# Amazon Linux 2 version 2.0.20210421.0 release notes
<a name="relnotes-20210421"></a>

These are the release notes for Amazon Linux 2 version 2.0.20210421.0.

## Major updates
<a name="major-updates-20210421"></a>
+ Updated irqbalance to 1.7.0 from 1.5.0
+ AL2 AMIs default to HTTPS for repository access.

## Package updates
<a name="package-updates-20210421"></a>

Amazon Linux 2 includes the following packages.


| Packages | 
| --- | 
| ec2-instance-connect-1.1-14.amzn2.noarch | 
| ec2-net-utils-1.5-2.amzn2.noarch | 
| glibc-2.26-44.amzn2.aarch64 | 
| glibc-2.26-44.amzn2.x86\_64 | 
| glibc-all-langpacks-2.26-44.amzn2.aarch64 | 
| glibc-all-langpacks-2.26-44.amzn2.x86\_64 | 
| glibc-common-2.26-44.amzn2.aarch64 | 
| glibc-common-2.26-44.amzn2.x86\_64 | 
| glibc-devel-2.26-44.amzn2.x86\_64 | 
| glibc-headers-2.26-44.amzn2.x86\_64 | 
| glibc-langpack-en-2.26-44.amzn2.aarch64 | 
| glibc-langpack-en-2.26-44.amzn2.x86\_64 | 
| glibc-locale-source-2.26-44.amzn2.aarch64 | 
| glibc-locale-source-2.26-44.amzn2.x86\_64 | 
| glibc-minimal-langpack-2.26-44.amzn2.aarch64 | 
| glibc-minimal-langpack-2.26-44.amzn2.x86\_64 | 
| irqbalance-1.7.0-4.amzn2.0.1.aarch64 | 
| irqbalance-1.7.0-4.amzn2.0.1.x86\_64 | 
| kernel-4.14.231-173.360.amzn2.aarch64 | 
| kernel-4.14.231-173.360.amzn2.x86\_64 | 
| kernel-devel-4.14.231-173.360.amzn2.x86\_64 | 
| kernel-headers-4.14.231-173.360.amzn2.x86\_64 | 
| kernel-tools-4.14.231-173.360.amzn2.aarch64 | 
| kernel-tools-4.14.231-173.360.amzn2.x86\_64 | 
| libcrypt-2.26-44.amzn2.aarch64 | 
| libcrypt-2.26-44.amzn2.x86\_64 | 
| nettle-2.7.1-9.amzn2.aarch64 | 
| nettle-2.7.1-9.amzn2.x86\_64 | 
| openssh-7.4p1-21.amzn2.0.3.aarch64 | 
| openssh-7.4p1-21.amzn2.0.3.x86\_64 | 
| openssh-clients-7.4p1-21.amzn2.0.3.aarch64 | 
| openssh-clients-7.4p1-21.amzn2.0.3.x86\_64 | 
| openssh-server-7.4p1-21.amzn2.0.3.aarch64 | 
| openssh-server-7.4p1-21.amzn2.0.3.x86\_64 | 
| python3-3.7.9-1.amzn2.0.2.aarch64 | 
| python3-3.7.9-1.amzn2.0.2.x86\_64 | 
| python3-daemon-2.2.3-8.amzn2.0.2.noarch | 
| python3-docutils-0.14-1.amzn2.0.2.noarch | 
| python3-libs-3.7.9-1.amzn2.0.2.aarch64 | 
| python3-libs-3.7.9-1.amzn2.0.2.x86\_64 | 
| python3-lockfile-0.11.0-17.amzn2.0.2.noarch | 
| python3-pip-9.0.3-1.amzn2.0.2.noarch | 
| python3-pystache-0.5.4-12.amzn2.0.1.noarch | 
| python3-setuptools-38.4.0-3.amzn2.0.6.noarch | 
| python3-simplejson-3.2.0-1.amzn2.0.2.aarch64 | 
| python3-simplejson-3.2.0-1.amzn2.0.2.x86\_64 | 

## Kernel updates
<a name="kernel-updates-20210421"></a>

Rebase kernel to upstream stable 4.14.231.

CVEs fixed:
+ CVE-2019-19060 [iio: imu: adis16400: release allocated memory on failure] 
+ CVE-2021-28660 [staging: rtl8188eu: prevent ->ssid overflow in rtw\_wx\_set\_scan()] 
+ CVE-2021-29265 [usbip: fix stub\_dev usbip\_sockfd\_store() races leading to gpf] 
+ CVE-2021-28964 [btrfs: fix race when cloning extent buffer during rewind of an old root] 
+ CVE-2021-28971 [perf/x86/intel: Fix a crash caused by zero PEBS status] 
+ CVE-2021-28972 [PCI: rpadlpar: Fix potential drc\_name corruption in store functions] 
+ CVE-2021-28688 [xen-blkback: do not leak persistent grants from xen\_blkbk\_map()] 
+ CVE-2021-29647 [net: qrtr: fix a kernel-infoleak in qrtr\_recvmsg()] 
+ CVE-2021-3483 [firewire: nosy: Fix a use-after-free bug in nosy\_ioctl()] 
+ CVE-2021-29154 [bpf, x86: Validate computation of branch displacements for x86-64] 
+ CVE-2020-25670 [nfc: fix refcount leak in llcp\_sock\_bind()] 
+ CVE-2020-25671 [nfc: fix refcount leak in llcp\_sock\_connect()] CVE-2020-25672 [nfc: fix memory leak in llcp\_sock\_connect()]

Amazon Features and Backports:
+ net: Fixes gro aggregation for udp encaps with zero csum 
+ net: Avoids infinite loop in mpls\_gso\_segment when mpls\_hlen == 0 
+ configfs: Fixes a use-after-free in configfs\_open\_file 
+ include/linux/sched/mm.h: use rcu\_dereference in in\_vfork() 
+ KVM: arm64: Fixes exclusive limit for IPA size 
+ ext4: Handles error of ext4\_setup\_system\_zone() on remount 
+ ext4: Checks journal inode extents more carefully 
+ ext4: Finds old entry again if failed to rename whiteout 
+ ext4: Doesn't try to set xattr into ea\_inode if value is empty 
+ ext4: Fixes potential error in ext4\_do\_update\_inode 
+ locking/mutex: Fixes non debug version of mutex\_lock\_io\_nested() 
+ ext4: Fixes bh ref count on error paths 
+ ext4: Doesn't iput inode under running transaction in ext4\_rename() 
+ mm: Fixes race by making init\_zero\_pfn() early\_initcall 
+ KVM: arm64: Disables guest access to trace filter controls