Amazon Linux 2 .0.20211103.0 release notes - Amazon Linux 2
Major updatesPackage updatesKernel updates
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Amazon Linux 2 .0.20211103.0 release notes

Amazon Linux 2 was updated.

Major updates

Amazon Linux 2 includes the following update.

  • system-release was updated to point the Amazon Linux repositories to the Amazon S3 dual stack IPv4/IPv6 endpoint.

    Note

    The package data itself is still served from IPv4-only endpoints.

Package updates

Amazon Linux 2 includes the following packages.

Packages

aws-cfn-bootstrap-2.0-9.amzn2.noarch

dracut-config-ec2-2.0-2.amzn2.noarch

ec2-instance-connect-1.1-15.amzn2.noarch

glibc-2.26-56.amzn2.aarch64

glibc-2.26-56.amzn2.x86_64

glibc-all-langpacks-2.26-56.amzn2.aarch64

glibc-all-langpacks-2.26-56.amzn2.x86_64

glibc-common-2.26-56.amzn2.aarch64

glibc-common-2.26-56.amzn2.x86_64

glibc-devel-2.26-56.amzn2.x86_64

glibc-headers-2.26-56.amzn2.x86_64

glibc-langpack-en-2.26-56.amzn2.aarch64

glibc-langpack-en-2.26-56.amzn2.x86_64

glibc-locale-source-2.26-56.amzn2.aarch64

glibc-locale-source-2.26-56.amzn2.x86_64

glibc-minimal-langpack-2.26-56.amzn2.aarch64

glibc-minimal-langpack-2.26-56.amzn2.x86_64

kernel-4.14.252-195.483.amzn2.aarch64

kernel-4.14.252-195.483.amzn2.x86_64

kernel-devel-4.14.252-195.483.amzn2.x86_64

kernel-headers-4.14.252-195.483.amzn2.x86_64

kernel-tools-4.14.252-195.483.amzn2.aarch64

kernel-tools-4.14.252-195.483.amzn2.x86_64

kpatch-runtime-0.9.4-2.amzn2.noarch

libcrypt-2.26-56.amzn2.aarch64

libcrypt-2.26-56.amzn2.x86_64

openssl-1.0.2k-19.amzn2.0.10.aarch64

openssl-1.0.2k-19.amzn2.0.10.x86_64

openssl-libs-1.0.2k-19.amzn2.0.10.aarch64

openssl-libs-1.0.2k-19.amzn2.0.10.x86_64

system-release-2-14.amzn2.aarch64

system-release-2-14.amzn2.x86_64

Kernel updates

Rebase kernel to upstream stable 4.14.252.

CVEs fixed:

  • CVE-2021-37159 [usb: hso: fix error handling code of hso_create_net_device]

  • CVE-2021-3744 [crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()]

  • CVE-2021-3764 [crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()]

  • CVE-2021-20317 [lib/timerqueue: Rely on rbtree semantics for next timer]

  • CVE-2021-20321 [ovl: fix missing negative dentry check in ovl_rename()]

  • CVE-2021-41864 [bpf: Fix integer overflow in prealloc_elems_and_freelist()]

Amazon Features and Backports:

  • Enable nitro-enclaves driver for arm64

Other Fixes:

  • md: Fixes a lock order reversal in md_alloc

  • arm64: Marks stack_chk_guard as ro_after_init

  • cpufreq: schedutil: Uses kobject release() method to free sugov_tunables

  • cpufreq: schedutil: Destroys mutex before kobject_put() frees the memory

  • ext4: Fixes potential infinite loop in ext4_dx_readdir()

  • nfsd4: Handles the NFSv4 READDIR 'dircount' hint being zero

  • net_sched: Fixes NULL deref in fifo_set_limit()

  • perf/x86: Resets destroy callback on event init failure

  • virtio: Writes back F_VERSION_1 before validation