# Amazon Linux 2 version 2.0.20201218.0 release notes
<a name="relnotes-20201218"></a>

These are the release notes for Amazon Linux 2 version 2.0.20201218.0.

## Major updates
<a name="major-updates-20201218"></a>
+ Multiple security updates. For a complete list, see https://alas.aws.amazon.com/.
+ Renewed GPG key
+ Update to system-release to allow for use of HTTPS repositories for Amazon Linux

## Package updates
<a name="package-updates-20201218"></a>

Amazon Linux 2 includes the following packages.


| Packages | 
| --- | 
|  amazon-linux-extras-1.6.13-1.amzn2.noarch  | 
|  amazon-linux-extras-yum-plugin-1.6.13-1.amzn2.noarch  | 
|  bind-export-libs-9.11.4-26.P2.amzn2.2.aarch64  | 
|  bind-export-libs-9.11.4-26.P2.amzn2.2.x86\$164  | 
|  bind-libs-9.11.4-26.P2.amzn2.2.aarch64  | 
|  bind-libs-9.11.4-26.P2.amzn2.2.x86\$164  | 
|  bind-libs-lite-9.11.4-26.P2.amzn2.2.aarch64  | 
|  bind-libs-lite-9.11.4-26.P2.amzn2.2.x86\$164  | 
|  bind-license-9.11.4-26.P2.amzn2.2.noarch  | 
|  bind-utils-9.11.4-26.P2.amzn2.2.aarch64  | 
|  bind-utils-9.11.4-26.P2.amzn2.2.x86\$164  | 
|  cairo-1.15.12-4.amzn2.x86\$164  | 
|  cpp-7.3.1-12.amzn2.x86\$164  | 
|  dejavu-fonts-common-2.33-6.amzn2.noarch  | 
|  dejavu-sans-fonts-2.33-6.amzn2.noarch  | 
|  dejavu-sans-mono-fonts-2.33-6.amzn2.noarch  | 
|  dejavu-serif-fonts-2.33-6.amzn2.noarch  | 
|  fontconfig-2.13.0-4.3.amzn2.x86\$164  | 
|  fontpackages-filesystem-1.44-8.amzn2.noarch  | 
|  freeglut-devel-3.0.0-8.amzn2.x86\$164  | 
|  freetype-2.8-14.amzn2.1.aarch64  | 
|  freetype-2.8-14.amzn2.1.x86\$164  | 
|  gcc-7.3.1-12.amzn2.x86\$164  | 
|  gcc-c-7.3.1-12.amzn2.x86\$164  | 
|  giflib-4.1.6-9.amzn2.0.2.x86\$164  | 
|  glibc-2.26-39.amzn2.aarch64  | 
|  glibc-2.26-39.amzn2.x86\$164  | 
|  glibc-all-langpacks-2.26-39.amzn2.aarch64  | 
|  glibc-all-langpacks-2.26-39.amzn2.x86\$164  | 
|  glibc-common-2.26-39.amzn2.aarch64  | 
|  glibc-common-2.26-39.amzn2.x86\$164  | 
|  glibc-devel-2.26-39.amzn2.x86\$164  | 
|  glibc-headers-2.26-39.amzn2.x86\$164  | 
|  glibc-langpack-en-2.26-39.amzn2.aarch64  | 
|  glibc-langpack-en-2.26-39.amzn2.x86\$164  | 
|  glibc-locale-source-2.26-39.amzn2.aarch64  | 
|  glibc-locale-source-2.26-39.amzn2.x86\$164  | 
|  glibc-minimal-langpack-2.26-39.amzn2.aarch64  | 
|  glibc-minimal-langpack-2.26-39.amzn2.x86\$164  | 
|  gl-manpages-1.1-7.20130122.amzn2.noarch  | 
|  gpg-pubkey-7fa2af80-576db785  | 
|  java-11-amazon-corretto-11.0.912-1.amzn2.x86\$164  | 
|  java-11-amazon-corretto-headless-11.0.912-1.amzn2.x86\$164  | 
|  javapackages-tools-3.4.1-11.amzn2.noarch  | 
|  kernel-4.14.209-160.339.amzn2.aarch64  | 
|  kernel-4.14.209-160.339.amzn2.x86\$164  | 
|  kernel-devel-4.14.209-160.339.amzn2.x86\$164  | 
|  kernel-headers-4.14.209-160.339.amzn2.x86\$164  | 
|  kernel-tools-4.14.209-160.339.amzn2.aarch64  | 
|  kernel-tools-4.14.209-160.339.amzn2.x86\$164  | 
|  libatomic-7.3.1-12.amzn2.x86\$164  | 
|  libcilkrts-7.3.1-12.amzn2.x86\$164  | 
|  libcrypt-2.26-39.amzn2.aarch64  | 
|  libcrypt-2.26-39.amzn2.x86\$164  | 
|  libdrm-devel-2.4.97-2.amzn2.x86\$164  | 
|  libgcc-7.3.1-12.amzn2.aarch64  | 
|  libgcc-7.3.1-12.amzn2.x86\$164  | 
|  libglvnd-core-devel-1.0.1-0.1.git5baa1e5.amzn2.0.1.x86\$164  | 
|  libglvnd-devel-1.0.1-0.1.git5baa1e5.amzn2.0.1.x86\$164  | 
|  libglvnd-opengl-1.0.1-0.1.git5baa1e5.amzn2.0.1.x86\$164  | 
|  libgomp-7.3.1-12.amzn2.aarch64  | 
|  libgomp-7.3.1-12.amzn2.x86\$164  | 
|  libICE-devel-1.0.9-9.amzn2.0.2.x86\$164  | 
|  libitm-7.3.1-12.amzn2.x86\$164  | 
|  libmpx-7.3.1-12.amzn2.x86\$164  | 
|  libquadmath-7.3.1-12.amzn2.x86\$164  | 
|  libsanitizer-7.3.1-12.amzn2.x86\$164  | 
|  libSM-devel-1.2.2-2.amzn2.0.2.x86\$164  | 
|  libstdc-7.3.1-12.amzn2.aarch64  | 
|  libstdc-7.3.1-12.amzn2.x86\$164  | 
|  libvdpau-1.1.1-3.amzn2.0.2.x86\$164  | 
|  libX11-1.6.7-3.amzn2.x86\$164  | 
|  libX11-common-1.6.7-3.amzn2.noarch  | 
|  libX11-devel-1.6.7-3.amzn2.x86\$164  | 
|  libXau-devel-1.0.8-2.1.amzn2.0.2.x86\$164  | 
|  libxcb-devel-1.12-1.amzn2.0.2.x86\$164  | 
|  libXdamage-devel-1.1.4-4.1.amzn2.0.2.x86\$164  | 
|  libXext-devel-1.3.3-3.amzn2.0.2.x86\$164  | 
|  libXfixes-devel-5.0.3-1.amzn2.0.2.x86\$164  | 
|  libXi-devel-1.7.9-1.amzn2.0.2.x86\$164  | 
|  libXmu-devel-1.1.2-2.amzn2.0.2.x86\$164  | 
|  libxslt-1.1.28-6.amzn2.x86\$164  | 
|  libXt-devel-1.1.5-3.amzn2.0.2.x86\$164  | 
|  libXxf86vm-devel-1.1.4-1.amzn2.0.2.x86\$164  | 
|  mesa-khr-devel-18.3.4-5.amzn2.0.1.x86\$164  | 
|  mesa-libGL-devel-18.3.4-5.amzn2.0.1.x86\$164  | 
|  mesa-libGLU-devel-9.0.0-4.amzn2.0.2.x86\$164  | 
|  openssl-1.0.2k-19.amzn2.0.4.aarch64  | 
|  openssl-1.0.2k-19.amzn2.0.4.x86\$164  | 
|  openssl-libs-1.0.2k-19.amzn2.0.4.aarch64  | 
|  openssl-libs-1.0.2k-19.amzn2.0.4.x86\$164  | 
|  python-javapackages-3.4.1-11.amzn2.noarch  | 
|  python-lxml-3.2.1-4.amzn2.0.2.x86\$164  | 
|  selinux-policy-3.13.1-192.amzn2.6.5.noarch  | 
|  selinux-policy-targeted-3.13.1-192.amzn2.6.5.noarch  | 
|  system-release-2-13.amzn2.aarch64  | 
|  system-release-2-13.amzn2.x86\$164  | 
|  vulkan-filesystem-1.0.61.1-2.amzn2.noarch  | 
|  xorg-x11-proto-devel-2018.4-1.amzn2.0.2.noarch  | 
|  xorg-x11-server-common-1.20.4-12.amzn2.0.1.x86\$164  | 
|  xorg-x11-server-Xorg-1.20.4-12.amzn2.0.1.x86\$164  | 

## Kernel updates
<a name="kernel-updates-20201218"></a>

Rebase kernel to upstream stable 4.14.209.

ENA driver: update to v2.4.0

CVEs fixed:
+ CVE-2020-27777 [powerpc/rtas: Restricts RTAS requests from userspace]
+ CVE-2020-25668 [tty: Makes FONTX ioctl use the tty pointer they were actually passed]
+ CVE-2020-25656 [vt: Keyboard, extend func\$1buf\$1lock to readers]
+ CVE-2020-28974 [vt: Disables KD\$1FONT\$1OP\$1COPY]
+ CVE-2019-19770 [blktrace: Fixes debugfs use after free]
+ CVE-2020-8694 [powercap: Restricts energy meter to root access]
+ CVE-2020-14351 [perf/core: Fixes race in the perf\$1mmap\$1close() function]
+ CVE-2020-27673 [xen/events: Adds a proper barrier to 2-level uevent unmasking]
+ CVE-2020-27675 [xen/events: Avoids removing an event channel while handling it]
+ CVE-2020-25704 [perf/core: Fixes a memory leak in perf\$1event\$1parse\$1addr\$1filter()]
+ CVE-2020-25669 [Input: sunkbd \$1 Avoids use-after-free in teardown paths]
+ CVE-2020-28941 [speakup: Doesn't let the line discipline be used several times]

Other Fixes:
+ PM: hibernate: Batch hibernate and resume IO requests
+ nfsd: Fixes races between nfsd4\$1cb\$1release() and nfsd4\$1shutdown\$1callback()
+ x86/unwind/orc: Fixes inactive tasks with stack pointer in %sp on GCC 10 compiled kernels
+ ext4: Fixes leaking sysfs kobject after failed mount
+ xfs: Flushes new eof page on truncate to avoid post-eof corruption
+ time: Prevents undefined behaviour in timespec64\$1to\$1ns()
+ mm: mempolicy: Fixes potential pte\$1unmap\$1unlock pte error
+ blk-cgroup: Fixes memleak on error path