Cloud Images and Bash VulnerabilitiesThe Ubuntu Cloud Image team has been monitoring the bash vulnerabilities. Due to the scope, impact and high profile nature of these vulnerabilties, we have published new images. New cloud images to address the lastest bash USN-2364-1 [1, 8, 9] are being released with a build serials of 20140927. These images include code to address all prior CVEs, including CVE-2014-6271  and CVE-2014-7169 , and supersede images published in the past week which addressed those CVEs.
Please note: Securing Ubuntu Cloud Images requires users to regularly apply updates; using the latest Cloud Images are insufficient.
Addressing the full scope of the Bash vulnerability has been an iterative process. The security team has worked with the upstream bash community to address multiple aspects of the bash issue. As these fixes have become available, the Cloud Image team has published daily. New released images have been made available at the request of the Ubuntu Security team.
Canonical has been in contact with our public Cloud Partners to make these new builds available as soon as possible.
Cloud image update timelineDaily image builds are automatically triggered when new package versions become available in the public archives. New releases for Cloud Images are triggered automatically when a new kernel becomes available. The Cloud Image team will manually trigger new released images when either requested by the Ubuntu Security team or when a significant defect requires.