A new release of the Ubuntu Cloud Images for stable Ubuntu release 22.10 (Kinetic Kudu) is available at [1]. These new images superseded the existing images [2]. Images are available for download or immediate use on EC2 via publish AMI ids. Users who wish to update their existing installations can do so with:
   'sudo apt-get update && sudo apt-get dist-upgrade && sudo reboot'.

The following packages have been updated. Please see the full changelogs
for a complete listing of changes:
 * curl: 7.85.0-1 => 7.85.0-1ubuntu0.1 
 * dbus: 1.14.0-2ubuntu2 => 1.14.0-2ubuntu3 
 * libksba: 1.6.0-3 => 1.6.0-3ubuntu1 
 * openssl: 3.0.5-2ubuntu1 => 3.0.5-2ubuntu2 


The following is a complete changelog for this image.
new: {}
removed: {}
changed: ['curl', 'dbus', 'dbus-bin', 'dbus-daemon', 'dbus-session-bus-common', 'dbus-system-bus-common', 'dbus-user-session', 'libcurl3-gnutls:amd64', 'libcurl4:amd64', 'libdbus-1-3:amd64', 'libksba8:amd64', 'libssl3:amd64', 'openssl']
new snaps: {}
removed snaps: {}
changed snaps: ['lxd']
==== curl: 7.85.0-1 => 7.85.0-1ubuntu0.1 ====
====     curl libcurl3-gnutls:amd64 libcurl4:amd64
  * SECURITY UPDATE: POST following PUT confusion
    - debian/patches/CVE-2022-32221.patch: when POST is set, reset the
      'upload' field in lib/setopt.c.
    - CVE-2022-32221
  * SECURITY UPDATE: .netrc parser out-of-bounds access
    - debian/patches/CVE-2022-35260.patch: replace fgets with Curl_get_line
      in lib/curl_get_line.c, lib/netrc.c.
    - CVE-2022-35260
  * SECURITY UPDATE: HTTP proxy double-free
    - debian/patches/CVE-2022-42915.patch: restore the protocol pointer on
      error in lib/http_proxy.c, lib/url.c.
    - CVE-2022-42915
  * SECURITY UPDATE: HSTS bypass via IDN
    - debian/patches/CVE-2022-42916.patch: use IDN decoded names for HSTS
      checks in lib/url.c.
    - CVE-2022-42916
==== dbus: 1.14.0-2ubuntu2 => 1.14.0-2ubuntu3 ====
====     dbus dbus-bin dbus-daemon dbus-session-bus-common dbus-system-bus-common dbus-user-session libdbus-1-3:amd64
  * SECURITY UPDATE: Assertion failure in dbus-marshal-validate
    - debian/patches/CVE-2022-42010.patch: Check brackets in signature nest
      correctly
    - CVE-2022-42010
  * SECURITY UPDATE: Out-of-bound access in dbus-marshal-validate
    - debian/patches/CVE-2022-42011.patch: Validate length of arrays of
      fixed-length items
    - CVE-2022-42011
  * SECURITY UPDATE: Out-of-bound access in dbus-marshal-byteswap
    - debian/patches/CVE-2022-42012.patch: Byte-swap Unix fd indexes if needed
    - CVE-2022-42012
==== libksba: 1.6.0-3 => 1.6.0-3ubuntu1 ====
====     libksba8:amd64
  * SECURITY UPDATE: integer overflow when reading tag-length objects
    - debian/patches/CVE-2022-3515.patch: check for integer overflow
      directly in the TLV parser
    - CVE-2022-3515
==== openssl: 3.0.5-2ubuntu1 => 3.0.5-2ubuntu2 ====
====     libssl3:amd64 openssl
  * SECURITY UPDATE: X.509 Email Address Buffer Overflow
    - debian/patches/CVE-2022-3602-1.patch: fix off by one in punycode
      decoder in crypto/punycode.c, test/build.info, test/punycode_test.c,
      test/recipes/04-test_punycode.t.
    - debian/patches/CVE-2022-3602-2.patch: ensure the result is zero
      terminated in crypto/punycode.c.
    - CVE-2022-3602
  * SECURITY UPDATE: legacy custom cipher issue
    - debian/patches/CVE-2022-3358.patch: fix usage of custom EVP_CIPHER
      objects in crypto/evp/digest.c, crypto/evp/evp_enc.c.
    - CVE-2022-3358

--
[1] http://cloud-images.ubuntu.com/releases/kinetic/release-20221101/
[2] http://cloud-images.ubuntu.com/releases/kinetic/release-20221022/