# Amazon Linux 2 version 2.0.20200824.0 release notes
<a name="relnotes-20200824"></a>

These are the release notes for Amazon Linux 2 version 2.0.20200824.0.

## Major updates
<a name="major-updates-20200824"></a>
+ This release contains security updates for gettext, python2-rsa, and python. We have also included the updated AWS CLI, and a bug fix for the amazon-linux-extras utility to no longer recommend deprecated topics.

## Package updates
<a name="package-updates-20200824"></a>

Amazon Linux 2 includes the following packages.


| Packages | 
| --- | 
| amazon-linux-extras-1.6.12-1.amzn2.noarch | 
| amazon-linux-extras-yum-plugin-1.6.12-1.amzn2.noarch | 
| awscli-1.18.107-1.amzn2.0.1.noarch | 
| ca-certificates-2019.2.32-76.amzn2.0.3.noarch | 
| gettext-0.19.8.1-3.amzn2.x86\_64 | 
| gettext-libs-0.19.8.1-3.amzn2.x86\_64 | 
| kernel-4.14.192-147.314.amzn2.x86\_64 | 
| kernel-tools-4.14.192-147.314.amzn2.x86\_64 | 
| kpatch-runtime-0.8.0-4.amzn2.noarch | 
| python-2.7.18-1.amzn2.0.1.x86\_64 | 
| python-devel-2.7.18-1.amzn2.0.1.x86\_64 | 
| python-libs-2.7.18-1.amzn2.0.1.x86\_64 | 
| python2-botocore-1.17.31-1.amzn2.0.1.noarch | 
| python2-rsa-3.4.1-1.amzn2.0.1.noarch | 
| tzdata-2020a-1.amzn2.noarch | 

## Kernel updates
<a name="kernel-updates-20200824"></a>

Rebase kernel to upstream stable 4.14.192.

Include Nitro Enclave module.

CVEs fixed:
+ CVE-2017-18232 [kernel: Mishandling mutex within libsas allowing local Denial of Service]
+ CVE-2018-10323 [kernel: Invalid pointer dereference in xfs\_bmapi\_write() when mounting and operating on crafted xfs image allows denial of service]
+ CVE-2018-8043 [kernel: NULL pointer dereference in drivers/net/phy/mdio-bcm-unimac.c:unimac\_mdio\_probe() can lead to denial of service]
+ CVE-2019-18808 [kernel: memory leak in ccp\_run\_sha\_cmd() function in drivers/crypto/ccp/ccp-ops.c]
+ CVE-2019-19054 [kernel: A memory leak in the cx23888\_ir\_probe() function in drivers/media/pci/cx23885/cx23888-ir.c allows attackers to cause a DoS]
+ CVE-2019-19061 [kernel: A memory leak in the adis\_update\_scan\_mode\_burst() function in drivers/iio/imu/adis\_buffer.c allows for a DoS]
+ CVE-2019-19073 [kernel: Memory leaks in drivers/net/wireless/ath/ath9k/htc\_hst.c in the Linux kernel (DOS)]
+ CVE-2019-19074 [kernel: a memory leak in the ath9k management function in allows local DoS]
+ CVE-2019-3016 [kernel: kvm: Information leak within a KVM guest]
+ CVE-2019-9445 [kernel: out of bounds read due to missing bounds check in F2FS driver leads to local information disclosure]
+ CVE-2020-10781 [kernel: zram sysfs resource consumption]
+ CVE-2020-12655 [kernel: sync of excessive duration via an XFS v5 image with crafted metadata]
+ CVE-2020-15393 [kernel: memory leak in usbtest\_disconnect function in drivers/usb/misc/usbtest.c]

Other Fixes:
+ Fixes memory leak in network device registration [net: fix memleak in register\_netdevice()]
+ Fixes unresponsive system when simultaneously onlining/offlining block queues [blk-mq: fix unresponsive system caused by freeze/unfreeze sequence]
+ Fixes build error in kunit tests [kunit: fix failure to build without printk]
+ Fixes build error in xfs [xfs: fix string handling in label get/set functions]