Amazon Linux 2 version 2.0.20211103.0 release notes - Amazon Linux 2

Amazon Linux 2 version 2.0.20211103.0 release notes

These are the release notes for Amazon Linux 2 version 2.0.20211103.0.

Major updates

  • system-release was updated to point the Amazon Linux repositories to the Amazon S3 dual stack IPv4/IPv6 endpoint.

    Note

    The package data itself is still served from IPv4-only endpoints.

Package updates

Amazon Linux 2 includes the following packages.

Packages

aws-cfn-bootstrap-2.0-9.amzn2.noarch

dracut-config-ec2-2.0-2.amzn2.noarch

ec2-instance-connect-1.1-15.amzn2.noarch

glibc-2.26-56.amzn2.aarch64

glibc-2.26-56.amzn2.x86_64

glibc-all-langpacks-2.26-56.amzn2.aarch64

glibc-all-langpacks-2.26-56.amzn2.x86_64

glibc-common-2.26-56.amzn2.aarch64

glibc-common-2.26-56.amzn2.x86_64

glibc-devel-2.26-56.amzn2.x86_64

glibc-headers-2.26-56.amzn2.x86_64

glibc-langpack-en-2.26-56.amzn2.aarch64

glibc-langpack-en-2.26-56.amzn2.x86_64

glibc-locale-source-2.26-56.amzn2.aarch64

glibc-locale-source-2.26-56.amzn2.x86_64

glibc-minimal-langpack-2.26-56.amzn2.aarch64

glibc-minimal-langpack-2.26-56.amzn2.x86_64

kernel-4.14.252-195.483.amzn2.aarch64

kernel-4.14.252-195.483.amzn2.x86_64

kernel-devel-4.14.252-195.483.amzn2.x86_64

kernel-headers-4.14.252-195.483.amzn2.x86_64

kernel-tools-4.14.252-195.483.amzn2.aarch64

kernel-tools-4.14.252-195.483.amzn2.x86_64

kpatch-runtime-0.9.4-2.amzn2.noarch

libcrypt-2.26-56.amzn2.aarch64

libcrypt-2.26-56.amzn2.x86_64

openssl-1.0.2k-19.amzn2.0.10.aarch64

openssl-1.0.2k-19.amzn2.0.10.x86_64

openssl-libs-1.0.2k-19.amzn2.0.10.aarch64

openssl-libs-1.0.2k-19.amzn2.0.10.x86_64

system-release-2-14.amzn2.aarch64

system-release-2-14.amzn2.x86_64

Kernel updates

Rebase kernel to upstream stable 4.14.252.

CVEs fixed:

  • CVE-2021-37159 [usb: hso: fix error handling code of hso_create_net_device]

  • CVE-2021-3744 [crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()]

  • CVE-2021-3764 [crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()]

  • CVE-2021-20317 [lib/timerqueue: Rely on rbtree semantics for next timer]

  • CVE-2021-20321 [ovl: fix missing negative dentry check in ovl_rename()]

  • CVE-2021-41864 [bpf: Fix integer overflow in prealloc_elems_and_freelist()]

Amazon Features and Backports:

  • Enable nitro-enclaves driver for arm64

Other Fixes:

  • md: Fixes a lock order reversal in md_alloc

  • arm64: Marks stack_chk_guard as ro_after_init

  • cpufreq: schedutil: Uses kobject release() method to free sugov_tunables

  • cpufreq: schedutil: Destroys mutex before kobject_put() frees the memory

  • ext4: Fixes potential infinite loop in ext4_dx_readdir()

  • nfsd4: Handles the NFSv4 READDIR 'dircount' hint being zero

  • net_sched: Fixes NULL deref in fifo_set_limit()

  • perf/x86: Resets destroy callback on event init failure

  • virtio: Writes back F_VERSION_1 before validation