Amazon Linux 2.0.20210318.0 release notes - Amazon Linux 2
Major updatesPackage updatesKernel updates
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Amazon Linux 2.0.20210318.0 release notes

Amazon Linux 2 was updated.

Major updates

Amazon Linux 2 includes the following update.

  • Yum will now not attempt to make IMDSv1 calls.

  • The amazon-linux-extras utility has been updated to support a simpler format of the Extras catalog. At some point in the future, the 2.0 version of amazon-linux-extras will be required to access any new Extras.

Package updates

Amazon Linux 2 includes the following packages.

Packages

amazon-linux-extras-2.0.0-1.amzn2.noarch

amazon-linux-extras-yum-plugin-2.0.0-1.amzn2.noarch

bind-export-libs-9.11.4-26.P2.amzn2.4.x86_64

bind-libs-9.11.4-26.P2.amzn2.4.x86_64

bind-libs-lite-9.11.4-26.P2.amzn2.4.x86_64

bind-license-9.11.4-26.P2.amzn2.4.noarch

bind-utils-9.11.4-26.P2.amzn2.4.x86_64

cloud-init-19.3-43.amzn2.noarch

glibc-2.26-42.amzn2.x86_64

glibc-all-langpacks-2.26-42.amzn2.x86_64

glibc-common-2.26-42.amzn2.x86_64

glibc-devel-2.26-42.amzn2.x86_64

glibc-headers-2.26-42.amzn2.x86_64

glibc-locale-source-2.26-42.amzn2.x86_64

glibc-minimal-langpack-2.26-42.amzn2.x86_64

kernel-4.14.225-168.357.amzn2.x86_64

kernel-devel-4.14.225-168.357.amzn2.x86_64

kernel-headers-4.14.225-168.357.amzn2.x86_64

kernel-tools-4.14.225-168.357.amzn2.x86_64

libcrypt-2.26-42.amzn2.x86_64

pyliblzma-0.5.3-25.amzn2.x86_64

yum-3.4.3-158.amzn2.0.5.noarch

Kernel updates

Rebase kernel to upstream stable 4.14.225.

CVEs fixed:

  • CVE-2021-26930 [xen-blkback: Fixes error handling in xen_blkbk_map()]

  • CVE-2021-26931 [xen-blkback: Doesn't "handle" error by BUG()]

  • CVE-2021-26932 [Xen/x86: Doesn't bail early from clear_foreign_p2m_mapping()]

  • CVE-2021-27363 [scsi: iscsi: Restricts sessions and handles to admin capabilities]

  • CVE-2021-27364 [scsi: iscsi: Restricts sessions and handles to admin capabilities]

  • CVE-2021-27365 [scsi: iscsi: Ensures sysfs attributes are limited to PAGE_SIZE]

  • CVE-2021-28038 [Xen/gnttab: Handles p2m update errors on a per-slot basis]

Amazon Features and Backports:

  • arm64: kaslr: Refactors early init command line parsing

  • arm64: Extends the kernel command line from the bootloader

  • arm64: Exports acpi_psci_use_hvc() symbol

  • hwrng: Adds Gravition RNG driver

  • iommu/vt-d: Skips TE disabling on quirky gfx dedicated iommu

  • x86/x2apic: Marks set_x2apic_phys_mode() as init

  • x86/apic: Deinlines x2apic functions

  • x86/apic: Fixes x2apic enablement without interrupt remapping

  • x86/msi: Only uses high bits of MSI address for DMAR unit

  • x86/io_apic: Re-evaluates vector configuration on activate()

  • x86/ioapic: Handles Extended Destination ID field in RTE

  • x86/apic: Adds support for 15 bits of APIC ID in MSI where available

  • x86/kvm: Reserves KVM_FEATURE_MSI_EXT_DEST_ID

  • x86/kvm: Enables 15-bit extension for when KVM_FEATURE_MSI_EXT_DEST_ID is detected

  • arm64: HWCAP: Adds support for AT_HWCAP2

  • arm64: HWCAP: Encapsulates elf_hwcap

  • arm64: Implements archrandom.h for ARMv8.5-RNG

  • mm: memcontrol: Fixes NR_WRITEBACK leak in memcg and system stats

  • mm: memcg: Makes sure that memory.events is uptodate when waking pollers

  • mem_cgroup: Makes sure that moving_account, move_lock_task and stat_cpu in the same cacheline

  • mm: Fixes oom_kill event handling

  • mm: writeback: Uses exact memcg dirty counts

Other Fixes:

  • net_sched: Rejects silly cell_log in qdisc_get_rtab()

  • x86: always_inline {rd,wr}msr()

  • net: lapb: Copys the skb before sending a packet

  • ipv4: Fixes the race condition between route lookup and invalidation

  • mm: hugetlb: Fixes a race between isolating and freeing page

  • mm: hugetlb: Removes VM_BUG_ON_PAGE from page_huge_active

  • mm: thp: Fixes MADV_REMOVE deadlock on shmem THP

  • 86/apic: Adds extra serialization for non-serializing MSRs

  • iommu/vt-d: Doesn't use flush-queue when caching-mode is on

  • fgraph: Initializes tracing_graph_pause at task creation

  • ARM: Ensures that the signal page contains defined contents

  • kvm: Now checks tlbs_dirty directly

  • ext4: Fixes potential htree index checksum corruption

  • mm/memory.c: Fixes potential pte_unmap_unlock pte error

  • mm/hugetlb: Fixes potential double free in hugetlb_register_node() error path

  • arm64: Adds missing ISB after invalidating TLB in primary_switch

  • mm/rmap: Fixes potential pte_unmap on an not mapped pte

  • x86/reboot: Forces all cpus to exit VMX root if VMX is supported

  • mm: hugetlb: Fixes a race between freeing and dissolving the page

  • arm64 module: Sets plt* section addresses to 0x0

  • xfs: Fixes assert failure in xfs_setattr_size()