Amazon Linux 2.0.20201218.0 release notes

Amazon Linux 2 was updated.

Major updates

Amazon Linux 2 includes the following update.

• Multiple security updates. For a complete list, see https://alas.aws.amazon.com/.

• Renewed GPG key

• Update to system-release to allow for use of HTTPS repositories for Amazon Linux

Package updates

Amazon Linux 2 includes the following packages.

Packages
amazon-linux-extras-1.6.13-1.amzn2.noarch
amazon-linux-extras-yum-plugin-1.6.13-1.amzn2.noarch
bind-export-libs-9.11.4-26.P2.amzn2.2.aarch64
bind-export-libs-9.11.4-26.P2.amzn2.2.x86_64
bind-libs-9.11.4-26.P2.amzn2.2.aarch64
bind-libs-9.11.4-26.P2.amzn2.2.x86_64
bind-libs-lite-9.11.4-26.P2.amzn2.2.aarch64
bind-libs-lite-9.11.4-26.P2.amzn2.2.x86_64
bind-license-9.11.4-26.P2.amzn2.2.noarch
bind-utils-9.11.4-26.P2.amzn2.2.aarch64
bind-utils-9.11.4-26.P2.amzn2.2.x86_64
cairo-1.15.12-4.amzn2.x86_64
cpp-7.3.1-12.amzn2.x86_64
dejavu-fonts-common-2.33-6.amzn2.noarch
dejavu-sans-fonts-2.33-6.amzn2.noarch
dejavu-sans-mono-fonts-2.33-6.amzn2.noarch
dejavu-serif-fonts-2.33-6.amzn2.noarch
fontconfig-2.13.0-4.3.amzn2.x86_64
fontpackages-filesystem-1.44-8.amzn2.noarch
freeglut-devel-3.0.0-8.amzn2.x86_64
freetype-2.8-14.amzn2.1.aarch64
freetype-2.8-14.amzn2.1.x86_64
gcc-7.3.1-12.amzn2.x86_64
gcc-c-7.3.1-12.amzn2.x86_64
giflib-4.1.6-9.amzn2.0.2.x86_64
glibc-2.26-39.amzn2.aarch64
glibc-2.26-39.amzn2.x86_64
glibc-all-langpacks-2.26-39.amzn2.aarch64
glibc-all-langpacks-2.26-39.amzn2.x86_64
glibc-common-2.26-39.amzn2.aarch64
glibc-common-2.26-39.amzn2.x86_64
glibc-devel-2.26-39.amzn2.x86_64
glibc-headers-2.26-39.amzn2.x86_64
glibc-langpack-en-2.26-39.amzn2.aarch64
glibc-langpack-en-2.26-39.amzn2.x86_64
glibc-locale-source-2.26-39.amzn2.aarch64
glibc-locale-source-2.26-39.amzn2.x86_64
glibc-minimal-langpack-2.26-39.amzn2.aarch64
glibc-minimal-langpack-2.26-39.amzn2.x86_64
gl-manpages-1.1-7.20130122.amzn2.noarch
gpg-pubkey-7fa2af80-576db785
java-11-amazon-corretto-11.0.912-1.amzn2.x86_64
java-11-amazon-corretto-headless-11.0.912-1.amzn2.x86_64
javapackages-tools-3.4.1-11.amzn2.noarch
kernel-4.14.209-160.339.amzn2.aarch64
kernel-4.14.209-160.339.amzn2.x86_64
kernel-devel-4.14.209-160.339.amzn2.x86_64
kernel-headers-4.14.209-160.339.amzn2.x86_64
kernel-tools-4.14.209-160.339.amzn2.aarch64
kernel-tools-4.14.209-160.339.amzn2.x86_64
libatomic-7.3.1-12.amzn2.x86_64
libcilkrts-7.3.1-12.amzn2.x86_64
libcrypt-2.26-39.amzn2.aarch64
libcrypt-2.26-39.amzn2.x86_64
libdrm-devel-2.4.97-2.amzn2.x86_64
libgcc-7.3.1-12.amzn2.aarch64
libgcc-7.3.1-12.amzn2.x86_64
libglvnd-core-devel-1.0.1-0.1.git5baa1e5.amzn2.0.1.x86_64
libglvnd-devel-1.0.1-0.1.git5baa1e5.amzn2.0.1.x86_64
libglvnd-opengl-1.0.1-0.1.git5baa1e5.amzn2.0.1.x86_64
libgomp-7.3.1-12.amzn2.aarch64
libgomp-7.3.1-12.amzn2.x86_64
libICE-devel-1.0.9-9.amzn2.0.2.x86_64
libitm-7.3.1-12.amzn2.x86_64
libmpx-7.3.1-12.amzn2.x86_64
libquadmath-7.3.1-12.amzn2.x86_64
libsanitizer-7.3.1-12.amzn2.x86_64
libSM-devel-1.2.2-2.amzn2.0.2.x86_64
libstdc-7.3.1-12.amzn2.aarch64
libstdc-7.3.1-12.amzn2.x86_64
libvdpau-1.1.1-3.amzn2.0.2.x86_64
libX11-1.6.7-3.amzn2.x86_64
libX11-common-1.6.7-3.amzn2.noarch
libX11-devel-1.6.7-3.amzn2.x86_64
libXau-devel-1.0.8-2.1.amzn2.0.2.x86_64
libxcb-devel-1.12-1.amzn2.0.2.x86_64
libXdamage-devel-1.1.4-4.1.amzn2.0.2.x86_64
libXext-devel-1.3.3-3.amzn2.0.2.x86_64
libXfixes-devel-5.0.3-1.amzn2.0.2.x86_64
libXi-devel-1.7.9-1.amzn2.0.2.x86_64
libXmu-devel-1.1.2-2.amzn2.0.2.x86_64
libxslt-1.1.28-6.amzn2.x86_64
libXt-devel-1.1.5-3.amzn2.0.2.x86_64
libXxf86vm-devel-1.1.4-1.amzn2.0.2.x86_64
mesa-khr-devel-18.3.4-5.amzn2.0.1.x86_64
mesa-libGL-devel-18.3.4-5.amzn2.0.1.x86_64
mesa-libGLU-devel-9.0.0-4.amzn2.0.2.x86_64
openssl-1.0.2k-19.amzn2.0.4.aarch64
openssl-1.0.2k-19.amzn2.0.4.x86_64
openssl-libs-1.0.2k-19.amzn2.0.4.aarch64
openssl-libs-1.0.2k-19.amzn2.0.4.x86_64
python-javapackages-3.4.1-11.amzn2.noarch
python-lxml-3.2.1-4.amzn2.0.2.x86_64
selinux-policy-3.13.1-192.amzn2.6.5.noarch
selinux-policy-targeted-3.13.1-192.amzn2.6.5.noarch
system-release-2-13.amzn2.aarch64
system-release-2-13.amzn2.x86_64
vulkan-filesystem-1.0.61.1-2.amzn2.noarch
xorg-x11-proto-devel-2018.4-1.amzn2.0.2.noarch
xorg-x11-server-common-1.20.4-12.amzn2.0.1.x86_64
xorg-x11-server-Xorg-1.20.4-12.amzn2.0.1.x86_64

Kernel updates

Rebase kernel to upstream stable 4.14.209.

ENA driver: update to v2.4.0

CVEs fixed:

• CVE-2020-27777 [powerpc/rtas: Restricts RTAS requests from userspace]

• CVE-2020-25668 [tty: Makes FONTX ioctl use the tty pointer they were actually passed]

• CVE-2020-25656 [vt: Keyboard, extend func_buf_lock to readers]

• CVE-2020-28974 [vt: Disables KD_FONT_OP_COPY]

• CVE-2019-19770 [blktrace: Fixes debugfs use after free]

• CVE-2020-8694 [powercap: Restricts energy meter to root access]

• CVE-2020-14351 [perf/core: Fixes race in the perf_mmap_close() function]

• CVE-2020-27673 [xen/events: Adds a proper barrier to 2-level uevent unmasking]

• CVE-2020-27675 [xen/events: Avoids removing an event channel while handling it]

• CVE-2020-25704 [perf/core: Fixes a memory leak in perf_event_parse_addr_filter()]

• CVE-2020-25669 [Input: sunkbd * Avoids use-after-free in teardown paths]

• CVE-2020-28941 [speakup: Doesn't let the line discipline be used several times]

Other Fixes:

• PM: hibernate: Batch hibernate and resume IO requests

• nfsd: Fixes races between nfsd4_cb_release() and nfsd4_shutdown_callback()

• x86/unwind/orc: Fixes inactive tasks with stack pointer in %sp on GCC 10 compiled kernels

• ext4: Fixes leaking sysfs kobject after failed mount

• xfs: Flushes new eof page on truncate to avoid post-eof corruption

• time: Prevents undefined behaviour in timespec64_to_ns()

• mm: mempolicy: Fixes potential pte_unmap_unlock pte error

• blk-cgroup: Fixes memleak on error path