Amazon Linux 2.0.20210721.2 release notes - Amazon Linux 2
Major updatesPackage updatesKernel updates
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Amazon Linux 2.0.20210721.2 release notes

Amazon Linux 2 was updated.

Major updates

Amazon Linux 2 includes the following update.

  • GRUB has been updated to 2.06 with some launch time improvements

Package updates

Amazon Linux 2 includes the following packages.

Packages

amazon-ssm-agent-3.0.1124.0-1.amzn2.aarch64

amazon-ssm-agent-3.0.1124.0-1.amzn2.x86_64

chrony-4.0-3.amzn2.0.2.aarch64

chrony-4.0-3.amzn2.0.2.x86_64

dracut-033-535.amzn2.1.4.aarch64

dracut-033-535.amzn2.1.4.x86_64

dracut-config-generic-033-535.amzn2.1.4.aarch64

dracut-config-generic-033-535.amzn2.1.4.x86_64

fuse-libs-2.9.2-11.amzn2.aarch64

fuse-libs-2.9.2-11.amzn2.x86_64

glibc-2.26-48.amzn2.aarch64

glibc-2.26-48.amzn2.x86_64

glibc-all-langpacks-2.26-48.amzn2.aarch64

glibc-all-langpacks-2.26-48.amzn2.x86_64

glibc-common-2.26-48.amzn2.aarch64

glibc-common-2.26-48.amzn2.x86_64

glibc-devel-2.26-48.amzn2.x86_64

glibc-headers-2.26-48.amzn2.x86_64

glibc-langpack-en-2.26-48.amzn2.aarch64

glibc-langpack-en-2.26-48.amzn2.x86_64

glibc-locale-source-2.26-48.amzn2.aarch64

glibc-locale-source-2.26-48.amzn2.x86_64

glibc-minimal-langpack-2.26-48.amzn2.aarch64

glibc-minimal-langpack-2.26-48.amzn2.x86_64

grub2-2.06-2.amzn2.0.1.aarch64

grub2-2.06-2.amzn2.0.1.x86_64

grub2-common-2.06-2.amzn2.0.1.noarch

grub2-efi-aa64-2.06-2.amzn2.0.1.aarch64

grub2-efi-aa64-ec2-2.06-2.amzn2.0.1.aarch64

grub2-efi-aa64-modules-2.06-2.amzn2.0.1.noarch

grub2-efi-x64-ec2-2.06-2.amzn2.0.1.x86_64

grub2-pc-2.06-2.amzn2.0.1.x86_64

grub2-pc-modules-2.06-2.amzn2.0.1.noarch

grub2-tools-2.06-2.amzn2.0.1.aarch64

grub2-tools-2.06-2.amzn2.0.1.x86_64

grub2-tools-minimal-2.06-2.amzn2.0.1.aarch64

grub2-tools-minimal-2.06-2.amzn2.0.1.x86_64

kernel-4.14.238-182.422.amzn2.aarch64

kernel-4.14.238-182.422.amzn2.x86_64

kernel-devel-4.14.238-182.422.amzn2.x86_64

kernel-headers-4.14.238-182.422.amzn2.x86_64

kernel-tools-4.14.238-182.422.amzn2.aarch64

kernel-tools-4.14.238-182.422.amzn2.x86_64

libcrypt-2.26-48.amzn2.aarch64

libcrypt-2.26-48.amzn2.x86_64

libwebp-0.3.0-10.amzn2.aarch64

libwebp-0.3.0-10.amzn2.x86_64

libX11-1.6.7-3.amzn2.0.2.x86_64

libX11-common-1.6.7-3.amzn2.0.2.noarch

libxml2-2.9.1-6.amzn2.5.4.aarch64

libxml2-2.9.1-6.amzn2.5.4.x86_64

libxml2-python-2.9.1-6.amzn2.5.4.aarch64

libxml2-python-2.9.1-6.amzn2.5.4.x86_64

openssl-1.0.2k-19.amzn2.0.7.aarch64

openssl-1.0.2k-19.amzn2.0.7.x86_64

openssl-libs-1.0.2k-19.amzn2.0.7.aarch64

openssl-libs-1.0.2k-19.amzn2.0.7.x86_64

python2-rpm-4.11.3-40.amzn2.0.6.aarch64

python2-rpm-4.11.3-40.amzn2.0.6.x86_64

python-urllib3-1.25.9-1.amzn2.0.2.noarch

rpm-4.11.3-40.amzn2.0.6.aarch64

rpm-4.11.3-40.amzn2.0.6.x86_64

rpm-build-libs-4.11.3-40.amzn2.0.6.aarch64

rpm-build-libs-4.11.3-40.amzn2.0.6.x86_64

rpm-libs-4.11.3-40.amzn2.0.6.aarch64

rpm-libs-4.11.3-40.amzn2.0.6.x86_64

rpm-plugin-systemd-inhibit-4.11.3-40.amzn2.0.6.aarch64

rpm-plugin-systemd-inhibit-4.11.3-40.amzn2.0.6.x86_64

systemtap-runtime-4.4-1.amzn2.0.1.aarch64

systemtap-runtime-4.4-1.amzn2.0.1.x86_64

tzdata-2021a-1.amzn2.noarch

Kernel updates

Rebase kernel to upstream stable 4.14.238.

Amazon EFA Driver: Updated to tversion v1.12.1

CVEs fixed:

  • CVE-2021-32399 [bluetooth: eliminate the potential race condition when removing the HCI controller]

  • CVE-2021-33034 [Bluetooth: verify AMP hci_chan before amp_destroy]

  • CVE-2020-26558 [Bluetooth: SMP: Fails if remote and local public keys are identical]

  • CVE-2021-0129 [Bluetooth: SMP: Fails if remote and local public keys are identical]

  • CVE-2020-24586 [mac80211: Prevents mixed key and fragment cache attacks]

  • CVE-2020-24587 [mac80211: Prevents mixed key and fragment cache attacks]

  • CVE-2020-24588 [cfg80211: Mitigates A-MSDU aggregation attacks]

  • CVE-2020-26139 [mac80211: Doesn't accept/forward invalid EAPOL frames]

  • CVE-2020-26147 [mac80211: Makes sure that all fragments are encrypted]

  • CVE-2021-29650 [netfilter: x_tables: Uses correct memory barriers.]

  • CVE-2021-3564 [Bluetooth: Fixes the erroneous flush_work() order]

  • CVE-2021-3573 [Bluetooth: Uses correct lock tprevent UAF of hdev object]

  • CVE-2021-3587 [nfc: Fixes NULL ptr dereference in llcp_sock_getname() after failed connect]

  • CVE-2021-34693 [can: bcm: Fixes infoleak in struct bcm_msg_head]

  • CVE-2021-33624 [bpf: Inherits expanded/patched seen count from old aux data]

  • CVE-2021-33909 [seq_file: Doesn't allow extremely large seq buffer allocations]

Amazon Features and Backports:

  • arm64/kernel: Doesn't ban ADRP twork around Cortex-A53 erratum #843419

  • arm64/errata: Adds REVIDR handling tframework

  • arm64/kernel: Enables A53 erratum #8434319 handling at runtime

  • arm64: Fixes undefined reference t'printk'

  • arm64/kernel: Renames module_emit_adrp_veneer→module_emit_veneer_for_adrp

  • arm64/kernel: kaslr: Reduces module randomization range t4 GB

  • Revert "arm64: acpi/pci: invoke _DSM whether tpreserve firmware PCI setup"

  • PCI/ACPI: Evaluates PCI Boot Configuration _DSM

  • PCI: Doesn't auto-realloc if we're preserving firmware config

  • arm64: PCI: Allows resource reallocation if necessary

  • arm64: PCI: Preserved firmware configuration when desired

  • bpf: Fixes subprog verifier bypass by div/mod by 0 exception

  • bpf, x86_64: Removes obsolete exception handling from div/mod

  • bpf, arm64: Removes obsolete exception handling from div/mod

  • bpf, s390x: Removes obsolete exception handling from div/mod

  • bpf, ppc64: Removes obsolete exception handling from div/mod

  • bpf, sparc64: Removes obsolete exception handling from div/mod

  • bpf, mips64: Removes obsolete exception handling from div/mod

  • bpf, mips64: Removes unneeded zercheck from div/mod with k

  • bpf, arm: Removes obsolete exception handling from div/mod

  • bpf: Fixes 32 bit src register truncation on div/mod

  • bpf: Inherits expanded/patched seen count from old aux data

  • bpf: Doesn't mark insn as seen under speculative path verification

  • bpf: Fixes leakage under speculation on mispredicted branches

  • seq_file: Doesn't allow extremely large seq buffer allocations