Amazon Linux 2.0.20210421.0 release notes

Amazon Linux 2 was updated.

Major updates

Amazon Linux 2 includes the following update.

• Updated irqbalance to 1.7.0 from 1.5.0

• AL2 AMIs default to HTTPS for repository access.

Package updates

Amazon Linux 2 includes the following packages.

Packages
ec2-instance-connect-1.1-14.amzn2.noarch
ec2-net-utils-1.5-2.amzn2.noarch
glibc-2.26-44.amzn2.aarch64
glibc-2.26-44.amzn2.x86_64
glibc-all-langpacks-2.26-44.amzn2.aarch64
glibc-all-langpacks-2.26-44.amzn2.x86_64
glibc-common-2.26-44.amzn2.aarch64
glibc-common-2.26-44.amzn2.x86_64
glibc-devel-2.26-44.amzn2.x86_64
glibc-headers-2.26-44.amzn2.x86_64
glibc-langpack-en-2.26-44.amzn2.aarch64
glibc-langpack-en-2.26-44.amzn2.x86_64
glibc-locale-source-2.26-44.amzn2.aarch64
glibc-locale-source-2.26-44.amzn2.x86_64
glibc-minimal-langpack-2.26-44.amzn2.aarch64
glibc-minimal-langpack-2.26-44.amzn2.x86_64
irqbalance-1.7.0-4.amzn2.0.1.aarch64
irqbalance-1.7.0-4.amzn2.0.1.x86_64
kernel-4.14.231-173.360.amzn2.aarch64
kernel-4.14.231-173.360.amzn2.x86_64
kernel-devel-4.14.231-173.360.amzn2.x86_64
kernel-headers-4.14.231-173.360.amzn2.x86_64
kernel-tools-4.14.231-173.360.amzn2.aarch64
kernel-tools-4.14.231-173.360.amzn2.x86_64
libcrypt-2.26-44.amzn2.aarch64
libcrypt-2.26-44.amzn2.x86_64
nettle-2.7.1-9.amzn2.aarch64
nettle-2.7.1-9.amzn2.x86_64
openssh-7.4p1-21.amzn2.0.3.aarch64
openssh-7.4p1-21.amzn2.0.3.x86_64
openssh-clients-7.4p1-21.amzn2.0.3.aarch64
openssh-clients-7.4p1-21.amzn2.0.3.x86_64
openssh-server-7.4p1-21.amzn2.0.3.aarch64
openssh-server-7.4p1-21.amzn2.0.3.x86_64
python3-3.7.9-1.amzn2.0.2.aarch64
python3-3.7.9-1.amzn2.0.2.x86_64
python3-daemon-2.2.3-8.amzn2.0.2.noarch
python3-docutils-0.14-1.amzn2.0.2.noarch
python3-libs-3.7.9-1.amzn2.0.2.aarch64
python3-libs-3.7.9-1.amzn2.0.2.x86_64
python3-lockfile-0.11.0-17.amzn2.0.2.noarch
python3-pip-9.0.3-1.amzn2.0.2.noarch
python3-pystache-0.5.4-12.amzn2.0.1.noarch
python3-setuptools-38.4.0-3.amzn2.0.6.noarch
python3-simplejson-3.2.0-1.amzn2.0.2.aarch64
python3-simplejson-3.2.0-1.amzn2.0.2.x86_64

Kernel updates

Rebase kernel to upstream stable 4.14.231.

CVEs fixed:

• CVE-2019-19060 [iio: imu: adis16400: release allocated memory on failure]

• CVE-2021-28660 [staging: rtl8188eu: prevent ->ssid overflow in rtw_wx_set_scan()]

• CVE-2021-29265 [usbip: fix stub_dev usbip_sockfd_store() races leading to gpf]

• CVE-2021-28964 [btrfs: fix race when cloning extent buffer during rewind of an old root]

• CVE-2021-28971 [perf/x86/intel: Fix a crash caused by zero PEBS status]

• CVE-2021-28972 [PCI: rpadlpar: Fix potential drc_name corruption in store functions]

• CVE-2021-28688 [xen-blkback: do not leak persistent grants from xen_blkbk_map()]

• CVE-2021-29647 [net: qrtr: fix a kernel-infoleak in qrtr_recvmsg()]

• CVE-2021-3483 [firewire: nosy: Fix a use-after-free bug in nosy_ioctl()]

• CVE-2021-29154 [bpf, x86: Validate computation of branch displacements for x86-64]

• CVE-2020-25670 [nfc: fix refcount leak in llcp_sock_bind()]

• CVE-2020-25671 [nfc: fix refcount leak in llcp_sock_connect()] CVE-2020-25672 [nfc: fix memory leak in llcp_sock_connect()]

Amazon Features and Backports:

• net: Fixes gro aggregation for udp encaps with zero csum

• net: Avoids infinite loop in mpls_gso_segment when mpls_hlen == 0

• configfs: Fixes a use-after-free in configfs_open_file

• include/linux/sched/mm.h: use rcu_dereference in in_vfork()

• KVM: arm64: Fixes exclusive limit for IPA size

• ext4: Handles error of ext4_setup_system_zone() on remount

• ext4: Checks journal inode extents more carefully

• ext4: Finds old entry again if failed to rename whiteout

• ext4: Doesn't try to set xattr into ea_inode if value is empty

• ext4: Fixes potential error in ext4_do_update_inode

• locking/mutex: Fixes non debug version of mutex_lock_io_nested()

• ext4: Fixes bh ref count on error paths

• ext4: Doesn't iput inode under running transaction in ext4_rename()

• mm: Fixes race by making init_zero_pfn() early_initcall

• KVM: arm64: Disables guest access to trace filter controls