Amazon Linux 2.0.20210427.0 release notes - Amazon Linux 2

Amazon Linux 2.0.20210427.0 release notes

Amazon Linux 2 was updated.

Major updates

Amazon Linux 2 includes the following update.

  • ec2-net-utils bug fixed with multiple secondary IPs attached to one ENI.

Package updates

Amazon Linux 2 includes the following packages.

  • ec2-net-utils-1.5-3.amzn2.noarch

  • kernel-4.14.231-173.361.amzn2.x86_64

  • kernel-devel-4.14.231-173.36.amzn2.x86_64

  • kernel-headers-4.14.231-173.361.amzn2.x86_64

  • kernel-tools-4.14.231-173.361.amzn2.x86_64

  • pystache-0.5.3-2.amzn2.noarch

  • python-daemon-1.6-4.amzn2.noarch

  • python-lockfile-0.9.1-4.amzn2.noarch

Kernel updates

Rebase kernel to upstream stable 4.14.231.

CVEs fixed:

  • CVE-2019-19060 [iio: imu: adis16400: release allocated memory on failure]

  • CVE-2021-28660 [staging: rtl8188eu: prevent ->ssid overflow in rtw_wx_set_scan()]

  • CVE-2021-29265 [usbip: fix stub_dev usbip_sockfd_store() races leading to gpf]

  • CVE-2021-28964 [btrfs: fix race when cloning extent buffer during rewind of an old root]

  • CVE-2021-28971 [perf/x86/intel: Fix a crash caused by zero PEBS status]

  • CVE-2021-28972 [PCI: rpadlpar: Fix potential drc_name corruption in store functions]

  • CVE-2021-28688 [xen-blkback: don't leak persistent grants from xen_blkbk_map()]

  • CVE-2021-29647 [net: qrtr: fix a kernel-infoleak in qrtr_recvmsg()]

  • CVE-2021-3483 [firewire: nosy: Fix a use-after-free bug in nosy_ioctl()]

  • CVE-2021-29154 [bpf, x86: Validate computation of branch displacements for x86-64]

  • CVE-2020-25670 [nfc: fix refcount leak in llcp_sock_bind()]

  • CVE-2020-25671 [nfc: fix refcount leak in llcp_sock_connect()]

  • CVE-2020-25672 [nfc: fix memory leak in llcp_sock_connect()]

Amazon Features and Backports:

  • nitro enclaves: Fixes dangling file descriptor [ALAS2-2021-1634]

  • net: Fixes gro aggregation for udp encaps with zero csum

  • net: Avoids infinite loop in mpls_gso_segment when mpls_hlen == 0

  • configfs: Fixed a use-after-free in configfs_open_file

  • include/linux/sched/mm.h: Use rcu_dereference in in_vfork()

  • KVM: arm64: Fixes exclusive limit for IPA size

  • ext4: Handles error of ext4_setup_system_zone() on remount

  • ext4: Checks journal inode extents more carefully

  • ext4: Finds old entry again if failed to rename whiteout

  • ext4: Doesn't try to set xattr into ea_inode if value is empty

  • ext4: Fixes potential error in ext4_do_update_inode

  • locking/mutex: Fixed non debug version of mutex_lock_io_nested()

  • ext4: Fixes bh ref count on error paths

  • ext4: Doesn't input inode under running transaction in ext4_rename()

  • mm: Fixes race by making init_zero_pfn() early_initcall

  • KVM: arm64: Disables guest access to trace filter controls