Major updates Package updates Kernel updates

Amazon Linux 2 version 2.0.20220606.1.0 release notes

These are the release notes for Amazon Linux 2 version 2.0.20220606.1.0.

Major updates

systemd: Correct an issue that could in some cases prevent an instance from mounting its root filesystem at boot.

Package updates

Amazon Linux 2 includes the following packages.

Packages
`cpp-7.3.1-15.amzn2.x86_64`
`curl-7.79.1-2.amzn2.0.1.aarch64`
`curl-7.79.1-2.amzn2.0.1.x86_64`
`dracut-033-535.amzn2.1.6.aarch64`
`dracut-033-535.amzn2.1.6.x86_64`
`dracut-config-generic-033-535.amzn2.1.6.aarch64`
`dracut-config-generic-033-535.amzn2.1.6.x86_64`
`gcc-7.3.1-15.amzn2.x86_64`
`gcc-c-7.3.1-15.amzn2.x86_64`
`iproute-5.10.0-2.amzn2.0.2.aarch64`
`iproute-5.10.0-2.amzn2.0.2.x86_64`
`kernel-4.14.281-212.502.amzn2.aarch64`
`kernel-4.14.281-212.502.amzn2.x86_64`
`kernel-5.10.118-111.515.amzn2.aarch64`
`kernel-5.10.118-111.515.amzn2.x86_64`
`kernel-devel-4.14.281-212.502.amzn2.x86_64`
`kernel-headers-4.14.281-212.502.amzn2.x86_64`
`kernel-tools-4.14.281-212.502.amzn2.aarch64`
`kernel-tools-4.14.281-212.502.amzn2.x86_64`
`kernel-tools-5.10.118-111.515.amzn2.aarch64`
`kernel-tools-5.10.118-111.515.amzn2.x86_64`
`libatomic-7.3.1-15.amzn2.x86_64`
`libcilkrts-7.3.1-15.amzn2.x86_64`
`libcurl-7.79.1-2.amzn2.0.1.aarch64`
`libcurl-7.79.1-2.amzn2.0.1.x86_64`
`libgcc-7.3.1-15.amzn2.aarch64`
`libgcc-7.3.1-15.amzn2.x86_64`
`libgomp-7.3.1-15.amzn2.aarch64`
`libgomp-7.3.1-15.amzn2.x86_64`
`libitm-7.3.1-15.amzn2.x86_64`
`libmpx-7.3.1-15.amzn2.x86_64`
`libquadmath-7.3.1-15.amzn2.x86_64`
`libsanitizer-7.3.1-15.amzn2.x86_64`
`libstdc-7.3.1-15.amzn2.aarch64`
`libstdc-7.3.1-15.amzn2.x86_64`
`libtiff-4.0.3-35.amzn2.0.2.aarch64`
`libtiff-4.0.3-35.amzn2.0.2.x86_64`
`microcode_ctl-2.1-47.amzn2.0.12.x86_64`
`openldap-2.4.44-23.amzn2.0.4.aarch64`
`openldap-2.4.44-23.amzn2.0.4.x86_64`
`openssl-1.0.2k-24.amzn2.0.3.aarch64`
`openssl-1.0.2k-24.amzn2.0.3.x86_64`
`openssl-libs-1.0.2k-24.amzn2.0.3.aarch64`
`openssl-libs-1.0.2k-24.amzn2.0.3.x86_64`
`python-2.7.18-1.amzn2.0.5.aarch64`
`python-2.7.18-1.amzn2.0.5.x86_64`
`python-devel-2.7.18-1.amzn2.0.5.aarch64`
`python-devel-2.7.18-1.amzn2.0.5.x86_64`
`python-libs-2.7.18-1.amzn2.0.5.aarch64`
`python-libs-2.7.18-1.amzn2.0.5.x86_64`
`rsyslog-8.24.0-57.amzn2.2.0.1.aarch64`
`rsyslog-8.24.0-57.amzn2.2.0.1.x86_64`
`systemd-219-78.amzn2.0.18.aarch64`
`systemd-219-78.amzn2.0.18.x86_64`
`systemd-libs-219-78.amzn2.0.18.aarch64`
`systemd-libs-219-78.amzn2.0.18.x86_64`
`systemd-sysv-219-78.amzn2.0.18.aarch64`
`systemd-sysv-219-78.amzn2.0.18.x86_64`
`vim-common-8.2.4857-1.amzn2.0.1.aarch64`
`vim-common-8.2.4857-1.amzn2.0.1.x86_64`
`vim-data-8.2.4857-1.amzn2.0.1.noarch`
`vim-enhanced-8.2.4857-1.amzn2.0.1.aarch64`
`vim-enhanced-8.2.4857-1.amzn2.0.1.x86_64`
`vim-filesystem-8.2.4857-1.amzn2.0.1.noarch`
`vim-minimal-8.2.4857-1.amzn2.0.1.aarch64`
`vim-minimal-8.2.4857-1.amzn2.0.1.x86_64`

Kernel updates

kernel-4.14.281-212.502.amzn2

Rebase kernel to upstream stable 4.14.281

CVEs fixed:

CVE-2022-29581 [net/sched: cls_u32: fix netns refcount changes in u32_change()]
CVE-2022-0854 [swiotlb: rework \]
CVE-2022-1729 [perf: Fix sys_perf_event_open() race against self]
CVE-2022-1516 [net/x25: Fix null-ptr-deref caused by x25_disconnect]
CVE-2022-30594 [ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE]

Amazon Features and Backports:

ENA: Update to v2.
arm64: paravirt: Use RCU read locks to guard stolen_time
lustre: update to AmazonFSxLustreClient v2.10.8-11

kernel-5.10.118-111.515.amzn2

Rebase kernel to upstream stable 5.10.118

CVEs fixed:

CVE-2022-29581 [net/sched: cls_u32: fix netns refcount changes in u32_change()]
CVE-2022-0494 [block-map: add GFP_ZERO flag for alloc_page in function bio_copy_kern]
CVE-2022-28893 [SUNRPC: Ensure we flush any closed sockets before xs_xprt_free()]
CVE-2022-0854 [swiotlb: rework \]
CVE-2022-1729 [perf: Fix sys_perf_event_open() race against self]
CVE-2022-1786 [io_uring: remove io_identity]

Amazon Features and Backports:

ENA: Update to v2.7.1

lustre: update to AmazonFSxLustreClient v2.10.8-11

Correct read overflow in page touching DMA ops binding

iov_iter: track truncated size

io_uring: reexpand under-reexpanded iters

bpf: Generalize check_ctx_reg for reuse with other types

bpf: Mark PTR_TO_FUNC register initially with zero offset

bpf: Generally fix helper register offset check

bpf: Fix out of bounds access for ringbuf helpers

bpf: Fix ringbuf memory type confusion when passing to helpers

bpf: Consolidate shared test timing code

bpf: Add PROG_TEST_RUN support for sk_lookup programs

selftests/bpf: Add verifier test for PTR_TO_MEM spill

bpf, selftests: Add verifier test for mem_or_null register with offset.

bpf, selftests: Add various ringbuf tests with invalid offset

mm/migrate: Don't drop mapping lock in unmap_and_move_huge_page()

config: enable CONFIG_DM_ZONED as a module

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

August 2, 2022

April 26, 2022