A new release of the Ubuntu Cloud Images for stable Ubuntu release 18.04 LTS (Bionic Beaver) is available at [1]. These new images superseded the existing images [2]. Images are available for download or immediate use on EC2 via publish AMI ids. Users who wish to update their existing installations can do so with:
   'sudo apt-get update && sudo apt-get dist-upgrade && sudo reboot'.

The following packages have been updated. Please see the full changelogs
for a complete listing of changes:
 * ca-certificates: 20211016~18.04.1 => 20211016ubuntu0.18.04.1 
 * cloud-init: 22.3.4-0ubuntu1~18.04.1 => 22.4.2-0ubuntu0~18.04.1 
 * libxml2: 2.9.4+dfsg1-6.1ubuntu1.7 => 2.9.4+dfsg1-6.1ubuntu1.8 


The following is a complete changelog for this image.
new: {}
removed: {}
changed: ['ca-certificates', 'cloud-init', 'libxml2:amd64']
new snaps: {}
removed snaps: {}
changed snaps: []
==== ca-certificates: 20211016~18.04.1 => 20211016ubuntu0.18.04.1 ====
====     ca-certificates
  * Add Trustcor root certificates to mozilla/blacklist.txt: (LP: #1998785)
    - "TrustCor RootCert CA-1"
    - "TrustCor RootCert CA-2"
    - "TrustCor ECA-1"
==== cloud-init: 22.3.4-0ubuntu1~18.04.1 => 22.4.2-0ubuntu0~18.04.1 ====
====     cloud-init
  * Upstream snapshot based on 22.4.2 upstream release. (LP: #1996645)
    - List of changes from upstream can be found at
      https://raw.githubusercontent.com/canonical/cloud-init/22.4.2/ChangeLog
    - Includes (LP: #1997559, #1844191) not present in 22.4.0.
  * d/control: drop python3-httpretty from Build-Depends
  * d/cloud-init.templates: Add NWCS to datasource list
  * refresh patches:
    + debian/patches/expire-on-hashed-users.patch
  * Upstream snapshot based on 22.4 upstream release. (LP: #1996645)
    List of changes from upstream can be found at
    https://raw.githubusercontent.com/canonical/cloud-init/22.4/ChangeLog
==== libxml2: 2.9.4+dfsg1-6.1ubuntu1.7 => 2.9.4+dfsg1-6.1ubuntu1.8 ====
====     libxml2:amd64
  * SECURITY UPDATE: NULL pointer dereference
    - debian/patches/CVE-2022-2309.patch: reset nsNr in
      xmlCtxReset in parser.c (LP: #1996494).
    - CVE-2022-2309
  * SECURITY UPDATE: Integer overflow
    - debian/patches/CVE-2022-40303.patch: fix integer overflows
      with XML_PARSE_HUGE in parser.c.
    - CVE-2022-40303
  * SECURITY UPDATE: Double-free
    - debian/patches/CVE-2022-40304.patch: fix dict
      corruption caused by entity ref cycles in
      entities.c.
    - CVE-2022-40304

--
[1] http://cloud-images.ubuntu.com/releases/bionic/release-20221207/
[2] http://cloud-images.ubuntu.com/releases/bionic/release-20221201/