Amazon Linux 2.0.20210318.0 release notes - Amazon Linux 2
Major updatesPackage updatesKernel updates

Amazon Linux 2.0.20210318.0 release notes

Amazon Linux 2 was updated.

Major updates

Amazon Linux 2 includes the following update.

  • Yum will now not attempt to make IMDSv1 calls.

  • The amazon-linux-extras utility has been updated to support a simpler format of the Extras catalog. At some point in the future, the 2.0 version of amazon-linux-extras will be required to access any new Extras.

Package updates

Amazon Linux 2 includes the following packages.

Packages

amazon-linux-extras-2.0.0-1.amzn2.noarch

amazon-linux-extras-yum-plugin-2.0.0-1.amzn2.noarch

bind-export-libs-9.11.4-26.P2.amzn2.4.x86_64

bind-libs-9.11.4-26.P2.amzn2.4.x86_64

bind-libs-lite-9.11.4-26.P2.amzn2.4.x86_64

bind-license-9.11.4-26.P2.amzn2.4.noarch

bind-utils-9.11.4-26.P2.amzn2.4.x86_64

cloud-init-19.3-43.amzn2.noarch

glibc-2.26-42.amzn2.x86_64

glibc-all-langpacks-2.26-42.amzn2.x86_64

glibc-common-2.26-42.amzn2.x86_64

glibc-devel-2.26-42.amzn2.x86_64

glibc-headers-2.26-42.amzn2.x86_64

glibc-locale-source-2.26-42.amzn2.x86_64

glibc-minimal-langpack-2.26-42.amzn2.x86_64

kernel-4.14.225-168.357.amzn2.x86_64

kernel-devel-4.14.225-168.357.amzn2.x86_64

kernel-headers-4.14.225-168.357.amzn2.x86_64

kernel-tools-4.14.225-168.357.amzn2.x86_64

libcrypt-2.26-42.amzn2.x86_64

pyliblzma-0.5.3-25.amzn2.x86_64

yum-3.4.3-158.amzn2.0.5.noarch

Kernel updates

Rebase kernel to upstream stable 4.14.225.

CVEs fixed:

  • CVE-2021-26930 [xen-blkback: Fixes error handling in xen_blkbk_map()]

  • CVE-2021-26931 [xen-blkback: Doesn't "handle" error by BUG()]

  • CVE-2021-26932 [Xen/x86: Doesn't bail early from clear_foreign_p2m_mapping()]

  • CVE-2021-27363 [scsi: iscsi: Restricts sessions and handles to admin capabilities]

  • CVE-2021-27364 [scsi: iscsi: Restricts sessions and handles to admin capabilities]

  • CVE-2021-27365 [scsi: iscsi: Ensures sysfs attributes are limited to PAGE_SIZE]

  • CVE-2021-28038 [Xen/gnttab: Handles p2m update errors on a per-slot basis]

Amazon Features and Backports:

  • arm64: kaslr: Refactors early init command line parsing

  • arm64: Extends the kernel command line from the bootloader

  • arm64: Exports acpi_psci_use_hvc() symbol

  • hwrng: Adds Gravition RNG driver

  • iommu/vt-d: Skips TE disabling on quirky gfx dedicated iommu

  • x86/x2apic: Marks set_x2apic_phys_mode() as init

  • x86/apic: Deinlines x2apic functions

  • x86/apic: Fixes x2apic enablement without interrupt remapping

  • x86/msi: Only uses high bits of MSI address for DMAR unit

  • x86/io_apic: Re-evaluates vector configuration on activate()

  • x86/ioapic: Handles Extended Destination ID field in RTE

  • x86/apic: Adds support for 15 bits of APIC ID in MSI where available

  • x86/kvm: Reserves KVM_FEATURE_MSI_EXT_DEST_ID

  • x86/kvm: Enables 15-bit extension for when KVM_FEATURE_MSI_EXT_DEST_ID is detected

  • arm64: HWCAP: Adds support for AT_HWCAP2

  • arm64: HWCAP: Encapsulates elf_hwcap

  • arm64: Implements archrandom.h for ARMv8.5-RNG

  • mm: memcontrol: Fixes NR_WRITEBACK leak in memcg and system stats

  • mm: memcg: Makes sure that memory.events is uptodate when waking pollers

  • mem_cgroup: Makes sure that moving_account, move_lock_task and stat_cpu in the same cacheline

  • mm: Fixes oom_kill event handling

  • mm: writeback: Uses exact memcg dirty counts

Other Fixes:

  • net_sched: Rejects silly cell_log in qdisc_get_rtab()

  • x86: always_inline {rd,wr}msr()

  • net: lapb: Copys the skb before sending a packet

  • ipv4: Fixes the race condition between route lookup and invalidation

  • mm: hugetlb: Fixes a race between isolating and freeing page

  • mm: hugetlb: Removes VM_BUG_ON_PAGE from page_huge_active

  • mm: thp: Fixes MADV_REMOVE deadlock on shmem THP

  • 86/apic: Adds extra serialization for non-serializing MSRs

  • iommu/vt-d: Doesn't use flush-queue when caching-mode is on

  • fgraph: Initializes tracing_graph_pause at task creation

  • ARM: Ensures that the signal page contains defined contents

  • kvm: Now checks tlbs_dirty directly

  • ext4: Fixes potential htree index checksum corruption

  • mm/memory.c: Fixes potential pte_unmap_unlock pte error

  • mm/hugetlb: Fixes potential double free in hugetlb_register_node() error path

  • arm64: Adds missing ISB after invalidating TLB in primary_switch

  • mm/rmap: Fixes potential pte_unmap on an not mapped pte

  • x86/reboot: Forces all cpus to exit VMX root if VMX is supported

  • mm: hugetlb: Fixes a race between freeing and dissolving the page

  • arm64 module: Sets plt* section addresses to 0x0

  • xfs: Fixes assert failure in xfs_setattr_size()