Amazon Linux 2 version 2.0.20200824.0 release notes - Amazon Linux 2

Amazon Linux 2 version 2.0.20200824.0 release notes

These are the release notes for Amazon Linux 2 version 2.0.20200824.0.

Major updates

  • This release contains security updates for gettext, python2-rsa, and python. We have also included the updated AWS CLI, and a bug fix for the amazon-linux-extras utility to no longer recommend deprecated topics.

Package updates

Amazon Linux 2 includes the following packages.

Packages

amazon-linux-extras-1.6.12-1.amzn2.noarch

amazon-linux-extras-yum-plugin-1.6.12-1.amzn2.noarch

awscli-1.18.107-1.amzn2.0.1.noarch

ca-certificates-2019.2.32-76.amzn2.0.3.noarch

gettext-0.19.8.1-3.amzn2.x86_64

gettext-libs-0.19.8.1-3.amzn2.x86_64

kernel-4.14.192-147.314.amzn2.x86_64

kernel-tools-4.14.192-147.314.amzn2.x86_64

kpatch-runtime-0.8.0-4.amzn2.noarch

python-2.7.18-1.amzn2.0.1.x86_64

python-devel-2.7.18-1.amzn2.0.1.x86_64

python-libs-2.7.18-1.amzn2.0.1.x86_64

python2-botocore-1.17.31-1.amzn2.0.1.noarch

python2-rsa-3.4.1-1.amzn2.0.1.noarch

tzdata-2020a-1.amzn2.noarch

Kernel updates

Rebase kernel to upstream stable 4.14.192.

Include Nitro Enclave module.

CVEs fixed:

  • CVE-2017-18232 [kernel: Mishandling mutex within libsas allowing local Denial of Service]

  • CVE-2018-10323 [kernel: Invalid pointer dereference in xfs_bmapi_write() when mounting and operating on crafted xfs image allows denial of service]

  • CVE-2018-8043 [kernel: NULL pointer dereference in drivers/net/phy/mdio-bcm-unimac.c:unimac_mdio_probe() can lead to denial of service]

  • CVE-2019-18808 [kernel: memory leak in ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c]

  • CVE-2019-19054 [kernel: A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c allows attackers to cause a DoS]

  • CVE-2019-19061 [kernel: A memory leak in the adis_update_scan_mode_burst() function in drivers/iio/imu/adis_buffer.c allows for a DoS]

  • CVE-2019-19073 [kernel: Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel (DOS)]

  • CVE-2019-19074 [kernel: a memory leak in the ath9k management function in allows local DoS]

  • CVE-2019-3016 [kernel: kvm: Information leak within a KVM guest]

  • CVE-2019-9445 [kernel: out of bounds read due to missing bounds check in F2FS driver leads to local information disclosure]

  • CVE-2020-10781 [kernel: zram sysfs resource consumption]

  • CVE-2020-12655 [kernel: sync of excessive duration via an XFS v5 image with crafted metadata]

  • CVE-2020-15393 [kernel: memory leak in usbtest_disconnect function in drivers/usb/misc/usbtest.c]

Other Fixes:

  • Fixes memory leak in network device registration [net: fix memleak in register_netdevice()]

  • Fixes unresponsive system when simultaneously onlining/offlining block queues [blk-mq: fix unresponsive system caused by freeze/unfreeze sequence]

  • Fixes build error in kunit tests [kunit: fix failure to build without printk]

  • Fixes build error in xfs [xfs: fix string handling in label get/set functions]