# Amazon Linux 2 version 2.0.20210126.0 release notes
<a name="relnotes-20210126"></a>

These are the release notes for Amazon Linux 2 version 2.0.20210126.0.

## Major updates
<a name="major-updates-20210126"></a>
+ Amazon Linux 2 can now connect to its yum repositories over HTTPS. This can be enabled on boot or at runtime. Amazon Linux 2 can now connect to its yum repositories over HTTPS. This can be enabled on boot or at runtime.

## Package updates
<a name="package-updates-20210126"></a>

Amazon Linux 2 includes the following packages.


| Packages | 
| --- | 
|  chrony-3.5.1-1.amzn2.0.1.aarch64  | 
|  chrony-3.5.1-1.amzn2.0.1.x86\$164  | 
|  cloud-init-19.3-5.amzn2.noarch  | 
|  cuda-9.2.88-0.amzn2.x86\$164  | 
|  kernel-4.14.214-160.339.amzn2.aarch64  | 
|  kernel-4.14.214-160.339.amzn2.x86\$164  | 
|  kernel-devel-4.14.214-160.339.amzn2.x86\$164  | 
|  kernel-headers-4.14.214-160.339.amzn2.x86\$164  | 
|  kernel-tools-4.14.214-160.339.amzn2.aarch64  | 
|  kernel-tools-4.14.214-160.339.amzn2.x86\$164  | 
|  kpatch-runtime-0.9.2-4.amzn2.noarch  | 
|  libsss\$1idmap-1.16.5-10.amzn2.6.aarch64  | 
|  libsss\$1idmap-1.16.5-10.amzn2.6.x86\$164  | 
|  libsss\$1nss\$1idmap-1.16.5-10.amzn2.6.aarch64  | 
|  libsss\$1nss\$1idmap-1.16.5-10.amzn2.6.x86\$164  | 
|  ncurses-compat-libs-6.0-8.20170212.amzn2.1.3.x86\$164  | 
|  nettle-2.7.1-8.amzn2.0.2.aarch64  | 
|  nettle-2.7.1-8.amzn2.0.2.x86\$164  | 
|  p11-kit-0.23.22-1.amzn2.0.1.aarch64  | 
|  p11-kit-0.23.22-1.amzn2.0.1.x86\$164  | 
|  p11-kit-trust-0.23.22-1.amzn2.0.1.aarch64  | 
|  p11-kit-trust-0.23.22-1.amzn2.0.1.x86\$164  | 
|  sssd-client-1.16.5-10.amzn2.6.aarch64  | 
|  sssd-client-1.16.5-10.amzn2.6.x86\$164  | 
|  sudo-1.8.23-4.amzn2.2.1.aarch64  | 
|  sudo-1.8.23-4.amzn2.2.1.x86\$164  | 
|  tzdata-2020d-2.amzn2.noarch  | 
|  xorg-x11-server-common-1.20.4-15.amzn2.0.1.x86\$164  | 
|  xorg-x11-server-Xorg-1.20.4-15.amzn2.0.1.x86\$164  | 

## Kernel updates
<a name="kernel-updates-20210126"></a>

Rebase kernel to upstream stable 4.14.214.

CVEs fixed:
+ CVE-2019-19813 [btrfs: inode: Verify inode mode to avoid NULL pointer dereference]
+ CVE-2019-19816 [btrfs: inode: Verify inode mode to avoid NULL pointer dereference]
+ CVE-2020-29661 [tty: Fix ->pgrp locking in tiocspgrp()]
+ CVE-2020-29660 [tty: Fix ->session locking]
+ CVE-2020-27830 [speakup: Reject setting the speakup line discipline outside of speakup]
+ CVE-2020-27815 [jfs: Fix array index bounds check in dbAdjTree]
+ CVE-2020-29568 [xen/xenbus: Allow watches discard events before queueing]
+ CVE-2020-29569 [xen-blkback: set ring->xenblkd to NULL after kthread\$1stop()]

Amazon Features and Backports:
+ SMB3: Adds support for getting and setting SACLs
+ Adds SMB 2 support for getting and setting SACLs

Other Fixes:
+ mm: memcontrol: Fixes excessive complexity in memory.stat reporting
+ PCI: Fixes pci\$1slot\$1release() NULL pointer dereference
+ ext4: Fixes deadlock with fs freezing and EA inodes
+ ext4: Fixes a memory leak of ext4\$1free\$1data
+ sched/deadline: Fixes sched\$1dl\$1global\$1validate()
+ cifs: Fixes potential use-after-free in cifs\$1echo\$1request()
+ btrfs: Fixes return value mixup in btrfs\$1get\$1extent
+ btrfs: Fixes lockdep splat when reading qgroup config on mount