# Amazon Linux 2 version 2.0.20201218.0 release notes
<a name="relnotes-20201218"></a>

These are the release notes for Amazon Linux 2 version 2.0.20201218.0.

## Major updates
<a name="major-updates-20201218"></a>
+ Multiple security updates. For a complete list, see https://alas.aws.amazon.com/.
+ Renewed GPG key
+ Update to system-release to allow for use of HTTPS repositories for Amazon Linux

## Package updates
<a name="package-updates-20201218"></a>

Amazon Linux 2 includes the following packages.


| Packages | 
| --- | 
| amazon-linux-extras-1.6.13-1.amzn2.noarch | 
| amazon-linux-extras-yum-plugin-1.6.13-1.amzn2.noarch | 
| bind-export-libs-9.11.4-26.P2.amzn2.2.aarch64 | 
| bind-export-libs-9.11.4-26.P2.amzn2.2.x86\_64 | 
| bind-libs-9.11.4-26.P2.amzn2.2.aarch64 | 
| bind-libs-9.11.4-26.P2.amzn2.2.x86\_64 | 
| bind-libs-lite-9.11.4-26.P2.amzn2.2.aarch64 | 
| bind-libs-lite-9.11.4-26.P2.amzn2.2.x86\_64 | 
| bind-license-9.11.4-26.P2.amzn2.2.noarch | 
| bind-utils-9.11.4-26.P2.amzn2.2.aarch64 | 
| bind-utils-9.11.4-26.P2.amzn2.2.x86\_64 | 
| cairo-1.15.12-4.amzn2.x86\_64 | 
| cpp-7.3.1-12.amzn2.x86\_64 | 
| dejavu-fonts-common-2.33-6.amzn2.noarch | 
| dejavu-sans-fonts-2.33-6.amzn2.noarch | 
| dejavu-sans-mono-fonts-2.33-6.amzn2.noarch | 
| dejavu-serif-fonts-2.33-6.amzn2.noarch | 
| fontconfig-2.13.0-4.3.amzn2.x86\_64 | 
| fontpackages-filesystem-1.44-8.amzn2.noarch | 
| freeglut-devel-3.0.0-8.amzn2.x86\_64 | 
| freetype-2.8-14.amzn2.1.aarch64 | 
| freetype-2.8-14.amzn2.1.x86\_64 | 
| gcc-7.3.1-12.amzn2.x86\_64 | 
| gcc-c-7.3.1-12.amzn2.x86\_64 | 
| giflib-4.1.6-9.amzn2.0.2.x86\_64 | 
| glibc-2.26-39.amzn2.aarch64 | 
| glibc-2.26-39.amzn2.x86\_64 | 
| glibc-all-langpacks-2.26-39.amzn2.aarch64 | 
| glibc-all-langpacks-2.26-39.amzn2.x86\_64 | 
| glibc-common-2.26-39.amzn2.aarch64 | 
| glibc-common-2.26-39.amzn2.x86\_64 | 
| glibc-devel-2.26-39.amzn2.x86\_64 | 
| glibc-headers-2.26-39.amzn2.x86\_64 | 
| glibc-langpack-en-2.26-39.amzn2.aarch64 | 
| glibc-langpack-en-2.26-39.amzn2.x86\_64 | 
| glibc-locale-source-2.26-39.amzn2.aarch64 | 
| glibc-locale-source-2.26-39.amzn2.x86\_64 | 
| glibc-minimal-langpack-2.26-39.amzn2.aarch64 | 
| glibc-minimal-langpack-2.26-39.amzn2.x86\_64 | 
| gl-manpages-1.1-7.20130122.amzn2.noarch | 
| gpg-pubkey-7fa2af80-576db785 | 
| java-11-amazon-corretto-11.0.912-1.amzn2.x86\_64 | 
| java-11-amazon-corretto-headless-11.0.912-1.amzn2.x86\_64 | 
| javapackages-tools-3.4.1-11.amzn2.noarch | 
| kernel-4.14.209-160.339.amzn2.aarch64 | 
| kernel-4.14.209-160.339.amzn2.x86\_64 | 
| kernel-devel-4.14.209-160.339.amzn2.x86\_64 | 
| kernel-headers-4.14.209-160.339.amzn2.x86\_64 | 
| kernel-tools-4.14.209-160.339.amzn2.aarch64 | 
| kernel-tools-4.14.209-160.339.amzn2.x86\_64 | 
| libatomic-7.3.1-12.amzn2.x86\_64 | 
| libcilkrts-7.3.1-12.amzn2.x86\_64 | 
| libcrypt-2.26-39.amzn2.aarch64 | 
| libcrypt-2.26-39.amzn2.x86\_64 | 
| libdrm-devel-2.4.97-2.amzn2.x86\_64 | 
| libgcc-7.3.1-12.amzn2.aarch64 | 
| libgcc-7.3.1-12.amzn2.x86\_64 | 
| libglvnd-core-devel-1.0.1-0.1.git5baa1e5.amzn2.0.1.x86\_64 | 
| libglvnd-devel-1.0.1-0.1.git5baa1e5.amzn2.0.1.x86\_64 | 
| libglvnd-opengl-1.0.1-0.1.git5baa1e5.amzn2.0.1.x86\_64 | 
| libgomp-7.3.1-12.amzn2.aarch64 | 
| libgomp-7.3.1-12.amzn2.x86\_64 | 
| libICE-devel-1.0.9-9.amzn2.0.2.x86\_64 | 
| libitm-7.3.1-12.amzn2.x86\_64 | 
| libmpx-7.3.1-12.amzn2.x86\_64 | 
| libquadmath-7.3.1-12.amzn2.x86\_64 | 
| libsanitizer-7.3.1-12.amzn2.x86\_64 | 
| libSM-devel-1.2.2-2.amzn2.0.2.x86\_64 | 
| libstdc-7.3.1-12.amzn2.aarch64 | 
| libstdc-7.3.1-12.amzn2.x86\_64 | 
| libvdpau-1.1.1-3.amzn2.0.2.x86\_64 | 
| libX11-1.6.7-3.amzn2.x86\_64 | 
| libX11-common-1.6.7-3.amzn2.noarch | 
| libX11-devel-1.6.7-3.amzn2.x86\_64 | 
| libXau-devel-1.0.8-2.1.amzn2.0.2.x86\_64 | 
| libxcb-devel-1.12-1.amzn2.0.2.x86\_64 | 
| libXdamage-devel-1.1.4-4.1.amzn2.0.2.x86\_64 | 
| libXext-devel-1.3.3-3.amzn2.0.2.x86\_64 | 
| libXfixes-devel-5.0.3-1.amzn2.0.2.x86\_64 | 
| libXi-devel-1.7.9-1.amzn2.0.2.x86\_64 | 
| libXmu-devel-1.1.2-2.amzn2.0.2.x86\_64 | 
| libxslt-1.1.28-6.amzn2.x86\_64 | 
| libXt-devel-1.1.5-3.amzn2.0.2.x86\_64 | 
| libXxf86vm-devel-1.1.4-1.amzn2.0.2.x86\_64 | 
| mesa-khr-devel-18.3.4-5.amzn2.0.1.x86\_64 | 
| mesa-libGL-devel-18.3.4-5.amzn2.0.1.x86\_64 | 
| mesa-libGLU-devel-9.0.0-4.amzn2.0.2.x86\_64 | 
| openssl-1.0.2k-19.amzn2.0.4.aarch64 | 
| openssl-1.0.2k-19.amzn2.0.4.x86\_64 | 
| openssl-libs-1.0.2k-19.amzn2.0.4.aarch64 | 
| openssl-libs-1.0.2k-19.amzn2.0.4.x86\_64 | 
| python-javapackages-3.4.1-11.amzn2.noarch | 
| python-lxml-3.2.1-4.amzn2.0.2.x86\_64 | 
| selinux-policy-3.13.1-192.amzn2.6.5.noarch | 
| selinux-policy-targeted-3.13.1-192.amzn2.6.5.noarch | 
| system-release-2-13.amzn2.aarch64 | 
| system-release-2-13.amzn2.x86\_64 | 
| vulkan-filesystem-1.0.61.1-2.amzn2.noarch | 
| xorg-x11-proto-devel-2018.4-1.amzn2.0.2.noarch | 
| xorg-x11-server-common-1.20.4-12.amzn2.0.1.x86\_64 | 
| xorg-x11-server-Xorg-1.20.4-12.amzn2.0.1.x86\_64 | 

## Kernel updates
<a name="kernel-updates-20201218"></a>

Rebase kernel to upstream stable 4.14.209.

ENA driver: update to v2.4.0

CVEs fixed:
+ CVE-2020-27777 [powerpc/rtas: Restricts RTAS requests from userspace]
+ CVE-2020-25668 [tty: Makes FONTX ioctl use the tty pointer they were actually passed]
+ CVE-2020-25656 [vt: Keyboard, extend func\_buf\_lock to readers]
+ CVE-2020-28974 [vt: Disables KD\_FONT\_OP\_COPY]
+ CVE-2019-19770 [blktrace: Fixes debugfs use after free]
+ CVE-2020-8694 [powercap: Restricts energy meter to root access]
+ CVE-2020-14351 [perf/core: Fixes race in the perf\_mmap\_close() function]
+ CVE-2020-27673 [xen/events: Adds a proper barrier to 2-level uevent unmasking]
+ CVE-2020-27675 [xen/events: Avoids removing an event channel while handling it]
+ CVE-2020-25704 [perf/core: Fixes a memory leak in perf\_event\_parse\_addr\_filter()]
+ CVE-2020-25669 [Input: sunkbd \* Avoids use-after-free in teardown paths]
+ CVE-2020-28941 [speakup: Doesn't let the line discipline be used several times]

Other Fixes:
+ PM: hibernate: Batch hibernate and resume IO requests
+ nfsd: Fixes races between nfsd4\_cb\_release() and nfsd4\_shutdown\_callback()
+ x86/unwind/orc: Fixes inactive tasks with stack pointer in %sp on GCC 10 compiled kernels
+ ext4: Fixes leaking sysfs kobject after failed mount
+ xfs: Flushes new eof page on truncate to avoid post-eof corruption
+ time: Prevents undefined behaviour in timespec64\_to\_ns()
+ mm: mempolicy: Fixes potential pte\_unmap\_unlock pte error
+ blk-cgroup: Fixes memleak on error path