A new release of the Ubuntu Cloud Images for stable Ubuntu release 16.04 LTS (Xenial Xerus) is available at [1]. These new images superseded the existing images [2]. Images are available for download or immediate use on EC2 via publish AMI ids. Users who wish to update their existing installations can do so with: 'sudo apt-get update && sudo apt-get dist-upgrade && sudo reboot'. The following packages have been updated. Please see the full changelogs for a complete listing of changes: * apport: 2.20.1-0ubuntu2.26 => 2.20.1-0ubuntu2.27 * cloud-utils: 0.27-0ubuntu25.1 => 0.27-0ubuntu25.2 * grub2: 2.02~beta2-36ubuntu3.28 => 2.02~beta2-36ubuntu3.29 * grub2-signed: 1.66.28+2.02~beta2-36ubuntu3.28 => 1.66.29+2.02~beta2-36ubuntu3.29 * krb5: 1.13.2+dfsg-5ubuntu2.1 => 1.13.2+dfsg-5ubuntu2.2 * openldap: 2.4.42+dfsg-2ubuntu3.10 => 2.4.42+dfsg-2ubuntu3.11 The following is a complete changelog for this image. new: {} removed: {} changed: ['apport', 'cloud-guest-utils', 'grub-common', 'grub-efi-amd64', 'grub-efi-amd64-bin', 'grub-efi-amd64-signed', 'grub-pc', 'grub-pc-bin', 'grub2-common', 'krb5-locales', 'libgssapi-krb5-2:amd64', 'libk5crypto3:amd64', 'libkrb5-3:amd64', 'libkrb5support0:amd64', 'libldap-2.4-2:amd64', 'python3-apport', 'python3-problem-report'] new snaps: {} removed snaps: {} changed snaps: [] ==== apport: 2.20.1-0ubuntu2.26 => 2.20.1-0ubuntu2.27 ==== ==== apport python3-apport python3-problem-report * Various security hardening fixes (LP: #1903332) - apport/fileutils.py: drop privileges in the correct order, limit settings file size. - apport/apport/report.py: properly drop privileges, limit ignore file size. - data/apport: drop supplemental groups. ==== cloud-utils: 0.27-0ubuntu25.1 => 0.27-0ubuntu25.2 ==== ==== cloud-guest-utils * debian/patches/lp-1493188-support-overlay-filesystem: mount-image-callback: support 'overlay' filesystem type rather than ubuntu specific 'overlayfs' (LP: #1493188) * debian/patches/lp-1630274-mount-overlay-first: mount-image-callback: try mounting overlay rather than checking first (LP: #1630274) ==== grub2: 2.02~beta2-36ubuntu3.28 => 2.02~beta2-36ubuntu3.29 ==== ==== grub-common grub-efi-amd64 grub-efi-amd64-bin grub-pc grub-pc-bin grub2-common * Avoid "EFI stub: FIRMWARE BUG" message when booting >= 5.7 kernels on arm64 by setting the image base address before jumping to the PE/COFF entry point LP: #1900774 * Fix tftp timeouts when fetching large files. LP: #1900773 ==== grub2-signed: 1.66.28+2.02~beta2-36ubuntu3.28 => 1.66.29+2.02~beta2-36ubuntu3.29 ==== ==== grub-efi-amd64-signed ==== krb5: 1.13.2+dfsg-5ubuntu2.1 => 1.13.2+dfsg-5ubuntu2.2 ==== ==== krb5-locales libgssapi-krb5-2:amd64 libk5crypto3:amd64 libkrb5-3:amd64 libkrb5support0:amd64 * SECURITY UPDATE: Unbounded recursion - debian/patches/CVE-2020-28196.patch: adds recursion limit for ASN.1 indefinite lenghts in src/lib/krb5/asn.1/asn1_encode.c. - CVE-2020-28196 ==== openldap: 2.4.42+dfsg-2ubuntu3.10 => 2.4.42+dfsg-2ubuntu3.11 ==== ==== libldap-2.4-2:amd64 * SECURITY UPDATE: assertion failure in Certificate List syntax validation - debian/patches/CVE-2020-25709.patch: properly handle error in servers/slapd/schema_init.c. - CVE-2020-25709 * SECURITY UPDATE: assertion failure in CSN normalization with invalid input - debian/patches/CVE-2020-25710.patch: properly handle error in servers/slapd/schema_init.c. - CVE-2020-25710 -- [1] http://cloud-images.ubuntu.com/releases/xenial/release-20201124/ [2] http://cloud-images.ubuntu.com/releases/xenial/release-20201111.1/