# Amazon Linux 2 version 2.0.20200824.0 release notes
<a name="relnotes-20200824"></a>

These are the release notes for Amazon Linux 2 version 2.0.20200824.0.

## Major updates
<a name="major-updates-20200824"></a>
+ This release contains security updates for gettext, python2-rsa, and python. We have also included the updated AWS CLI, and a bug fix for the amazon-linux-extras utility to no longer recommend deprecated topics.

## Package updates
<a name="package-updates-20200824"></a>

Amazon Linux 2 includes the following packages.


| Packages | 
| --- | 
|  amazon-linux-extras-1.6.12-1.amzn2.noarch  | 
|  amazon-linux-extras-yum-plugin-1.6.12-1.amzn2.noarch  | 
|  awscli-1.18.107-1.amzn2.0.1.noarch  | 
|  ca-certificates-2019.2.32-76.amzn2.0.3.noarch  | 
|  gettext-0.19.8.1-3.amzn2.x86\$164  | 
|  gettext-libs-0.19.8.1-3.amzn2.x86\$164  | 
|  kernel-4.14.192-147.314.amzn2.x86\$164  | 
|  kernel-tools-4.14.192-147.314.amzn2.x86\$164  | 
|  kpatch-runtime-0.8.0-4.amzn2.noarch  | 
|  python-2.7.18-1.amzn2.0.1.x86\$164  | 
|  python-devel-2.7.18-1.amzn2.0.1.x86\$164  | 
|  python-libs-2.7.18-1.amzn2.0.1.x86\$164  | 
|  python2-botocore-1.17.31-1.amzn2.0.1.noarch  | 
|  python2-rsa-3.4.1-1.amzn2.0.1.noarch  | 
|  tzdata-2020a-1.amzn2.noarch  | 

## Kernel updates
<a name="kernel-updates-20200824"></a>

Rebase kernel to upstream stable 4.14.192.

Include Nitro Enclave module.

CVEs fixed:
+ CVE-2017-18232 [kernel: Mishandling mutex within libsas allowing local Denial of Service]
+ CVE-2018-10323 [kernel: Invalid pointer dereference in xfs\$1bmapi\$1write() when mounting and operating on crafted xfs image allows denial of service]
+ CVE-2018-8043 [kernel: NULL pointer dereference in drivers/net/phy/mdio-bcm-unimac.c:unimac\$1mdio\$1probe() can lead to denial of service]
+ CVE-2019-18808 [kernel: memory leak in ccp\$1run\$1sha\$1cmd() function in drivers/crypto/ccp/ccp-ops.c]
+ CVE-2019-19054 [kernel: A memory leak in the cx23888\$1ir\$1probe() function in drivers/media/pci/cx23885/cx23888-ir.c allows attackers to cause a DoS]
+ CVE-2019-19061 [kernel: A memory leak in the adis\$1update\$1scan\$1mode\$1burst() function in drivers/iio/imu/adis\$1buffer.c allows for a DoS]
+ CVE-2019-19073 [kernel: Memory leaks in drivers/net/wireless/ath/ath9k/htc\$1hst.c in the Linux kernel (DOS)]
+ CVE-2019-19074 [kernel: a memory leak in the ath9k management function in allows local DoS]
+ CVE-2019-3016 [kernel: kvm: Information leak within a KVM guest]
+ CVE-2019-9445 [kernel: out of bounds read due to missing bounds check in F2FS driver leads to local information disclosure]
+ CVE-2020-10781 [kernel: zram sysfs resource consumption]
+ CVE-2020-12655 [kernel: sync of excessive duration via an XFS v5 image with crafted metadata]
+ CVE-2020-15393 [kernel: memory leak in usbtest\$1disconnect function in drivers/usb/misc/usbtest.c]

Other Fixes:
+ Fixes memory leak in network device registration [net: fix memleak in register\$1netdevice()]
+ Fixes unresponsive system when simultaneously onlining/offlining block queues [blk-mq: fix unresponsive system caused by freeze/unfreeze sequence]
+ Fixes build error in kunit tests [kunit: fix failure to build without printk]
+ Fixes build error in xfs [xfs: fix string handling in label get/set functions]