Amazon Linux 2.0.20210126.0 release notes - Amazon Linux 2
Major updatesPackage updatesKernel updates
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Amazon Linux 2.0.20210126.0 release notes

Amazon Linux 2 was updated.

Major updates

Amazon Linux 2 includes the following update.

  • Amazon Linux 2 can now connect to its yum repositories over HTTPS. This can be enabled on boot or at runtime. Amazon Linux 2 can now connect to its yum repositories over HTTPS. This can be enabled on boot or at runtime.

Package updates

Amazon Linux 2 includes the following packages.

Packages

chrony-3.5.1-1.amzn2.0.1.aarch64

chrony-3.5.1-1.amzn2.0.1.x86_64

cloud-init-19.3-5.amzn2.noarch

cuda-9.2.88-0.amzn2.x86_64

kernel-4.14.214-160.339.amzn2.aarch64

kernel-4.14.214-160.339.amzn2.x86_64

kernel-devel-4.14.214-160.339.amzn2.x86_64

kernel-headers-4.14.214-160.339.amzn2.x86_64

kernel-tools-4.14.214-160.339.amzn2.aarch64

kernel-tools-4.14.214-160.339.amzn2.x86_64

kpatch-runtime-0.9.2-4.amzn2.noarch

libsss_idmap-1.16.5-10.amzn2.6.aarch64

libsss_idmap-1.16.5-10.amzn2.6.x86_64

libsss_nss_idmap-1.16.5-10.amzn2.6.aarch64

libsss_nss_idmap-1.16.5-10.amzn2.6.x86_64

ncurses-compat-libs-6.0-8.20170212.amzn2.1.3.x86_64

nettle-2.7.1-8.amzn2.0.2.aarch64

nettle-2.7.1-8.amzn2.0.2.x86_64

p11-kit-0.23.22-1.amzn2.0.1.aarch64

p11-kit-0.23.22-1.amzn2.0.1.x86_64

p11-kit-trust-0.23.22-1.amzn2.0.1.aarch64

p11-kit-trust-0.23.22-1.amzn2.0.1.x86_64

sssd-client-1.16.5-10.amzn2.6.aarch64

sssd-client-1.16.5-10.amzn2.6.x86_64

sudo-1.8.23-4.amzn2.2.1.aarch64

sudo-1.8.23-4.amzn2.2.1.x86_64

tzdata-2020d-2.amzn2.noarch

xorg-x11-server-common-1.20.4-15.amzn2.0.1.x86_64

xorg-x11-server-Xorg-1.20.4-15.amzn2.0.1.x86_64

Kernel updates

Rebase kernel to upstream stable 4.14.214.

CVEs fixed:

  • CVE-2019-19813 [btrfs: inode: Verify inode mode to avoid NULL pointer dereference]

  • CVE-2019-19816 [btrfs: inode: Verify inode mode to avoid NULL pointer dereference]

  • CVE-2020-29661 [tty: Fix ->pgrp locking in tiocspgrp()]

  • CVE-2020-29660 [tty: Fix ->session locking]

  • CVE-2020-27830 [speakup: Reject setting the speakup line discipline outside of speakup]

  • CVE-2020-27815 [jfs: Fix array index bounds check in dbAdjTree]

  • CVE-2020-29568 [xen/xenbus: Allow watches discard events before queueing]

  • CVE-2020-29569 [xen-blkback: set ring->xenblkd to NULL after kthread_stop()]

Amazon Features and Backports:

  • SMB3: Adds support for getting and setting SACLs

  • Adds SMB 2 support for getting and setting SACLs

Other Fixes:

  • mm: memcontrol: Fixes excessive complexity in memory.stat reporting

  • PCI: Fixes pci_slot_release() NULL pointer dereference

  • ext4: Fixes deadlock with fs freezing and EA inodes

  • ext4: Fixes a memory leak of ext4_free_data

  • sched/deadline: Fixes sched_dl_global_validate()

  • cifs: Fixes potential use-after-free in cifs_echo_request()

  • btrfs: Fixes return value mixup in btrfs_get_extent

  • btrfs: Fixes lockdep splat when reading qgroup config on mount