Amazon Linux 2 version 2.0.20210721.2 release notes - Amazon Linux 2

Amazon Linux 2 version 2.0.20210721.2 release notes

These are the release notes for Amazon Linux 2 version 2.0.20210721.2.

Major updates

  • GRUB has been updated to 2.06 with some launch time improvements

Package updates

Amazon Linux 2 includes the following packages.

Packages

amazon-ssm-agent-3.0.1124.0-1.amzn2.aarch64

amazon-ssm-agent-3.0.1124.0-1.amzn2.x86_64

chrony-4.0-3.amzn2.0.2.aarch64

chrony-4.0-3.amzn2.0.2.x86_64

dracut-033-535.amzn2.1.4.aarch64

dracut-033-535.amzn2.1.4.x86_64

dracut-config-generic-033-535.amzn2.1.4.aarch64

dracut-config-generic-033-535.amzn2.1.4.x86_64

fuse-libs-2.9.2-11.amzn2.aarch64

fuse-libs-2.9.2-11.amzn2.x86_64

glibc-2.26-48.amzn2.aarch64

glibc-2.26-48.amzn2.x86_64

glibc-all-langpacks-2.26-48.amzn2.aarch64

glibc-all-langpacks-2.26-48.amzn2.x86_64

glibc-common-2.26-48.amzn2.aarch64

glibc-common-2.26-48.amzn2.x86_64

glibc-devel-2.26-48.amzn2.x86_64

glibc-headers-2.26-48.amzn2.x86_64

glibc-langpack-en-2.26-48.amzn2.aarch64

glibc-langpack-en-2.26-48.amzn2.x86_64

glibc-locale-source-2.26-48.amzn2.aarch64

glibc-locale-source-2.26-48.amzn2.x86_64

glibc-minimal-langpack-2.26-48.amzn2.aarch64

glibc-minimal-langpack-2.26-48.amzn2.x86_64

grub2-2.06-2.amzn2.0.1.aarch64

grub2-2.06-2.amzn2.0.1.x86_64

grub2-common-2.06-2.amzn2.0.1.noarch

grub2-efi-aa64-2.06-2.amzn2.0.1.aarch64

grub2-efi-aa64-ec2-2.06-2.amzn2.0.1.aarch64

grub2-efi-aa64-modules-2.06-2.amzn2.0.1.noarch

grub2-efi-x64-ec2-2.06-2.amzn2.0.1.x86_64

grub2-pc-2.06-2.amzn2.0.1.x86_64

grub2-pc-modules-2.06-2.amzn2.0.1.noarch

grub2-tools-2.06-2.amzn2.0.1.aarch64

grub2-tools-2.06-2.amzn2.0.1.x86_64

grub2-tools-minimal-2.06-2.amzn2.0.1.aarch64

grub2-tools-minimal-2.06-2.amzn2.0.1.x86_64

kernel-4.14.238-182.422.amzn2.aarch64

kernel-4.14.238-182.422.amzn2.x86_64

kernel-devel-4.14.238-182.422.amzn2.x86_64

kernel-headers-4.14.238-182.422.amzn2.x86_64

kernel-tools-4.14.238-182.422.amzn2.aarch64

kernel-tools-4.14.238-182.422.amzn2.x86_64

libcrypt-2.26-48.amzn2.aarch64

libcrypt-2.26-48.amzn2.x86_64

libwebp-0.3.0-10.amzn2.aarch64

libwebp-0.3.0-10.amzn2.x86_64

libX11-1.6.7-3.amzn2.0.2.x86_64

libX11-common-1.6.7-3.amzn2.0.2.noarch

libxml2-2.9.1-6.amzn2.5.4.aarch64

libxml2-2.9.1-6.amzn2.5.4.x86_64

libxml2-python-2.9.1-6.amzn2.5.4.aarch64

libxml2-python-2.9.1-6.amzn2.5.4.x86_64

openssl-1.0.2k-19.amzn2.0.7.aarch64

openssl-1.0.2k-19.amzn2.0.7.x86_64

openssl-libs-1.0.2k-19.amzn2.0.7.aarch64

openssl-libs-1.0.2k-19.amzn2.0.7.x86_64

python2-rpm-4.11.3-40.amzn2.0.6.aarch64

python2-rpm-4.11.3-40.amzn2.0.6.x86_64

python-urllib3-1.25.9-1.amzn2.0.2.noarch

rpm-4.11.3-40.amzn2.0.6.aarch64

rpm-4.11.3-40.amzn2.0.6.x86_64

rpm-build-libs-4.11.3-40.amzn2.0.6.aarch64

rpm-build-libs-4.11.3-40.amzn2.0.6.x86_64

rpm-libs-4.11.3-40.amzn2.0.6.aarch64

rpm-libs-4.11.3-40.amzn2.0.6.x86_64

rpm-plugin-systemd-inhibit-4.11.3-40.amzn2.0.6.aarch64

rpm-plugin-systemd-inhibit-4.11.3-40.amzn2.0.6.x86_64

systemtap-runtime-4.4-1.amzn2.0.1.aarch64

systemtap-runtime-4.4-1.amzn2.0.1.x86_64

tzdata-2021a-1.amzn2.noarch

Kernel updates

Rebase kernel to upstream stable 4.14.238.

Amazon EFA Driver: Updated to tversion v1.12.1

CVEs fixed:

  • CVE-2021-32399 [bluetooth: eliminate the potential race condition when removing the HCI controller]

  • CVE-2021-33034 [Bluetooth: verify AMP hci_chan before amp_destroy]

  • CVE-2020-26558 [Bluetooth: SMP: Fails if remote and local public keys are identical]

  • CVE-2021-0129 [Bluetooth: SMP: Fails if remote and local public keys are identical]

  • CVE-2020-24586 [mac80211: Prevents mixed key and fragment cache attacks]

  • CVE-2020-24587 [mac80211: Prevents mixed key and fragment cache attacks]

  • CVE-2020-24588 [cfg80211: Mitigates A-MSDU aggregation attacks]

  • CVE-2020-26139 [mac80211: Doesn't accept/forward invalid EAPOL frames]

  • CVE-2020-26147 [mac80211: Makes sure that all fragments are encrypted]

  • CVE-2021-29650 [netfilter: x_tables: Uses correct memory barriers.]

  • CVE-2021-3564 [Bluetooth: Fixes the erroneous flush_work() order]

  • CVE-2021-3573 [Bluetooth: Uses correct lock tprevent UAF of hdev object]

  • CVE-2021-3587 [nfc: Fixes NULL ptr dereference in llcp_sock_getname() after failed connect]

  • CVE-2021-34693 [can: bcm: Fixes infoleak in struct bcm_msg_head]

  • CVE-2021-33624 [bpf: Inherits expanded/patched seen count from old aux data]

  • CVE-2021-33909 [seq_file: Doesn't allow extremely large seq buffer allocations]

Amazon Features and Backports:

  • arm64/kernel: Doesn't ban ADRP twork around Cortex-A53 erratum #843419

  • arm64/errata: Adds REVIDR handling tframework

  • arm64/kernel: Enables A53 erratum #8434319 handling at runtime

  • arm64: Fixes undefined reference t'printk'

  • arm64/kernel: Renames module_emit_adrp_veneer→module_emit_veneer_for_adrp

  • arm64/kernel: kaslr: Reduces module randomization range t4 GB

  • Revert "arm64: acpi/pci: invoke _DSM whether tpreserve firmware PCI setup"

  • PCI/ACPI: Evaluates PCI Boot Configuration _DSM

  • PCI: Doesn't auto-realloc if we're preserving firmware config

  • arm64: PCI: Allows resource reallocation if necessary

  • arm64: PCI: Preserved firmware configuration when desired

  • bpf: Fixes subprog verifier bypass by div/mod by 0 exception

  • bpf, x86_64: Removes obsolete exception handling from div/mod

  • bpf, arm64: Removes obsolete exception handling from div/mod

  • bpf, s390x: Removes obsolete exception handling from div/mod

  • bpf, ppc64: Removes obsolete exception handling from div/mod

  • bpf, sparc64: Removes obsolete exception handling from div/mod

  • bpf, mips64: Removes obsolete exception handling from div/mod

  • bpf, mips64: Removes unneeded zercheck from div/mod with k

  • bpf, arm: Removes obsolete exception handling from div/mod

  • bpf: Fixes 32 bit src register truncation on div/mod

  • bpf: Inherits expanded/patched seen count from old aux data

  • bpf: Doesn't mark insn as seen under speculative path verification

  • bpf: Fixes leakage under speculation on mispredicted branches

  • seq_file: Doesn't allow extremely large seq buffer allocations