Amazon Linux 2 06/17/2020 release notes - Amazon Linux 2

Amazon Linux 2 06/17/2020 release notes

These are release notes for Amazon Linux 2.

Major updates

  • Python 2.7 updated to most recent upstream version - 2.7.18.

    Note

    Amazon Linux will continue to provide security fixes to Python 2.7 according to our Amazon Linux 2 support timeline. See Amazon Linux 2 FAQs.

  • ca-certificates fix for Sectigo intermediate CA expiration

    Note

    For more information, see this forum thread.

  • New Kernel with fixes for five CVEs (see below).

Package updates

Amazon Linux 2 includes the following packages.

Packages

amazon-linux-extras-1.6.11-1

bind-export-libs-9.11.4-9

ca-certificates-2019.2.32-76

cloud-init-19.3-3,freetype-2.8-14

gdisk-0.8.10-3,glib2-2.56.1-5

kernel-4.14.181-140.257

libicu-50.2-4

libpng-1.5.13-7

python-2.7.18-1

python-devel-2.7.18-1

python-libs-2.7.18-1

python2-rpm-4.11.3-40

rpm-4.11.3-40

rpm-build-libs-4.11.3-40

rpm-libs-4.11.3-40

rpm-plugin-systemd-inhibit-4.11.3-40

selinux-policy-3.13.1-192

selinux-policy-targeted-3.13.1-192

yum-3.4.3-1

Kernel updates

Rebase kernel to upstream stable 4.14.181.

Updated ENA module to version 2.2.8.

CVEs fixed:

  • CVE-2019-19319 [ext4: Protects journal inode's blocks using block_validity]

  • CVE-2020-10751 [selinux: Properly handles multiple messages in selinux_netlink_send()]

  • CVE-2020-1749 [net: ipv6_stub: Uses ip6_dst_lookup_flow instead of ip6_dst_lookup]

  • CVE-2019-19768 [blktrace: Protects q->blk_trace with RCU]

  • CVE-2020-12770 [scsi: sg: Adds sg_remove_request in sg_write]

Other Fixes:

  • Fix for a deadlock condition in xen-blkfront [xen-blkfront: Delay flush till queue lock dropped]

  • Fix for ORC unwinding [x86/unwind/orc: Fix unwind_get_return_address_ptr() for inactive tasks]