Amazon Linux 2 06/17/2020 release notes
These are release notes for Amazon Linux 2.
Major updates
- 
          Python 2.7 updated to most recent upstream version - 2.7.18. NoteAmazon Linux will continue to provide security fixes to Python 2.7 according to our Amazon Linux 2 support timeline. See Amazon Linux 2 FAQs . 
- 
          ca-certificates fix for Sectigo intermediate CA expiration NoteFor more information, see this forum thread . 
- 
          New Kernel with fixes for five CVEs (see below). 
Package updates
Amazon Linux 2 includes the following packages.
| Packages | 
|---|
| amazon-linux-extras-1.6.11-1 | 
| bind-export-libs-9.11.4-9 | 
| ca-certificates-2019.2.32-76 | 
| cloud-init-19.3-3,freetype-2.8-14 | 
| gdisk-0.8.10-3,glib2-2.56.1-5 | 
| kernel-4.14.181-140.257 | 
| libicu-50.2-4 | 
| libpng-1.5.13-7 | 
| python-2.7.18-1 | 
| python-devel-2.7.18-1 | 
| python-libs-2.7.18-1 | 
| python2-rpm-4.11.3-40 | 
| rpm-4.11.3-40 | 
| rpm-build-libs-4.11.3-40 | 
| rpm-libs-4.11.3-40 | 
| rpm-plugin-systemd-inhibit-4.11.3-40 | 
| selinux-policy-3.13.1-192 | 
| selinux-policy-targeted-3.13.1-192 | 
| yum-3.4.3-1 | 
Kernel updates
Rebase kernel to upstream stable 4.14.181.
Updated ENA module to version 2.2.8.
CVEs fixed:
- 
          CVE-2019-19319 [ext4: Protects journal inode's blocks using block_validity] 
- 
          CVE-2020-10751 [selinux: Properly handles multiple messages in selinux_netlink_send()] 
- 
          CVE-2020-1749 [net: ipv6_stub: Uses ip6_dst_lookup_flow instead of ip6_dst_lookup] 
- 
          CVE-2019-19768 [blktrace: Protects q->blk_trace with RCU] 
- 
          CVE-2020-12770 [scsi: sg: Adds sg_remove_request in sg_write] 
Other Fixes:
- 
          Fix for a deadlock condition in xen-blkfront [xen-blkfront: Delay flush till queue lock dropped] 
- 
          Fix for ORC unwinding [x86/unwind/orc: Fix unwind_get_return_address_ptr() for inactive tasks]