# Amazon Linux 2 version 2.0.20211103.0 release notes
<a name="relnotes-20211103"></a>

These are the release notes for Amazon Linux 2 version 2.0.20211103.0.

## Major updates
<a name="major-updates-20211103"></a>
+ `system-release` was updated to point the Amazon Linux repositories to the Amazon S3 dual stack IPv4/IPv6 endpoint.
**Note**  
The package data itself is still served from IPv4-only endpoints.

## Package updates
<a name="package-updates-20211103"></a>

Amazon Linux 2 includes the following packages.


| Packages | 
| --- | 
|  aws-cfn-bootstrap-2.0-9.amzn2.noarch  | 
|  dracut-config-ec2-2.0-2.amzn2.noarch  | 
|  ec2-instance-connect-1.1-15.amzn2.noarch  | 
|  glibc-2.26-56.amzn2.aarch64  | 
|  glibc-2.26-56.amzn2.x86\$164  | 
|  glibc-all-langpacks-2.26-56.amzn2.aarch64  | 
|  glibc-all-langpacks-2.26-56.amzn2.x86\$164  | 
|  glibc-common-2.26-56.amzn2.aarch64  | 
|  glibc-common-2.26-56.amzn2.x86\$164  | 
|  glibc-devel-2.26-56.amzn2.x86\$164  | 
|  glibc-headers-2.26-56.amzn2.x86\$164  | 
|  glibc-langpack-en-2.26-56.amzn2.aarch64  | 
|  glibc-langpack-en-2.26-56.amzn2.x86\$164  | 
|  glibc-locale-source-2.26-56.amzn2.aarch64  | 
|  glibc-locale-source-2.26-56.amzn2.x86\$164  | 
|  glibc-minimal-langpack-2.26-56.amzn2.aarch64  | 
|  glibc-minimal-langpack-2.26-56.amzn2.x86\$164  | 
|  kernel-4.14.252-195.483.amzn2.aarch64  | 
|  kernel-4.14.252-195.483.amzn2.x86\$164  | 
|  kernel-devel-4.14.252-195.483.amzn2.x86\$164  | 
|  kernel-headers-4.14.252-195.483.amzn2.x86\$164  | 
|  kernel-tools-4.14.252-195.483.amzn2.aarch64  | 
|  kernel-tools-4.14.252-195.483.amzn2.x86\$164  | 
|  kpatch-runtime-0.9.4-2.amzn2.noarch  | 
|  libcrypt-2.26-56.amzn2.aarch64  | 
|  libcrypt-2.26-56.amzn2.x86\$164  | 
|  openssl-1.0.2k-19.amzn2.0.10.aarch64  | 
|  openssl-1.0.2k-19.amzn2.0.10.x86\$164  | 
|  openssl-libs-1.0.2k-19.amzn2.0.10.aarch64  | 
|  openssl-libs-1.0.2k-19.amzn2.0.10.x86\$164  | 
|  system-release-2-14.amzn2.aarch64  | 
|  system-release-2-14.amzn2.x86\$164  | 

## Kernel updates
<a name="kernel-updates-20211103"></a>

Rebase kernel to upstream stable 4.14.252.

CVEs fixed:
+ CVE-2021-37159 [usb: hso: fix error handling code of hso\$1create\$1net\$1device] 
+ CVE-2021-3744 [crypto: ccp - fix resource leaks in ccp\$1run\$1aes\$1gcm\$1cmd()] 
+ CVE-2021-3764 [crypto: ccp - fix resource leaks in ccp\$1run\$1aes\$1gcm\$1cmd()] 
+ CVE-2021-20317 [lib/timerqueue: Rely on rbtree semantics for next timer] 
+ CVE-2021-20321 [ovl: fix missing negative dentry check in ovl\$1rename()] 
+ CVE-2021-41864 [bpf: Fix integer overflow in prealloc\$1elems\$1and\$1freelist()]

Amazon Features and Backports:
+ Enable nitro-enclaves driver for arm64

Other Fixes:
+ md: Fixes a lock order reversal in md\$1alloc 
+ arm64: Marks stack\$1chk\$1guard as ro\$1after\$1init 
+ cpufreq: schedutil: Uses kobject release() method to free sugov\$1tunables 
+ cpufreq: schedutil: Destroys mutex before kobject\$1put() frees the memory 
+ ext4: Fixes potential infinite loop in ext4\$1dx\$1readdir() 
+ nfsd4: Handles the NFSv4 READDIR 'dircount' hint being zero 
+ net\$1sched: Fixes NULL deref in fifo\$1set\$1limit() 
+ perf/x86: Resets destroy callback on event init failure 
+ virtio: Writes back F\$1VERSION\$11 before validation