Amazon Linux 2.0.20200824.0 release notes - Amazon Linux 2
Major updatesPackage updatesKernel updates
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Amazon Linux 2.0.20200824.0 release notes

Amazon Linux 2 was updated.

Major updates

Amazon Linux 2 includes the following update.

  • This release contains security updates for gettext, python2-rsa, and python. We have also included the updated Amazon CLI, and a bug fix for the amazon-linux-extras utility to no longer recommend deprecated topics.

Package updates

Amazon Linux 2 includes the following packages.

Packages

amazon-linux-extras-1.6.12-1.amzn2.noarch

amazon-linux-extras-yum-plugin-1.6.12-1.amzn2.noarch

awscli-1.18.107-1.amzn2.0.1.noarch

ca-certificates-2019.2.32-76.amzn2.0.3.noarch

gettext-0.19.8.1-3.amzn2.x86_64

gettext-libs-0.19.8.1-3.amzn2.x86_64

kernel-4.14.192-147.314.amzn2.x86_64

kernel-tools-4.14.192-147.314.amzn2.x86_64

kpatch-runtime-0.8.0-4.amzn2.noarch

python-2.7.18-1.amzn2.0.1.x86_64

python-devel-2.7.18-1.amzn2.0.1.x86_64

python-libs-2.7.18-1.amzn2.0.1.x86_64

python2-botocore-1.17.31-1.amzn2.0.1.noarch

python2-rsa-3.4.1-1.amzn2.0.1.noarch

tzdata-2020a-1.amzn2.noarch

Kernel updates

Rebase kernel to upstream stable 4.14.192.

Include Nitro Enclave module.

CVEs fixed:

  • CVE-2017-18232 [kernel: Mishandling mutex within libsas allowing local Denial of Service]

  • CVE-2018-10323 [kernel: Invalid pointer dereference in xfs_bmapi_write() when mounting and operating on crafted xfs image allows denial of service]

  • CVE-2018-8043 [kernel: NULL pointer dereference in drivers/net/phy/mdio-bcm-unimac.c:unimac_mdio_probe() can lead to denial of service]

  • CVE-2019-18808 [kernel: memory leak in ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c]

  • CVE-2019-19054 [kernel: A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c allows attackers to cause a DoS]

  • CVE-2019-19061 [kernel: A memory leak in the adis_update_scan_mode_burst() function in drivers/iio/imu/adis_buffer.c allows for a DoS]

  • CVE-2019-19073 [kernel: Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel (DOS)]

  • CVE-2019-19074 [kernel: a memory leak in the ath9k management function in allows local DoS]

  • CVE-2019-3016 [kernel: kvm: Information leak within a KVM guest]

  • CVE-2019-9445 [kernel: out of bounds read due to missing bounds check in F2FS driver leads to local information disclosure]

  • CVE-2020-10781 [kernel: zram sysfs resource consumption]

  • CVE-2020-12655 [kernel: sync of excessive duration via an XFS v5 image with crafted metadata]

  • CVE-2020-15393 [kernel: memory leak in usbtest_disconnect function in drivers/usb/misc/usbtest.c]

Other Fixes:

  • Fixes memory leak in network device registration [net: fix memleak in register_netdevice()]

  • Fixes unresponsive system when simultaneously onlining/offlining block queues [blk-mq: fix unresponsive system caused by freeze/unfreeze sequence]

  • Fixes build error in kunit tests [kunit: fix failure to build without printk]

  • Fixes build error in xfs [xfs: fix string handling in label get/set functions]