A new release of the Ubuntu Cloud Images for stable Ubuntu release 20.04 LTS (Focal Fossa) is available at [1]. These new images superseded the existing images [2]. Images are available for download or immediate use on EC2 via publish AMI ids. Users who wish to update their existing installations can do so with: 'sudo apt-get update && sudo apt-get dist-upgrade && sudo reboot'. The following packages have been updated. Please see the full changelogs for a complete listing of changes: * git: 1:2.25.1-1ubuntu3.6 => 1:2.25.1-1ubuntu3.7 * heimdal: 7.7.0+dfsg-1ubuntu1.2 => 7.7.0+dfsg-1ubuntu1.3 * linux-meta: 5.4.0.136.134 => 5.4.0.137.135 * linux-signed: 5.4.0-136.153 => 5.4.0-137.154 * open-vm-tools: 2:11.3.0-2ubuntu0~ubuntu20.04.3 => 2:11.3.0-2ubuntu0~ubuntu20.04.4 * vim: 2:8.1.2269-1ubuntu5.9 => 2:8.1.2269-1ubuntu5.11 The following is a complete changelog for this image. new: {'linux-modules-5.4.0-137-generic': '5.4.0-137.154', 'linux-headers-5.4.0-137-generic': '5.4.0-137.154', 'linux-headers-5.4.0-137': '5.4.0-137.154'} removed: {'linux-modules-5.4.0-136-generic': '5.4.0-136.153', 'linux-headers-5.4.0-136-generic': '5.4.0-136.153', 'linux-headers-5.4.0-136': '5.4.0-136.153'} changed: ['git', 'git-man', 'libasn1-8-heimdal:amd64', 'libgssapi3-heimdal:amd64', 'libhcrypto4-heimdal:amd64', 'libheimbase1-heimdal:amd64', 'libheimntlm0-heimdal:amd64', 'libhx509-5-heimdal:amd64', 'libkrb5-26-heimdal:amd64', 'libroken18-heimdal:amd64', 'libwind0-heimdal:amd64', 'linux-headers-generic', 'linux-headers-virtual', 'linux-image-5.4.0-137-generic', 'linux-image-virtual', 'linux-virtual', 'open-vm-tools', 'vim', 'vim-common', 'vim-runtime', 'vim-tiny', 'xxd'] new snaps: {} removed snaps: {} changed snaps: ['snapd'] ==== git: 1:2.25.1-1ubuntu3.6 => 1:2.25.1-1ubuntu3.7 ==== ==== git git-man * SECURITY UPDATE: Integer overflow - debian/patches/CVE_2022_23521_and_41903/00*.patch: attr.c, attr.h, pretty.c, column.c, utf8.c, utf8.h, t/t4205-log-pretty-formats.sh, t/test-lib.sh, git-compat-util.h, t/t0003-attributes.sh. - CVE-2022-23521 - CVE-2022-41903 ==== heimdal: 7.7.0+dfsg-1ubuntu1.2 => 7.7.0+dfsg-1ubuntu1.3 ==== ==== libasn1-8-heimdal:amd64 libgssapi3-heimdal:amd64 libhcrypto4-heimdal:amd64 libheimbase1-heimdal:amd64 libheimntlm0-heimdal:amd64 libhx509-5-heimdal:amd64 libkrb5-26-heimdal:amd64 libroken18-heimdal:amd64 libwind0-heimdal:amd64 * SECURITY UPDATE: NULL pointer dereference - debian/patches/CVE-2021-44758.patch: add a call to send_reject() when preferred_mech_type is GSS_C_NO_OID in lib/gssapi/spnego/accept_sec_context.c. - debian/patches/CVE-2021-44758-post.patch: remove grep command in test file tests/gss/check-context.in to prevent FTBFS. - CVE-2021-44758 * SECURITY UPDATE: buffer overflow - debian/patches/CVE-2022-3437-1.patch: change calls to memcmp with ct_memcmp in lib/gssapi/krb5/arcfour.c. - debian/patches/CVE-2022-3437-2.patch: change calls to memcmp with ct_memcmp in lib/gssapi/krb5/unwrap.c - debian/patches/CVE-2022-3437-3.patch: add NULL pointer checks before memcpy in lib/gssapi/krb5/unwrap.c. - debian/patches/CVE-2022-3437-4.patch: change logic on pad buffer hanlding in _gssapi_verify_pad() in lib/gssapi/krb5/decapsulate.c. - debian/patches/CVE-2022-3437-5.patch: add buffer boundary checks in _gssapi_verify_mech_header() in lib/gssapi/krb5/decapsulate.c - debian/patches/CVE-2022-3437-6.patch: add buffer length checks in lib/gssapi/krb5/unwrap.c. - debian/patches/CVE-2022-3437-7.patch: add buffer length checks in _gsskrb5_get_mech() in lib/gssapi/krb5/decapsulate.c. - debian/patches/CVE-2022-3437-8.patch: change buffer length parameter when calling _gssapi_verify_pad() in lib/gssapi/krb5/unwrap.c. - CVE-2022-3437 * SECURITY UPDATE: integer overflow - debian/patches/CVE-2022-42898-1.patch: change logic on PAC buffer parsing in lib/krb5/pac.c. - debian/patches/CVE-2022-42898-2.patch: change variable type from unsigned long to uint64_t in lib/krb5/store-int.c. - CVE-2022-42898 * SECURITY UPDATE: invalid free - debian/patches/CVE-2022-44640.patch: relocates a call to fprintf and parameters when calling it in decode_type() in lib/asn1/gen_decode.c and add a call to fprintf in free_type() in lib/asn1/gen_free.c. - CVE-2022-44640 ==== linux-meta: 5.4.0.136.134 => 5.4.0.137.135 ==== ==== linux-headers-generic linux-headers-virtual linux-image-virtual linux-virtual * Bump ABI 5.4.0-137 ==== linux-signed: 5.4.0-136.153 => 5.4.0-137.154 ==== ==== linux-image-5.4.0-137-generic * Master version: 5.4.0-137.154 ==== open-vm-tools: 2:11.3.0-2ubuntu0~ubuntu20.04.3 => 2:11.3.0-2ubuntu0~ubuntu20.04.4 ==== ==== open-vm-tools * d/open-vm-tools.postinst: Fixes issue with "udevadm trigger" affecting all devices that can cause unwanted side-effects. (LP: #1968354) ==== vim: 2:8.1.2269-1ubuntu5.9 => 2:8.1.2269-1ubuntu5.11 ==== ==== vim vim-common vim-runtime vim-tiny xxd * SECURITY UPDATE: illegal memory access with bracketed paste in Ex mode - debian/patches/CVE-2022-0392.patch: reverse space for the trailing NUL - CVE-2022-0392 * SECURITY UPDATE: retab may cause illegal memory access - debian/patches/CVE-2022-0417.patch: limit the value of tabstop - CVE-2022-0417 * Update supported Ubuntu and Debian codenames (LP: #1996087). -- [1] http://cloud-images.ubuntu.com/releases/focal/release-20230117/ [2] http://cloud-images.ubuntu.com/releases/focal/release-20230111/