# Amazon Linux 2 version 2.0.20210421.0 release notes
<a name="relnotes-20210421"></a>

These are the release notes for Amazon Linux 2 version 2.0.20210421.0.

## Major updates
<a name="major-updates-20210421"></a>
+ Updated irqbalance to 1.7.0 from 1.5.0
+ AL2 AMIs default to HTTPS for repository access.

## Package updates
<a name="package-updates-20210421"></a>

Amazon Linux 2 includes the following packages.


| Packages | 
| --- | 
|  ec2-instance-connect-1.1-14.amzn2.noarch  | 
|  ec2-net-utils-1.5-2.amzn2.noarch  | 
|  glibc-2.26-44.amzn2.aarch64  | 
|  glibc-2.26-44.amzn2.x86\$164  | 
|  glibc-all-langpacks-2.26-44.amzn2.aarch64  | 
|  glibc-all-langpacks-2.26-44.amzn2.x86\$164  | 
|  glibc-common-2.26-44.amzn2.aarch64  | 
|  glibc-common-2.26-44.amzn2.x86\$164  | 
|  glibc-devel-2.26-44.amzn2.x86\$164  | 
|  glibc-headers-2.26-44.amzn2.x86\$164  | 
|  glibc-langpack-en-2.26-44.amzn2.aarch64  | 
|  glibc-langpack-en-2.26-44.amzn2.x86\$164  | 
|  glibc-locale-source-2.26-44.amzn2.aarch64  | 
|  glibc-locale-source-2.26-44.amzn2.x86\$164  | 
|  glibc-minimal-langpack-2.26-44.amzn2.aarch64  | 
|  glibc-minimal-langpack-2.26-44.amzn2.x86\$164  | 
|  irqbalance-1.7.0-4.amzn2.0.1.aarch64  | 
|  irqbalance-1.7.0-4.amzn2.0.1.x86\$164  | 
|  kernel-4.14.231-173.360.amzn2.aarch64  | 
|  kernel-4.14.231-173.360.amzn2.x86\$164  | 
|  kernel-devel-4.14.231-173.360.amzn2.x86\$164  | 
|  kernel-headers-4.14.231-173.360.amzn2.x86\$164  | 
|  kernel-tools-4.14.231-173.360.amzn2.aarch64  | 
|  kernel-tools-4.14.231-173.360.amzn2.x86\$164  | 
|  libcrypt-2.26-44.amzn2.aarch64  | 
|  libcrypt-2.26-44.amzn2.x86\$164  | 
|  nettle-2.7.1-9.amzn2.aarch64  | 
|  nettle-2.7.1-9.amzn2.x86\$164  | 
|  openssh-7.4p1-21.amzn2.0.3.aarch64  | 
|  openssh-7.4p1-21.amzn2.0.3.x86\$164  | 
|  openssh-clients-7.4p1-21.amzn2.0.3.aarch64  | 
|  openssh-clients-7.4p1-21.amzn2.0.3.x86\$164  | 
|  openssh-server-7.4p1-21.amzn2.0.3.aarch64  | 
|  openssh-server-7.4p1-21.amzn2.0.3.x86\$164  | 
|  python3-3.7.9-1.amzn2.0.2.aarch64  | 
|  python3-3.7.9-1.amzn2.0.2.x86\$164  | 
|  python3-daemon-2.2.3-8.amzn2.0.2.noarch  | 
|  python3-docutils-0.14-1.amzn2.0.2.noarch  | 
|  python3-libs-3.7.9-1.amzn2.0.2.aarch64  | 
|  python3-libs-3.7.9-1.amzn2.0.2.x86\$164  | 
|  python3-lockfile-0.11.0-17.amzn2.0.2.noarch  | 
|  python3-pip-9.0.3-1.amzn2.0.2.noarch  | 
|  python3-pystache-0.5.4-12.amzn2.0.1.noarch  | 
|  python3-setuptools-38.4.0-3.amzn2.0.6.noarch  | 
|  python3-simplejson-3.2.0-1.amzn2.0.2.aarch64  | 
|  python3-simplejson-3.2.0-1.amzn2.0.2.x86\$164  | 

## Kernel updates
<a name="kernel-updates-20210421"></a>

Rebase kernel to upstream stable 4.14.231.

CVEs fixed:
+ CVE-2019-19060 [iio: imu: adis16400: release allocated memory on failure] 
+ CVE-2021-28660 [staging: rtl8188eu: prevent ->ssid overflow in rtw\$1wx\$1set\$1scan()] 
+ CVE-2021-29265 [usbip: fix stub\$1dev usbip\$1sockfd\$1store() races leading to gpf] 
+ CVE-2021-28964 [btrfs: fix race when cloning extent buffer during rewind of an old root] 
+ CVE-2021-28971 [perf/x86/intel: Fix a crash caused by zero PEBS status] 
+ CVE-2021-28972 [PCI: rpadlpar: Fix potential drc\$1name corruption in store functions] 
+ CVE-2021-28688 [xen-blkback: do not leak persistent grants from xen\$1blkbk\$1map()] 
+ CVE-2021-29647 [net: qrtr: fix a kernel-infoleak in qrtr\$1recvmsg()] 
+ CVE-2021-3483 [firewire: nosy: Fix a use-after-free bug in nosy\$1ioctl()] 
+ CVE-2021-29154 [bpf, x86: Validate computation of branch displacements for x86-64] 
+ CVE-2020-25670 [nfc: fix refcount leak in llcp\$1sock\$1bind()] 
+ CVE-2020-25671 [nfc: fix refcount leak in llcp\$1sock\$1connect()] CVE-2020-25672 [nfc: fix memory leak in llcp\$1sock\$1connect()]

Amazon Features and Backports:
+ net: Fixes gro aggregation for udp encaps with zero csum 
+ net: Avoids infinite loop in mpls\$1gso\$1segment when mpls\$1hlen == 0 
+ configfs: Fixes a use-after-free in configfs\$1open\$1file 
+ include/linux/sched/mm.h: use rcu\$1dereference in in\$1vfork() 
+ KVM: arm64: Fixes exclusive limit for IPA size 
+ ext4: Handles error of ext4\$1setup\$1system\$1zone() on remount 
+ ext4: Checks journal inode extents more carefully 
+ ext4: Finds old entry again if failed to rename whiteout 
+ ext4: Doesn't try to set xattr into ea\$1inode if value is empty 
+ ext4: Fixes potential error in ext4\$1do\$1update\$1inode 
+ locking/mutex: Fixes non debug version of mutex\$1lock\$1io\$1nested() 
+ ext4: Fixes bh ref count on error paths 
+ ext4: Doesn't iput inode under running transaction in ext4\$1rename() 
+ mm: Fixes race by making init\$1zero\$1pfn() early\$1initcall 
+ KVM: arm64: Disables guest access to trace filter controls