A new release of the Ubuntu Cloud Images for stable Ubuntu release 22.04 (Jammy Jellyfish) is available at [1]. These new images superseded the existing images [2]. Images are available for download or immediate use on EC2 via publish AMI ids. Users who wish to update their existing installations can do so with:
   'sudo apt-get update && sudo apt-get dist-upgrade && sudo reboot'.

The following packages have been updated. Please see the full changelogs
for a complete listing of changes:
 * binutils: 2.38-4ubuntu2 => 2.38-4ubuntu2.1 
 * ca-certificates: 20211016 => 20211016ubuntu0.22.04.1 
 * cloud-init: 22.3.4-0ubuntu1~22.04.1 => 22.4.2-0ubuntu0~22.04.1 
 * libbpf: 1:0.5.0-1 => 1:0.5.0-1ubuntu22.04.1 
 * libxml2: 2.9.13+dfsg-1ubuntu0.1 => 2.9.13+dfsg-1ubuntu0.2 
 * python3.10: 3.10.6-1~22.04.1 => 3.10.6-1~22.04.2 
 * tmux: 3.2a-4build1 => 3.2a-4ubuntu0.1 
 * tzdata: 2022f-0ubuntu0.22.04.1 => 2022g-0ubuntu0.22.04.1 
 * ubuntu-release-upgrader: 1:22.04.14 => 1:22.04.15 


The following is a complete changelog for this image.
new: {}
removed: {}
changed: ['binutils', 'binutils-common:amd64', 'binutils-x86-64-linux-gnu', 'ca-certificates', 'cloud-init', 'libbinutils:amd64', 'libbpf0:amd64', 'libctf-nobfd0:amd64', 'libctf0:amd64', 'libpython3.10-minimal:amd64', 'libpython3.10-stdlib:amd64', 'libpython3.10:amd64', 'libxml2:amd64', 'python3-distupgrade', 'python3.10', 'python3.10-minimal', 'tmux', 'tzdata', 'ubuntu-release-upgrader-core']
new snaps: {}
removed snaps: {}
changed snaps: ['core20']
==== binutils: 2.38-4ubuntu2 => 2.38-4ubuntu2.1 ====
====     binutils binutils-common:amd64 binutils-x86-64-linux-gnu libbinutils:amd64 libctf-nobfd0:amd64 libctf0:amd64
  * SECURITY UPDATE: Heap-buffer-overflow
    - debian/patches/CVE-2022-38533.patch: strip possibly
      heap-buffer-overflow in bfd/coffcode.h.
    - CVE-2022-38533
==== ca-certificates: 20211016 => 20211016ubuntu0.22.04.1 ====
====     ca-certificates
  * Add Trustcor root certificates to mozilla/blacklist.txt: (LP: #1998785)
    - "TrustCor RootCert CA-1"
    - "TrustCor RootCert CA-2"
    - "TrustCor ECA-1"
==== cloud-init: 22.3.4-0ubuntu1~22.04.1 => 22.4.2-0ubuntu0~22.04.1 ====
====     cloud-init
  * Upstream snapshot based on 22.4.2 upstream release. (LP: #1996645)
    - List of changes from upstream can be found at
      https://raw.githubusercontent.com/canonical/cloud-init/22.4.2/ChangeLog
    - Includes (LP: #1997559, #1844191) not present in 22.4.0.
  * d/control: drop python3-httpretty from Build-Depends
  * d/cloud-init.templates: Add NWCS to datasource list
  * refresh patches:
    + debian/patches/expire-on-hashed-users.patch
  * Upstream snapshot based on 22.4 upstream release. (LP: #1996645)
    List of changes from upstream can be found at
    https://raw.githubusercontent.com/canonical/cloud-init/22.4/ChangeLog
==== libbpf: 1:0.5.0-1 => 1:0.5.0-1ubuntu22.04.1 ====
====     libbpf0:amd64
  * SECURITY UPDATE: use-after-free vulnerability
    - debian/patches/CVE-2022-3534.patch: Fix use-after-free in
      btf_dump_name_dups
    - CVE-2022-3534
  * SECURITY UPDATE: null pointer dereference vulnerability
    - debian/patches/CVE-2022-3606.patch: Fix null-pointer dereference in
      find_prog_by_sec_insn()
    - CVE-2022-3606
==== libxml2: 2.9.13+dfsg-1ubuntu0.1 => 2.9.13+dfsg-1ubuntu0.2 ====
====     libxml2:amd64
  * SECURITY UPDATE: NULL pointer dereference
    - debian/patches/CVE-2022-2309.patch: reset nsNr in
      xmlCtxReset in parser.c (LP: #1996494).
    - CVE-2022-2309
  * SECURITY UPDATE: Integer overflow
    - debian/patches/CVE-2022-40303.patch: fix integer overflows
      with XML_PARSE_HUGE in parser.c.
    - CVE-2022-40303
  * SECURITY UPDATE: Double-free
    - debian/patches/CVE-2022-40304.patch: fix dict
      corruption caused by entity ref cycles in
      entities.c.
    - CVE-2022-40304
==== python3.10: 3.10.6-1~22.04.1 => 3.10.6-1~22.04.2 ====
====     libpython3.10-minimal:amd64 libpython3.10-stdlib:amd64 libpython3.10:amd64 python3.10 python3.10-minimal
  * SECURITY UPDATE: Buffer overflow
    - debian/patches/CVE-2022-37454.patch: fixes buffer overflow in
      Modules/_sha3/kcp/KeccakSponge.inc (LP: #1995197).
    - CVE-2022-37454
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2022-45061.patch: fix quadratic time idna decoding
      in Lib/encodings/idna.py, Lib/test/test_codecs.py.
    - CVE-2022-45061
==== tmux: 3.2a-4build1 => 3.2a-4ubuntu0.1 ====
====     tmux
  * d/p/lp1976110-respect-sizing.diff: Add patch to only
    use client for sizing when not detached. (LP: #1976110)
==== tzdata: 2022f-0ubuntu0.22.04.1 => 2022g-0ubuntu0.22.04.1 ====
====     tzdata
  * Update the ICU timezone data to 2022g (LP: #1998321)
  * Point Vcs-Browser/Git to Launchpad
  * New upstream release (LP: #1998321)
    - The northern edge of Chihuahua changes to US timekeeping.
    - Much of Greenland stops changing clocks after March 2023.
    - Fix some pre-1996 timestamps in northern Canada.
  * No ICU data update yet as none is yet available upstream.
  * d/watch: Switch from failing ftp to https
  * debian/tzdata.templates: Add Ciudad_Juarez
==== ubuntu-release-upgrader: 1:22.04.14 => 1:22.04.15 ====
====     python3-distupgrade ubuntu-release-upgrader-core
  * DistUpgrade: Remove firefox from deb2snap.json (LP: #1964036)
  * DistUpgrade: Just pass filename to apport report (LP: #1985964)
  * Run pre-build.sh: updating mirrors and translations.

--
[1] http://cloud-images.ubuntu.com/releases/jammy/release-20221214/
[2] http://cloud-images.ubuntu.com/releases/jammy/release-20221201/