A new release of the Ubuntu Cloud Images for stable Ubuntu release 18.04 LTS (Bionic Beaver) is available at [1]. These new images superseded the existing images [2]. Images are available for download or immediate use on EC2 via publish AMI ids. Users who wish to update their existing installations can do so with:
   'sudo apt-get update && sudo apt-get dist-upgrade && sudo reboot'.

The following packages have been updated. Please see the full changelogs
for a complete listing of changes:
 * openssl1.0: 1.0.2n-1ubuntu5.11 => 1.0.2n-1ubuntu5.12 
 * openssl: 1.1.1-1ubuntu2.1~18.04.21 => 1.1.1-1ubuntu2.1~18.04.22 


The following is a complete changelog for this image.
new: {}
removed: {}
changed: ['libssl1.0.0:amd64', 'libssl1.1:amd64', 'openssl']
new snaps: {}
removed snaps: {}
changed snaps: []
==== openssl: 1.1.1-1ubuntu2.1~18.04.21 => 1.1.1-1ubuntu2.1~18.04.22 ====
====     libssl1.1:amd64 openssl
  * SECURITY UPDATE: excessive resource use when verifying policy constraints
    - debian/patches/CVE-2023-0464-1.patch: limit the number of nodes created
      in a policy tree (the default limit is set to 1000 nodes).
    - debian/patches/CVE-2023-0464-2.patch: add test cases for the policy
      resource overuse.
    - debian/patches/CVE-2023-0464-3.patch: disable the policy tree
      exponential growth test conditionally.
    - CVE-2023-0464
  * SECURITY UPDATE: invalid certificate policies ignored in leaf certificates
    - debian/patches/CVE-2023-0465-1.patch: ensure that EXFLAG_INVALID_POLICY
      is checked even in leaf certs. 
    - debian/patches/CVE-2023-0465-2.patch: generate some certificates with
      the certificatePolicies extension.
    - debian/patches/CVE-2023-0465-3.patch: add a certificate policies test.
    - CVE-2023-0466
  * SECURITY UPDATE: certificate policy check in X509_VERIFY_PARAM_add0_policy
    not enabled as documented
    - debian/patches/CVE-2023-0466.patch: fix documentation of
      X509_VERIFY_PARAM_add0_policy().
    - CVE-2023-0466
==== openssl1.0: 1.0.2n-1ubuntu5.11 => 1.0.2n-1ubuntu5.12 ====
====     libssl1.0.0:amd64
  * SECURITY UPDATE: excessive resource use when verifying policy constraints
    - debian/patches/CVE-2023-0464.patch: limit the number of nodes created in
      a policy tree (the default limit is set to 1000 nodes).
    - CVE-2023-0464
  * SECURITY UPDATE: invalid certificate policies ignored in leaf certificates
    - debian/patches/CVE-2023-0465.patch: ensure that EXFLAG_INVALID_POLICY is
      checked even in leaf certs.
    - CVE-2023-0466
  * SECURITY UPDATE: certificate policy check in X509_VERIFY_PARAM_add0_policy
    not enabled as documented
    - debian/patches/CVE-2023-0466.patch: fix documentation of
      X509_VERIFY_PARAM_add0_policy().
    - CVE-2023-0466

--
[1] http://cloud-images.ubuntu.com/releases/bionic/release-20230425/
[2] http://cloud-images.ubuntu.com/releases/bionic/release-20230424/