Amazon Linux 2.0.20210421.0 release notes - Amazon Linux 2
Major updatesPackage updatesKernel updates
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Amazon Linux 2.0.20210421.0 release notes

Amazon Linux 2 was updated.

Major updates

Amazon Linux 2 includes the following update.

  • Updated irqbalance to 1.7.0 from 1.5.0

  • AL2 AMIs default to HTTPS for repository access.

Package updates

Amazon Linux 2 includes the following packages.

Packages

ec2-instance-connect-1.1-14.amzn2.noarch

ec2-net-utils-1.5-2.amzn2.noarch

glibc-2.26-44.amzn2.aarch64

glibc-2.26-44.amzn2.x86_64

glibc-all-langpacks-2.26-44.amzn2.aarch64

glibc-all-langpacks-2.26-44.amzn2.x86_64

glibc-common-2.26-44.amzn2.aarch64

glibc-common-2.26-44.amzn2.x86_64

glibc-devel-2.26-44.amzn2.x86_64

glibc-headers-2.26-44.amzn2.x86_64

glibc-langpack-en-2.26-44.amzn2.aarch64

glibc-langpack-en-2.26-44.amzn2.x86_64

glibc-locale-source-2.26-44.amzn2.aarch64

glibc-locale-source-2.26-44.amzn2.x86_64

glibc-minimal-langpack-2.26-44.amzn2.aarch64

glibc-minimal-langpack-2.26-44.amzn2.x86_64

irqbalance-1.7.0-4.amzn2.0.1.aarch64

irqbalance-1.7.0-4.amzn2.0.1.x86_64

kernel-4.14.231-173.360.amzn2.aarch64

kernel-4.14.231-173.360.amzn2.x86_64

kernel-devel-4.14.231-173.360.amzn2.x86_64

kernel-headers-4.14.231-173.360.amzn2.x86_64

kernel-tools-4.14.231-173.360.amzn2.aarch64

kernel-tools-4.14.231-173.360.amzn2.x86_64

libcrypt-2.26-44.amzn2.aarch64

libcrypt-2.26-44.amzn2.x86_64

nettle-2.7.1-9.amzn2.aarch64

nettle-2.7.1-9.amzn2.x86_64

openssh-7.4p1-21.amzn2.0.3.aarch64

openssh-7.4p1-21.amzn2.0.3.x86_64

openssh-clients-7.4p1-21.amzn2.0.3.aarch64

openssh-clients-7.4p1-21.amzn2.0.3.x86_64

openssh-server-7.4p1-21.amzn2.0.3.aarch64

openssh-server-7.4p1-21.amzn2.0.3.x86_64

python3-3.7.9-1.amzn2.0.2.aarch64

python3-3.7.9-1.amzn2.0.2.x86_64

python3-daemon-2.2.3-8.amzn2.0.2.noarch

python3-docutils-0.14-1.amzn2.0.2.noarch

python3-libs-3.7.9-1.amzn2.0.2.aarch64

python3-libs-3.7.9-1.amzn2.0.2.x86_64

python3-lockfile-0.11.0-17.amzn2.0.2.noarch

python3-pip-9.0.3-1.amzn2.0.2.noarch

python3-pystache-0.5.4-12.amzn2.0.1.noarch

python3-setuptools-38.4.0-3.amzn2.0.6.noarch

python3-simplejson-3.2.0-1.amzn2.0.2.aarch64

python3-simplejson-3.2.0-1.amzn2.0.2.x86_64

Kernel updates

Rebase kernel to upstream stable 4.14.231.

CVEs fixed:

  • CVE-2019-19060 [iio: imu: adis16400: release allocated memory on failure]

  • CVE-2021-28660 [staging: rtl8188eu: prevent ->ssid overflow in rtw_wx_set_scan()]

  • CVE-2021-29265 [usbip: fix stub_dev usbip_sockfd_store() races leading to gpf]

  • CVE-2021-28964 [btrfs: fix race when cloning extent buffer during rewind of an old root]

  • CVE-2021-28971 [perf/x86/intel: Fix a crash caused by zero PEBS status]

  • CVE-2021-28972 [PCI: rpadlpar: Fix potential drc_name corruption in store functions]

  • CVE-2021-28688 [xen-blkback: do not leak persistent grants from xen_blkbk_map()]

  • CVE-2021-29647 [net: qrtr: fix a kernel-infoleak in qrtr_recvmsg()]

  • CVE-2021-3483 [firewire: nosy: Fix a use-after-free bug in nosy_ioctl()]

  • CVE-2021-29154 [bpf, x86: Validate computation of branch displacements for x86-64]

  • CVE-2020-25670 [nfc: fix refcount leak in llcp_sock_bind()]

  • CVE-2020-25671 [nfc: fix refcount leak in llcp_sock_connect()] CVE-2020-25672 [nfc: fix memory leak in llcp_sock_connect()]

Amazon Features and Backports:

  • net: Fixes gro aggregation for udp encaps with zero csum

  • net: Avoids infinite loop in mpls_gso_segment when mpls_hlen == 0

  • configfs: Fixes a use-after-free in configfs_open_file

  • include/linux/sched/mm.h: use rcu_dereference in in_vfork()

  • KVM: arm64: Fixes exclusive limit for IPA size

  • ext4: Handles error of ext4_setup_system_zone() on remount

  • ext4: Checks journal inode extents more carefully

  • ext4: Finds old entry again if failed to rename whiteout

  • ext4: Doesn't try to set xattr into ea_inode if value is empty

  • ext4: Fixes potential error in ext4_do_update_inode

  • locking/mutex: Fixes non debug version of mutex_lock_io_nested()

  • ext4: Fixes bh ref count on error paths

  • ext4: Doesn't iput inode under running transaction in ext4_rename()

  • mm: Fixes race by making init_zero_pfn() early_initcall

  • KVM: arm64: Disables guest access to trace filter controls