A new release of the Ubuntu Cloud Images for stable Ubuntu release 20.10 (Groovy Gorilla) is available at [1]. These new images superseded the existing images [2]. Images are available for download or immediate use on EC2 via publish AMI ids. Users who wish to update their existing installations can do so with: 'sudo apt-get update && sudo apt-get dist-upgrade && sudo reboot'. The following packages have been updated. Please see the full changelogs for a complete listing of changes: * curl: 7.68.0-1ubuntu4 => 7.68.0-1ubuntu4.2 * iptables: 1.8.5-3ubuntu2.20.10.1 => 1.8.5-3ubuntu2.20.10.2 * linux-meta: 5.8.0.31.36 => 5.8.0.25.30 * linux-signed: 5.8.0-31.33 => 5.8.0-25.26 * openssl: 1.1.1f-1ubuntu4 => 1.1.1f-1ubuntu4.1 * parted: 3.3-4 => 3.3-4ubuntu0.20.10.1 The following is a complete changelog for this image. new: {'linux-modules-5.8.0-25-generic': '5.8.0-25.26', 'linux-headers-5.8.0-25-generic': '5.8.0-25.26', 'linux-headers-5.8.0-25': '5.8.0-25.26'} removed: {'linux-headers-5.8.0-31': '5.8.0-31.33', 'linux-headers-5.8.0-31-generic': '5.8.0-31.33', 'linux-modules-5.8.0-31-generic': '5.8.0-31.33'} changed: ['curl', 'iptables', 'libcurl3-gnutls:amd64', 'libcurl4:amd64', 'libip4tc2:amd64', 'libip6tc2:amd64', 'libparted2:amd64', 'libssl1.1:amd64', 'libxtables12:amd64', 'linux-headers-generic', 'linux-headers-virtual', 'linux-image-5.8.0-25-generic', 'linux-image-virtual', 'linux-virtual', 'openssl', 'parted'] new snaps: {} removed snaps: {} changed snaps: ['lxd', 'snapd'] ==== curl: 7.68.0-1ubuntu4 => 7.68.0-1ubuntu4.2 ==== ==== curl libcurl3-gnutls:amd64 libcurl4:amd64 * SECURITY UPDATE: wrong connect-only connection - debian/patches/CVE-2020-8231.patch: remember last connection by id, not by pointer in lib/connect.c, lib/easy.c, lib/multi.c, lib/url.c, lib/urldata.h. - CVE-2020-8231 * SECURITY UPDATE: FTP redirect to malicious host via PASV response - debian/patches/CVE-2020-8284.patch: use CURLOPT_FTP_SKIP_PASV_IP by default in lib/url.c, src/tool_cfgable.c, docs/*, tests/data/*. - CVE-2020-8284 * SECURITY UPDATE: FTP wildcard stack buffer overflow in libcurl - debian/patches/CVE-2020-8285.patch: make wc_statemach loop instead of recurse in lib/ftp.c. - CVE-2020-8285 * SECURITY UPDATE: Inferior OCSP verification - debian/patches/CVE-2020-8286.patch: make the OCSP verification verify the certificate id in lib/vtls/openssl.c. - CVE-2020-8286 ==== iptables: 1.8.5-3ubuntu2.20.10.1 => 1.8.5-3ubuntu2.20.10.2 ==== ==== iptables libip4tc2:amd64 libip6tc2:amd64 libxtables12:amd64 * Fix regression in ebtables when renaming a chain (LP: #1904192) - d/p/9004-ebtables-fix-for-broken-chain-rename.patch: Backport patch from upstream to fix improper use of errno to indicate failure when renaming an existing chain. ==== linux-meta: 5.8.0.31.36 => 5.8.0.25.30 ==== ==== linux-headers-generic linux-headers-virtual linux-image-virtual linux-virtual ==== linux-signed: 5.8.0-31.33 => 5.8.0-25.26 ==== ==== linux-image-5.8.0-25-generic ==== openssl: 1.1.1f-1ubuntu4 => 1.1.1f-1ubuntu4.1 ==== ==== libssl1.1:amd64 openssl * SECURITY UPDATE: EDIPARTYNAME NULL pointer de-ref - debian/patches/CVE-2020-1971-1.patch: use explicit tagging for DirectoryString in crypto/x509v3/v3_genn.c. - debian/patches/CVE-2020-1971-2.patch: correctly compare EdiPartyName in crypto/x509v3/v3_genn.c. - debian/patches/CVE-2020-1971-3.patch: check that multi-strings/CHOICE types don't use implicit tagging in crypto/asn1/asn1_err.c, crypto/asn1/tasn_dec.c, crypto/err/openssl.txt, include/openssl/asn1err.h. - debian/patches/CVE-2020-1971-4.patch: complain if we are attempting to encode with an invalid ASN.1 template in crypto/asn1/asn1_err.c, crypto/asn1/tasn_enc.c, crypto/err/openssl.txt, include/openssl/asn1err.h. - debian/patches/CVE-2020-1971-5.patch: add a test for GENERAL_NAME_cmp in test/v3nametest.c. - debian/patches/CVE-2020-1971-6.patch: add a test for encoding/decoding using an invalid ASN.1 Template in test/asn1_decode_test.c, test/asn1_encode_test.c. - CVE-2020-1971 ==== parted: 3.3-4 => 3.3-4ubuntu0.20.10.1 ==== ==== libparted2:amd64 parted * d/p/fix-end-input-usage-in-do-resizepart.patch: - Fix end_input usage in do_resizepart (LP: #1905579) -- [1] http://cloud-images.ubuntu.com/releases/groovy/release-20201209.1/ [2] http://cloud-images.ubuntu.com/releases/groovy/release-20201205/