3-gi', 'python3-jwt', 'python3.10', 'python3.10-minimal', 'ubuntu-release-upgrader-core'] new snaps: {} removed snaps: {} changed snaps: ['core20'] ==== apt: 2.4.5 => 2.4.6 ==== ==== apt apt-utils libapt-pkg6.0:amd64 * (Temporarily) Rewrite phased updates using a keep-back approach (LP: #1979244) * policy: Do not override negative pins with 1 due to phasing (LP: #1978125) * Point branch to 2.4.y and use jammy in gitlab-ci ==== base-files: 12ubuntu4.1 => 12ubuntu4.2 ==== ==== base-files motd-news-config * /etc/issue{,.net}, /etc/{lsb,os}-release: bump version to 22.04.1 ==== freetype: 2.11.1+dfsg-1build1 => 2.11.1+dfsg-1ubuntu0.1 ==== ==== libfreetype6:amd64 * SECURITY UPDATE: Heap buffer overflow in sfnt_init_face - debian/patches/CVE-2022-27404.patch: avoid invalid face index in src/sfnt/sfobjs.c, src/sfnt/sfwoff2.c. - CVE-2022-27404 * SECURITY UPDATE: Segmentation violation in FNT_Size_Request - debian/patches/CVE-2022-27405.patch: properly guard face_index in src/base/ftobjs.c. - CVE-2022-27405 * SECURITY UPDATE: Segmentation violation in FT_Request_Size - debian/patches/CVE-2022-27406.patch: guard face->size in src/base/ftobjs.c. - CVE-2022-27406 * SECURITY UPDATE: Heap-based buffer overflow in ftbench demo - debian/patches/CVE-2022-31782.patch: check the number of glyphs in ft2demos/src/ftbench.c. - CVE-2022-31782 ==== git: 1:2.34.1-1ubuntu1.2 => 1:2.34.1-1ubuntu1.4 ==== ==== git git-man * SECURITY UPDATE: Potential arbitrary code execution - debian/patches/CVE-2022-29187-1.patch: adds test to regression git needs safe.directory when using sudo in t/t0034-root-safe-directory.sh. - debian/patches/CVE-2022-29187-2.patch: avoid failing dir ownership checks if running privileged in git-compat-util.h, t/t0034-root-safe-directory.sh. - debian/patches/CVE-2022-29187-3.patch: add negative tests and allow git init to mostly work under sudo in t/lib-sudo.sh b/t/lib-sudo.sh. - debian/patches/CVE-2022-29187-4.patch: allow root to access both SUDO_UID and root owned in git-compat-util.h, t/t0034-root-safe-directory.sh. - debian/patches/CVE-2022-29187-5.patch: add tests for safe.directory in t/t0033-safe-directory.sh, setup.c. - debian/patches/CVE-2022-29187-6.patch: tighten ownership checks post CVE-2022-24765 in setup.c. - CVE-2022-29187 ==== glibc: 2.35-0ubuntu3 => 2.35-0ubuntu3.1 ==== ==== libc-bin libc6:amd64 locales * debian/maint: add a script to manage backports of patches from upstream maintenance branch. * Cherry-pick patches from upstream maintenance branch: - 0001-S390-Add-new-s390-platform-z16.patch (LP: #1971612) - 0002-powerpc-Fix-VSX-register-number-on-__strncpy_power9-.patch (LP: #1978130) ==== gnutls28: 3.7.3-4ubuntu1 => 3.7.3-4ubuntu1.1 ==== ==== libgnutls30:amd64 * SECURITY UPDATE: Double free in verification of pkcs7 signatures - debian/patches/CVE-2022-2509.patch: fix double free during gnutls_pkcs7_verify in lib/x509/pkcs7.c, tests/pkcs7-verify-double-free.c, tests/Makefile.am. - CVE-2022-2509 ==== gstreamer1.0: 1.20.1-1 => 1.20.3-0ubuntu1 ==== ==== libgstreamer1.0-0:amd64 * New upstream release (LP: #1980239) ==== libtirpc: 1.3.2-2build1 => 1.3.2-2ubuntu0.1 ==== ==== libtirpc-common libtirpc3:amd64 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2021-46828.diff: fix DoS by enhancing rendezvous_request to keep the number of SVCXPRT connections to 4/5 of the size of the file desc tabble in src/svc.c, src/svc_vc.c. - CVE-2021-46828 ==== linux-meta: 5.15.0.41.43 => 5.15.0.43.44 ==== ==== linux-headers-generic linux-headers-virtual linux-image-virtual linux-virtual * Bump ABI 5.15.0-43 * Packaging resync (LP: #1786013) - [Packaging] resync debian/dkms-versions from main package ==== linux-signed: 5.15.0-41.44 => 5.15.0-43.46 ==== ==== linux-image-5.15.0-43-generic * Master version: 5.15.0-43.46 ==== netplan.io: 0.104-0ubuntu2 => 0.104-0ubuntu2.1 ==== ==== libnetplan0:amd64 netplan.io * Cherry-pick fix for rendering WPA3 password (8934a1b), LP: #1975576 + d/p/0010-nm-fix-rendering-of-password-for-unknown-passthrough.patch * Backport offloading tristate patches (LP: #1956264) + d/p/0003-Add-tristate-type-for-offload-options-LP-1956264-270.patch + d/p/0004-tests-ethernets-fix-autopkgtest-with-alternating-def.patch + d/t/control: add 'ethtool' test-dep for link offloading tests ==== pygobject: 3.42.0-3build1 => 3.42.1-0ubuntu1 ==== ==== python3-gi [ Jeremy Bicha ] * New upstream release (fixes LP: #1979347) * Drop python3.10 patch: applied in new release ==== pyjwt: 2.3.0-1 => 2.3.0-1ubuntu0.1 ==== ==== python3-jwt * SECURITY UPDATE: Signing key confusion via public key signature - debian/patches/CVE-2022-29217.patch: update jwt/algorithms.py to disallow using SSH keys as a HMAC secret. - CVE-2022-29217 ==== python-apt: 2.3.0ubuntu2 => 2.3.0ubuntu2.1 ==== ==== python-apt-common python3-apt * Update mirror lists. ==== python3.10: 3.10.4-3 => 3.10.4-3ubuntu0.1 ==== ==== libpython3.10-minimal:amd64 libpython3.10-stdlib:amd64 libpython3.10:amd64 python3.10 python3.10-minimal * SECURITY UPDATE: Injection Attack - debian/patches/CVE-2015-20107.patch: Make mailcap refuse to match unsafe filenames/types/param in Lib/mailcap.py, Lib/test/test_mailcap.py. - CVE-2015-20107 ==== ubuntu-release-upgrader: 1:22.04.11 => 1:22.04.12 ==== ==== python3-distupgrade ubuntu-release-upgrader-core [ Brian Murray ] * Add support for upgrading from End of Life releases (Ubuntu 20.10 and Ubuntu 21.04) to Ubuntu 22.04. (LP: #1975533) * DistUpgrade: Do not attempt to reboot in WSL. (LP: #1958668) * DistUpgrade/deb2snap.json: gnome-3-34-1804 is no longer a seeded snap and should not be refreshed. (LP: #1981485) * Run pre-build.sh: updating mirrors, demotions, and translations. [ William 'jawn-smith' Wilson ] * tests/test_quirks.py: Remove declaration of unused variables -- [1] http://cloud-images.ubuntu.com/releases/jammy/release-20220808/ [2] http://cloud-images.ubuntu.com/releases/jammy/release-20220712/