A new release of the Ubuntu Cloud Images for stable Ubuntu release 20.04 LTS (Focal Fossa) is available at [1]. These new images superseded the existing images [2]. Images are available for download or immediate use on EC2 via publish AMI ids. Users who wish to update their existing installations can do so with:
   'sudo apt-get update && sudo apt-get dist-upgrade && sudo reboot'.

The following packages have been updated. Please see the full changelogs
for a complete listing of changes:
 * freetype: 2.10.1-2ubuntu0.1 => 2.10.1-2ubuntu0.2 
 * git: 1:2.25.1-1ubuntu3.4 => 1:2.25.1-1ubuntu3.5 
 * gnutls28: 3.6.13-2ubuntu1.6 => 3.6.13-2ubuntu1.7 
 * gstreamer1.0: 1.16.2-2 => 1.16.3-0ubuntu1.1 
 * libxml2: 2.9.10+dfsg-5ubuntu0.20.04.3 => 2.9.10+dfsg-5ubuntu0.20.04.4 
 * linux-meta: 5.4.0.122.123 => 5.4.0.124.125 
 * linux-signed: 5.4.0-122.138 => 5.4.0-124.140 
 * netplan.io: 0.104-0ubuntu2~20.04.1 => 0.104-0ubuntu2~20.04.2 
 * pyjwt: 1.7.1-2ubuntu2 => 1.7.1-2ubuntu2.1 
 * python3.8: 3.8.10-0ubuntu1~20.04.4 => 3.8.10-0ubuntu1~20.04.5 


The following is a complete changelog for this image.
new: {'linux-headers-5.4.0-124': '5.4.0-124.140', 'linux-modules-5.4.0-124-generic': '5.4.0-124.140', 'linux-headers-5.4.0-124-generic': '5.4.0-124.140'}
removed: {'linux-headers-5.4.0-122-generic': '5.4.0-122.138', 'linux-headers-5.4.0-122': '5.4.0-122.138', 'linux-modules-5.4.0-122-generic': '5.4.0-122.138'}
changed: ['git', 'git-man', 'libfreetype6:amd64', 'libgnutls30:amd64', 'libgstreamer1.0-0:amd64', 'libnetplan0:amd64', 'libpython3.8-minimal:amd64', 'libpython3.8-stdlib:amd64', 'libpython3.8:amd64', 'libxml2:amd64', 'linux-headers-generic', 'linux-headers-virtual', 'linux-image-5.4.0-124-generic', 'linux-image-virtual', 'linux-virtual', 'netplan.io', 'python3-jwt', 'python3.8', 'python3.8-minimal']
new snaps: {}
removed snaps: {}
changed snaps: ['core20']
==== freetype: 2.10.1-2ubuntu0.1 => 2.10.1-2ubuntu0.2 ====
====     libfreetype6:amd64
  * SECURITY UPDATE: Heap buffer overflow in sfnt_init_face
    - debian/patches/CVE-2022-27404.patch: avoid invalid face index in
      src/sfnt/sfobjs.c.
    - CVE-2022-27404
  * SECURITY UPDATE: Segmentation violation in FNT_Size_Request
    - debian/patches/CVE-2022-27405.patch: properly guard face_index in
      src/base/ftobjs.c.
    - CVE-2022-27405
  * SECURITY UPDATE: Segmentation violation in FT_Request_Size
    - debian/patches/CVE-2022-27406.patch: guard face->size in
      src/base/ftobjs.c.
    - CVE-2022-27406
  * SECURITY UPDATE: Heap-based buffer overflow in ftbench demo
    - debian/patches/CVE-2022-31782.patch: check the number of glyphs in
      ft2demos/src/ftbench.c.
    - CVE-2022-31782
==== git: 1:2.25.1-1ubuntu3.4 => 1:2.25.1-1ubuntu3.5 ====
====     git git-man
  * SECURITY UPDATE: Potential arbitrary code execution
    - debian/patches/CVE-2022-29187-1.patch: adds test to
      regression git needs safe.directory when using sudo in
      t/t0034-root-safe-directory.sh.
    - debian/patches/CVE-2022-29187-2.patch: avoid failing dir ownership
      checks if running privileged in git-compat-util.h,
      t/t0034-root-safe-directory.sh.
    - debian/patches/CVE-2022-29187-3.patch: add negative tests
      and allow git init to mostly work under sudo in
      t/lib-sudo.sh b/t/lib-sudo.sh.
    - debian/patches/CVE-2022-29187-4.patch: allow root
      to access both SUDO_UID and root owned in git-compat-util.h,
      t/t0034-root-safe-directory.sh.
    - debian/patches/CVE-2022-29187-5.patch: add tests for safe.directory
      in t/t0033-safe-directory.sh, setup.c.
    - debian/patches/CVE-2022-29187-6.patch: tighten ownership checks
      post CVE-2022-24765 in setup.c.
    - CVE-2022-29187
==== gnutls28: 3.6.13-2ubuntu1.6 => 3.6.13-2ubuntu1.7 ====
====     libgnutls30:amd64
  * SECURITY UPDATE: Null pointer dereference in MD_UPDATE
    - debian/patches/CVE-2021-4209.patch: avoid calling _update with
      zero-length input in lib/nettle/mac.c.
    - CVE-2021-4209
  * SECURITY UPDATE: Double free in verification of pkcs7 signatures
    - debian/patches/CVE-2022-2509.patch: fix double free during
      gnutls_pkcs7_verify in lib/x509/pkcs7.c,
      tests/pkcs7-verify-double-free.c, tests/Makefile.am.
    - CVE-2022-2509
==== gstreamer1.0: 1.16.2-2 => 1.16.3-0ubuntu1.1 ====
====     libgstreamer1.0-0:amd64
  * Build no change
  * New upstream stable release (LP: #1962135)
    - Drop patches 0001-Revert-device-Enforce-that-elements-created-by-gst_d
      and 0002-Revert-element-Enforce-that-elements-created-by-gst_
      (applied upstream).
==== libxml2: 2.9.10+dfsg-5ubuntu0.20.04.3 => 2.9.10+dfsg-5ubuntu0.20.04.4 ====
====     libxml2:amd64
  * SECURITY UPDATE: Possible cross-site scripting
    - debian/patches/CVE-2016-3709.patch: Revert "do not URI escape
      in server side includes" in HTMLtree.c.
    - CVE-2016-3709
==== linux-meta: 5.4.0.122.123 => 5.4.0.124.125 ====
====     linux-headers-generic linux-headers-virtual linux-image-virtual linux-virtual
  * Bump ABI 5.4.0-124
  * Bump ABI 5.4.0-123
  * Packaging resync (LP: #1786013)
    - [Packaging] resync debian/dkms-versions from main package
==== linux-signed: 5.4.0-122.138 => 5.4.0-124.140 ====
====     linux-image-5.4.0-124-generic
  * Master version: 5.4.0-124.140
  * Master version: 5.4.0-123.139
==== netplan.io: 0.104-0ubuntu2~20.04.1 => 0.104-0ubuntu2~20.04.2 ====
====     libnetplan0:amd64 netplan.io
  * Cherry pick d/p/dbus-Remove-the-upper-limit-on-try-timeout.patch
    (LP: #1967084)
  * Cherry-pick fix for rendering WPA3 password (8934a1b), LP: #1975576
    + d/p/0010-nm-fix-rendering-of-password-for-unknown-passthrough.patch
  * Backport offloading tristate patches (LP: #1956264)
    + d/p/0003-Add-tristate-type-for-offload-options-LP-1956264-270.patch
    + d/p/0004-tests-ethernets-fix-autopkgtest-with-alternating-def.patch
    + d/t/control: add 'ethtool' test-dep for link offloading tests
==== pyjwt: 1.7.1-2ubuntu2 => 1.7.1-2ubuntu2.1 ====
====     python3-jwt
  * SECURITY UPDATE: Signing key confusion via public key signature
    - debian/patches/CVE-2022-29217.patch: update jwt/algorithms.py to
      disallow using SSH keys as a HMAC secret.
    - CVE-2022-29217
==== python3.8: 3.8.10-0ubuntu1~20.04.4 => 3.8.10-0ubuntu1~20.04.5 ====
====     libpython3.8-minimal:amd64 libpython3.8-stdlib:amd64 libpython3.8:amd64 python3.8 python3.8-minimal
  * SECURITY UPDATE: Injection Attack
    - debian/patches/CVE-2015-20107.patch: Make mailcap refuse to match unsafe
      filenames/types/param in Lib/mailcap.py, Lib/test/test_mailcap.py.
    - CVE-2015-20107

--
[1] http://cloud-images.ubuntu.com/releases/focal/release-20220810/
[2] http://cloud-images.ubuntu.com/releases/focal/release-20220711/