A new release of the Ubuntu Cloud Images for stable Ubuntu release 20.04 LTS (Focal Fossa) is available at [1]. These new images superseded the existing images [2]. Images are available for download or immediate use on EC2 via publish AMI ids. Users who wish to update their existing installations can do so with: 'sudo apt-get update && sudo apt-get dist-upgrade && sudo reboot'. The following packages have been updated. Please see the full changelogs for a complete listing of changes: * curl: 7.68.0-1ubuntu2.10 => 7.68.0-1ubuntu2.11 * dbus: 1.12.16-2ubuntu2.1 => 1.12.16-2ubuntu2.2 * glibc: 2.31-0ubuntu9.7 => 2.31-0ubuntu9.9 * linux-meta: 5.4.0.109.113 => 5.4.0.110.114 * linux-signed: 5.4.0-109.123 => 5.4.0-110.124 * nss: 2:3.49.1-1ubuntu1.6 => 2:3.49.1-1ubuntu1.7 * sbsigntool: 0.9.2-2ubuntu1 => 0.9.2-2ubuntu1.1 * systemd: 245.4-4ubuntu3.16 => 245.4-4ubuntu3.17 The following is a complete changelog for this image. new: {'linux-headers-5.4.0-110-generic': '5.4.0-110.124', 'linux-modules-5.4.0-110-generic': '5.4.0-110.124', 'linux-headers-5.4.0-110': '5.4.0-110.124'} removed: {'linux-modules-5.4.0-109-generic': '5.4.0-109.123', 'linux-headers-5.4.0-109': '5.4.0-109.123', 'linux-headers-5.4.0-109-generic': '5.4.0-109.123'} changed: ['curl', 'dbus', 'dbus-user-session', 'libc-bin', 'libc6:amd64', 'libcurl3-gnutls:amd64', 'libcurl4:amd64', 'libdbus-1-3:amd64', 'libnss-systemd:amd64', 'libnss3:amd64', 'libpam-systemd:amd64', 'libsystemd0:amd64', 'libudev1:amd64', 'linux-headers-generic', 'linux-headers-virtual', 'linux-image-5.4.0-110-generic', 'linux-image-virtual', 'linux-virtual', 'locales', 'sbsigntool', 'systemd', 'systemd-sysv', 'systemd-timesyncd', 'udev'] new snaps: {} removed snaps: {} changed snaps: [] ==== curl: 7.68.0-1ubuntu2.10 => 7.68.0-1ubuntu2.11 ==== ==== curl libcurl3-gnutls:amd64 libcurl4:amd64 * SECURITY UPDATE: CERTINFO never-ending busy-loop - debian/patches/CVE-2022-27781.patch: return error if seemingly stuck in a cert loop in lib/vtls/nss.c. - CVE-2022-27781 * SECURITY UPDATE: TLS and SSH connection too eager reuse - debian/patches/CVE-2022-27782.patch: check more TLS details for connection reuse in lib/setopt.c, lib/url.c, lib/urldata.h, lib/vtls/gtls.c, lib/vtls/openssl.c, lib/vtls/nss.c, lib/vtls/vtls.c, lib/vssh/ssh.h. - CVE-2022-27782 ==== dbus: 1.12.16-2ubuntu2.1 => 1.12.16-2ubuntu2.2 ==== ==== dbus dbus-user-session libdbus-1-3:amd64 * SECURITY UPDATE: use-after-free when users share UID - debian/patches/CVE-2020-35512.patch: apply reference-counting to the user and group data structures in dbus/dbus-userdb.h, dbus/dbus-sysdeps-unix.h, dbus/dbus-userdb-util.c and dbus/dbus-userdb.c. - CVE-2020-35512 ==== glibc: 2.31-0ubuntu9.7 => 2.31-0ubuntu9.9 ==== ==== libc-bin libc6:amd64 locales * Disable testsuite on riscv64. It is failing maths tests intermittently in ways that cannot be a glibc regression and is disabled in later series anyway. * Update for 20.04. (LP: #1951033) [ Balint Reczey ] * Cherry-pick upstream patch to fix building with -moutline-atomics * Prevent rare deadlock in pthread_cond_signal (LP: #1899800) [ Matthias Klose ] * Revert: Use DH_COMPAT=8 for dh_strip to fix debug sections for valgrind. Enables debugging ld.so related issues. (LP: #1918035) * Don't strip ld.so on armhf. (LP: #1927192) [ Gunnar Hjalmarsson ] * d/local/usr_sbin/update-locale: improve sanity checks. (LP: #1892825) [ Heitor Alves de Siqueira ] * d/p/u/git-lp1928508-reversing-calculation-of-__x86_shared_non_temporal.patch: - Fix memcpy() performance regression on x86 AMD systems (LP: #1928508) [ Aurelien Jarno ] * debian/debhelper.in/libc.preinst: drop the check for kernel release > 255 now that glibc and preinstall script are fixed. (LP: #1962225) [ Michael Hudson-Doyle ] * libc6 on arm64 is now built with -moutline-atomics so libc6-lse can now be an empty package that is safe to remove. (LP: #1912652) * d/patches/u/aarch64-memcpy-improvements.patch: Backport memcpy improvements. (LP: #1951032) * Add test-float64x-yn to xfails on riscv64. ==== linux-meta: 5.4.0.109.113 => 5.4.0.110.114 ==== ==== linux-headers-generic linux-headers-virtual linux-image-virtual linux-virtual * Bump ABI 5.4.0-110 ==== linux-signed: 5.4.0-109.123 => 5.4.0-110.124 ==== ==== linux-image-5.4.0-110-generic * Master version: 5.4.0-110.124 ==== nss: 2:3.49.1-1ubuntu1.6 => 2:3.49.1-1ubuntu1.7 ==== ==== libnss3:amd64 * SECURITY UPDATE: Denial of service through ChangeCipherSpec - debian/patches/CVE-2020-25648-1.patch: reject CCS when compatibility is not specify or if many CCS in a row in nss/gtests/ssl_gtest/ssl_tls13compat_unittest.cc, nss/lib/ssl/ssl3con.c and nss/lib/ssl/sslimpl.h. - debian/patches/CVE-2020-25648-2.patch: reject multiple CCS packages but allow the first one in nss/gtests/ssl_gtest/ssl_tls13compat_unittest.cc, nss/lib/ssl/ssl3con.c and nss/lib/ssl/sslimpl.h. - CVE-2020-25648 ==== sbsigntool: 0.9.2-2ubuntu1 => 0.9.2-2ubuntu1.1 ==== ==== sbsigntool * Enable signing riscv64 EFI binaries (LP: #1964510) ==== systemd: 245.4-4ubuntu3.16 => 245.4-4ubuntu3.17 ==== ==== libnss-systemd:amd64 libpam-systemd:amd64 libsystemd0:amd64 libudev1:amd64 systemd systemd-sysv systemd-timesyncd udev [ Andy Chi ] * Add mic mute key support for HP Elite x360 series (LP: #1967038) Author: Andy Chi File: debian/patches/hwdb-Add-mic-mute-key-mapping-for-HP-Elite-x360.patch https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=09cd12b399725d9c766f5a3c979ff6983812c783 [ Jeremy Szu ] * Add more hp dmi to unblock intel-hid event (LP: #1966179) Also, add HP EliteBook 630/830 13 inch dmi string to intel-hid allowlist Author: Jeremy Szu File: debian/patches/lp1966179-add-more-hp-dmi-to-unblock-intel-hid-event.patch https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=7e05409f3f812086c530f5eb49fa381413df6065 -- [1] http://cloud-images.ubuntu.com/releases/focal/release-20220511/ [2] http://cloud-images.ubuntu.com/releases/focal/release-20220505/