# Amazon Linux 2 release notes for 2020 and earlier
The following are the release notes for Amazon Linux 2 for 2020 and earlier.
**Topics**
+ [December 18, 2021](relnotes-20201218.md)
+ [November 11, 2020](relnotes-20201111.md)
+ [September 17, 2020](relnotes-20200917.md)
+ [September 4, 2020](relnotes-20200904.md)
+ [August 24, 2020](relnotes-20200824.md)
+ [July 22, 2020](relnotes-20200722.md)
+ [June 17, 2020](relnotes-6-17-2020.md)
+ [May 29, 2020](relnotes-5-29-2020.md)
+ [July 18, 2019](relnotes-7-18-2019.md)
+ [June 27, 2019](relnotes-6-27-2019.md)
+ [May 23, 2019](relnotes-5-23-2019.md)
+ [May 14, 2019](relnotes-05-14-2019.md)
+ [March 13, 2019](relnotes-03-13-2019.md)
+ [November 26, 2018](relnotes-11-26-2018.md)
+ [November 19, 2018](relnotes-11-19-2018.md)
+ [October 31, 2018](relnotes-10-31-2018.md)
+ [September 25, 2018](relnotes-9-25-2018.md)
+ [Release notes](relnotes.md)
# Amazon Linux 2 version 2.0.20201218.0 release notes
These are the release notes for Amazon Linux 2 version 2.0.20201218.0.
## Major updates
+ Multiple security updates. For a complete list, see https://alas.aws.amazon.com/.
+ Renewed GPG key
+ Update to system-release to allow for use of HTTPS repositories for Amazon Linux
## Package updates
Amazon Linux 2 includes the following packages.
| Packages |
| --- |
| amazon-linux-extras-1.6.13-1.amzn2.noarch |
| amazon-linux-extras-yum-plugin-1.6.13-1.amzn2.noarch |
| bind-export-libs-9.11.4-26.P2.amzn2.2.aarch64 |
| bind-export-libs-9.11.4-26.P2.amzn2.2.x86\$164 |
| bind-libs-9.11.4-26.P2.amzn2.2.aarch64 |
| bind-libs-9.11.4-26.P2.amzn2.2.x86\$164 |
| bind-libs-lite-9.11.4-26.P2.amzn2.2.aarch64 |
| bind-libs-lite-9.11.4-26.P2.amzn2.2.x86\$164 |
| bind-license-9.11.4-26.P2.amzn2.2.noarch |
| bind-utils-9.11.4-26.P2.amzn2.2.aarch64 |
| bind-utils-9.11.4-26.P2.amzn2.2.x86\$164 |
| cairo-1.15.12-4.amzn2.x86\$164 |
| cpp-7.3.1-12.amzn2.x86\$164 |
| dejavu-fonts-common-2.33-6.amzn2.noarch |
| dejavu-sans-fonts-2.33-6.amzn2.noarch |
| dejavu-sans-mono-fonts-2.33-6.amzn2.noarch |
| dejavu-serif-fonts-2.33-6.amzn2.noarch |
| fontconfig-2.13.0-4.3.amzn2.x86\$164 |
| fontpackages-filesystem-1.44-8.amzn2.noarch |
| freeglut-devel-3.0.0-8.amzn2.x86\$164 |
| freetype-2.8-14.amzn2.1.aarch64 |
| freetype-2.8-14.amzn2.1.x86\$164 |
| gcc-7.3.1-12.amzn2.x86\$164 |
| gcc-c-7.3.1-12.amzn2.x86\$164 |
| giflib-4.1.6-9.amzn2.0.2.x86\$164 |
| glibc-2.26-39.amzn2.aarch64 |
| glibc-2.26-39.amzn2.x86\$164 |
| glibc-all-langpacks-2.26-39.amzn2.aarch64 |
| glibc-all-langpacks-2.26-39.amzn2.x86\$164 |
| glibc-common-2.26-39.amzn2.aarch64 |
| glibc-common-2.26-39.amzn2.x86\$164 |
| glibc-devel-2.26-39.amzn2.x86\$164 |
| glibc-headers-2.26-39.amzn2.x86\$164 |
| glibc-langpack-en-2.26-39.amzn2.aarch64 |
| glibc-langpack-en-2.26-39.amzn2.x86\$164 |
| glibc-locale-source-2.26-39.amzn2.aarch64 |
| glibc-locale-source-2.26-39.amzn2.x86\$164 |
| glibc-minimal-langpack-2.26-39.amzn2.aarch64 |
| glibc-minimal-langpack-2.26-39.amzn2.x86\$164 |
| gl-manpages-1.1-7.20130122.amzn2.noarch |
| gpg-pubkey-7fa2af80-576db785 |
| java-11-amazon-corretto-11.0.912-1.amzn2.x86\$164 |
| java-11-amazon-corretto-headless-11.0.912-1.amzn2.x86\$164 |
| javapackages-tools-3.4.1-11.amzn2.noarch |
| kernel-4.14.209-160.339.amzn2.aarch64 |
| kernel-4.14.209-160.339.amzn2.x86\$164 |
| kernel-devel-4.14.209-160.339.amzn2.x86\$164 |
| kernel-headers-4.14.209-160.339.amzn2.x86\$164 |
| kernel-tools-4.14.209-160.339.amzn2.aarch64 |
| kernel-tools-4.14.209-160.339.amzn2.x86\$164 |
| libatomic-7.3.1-12.amzn2.x86\$164 |
| libcilkrts-7.3.1-12.amzn2.x86\$164 |
| libcrypt-2.26-39.amzn2.aarch64 |
| libcrypt-2.26-39.amzn2.x86\$164 |
| libdrm-devel-2.4.97-2.amzn2.x86\$164 |
| libgcc-7.3.1-12.amzn2.aarch64 |
| libgcc-7.3.1-12.amzn2.x86\$164 |
| libglvnd-core-devel-1.0.1-0.1.git5baa1e5.amzn2.0.1.x86\$164 |
| libglvnd-devel-1.0.1-0.1.git5baa1e5.amzn2.0.1.x86\$164 |
| libglvnd-opengl-1.0.1-0.1.git5baa1e5.amzn2.0.1.x86\$164 |
| libgomp-7.3.1-12.amzn2.aarch64 |
| libgomp-7.3.1-12.amzn2.x86\$164 |
| libICE-devel-1.0.9-9.amzn2.0.2.x86\$164 |
| libitm-7.3.1-12.amzn2.x86\$164 |
| libmpx-7.3.1-12.amzn2.x86\$164 |
| libquadmath-7.3.1-12.amzn2.x86\$164 |
| libsanitizer-7.3.1-12.amzn2.x86\$164 |
| libSM-devel-1.2.2-2.amzn2.0.2.x86\$164 |
| libstdc-7.3.1-12.amzn2.aarch64 |
| libstdc-7.3.1-12.amzn2.x86\$164 |
| libvdpau-1.1.1-3.amzn2.0.2.x86\$164 |
| libX11-1.6.7-3.amzn2.x86\$164 |
| libX11-common-1.6.7-3.amzn2.noarch |
| libX11-devel-1.6.7-3.amzn2.x86\$164 |
| libXau-devel-1.0.8-2.1.amzn2.0.2.x86\$164 |
| libxcb-devel-1.12-1.amzn2.0.2.x86\$164 |
| libXdamage-devel-1.1.4-4.1.amzn2.0.2.x86\$164 |
| libXext-devel-1.3.3-3.amzn2.0.2.x86\$164 |
| libXfixes-devel-5.0.3-1.amzn2.0.2.x86\$164 |
| libXi-devel-1.7.9-1.amzn2.0.2.x86\$164 |
| libXmu-devel-1.1.2-2.amzn2.0.2.x86\$164 |
| libxslt-1.1.28-6.amzn2.x86\$164 |
| libXt-devel-1.1.5-3.amzn2.0.2.x86\$164 |
| libXxf86vm-devel-1.1.4-1.amzn2.0.2.x86\$164 |
| mesa-khr-devel-18.3.4-5.amzn2.0.1.x86\$164 |
| mesa-libGL-devel-18.3.4-5.amzn2.0.1.x86\$164 |
| mesa-libGLU-devel-9.0.0-4.amzn2.0.2.x86\$164 |
| openssl-1.0.2k-19.amzn2.0.4.aarch64 |
| openssl-1.0.2k-19.amzn2.0.4.x86\$164 |
| openssl-libs-1.0.2k-19.amzn2.0.4.aarch64 |
| openssl-libs-1.0.2k-19.amzn2.0.4.x86\$164 |
| python-javapackages-3.4.1-11.amzn2.noarch |
| python-lxml-3.2.1-4.amzn2.0.2.x86\$164 |
| selinux-policy-3.13.1-192.amzn2.6.5.noarch |
| selinux-policy-targeted-3.13.1-192.amzn2.6.5.noarch |
| system-release-2-13.amzn2.aarch64 |
| system-release-2-13.amzn2.x86\$164 |
| vulkan-filesystem-1.0.61.1-2.amzn2.noarch |
| xorg-x11-proto-devel-2018.4-1.amzn2.0.2.noarch |
| xorg-x11-server-common-1.20.4-12.amzn2.0.1.x86\$164 |
| xorg-x11-server-Xorg-1.20.4-12.amzn2.0.1.x86\$164 |
## Kernel updates
Rebase kernel to upstream stable 4.14.209.
ENA driver: update to v2.4.0
CVEs fixed:
+ CVE-2020-27777 [powerpc/rtas: Restricts RTAS requests from userspace]
+ CVE-2020-25668 [tty: Makes FONTX ioctl use the tty pointer they were actually passed]
+ CVE-2020-25656 [vt: Keyboard, extend func\$1buf\$1lock to readers]
+ CVE-2020-28974 [vt: Disables KD\$1FONT\$1OP\$1COPY]
+ CVE-2019-19770 [blktrace: Fixes debugfs use after free]
+ CVE-2020-8694 [powercap: Restricts energy meter to root access]
+ CVE-2020-14351 [perf/core: Fixes race in the perf\$1mmap\$1close() function]
+ CVE-2020-27673 [xen/events: Adds a proper barrier to 2-level uevent unmasking]
+ CVE-2020-27675 [xen/events: Avoids removing an event channel while handling it]
+ CVE-2020-25704 [perf/core: Fixes a memory leak in perf\$1event\$1parse\$1addr\$1filter()]
+ CVE-2020-25669 [Input: sunkbd \$1 Avoids use-after-free in teardown paths]
+ CVE-2020-28941 [speakup: Doesn't let the line discipline be used several times]
Other Fixes:
+ PM: hibernate: Batch hibernate and resume IO requests
+ nfsd: Fixes races between nfsd4\$1cb\$1release() and nfsd4\$1shutdown\$1callback()
+ x86/unwind/orc: Fixes inactive tasks with stack pointer in %sp on GCC 10 compiled kernels
+ ext4: Fixes leaking sysfs kobject after failed mount
+ xfs: Flushes new eof page on truncate to avoid post-eof corruption
+ time: Prevents undefined behaviour in timespec64\$1to\$1ns()
+ mm: mempolicy: Fixes potential pte\$1unmap\$1unlock pte error
+ blk-cgroup: Fixes memleak on error path
# Amazon Linux 2 version 2.0.20201111.0 release notes
These are the release notes for Amazon Linux 2 version 2.0.20201111.0.
## Major updates
+ The glibc bug fix for time calculation errors when using dates after 2038
+ Improved instance launch time
+ The new dracut-config-ec2 package ensures that the initramfs that are built for use inside EC2 don’t include extra files that aren’t used by default inside EC2. This has a small but measurable effect in reducing the time it takes to launch an Amazon Linux 2 EC2 instance. Note that, if you're reconfiguring your instance to use an LVM or software-RAID boot device, we recommend that you remove this package and generate an initramfs containing support for these virtual devices. Do this by running the following command:
```
$ yum remove -y dracut-config-ec2
dracut -f
```
This can be automated using cloud-init with the following cloud-config:
```
#cloud-config
runcmd:
- yum remove -y dracut-config-ec2
- dracut –force
```
## Package updates
More specifically, in this release, Amazon Linux 2 includes the following package updates.
| Updated Packages (Old version → New version) |
| --- |
| amazon-ssm-agent: 2.3.1319.0-1. → 3.0.161.0-1. |
| bash: 4.2.46-33. → 4.2.46-34. |
| cpio: 2.11-27. → 2.11-28. |
| e2fsprogs: None → 1.42.9-19. |
| e2fsprogs-libs: None → 1.42.9-19. |
| expat: None → 2.1.0-12. |
| glibc: 2.26-35. → 2.26-38. |
| glibc-all-langpacks: 2.26-35. → 2.26-38. |
| glibc-common: 2.26-35. → 2.26-38. |
| glibc-locale-source: 2.26-35. → 2.26-38. |
| glibc-minimal-langpack: 2.26-35. → 2.26-38. |
| hunspell: None → 1.3.2-16. |
| kernel: 4.14.193-149.317. → 4.14.203-156.332. |
| kernel-tools: 4.14.193-149.317. → 4.14.203-156.332. |
| libcroco: None → 0.6.12-6. |
| libcrypt: 2.26-35. → 2.26-38. |
| libmspack: 0.5-0.7.alpha. → 0.5-0.8.alpha. |
| libpng: None → 1.5.13-8. |
| libss: None → 1.42.9-19. |
| libtiff: 4.0.3-32. → 4.0.3-35. |
| libxslt: None → 1.1.28-6. |
| mariadb-libs: 5.5.64-1. → 5.5.68-1. |
| nspr: None → 4.25.0-2. |
| nss: 3.44.0-7. → 3.53.1-3. |
| nss-softokn: 3.44.0-8. → 3.53.1-6. |
| nss-softokn-freebl: 3.44.0-8. → 3.53.1-6. |
| nss-sysinit: 3.44.0-7. → 3.53.1-3. |
| nss-tools: 3.44.0-7. → 3.53.1-3. |
| nss-util: 3.44.0-4. → 3.53.1-1. |
| openldap: 2.4.44-15. → 2.4.44-22. |
| unzip: 6.0-20. → 6.0-21. |
| aws-cfn-bootstrap: None → 1.4-34. |
| dracut-config-ec2: None → 1.0-1. |
| ec2-net-utils: 1.4-2. → 1.4-3. |
| ec2-utils: 1.2-1. → 1.2-3. |
| glibc-devel: 2.26-35. → 2.26-38. |
| glibc-headers: 2.26-35. → 2.26-38. |
| kernel-devel: 4.14.193-149.317. → 4.14.203-156.332. |
| kernel-headers: 4.14.193-149.317. → 4.14.203-156.332. |
| nvidia: 418.87.00-0. → 450.80.02-0. |
| nvidia-dkms: 418.87.00-0. → 450.80.02-0. |
| glibc-langpack-en: 2.26-35. → 2.26-38. |
## Kernel updates
Rebase kernel to upstream stable 4.14.203.
CVEs fixed:
+ CVE-2020-12352 [Bluetooth: A2MP: Fixes the issue of not initializing all members]
+ CVE-2020-12351 [Bluetooth: L2CAP: Fixes the issue of calling sk\$1filter on non-socket based channel]
+ CVE-2020-24490 [Bluetooth: Fixes kernel oops in store\$1pending\$1adv\$1report]
+ CVE-2020-25211 [netfilter: ctnetlink: Adds a range check for l3/l4 protonum]
+ CVE-2020-0423 [binder: Fixes UAF when releasing todo list]
+ CVE-2020-14386 [net/packet: Fixes overflow in tpacket\$1rcv]
Other Fixes:
+ Soft lockup Issue during writeback in presence of memory reclaim
+ Fix CIFS trailing characters
# Amazon Linux 2 version 2.0.20200917.0 release notes
These are the release notes for Amazon Linux 2 version 2.0.20200917.0.
## Major updates
None.
## Package updates
Amazon Linux 2 includes the following packages.
| Packages |
| --- |
| kernel-4.14.193-149.317.amzn2.x86\$164 |
| kernel-devel-4.14.193-149.317.amzn2.x86\$164 |
| kernel-headers-4.14.193-149.317.amzn2.x86\$164 |
| kernel-tools-4.14.193-149.317.amzn2.x86\$164 |
| libmetalink-0.1.3-13.amzn2.x86\$164 |
| python-2.7.18-1.amzn2.0.2.x86\$164 |
| python-devel-2.7.18-1.amzn2.0.2.x86\$164 |
| python-libs-2.7.18-1.amzn2.0.2.x86\$164 |
# Amazon Linux 2 version 2.0.20200904.0 release notes
These are the release notes for Amazon Linux 2 version 2.0.20200904.0.
## Major updates
+ This update primarily contains an update for two kernel CVEs as well as a fix for CVE-2019-20907 in python 2.7.18.
## Package updates
Amazon Linux 2 includes the following packages.
+ kernel-4.14.193-149.317.amzn2.x86\$164
+ kernel-devel-4.14.193-149.317.amzn2.x86\$164
+ kernel-headers-4.14.193-149.317.amzn2.x86\$164
+ kernel-tools-4.14.193-149.317.amzn2.x86\$164
+ python-2.7.18-1.amzn2.0.2.x86\$164
+ python-devel-2.7.18-1.amzn2.0.2.x86\$164
+ python-libs-2.7.18-1.amzn2.0.2.x86\$164
## Kernel updates
Rebase kernel to upstream stable 4.14.193.
Updated EFA to ver 1.9.0g.
CVEs fixed:
+ CVE-2020-16166 [random32: update the net random state on interrupt and activity]
+ CVE-2020-14386 [net/packet: fix overflow in tpacket\$1rcv]
# Amazon Linux 2 version 2.0.20200824.0 release notes
These are the release notes for Amazon Linux 2 version 2.0.20200824.0.
## Major updates
+ This release contains security updates for gettext, python2-rsa, and python. We have also included the updated AWS CLI, and a bug fix for the amazon-linux-extras utility to no longer recommend deprecated topics.
## Package updates
Amazon Linux 2 includes the following packages.
| Packages |
| --- |
| amazon-linux-extras-1.6.12-1.amzn2.noarch |
| amazon-linux-extras-yum-plugin-1.6.12-1.amzn2.noarch |
| awscli-1.18.107-1.amzn2.0.1.noarch |
| ca-certificates-2019.2.32-76.amzn2.0.3.noarch |
| gettext-0.19.8.1-3.amzn2.x86\$164 |
| gettext-libs-0.19.8.1-3.amzn2.x86\$164 |
| kernel-4.14.192-147.314.amzn2.x86\$164 |
| kernel-tools-4.14.192-147.314.amzn2.x86\$164 |
| kpatch-runtime-0.8.0-4.amzn2.noarch |
| python-2.7.18-1.amzn2.0.1.x86\$164 |
| python-devel-2.7.18-1.amzn2.0.1.x86\$164 |
| python-libs-2.7.18-1.amzn2.0.1.x86\$164 |
| python2-botocore-1.17.31-1.amzn2.0.1.noarch |
| python2-rsa-3.4.1-1.amzn2.0.1.noarch |
| tzdata-2020a-1.amzn2.noarch |
## Kernel updates
Rebase kernel to upstream stable 4.14.192.
Include Nitro Enclave module.
CVEs fixed:
+ CVE-2017-18232 [kernel: Mishandling mutex within libsas allowing local Denial of Service]
+ CVE-2018-10323 [kernel: Invalid pointer dereference in xfs\$1bmapi\$1write() when mounting and operating on crafted xfs image allows denial of service]
+ CVE-2018-8043 [kernel: NULL pointer dereference in drivers/net/phy/mdio-bcm-unimac.c:unimac\$1mdio\$1probe() can lead to denial of service]
+ CVE-2019-18808 [kernel: memory leak in ccp\$1run\$1sha\$1cmd() function in drivers/crypto/ccp/ccp-ops.c]
+ CVE-2019-19054 [kernel: A memory leak in the cx23888\$1ir\$1probe() function in drivers/media/pci/cx23885/cx23888-ir.c allows attackers to cause a DoS]
+ CVE-2019-19061 [kernel: A memory leak in the adis\$1update\$1scan\$1mode\$1burst() function in drivers/iio/imu/adis\$1buffer.c allows for a DoS]
+ CVE-2019-19073 [kernel: Memory leaks in drivers/net/wireless/ath/ath9k/htc\$1hst.c in the Linux kernel (DOS)]
+ CVE-2019-19074 [kernel: a memory leak in the ath9k management function in allows local DoS]
+ CVE-2019-3016 [kernel: kvm: Information leak within a KVM guest]
+ CVE-2019-9445 [kernel: out of bounds read due to missing bounds check in F2FS driver leads to local information disclosure]
+ CVE-2020-10781 [kernel: zram sysfs resource consumption]
+ CVE-2020-12655 [kernel: sync of excessive duration via an XFS v5 image with crafted metadata]
+ CVE-2020-15393 [kernel: memory leak in usbtest\$1disconnect function in drivers/usb/misc/usbtest.c]
Other Fixes:
+ Fixes memory leak in network device registration [net: fix memleak in register\$1netdevice()]
+ Fixes unresponsive system when simultaneously onlining/offlining block queues [blk-mq: fix unresponsive system caused by freeze/unfreeze sequence]
+ Fixes build error in kunit tests [kunit: fix failure to build without printk]
+ Fixes build error in xfs [xfs: fix string handling in label get/set functions]
# Amazon Linux 2 version 2.0.20200722.0 release notes
These are the release notes for Amazon Linux 2 version 2.0.20200722.0.
## Major updates
+ This update contains security updates for libxml2 and thunderbird as well as a dependency bug fix for system-rpm-config.
## Package updates
Amazon Linux 2 includes the following packages.
+ kernel-4.14.186-146.268.amzn2
+ libxml2-2.9.1-6.amzn2.4.1
+ qemu-3.1.0-8.amzn2.0.3
+ system-rpm-config-9.1.0-76.amzn2.0.10
+ thunderbird-68.10.0-1.amzn2
## Kernel updates
Rebase kernel to upstream stable 4.14.186.
Update ENA module to version 2.2.10g.
CVEs fixed:
+ CVE-2018-20669 [Makes 'user\$1access\$1begin()' do 'access\$1ok()']
+ CVE-2019-19462 [kernel/relay.c: Handles alloc\$1percpu returning NULL in relay\$1open]
+ CVE-2020-0543 [Addressed in microcode]
+ CVE-2020-10732 [fs/binfmt\$1elf.c: Allocates initialized memory in fill\$1thread\$1core\$1info()]
+ CVE-2020-10757 [mm: Fixes mremap not considering huge pmd devmap]
+ CVE-2020-10766 [x86/speculation: Prepares for per task indirect branch speculation control]
+ CVE-2020-10767 [x86/speculation: Avoids force-disabling IBPB based on STIBP and enhanced IBRS]
+ CVE-2020-10768 [x86/speculation: PR\$1SPEC\$1FORCE\$1DISABLE enforcement for indirect branches]
+ CVE-2020-12771 [bcache: Fixes potential deadlock problem in btree\$1gc\$1coalesce]
+ CVE-2020-12888 [vfio-pci: Invalidates mmaps and block MMIO access on disabled memory]
Other Fixes:
+ Fixes disallowing holes in swap files [iomap: don't allow holes in swapfiles]
+ Fixes populating cache information [ACPI/PPTT: Handle architecturally unknown cache types]
+ Fixes memory leaks in vfio/pci [vfio/pci: fix memory leaks in alloc\$1perm\$1bits()]
+ Fixes error handling in btrfs [btrfs: fix error handling when submitting direct I/O bio]
+ Fixes race leading to null pointer dereference in ext4 [ext4: fix race between ext4\$1sync\$1parent() and rename()]
+ Fixes null pointer dereference in ext4 [ext4: fix error pointer dereference]
+ Fixes memory leak in slub allocator [mm/slub: fix a memory leak in sysfs\$1slab\$1add()]
# Amazon Linux 2 06/17/2020 release notes
These are release notes for Amazon Linux 2.
## Major updates
+ Python 2.7 updated to most recent upstream version - 2.7.18.
**Note**
Amazon Linux will continue to provide security fixes to Python 2.7 according to our Amazon Linux 2 support timeline. See [Amazon Linux 2 FAQs](https://aws.amazon.com/amazon-linux-2/faqs/).
+ ca-certificates fix for Sectigo intermediate CA expiration
**Note**
For more information, see [this forum thread](https://forums.aws.amazon.com/thread.jspa?threadID=322837&tstart=0).
+ New Kernel with fixes for five CVEs (see below).
## Package updates
Amazon Linux 2 includes the following packages.
| Packages |
| --- |
| amazon-linux-extras-1.6.11-1 |
| bind-export-libs-9.11.4-9 |
| ca-certificates-2019.2.32-76 |
| cloud-init-19.3-3,freetype-2.8-14 |
| gdisk-0.8.10-3,glib2-2.56.1-5 |
| kernel-4.14.181-140.257 |
| libicu-50.2-4 |
| libpng-1.5.13-7 |
| python-2.7.18-1 |
| python-devel-2.7.18-1 |
| python-libs-2.7.18-1 |
| python2-rpm-4.11.3-40 |
| rpm-4.11.3-40 |
| rpm-build-libs-4.11.3-40 |
| rpm-libs-4.11.3-40 |
| rpm-plugin-systemd-inhibit-4.11.3-40 |
| selinux-policy-3.13.1-192 |
| selinux-policy-targeted-3.13.1-192 |
| yum-3.4.3-1 |
## Kernel updates
Rebase kernel to upstream stable 4.14.181.
Updated ENA module to version 2.2.8.
CVEs fixed:
+ CVE-2019-19319 [ext4: Protects journal inode's blocks using block\$1validity]
+ CVE-2020-10751 [selinux: Properly handles multiple messages in selinux\$1netlink\$1send()]
+ CVE-2020-1749 [net: ipv6\$1stub: Uses ip6\$1dst\$1lookup\$1flow instead of ip6\$1dst\$1lookup]
+ CVE-2019-19768 [blktrace: Protects q->blk\$1trace with RCU]
+ CVE-2020-12770 [scsi: sg: Adds sg\$1remove\$1request in sg\$1write]
Other Fixes:
+ Fix for a deadlock condition in xen-blkfront [xen-blkfront: Delay flush till queue lock dropped]
+ Fix for ORC unwinding [x86/unwind/orc: Fix unwind\$1get\$1return\$1address\$1ptr() for inactive tasks]
# Amazon Linux 2 05/29/2020 release notes
These are release notes for Amazon Linux 2.
## Major updates
+ Kernel includes fix for Important ALAS: https://alas.aws.amazon.com/AL2/ALAS-2020-1425.html
+ Amazon Linux 2 Customers are encouraged to try out Kernel Live Patching Public Preview, which would apply CVE fixes without a reboot. See https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/al2-live-patching.html
## Package updates
Amazon Linux 2 includes the following packages.
| Packages |
| --- |
| aws-cfn-bootstrap-1.4-32.amzn2.0.1 |
| awscli-1.16.300-1.amzn2.0.2 |
| bind-export-libs-9.11.4-9.P2.amzn2.0.3 |
| bind-libs-9.11.4-9.P2.amzn2.0.3 |
| bind-libs-lite-9.11.4-9.P2.amzn2.0.3. |
| bind-license-9.11.4-9.P2.amzn2.0.3 |
| bind-utils-9.11.4-9.P2.amzn2.0.3 |
| freeglut-3.0.0-8.amzn2 |
| freetype-2.8-14.amzn2 |
| gdisk-0.8.10-3.amzn2 |
| glib2-2.56.1-5.amzn2.0.1 |
| gnupg2-2.0.22-5.amzn2.0.4 |
| kernel-4.14.177-139.254.amzn2 |
| kernel-tools-4.14.177-139.254.amzn2 |
| langtable-0.0.31-4.amzn2 |
| langtable-data-0.0.31-4 |
| langtable-python-0.0.31-4 |
| libX11-1.6.7-2.amzn2 |
| libX11-common-1.6.7-2.amzn2 |
| libXfont2-2.0.3-1.amzn2 |
| libXrandr-1.5.1-2.amzn2.0.3 |
| libdrm-2.4.97-2.amzn2 |
| libfastjson-0.99.4-3.amzn2 |
| libglvnd-1.0.1-0.1.git5baa1e5.amzn2.0.1 |
| libglvnd-egl-1.0.1-0.1.git5baa1e5.amzn2.0.1 |
| libglvnd-gles-1.0.1-0.1.git5baa1e5.amzn2.0.1 |
| libglvnd-glx-1.0.1-0.1.git5baa1e5.amzn2.0.1 |
| libicu-50.2-4.amzn2, libpng-1.5.13-7.amzn2.0.2 |
| libtirpc-0.2.4-0.16.amzn2 |
| libwayland-client-1.17.0-1.amzn2 |
| libwayland-server-1.17.0-1.amzn2 |
| mesa-libEGL-18.3.4-5.amzn2.0.1 |
| mesa-libGL-18.3.4-5.amzn2.0.1 |
| mesa-libgbm-18.3.4-5.amzn2.0.1 |
| mesa-libglapi-18.3.4-5.amzn2.0.1 |
| microcode\$1ctl-2.1-47.amzn2.0.6 |
| openssl-1.0.2k-19.amzn2.0.3 |
| openssl-libs-1.0.2k-19.amzn2.0.3 |
| python-pillow-2.0.0-20.gitd1c6db8.amzn2.0.1 |
| python2-rpm-4.11.3-40.amzn2.0.4 |
| rpm-4.11.3-40.amzn2.0.4 |
| rpm-build-libs-4.11.3-40.amzn2.0.4 |
| rpm-libs-4.11.3-40.amzn2.0.4 |
| rpm-plugin-systemd-inhibit-4.11.3-40.amzn2.0.4 |
| selinux-policy-3.13.1-192.amzn2.6.1 |
| selinux-policy-targeted-3.13.1-192.amzn2.6.1 |
| sudo-1.8.23-4.amzn2.2 |
| xorg-x11-server-Xorg-1.20.4-7.amzn2.0.2 |
| xorg-x11-server-common-1.20.4-7.amzn2.0.2 |
| yum-3.4.3-158.amzn2.0.4 |
## Kernel updates
Rebase kernel to upstream stable 4.14.177.
CVEs fixed:
+ CVE-2020-10711 [netlabel: cope with NULL catmap]
+ CVE-2020-12826 [Extend exec\$1id to 64bits]
+ CVE-2020-12657 [block, bfq: fix use-after-free in bfq\$1idle\$1slice\$1timer\$1body]
+ CVE-2020-11565 [mm: mempolicy: require at least one nodeid for MPOL\$1PREFERRED]
+ CVE-2020-8648 [vt: selection, close sel\$1buffer race]
+ CVE-2020-1094 [vhost: Check docket sk\$1family instead of call getname]
+ CVE-2020-8649 [vgacon: Fix a UAF in vgacon\$1invert\$1region]
+ CVE-2020-8647 [vgacon: Fix a UAF in vgacon\$1invert\$1region]
+ CVE-2020-8648 [vt: selection, close sel\$1buffer race]
Other Fixes:
+ Divide by zero scheduler fix
+ Enabled L2TP in the configuration
# Amazon Linux 2 07/18/2019 release notes
These are release notes for Amazon Linux 2.
## Major updates
An AWS-optimized Linux kernel 4.19 is now available in Amazon Linux 2 Extras channel in addition to the 4.14 kernel that receives long-term support. You can install and use the 4.19 kernel by running `sudo amazon-linux-extras install kernel-ng` and rebooting your instance.
# Amazon Linux 2 06/27/2019 release notes
These are release notes for Amazon Linux 2.
## Major updates
[EC2 Instance Connect](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Connect-using-EC2-Instance-Connect.html) provides a simple and secure way to connect to your instances using Secure Shell (SSH). To disable the feature follow the steps to [Uninstall EC2 Instance Connect](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-connect-uninstall.html).
# Amazon Linux 2 05/23/2019 release notes
These are release notes for Amazon Linux 2.
## Major updates
NVIDIA GPU support: Amazon Linux 2 AMIs with NVIDIA GPU drivers pre-installed and pre-configured for use on P and G instance families are available on AWS Marketplace.
# Amazon Linux 2 05/14/2019 release notes
These are release notes for Amazon Linux 2.
## Major updates
A new systemd service is added to launch on boot. The service will submit the host public keys for identity validation to support an upcoming feature for connecting to EC2 instances.
# Amazon Linux 2 03/13/2019 release notes
These are release notes for Amazon Linux 2.
## Major updates
This update fixes incorrect permissions for some system files: https://alas.aws.amazon.com/AL2/ALAS-2019-1175.html
# Amazon Linux 2 11/26/2018 release notes
These are release notes for Amazon Linux 2.
## Major updates
A1 support: Amazon Linux 2 is supported for use on A1 instances.
# Amazon Linux 2 11/19/2018 release notes
These are release notes for Amazon Linux 2.
## Major updates
An ENA driver update that introduces Low Latency Queues (LLQ) for improved average and tail latencies. The update also adds support for receive checksum offload that improves CPU utilization.
# Amazon Linux 2 10/31/2018 release notes
These are release notes for Amazon Linux 2.
## Major updates
The OpenSSH daemon configuration file /etc/ssh/sshd\$1config has been updated. The AuthorizedKeysCommand value is configured to point to a customized script, /opt/aws/bin/curl\$1authorized\$1keys to support an upcoming feature to read SSH public keys; from the EC2 instance metadata during the SSH connection process.
# Amazon Linux 2 09/25/2018 release notes
These are release notes for Amazon Linux 2.
## Major updates
Amazon Linux 2 now supports 32-bit libraries and compatibility packages. With this update, you can run 32-bit applications on Amazon Linux 2. You can run `yum update` on an Amazon Linux 2 instance to get the full 32-bit support. This release also contains bug fixes and updates for several Amazon Linux 2 packages from their upstream projects.
# Amazon Linux 2 release notes
These are release notes for Amazon Linux 2.
## Systemd
Amazon Linux 2 provides the systemd service and systems manager as replacements to System V init. As a result, applications running on Amazon Linux 1 might require changes to run on Amazon Linux 2. Amazon Elastic Compute Cloud console (Amazon EC2) instances running Amazon Linux can no longer be upgraded to Amazon Linux 2 through rolling upgrade mechanisms.
Amazon Linux 2 uses the systemd 219 init system to bootstrap userspace and manage system processes. This is available as /sbin/init and replaces the System V-style init system that was available in the previous generation of Amazon Linux. Do not put initscripts sin /etc/init.d. systemctl \$1start\$1stop\$1restart\$1. Instead, use SERVICE\$1NAME.service. Service SERVICE\$1NAME \$1start\$1stop\$1restart\$1 is compatible with both Amazon Linux 1 and Amazon Linux 2.
## Extras
The extras mechanism provides the latest application software on a stable base of Amazon Linux 2. You can use it to balance operating system stability and overall software “freshness”. Extras provides topics to select AWS curated software bundles. Each topic contains all the dependencies required for the software to install and run on Amazon Linux 2.
The following is the Extras command to list the available topics.
```
$ amazon-linux-extras
```
The following is the Extras command to install a topic.
```
$ sudo amazon-linux-extras install topic name
```
In the following example, the Extras command installs the rust1 topic.
```
$ sudo amazon-linux-extras install rust1
```
The extras channel provides an AWS curated list of rapidly evolving technologies. These technologies might be updated more frequently than they would otherwise be in the "core" repositories of Amazon Linux 2.
Over time, these technologies will continue to mature and stabilize and might eventually be added to the Amazon Linux 2 "core" channel to which the Amazon Linux 2 Long Term Support policies apply.
## Docker is only in extras
The package for Docker is only available through extras. It is enabled by default. When new versions of Docker are released, support is provided only for the most current stable packages.
## C Runtime, compiler, and tools
Amazon Linux 2 comes with GCC 7.3, Glibc 2.26, and Binutils 2.29.1.
## System directories moved into /usr
In Amazon Linux 2, /bin, /sbin, /lib, and /lib64 are symlinks to /usr/bin, /usr/sbin, /usr/lib, and /usr/lib64, respectively. Packages that have Requires on specific binaries in /bin can't resolve. You can mitigate this by using the following logic for RPM package management.
```
%if 0%{?amzn} == 1
Requires: /bin/grep
%else
Requires: /usr/bin/grep
%endif
```
## cloud-init updates
Cloud-init has been updated to version 18.2 to handle early initialization of the operating system. Cloud-init sets the default locale and instance hostname, and it generates SSH private keys and adds SSH keys into the user’s .ssh/authorized\$1keys entry. It also establishes ephemeral mount points and configures the network devices.
## Virtual Machine images for on-premises use
Amazon Linux 2 virtual machine images are currently available for VMware ESXi, Microsoft Hyper-V, KVM, and Oracle VM VirtualBox virtualization solutions for development and testing. After downloading the image, follow the Amazon Linux documentation to get started.
The minimum system requirement for running Amazon Linux 2 in a virtual machine instance is 512 MB of memory and one virtual CPUs.
## Automation of security patching at scale with AWS Systems Manager Patch Manager
[AWS Systems Manager Patch Manager](https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-patch.html) now supports Amazon Linux 2. This enables the automated patching of fleets of Amazon Linux 2 EC2 instances and on-premises virtual machines (VMs). [AWS Systems Manager Patch Manager](https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-patch.html) can scan instances for missing patches and automatically install all missing patches.
## Upgrading from Amazon Linux 2 LTS Candidate 2
To upgrade from Amazon Linux 2 LTS Candidate 2 to the LTS version of Amazon Linux 2, run the following commands.
```
$ sudo yum update system-release
$ sudo yum update cloud-init
$ sudo yum clean all
$ sudo yum update
$ sudo reboot
```