# Amazon Linux 2 version 2.0.20211103.0 release notes
<a name="relnotes-20211103"></a>

These are the release notes for Amazon Linux 2 version 2.0.20211103.0.

## Major updates
<a name="major-updates-20211103"></a>
+ `system-release` was updated to point the Amazon Linux repositories to the Amazon S3 dual stack IPv4/IPv6 endpoint.
**Note**  
The package data itself is still served from IPv4-only endpoints.

## Package updates
<a name="package-updates-20211103"></a>

Amazon Linux 2 includes the following packages.


| Packages | 
| --- | 
| aws-cfn-bootstrap-2.0-9.amzn2.noarch | 
| dracut-config-ec2-2.0-2.amzn2.noarch | 
| ec2-instance-connect-1.1-15.amzn2.noarch | 
| glibc-2.26-56.amzn2.aarch64 | 
| glibc-2.26-56.amzn2.x86\_64 | 
| glibc-all-langpacks-2.26-56.amzn2.aarch64 | 
| glibc-all-langpacks-2.26-56.amzn2.x86\_64 | 
| glibc-common-2.26-56.amzn2.aarch64 | 
| glibc-common-2.26-56.amzn2.x86\_64 | 
| glibc-devel-2.26-56.amzn2.x86\_64 | 
| glibc-headers-2.26-56.amzn2.x86\_64 | 
| glibc-langpack-en-2.26-56.amzn2.aarch64 | 
| glibc-langpack-en-2.26-56.amzn2.x86\_64 | 
| glibc-locale-source-2.26-56.amzn2.aarch64 | 
| glibc-locale-source-2.26-56.amzn2.x86\_64 | 
| glibc-minimal-langpack-2.26-56.amzn2.aarch64 | 
| glibc-minimal-langpack-2.26-56.amzn2.x86\_64 | 
| kernel-4.14.252-195.483.amzn2.aarch64 | 
| kernel-4.14.252-195.483.amzn2.x86\_64 | 
| kernel-devel-4.14.252-195.483.amzn2.x86\_64 | 
| kernel-headers-4.14.252-195.483.amzn2.x86\_64 | 
| kernel-tools-4.14.252-195.483.amzn2.aarch64 | 
| kernel-tools-4.14.252-195.483.amzn2.x86\_64 | 
| kpatch-runtime-0.9.4-2.amzn2.noarch | 
| libcrypt-2.26-56.amzn2.aarch64 | 
| libcrypt-2.26-56.amzn2.x86\_64 | 
| openssl-1.0.2k-19.amzn2.0.10.aarch64 | 
| openssl-1.0.2k-19.amzn2.0.10.x86\_64 | 
| openssl-libs-1.0.2k-19.amzn2.0.10.aarch64 | 
| openssl-libs-1.0.2k-19.amzn2.0.10.x86\_64 | 
| system-release-2-14.amzn2.aarch64 | 
| system-release-2-14.amzn2.x86\_64 | 

## Kernel updates
<a name="kernel-updates-20211103"></a>

Rebase kernel to upstream stable 4.14.252.

CVEs fixed:
+ CVE-2021-37159 [usb: hso: fix error handling code of hso\_create\_net\_device] 
+ CVE-2021-3744 [crypto: ccp - fix resource leaks in ccp\_run\_aes\_gcm\_cmd()] 
+ CVE-2021-3764 [crypto: ccp - fix resource leaks in ccp\_run\_aes\_gcm\_cmd()] 
+ CVE-2021-20317 [lib/timerqueue: Rely on rbtree semantics for next timer] 
+ CVE-2021-20321 [ovl: fix missing negative dentry check in ovl\_rename()] 
+ CVE-2021-41864 [bpf: Fix integer overflow in prealloc\_elems\_and\_freelist()]

Amazon Features and Backports:
+ Enable nitro-enclaves driver for arm64

Other Fixes:
+ md: Fixes a lock order reversal in md\_alloc 
+ arm64: Marks stack\_chk\_guard as ro\_after\_init 
+ cpufreq: schedutil: Uses kobject release() method to free sugov\_tunables 
+ cpufreq: schedutil: Destroys mutex before kobject\_put() frees the memory 
+ ext4: Fixes potential infinite loop in ext4\_dx\_readdir() 
+ nfsd4: Handles the NFSv4 READDIR 'dircount' hint being zero 
+ net\_sched: Fixes NULL deref in fifo\_set\_limit() 
+ perf/x86: Resets destroy callback on event init failure 
+ virtio: Writes back F\_VERSION\_1 before validation