# Amazon Linux 2 release notes for 2021
The following are the release notes for Amazon Linux 2 for 2021.
**Topics**
+ [December 23, 2021](relnotes-20211223.md)
+ [December 1, 2021](relnotes-20211201.md)
+ [November 3, 2021](relnotes-20211103.md)
+ [October 5, 2021](relnotes-20211005.md)
+ [October 1, 2021](relnotes-20211001.md)
+ [August 13th, 2021](relnotes-20210813.md)
+ [July 21, 2021](relnotes-20210721.md)
+ [July 1, 2021](relnotes-20210701.md)
+ [June 17, 2021](relnotes-20210617.md)
+ [May 25, 2021](relnotes-20210525.md)
+ [April 27, 2021](relnotes-20210427.md)
+ [April 21, 2021](relnotes-20210421.md)
+ [March 26, 2021](relnotes-20210326.md)
+ [March 18, 2021](relnotes-20210318.md)
+ [March 3, 2021](relnotes-20210303.md)
+ [February 19, 2021](relnotes-20210219.md)
+ [January 26, 2021](relnotes-20210126.md)
# Amazon Linux 2 version 2.0.20211223.0 release notes
These are the release notes for Amazon Linux 2 version 2.0.20211223.0.
## Major updates
None.
## Package updates
Amazon Linux 2 includes the following packages.
| Updated packages |
| --- |
| curl-7.79.1-1.amzn2.0.1.aarch64 |
| curl-7.79.1-1.amzn2.0.1.x86\$164 |
| kernel-4.14.256-197.484.amzn2.aarch64 |
| kernel-4.14.256-197.484.amzn2.x86\$164 |
| kernel-5.10.82-83.359.amzn2.aarch64 |
| kernel-5.10.82-83.359.amzn2.x86\$164 |
| kernel-devel-4.14.256-197.484.amzn2.x86\$164 |
| kernel-headers-4.14.256-197.484.amzn2.x86\$164 |
| kernel-tools-4.14.256-197.484.amzn2.aarch64 |
| kernel-tools-4.14.256-197.484.amzn2.x86\$164 |
| kernel-tools-5.10.82-83.359.amzn2.aarch64 |
| kernel-tools-5.10.82-83.359.amzn2.x86\$164 |
| kpatch-runtime-0.9.4-3.amzn2.noarch |
| libcurl-7.79.1-1.amzn2.0.1.aarch64 |
| libcurl-7.79.1-1.amzn2.0.1.x86\$164 |
| nspr-4.32.0-1.amzn2.0.1.aarch64 |
| nspr-4.32.0-1.amzn2.0.1.x86\$164 |
| nss-3.67.0-4.amzn2.0.2.aarch64 |
| nss-3.67.0-4.amzn2.0.2.x86\$164 |
| nss-softokn-3.67.0-3.amzn2.0.1.aarch64 |
| nss-softokn-3.67.0-3.amzn2.0.1.x86\$164 |
| nss-softokn-freebl-3.67.0-3.amzn2.0.1.aarch64 |
| nss-softokn-freebl-3.67.0-3.amzn2.0.1.x86\$164 |
| nss-sysinit-3.67.0-4.amzn2.0.2.aarch64 |
| nss-sysinit-3.67.0-4.amzn2.0.2.x86\$164 |
| nss-tools-3.67.0-4.amzn2.0.2.aarch64 |
| nss-tools-3.67.0-4.amzn2.0.2.x86\$164 |
| nss-util-3.67.0-1.amzn2.0.1.aarch64 |
| nss-util-3.67.0-1.amzn2.0.1.x86\$164 |
| vim-common-8.2.3642-1.amzn2.0.1.aarch64 |
| vim-common-8.2.3642-1.amzn2.0.1.x86\$164 |
| vim-enhanced-8.2.3642-1.amzn2.0.1.aarch64 |
| vim-enhanced-8.2.3642-1.amzn2.0.1.x86\$164 |
| vim-filesystem-8.2.3642-1.amzn2.0.1.noarch |
| vim-minimal-8.2.3642-1.amzn2.0.1.aarch64 |
| vim-minimal-8.2.3642-1.amzn2.0.1.x86\$164 |
## Kernel updates
Rebase kernel to upstream stable 4.14.256.
CVEs fixed:
+ CVE-2021-4002 [hugetlbfs: flush TLBs correctly after huge\$1pmd\$1unshare]
+ CVE-2021-3640 [Bluetooth: sco: Fix lock\$1sock() blockage by memcpy\$1from\$1msg()]
+ CVE-2021-3752 [Bluetooth: fix use-after-free error in lock\$1sock\$1nested()]
+ CVE-2021-3772 [sctp: use init\$1tag from inithdr for ABORT chunk]
Amazon EFA Driver: update to version v1.14.1
Amazon Features and Backports:
+ Revert "PCI/MSI: Enforce that MSI-X table entry is masked for update"
Other Fixes:
+ ARM: dts: at91: sama5d2\$1som1\$1ek: disable ISC node by default
+ NFSD: Keep existing listeners on portlist error
+ vfs: check fd has read access in kernel\$1read\$1file\$1from\$1fd()
+ ARM: dts: spear3xx: Fix gmac node
+ platform/x86: intel\$1scu\$1ipc: Update timeout value in comment
+ net: mdiobus: Fix memory leak in mdiobus\$1register
+ tracing: Have all levels of checks prevent recursion
# Amazon Linux 2 version 2.0.20211201.0 release notes
These are the release notes for Amazon Linux 2 version 2.0.20211201.0.
## Major updates
+ Updated NSS to fix CVE-2021-43527. Network Security Services (NSS) up to and including version 3.73 is vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications that use NSS for handling signatures that are encoded within CMS, S/MIME, PKCS \$1\$17, or PKCS \$1\$112 are likely to be impacted. Applications that use NSS for certificate validation or other TLS, X.509, OCSP, or CRL functionality might be impacted. This depends on how they configure NSS. When verifying a DER-encoded signature, NSS decodes the signature into a fixed-size buffer and passes the buffer to the underlying PKCS \$1\$111 module. The length of the signature isn't correctly checked when processing DSA and RSA-PSS signatures. DSA and RSA-PSS signatures larger than 16,384 bits overflows the buffer in VFYContextStr. The vulnerable code is located within secvfy.c:vfy\$1CreateContext.
## Package updates
Amazon Linux 2 includes the following packages.
+ nspr-4.32.0-1.amzn2.aarch64
+ nspr-4.32.0-1.amzn2.x86\$164
+ nss-3.67.0-4.amzn2.0.1.aarch64
+ nss-3.67.0-4.amzn2.0.1.x86\$164
+ nss-softokn-3.67.0-3.amzn2.aarch64
+ nss-softokn-3.67.0-3.amzn2.x86\$164
+ nss-softokn-freebl-3.67.0-3.amzn2.aarch6
+ nss-softokn-freebl-3.67.0-3.amzn2.x86\$164
+ nss-sysinit-3.67.0-4.amzn2.0.1.aarch64
+ nss-sysinit-3.67.0-4.amzn2.0.1.x86\$164
+ nss-tools-3.67.0-4.amzn2.0.1.aarch64
+ nss-tools-3.67.0-4.amzn2.0.1.x86\$164
+ nss-util-3.67.0-1.amzn2.aarch64
+ nss-util-3.67.0-1.amzn2.x86\$164
+ selinux-policy-3.13.1-268.amzn2.2.2.noarch
+ selinux-policy-targeted-3.13.1-268.amzn2.2.2.noarch
## Kernel updates
None.
# Amazon Linux 2 version 2.0.20211103.0 release notes
These are the release notes for Amazon Linux 2 version 2.0.20211103.0.
## Major updates
+ `system-release` was updated to point the Amazon Linux repositories to the Amazon S3 dual stack IPv4/IPv6 endpoint.
**Note**
The package data itself is still served from IPv4-only endpoints.
## Package updates
Amazon Linux 2 includes the following packages.
| Packages |
| --- |
| aws-cfn-bootstrap-2.0-9.amzn2.noarch |
| dracut-config-ec2-2.0-2.amzn2.noarch |
| ec2-instance-connect-1.1-15.amzn2.noarch |
| glibc-2.26-56.amzn2.aarch64 |
| glibc-2.26-56.amzn2.x86\$164 |
| glibc-all-langpacks-2.26-56.amzn2.aarch64 |
| glibc-all-langpacks-2.26-56.amzn2.x86\$164 |
| glibc-common-2.26-56.amzn2.aarch64 |
| glibc-common-2.26-56.amzn2.x86\$164 |
| glibc-devel-2.26-56.amzn2.x86\$164 |
| glibc-headers-2.26-56.amzn2.x86\$164 |
| glibc-langpack-en-2.26-56.amzn2.aarch64 |
| glibc-langpack-en-2.26-56.amzn2.x86\$164 |
| glibc-locale-source-2.26-56.amzn2.aarch64 |
| glibc-locale-source-2.26-56.amzn2.x86\$164 |
| glibc-minimal-langpack-2.26-56.amzn2.aarch64 |
| glibc-minimal-langpack-2.26-56.amzn2.x86\$164 |
| kernel-4.14.252-195.483.amzn2.aarch64 |
| kernel-4.14.252-195.483.amzn2.x86\$164 |
| kernel-devel-4.14.252-195.483.amzn2.x86\$164 |
| kernel-headers-4.14.252-195.483.amzn2.x86\$164 |
| kernel-tools-4.14.252-195.483.amzn2.aarch64 |
| kernel-tools-4.14.252-195.483.amzn2.x86\$164 |
| kpatch-runtime-0.9.4-2.amzn2.noarch |
| libcrypt-2.26-56.amzn2.aarch64 |
| libcrypt-2.26-56.amzn2.x86\$164 |
| openssl-1.0.2k-19.amzn2.0.10.aarch64 |
| openssl-1.0.2k-19.amzn2.0.10.x86\$164 |
| openssl-libs-1.0.2k-19.amzn2.0.10.aarch64 |
| openssl-libs-1.0.2k-19.amzn2.0.10.x86\$164 |
| system-release-2-14.amzn2.aarch64 |
| system-release-2-14.amzn2.x86\$164 |
## Kernel updates
Rebase kernel to upstream stable 4.14.252.
CVEs fixed:
+ CVE-2021-37159 [usb: hso: fix error handling code of hso\$1create\$1net\$1device]
+ CVE-2021-3744 [crypto: ccp - fix resource leaks in ccp\$1run\$1aes\$1gcm\$1cmd()]
+ CVE-2021-3764 [crypto: ccp - fix resource leaks in ccp\$1run\$1aes\$1gcm\$1cmd()]
+ CVE-2021-20317 [lib/timerqueue: Rely on rbtree semantics for next timer]
+ CVE-2021-20321 [ovl: fix missing negative dentry check in ovl\$1rename()]
+ CVE-2021-41864 [bpf: Fix integer overflow in prealloc\$1elems\$1and\$1freelist()]
Amazon Features and Backports:
+ Enable nitro-enclaves driver for arm64
Other Fixes:
+ md: Fixes a lock order reversal in md\$1alloc
+ arm64: Marks stack\$1chk\$1guard as ro\$1after\$1init
+ cpufreq: schedutil: Uses kobject release() method to free sugov\$1tunables
+ cpufreq: schedutil: Destroys mutex before kobject\$1put() frees the memory
+ ext4: Fixes potential infinite loop in ext4\$1dx\$1readdir()
+ nfsd4: Handles the NFSv4 READDIR 'dircount' hint being zero
+ net\$1sched: Fixes NULL deref in fifo\$1set\$1limit()
+ perf/x86: Resets destroy callback on event init failure
+ virtio: Writes back F\$1VERSION\$11 before validation
# Amazon Linux 2 version 2.0.20211005.0 release notes
These are the release notes for Amazon Linux 2 version 2.0.20211005.0.
## Major updates
None.
## Package updates
Amazon Linux 2 includes the following packages.
| Packages |
| --- |
| amazon-linux-extras-2.0.1-1.amzn2.noarch |
| amazon-linux-extras-yum-plugin-2.0.1-1.amzn2.noarch |
| dmidecode-3.2-5.amzn2.1.aarch64 |
| dmidecode-3.2-5.amzn2.1.x86\$164 |
| glib2-2.56.1-9.amzn2.0.2.aarch64 |
| glib2-2.56.1-9.amzn2.0.2.x86\$164 |
| glibc-2.26-55.amzn2.aarch64 |
| glibc-2.26-55.amzn2.x86\$164 |
| glibc-all-langpacks-2.26-55.amzn2.aarch64 |
| glibc-all-langpacks-2.26-55.amzn2.x86\$164 |
| glibc-common-2.26-55.amzn2.aarch64 |
| glibc-common-2.26-55.amzn2.x86\$164 |
| glibc-devel-2.26-55.amzn2.x86\$164 |
| glibc-headers-2.26-55.amzn2.x86\$164 |
| glibc-langpack-en-2.26-55.amzn2.aarch64 |
| glibc-langpack-en-2.26-55.amzn2.x86\$164 |
| glibc-locale-source-2.26-55.amzn2.aarch64 |
| glibc-locale-source-2.26-55.amzn2.x86\$164 |
| glibc-minimal-langpack-2.26-55.amzn2.aarch64 |
| glibc-minimal-langpack-2.26-55.amzn2.x86\$164 |
| grubby-8.28-23.amzn2.0.3.aarch64 |
| grubby-8.28-23.amzn2.0.3.x86\$164 |
| kernel-4.14.248-189.473.amzn2.aarch64 |
| kernel-4.14.248-189.473.amzn2.x86\$164 |
| kernel-devel-4.14.248-189.473.amzn2.x86\$164 |
| kernel-headers-4.14.248-189.473.amzn2.x86\$164 |
| kernel-tools-4.14.248-189.473.amzn2.aarch64 |
| kernel-tools-4.14.248-189.473.amzn2.x86\$164 |
| libcrypt-2.26-55.amzn2.aarch64 |
| libcrypt-2.26-55.amzn2.x86\$164 |
| libsss\$1idmap-1.16.5-10.amzn2.10.aarch64 |
| libsss\$1idmap-1.16.5-10.amzn2.10.x86\$164 |
| libsss\$1nss\$1idmap-1.16.5-10.amzn2.10.aarch64 |
## Kernel updates
Rebase kernel to upstream stable 4.14.252.
CVEs fixed:
+ CVE-2020-16119 [dccp: don't duplicate ccid when cloning dccp sock]
+ CVE-2021-40490 [ext4: fix race writing to an inline\$1data file while its xattrs are changing]
+ CVE-2021-42252 [soc: aspeed: lpc-ctrl: Fix boundary check for mmap]
Other Fixes:
+ mm/kmemleak.c: Makes cond\$1resched() rate-limiting more efficient
+ mm/page\$1alloc: Speeds up the iteration of max\$1order
+ tcp: seq\$1file: Avoids skipping sk during tcp\$1seek\$1last\$1pos
+ KVM: x86: Updates vCPU's hv\$1clock before back to guest when tsc\$1offset is adjusted
+ cifs: Fixes wrong release in sess\$1alloc\$1buffer() failed path
+ rcu: Fixes missed wakeup of exp\$1wq waiters
# Amazon Linux 2 version 2.0.20211001.1 release notes
These are the release notes for Amazon Linux 2 version 2.0.20211001.1.
## Major updates
+ ca-certificates was updated to version 2021.2.50-72.amzn2.0.1. This addresses the fact that the IdentTrust DST Root CA X3 was about to expire. This affected some Let’s Encrypt TLS certificates. If you continued using the expired certificate, you can't use OpenSSL to validate impacted certificates that are issued by Let’s Encrypt. If you were impacted by this issue, you might have experienced connection or certificate errors when trying to connect to certain websites or APIs that use Let's Encrypt certificates.
## Package updates
Amazon Linux 2 includes the following packages.
| Package |
| --- |
| ca-certificates-2021.2.50-72.amzn2.0.1.noarch |
| curl-7.76.1-7.amzn2.0.2.aarch64 |
| curl-7.76.1-7.amzn2.0.2.x86\$164 |
| device-mapper-1.02.170-6.amzn2.5.aarch64 |
| device-mapper-1.02.170-6.amzn2.5.x86\$164 |
| device-mapper-event-1.02.170-6.amzn2.5.aarch64 |
| device-mapper-event-1.02.170-6.amzn2.5.x86\$164 |
| device-mapper-event-libs-1.02.170-6.amzn2.5.aarch64 |
| device-mapper-event-libs-1.02.170-6.amzn2.5.x86\$164 |
| device-mapper-libs-1.02.170-6.amzn2.5.aarch64 |
| device-mapper-libs-1.02.170-6.amzn2.5.x86\$164 |
| glibc-2.26-54.amzn2.aarch64 |
| glibc-2.26-54.amzn2.x86\$164 |
| glibc-all-langpacks-2.26-54.amzn2.aarch64 |
| glibc-all-langpacks-2.26-54.amzn2.x86\$164 |
| glibc-common-2.26-54.amzn2.aarch64 |
| glibc-common-2.26-54.amzn2.x86\$164 |
| glibc-devel-2.26-54.amzn2.x86\$164 |
| glibc-headers-2.26-54.amzn2.x86\$164 |
| glibc-langpack-en-2.26-54.amzn2.aarch64 |
| glibc-langpack-en-2.26-54.amzn2.x86\$164 |
| glibc-locale-source-2.26-54.amzn2.aarch64 |
| glibc-locale-source-2.26-54.amzn2.x86\$164 |
| glibc-minimal-langpack-2.26-54.amzn2.aarch64 |
| glibc-minimal-langpack-2.26-54.amzn2.x86\$164 |
| grub2-2.06-2.amzn2.0.6.aarch64 |
| grub2-2.06-2.amzn2.0.6.x86\$164 |
| grub2-common-2.06-2.amzn2.0.6.noarch |
| grub2-efi-aa64-2.06-2.amzn2.0.6.aarch64 |
| grub2-efi-aa64-ec2-2.06-2.amzn2.0.6.aarch64 |
| grub2-efi-aa64-modules-2.06-2.amzn2.0.6.noarch |
| grub2-efi-x64-ec2-2.06-2.amzn2.0.6.x86\$164 |
| grub2-pc-2.06-2.amzn2.0.6.x86\$164 |
| grub2-pc-modules-2.06-2.amzn2.0.6.noarch |
| grub2-tools-2.06-2.amzn2.0.6.aarch64 |
| grub2-tools-2.06-2.amzn2.0.6.x86\$164 |
| grub2-tools-minimal-2.06-2.amzn2.0.6.aarch64 |
| grub2-tools-minimal-2.06-2.amzn2.0.6.x86\$164 |
| kernel-4.14.246-187.474.amzn2.aarch64 |
| kernel-4.14.246-187.474.amzn2.x86\$164 |
| kernel-devel-4.14.246-187.474.amzn2.x86\$164 |
| kernel-headers-4.14.246-187.474.amzn2.x86\$164 |
| kernel-tools-4.14.246-187.474.amzn2.aarch64 |
| kernel-tools-4.14.246-187.474.amzn2.x86\$164 |
| libblkid-2.30.2-2.amzn2.0.5.aarch64 |
| libblkid-2.30.2-2.amzn2.0.5.x86\$164 |
| libcrypt-2.26-54.amzn2.aarch64 |
| libcrypt-2.26-54.amzn2.x86\$164 |
| libcurl-7.76.1-7.amzn2.0.2.aarch64 |
| libcurl-7.76.1-7.amzn2.0.2.x86\$164 |
| libfdisk-2.30.2-2.amzn2.0.5.aarch64 |
| libfdisk-2.30.2-2.amzn2.0.5.x86\$164 |
| libmount-2.30.2-2.amzn2.0.5.aarch64 |
| libmount-2.30.2-2.amzn2.0.5.x86\$164 |
| libsmartcols-2.30.2-2.amzn2.0.5.aarch64 |
| libsmartcols-2.30.2-2.amzn2.0.5.x86\$164 |
| libuuid-2.30.2-2.amzn2.0.5.aarch64 |
| libuuid-2.30.2-2.amzn2.0.5.x86\$164 |
| lvm2-2.02.187-6.amzn2.5.aarch64 |
| lvm2-2.02.187-6.amzn2.5.x86\$164 |
| lvm2-libs-2.02.187-6.amzn2.5.aarch64 |
| lvm2-libs-2.02.187-6.amzn2.5.x86\$164 |
| openldap-2.4.44-23.amzn2.0.2.aarch64 |
| openldap-2.4.44-23.amzn2.0.2.x86\$164 |
| systemd-219-78.amzn2.0.15.aarch64 |
| systemd-219-78.amzn2.0.15.x86\$164 |
| systemd-libs-219-78.amzn2.0.15.aarch64 |
| systemd-libs-219-78.amzn2.0.15.x86\$164 |
| systemd-sysv-219-78.amzn2.0.15.aarch64 |
| systemd-sysv-219-78.amzn2.0.15.x86\$164 |
| util-linux-2.30.2-2.amzn2.0.5.aarch64 |
| util-linux-2.30.2-2.amzn2.0.5.x86\$164 |
## Kernel updates
Rebase kernel to upstream stable 4.14.252.
CVEs fixed:
+ CVE-2021-3732 [ovl: Prevents private clone if bind mount is not allowed]
+ CVE-2021-38205 [net: xilinx\$1emaclite: Doesn't print real IOMEM pointer]
+ CVE-2020-3702 [ath: Uses safer key clearing with key cache entries]
+ CVE-2021-3653 [KVM: nSVM: Avoids picking up unsupported bits from L2 in int\$1ctl (CVE-2021-3653)]
+ CVE-2021-3656 [KVM: nSVM: Always intercepts VMLOAD/VMSAVE when nested (CVE-2021-3656)]
+ CVE-2021-42008 [net: 6pack: Fixes slab-out-of-bounds in decode\$1data]
+ CVE-2021-3753 [vt\$1kdsetmode: Extends console locking]
+ CVE-2021-38198 [KVM: X86: MMU: Uses the correct inherited permissions tget shadow page]
Amazon Features and Backports:
+ Revert "gup: Documents and works around "COW can break either way" issue"
+ arm64: Implements ooptimized checksum routine
+ arm64: csum: Disables KASAN for do\$1csum()
+ arm64: csum: Optimizes IPv6 header checksum
+ arm64: csum: Fixes pathological zero-length calls
+ kvm/svm: PKU not currently supported
+ EDAC/amd64: Drops some family checks for newer systems
+ x86/amd\$1nb: Adds Family 19h PCI IDs
+ EDAC/mce\$1amd: Always loads on SMCA systems
+ x86/MCE/AMD, EDAC/mce\$1amd: Adds new Load Store unit McaType
+ EDAC/amd64: Makes struct amd64\$1family\$1type global
+ EDAC/amd64: Uses a macrfor iterating over Unified Memory Controllers
+ EDAC/amd64: Saves max number of controllers tfamily type
+ EDAC/amd64: Supports more than twcontrollers for chip selects handling
+ EDAC/amd64: Finds Chip Select memory size using Address Mask
+ EDAC/amd64: Adds family ops for Family 19h Models 00h-0Fh
+ perf/amd/uncore: Prepares L3 thread mask code for Family 19h
+ perf/amd/uncore: Makes L3 thread mask code more readable
+ perf/amd/uncore: Adds support for Family 19h L3 PMU
+ perf/x86/amd: Constrains Large Increment per Cycle events
+ perf/x86/amd: Adds support for Large Increment per Cycle Events
+ perf/x86/amd: Fixes sampling Large Increment per Cycle events
+ perf/amd/uncore: Sets all slices and threads trestore perf stat -a behaviour
+ perf/amd/uncore: Prepares tscale for more attributes that vary per family
+ perf/amd/uncore: Allows F19h user coreid, threadmask, and sliceid specification
+ perf vendor events: Supports metric\$1group and nevent name in JSON parser
+ perf vendor events amd: perf PMU events for AMD Family 17h
+ perf vendor events amd: Adds L3 cache events for Family 17h
+ perf vendor events amd: Removes redundant '['
+ perf vendor events amd: Restricts model detection for zen1 based processors
+ perf vendor events amd: Adds Zen2 events
+ perf vendor events amd: Updates Zen1 events tV2
+ perf vendor events amd: Adds L2 Prefetch events for zen1
+ perf vendor events amd: Adds ITLB Instruction Fetch Hits event for zen1
+ perf vendor events amd: Adds recommended events
+ perf vendor events amd: Enables Family 19h users by matching Zen2 events
+ perf vendor events amd: Fixes broken L2 Cache Hits from L2 HWPF metric
+ perf/amd/uncore: Fixes sysfs type mismatch
+ mm/page\$1alloc: Prints node fallback order
+ mm/page\$1alloc: Uses accumulated load when building node fallback list
+ ext4: Fixes race writing tan inline\$1data file while its xattrs are changing
Other Fixes:
+ ext4: Fixes potential htree corruption when growing large\$1dir directories
+ perf/x86/amd: Doesn't touch the AMD64\$1EVENTSEL\$1HOSTONLY bit inside the guest
+ net: Fixes memory leak in ieee802154\$1raw\$1deliver
+ net: bridge: Fixes memleak in br\$1add\$1if()
+ tcp\$1bbr: Fixes u32 wrap bug in round logic if bbr\$1init() called after 2B packets
+ vsock/virtio: Avoids potential deadlock when vsock device remove
+ x86/tools: Fixes objdump version check again
+ KVM: nSVM: Aalways intercepts VMLOAD/VMSAVE when nested (CVE-2021-3656)
+ KVM: nSVM: Avoids picking up unsupported bits from L2 in int\$1ctl (CVE-2021-3653)
+ x86/fpu: Makes init\$1fpstate correct with optimized XSAVE
+ fs: Warns about impending deprecation of mandatory locks
+ virtio: Improves vq->broken access tavoid any compiler optimization
+ KVM: x86/mmu: Treats NX as used (not reserved) for all \$1TDP shadow MMUs
+ KVM: X86: MMU: Uses the correct inherited permissions tget shadow page
# Amazon Linux 2 version 2.0.20210813.1 release notes
These are the release notes for Amazon Linux 2 version 2.0.20210813.1.
## Major updates
+ This update fixed the issue of occasional boot that occurred with grub2 on arm64. It also improved the compatibility of the grub2 generated config file with grubby. It specifically removed the submenus and the unused systemd driven boot counter.
## Package updates
Amazon Linux 2 includes the following packages.
| Packages |
| --- |
| curl-7.76.1-4.amzn2.0.1.aarch64 |
| curl-7.76.1-4.amzn2.0.1.x86\$164 |
| ec2-utils-1.2-45.amzn2.noarch |
| grub2-2.06-2.amzn2.0.3.aarch64 |
| grub2-2.06-2.amzn2.0.3.x86\$164 |
| grub2-common-2.06-2.amzn2.0.3.noarch |
| grub2-efi-aa64-2.06-2.amzn2.0.3.aarch64 |
| grub2-efi-aa64-ec2-2.06-2.amzn2.0.3.aarch64 |
| grub2-efi-aa64-modules-2.06-2.amzn2.0.3.noarch |
| grub2-efi-x64-ec2-2.06-2.amzn2.0.3.x86\$164 |
| grub2-pc-2.06-2.amzn2.0.3.x86\$164 |
| grub2-pc-modules-2.06-2.amzn2.0.3.noarch |
| grub2-tools-2.06-2.amzn2.0.3.aarch64 |
| grub2-tools-2.06-2.amzn2.0.3.x86\$164 |
| grub2-tools-minimal-2.06-2.amzn2.0.3.aarch64 |
| grub2-tools-minimal-2.06-2.amzn2.0.3.x86\$164 |
| grubby-8.28-23.amzn2.0.2.aarch64 |
| grubby-8.28-23.amzn2.0.2.x86\$164 |
| kernel-4.14.243-185.433.amzn2.aarch64 |
| kernel-4.14.243-185.433.amzn2.x86\$164 |
| kernel-devel-4.14.243-185.433.amzn2.x86\$164 |
| kernel-headers-4.14.243-185.433.amzn2.x86\$164 |
| kernel-tools-4.14.243-185.433.amzn2.aarch64 |
| kernel-tools-4.14.243-185.433.amzn2.x86\$164 |
| libcurl-7.76.1-4.amzn2.0.1.aarch64 |
| libcurl-7.76.1-4.amzn2.0.1.x86\$164 |
| systemtap-runtime-4.4-1.amzn2.0.2.aarch64 |
| systemtap-runtime-4.4-1.amzn2.0.2.x86\$164 |
## Kernel updates
Rebase kernel tupstream stable 4.14.243
CVEs fixed:
+ CVE-2021-22543 [KVM: do not allow mapping valid but non-reference-counted pages]
Amazon Features and Backports:
+ In this update, an issue was addressed where an upstream change reverts to memory management. This issue caused significant regressions for some workloads. This issue is referred to as the revert "gup: document and work around "COW can break either way" issue".
# Amazon Linux 2 version 2.0.20210721.2 release notes
These are the release notes for Amazon Linux 2 version 2.0.20210721.2.
## Major updates
+ GRUB has been updated to 2.06 with some launch time improvements
## Package updates
Amazon Linux 2 includes the following packages.
| Packages |
| --- |
| amazon-ssm-agent-3.0.1124.0-1.amzn2.aarch64 |
| amazon-ssm-agent-3.0.1124.0-1.amzn2.x86\$164 |
| chrony-4.0-3.amzn2.0.2.aarch64 |
| chrony-4.0-3.amzn2.0.2.x86\$164 |
| dracut-033-535.amzn2.1.4.aarch64 |
| dracut-033-535.amzn2.1.4.x86\$164 |
| dracut-config-generic-033-535.amzn2.1.4.aarch64 |
| dracut-config-generic-033-535.amzn2.1.4.x86\$164 |
| fuse-libs-2.9.2-11.amzn2.aarch64 |
| fuse-libs-2.9.2-11.amzn2.x86\$164 |
| glibc-2.26-48.amzn2.aarch64 |
| glibc-2.26-48.amzn2.x86\$164 |
| glibc-all-langpacks-2.26-48.amzn2.aarch64 |
| glibc-all-langpacks-2.26-48.amzn2.x86\$164 |
| glibc-common-2.26-48.amzn2.aarch64 |
| glibc-common-2.26-48.amzn2.x86\$164 |
| glibc-devel-2.26-48.amzn2.x86\$164 |
| glibc-headers-2.26-48.amzn2.x86\$164 |
| glibc-langpack-en-2.26-48.amzn2.aarch64 |
| glibc-langpack-en-2.26-48.amzn2.x86\$164 |
| glibc-locale-source-2.26-48.amzn2.aarch64 |
| glibc-locale-source-2.26-48.amzn2.x86\$164 |
| glibc-minimal-langpack-2.26-48.amzn2.aarch64 |
| glibc-minimal-langpack-2.26-48.amzn2.x86\$164 |
| grub2-2.06-2.amzn2.0.1.aarch64 |
| grub2-2.06-2.amzn2.0.1.x86\$164 |
| grub2-common-2.06-2.amzn2.0.1.noarch |
| grub2-efi-aa64-2.06-2.amzn2.0.1.aarch64 |
| grub2-efi-aa64-ec2-2.06-2.amzn2.0.1.aarch64 |
| grub2-efi-aa64-modules-2.06-2.amzn2.0.1.noarch |
| grub2-efi-x64-ec2-2.06-2.amzn2.0.1.x86\$164 |
| grub2-pc-2.06-2.amzn2.0.1.x86\$164 |
| grub2-pc-modules-2.06-2.amzn2.0.1.noarch |
| grub2-tools-2.06-2.amzn2.0.1.aarch64 |
| grub2-tools-2.06-2.amzn2.0.1.x86\$164 |
| grub2-tools-minimal-2.06-2.amzn2.0.1.aarch64 |
| grub2-tools-minimal-2.06-2.amzn2.0.1.x86\$164 |
| kernel-4.14.238-182.422.amzn2.aarch64 |
| kernel-4.14.238-182.422.amzn2.x86\$164 |
| kernel-devel-4.14.238-182.422.amzn2.x86\$164 |
| kernel-headers-4.14.238-182.422.amzn2.x86\$164 |
| kernel-tools-4.14.238-182.422.amzn2.aarch64 |
| kernel-tools-4.14.238-182.422.amzn2.x86\$164 |
| libcrypt-2.26-48.amzn2.aarch64 |
| libcrypt-2.26-48.amzn2.x86\$164 |
| libwebp-0.3.0-10.amzn2.aarch64 |
| libwebp-0.3.0-10.amzn2.x86\$164 |
| libX11-1.6.7-3.amzn2.0.2.x86\$164 |
| libX11-common-1.6.7-3.amzn2.0.2.noarch |
| libxml2-2.9.1-6.amzn2.5.4.aarch64 |
| libxml2-2.9.1-6.amzn2.5.4.x86\$164 |
| libxml2-python-2.9.1-6.amzn2.5.4.aarch64 |
| libxml2-python-2.9.1-6.amzn2.5.4.x86\$164 |
| openssl-1.0.2k-19.amzn2.0.7.aarch64 |
| openssl-1.0.2k-19.amzn2.0.7.x86\$164 |
| openssl-libs-1.0.2k-19.amzn2.0.7.aarch64 |
| openssl-libs-1.0.2k-19.amzn2.0.7.x86\$164 |
| python2-rpm-4.11.3-40.amzn2.0.6.aarch64 |
| python2-rpm-4.11.3-40.amzn2.0.6.x86\$164 |
| python-urllib3-1.25.9-1.amzn2.0.2.noarch |
| rpm-4.11.3-40.amzn2.0.6.aarch64 |
| rpm-4.11.3-40.amzn2.0.6.x86\$164 |
| rpm-build-libs-4.11.3-40.amzn2.0.6.aarch64 |
| rpm-build-libs-4.11.3-40.amzn2.0.6.x86\$164 |
| rpm-libs-4.11.3-40.amzn2.0.6.aarch64 |
| rpm-libs-4.11.3-40.amzn2.0.6.x86\$164 |
| rpm-plugin-systemd-inhibit-4.11.3-40.amzn2.0.6.aarch64 |
| rpm-plugin-systemd-inhibit-4.11.3-40.amzn2.0.6.x86\$164 |
| systemtap-runtime-4.4-1.amzn2.0.1.aarch64 |
| systemtap-runtime-4.4-1.amzn2.0.1.x86\$164 |
| tzdata-2021a-1.amzn2.noarch |
## Kernel updates
Rebase kernel to upstream stable 4.14.238.
Amazon EFA Driver: Updated to tversion v1.12.1
CVEs fixed:
+ CVE-2021-32399 [bluetooth: eliminate the potential race condition when removing the HCI controller]
+ CVE-2021-33034 [Bluetooth: verify AMP hci\$1chan before amp\$1destroy]
+ CVE-2020-26558 [Bluetooth: SMP: Fails if remote and local public keys are identical]
+ CVE-2021-0129 [Bluetooth: SMP: Fails if remote and local public keys are identical]
+ CVE-2020-24586 [mac80211: Prevents mixed key and fragment cache attacks]
+ CVE-2020-24587 [mac80211: Prevents mixed key and fragment cache attacks]
+ CVE-2020-24588 [cfg80211: Mitigates A-MSDU aggregation attacks]
+ CVE-2020-26139 [mac80211: Doesn't accept/forward invalid EAPOL frames]
+ CVE-2020-26147 [mac80211: Makes sure that all fragments are encrypted]
+ CVE-2021-29650 [netfilter: x\$1tables: Uses correct memory barriers.]
+ CVE-2021-3564 [Bluetooth: Fixes the erroneous flush\$1work() order]
+ CVE-2021-3573 [Bluetooth: Uses correct lock tprevent UAF of hdev object]
+ CVE-2021-3587 [nfc: Fixes NULL ptr dereference in llcp\$1sock\$1getname() after failed connect]
+ CVE-2021-34693 [can: bcm: Fixes infoleak in struct bcm\$1msg\$1head]
+ CVE-2021-33624 [bpf: Inherits expanded/patched seen count from old aux data]
+ CVE-2021-33909 [seq\$1file: Doesn't allow extremely large seq buffer allocations]
Amazon Features and Backports:
+ arm64/kernel: Doesn't ban ADRP twork around Cortex-A53 erratum \$1843419
+ arm64/errata: Adds REVIDR handling tframework
+ arm64/kernel: Enables A53 erratum \$18434319 handling at runtime
+ arm64: Fixes undefined reference t'printk'
+ arm64/kernel: Renames module\$1emit\$1adrp\$1veneer→module\$1emit\$1veneer\$1for\$1adrp
+ arm64/kernel: kaslr: Reduces module randomization range t4 GB
+ Revert "arm64: acpi/pci: invoke \$1DSM whether tpreserve firmware PCI setup"
+ PCI/ACPI: Evaluates PCI Boot Configuration \$1DSM
+ PCI: Doesn't auto-realloc if we're preserving firmware config
+ arm64: PCI: Allows resource reallocation if necessary
+ arm64: PCI: Preserved firmware configuration when desired
+ bpf: Fixes subprog verifier bypass by div/mod by 0 exception
+ bpf, x86\$164: Removes obsolete exception handling from div/mod
+ bpf, arm64: Removes obsolete exception handling from div/mod
+ bpf, s390x: Removes obsolete exception handling from div/mod
+ bpf, ppc64: Removes obsolete exception handling from div/mod
+ bpf, sparc64: Removes obsolete exception handling from div/mod
+ bpf, mips64: Removes obsolete exception handling from div/mod
+ bpf, mips64: Removes unneeded zercheck from div/mod with k
+ bpf, arm: Removes obsolete exception handling from div/mod
+ bpf: Fixes 32 bit src register truncation on div/mod
+ bpf: Inherits expanded/patched seen count from old aux data
+ bpf: Doesn't mark insn as seen under speculative path verification
+ bpf: Fixes leakage under speculation on mispredicted branches
+ seq\$1file: Doesn't allow extremely large seq buffer allocations
# Amazon Linux 2 version 2.0.20210701.0 release notes
These are the release notes for Amazon Linux 2 version 2.0.20210701.0.
## Major updates
None.
## Package updates
Amazon Linux 2 includes the following packages.
| Packages |
| --- |
| amazon-ssm-agent-3.0.1124.0-1.amzn2.aarch64 |
| amazon-ssm-agent-3.0.1124.0-1.amzn2.x86\$164 |
| dracut-033-535.amzn2.1.4.aarch64 |
| dracut-033-535.amzn2.1.4.x86\$164 |
| dracut-config-generic-033-535.amzn2.1.4.aarch64 |
| dracut-config-generic-033-535.amzn2.1.4.x86\$164 |
| glibc-2.26-48.amzn2.aarch64 |
| glibc-2.26-48.amzn2.x86\$164 |
| glibc-all-langpacks-2.26-48.amzn2.aarch64 |
| glibc-all-langpacks-2.26-48.amzn2.x86\$164 |
| glibc-common-2.26-48.amzn2.aarch64 |
| glibc-common-2.26-48.amzn2.x86\$164 |
| glibc-devel-2.26-48.amzn2.x86\$164 |
| glibc-headers-2.26-48.amzn2.x86\$164 |
| glibc-langpack-en-2.26-48.amzn2.aarch64 |
| glibc-langpack-en-2.26-48.amzn2.x86\$164 |
| glibc-locale-source-2.26-48.amzn2.aarch64 |
| glibc-locale-source-2.26-48.amzn2.x86\$164 |
| glibc-minimal-langpack-2.26-48.amzn2.aarch64 |
| glibc-minimal-langpack-2.26-48.amzn2.x86\$164 |
| libcrypt-2.26-48.amzn2.aarch64 |
| libcrypt-2.26-48.amzn2.x86\$164 |
| libwebp-0.3.0-10.amzn2.aarch64 |
| libwebp-0.3.0-10.amzn2.x86\$164 |
| libxml2-2.9.1-6.amzn2.5.4.aarch64 |
| libxml2-2.9.1-6.amzn2.5.4.x86\$164 |
| libxml2-python-2.9.1-6.amzn2.5.4.aarch64 |
| libxml2-python-2.9.1-6.amzn2.5.4.x86\$164 |
| systemtap-runtime-4.4-1.amzn2.0.1.aarch64 |
| systemtap-runtime-4.4-1.amzn2.0.1.x86\$164 |
| tzdata-2021a-1.amzn2.noarch |
## Kernel updates
Rebase kernel to upstream stable 4.14.252.
CVEs fixed:
+ None.
# Amazon Linux 2 version 2.0.20210617.0 release notes
These are the release notes for Amazon Linux 2 version 2.0.20210617.0.
## Major updates
None.
## Package updates
Amazon Linux 2 includes the following packages.
| Packages |
| --- |
| bind-export-libs-9.11.4-26.P2.amzn2.5.2.aarch64 |
| bind-export-libs-9.11.4-26.P2.amzn2.5.2.x86\$164 |
| bind-libs-9.11.4-26.P2.amzn2.5.2.aarch64 |
| bind-libs-9.11.4-26.P2.amzn2.5.2.x86\$164 |
| bind-libs-lite-9.11.4-26.P2.amzn2.5.2.aarch64 |
| bind-libs-lite-9.11.4-26.P2.amzn2.5.2.x86\$164 |
| bind-license-9.11.4-26.P2.amzn2.5.2.noarch |
| bind-utils-9.11.4-26.P2.amzn2.5.2.aarch64 |
| bind-utils-9.11.4-26.P2.amzn2.5.2.x86\$164 |
| bzip2-1.0.6-13.amzn2.0.3.aarch64 |
| bzip2-1.0.6-13.amzn2.0.3.x86\$164 |
| bzip2-libs-1.0.6-13.amzn2.0.3.aarch64 |
| bzip2-libs-1.0.6-13.amzn2.0.3.x86\$164 |
| cloud-init-19.3-44.amzn2.noarch |
| cpp-7.3.1-13.amzn2.x86\$164 |
| curl-7.61.1-12.amzn2.0.4.aarch64 |
| curl-7.61.1-12.amzn2.0.4.x86\$164 |
| dhclient-4.2.5-77.amzn2.1.3.aarch64 |
| dhclient-4.2.5-77.amzn2.1.3.x86\$164 |
| dhcp-common-4.2.5-77.amzn2.1.3.aarch64 |
| dhcp-common-4.2.5-77.amzn2.1.3.x86\$164 |
| dhcp-libs-4.2.5-77.amzn2.1.3.aarch64 |
| dhcp-libs-4.2.5-77.amzn2.1.3.x86\$164 |
| dracut-config-ec2-2.0-1.amzn2.noarch |
| gcc-7.3.1-13.amzn2.x86\$164 |
| gcc-c-7.3.1-13.amzn2.x86\$164 |
| glib2-2.56.1-9.amzn2.0.1.aarch64 |
| glib2-2.56.1-9.amzn2.0.1.x86\$164 |
| glibc-2.26-47.amzn2.aarch64 |
| glibc-2.26-47.amzn2.x86\$164 |
| glibc-all-langpacks-2.26-47.amzn2.aarch64 |
| glibc-all-langpacks-2.26-47.amzn2.x86\$164 |
| glibc-common-2.26-47.amzn2.aarch64 |
| glibc-common-2.26-47.amzn2.x86\$164 |
| glibc-devel-2.26-47.amzn2.x86\$164 |
| glibc-headers-2.26-47.amzn2.x86\$164 |
| glibc-langpack-en-2.26-47.amzn2.aarch64 |
| glibc-langpack-en-2.26-47.amzn2.x86\$164 |
| glibc-locale-source-2.26-47.amzn2.aarch64 |
| glibc-locale-source-2.26-47.amzn2.x86\$164 |
| glibc-minimal-langpack-2.26-47.amzn2.aarch64 |
| glibc-minimal-langpack-2.26-47.amzn2.x86\$164 |
| kernel-4.14.232-177.418.amzn2.aarch64 |
| kernel-4.14.232-177.418.amzn2.x86\$164 |
| kernel-devel-4.14.232-177.418.amzn2.x86\$164 |
| kernel-headers-4.14.232-177.418.amzn2.x86\$164 |
| kernel-tools-4.14.232-177.418.amzn2.aarch64 |
| kernel-tools-4.14.232-177.418.amzn2.x86\$164 |
| libatomic-7.3.1-13.amzn2.x86\$164 |
| libcilkrts-7.3.1-13.amzn2.x86\$164 |
| libcrypt-2.26-47.amzn2.aarch64 |
| libcrypt-2.26-47.amzn2.x86\$164 |
| libcurl-7.61.1-12.amzn2.0.4.aarch64 |
| libcurl-7.61.1-12.amzn2.0.4.x86\$164 |
| libgcc-7.3.1-13.amzn2.aarch64 |
| libgcc-7.3.1-13.amzn2.x86\$164 |
| libgomp-7.3.1-13.amzn2.aarch64 |
| libgomp-7.3.1-13.amzn2.x86\$164 |
| libitm-7.3.1-13.amzn2.x86\$164 |
| libmpx-7.3.1-13.amzn2.x86\$164 |
| libquadmath-7.3.1-13.amzn2.x86\$164 |
| libsanitizer-7.3.1-13.amzn2.x86\$164 |
| libstdc-7.3.1-13.amzn2.aarch64 |
| libstdc-7.3.1-13.amzn2.x86\$164 |
| libX11-1.6.7-3.amzn2.0.1.x86\$164 |
| libX11-common-1.6.7-3.amzn2.0.1.noarch |
| libxml2-2.9.1-6.amzn2.5.3.aarch64 |
| libxml2-2.9.1-6.amzn2.5.3.x86\$164 |
| libxml2-python-2.9.1-6.amzn2.5.3.aarch64 |
| libxml2-python-2.9.1-6.amzn2.5.3.x86\$164 |
| microcode\$1ctl-2.1-47.amzn2.0.9.x86\$164 |
| nss-3.53.1-7.amzn2.aarch64 |
| nss-3.53.1-7.amzn2.x86\$164 |
| nss-sysinit-3.53.1-7.amzn2.aarch64 |
| nss-sysinit-3.53.1-7.amzn2.x86\$164 |
| nss-tools-3.53.1-7.amzn2.aarch64 |
| nss-tools-3.53.1-7.amzn2.x86\$164 |
| openldap-2.4.44-23.amzn2.0.1.aarch64 |
| openldap-2.4.44-23.amzn2.0.1.x86\$164 |
| python-2.7.18-1.amzn2.0.4.aarch64 |
| python-2.7.18-1.amzn2.0.4.x86\$164 |
| python3-3.7.10-1.amzn2.0.1.aarch64 |
| python3-3.7.10-1.amzn2.0.1.x86\$164 |
| python3-libs-3.7.10-1.amzn2.0.1.aarch64 |
| python3-libs-3.7.10-1.amzn2.0.1.x86\$164 |
| python3-pip-20.2.2-1.amzn2.0.3.noarch |
| python-devel-2.7.18-1.amzn2.0.4.aarch64 |
| python-devel-2.7.18-1.amzn2.0.4.x86\$164 |
| python-libs-2.7.18-1.amzn2.0.4.aarch64 |
| python-libs-2.7.18-1.amzn2.0.4.x86\$164 |
| python-urllib3-1.25.9-1.amzn2.0.1.noarch |
| systemd-219-78.amzn2.0.14.aarch64 |
| systemd-219-78.amzn2.0.14.x86\$164 |
| systemd-libs-219-78.amzn2.0.14.aarch64 |
| systemd-libs-219-78.amzn2.0.14.x86\$164 |
| systemd-sysv-219-78.amzn2.0.14.aarch64 |
| systemd-sysv-219-78.amzn2.0.14.x86\$164 |
| update-motd-1.1.2-2.amzn2.0.2.noarch |
## Kernel updates
Rebase kernel to upstream stable 4.14.232.
Support for Intel IceLake processors.
CVEs fixed:
+ CVE-2021-33200 [out-of-bounds reads and writes due to enforcing incorrect limits for pointer arithmetic operations by BPF verifier]
Amazon Features and Backports:
+ bpf: Wrapps aux data inside bpf\$1sanitize\$1info container
+ bpf: Fixes mask direction swap upon off reg sign change
+ bpf: Removes requirement for simulating the speculative domain for immediates
+ x86/CPU: Adds Icelake model number
+ perf/x86/intel: Adds Icelake support
+ perf: Makes perf\$1callchain function static
+ perf/x86/intel: Now supports PEBS on fixed counters
+ perf/x86/intel: Introduces PMU flag for Extended PEBS
+ perf/x86/intel: Fixes unwind errors from PEBS entries (mk-II)
+ perf/UAPI: Clearly markes \$1\$1PERF\$1SAMPLE\$1CALLCHAIN\$1EARLY as internal use
+ perf/x86/intel: Doesn't allow precise\$1ip on BTS events
+ perf/x86/intel/ds: Handles PEBS overflow for fixed counters
+ perf/x86/intel: Adds extract memory code PEBS parser for reuse
+ perf/x86/intel/ds: Adds extract code of event update in short period
+ perf/x86/intel: Adds support adaptive PEBS v4
+ perf/x86/lbr: Avoids reading the LBRs when adaptive PEBS handles them
+ perf/x86: Adds support for constraint ranges
+ perf/x86/intel: Fixes SLOTS PEBS event constraint
+ perf/x86/intel: Fixes Ice Lake event constraint table
+ perf/x86/intel: Adds event constraint for CYCLE\$1ACTIVITY.STALLS\$1MEM\$1ANY
+ perf/x86/intel: Fixes rtm\$1abort\$1event encoding on Ice Lake
+ x86/CPU: Adds more Icelake model numbers
+ perf/ring\$1buffer: Fixes AUX software double buffering
+ perf/x86/intel/pt: Removes software double buffering PMU capability
+ perf/core: Adds function to test for event exclusion flags
+ perf/core: Adds PERF\$1PMU\$1CAP\$1NO\$1EXCLUDE for exclusion incapable PMUs
+ perf/x86/regs: Checks reserved bits
+ perf/x86: Cleans up PEBS\$1XMM\$1REGS
+ perf/x86: Removes pmu->pebs\$1no\$1xmm\$1regs
+ perf/x86/intel: Adds more Icelake CPUIDs
+ ICX : perf/x86: Disables extended registers for non-supported PMUs
+ ICX : perf/x86: Adds support for outputting XMM registers
+ tools x86 uapi asm: Syncs the pt\$1regs.h copy with the kernel sources
+ perf tools x86: Adds support for recording and printing XMM registers
+ perf record: Fixes suggestion to get list of registers usable with --user-regs and --intr-regs
+ perf parse-regs: Improves error output when faced with unknown register name
+ ena: Update to 2.5.0
# Amazon Linux 2 version 2.0.20210525.0 release notes
These are the release notes for Amazon Linux 2 version 2.0.20210525.0.
## Major updates
+ Updated chrony to 4.0 from 3.5.1
## Package updates
Amazon Linux 2 includes the following packages.
| Packages |
| --- |
| bind-export-libs-9.11.4-26.P2.amzn2.5.aarch64 |
| bind-export-libs-9.11.4-26.P2.amzn2.5.x86\$164 |
| bind-libs-9.11.4-26.P2.amzn2.5.aarch64 |
| bind-libs-9.11.4-26.P2.amzn2.5.x86\$164 |
| bind-libs-lite-9.11.4-26.P2.amzn2.5.aarch64 |
| bind-libs-lite-9.11.4-26.P2.amzn2.5.x86\$164 |
| bind-license-9.11.4-26.P2.amzn2.5.noarch |
| bind-utils-9.11.4-26.P2.amzn2.5.aarch64 |
| bind-utils-9.11.4-26.P2.amzn2.5.x86\$164 |
| chrony-4.0-3.amzn2.0.1.aarch64 |
| chrony-4.0-3.amzn2.0.1.x86\$164 |
| ec2-utils-1.2-44.amzn2.noarch |
| glibc-2.26-45.amzn2.aarch64 |
| glibc-2.26-45.amzn2.x86\$164 |
| glibc-all-langpacks-2.26-45.amzn2.aarch64 |
| glibc-all-langpacks-2.26-45.amzn2.x86\$164 |
| glibc-common-2.26-45.amzn2.aarch64 |
| glibc-common-2.26-45.amzn2.x86\$164 |
| glibc-devel-2.26-45.amzn2.x86\$164 |
| glibc-headers-2.26-45.amzn2.x86\$164 |
| glibc-langpack-en-2.26-45.amzn2.aarch64 |
| glibc-langpack-en-2.26-45.amzn2.x86\$164 |
| glibc-locale-source-2.26-45.amzn2.aarch64 |
| glibc-locale-source-2.26-45.amzn2.x86\$164 |
| glibc-minimal-langpack-2.26-45.amzn2.aarch64 |
| glibc-minimal-langpack-2.26-45.amzn2.x86\$164 |
| kernel-4.14.232-176.381.amzn2.aarch64 |
| kernel-4.14.232-176.381.amzn2.x86\$164 |
| kernel-devel-4.14.232-176.381.amzn2.x86\$164 |
| kernel-headers-4.14.232-176.381.amzn2.x86\$164 |
| kernel-tools-4.14.232-176.381.amzn2.aarch64 |
| kernel-tools-4.14.232-176.381.amzn2.x86\$164 |
| libcrypt-2.26-45.amzn2.aarch64 |
| libcrypt-2.26-45.amzn2.x86\$164 |
| libjpeg-turbo-2.0.90-2.amzn2.0.1.aarch64 |
| libjpeg-turbo-2.0.90-2.amzn2.0.1.x86\$164 |
| openldap-2.4.44-23.amzn2.aarch64 |
| openldap-2.4.44-23.amzn2.x86\$164 |
| python2-setuptools-41.2.0-4.amzn2.0.2.noarch |
| python3-3.7.9-1.amzn2.0.3.aarch64 |
| python3-3.7.9-1.amzn2.0.3.x86\$164 |
| python3-libs-3.7.9-1.amzn2.0.3.aarch64 |
| python3-libs-3.7.9-1.amzn2.0.3.x86\$164 |
| python3-pip-20.2.2-1.amzn2.0.2.noarch |
| python3-setuptools-49.1.3-1.amzn2.0.2.noarch |
## Kernel updates
Rebase kernel to upstream stable 4.14.232.
Lustre: Update to Client v2.10.8-7
CVEs fixed:
+ CVE-2020-29374 [gup: document and work around "COW can break either way" issue]
+ CVE-2021-23133 [net/sctp: fix race condition in sctp\$1destroy\$1sock]
Amazon Features and Backports:
+ bpf: Fixes up selftests after backports were fixed
+ bpf, selftests: Fixes up some test\$1verifier cases for unprivileged
+ bpf: Moves off\$1reg into sanitize\$1ptr\$1alu
+ bpf: Ensures off\$1reg has no mixed signed bounds for all types
+ bpf: Reworkes ptr\$1limit into alu\$1limit and add common error path
+ bpf: Improves verifier error messages for users
+ bpf: Refactors and streamlines bounds check into helper
+ bpf: Moves sanitize\$1val\$1alu out of op switch
+ bpf: Tightens speculative pointer arithmetic mask
+ bpf: Updates selftests to reflect new error states
+ bpf: Doesn't allow root to mangle valid pointers
+ bpf/verifier: Doesn't allow pointer subtraction
+ selftests/bpf: Fixes test\$1align
+ selftests/bpf: Makes 'dubious pointer arithmetic' test useful
+ bpf: Fixes masking negation logic upon negative dst register
+ bpf: Fixes leakage of uninitialized bpf stack under speculation
+ Reverts "net/sctp: fix race condition in sctp\$1destroy\$1sock"
+ sctp: Delays auto\$1asconf init until binding the first addr
+ cifs: Fixes panic in smb2\$1reconnect
Other Fixes:
+ arm64: Fixes inline asm in load\$1unaligned\$1zeropad()
+ ext4: Corrects the error label in ext4\$1rename()
+ x86/crash: Fixes crash\$1setup\$1memmap\$1entries() out-of-bounds access
# Amazon Linux 2 version 2.0.20210427.0 release notes
These are the release notes for Amazon Linux 2 version 2.0.20210427.0.
## Major updates
+ ec2-net-utils bug fixed with multiple secondary IPs attached to one ENI.
## Package updates
Amazon Linux 2 includes the following packages.
+ ec2-net-utils-1.5-3.amzn2.noarch
+ kernel-4.14.231-173.361.amzn2.x86\$164
+ kernel-devel-4.14.231-173.36.amzn2.x86\$164
+ kernel-headers-4.14.231-173.361.amzn2.x86\$164
+ kernel-tools-4.14.231-173.361.amzn2.x86\$164
+ pystache-0.5.3-2.amzn2.noarch
+ python-daemon-1.6-4.amzn2.noarch
+ python-lockfile-0.9.1-4.amzn2.noarch
## Kernel updates
Rebase kernel to upstream stable 4.14.231.
CVEs fixed:
+ CVE-2019-19060 [iio: imu: adis16400: release allocated memory on failure]
+ CVE-2021-28660 [staging: rtl8188eu: prevent ->ssid overflow in rtw\$1wx\$1set\$1scan()]
+ CVE-2021-29265 [usbip: fix stub\$1dev usbip\$1sockfd\$1store() races leading to gpf]
+ CVE-2021-28964 [btrfs: fix race when cloning extent buffer during rewind of an old root]
+ CVE-2021-28971 [perf/x86/intel: Fix a crash caused by zero PEBS status]
+ CVE-2021-28972 [PCI: rpadlpar: Fix potential drc\$1name corruption in store functions]
+ CVE-2021-28688 [xen-blkback: don't leak persistent grants from xen\$1blkbk\$1map()]
+ CVE-2021-29647 [net: qrtr: fix a kernel-infoleak in qrtr\$1recvmsg()]
+ CVE-2021-3483 [firewire: nosy: Fix a use-after-free bug in nosy\$1ioctl()]
+ CVE-2021-29154 [bpf, x86: Validate computation of branch displacements for x86-64]
+ CVE-2020-25670 [nfc: fix refcount leak in llcp\$1sock\$1bind()]
+ CVE-2020-25671 [nfc: fix refcount leak in llcp\$1sock\$1connect()]
+ CVE-2020-25672 [nfc: fix memory leak in llcp\$1sock\$1connect()]
Amazon Features and Backports:
+ nitro enclaves: Fixes dangling file descriptor [ALAS2-2021-1634]
+ net: Fixes gro aggregation for udp encaps with zero csum
+ net: Avoids infinite loop in mpls\$1gso\$1segment when mpls\$1hlen == 0
+ configfs: Fixed a use-after-free in configfs\$1open\$1file
+ include/linux/sched/mm.h: Use rcu\$1dereference in in\$1vfork()
+ KVM: arm64: Fixes exclusive limit for IPA size
+ ext4: Handles error of ext4\$1setup\$1system\$1zone() on remount
+ ext4: Checks journal inode extents more carefully
+ ext4: Finds old entry again if failed to rename whiteout
+ ext4: Doesn't try to set xattr into ea\$1inode if value is empty
+ ext4: Fixes potential error in ext4\$1do\$1update\$1inode
+ locking/mutex: Fixed non debug version of mutex\$1lock\$1io\$1nested()
+ ext4: Fixes bh ref count on error paths
+ ext4: Doesn't input inode under running transaction in ext4\$1rename()
+ mm: Fixes race by making init\$1zero\$1pfn() early\$1initcall
+ KVM: arm64: Disables guest access to trace filter controls
# Amazon Linux 2 version 2.0.20210421.0 release notes
These are the release notes for Amazon Linux 2 version 2.0.20210421.0.
## Major updates
+ Updated irqbalance to 1.7.0 from 1.5.0
+ AL2 AMIs default to HTTPS for repository access.
## Package updates
Amazon Linux 2 includes the following packages.
| Packages |
| --- |
| ec2-instance-connect-1.1-14.amzn2.noarch |
| ec2-net-utils-1.5-2.amzn2.noarch |
| glibc-2.26-44.amzn2.aarch64 |
| glibc-2.26-44.amzn2.x86\$164 |
| glibc-all-langpacks-2.26-44.amzn2.aarch64 |
| glibc-all-langpacks-2.26-44.amzn2.x86\$164 |
| glibc-common-2.26-44.amzn2.aarch64 |
| glibc-common-2.26-44.amzn2.x86\$164 |
| glibc-devel-2.26-44.amzn2.x86\$164 |
| glibc-headers-2.26-44.amzn2.x86\$164 |
| glibc-langpack-en-2.26-44.amzn2.aarch64 |
| glibc-langpack-en-2.26-44.amzn2.x86\$164 |
| glibc-locale-source-2.26-44.amzn2.aarch64 |
| glibc-locale-source-2.26-44.amzn2.x86\$164 |
| glibc-minimal-langpack-2.26-44.amzn2.aarch64 |
| glibc-minimal-langpack-2.26-44.amzn2.x86\$164 |
| irqbalance-1.7.0-4.amzn2.0.1.aarch64 |
| irqbalance-1.7.0-4.amzn2.0.1.x86\$164 |
| kernel-4.14.231-173.360.amzn2.aarch64 |
| kernel-4.14.231-173.360.amzn2.x86\$164 |
| kernel-devel-4.14.231-173.360.amzn2.x86\$164 |
| kernel-headers-4.14.231-173.360.amzn2.x86\$164 |
| kernel-tools-4.14.231-173.360.amzn2.aarch64 |
| kernel-tools-4.14.231-173.360.amzn2.x86\$164 |
| libcrypt-2.26-44.amzn2.aarch64 |
| libcrypt-2.26-44.amzn2.x86\$164 |
| nettle-2.7.1-9.amzn2.aarch64 |
| nettle-2.7.1-9.amzn2.x86\$164 |
| openssh-7.4p1-21.amzn2.0.3.aarch64 |
| openssh-7.4p1-21.amzn2.0.3.x86\$164 |
| openssh-clients-7.4p1-21.amzn2.0.3.aarch64 |
| openssh-clients-7.4p1-21.amzn2.0.3.x86\$164 |
| openssh-server-7.4p1-21.amzn2.0.3.aarch64 |
| openssh-server-7.4p1-21.amzn2.0.3.x86\$164 |
| python3-3.7.9-1.amzn2.0.2.aarch64 |
| python3-3.7.9-1.amzn2.0.2.x86\$164 |
| python3-daemon-2.2.3-8.amzn2.0.2.noarch |
| python3-docutils-0.14-1.amzn2.0.2.noarch |
| python3-libs-3.7.9-1.amzn2.0.2.aarch64 |
| python3-libs-3.7.9-1.amzn2.0.2.x86\$164 |
| python3-lockfile-0.11.0-17.amzn2.0.2.noarch |
| python3-pip-9.0.3-1.amzn2.0.2.noarch |
| python3-pystache-0.5.4-12.amzn2.0.1.noarch |
| python3-setuptools-38.4.0-3.amzn2.0.6.noarch |
| python3-simplejson-3.2.0-1.amzn2.0.2.aarch64 |
| python3-simplejson-3.2.0-1.amzn2.0.2.x86\$164 |
## Kernel updates
Rebase kernel to upstream stable 4.14.231.
CVEs fixed:
+ CVE-2019-19060 [iio: imu: adis16400: release allocated memory on failure]
+ CVE-2021-28660 [staging: rtl8188eu: prevent ->ssid overflow in rtw\$1wx\$1set\$1scan()]
+ CVE-2021-29265 [usbip: fix stub\$1dev usbip\$1sockfd\$1store() races leading to gpf]
+ CVE-2021-28964 [btrfs: fix race when cloning extent buffer during rewind of an old root]
+ CVE-2021-28971 [perf/x86/intel: Fix a crash caused by zero PEBS status]
+ CVE-2021-28972 [PCI: rpadlpar: Fix potential drc\$1name corruption in store functions]
+ CVE-2021-28688 [xen-blkback: do not leak persistent grants from xen\$1blkbk\$1map()]
+ CVE-2021-29647 [net: qrtr: fix a kernel-infoleak in qrtr\$1recvmsg()]
+ CVE-2021-3483 [firewire: nosy: Fix a use-after-free bug in nosy\$1ioctl()]
+ CVE-2021-29154 [bpf, x86: Validate computation of branch displacements for x86-64]
+ CVE-2020-25670 [nfc: fix refcount leak in llcp\$1sock\$1bind()]
+ CVE-2020-25671 [nfc: fix refcount leak in llcp\$1sock\$1connect()] CVE-2020-25672 [nfc: fix memory leak in llcp\$1sock\$1connect()]
Amazon Features and Backports:
+ net: Fixes gro aggregation for udp encaps with zero csum
+ net: Avoids infinite loop in mpls\$1gso\$1segment when mpls\$1hlen == 0
+ configfs: Fixes a use-after-free in configfs\$1open\$1file
+ include/linux/sched/mm.h: use rcu\$1dereference in in\$1vfork()
+ KVM: arm64: Fixes exclusive limit for IPA size
+ ext4: Handles error of ext4\$1setup\$1system\$1zone() on remount
+ ext4: Checks journal inode extents more carefully
+ ext4: Finds old entry again if failed to rename whiteout
+ ext4: Doesn't try to set xattr into ea\$1inode if value is empty
+ ext4: Fixes potential error in ext4\$1do\$1update\$1inode
+ locking/mutex: Fixes non debug version of mutex\$1lock\$1io\$1nested()
+ ext4: Fixes bh ref count on error paths
+ ext4: Doesn't iput inode under running transaction in ext4\$1rename()
+ mm: Fixes race by making init\$1zero\$1pfn() early\$1initcall
+ KVM: arm64: Disables guest access to trace filter controls
# Amazon Linux 2 version 2.0.20210326.0 release notes
These are the release notes for Amazon Linux 2 version 2.0.20210326.0.
## Major updates
None.
## Minor updates
+ Added a fix for IO regression, which was caused by memory.stat reporting subsystem in Kernel.
## Package updates
Amazon Linux 2 includes the following packages.
| Packages |
| --- |
| ec2-net-utils-1.4-43.amzn2.noarch |
| ec2-utils-1.2-43.amzn2.noarch |
| glibc-2.26-43.amzn2.aarch64 |
| glibc-2.26-43.amzn2.x86\$164 |
| glibc-all-langpacks-2.26-43.amzn2.aarch64 |
| glibc-all-langpacks-2.26-43.amzn2.x86\$164 |
| glibc-common-2.26-43.amzn2.aarch64 |
| glibc-common-2.26-43.amzn2.x86\$164 |
| glibc-devel-2.26-43.amzn2.x86\$164 |
| glibc-headers-2.26-43.amzn2.x86\$164 |
| glibc-langpack-en-2.26-43.amzn2.aarch64 |
| glibc-langpack-en-2.26-43.amzn2.x86\$164 |
| glibc-locale-source-2.26-43.amzn2.aarch64 |
| glibc-locale-source-2.26-43.amzn2.x86\$164 |
| glibc-minimal-langpack-2.26-43.amzn2.aarch64 |
| glibc-minimal-langpack-2.26-43.amzn2.x86\$164 |
| kernel-4.14.225-169.362.amzn2.aarch64 |
| kernel-4.14.225-169.362.amzn2.x86\$164 |
| kernel-devel-4.14.225-169.362.amzn2.x86\$164 |
| kernel-headers-4.14.225-169.362.amzn2.x86\$164 |
| kernel-tools-4.14.225-169.362.amzn2.aarch64 |
| kernel-tools-4.14.225-169.362.amzn2.x86\$164 |
| libcrypt-2.26-43.amzn2.aarch64 |
| libcrypt-2.26-43.amzn2.x86\$164 |
| screen-4.1.0-0.27.20120314git3c2946.amzn2.aarch64 |
| screen-4.1.0-0.27.20120314git3c2946.amzn2.x86\$164 |
# Amazon Linux 2 version 2.0.20210318.0 release notes
These are the release notes for Amazon Linux 2 version 2.0.20210318.0.
## Major updates
+ Yum will now not attempt to make IMDSv1 calls.
+ The amazon-linux-extras utility has been updated to support a simpler format of the Extras catalog. At some point in the future, the 2.0 version of amazon-linux-extras will be required to access any new Extras.
## Package updates
Amazon Linux 2 includes the following packages.
| Packages |
| --- |
| amazon-linux-extras-2.0.0-1.amzn2.noarch |
| amazon-linux-extras-yum-plugin-2.0.0-1.amzn2.noarch |
| bind-export-libs-9.11.4-26.P2.amzn2.4.x86\$164 |
| bind-libs-9.11.4-26.P2.amzn2.4.x86\$164 |
| bind-libs-lite-9.11.4-26.P2.amzn2.4.x86\$164 |
| bind-license-9.11.4-26.P2.amzn2.4.noarch |
| bind-utils-9.11.4-26.P2.amzn2.4.x86\$164 |
| cloud-init-19.3-43.amzn2.noarch |
| glibc-2.26-42.amzn2.x86\$164 |
| glibc-all-langpacks-2.26-42.amzn2.x86\$164 |
| glibc-common-2.26-42.amzn2.x86\$164 |
| glibc-devel-2.26-42.amzn2.x86\$164 |
| glibc-headers-2.26-42.amzn2.x86\$164 |
| glibc-locale-source-2.26-42.amzn2.x86\$164 |
| glibc-minimal-langpack-2.26-42.amzn2.x86\$164 |
| kernel-4.14.225-168.357.amzn2.x86\$164 |
| kernel-devel-4.14.225-168.357.amzn2.x86\$164 |
| kernel-headers-4.14.225-168.357.amzn2.x86\$164 |
| kernel-tools-4.14.225-168.357.amzn2.x86\$164 |
| libcrypt-2.26-42.amzn2.x86\$164 |
| pyliblzma-0.5.3-25.amzn2.x86\$164 |
| yum-3.4.3-158.amzn2.0.5.noarch |
## Kernel updates
Rebase kernel to upstream stable 4.14.225.
CVEs fixed:
+ CVE-2021-26930 [xen-blkback: Fixes error handling in xen\$1blkbk\$1map()]
+ CVE-2021-26931 [xen-blkback: Doesn't "handle" error by BUG()]
+ CVE-2021-26932 [Xen/x86: Doesn't bail early from clear\$1foreign\$1p2m\$1mapping()]
+ CVE-2021-27363 [scsi: iscsi: Restricts sessions and handles to admin capabilities]
+ CVE-2021-27364 [scsi: iscsi: Restricts sessions and handles to admin capabilities]
+ CVE-2021-27365 [scsi: iscsi: Ensures sysfs attributes are limited to PAGE\$1SIZE]
+ CVE-2021-28038 [Xen/gnttab: Handles p2m update errors on a per-slot basis]
Amazon Features and Backports:
+ arm64: kaslr: Refactors early init command line parsing
+ arm64: Extends the kernel command line from the bootloader
+ arm64: Exports acpi\$1psci\$1use\$1hvc() symbol
+ hwrng: Adds Gravition RNG driver
+ iommu/vt-d: Skips TE disabling on quirky gfx dedicated iommu
+ x86/x2apic: Marks set\$1x2apic\$1phys\$1mode() as init
+ x86/apic: Deinlines x2apic functions
+ x86/apic: Fixes x2apic enablement without interrupt remapping
+ x86/msi: Only uses high bits of MSI address for DMAR unit
+ x86/io\$1apic: Re-evaluates vector configuration on activate()
+ x86/ioapic: Handles Extended Destination ID field in RTE
+ x86/apic: Adds support for 15 bits of APIC ID in MSI where available
+ x86/kvm: Reserves KVM\$1FEATURE\$1MSI\$1EXT\$1DEST\$1ID
+ x86/kvm: Enables 15-bit extension for when KVM\$1FEATURE\$1MSI\$1EXT\$1DEST\$1ID is detected
+ arm64: HWCAP: Adds support for AT\$1HWCAP2
+ arm64: HWCAP: Encapsulates elf\$1hwcap
+ arm64: Implements archrandom.h for ARMv8.5-RNG
+ mm: memcontrol: Fixes NR\$1WRITEBACK leak in memcg and system stats
+ mm: memcg: Makes sure that memory.events is uptodate when waking pollers
+ mem\$1cgroup: Makes sure that moving\$1account, move\$1lock\$1task and stat\$1cpu in the same cacheline
+ mm: Fixes oom\$1kill event handling
+ mm: writeback: Uses exact memcg dirty counts
Other Fixes:
+ net\$1sched: Rejects silly cell\$1log in qdisc\$1get\$1rtab()
+ x86: always\$1inline \$1rd,wr\$1msr()
+ net: lapb: Copys the skb before sending a packet
+ ipv4: Fixes the race condition between route lookup and invalidation
+ mm: hugetlb: Fixes a race between isolating and freeing page
+ mm: hugetlb: Removes VM\$1BUG\$1ON\$1PAGE from page\$1huge\$1active
+ mm: thp: Fixes MADV\$1REMOVE deadlock on shmem THP
+ 86/apic: Adds extra serialization for non-serializing MSRs
+ iommu/vt-d: Doesn't use flush-queue when caching-mode is on
+ fgraph: Initializes tracing\$1graph\$1pause at task creation
+ ARM: Ensures that the signal page contains defined contents
+ kvm: Now checks tlbs\$1dirty directly
+ ext4: Fixes potential htree index checksum corruption
+ mm/memory.c: Fixes potential pte\$1unmap\$1unlock pte error
+ mm/hugetlb: Fixes potential double free in hugetlb\$1register\$1node() error path
+ arm64: Adds missing ISB after invalidating TLB in primary\$1switch
+ mm/rmap: Fixes potential pte\$1unmap on an not mapped pte
+ x86/reboot: Forces all cpus to exit VMX root if VMX is supported
+ mm: hugetlb: Fixes a race between freeing and dissolving the page
+ arm64 module: Sets plt\$1 section addresses to 0x0
+ xfs: Fixes assert failure in xfs\$1setattr\$1size()
# Amazon Linux 2 version 2.0.20210303.0 release notes
These are the release notes for Amazon Linux 2 version 2.0.20210303.0.
## Major updates
None.
## Package updates
Amazon Linux 2 includes the following packages.
+ kernel-4.14.219-164.354.amzn2.x86\$164
+ kernel-devel-4.14.219-164.354.amzn2.x86\$164
+ kernel-headers-4.14.219-164.354.amzn2.x86\$164
+ kernel-tools-4.14.219-164.354.amzn2.x86\$164
## Kernel updates
None.
# Amazon Linux 2 version 2.0.20210219.0 release notes
These are the release notes for Amazon Linux 2 version 2.0.20210219.0.
## Major updates
None.
## Package updates
Amazon Linux 2 includes the following packages.
| Packages |
| --- |
| boost-date-time-1.53.0-27.amzn2.0.5.x86\$164 |
| boost-system-1.53.0-27.amzn2.0.5.x86\$164 |
| boost-thread-1.53.0-27.amzn2.0.5.x86\$164 |
| ca-certificates-2020.2.41-70.0.amzn2.0.1.noarch |
| glibc-2.26-41.amzn2.aarch64 |
| glibc-2.26-41.amzn2.x86\$164 |
| glibc-all-langpacks-2.26-41.amzn2.aarch64 |
| glibc-all-langpacks-2.26-41.amzn2.x86\$164 |
| glibc-common-2.26-41.amzn2.aarch64 |
| glibc-common-2.26-41.amzn2.x86\$164 |
| glibc-devel-2.26-41.amzn2.x86\$164 |
| glibc-headers-2.26-41.amzn2.x86\$164 |
| glibc-langpack-en-2.26-41.amzn2.aarch64 |
| glibc-langpack-en-2.26-41.amzn2.x86\$164 |
| glibc-locale-source-2.26-41.amzn2.aarch64 |
| glibc-locale-source-2.26-41.amzn2.x86\$164 |
| glibc-minimal-langpack-2.26-41.amzn2.aarch64 |
| glibc-minimal-langpack-2.26-41.amzn2.x86\$164 |
| kernel-4.14.219-161.340.amzn2.aarch64 |
| kernel-4.14.219-161.340.amzn2.x86\$164 |
| kernel-devel-4.14.219-161.340.amzn2.x86\$164 |
| kernel-headers-4.14.219-161.340.amzn2.x86\$164 |
| kernel-tools-4.14.219-161.340.amzn2.aarch64 |
| kernel-tools-4.14.219-161.340.amzn2.x86\$164 |
| libcrypt-2.26-41.amzn2.aarch64 |
| libcrypt-2.26-41.amzn2.x86\$164 |
| openssl-1.0.2k-19.amzn2.0.6.aarch64 |
| openssl-1.0.2k-19.amzn2.0.6.x86\$164 |
| openssl-libs-1.0.2k-19.amzn2.0.6.aarch64 |
| openssl-libs-1.0.2k-19.amzn2.0.6.x86\$164 |
| perl-5.16.3-299.amzn2.0.1.aarch64 |
| perl-5.16.3-299.amzn2.0.1.x86\$164 |
| perl-libs-5.16.3-299.amzn2.0.1.aarch64 |
| perl-libs-5.16.3-299.amzn2.0.1.x86\$164 |
| perl-macros-5.16.3-299.amzn2.0.1.aarch64 |
| perl-macros-5.16.3-299.amzn2.0.1.x86\$164 |
| perl-Pod-Escapes-1.04-299.amzn2.0.1.noarch |
| pygpgme-0.3-9.amzn2.0.3.aarch64 |
| pygpgme-0.3-9.amzn2.0.3.x86\$164 |
| python-2.7.18-1.amzn2.0.3.aarch64 |
| python-2.7.18-1.amzn2.0.3.x86\$164 |
| python-devel-2.7.18-1.amzn2.0.3.aarch64 |
| python-devel-2.7.18-1.amzn2.0.3.x86\$164 |
| python-libs-2.7.18-1.amzn2.0.3.aarch64 |
| python-libs-2.7.18-1.amzn2.0.3.x86\$164 |
| rng-tools-6.8-3.amzn2.0.5.aarch64 |
| rng-tools-6.8-3.amzn2.0.5.x86\$164 |
| selinux-policy-3.13.1-192.amzn2.6.7.noarch |
| selinux-policy-targeted-3.13.1-192.amzn2.6.7.noarch |
| sudo-1.8.23-10.amzn2.1.aarch64 |
| sudo-1.8.23-10.amzn2.1.x86\$164 |
| unzip-6.0-43.amzn2.aarch64 |
| unzip-6.0-43.amzn2.x86\$164 |
## Kernel updates
Rebase kernel to upstream stable 4.14.219.
CVEs fixed:
+ CVE-2020-28374 [scsi: target: Fixes XCOPY NAA identifier lookup]
+ CVE-2021-3178 [nfsd4: readdirplus shouldn't return parent of export]
+ CVE-2020-27825 [tracing: Fixes race in trace\$1open and buffer resize call]
+ CVE-2021-3347 [futex: Ensures the correct return value from futex\$1lock\$1pi()]
+ CVE-2021-3348 [nbd: Freezes the queue while we're adding connections]
Amazon Features and Backports:
+ NFS: Do uncached readdir when we're seeking a cookie in an empty page cache
Other Fixes:
| Fixes |
| --- |
| virtio\$1net: Fixes issue of recursive call to cpus\$1read\$1lock() |
| net-sysfs: Uses the rtnl lock when storing xps\$1cpus |
| net: ethernet: ti: cpts: Fixes ethtool output when no ptp\$1clock registered |
| vhost\$1net: Fixes ubuf refcount incorrectly when sendmsg fails |
| net-sysfs: Uses the rtnl lock when accessing xps\$1cpus\$1map and num\$1tc |
| crypto: ecdh - Avoids buffer overflow in ecdh\$1set\$1secret() |
| x86/mm: Fixes leak of pmd ptlock |
| KVM: x86: Fixes shift out of bounds reported by UBSAN |
| net: ip: Always refragment ip defragmented packets |
| x86/resctrl: Uses an IPI instead of task\$1work\$1add() to update PQR\$1ASSOC MSR |
| x86/resctrl: Doesn't move a task to the same resource group |
| cpufreq: powernow-k8: Passes policy rather than use cpufreq\$1cpu\$1get() |
| iommu/intel: Fixed memleak in intel\$1irq\$1remapping\$1alloc |
| KVM: arm64: Doesn't access PMCR\$1EL0 when no PMU is available |
| mm/hugetlb: Fixes potential missing huge page size info |
| dm snapshot: Adds flush merged data before committing metadata |
| ext4: Fixes bug for rename with RENAME\$1WHITEOUT |
| NFS4: Fixes use-after-free in trace\$1event\$1raw\$1event\$1nfs4\$1set\$1lock |
| ext4: Fixes superblock checksum failure when setting password salt |
| mm, slub: Considers rest of partial list if acquire\$1slab() fails |
| rxrpc: Fixes handling of an unsupported token type in rxrpc\$1read() |
| tipc: Fixes NULL deref in tipc\$1link\$1xmit() |
| net: Uses skb\$1list\$1del\$1init() to remove from RX sublists |
| net: Introduces skb\$1list\$1walk\$1safe for skb segment walking |
| dm: Avoids filesystem lookup in dm\$1get\$1dev\$1t() |
| skbuff: Backs tiny skbs with kmalloc() in \$1\$1netdev\$1alloc\$1skb() too |
| tracing: Fixed race in trace\$1open and buffer resize call |
| x86/boot/compressed: Disables relocation relaxation |
| nbd: Freezes the queue while we're adding connections |
| KVM: x86: Gets smi pending status correctly |
| x86/entry/64/compat: Preserves r8-r11 in int \$10x80 |
| x86/entry/64/compat: Fixes x86/entry/64/compat: Preserve r8-r11 in int \$10x80 |
# Amazon Linux 2 version 2.0.20210126.0 release notes
These are the release notes for Amazon Linux 2 version 2.0.20210126.0.
## Major updates
+ Amazon Linux 2 can now connect to its yum repositories over HTTPS. This can be enabled on boot or at runtime. Amazon Linux 2 can now connect to its yum repositories over HTTPS. This can be enabled on boot or at runtime.
## Package updates
Amazon Linux 2 includes the following packages.
| Packages |
| --- |
| chrony-3.5.1-1.amzn2.0.1.aarch64 |
| chrony-3.5.1-1.amzn2.0.1.x86\$164 |
| cloud-init-19.3-5.amzn2.noarch |
| cuda-9.2.88-0.amzn2.x86\$164 |
| kernel-4.14.214-160.339.amzn2.aarch64 |
| kernel-4.14.214-160.339.amzn2.x86\$164 |
| kernel-devel-4.14.214-160.339.amzn2.x86\$164 |
| kernel-headers-4.14.214-160.339.amzn2.x86\$164 |
| kernel-tools-4.14.214-160.339.amzn2.aarch64 |
| kernel-tools-4.14.214-160.339.amzn2.x86\$164 |
| kpatch-runtime-0.9.2-4.amzn2.noarch |
| libsss\$1idmap-1.16.5-10.amzn2.6.aarch64 |
| libsss\$1idmap-1.16.5-10.amzn2.6.x86\$164 |
| libsss\$1nss\$1idmap-1.16.5-10.amzn2.6.aarch64 |
| libsss\$1nss\$1idmap-1.16.5-10.amzn2.6.x86\$164 |
| ncurses-compat-libs-6.0-8.20170212.amzn2.1.3.x86\$164 |
| nettle-2.7.1-8.amzn2.0.2.aarch64 |
| nettle-2.7.1-8.amzn2.0.2.x86\$164 |
| p11-kit-0.23.22-1.amzn2.0.1.aarch64 |
| p11-kit-0.23.22-1.amzn2.0.1.x86\$164 |
| p11-kit-trust-0.23.22-1.amzn2.0.1.aarch64 |
| p11-kit-trust-0.23.22-1.amzn2.0.1.x86\$164 |
| sssd-client-1.16.5-10.amzn2.6.aarch64 |
| sssd-client-1.16.5-10.amzn2.6.x86\$164 |
| sudo-1.8.23-4.amzn2.2.1.aarch64 |
| sudo-1.8.23-4.amzn2.2.1.x86\$164 |
| tzdata-2020d-2.amzn2.noarch |
| xorg-x11-server-common-1.20.4-15.amzn2.0.1.x86\$164 |
| xorg-x11-server-Xorg-1.20.4-15.amzn2.0.1.x86\$164 |
## Kernel updates
Rebase kernel to upstream stable 4.14.214.
CVEs fixed:
+ CVE-2019-19813 [btrfs: inode: Verify inode mode to avoid NULL pointer dereference]
+ CVE-2019-19816 [btrfs: inode: Verify inode mode to avoid NULL pointer dereference]
+ CVE-2020-29661 [tty: Fix ->pgrp locking in tiocspgrp()]
+ CVE-2020-29660 [tty: Fix ->session locking]
+ CVE-2020-27830 [speakup: Reject setting the speakup line discipline outside of speakup]
+ CVE-2020-27815 [jfs: Fix array index bounds check in dbAdjTree]
+ CVE-2020-29568 [xen/xenbus: Allow watches discard events before queueing]
+ CVE-2020-29569 [xen-blkback: set ring->xenblkd to NULL after kthread\$1stop()]
Amazon Features and Backports:
+ SMB3: Adds support for getting and setting SACLs
+ Adds SMB 2 support for getting and setting SACLs
Other Fixes:
+ mm: memcontrol: Fixes excessive complexity in memory.stat reporting
+ PCI: Fixes pci\$1slot\$1release() NULL pointer dereference
+ ext4: Fixes deadlock with fs freezing and EA inodes
+ ext4: Fixes a memory leak of ext4\$1free\$1data
+ sched/deadline: Fixes sched\$1dl\$1global\$1validate()
+ cifs: Fixes potential use-after-free in cifs\$1echo\$1request()
+ btrfs: Fixes return value mixup in btrfs\$1get\$1extent
+ btrfs: Fixes lockdep splat when reading qgroup config on mount