Amazon Linux 2 version 2.0.20210126.0 release notes - Amazon Linux 2

Amazon Linux 2 version 2.0.20210126.0 release notes

These are the release notes for Amazon Linux 2 version 2.0.20210126.0.

Major updates

  • Amazon Linux 2 can now connect to its yum repositories over HTTPS. This can be enabled on boot or at runtime. Amazon Linux 2 can now connect to its yum repositories over HTTPS. This can be enabled on boot or at runtime.

Package updates

Amazon Linux 2 includes the following packages.

Packages

chrony-3.5.1-1.amzn2.0.1.aarch64

chrony-3.5.1-1.amzn2.0.1.x86_64

cloud-init-19.3-5.amzn2.noarch

cuda-9.2.88-0.amzn2.x86_64

kernel-4.14.214-160.339.amzn2.aarch64

kernel-4.14.214-160.339.amzn2.x86_64

kernel-devel-4.14.214-160.339.amzn2.x86_64

kernel-headers-4.14.214-160.339.amzn2.x86_64

kernel-tools-4.14.214-160.339.amzn2.aarch64

kernel-tools-4.14.214-160.339.amzn2.x86_64

kpatch-runtime-0.9.2-4.amzn2.noarch

libsss_idmap-1.16.5-10.amzn2.6.aarch64

libsss_idmap-1.16.5-10.amzn2.6.x86_64

libsss_nss_idmap-1.16.5-10.amzn2.6.aarch64

libsss_nss_idmap-1.16.5-10.amzn2.6.x86_64

ncurses-compat-libs-6.0-8.20170212.amzn2.1.3.x86_64

nettle-2.7.1-8.amzn2.0.2.aarch64

nettle-2.7.1-8.amzn2.0.2.x86_64

p11-kit-0.23.22-1.amzn2.0.1.aarch64

p11-kit-0.23.22-1.amzn2.0.1.x86_64

p11-kit-trust-0.23.22-1.amzn2.0.1.aarch64

p11-kit-trust-0.23.22-1.amzn2.0.1.x86_64

sssd-client-1.16.5-10.amzn2.6.aarch64

sssd-client-1.16.5-10.amzn2.6.x86_64

sudo-1.8.23-4.amzn2.2.1.aarch64

sudo-1.8.23-4.amzn2.2.1.x86_64

tzdata-2020d-2.amzn2.noarch

xorg-x11-server-common-1.20.4-15.amzn2.0.1.x86_64

xorg-x11-server-Xorg-1.20.4-15.amzn2.0.1.x86_64

Kernel updates

Rebase kernel to upstream stable 4.14.214.

CVEs fixed:

  • CVE-2019-19813 [btrfs: inode: Verify inode mode to avoid NULL pointer dereference]

  • CVE-2019-19816 [btrfs: inode: Verify inode mode to avoid NULL pointer dereference]

  • CVE-2020-29661 [tty: Fix ->pgrp locking in tiocspgrp()]

  • CVE-2020-29660 [tty: Fix ->session locking]

  • CVE-2020-27830 [speakup: Reject setting the speakup line discipline outside of speakup]

  • CVE-2020-27815 [jfs: Fix array index bounds check in dbAdjTree]

  • CVE-2020-29568 [xen/xenbus: Allow watches discard events before queueing]

  • CVE-2020-29569 [xen-blkback: set ring->xenblkd to NULL after kthread_stop()]

Amazon Features and Backports:

  • SMB3: Adds support for getting and setting SACLs

  • Adds SMB 2 support for getting and setting SACLs

Other Fixes:

  • mm: memcontrol: Fixes excessive complexity in memory.stat reporting

  • PCI: Fixes pci_slot_release() NULL pointer dereference

  • ext4: Fixes deadlock with fs freezing and EA inodes

  • ext4: Fixes a memory leak of ext4_free_data

  • sched/deadline: Fixes sched_dl_global_validate()

  • cifs: Fixes potential use-after-free in cifs_echo_request()

  • btrfs: Fixes return value mixup in btrfs_get_extent

  • btrfs: Fixes lockdep splat when reading qgroup config on mount