A new release of the Ubuntu Cloud Images for stable Ubuntu release 20.04 LTS (Focal Fossa) is available at [1]. These new images superseded the existing images [2]. Images are available for download or immediate use on EC2 via publish AMI ids. Users who wish to update their existing installations can do so with:
   'sudo apt-get update && sudo apt-get dist-upgrade && sudo reboot'.

The following packages have been updated. Please see the full changelogs
for a complete listing of changes:
 * apport: 2.20.11-0ubuntu27.21 => 2.20.11-0ubuntu27.23 
 * git: 1:2.25.1-1ubuntu3.2 => 1:2.25.1-1ubuntu3.3 
 * gzip: 1.10-0ubuntu4 => 1.10-0ubuntu4.1 
 * klibc: 2.0.7-1ubuntu5 => 2.0.7-1ubuntu5.1 
 * linux-meta: 5.4.0.107.111 => 5.4.0.109.113 
 * linux-signed: 5.4.0-107.121 => 5.4.0-109.123 
 * systemd: 245.4-4ubuntu3.15 => 245.4-4ubuntu3.16 
 * ubuntu-release-upgrader: 1:20.04.37 => 1:20.04.38 
 * xz-utils: 5.2.4-1ubuntu1 => 5.2.4-1ubuntu1.1 


The following is a complete changelog for this image.
new: {'linux-modules-5.4.0-109-generic': '5.4.0-109.123', 'linux-headers-5.4.0-109': '5.4.0-109.123', 'linux-headers-5.4.0-109-generic': '5.4.0-109.123'}
removed: {'linux-headers-5.4.0-107': '5.4.0-107.121', 'linux-modules-5.4.0-107-generic': '5.4.0-107.121', 'linux-headers-5.4.0-107-generic': '5.4.0-107.121'}
changed: ['apport', 'git', 'git-man', 'gzip', 'klibc-utils', 'libklibc:amd64', 'liblzma5:amd64', 'libnss-systemd:amd64', 'libpam-systemd:amd64', 'libsystemd0:amd64', 'libudev1:amd64', 'linux-headers-generic', 'linux-headers-virtual', 'linux-image-5.4.0-109-generic', 'linux-image-virtual', 'linux-virtual', 'python3-apport', 'python3-distupgrade', 'python3-problem-report', 'systemd', 'systemd-sysv', 'systemd-timesyncd', 'ubuntu-release-upgrader-core', 'udev', 'xz-utils']
new snaps: {}
removed snaps: {}
changed snaps: []
==== apport: 2.20.11-0ubuntu27.21 => 2.20.11-0ubuntu27.23 ====
====     apport python3-apport python3-problem-report
  * Fix expanded symlinks from the previous build
  * apport/ui.py: Error out when -w option is used on wayland (LP: #1952947).
==== git: 1:2.25.1-1ubuntu3.2 => 1:2.25.1-1ubuntu3.3 ====
====     git git-man
  * SECURITY UPDATE: Run commands in diff users
    - debian/patches/CVE-2022-24765-*.patch: fix GIT_CEILING_DIRECTORIES; add
      an owner check for the top-level-directory; add a function to
      determine whether a path is owned by the current user in patch.c,
      t/t0060-path-utils.sh, setup.c, compat/mingw.c, compat/mingw.h,
      git-compat-util.h.
    - CVE-2022-24765
==== gzip: 1.10-0ubuntu4 => 1.10-0ubuntu4.1 ====
====     gzip
  * SECURITY UPDATE: arbitrary file override with crafted file names
    - debian/patches/CVE-2022-1271-1.patch: avoid exploit via multi-newline
      file names in zgrep.in.
    - debian/patches/CVE-2022-1271-2.patch: add test in tests/Makefile.am,
      tests/zgrep-abuse.
    - debian/patches/CVE-2022-1271-3.patch: port to POSIX sed in zgrep.in.
    - debian/patches/CVE-2022-1271-4.patch: optimize out a grep in
      gzexe.in.
    - debian/patches/CVE-2022-1271-5.patch: use C locale more often in
      gzexe.in, sample/zfile, zdiff.in, zgrep.in, znew.in.
    - debian/patches/CVE-2022-1271-6.patch: fix "binary file matches"
      mislabeling in tests/Makefile.am, tests/zgrep-binary, zgrep.in.
    - debian/rules: fix permissions on new test scripts.
    - CVE-2022-1271
==== klibc: 2.0.7-1ubuntu5 => 2.0.7-1ubuntu5.1 ====
====     klibc-utils libklibc:amd64
  * SECURITY UPDATE: integer overflow in calloc
    - debian/patches/CVE-2021-31870.patch: add overflow check
      when performing the multiplication in usr/klibc/calloc.c. 
    - CVE-2021-31870
  * SECURITY UPDATE: integer overflow in cpio 
    - debian/patches/CVE-2021-31871.patch: remove cast to unsigned
      to avoid a possible overflow in 64 bit systems in 
      usr/utils/cpio.c.
    - CVE-2021-31871
  * SECURITY UPDATE: integer overflow in read_in_new_ascii
    - debian/patches/CVE-2021-31872.patch: ensure that c_namesize
      and c_filesize are smaller than LONG_MAX in usr/utils/cpio.c.
    - CVE-2021-31872
  * SECURITY UPDATE: integer overflow in malloc
    - debian/patches/CVE-2021-31873.patch: ensure that size is smaller
      than PTRDIFF_MAX in usr/klibc/malloc.c.
    - CVE-2021-31873
==== linux-meta: 5.4.0.107.111 => 5.4.0.109.113 ====
====     linux-headers-generic linux-headers-virtual linux-image-virtual linux-virtual
  * Bump ABI 5.4.0-109
  * Bump ABI 5.4.0-108
  * Packaging resync (LP: #1786013)
    - [Packaging] resync debian/dkms-versions from main package
==== linux-signed: 5.4.0-107.121 => 5.4.0-109.123 ====
====     linux-image-5.4.0-109-generic
  * Master version: 5.4.0-109.123
  * Master version: 5.4.0-108.122
==== systemd: 245.4-4ubuntu3.15 => 245.4-4ubuntu3.16 ====
====     libnss-systemd:amd64 libpam-systemd:amd64 libsystemd0:amd64 libudev1:amd64 systemd systemd-sysv systemd-timesyncd udev
  [ Dan Streetman ]
  * d/p/lp1946388-sd-journal-don-t-check-namespaces-if-we-have-no-name.patch:
    Avoid journalctl segfault (LP: #1946388)
  [ Jeremy Szu ]
  * Add a allowlist to unblock intel-hid on new HP machines (LP: #1955997)
    Author: Jeremy Szu
    File: debian/patches/lp1955997-add-a-allowlist-to-unblock-intel-hid-on-HP-mach.patch
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=88a859eaddb6c9a611fcbc44edab441aef4c4355
  [ Nick Rosbrook ]
  * Prevent arguments from being overwritten with defaults at shutdown (LP: #1958284)
    File: debian/patches/lp1958284-core-move-reset_arguments-to-the-end-of-main-s-finish.patch
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=e61052bd1f20bcc54e7417542c6d445cf5040f56
  [ Lukas Mrdian ]
  * Fix deadlock between pid1 and dbus-daemon (LP: #1871538)
    Author: Lukas Mrdian
    File: debian/patches/pid1-set-SYSTEMD_NSS_DYNAMIC_BYPASS-1-env-var-for-dbus-da.patch
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=e3aacfa26e3fc6df369e6f28e740389ae0020907
==== ubuntu-release-upgrader: 1:20.04.37 => 1:20.04.38 ====
====     python3-distupgrade ubuntu-release-upgrader-core
  * do-release-upgrade: Preserve env vars needed for screen lock prevention (LP: #1968607).
  * Run pre-build.sh: updating translations.
  * Manually run utils/update_mirrors.py to update mirrors.
==== xz-utils: 5.2.4-1ubuntu1 => 5.2.4-1ubuntu1.1 ====
====     liblzma5:amd64 xz-utils
  * SECURITY UPDATE: arbitrary file overwrite or code execution with
    crafted file names
    - debian/patches/CVE-2022-1271.patch: fix escaping of malicious
      filenames in src/scripts/xzgrep.in.
    - CVE-2022-1271

--
[1] http://cloud-images.ubuntu.com/releases/focal/release-20220419/
[2] http://cloud-images.ubuntu.com/releases/focal/release-20220411.2/