Amazon Linux 2 version 2.0.20210126.0 release notes
These are the release notes for Amazon Linux 2 version 2.0.20210126.0.
Major updates
- 
          Amazon Linux 2 can now connect to its yum repositories over HTTPS. This can be enabled on boot or at runtime. Amazon Linux 2 can now connect to its yum repositories over HTTPS. This can be enabled on boot or at runtime. 
Package updates
Amazon Linux 2 includes the following packages.
| Packages | 
|---|
| chrony-3.5.1-1.amzn2.0.1.aarch64 | 
| chrony-3.5.1-1.amzn2.0.1.x86_64 | 
| cloud-init-19.3-5.amzn2.noarch | 
| cuda-9.2.88-0.amzn2.x86_64 | 
| kernel-4.14.214-160.339.amzn2.aarch64 | 
| kernel-4.14.214-160.339.amzn2.x86_64 | 
| kernel-devel-4.14.214-160.339.amzn2.x86_64 | 
| kernel-headers-4.14.214-160.339.amzn2.x86_64 | 
| kernel-tools-4.14.214-160.339.amzn2.aarch64 | 
| kernel-tools-4.14.214-160.339.amzn2.x86_64 | 
| kpatch-runtime-0.9.2-4.amzn2.noarch | 
| libsss_idmap-1.16.5-10.amzn2.6.aarch64 | 
| libsss_idmap-1.16.5-10.amzn2.6.x86_64 | 
| libsss_nss_idmap-1.16.5-10.amzn2.6.aarch64 | 
| libsss_nss_idmap-1.16.5-10.amzn2.6.x86_64 | 
| ncurses-compat-libs-6.0-8.20170212.amzn2.1.3.x86_64 | 
| nettle-2.7.1-8.amzn2.0.2.aarch64 | 
| nettle-2.7.1-8.amzn2.0.2.x86_64 | 
| p11-kit-0.23.22-1.amzn2.0.1.aarch64 | 
| p11-kit-0.23.22-1.amzn2.0.1.x86_64 | 
| p11-kit-trust-0.23.22-1.amzn2.0.1.aarch64 | 
| p11-kit-trust-0.23.22-1.amzn2.0.1.x86_64 | 
| sssd-client-1.16.5-10.amzn2.6.aarch64 | 
| sssd-client-1.16.5-10.amzn2.6.x86_64 | 
| sudo-1.8.23-4.amzn2.2.1.aarch64 | 
| sudo-1.8.23-4.amzn2.2.1.x86_64 | 
| tzdata-2020d-2.amzn2.noarch | 
| xorg-x11-server-common-1.20.4-15.amzn2.0.1.x86_64 | 
| xorg-x11-server-Xorg-1.20.4-15.amzn2.0.1.x86_64 | 
Kernel updates
Rebase kernel to upstream stable 4.14.214.
CVEs fixed:
- 
          CVE-2019-19813 [btrfs: inode: Verify inode mode to avoid NULL pointer dereference] 
- 
          CVE-2019-19816 [btrfs: inode: Verify inode mode to avoid NULL pointer dereference] 
- 
          CVE-2020-29661 [tty: Fix ->pgrp locking in tiocspgrp()] 
- 
          CVE-2020-29660 [tty: Fix ->session locking] 
- 
          CVE-2020-27830 [speakup: Reject setting the speakup line discipline outside of speakup] 
- 
          CVE-2020-27815 [jfs: Fix array index bounds check in dbAdjTree] 
- 
          CVE-2020-29568 [xen/xenbus: Allow watches discard events before queueing] 
- 
          CVE-2020-29569 [xen-blkback: set ring->xenblkd to NULL after kthread_stop()] 
Amazon Features and Backports:
- 
          SMB3: Adds support for getting and setting SACLs 
- 
          Adds SMB 2 support for getting and setting SACLs 
Other Fixes:
- 
          mm: memcontrol: Fixes excessive complexity in memory.stat reporting 
- 
          PCI: Fixes pci_slot_release() NULL pointer dereference 
- 
          ext4: Fixes deadlock with fs freezing and EA inodes 
- 
          ext4: Fixes a memory leak of ext4_free_data 
- 
          sched/deadline: Fixes sched_dl_global_validate() 
- 
          cifs: Fixes potential use-after-free in cifs_echo_request() 
- 
          btrfs: Fixes return value mixup in btrfs_get_extent 
- 
          btrfs: Fixes lockdep splat when reading qgroup config on mount