Amazon Linux 2 version 2.0.20210721.2 release notes
These are the release notes for Amazon Linux 2 version 2.0.20210721.2.
Major updates
-
GRUB has been updated to 2.06 with some launch time improvements
Package updates
Amazon Linux 2 includes the following packages.
Packages |
---|
amazon-ssm-agent-3.0.1124.0-1.amzn2.aarch64 |
amazon-ssm-agent-3.0.1124.0-1.amzn2.x86_64 |
chrony-4.0-3.amzn2.0.2.aarch64 |
chrony-4.0-3.amzn2.0.2.x86_64 |
dracut-033-535.amzn2.1.4.aarch64 |
dracut-033-535.amzn2.1.4.x86_64 |
dracut-config-generic-033-535.amzn2.1.4.aarch64 |
dracut-config-generic-033-535.amzn2.1.4.x86_64 |
fuse-libs-2.9.2-11.amzn2.aarch64 |
fuse-libs-2.9.2-11.amzn2.x86_64 |
glibc-2.26-48.amzn2.aarch64 |
glibc-2.26-48.amzn2.x86_64 |
glibc-all-langpacks-2.26-48.amzn2.aarch64 |
glibc-all-langpacks-2.26-48.amzn2.x86_64 |
glibc-common-2.26-48.amzn2.aarch64 |
glibc-common-2.26-48.amzn2.x86_64 |
glibc-devel-2.26-48.amzn2.x86_64 |
glibc-headers-2.26-48.amzn2.x86_64 |
glibc-langpack-en-2.26-48.amzn2.aarch64 |
glibc-langpack-en-2.26-48.amzn2.x86_64 |
glibc-locale-source-2.26-48.amzn2.aarch64 |
glibc-locale-source-2.26-48.amzn2.x86_64 |
glibc-minimal-langpack-2.26-48.amzn2.aarch64 |
glibc-minimal-langpack-2.26-48.amzn2.x86_64 |
grub2-2.06-2.amzn2.0.1.aarch64 |
grub2-2.06-2.amzn2.0.1.x86_64 |
grub2-common-2.06-2.amzn2.0.1.noarch |
grub2-efi-aa64-2.06-2.amzn2.0.1.aarch64 |
grub2-efi-aa64-ec2-2.06-2.amzn2.0.1.aarch64 |
grub2-efi-aa64-modules-2.06-2.amzn2.0.1.noarch |
grub2-efi-x64-ec2-2.06-2.amzn2.0.1.x86_64 |
grub2-pc-2.06-2.amzn2.0.1.x86_64 |
grub2-pc-modules-2.06-2.amzn2.0.1.noarch |
grub2-tools-2.06-2.amzn2.0.1.aarch64 |
grub2-tools-2.06-2.amzn2.0.1.x86_64 |
grub2-tools-minimal-2.06-2.amzn2.0.1.aarch64 |
grub2-tools-minimal-2.06-2.amzn2.0.1.x86_64 |
kernel-4.14.238-182.422.amzn2.aarch64 |
kernel-4.14.238-182.422.amzn2.x86_64 |
kernel-devel-4.14.238-182.422.amzn2.x86_64 |
kernel-headers-4.14.238-182.422.amzn2.x86_64 |
kernel-tools-4.14.238-182.422.amzn2.aarch64 |
kernel-tools-4.14.238-182.422.amzn2.x86_64 |
libcrypt-2.26-48.amzn2.aarch64 |
libcrypt-2.26-48.amzn2.x86_64 |
libwebp-0.3.0-10.amzn2.aarch64 |
libwebp-0.3.0-10.amzn2.x86_64 |
libX11-1.6.7-3.amzn2.0.2.x86_64 |
libX11-common-1.6.7-3.amzn2.0.2.noarch |
libxml2-2.9.1-6.amzn2.5.4.aarch64 |
libxml2-2.9.1-6.amzn2.5.4.x86_64 |
libxml2-python-2.9.1-6.amzn2.5.4.aarch64 |
libxml2-python-2.9.1-6.amzn2.5.4.x86_64 |
openssl-1.0.2k-19.amzn2.0.7.aarch64 |
openssl-1.0.2k-19.amzn2.0.7.x86_64 |
openssl-libs-1.0.2k-19.amzn2.0.7.aarch64 |
openssl-libs-1.0.2k-19.amzn2.0.7.x86_64 |
python2-rpm-4.11.3-40.amzn2.0.6.aarch64 |
python2-rpm-4.11.3-40.amzn2.0.6.x86_64 |
python-urllib3-1.25.9-1.amzn2.0.2.noarch |
rpm-4.11.3-40.amzn2.0.6.aarch64 |
rpm-4.11.3-40.amzn2.0.6.x86_64 |
rpm-build-libs-4.11.3-40.amzn2.0.6.aarch64 |
rpm-build-libs-4.11.3-40.amzn2.0.6.x86_64 |
rpm-libs-4.11.3-40.amzn2.0.6.aarch64 |
rpm-libs-4.11.3-40.amzn2.0.6.x86_64 |
rpm-plugin-systemd-inhibit-4.11.3-40.amzn2.0.6.aarch64 |
rpm-plugin-systemd-inhibit-4.11.3-40.amzn2.0.6.x86_64 |
systemtap-runtime-4.4-1.amzn2.0.1.aarch64 |
systemtap-runtime-4.4-1.amzn2.0.1.x86_64 |
tzdata-2021a-1.amzn2.noarch |
Kernel updates
Rebase kernel to upstream stable 4.14.238.
Amazon EFA Driver: Updated to tversion v1.12.1
CVEs fixed:
-
CVE-2021-32399 [bluetooth: eliminate the potential race condition when removing the HCI controller]
-
CVE-2021-33034 [Bluetooth: verify AMP hci_chan before amp_destroy]
-
CVE-2020-26558 [Bluetooth: SMP: Fails if remote and local public keys are identical]
-
CVE-2021-0129 [Bluetooth: SMP: Fails if remote and local public keys are identical]
-
CVE-2020-24586 [mac80211: Prevents mixed key and fragment cache attacks]
-
CVE-2020-24587 [mac80211: Prevents mixed key and fragment cache attacks]
-
CVE-2020-24588 [cfg80211: Mitigates A-MSDU aggregation attacks]
-
CVE-2020-26139 [mac80211: Doesn't accept/forward invalid EAPOL frames]
-
CVE-2020-26147 [mac80211: Makes sure that all fragments are encrypted]
-
CVE-2021-29650 [netfilter: x_tables: Uses correct memory barriers.]
-
CVE-2021-3564 [Bluetooth: Fixes the erroneous flush_work() order]
-
CVE-2021-3573 [Bluetooth: Uses correct lock tprevent UAF of hdev object]
-
CVE-2021-3587 [nfc: Fixes NULL ptr dereference in llcp_sock_getname() after failed connect]
-
CVE-2021-34693 [can: bcm: Fixes infoleak in struct bcm_msg_head]
-
CVE-2021-33624 [bpf: Inherits expanded/patched seen count from old aux data]
-
CVE-2021-33909 [seq_file: Doesn't allow extremely large seq buffer allocations]
Amazon Features and Backports:
-
arm64/kernel: Doesn't ban ADRP twork around Cortex-A53 erratum #843419
-
arm64/errata: Adds REVIDR handling tframework
-
arm64/kernel: Enables A53 erratum #8434319 handling at runtime
-
arm64: Fixes undefined reference t'printk'
-
arm64/kernel: Renames module_emit_adrp_veneer→module_emit_veneer_for_adrp
-
arm64/kernel: kaslr: Reduces module randomization range t4 GB
-
Revert "arm64: acpi/pci: invoke _DSM whether tpreserve firmware PCI setup"
-
PCI/ACPI: Evaluates PCI Boot Configuration _DSM
-
PCI: Doesn't auto-realloc if we're preserving firmware config
-
arm64: PCI: Allows resource reallocation if necessary
-
arm64: PCI: Preserved firmware configuration when desired
-
bpf: Fixes subprog verifier bypass by div/mod by 0 exception
-
bpf, x86_64: Removes obsolete exception handling from div/mod
-
bpf, arm64: Removes obsolete exception handling from div/mod
-
bpf, s390x: Removes obsolete exception handling from div/mod
-
bpf, ppc64: Removes obsolete exception handling from div/mod
-
bpf, sparc64: Removes obsolete exception handling from div/mod
-
bpf, mips64: Removes obsolete exception handling from div/mod
-
bpf, mips64: Removes unneeded zercheck from div/mod with k
-
bpf, arm: Removes obsolete exception handling from div/mod
-
bpf: Fixes 32 bit src register truncation on div/mod
-
bpf: Inherits expanded/patched seen count from old aux data
-
bpf: Doesn't mark insn as seen under speculative path verification
-
bpf: Fixes leakage under speculation on mispredicted branches
-
seq_file: Doesn't allow extremely large seq buffer allocations