Amazon Linux 2.0.20210427.0 release notes - Amazon Linux 2
Major updatesPackage updatesKernel updates
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Amazon Linux 2.0.20210427.0 release notes

Amazon Linux 2 was updated.

Major updates

Amazon Linux 2 includes the following update.

  • ec2-net-utils bug fixed with multiple secondary IPs attached to one ENI.

Package updates

Amazon Linux 2 includes the following packages.

  • ec2-net-utils-1.5-3.amzn2.noarch

  • kernel-4.14.231-173.361.amzn2.x86_64

  • kernel-devel-4.14.231-173.36.amzn2.x86_64

  • kernel-headers-4.14.231-173.361.amzn2.x86_64

  • kernel-tools-4.14.231-173.361.amzn2.x86_64

  • pystache-0.5.3-2.amzn2.noarch

  • python-daemon-1.6-4.amzn2.noarch

  • python-lockfile-0.9.1-4.amzn2.noarch

Kernel updates

Rebase kernel to upstream stable 4.14.231.

CVEs fixed:

  • CVE-2019-19060 [iio: imu: adis16400: release allocated memory on failure]

  • CVE-2021-28660 [staging: rtl8188eu: prevent ->ssid overflow in rtw_wx_set_scan()]

  • CVE-2021-29265 [usbip: fix stub_dev usbip_sockfd_store() races leading to gpf]

  • CVE-2021-28964 [btrfs: fix race when cloning extent buffer during rewind of an old root]

  • CVE-2021-28971 [perf/x86/intel: Fix a crash caused by zero PEBS status]

  • CVE-2021-28972 [PCI: rpadlpar: Fix potential drc_name corruption in store functions]

  • CVE-2021-28688 [xen-blkback: don't leak persistent grants from xen_blkbk_map()]

  • CVE-2021-29647 [net: qrtr: fix a kernel-infoleak in qrtr_recvmsg()]

  • CVE-2021-3483 [firewire: nosy: Fix a use-after-free bug in nosy_ioctl()]

  • CVE-2021-29154 [bpf, x86: Validate computation of branch displacements for x86-64]

  • CVE-2020-25670 [nfc: fix refcount leak in llcp_sock_bind()]

  • CVE-2020-25671 [nfc: fix refcount leak in llcp_sock_connect()]

  • CVE-2020-25672 [nfc: fix memory leak in llcp_sock_connect()]

Amazon Features and Backports:

  • nitro enclaves: Fixes dangling file descriptor [ALAS2-2021-1634]

  • net: Fixes gro aggregation for udp encaps with zero csum

  • net: Avoids infinite loop in mpls_gso_segment when mpls_hlen == 0

  • configfs: Fixed a use-after-free in configfs_open_file

  • include/linux/sched/mm.h: Use rcu_dereference in in_vfork()

  • KVM: arm64: Fixes exclusive limit for IPA size

  • ext4: Handles error of ext4_setup_system_zone() on remount

  • ext4: Checks journal inode extents more carefully

  • ext4: Finds old entry again if failed to rename whiteout

  • ext4: Doesn't try to set xattr into ea_inode if value is empty

  • ext4: Fixes potential error in ext4_do_update_inode

  • locking/mutex: Fixed non debug version of mutex_lock_io_nested()

  • ext4: Fixes bh ref count on error paths

  • ext4: Doesn't input inode under running transaction in ext4_rename()

  • mm: Fixes race by making init_zero_pfn() early_initcall

  • KVM: arm64: Disables guest access to trace filter controls