Amazon Linux 2.0.20210721.2 release notes

Amazon Linux 2 was updated.

Major updates

Amazon Linux 2 includes the following update.

• GRUB has been updated to 2.06 with some launch time improvements

Package updates

Amazon Linux 2 includes the following packages.

Packages
amazon-ssm-agent-3.0.1124.0-1.amzn2.aarch64
amazon-ssm-agent-3.0.1124.0-1.amzn2.x86_64
chrony-4.0-3.amzn2.0.2.aarch64
chrony-4.0-3.amzn2.0.2.x86_64
dracut-033-535.amzn2.1.4.aarch64
dracut-033-535.amzn2.1.4.x86_64
dracut-config-generic-033-535.amzn2.1.4.aarch64
dracut-config-generic-033-535.amzn2.1.4.x86_64
fuse-libs-2.9.2-11.amzn2.aarch64
fuse-libs-2.9.2-11.amzn2.x86_64
glibc-2.26-48.amzn2.aarch64
glibc-2.26-48.amzn2.x86_64
glibc-all-langpacks-2.26-48.amzn2.aarch64
glibc-all-langpacks-2.26-48.amzn2.x86_64
glibc-common-2.26-48.amzn2.aarch64
glibc-common-2.26-48.amzn2.x86_64
glibc-devel-2.26-48.amzn2.x86_64
glibc-headers-2.26-48.amzn2.x86_64
glibc-langpack-en-2.26-48.amzn2.aarch64
glibc-langpack-en-2.26-48.amzn2.x86_64
glibc-locale-source-2.26-48.amzn2.aarch64
glibc-locale-source-2.26-48.amzn2.x86_64
glibc-minimal-langpack-2.26-48.amzn2.aarch64
glibc-minimal-langpack-2.26-48.amzn2.x86_64
grub2-2.06-2.amzn2.0.1.aarch64
grub2-2.06-2.amzn2.0.1.x86_64
grub2-common-2.06-2.amzn2.0.1.noarch
grub2-efi-aa64-2.06-2.amzn2.0.1.aarch64
grub2-efi-aa64-ec2-2.06-2.amzn2.0.1.aarch64
grub2-efi-aa64-modules-2.06-2.amzn2.0.1.noarch
grub2-efi-x64-ec2-2.06-2.amzn2.0.1.x86_64
grub2-pc-2.06-2.amzn2.0.1.x86_64
grub2-pc-modules-2.06-2.amzn2.0.1.noarch
grub2-tools-2.06-2.amzn2.0.1.aarch64
grub2-tools-2.06-2.amzn2.0.1.x86_64
grub2-tools-minimal-2.06-2.amzn2.0.1.aarch64
grub2-tools-minimal-2.06-2.amzn2.0.1.x86_64
kernel-4.14.238-182.422.amzn2.aarch64
kernel-4.14.238-182.422.amzn2.x86_64
kernel-devel-4.14.238-182.422.amzn2.x86_64
kernel-headers-4.14.238-182.422.amzn2.x86_64
kernel-tools-4.14.238-182.422.amzn2.aarch64
kernel-tools-4.14.238-182.422.amzn2.x86_64
libcrypt-2.26-48.amzn2.aarch64
libcrypt-2.26-48.amzn2.x86_64
libwebp-0.3.0-10.amzn2.aarch64
libwebp-0.3.0-10.amzn2.x86_64
libX11-1.6.7-3.amzn2.0.2.x86_64
libX11-common-1.6.7-3.amzn2.0.2.noarch
libxml2-2.9.1-6.amzn2.5.4.aarch64
libxml2-2.9.1-6.amzn2.5.4.x86_64
libxml2-python-2.9.1-6.amzn2.5.4.aarch64
libxml2-python-2.9.1-6.amzn2.5.4.x86_64
openssl-1.0.2k-19.amzn2.0.7.aarch64
openssl-1.0.2k-19.amzn2.0.7.x86_64
openssl-libs-1.0.2k-19.amzn2.0.7.aarch64
openssl-libs-1.0.2k-19.amzn2.0.7.x86_64
python2-rpm-4.11.3-40.amzn2.0.6.aarch64
python2-rpm-4.11.3-40.amzn2.0.6.x86_64
python-urllib3-1.25.9-1.amzn2.0.2.noarch
rpm-4.11.3-40.amzn2.0.6.aarch64
rpm-4.11.3-40.amzn2.0.6.x86_64
rpm-build-libs-4.11.3-40.amzn2.0.6.aarch64
rpm-build-libs-4.11.3-40.amzn2.0.6.x86_64
rpm-libs-4.11.3-40.amzn2.0.6.aarch64
rpm-libs-4.11.3-40.amzn2.0.6.x86_64
rpm-plugin-systemd-inhibit-4.11.3-40.amzn2.0.6.aarch64
rpm-plugin-systemd-inhibit-4.11.3-40.amzn2.0.6.x86_64
systemtap-runtime-4.4-1.amzn2.0.1.aarch64
systemtap-runtime-4.4-1.amzn2.0.1.x86_64
tzdata-2021a-1.amzn2.noarch

Kernel updates

Rebase kernel to upstream stable 4.14.238.

Amazon EFA Driver: Updated to tversion v1.12.1

CVEs fixed:

• CVE-2021-32399 [bluetooth: eliminate the potential race condition when removing the HCI controller]

• CVE-2021-33034 [Bluetooth: verify AMP hci_chan before amp_destroy]

• CVE-2020-26558 [Bluetooth: SMP: Fails if remote and local public keys are identical]

• CVE-2021-0129 [Bluetooth: SMP: Fails if remote and local public keys are identical]

• CVE-2020-24586 [mac80211: Prevents mixed key and fragment cache attacks]

• CVE-2020-24587 [mac80211: Prevents mixed key and fragment cache attacks]

• CVE-2020-24588 [cfg80211: Mitigates A-MSDU aggregation attacks]

• CVE-2020-26139 [mac80211: Doesn't accept/forward invalid EAPOL frames]

• CVE-2020-26147 [mac80211: Makes sure that all fragments are encrypted]

• CVE-2021-29650 [netfilter: x_tables: Uses correct memory barriers.]

• CVE-2021-3564 [Bluetooth: Fixes the erroneous flush_work() order]

• CVE-2021-3573 [Bluetooth: Uses correct lock tprevent UAF of hdev object]

• CVE-2021-3587 [nfc: Fixes NULL ptr dereference in llcp_sock_getname() after failed connect]

• CVE-2021-34693 [can: bcm: Fixes infoleak in struct bcm_msg_head]

• CVE-2021-33624 [bpf: Inherits expanded/patched seen count from old aux data]

• CVE-2021-33909 [seq_file: Doesn't allow extremely large seq buffer allocations]

Amazon Features and Backports:

• arm64/kernel: Doesn't ban ADRP twork around Cortex-A53 erratum #843419

• arm64/errata: Adds REVIDR handling tframework

• arm64/kernel: Enables A53 erratum #8434319 handling at runtime

• arm64: Fixes undefined reference t'printk'

• arm64/kernel: Renames module_emit_adrp_veneer→module_emit_veneer_for_adrp

• arm64/kernel: kaslr: Reduces module randomization range t4 GB

• Revert "arm64: acpi/pci: invoke _DSM whether tpreserve firmware PCI setup"

• PCI/ACPI: Evaluates PCI Boot Configuration _DSM

• PCI: Doesn't auto-realloc if we're preserving firmware config

• arm64: PCI: Allows resource reallocation if necessary

• arm64: PCI: Preserved firmware configuration when desired

• bpf: Fixes subprog verifier bypass by div/mod by 0 exception

• bpf, x86_64: Removes obsolete exception handling from div/mod

• bpf, arm64: Removes obsolete exception handling from div/mod

• bpf, s390x: Removes obsolete exception handling from div/mod

• bpf, ppc64: Removes obsolete exception handling from div/mod

• bpf, sparc64: Removes obsolete exception handling from div/mod

• bpf, mips64: Removes obsolete exception handling from div/mod

• bpf, mips64: Removes unneeded zercheck from div/mod with k

• bpf, arm: Removes obsolete exception handling from div/mod

• bpf: Fixes 32 bit src register truncation on div/mod

• bpf: Inherits expanded/patched seen count from old aux data

• bpf: Doesn't mark insn as seen under speculative path verification

• bpf: Fixes leakage under speculation on mispredicted branches

• seq_file: Doesn't allow extremely large seq buffer allocations