A new release of the Ubuntu Cloud Images for stable Ubuntu release 20.04 LTS (Focal Fossa) is available at [1]. These new images superseded the existing images [2]. Images are available for download or immediate use on EC2 via publish AMI ids. Users who wish to update their existing installations can do so with: 'sudo apt-get update && sudo apt-get dist-upgrade && sudo reboot'. The following packages have been updated. Please see the full changelogs for a complete listing of changes: * cloud-init: 21.2-3-g899bfaa9-0ubuntu2~20.04.1 => 21.3-1-g6803368d-0ubuntu1~20.04.3 * python3.8: 3.8.10-0ubuntu1~20.04 => 3.8.10-0ubuntu1~20.04.1 * update-manager: 1:20.04.10.7 => 1:20.04.10.9 * vim: 2:8.1.2269-1ubuntu5 => 2:8.1.2269-1ubuntu5.3 The following is a complete changelog for this image. new: {} removed: {} changed: ['cloud-init', 'libpython3.8-minimal:amd64', 'libpython3.8-stdlib:amd64', 'libpython3.8:amd64', 'python3-update-manager', 'python3.8', 'python3.8-minimal', 'update-manager-core', 'vim', 'vim-common', 'vim-runtime', 'vim-tiny', 'xxd'] new snaps: {} removed snaps: {} changed snaps: [] ==== cloud-init: 21.2-3-g899bfaa9-0ubuntu2~20.04.1 => 21.3-1-g6803368d-0ubuntu1~20.04.3 ==== ==== cloud-init * cherry-pick 612e3908: Add connectivity_url to Oracle's EphemeralDHCPv4 (#988) (LP: #1939603) * cherry-pick dc227869: Set Azure to apply networking config every BOOT (#1023) * cherry-pick 28e56d99: Azure: Retry dhcp on timeouts when polling reprovisiondata * cherry-pick e69a8874: Set Azure to only update metadata on BOOT_NEW_INSTANCE * d/cloud-init.templates: Add VMware datasource support * d/control: Add dependencies on python3-netifaces for VMware ds * New upstream snapshot. (LP: #1940871) - testing: Fix ssh keys integration test (#992) - Release 21.3 (#993) - Azure: During primary nic detection, check interface status continuously before rebinding again (#990) [aswinrajamannar] - Fix home permissions modified by ssh module (SC-338) (#984) - Add integration test for sensitive jinja substitution (#986) - Ignore hotplug socket when collecting logs (#985) - testing: Add missing mocks to test_vmware.py (#982) - add Zadara Edge Cloud Platform to the supported clouds list (#963) [sarahwzadara] - testing: skip upgrade tests on LXD VMs (#980) - Only invoke hotplug socket when functionality is enabled (#952) - Revert unnecessary lcase in ds-identify (#978) [Andrew Kutz] - cc_resolv_conf: fix typos (#969) [Shreenidhi Shedi] - Replace broken httpretty tests with mock (SC-324) (#973) - Azure: Check if interface is up after sleep when trying to bring it up (#972) [aswinrajamannar] - Update dscheck_VMware's rpctool check (#970) [Shreenidhi Shedi] - Azure: Logging the detected interfaces (#968) [Moustafa Moustafa] - Change netifaces dependency to 0.10.4 (#965) [Andrew Kutz] - Azure: Limit polling network metadata on connection errors (#961) [aswinrajamannar] - Update inconsistent indentation (#962) [Andrew Kutz] - cc_puppet: support AIO installations and more (#960) [Gabriel Nagy] - Add Puppet contributors to CLA signers (#964) [Noah Fontes] - Datasource for VMware (#953) [Andrew Kutz] - photon: refactor hostname handling and add networkd activator (#958) [sshedi] - Stop copying ssh system keys and check folder permissions (#956) [Emanuele Giuseppe Esposito] - testing: port remaining cloud tests to integration testing framework (SC-191) (#955) - generate contents for ovf-env.xml when provisioning via IMDS (#959) [Anh Vo] - Add support for EuroLinux 7 && EuroLinux 8 (#957) [Aleksander Baranowski] - Implementing device_aliases as described in docs (#945) [Mal Graty] - testing: fix test_ssh_import_id.py (#954) - Add ability to manage fallback network config on PhotonOS (#941) [sshedi] - Add VZLinux support (#951) [eb3095] - VMware: add network-config support in ovf-env.xml (#947) [PengpengSun] - Update pylint to v2.9.3 and fix the new issues it spots (#946) [Paride Legovini] - Azure: mount default provisioning iso before try device listing (#870) [Anh Vo] - Document known hotplug limitations (#950) - Initial hotplug support (#936) - Fix MIME policy failure on python version upgrade (#934) - run-container: fixup the centos repos baseurls when using http_proxy (#944) [Paride Legovini] - tools: add support for building rpms on rocky linux (#940) - ssh-util: allow cloudinit to merge all ssh keys into a custom user file, defined in AuthorizedKeysFile (#937) [Emanuele Giuseppe Esposito] - VMware: new "allow_raw_data" switch (#939) [xiaofengw-vmware] - bump pycloudlib version (#935) - add renanrodrigo as a contributor (#938) [Renan Rodrigo] - testing: simplify test_upgrade.py (#932) - freebsd/net_v1 format: read MTU from root (#930) [Gonri Le Bouder] - Add new network activators to bring up interfaces (#919) - - Detect a Python version change and clear the cache (#857) [Robert Schweikert] - cloud_tests: fix the Impish release name (#931) [Paride Legovini] - Removed distro specific network code from Photon (#929) [sshedi] - Add support for VMware PhotonOS (#909) [sshedi] - cloud_tests: add impish release definition (#927) [Paride Legovini] - docs: fix stale links rename master branch to main (#926) - Fix DNS in NetworkState (SC-133) (#923) - tests: Add 'adhoc' mark for integration tests (#925) - Fix the spelling of "DigitalOcean" (#924) [Mark Mercado] - Small Doc Update for ReportEventStack and Test (#920) [Mike Russell] - Replace deprecated collections.Iterable with abc replacement (#922) - testing: OCI availability domain is now required (SC-59) (#910) - add DragonFlyBSD support (#904) [Gonri Le Bouder] - Use instance-data-sensitive.json in jinja templates (SC-117) (#917) - doc: Update NoCloud docs stating required files (#918) - build-on-netbsd: don't pin a specific py3 version (#913) [Gonri Le Bouder] - - Create the log file with 640 permissions (#858) [Robert Schweikert] - Allow braces to appear in dhclient output (#911) [eb3095] - Docs: Replace all freenode references with libera (#912) - openbsd/net: flush the route table on net restart (#908) [Gonri Le Bouder] - Add Rocky Linux support to cloud-init (#906) [Louis Abel] - Add "esposem" as contributor (#907) [Emanuele Giuseppe Esposito] - Add integration test for #868 (#901) - Added support for importing keys via primary/security mirror clauses (#882) [Paul Goins] - [examples] config-user-groups expire in the future (#902) [Geert Stappers] - BSD: static network, set the mtu (#894) [Gonri Le Bouder] - Add integration test for lp-1920939 (#891) - Fix unit tests breaking from new httpretty version (#903) - Allow user control over update events (#834) ==== python3.8: 3.8.10-0ubuntu1~20.04 => 3.8.10-0ubuntu1~20.04.1 ==== ==== libpython3.8-minimal:amd64 libpython3.8-stdlib:amd64 libpython3.8:amd64 python3.8 python3.8-minimal [ Marc Deslauriers ] * SECURITY UPDATE: improper handling of octal strings in ipaddress - debian/patches/CVE-2021-29921.patch: no longer tolerate leading zeros in IPv4 addresses in Lib/ipaddress.py, Lib/test/test_ipaddress.py. - CVE-2021-29921 ==== update-manager: 1:20.04.10.7 => 1:20.04.10.9 ==== ==== python3-update-manager update-manager-core * ubuntu-security-status: use ubuntu-advantage-tools to determine whether or not livepatch or esm are enabled and if the system is attached. Thanks to Chad Smith for the patch. (LP: #1938043) * tests/test_meta_release_core.py: switch a test from using lucid to bionic as precise was removed from the archive. (LP: #1929865) ==== vim: 2:8.1.2269-1ubuntu5 => 2:8.1.2269-1ubuntu5.3 ==== ==== vim vim-common vim-runtime vim-tiny xxd * SECURITY UPDATE: Fix heap-based buffer overflow when using :retab with large value - debian/patches/CVE-2021-3770-1.patch: Check vartabstop contains positive number in src/indent.c. - debian/patches/CVE-2021-3770-2.patch: Fix memory leak for :retab with invalid argument - CVE-2021-3770 * SECURITY UPDATE: Fix heap-based buffer overflow when reading beyond end of line with invalid utf-8 character - debian/patches/CVE-2021-3778.patch: Validate encoding of character before advancing line in regexp_nfa.c. - CVE-2021-3778 * SECURITY UPDATE: Fix use after free when replacing - debian/patches/CVE-2021-3796.patch: Get the line pointer after calling ins_copychar() in src/normal.c. - CVE-2021-3796 * Fix failing flaky test for riscv64 builds. -- [1] http://cloud-images.ubuntu.com/releases/focal/release-20211004/ [2] http://cloud-images.ubuntu.com/releases/focal/release-20210927/