A new release of the Ubuntu Cloud Images for stable Ubuntu release 20.04 LTS (Focal Fossa) is available at [1]. These new images superseded the existing images [2]. Images are available for download or immediate use on EC2 via publish AMI ids. Users who wish to update their existing installations can do so with:
   'sudo apt-get update && sudo apt-get dist-upgrade && sudo reboot'.

The following packages have been updated. Please see the full changelogs
for a complete listing of changes:
 * cloud-init: 23.1.1-0ubuntu0~20.04.1 => 23.1.2-0ubuntu0~20.04.1 
 * distro-info-data: 0.43ubuntu1.12 => 0.43ubuntu1.13 
 * git: 1:2.25.1-1ubuntu3.10 => 1:2.25.1-1ubuntu3.11 
 * linux-meta: 5.4.0.147.145 => 5.4.0.148.146 
 * linux-signed: 5.4.0-147.164 => 5.4.0-148.165 
 * openssl: 1.1.1f-1ubuntu2.17 => 1.1.1f-1ubuntu2.18 
 * tzdata: 2023c-0ubuntu0.20.04.0 => 2023c-0ubuntu0.20.04.1 


The following is a complete changelog for this image.
new: {'linux-headers-5.4.0-148': '5.4.0-148.165', 'linux-headers-5.4.0-148-generic': '5.4.0-148.165', 'linux-modules-5.4.0-148-generic': '5.4.0-148.165'}
removed: {'linux-modules-5.4.0-147-generic': '5.4.0-147.164', 'linux-headers-5.4.0-147-generic': '5.4.0-147.164', 'linux-headers-5.4.0-147': '5.4.0-147.164'}
changed: ['cloud-init', 'distro-info-data', 'git', 'git-man', 'libssl1.1:amd64', 'linux-headers-generic', 'linux-headers-virtual', 'linux-image-5.4.0-148-generic', 'linux-image-virtual', 'linux-virtual', 'openssl', 'tzdata']
new snaps: {}
removed snaps: {}
changed snaps: ['core20', 'snapd']
==== cloud-init: 23.1.1-0ubuntu0~20.04.1 => 23.1.2-0ubuntu0~20.04.1 ====
====     cloud-init
  * SECURITY UPDATE: Make user/vendor data sensitive and remove log permissions
    Because user data and vendor data may contain sensitive information,
    this commit ensures that any user data or vendor data written to
    instance-data.json gets redacted and is only available to root user.
    Also, modify the permissions of cloud-init.log to be 640, so that
    sensitive data leaked to the log isn't world readable.
    Additionally, remove the logging of user data and vendor data to
    cloud-init.log from the Vultr datasource.
    This is based on upstream snapshot of 23.1.2 [(LP: #2013967)]
    - d/cloud-init.postinst: postinst fixes for LP: #2013967
      Redact sensitive keys from world-readable instance-data.json on upgrade.
      Set perms 640 for /var/log/cloud-init.log on pkg upgrade.
      Redact sensitive Vultr messages from /var/log/cloud-init.log
    - (CVE-2023-1786)
==== distro-info-data: 0.43ubuntu1.12 => 0.43ubuntu1.13 ====
====     distro-info-data
  * Add Ubuntu 23.10 Mantic Minotaur. (LP: #2018028)
  * Correct release and EOL date of Debian 8 "jessie"
  * Add EOL date for Debian 10 "Buster"
  * Add release and EOL dates for Debian 11 "Bullseye"
  * Set the planned release date for Debian bookworm (and an EoL based on it).
  * Add Debian 13 "Trixie"
  * Add Debian 14 "forky" with a vague creation date.
==== git: 1:2.25.1-1ubuntu3.10 => 1:2.25.1-1ubuntu3.11 ====
====     git git-man
  * SECURITY UPDATE: Overwriting path
    - debian/patches/CVE-2023_25652_25815_29007/0022-*.patch: apply
      --reject overwriting existing .rej symlink if it exists in apply.c,
      t/t4115-apply-symlink.sh.
    - CVE-2023-25652
  * SECURITY UPDATE: Malicious placement of crafted messages
    - debian/patches/CVE-2023_25652_25815_29007/0024-*patch:
      avoid using gettext if the locale dir is not present in
      gettext.c.
    - CVE-2023-25815
  * SECURITY UPDATE: Arbitrary configuration injection
    - debian/patches/CVE-2023_25652_25815_29007/0025-*.patch: avoid
      fixed-sized buffer when renaming/deleting a section in config.c,
      t/t1300-config.sh.
    - debian/patches/CVE-2023_25652_25815_29007/0026-*.patch: avoid
      integer truncation in copy_or_rename_section_in_file() in config.c.
    - debian/patches/CVE-2023_25652_25815_29007/0027-*.patch: disallow
      overly-long lines in copy_or_rename_section_in_file in config.c.
    - CVE-2023-29007
==== linux-meta: 5.4.0.147.145 => 5.4.0.148.146 ====
====     linux-headers-generic linux-headers-virtual linux-image-virtual linux-virtual
  * Bump ABI 5.4.0-148
==== linux-signed: 5.4.0-147.164 => 5.4.0-148.165 ====
====     linux-image-5.4.0-148-generic
  * Master version: 5.4.0-148.165
  * Miscellaneous Ubuntu changes
    - debian/tracking-bug -- update from master
==== openssl: 1.1.1f-1ubuntu2.17 => 1.1.1f-1ubuntu2.18 ====
====     libssl1.1:amd64 openssl
  * SECURITY UPDATE: excessive resource use when verifying policy constraints
    - debian/patches/CVE-2023-0464-1.patch: limit the number of nodes created
      in a policy tree (the default limit is set to 1000 nodes).
    - debian/patches/CVE-2023-0464-2.patch: add test cases for the policy
      resource overuse.
    - debian/patches/CVE-2023-0464-3.patch: disable the policy tree
      exponential growth test conditionally.
    - CVE-2023-0464
  * SECURITY UPDATE: invalid certificate policies ignored in leaf certificates
    - debian/patches/CVE-2023-0465-1.patch: ensure that EXFLAG_INVALID_POLICY
      is checked even in leaf certs. 
    - debian/patches/CVE-2023-0465-2.patch: generate some certificates with
      the certificatePolicies extension.
    - debian/patches/CVE-2023-0465-3.patch: add a certificate policies test.
    - CVE-2023-0466
  * SECURITY UPDATE: certificate policy check in X509_VERIFY_PARAM_add0_policy
    not enabled as documented
    - debian/patches/CVE-2023-0466.patch: fix documentation of
      X509_VERIFY_PARAM_add0_policy().
    - CVE-2023-0466
==== tzdata: 2023c-0ubuntu0.20.04.0 => 2023c-0ubuntu0.20.04.1 ====
====     tzdata
  * Build timezones that differ pre-1970 (LP: #2003797)
  * Add autopkgtest test case for pre-1970 timestamps
  * Update debconf template and translations

--
[1] http://cloud-images.ubuntu.com/releases/focal/release-20230506/
[2] http://cloud-images.ubuntu.com/releases/focal/release-20230420/