Amazon Linux Ami Install Docker



See Securely Connect to Linux Instances Running in a Private Amazon VPC for a step-by-step guide on how to use SSH agent forwarding. Install GitLab and create custom AMI. We will need a preconfigured, custom GitLab AMI to use in our launch configuration later. As a starting point, we will use the official GitLab AMI to create a GitLab instance. Amazon Linux provides a stable, secure, and high-performance execution environment for applications.

Product details are accessible from the Amazon Linux 2 page

Amazon Linux 2 is the next generation of Amazon Linux, a Linux server operating system from Amazon Web Services (AWS). It is designed to provide a secure, stable, and high performance execution environment for customers to develop and run a wide variety of cloud and enterprise applications. With Amazon Linux 2, customers get an application environment that offers long term support with access to the latest innovations in the Linux community. Amazon Linux 2 is provided at no additional charge.

Amazon Linux 2.0.20210303.0 Update

Major Updates: None

Updated Packages:

Amazon Linux Ami Install Docker

+kernel-4.14.219-164.354.amzn2.x86_64
+kernel-devel-4.14.219-164.354.amzn2.x86_64
+kernel-headers-4.14.219-164.354.amzn2.x86_64
+kernel-tools-4.14.219-164.354.amzn2.x86_64

Kernel Update: None

Amazon Linux 2.0.20210219.0 Update

Major Updates: None

Minor Updates:

  • Fix minor regression in x86_64 launch time

Updated Packages:

+boost-date-time-1.53.0-27.amzn2.0.5.x86_64
+boost-system-1.53.0-27.amzn2.0.5.x86_64
+boost-thread-1.53.0-27.amzn2.0.5.x86_64
+ca-certificates-2020.2.41-70.0.amzn2.0.1.noarch
+glibc-2.26-41.amzn2.aarch64
+glibc-2.26-41.amzn2.x86_64
+glibc-all-langpacks-2.26-41.amzn2.aarch64
+glibc-all-langpacks-2.26-41.amzn2.x86_64
+glibc-common-2.26-41.amzn2.aarch64
+glibc-common-2.26-41.amzn2.x86_64
+glibc-devel-2.26-41.amzn2.x86_64
+glibc-headers-2.26-41.amzn2.x86_64
+glibc-langpack-en-2.26-41.amzn2.aarch64
+glibc-langpack-en-2.26-41.amzn2.x86_64
+glibc-locale-source-2.26-41.amzn2.aarch64
+glibc-locale-source-2.26-41.amzn2.x86_64
+glibc-minimal-langpack-2.26-41.amzn2.aarch64
+glibc-minimal-langpack-2.26-41.amzn2.x86_64
+kernel-4.14.219-161.340.amzn2.aarch64
+kernel-4.14.219-161.340.amzn2.x86_64
+kernel-devel-4.14.219-161.340.amzn2.x86_64
+kernel-headers-4.14.219-161.340.amzn2.x86_64
+kernel-tools-4.14.219-161.340.amzn2.aarch64
+kernel-tools-4.14.219-161.340.amzn2.x86_64
+libcrypt-2.26-41.amzn2.aarch64
+libcrypt-2.26-41.amzn2.x86_64
+openssl-1.0.2k-19.amzn2.0.6.aarch64
+openssl-1.0.2k-19.amzn2.0.6.x86_64
+openssl-libs-1.0.2k-19.amzn2.0.6.aarch64
+openssl-libs-1.0.2k-19.amzn2.0.6.x86_64
+perl-5.16.3-299.amzn2.0.1.aarch64
+perl-5.16.3-299.amzn2.0.1.x86_64
+perl-libs-5.16.3-299.amzn2.0.1.aarch64
+perl-libs-5.16.3-299.amzn2.0.1.x86_64
+perl-macros-5.16.3-299.amzn2.0.1.aarch64
+perl-macros-5.16.3-299.amzn2.0.1.x86_64
+perl-Pod-Escapes-1.04-299.amzn2.0.1.noarch
+pygpgme-0.3-9.amzn2.0.3.aarch64
+pygpgme-0.3-9.amzn2.0.3.x86_64
+python-2.7.18-1.amzn2.0.3.aarch64
+python-2.7.18-1.amzn2.0.3.x86_64
+python-devel-2.7.18-1.amzn2.0.3.aarch64
+python-devel-2.7.18-1.amzn2.0.3.x86_64
+python-libs-2.7.18-1.amzn2.0.3.aarch64
+python-libs-2.7.18-1.amzn2.0.3.x86_64
+rng-tools-6.8-3.amzn2.0.5.aarch64
+rng-tools-6.8-3.amzn2.0.5.x86_64
+selinux-policy-3.13.1-192.amzn2.6.7.noarch
+selinux-policy-targeted-3.13.1-192.amzn2.6.7.noarch
+sudo-1.8.23-10.amzn2.1.aarch64
+sudo-1.8.23-10.amzn2.1.x86_64
+unzip-6.0-43.amzn2.aarch64
+unzip-6.0-43.amzn2.x86_64

Kernel Update:

  • Rebase kernel to upstream stable 4.14.219
  • CVEs Fixed:
    • CVE-2020-28374 [scsi: target: Fix XCOPY NAA identifier lookup]
    • CVE-2021-3178 [nfsd4: readdirplus shouldn't return parent of export]
    • CVE-2020-27825 [tracing: Fix race in trace_open and buffer resize call]
    • CVE-2021-3347 [futex: Ensure the correct return value from futex_lock_pi()]
    • CVE-2021-3348 [nbd: freeze the queue while we're adding connections]
  • Backported Fixes:
    • NFS: Do uncached readdir when we're seeking a cookie in an empty page cache
  • Other Fixes:
    • virtio_net: Fix recursive call to cpus_read_lock()
    • net-sysfs: take the rtnl lock when storing xps_cpus
    • net: ethernet: ti: cpts: fix ethtool output when no ptp_clock registered
    • vhost_net: fix ubuf refcount incorrectly when sendmsg fails
    • net-sysfs: take the rtnl lock when accessing xps_cpus_map and num_tc
    • crypto: ecdh - avoid buffer overflow in ecdh_set_secret()
    • x86/mm: Fix leak of pmd ptlock
    • KVM: x86: fix shift out of bounds reported by UBSAN
    • net: ip: always refragment ip defragmented packets
    • x86/resctrl: Use an IPI instead of task_work_add() to update PQR_ASSOC MSR
    • x86/resctrl: Don't move a task to the same resource group
    • cpufreq: powernow-k8: pass policy rather than use cpufreq_cpu_get()
    • iommu/intel: Fix memleak in intel_irq_remapping_alloc
    • KVM: arm64: Don't access PMCR_EL0 when no PMU is available
    • mm/hugetlb: fix potential missing huge page size info
    • dm snapshot: flush merged data before committing metadata
    • ext4: fix bug for rename with RENAME_WHITEOUT
    • NFS4: Fix use-after-free in trace_event_raw_event_nfs4_set_lock
    • ext4: fix superblock checksum failure when setting password salt
    • mm, slub: consider rest of partial list if acquire_slab() fails
    • rxrpc: Fix handling of an unsupported token type in rxrpc_read()
    • tipc: fix NULL deref in tipc_link_xmit()
    • net: use skb_list_del_init() to remove from RX sublists
    • net: introduce skb_list_walk_safe for skb segment walking
    • dm: avoid filesystem lookup in dm_get_dev_t()
    • skbuff: back tiny skbs with kmalloc() in __netdev_alloc_skb() too
    • tracing: Fix race in trace_open and buffer resize call
    • x86/boot/compressed: Disable relocation relaxation
    • nbd: freeze the queue while we're adding connections
    • KVM: x86: get smi pending status correctly
    • x86/entry/64/compat: Preserve r8-r11 in int $0x80
    • x86/entry/64/compat: Fix x86/entry/64/compat: Preserve r8-r11 in int $0x80

Amazon Linux 2.0.20210126.0 Update

Major Updates:

  • Amazon Linux 2 can now connect to its yum repositories over https. This can be enabled on boot or at runtime. Amazon Linux 2 can now connect to its yum repositories over https. This can be enabled on boot or at runtime. See forum post to learn more.
  • Updated Packages:
    +chrony-3.5.1-1.amzn2.0.1.aarch64
    +chrony-3.5.1-1.amzn2.0.1.x86_64
    +cloud-init-19.3-5.amzn2.noarch
    +cuda-9.2.88-0.amzn2.x86_64
    +kernel-4.14.214-160.339.amzn2.aarch64
    +kernel-4.14.214-160.339.amzn2.x86_64
    +kernel-devel-4.14.214-160.339.amzn2.x86_64
    +kernel-headers-4.14.214-160.339.amzn2.x86_64
    +kernel-tools-4.14.214-160.339.amzn2.aarch64
    +kernel-tools-4.14.214-160.339.amzn2.x86_64
    +kpatch-runtime-0.9.2-4.amzn2.noarch
    +libsss_idmap-1.16.5-10.amzn2.6.aarch64
    +libsss_idmap-1.16.5-10.amzn2.6.x86_64
    +libsss_nss_idmap-1.16.5-10.amzn2.6.aarch64
    +libsss_nss_idmap-1.16.5-10.amzn2.6.x86_64
    +ncurses-compat-libs-6.0-8.20170212.amzn2.1.3.x86_64
    +nettle-2.7.1-8.amzn2.0.2.aarch64
    +nettle-2.7.1-8.amzn2.0.2.x86_64
    +p11-kit-0.23.22-1.amzn2.0.1.aarch64
    +p11-kit-0.23.22-1.amzn2.0.1.x86_64
    +p11-kit-trust-0.23.22-1.amzn2.0.1.aarch64
    +p11-kit-trust-0.23.22-1.amzn2.0.1.x86_64
    +sssd-client-1.16.5-10.amzn2.6.aarch64
    +sssd-client-1.16.5-10.amzn2.6.x86_64
    +sudo-1.8.23-4.amzn2.2.1.aarch64
    +sudo-1.8.23-4.amzn2.2.1.x86_64
    +tzdata-2020d-2.amzn2.noarch
    +xorg-x11-server-common-1.20.4-15.amzn2.0.1.x86_64
    +xorg-x11-server-Xorg-1.20.4-15.amzn2.0.1.x86_64

Kernel Update:

Amazon Linux Ami Install Docker Kubernetes

  • Rebase kernel to upstream stable 4.14.214
  • CVEs Fixed:
    • CVE-2019-19813 [btrfs: inode: Verify inode mode to avoid NULL pointer dereference]
    • CVE-2019-19816 [btrfs: inode: Verify inode mode to avoid NULL pointer dereference]
    • CVE-2020-29661 [tty: Fix ->pgrp locking in tiocspgrp()]
    • CVE-2020-29660 [tty: Fix ->session locking]
    • CVE-2020-27830 [speakup: Reject setting the speakup line discipline outside of speakup]
    • CVE-2020-27815 [jfs: Fix array index bounds check in dbAdjTree]
    • CVE-2020-29568 [xen/xenbus: Allow watches discard events before queueing]
    • CVE-2020-29569 [xen-blkback: set ring->xenblkd to NULL after kthread_stop()]
  • Backported Fixes:
    • SMB3: Add support for getting and setting SACLs
    • Add SMB 2 support for getting and setting SACLs
  • Other Fixes:
    • mm: memcontrol: fix excessive complexity in memory.stat reporting
    • PCI: Fix pci_slot_release() NULL pointer dereference
    • ext4: fix deadlock with fs freezing and EA inodes
    • ext4: fix a memory leak of ext4_free_data
    • sched/deadline: Fix sched_dl_global_validate()
    • cifs: fix potential use-after-free in cifs_echo_request()
    • btrfs: fix return value mixup in btrfs_get_extent
    • btrfs: fix lockdep splat when reading qgroup config on mount

Amazon Linux 2 2.0.20201218.1 Update

Major Updates:

  • Lots of security updates- Please see https://alas.aws.amazon.com/ for more details
  • Renewed GPG key
  • Update to system-release to allow for use of HTTPS repositories for Amazon Linux

Updated packages:

+amazon-linux-extras-1.6.13-1.amzn2.noarch
+amazon-linux-extras-yum-plugin-1.6.13-1.amzn2.noarch
+bind-export-libs-9.11.4-26.P2.amzn2.2.aarch64
+bind-export-libs-9.11.4-26.P2.amzn2.2.x86_64
+bind-libs-9.11.4-26.P2.amzn2.2.aarch64
+bind-libs-9.11.4-26.P2.amzn2.2.x86_64
+bind-libs-lite-9.11.4-26.P2.amzn2.2.aarch64
+bind-libs-lite-9.11.4-26.P2.amzn2.2.x86_64
+bind-license-9.11.4-26.P2.amzn2.2.noarch
+bind-utils-9.11.4-26.P2.amzn2.2.aarch64
+bind-utils-9.11.4-26.P2.amzn2.2.x86_64
+cairo-1.15.12-4.amzn2.x86_64
+cpp-7.3.1-12.amzn2.x86_64
+dejavu-fonts-common-2.33-6.amzn2.noarch
+dejavu-sans-fonts-2.33-6.amzn2.noarch
+dejavu-sans-mono-fonts-2.33-6.amzn2.noarch
+dejavu-serif-fonts-2.33-6.amzn2.noarch
+fontconfig-2.13.0-4.3.amzn2.x86_64
+fontpackages-filesystem-1.44-8.amzn2.noarch
+freeglut-devel-3.0.0-8.amzn2.x86_64
+freetype-2.8-14.amzn2.1.aarch64
+freetype-2.8-14.amzn2.1.x86_64
+gcc-7.3.1-12.amzn2.x86_64
+gcc-c++-7.3.1-12.amzn2.x86_64
+giflib-4.1.6-9.amzn2.0.2.x86_64
+glibc-2.26-39.amzn2.aarch64
+glibc-2.26-39.amzn2.x86_64
+glibc-all-langpacks-2.26-39.amzn2.aarch64
+glibc-all-langpacks-2.26-39.amzn2.x86_64
+glibc-common-2.26-39.amzn2.aarch64
+glibc-common-2.26-39.amzn2.x86_64
+glibc-devel-2.26-39.amzn2.x86_64
+glibc-headers-2.26-39.amzn2.x86_64
+glibc-langpack-en-2.26-39.amzn2.aarch64
+glibc-langpack-en-2.26-39.amzn2.x86_64
+glibc-locale-source-2.26-39.amzn2.aarch64
+glibc-locale-source-2.26-39.amzn2.x86_64
+glibc-minimal-langpack-2.26-39.amzn2.aarch64
+glibc-minimal-langpack-2.26-39.amzn2.x86_64
+gl-manpages-1.1-7.20130122.amzn2.noarch
+gpg-pubkey-7fa2af80-576db785
+java-11-amazon-corretto-11.0.9+12-1.amzn2.x86_64
+java-11-amazon-corretto-headless-11.0.9+12-1.amzn2.x86_64
+javapackages-tools-3.4.1-11.amzn2.noarch
+kernel-4.14.209-160.339.amzn2.aarch64
+kernel-4.14.209-160.339.amzn2.x86_64
+kernel-devel-4.14.209-160.339.amzn2.x86_64
+kernel-headers-4.14.209-160.339.amzn2.x86_64
+kernel-tools-4.14.209-160.339.amzn2.aarch64
+kernel-tools-4.14.209-160.339.amzn2.x86_64
+libatomic-7.3.1-12.amzn2.x86_64
+libcilkrts-7.3.1-12.amzn2.x86_64
+libcrypt-2.26-39.amzn2.aarch64
+libcrypt-2.26-39.amzn2.x86_64
+libdrm-devel-2.4.97-2.amzn2.x86_64
+libgcc-7.3.1-12.amzn2.aarch64
+libgcc-7.3.1-12.amzn2.x86_64
+libglvnd-core-devel-1.0.1-0.1.git5baa1e5.amzn2.0.1.x86_64
+libglvnd-devel-1.0.1-0.1.git5baa1e5.amzn2.0.1.x86_64
+libglvnd-opengl-1.0.1-0.1.git5baa1e5.amzn2.0.1.x86_64
+libgomp-7.3.1-12.amzn2.aarch64
+libgomp-7.3.1-12.amzn2.x86_64
+libICE-devel-1.0.9-9.amzn2.0.2.x86_64
+libitm-7.3.1-12.amzn2.x86_64
+libmpx-7.3.1-12.amzn2.x86_64
+libquadmath-7.3.1-12.amzn2.x86_64
+libsanitizer-7.3.1-12.amzn2.x86_64
+libSM-devel-1.2.2-2.amzn2.0.2.x86_64
+libstdc++-7.3.1-12.amzn2.aarch64
+libstdc++-7.3.1-12.amzn2.x86_64
+libvdpau-1.1.1-3.amzn2.0.2.x86_64
+libX11-1.6.7-3.amzn2.x86_64
+libX11-common-1.6.7-3.amzn2.noarch
+libX11-devel-1.6.7-3.amzn2.x86_64
+libXau-devel-1.0.8-2.1.amzn2.0.2.x86_64
+libxcb-devel-1.12-1.amzn2.0.2.x86_64
+libXdamage-devel-1.1.4-4.1.amzn2.0.2.x86_64
+libXext-devel-1.3.3-3.amzn2.0.2.x86_64
+libXfixes-devel-5.0.3-1.amzn2.0.2.x86_64
+libXi-devel-1.7.9-1.amzn2.0.2.x86_64
+libXmu-devel-1.1.2-2.amzn2.0.2.x86_64
+libxslt-1.1.28-6.amzn2.x86_64
+libXt-devel-1.1.5-3.amzn2.0.2.x86_64
+libXxf86vm-devel-1.1.4-1.amzn2.0.2.x86_64
+mesa-khr-devel-18.3.4-5.amzn2.0.1.x86_64
+mesa-libGL-devel-18.3.4-5.amzn2.0.1.x86_64
+mesa-libGLU-devel-9.0.0-4.amzn2.0.2.x86_64
+openssl-1.0.2k-19.amzn2.0.4.aarch64
+openssl-1.0.2k-19.amzn2.0.4.x86_64
+openssl-libs-1.0.2k-19.amzn2.0.4.aarch64
+openssl-libs-1.0.2k-19.amzn2.0.4.x86_64
+python-javapackages-3.4.1-11.amzn2.noarch
+python-lxml-3.2.1-4.amzn2.0.2.x86_64
+selinux-policy-3.13.1-192.amzn2.6.5.noarch
+selinux-policy-targeted-3.13.1-192.amzn2.6.5.noarch
+system-release-2-13.amzn2.aarch64
+system-release-2-13.amzn2.x86_64
+vulkan-filesystem-1.0.61.1-2.amzn2.noarch
+xorg-x11-proto-devel-2018.4-1.amzn2.0.2.noarch
+xorg-x11-server-common-1.20.4-12.amzn2.0.1.x86_64
+xorg-x11-server-Xorg-1.20.4-12.amzn2.0.1.x86_64

Kernel update:

  • Rebase kernel to upstream stable 4.14.209
  • ENA driver: update to v2.4.0
  • CVEs Fixed:
    • CVE-2020-27777 [powerpc/rtas: Restrict RTAS requests from userspace]
    • CVE-2020-25668 [tty: make FONTX ioctl use the tty pointer they were actually passed]
    • CVE-2020-25656 [vt: keyboard, extend func_buf_lock to readers]
    • CVE-2020-28974 [vt: Disable KD_FONT_OP_COPY]
    • CVE-2019-19770 [blktrace: fix debugfs use after free]
    • CVE-2020-8694 [powercap: restrict energy meter to root access]
    • CVE-2020-14351 [perf/core: Fix race in the perf_mmap_close() function]
    • CVE-2020-27673 [xen/events: add a proper barrier to 2-level uevent unmasking]
    • CVE-2020-27675 [xen/events: avoid removing an event channel while handling it]
    • CVE-2020-25704 [perf/core: Fix a memory leak in perf_event_parse_addr_filter()]
    • CVE-2020-25669 [Input: sunkbd * avoid use-after-free in teardown paths]
    • CVE-2020-28941 [speakup: Do not let the line discipline be used several times]
  • Other Fixes:
    • PM: hibernate: Batch hibernate and resume IO requests
    • nfsd: Fix races between nfsd4_cb_release() and nfsd4_shutdown_callback()
    • x86/unwind/orc: Fix inactive tasks with stack pointer in %sp on GCC 10 compiled kernels
    • ext4: fix leaking sysfs kobject after failed mount
    • xfs: flush new eof page on truncate to avoid post-eof corruption
    • time: Prevent undefined behaviour in timespec64_to_ns()
    • mm: mempolicy: fix potential pte_unmap_unlock pte error
    • blk-cgroup: Fix memleak on error path

Amazon Linux 2 2.0.20201111.0 Update

Major Updates:

  • glibc bug fix for time calculation errors when using dates after 2038
  • Improved instance launch time
    • The new dracut-config-ec2 package ensures that the initramfs built for use inside EC2 don’t include extra files that aren’t used by default inside EC2. This has a small but measurable effect in reducing the time it takes to launch an Amazon Linux 2 EC2 instance. Note that if you are reconfiguring your instance to use an LVM or software-RAID boot device, you should remove this package and generate an initramfs containing support for these virtual devices. Do this by invoking the following:
dracut -f

This can be automated using cloud-init with the following cloud-config:

#cloud-config
runcmd:
- yum remove -y dracut-config-ec2
- dracut –force

Updated packages:

amazon-ssm-agent: 2.3.1319.0-1. → 3.0.161.0-1.
bash: 4.2.46-33. → 4.2.46-34.
cpio: 2.11-27. → 2.11-28.
e2fsprogs: None → 1.42.9-19.
e2fsprogs-libs: None → 1.42.9-19.
expat: None → 2.1.0-12.
glibc: 2.26-35. → 2.26-38.
glibc-all-langpacks: 2.26-35. → 2.26-38.
glibc-common: 2.26-35. → 2.26-38.
glibc-locale-source: 2.26-35. → 2.26-38.
glibc-minimal-langpack: 2.26-35. → 2.26-38.
hunspell: None → 1.3.2-16.
kernel: 4.14.193-149.317. → 4.14.203-156.332.
kernel-tools: 4.14.193-149.317. → 4.14.203-156.332.
libcroco: None → 0.6.12-6.
libcrypt: 2.26-35. → 2.26-38.
libmspack: 0.5-0.7.alpha. → 0.5-0.8.alpha.
libpng: None → 1.5.13-8.
libss: None → 1.42.9-19.
libtiff: 4.0.3-32. → 4.0.3-35.
libxslt: None → 1.1.28-6.
mariadb-libs: 5.5.64-1. → 5.5.68-1.
nspr: None → 4.25.0-2.
nss: 3.44.0-7. → 3.53.1-3.
nss-softokn: 3.44.0-8. → 3.53.1-6.
nss-softokn-freebl: 3.44.0-8. → 3.53.1-6.
nss-sysinit: 3.44.0-7. → 3.53.1-3.
nss-tools: 3.44.0-7. → 3.53.1-3.
nss-util: 3.44.0-4. → 3.53.1-1.
openldap: 2.4.44-15. → 2.4.44-22.
unzip: 6.0-20. → 6.0-21.
aws-cfn-bootstrap: None → 1.4-34.
dracut-config-ec2: None → 1.0-1.
ec2-net-utils: 1.4-2. → 1.4-3.
ec2-utils: 1.2-1. → 1.2-3.
glibc-devel: 2.26-35. → 2.26-38.
glibc-headers: 2.26-35. → 2.26-38.
kernel-devel: 4.14.193-149.317. → 4.14.203-156.332.
kernel-headers: 4.14.193-149.317. → 4.14.203-156.332.
nvidia: 418.87.00-0. → 450.80.02-0.
nvidia-dkms: 418.87.00-0. → 450.80.02-0.
glibc-langpack-en: 2.26-35. → 2.26-38.

Amazon Linux Ami Install Docker Ubuntu

Kernel update:

  • Rebase kernel to upstream stable 4.14.203
  • CVEs Fixed:
    • CVE-2020-12352 [Bluetooth: A2MP: Fix not initializing all members]
    • CVE-2020-12351 [Bluetooth: L2CAP: Fix calling sk_filter on non-socket based channel]
    • CVE-2020-24490 [Bluetooth: fix kernel oops in store_pending_adv_report]
    • CVE-2020-25211 [netfilter: ctnetlink: add a range check for l3/l4 protonum]
    • CVE-2020-0423 [binder: fix UAF when releasing todo list]
    • CVE-2020-14386 [net/packet: fix overflow in tpacket_rcv]
  • Other fixes:
    • Soft lockup Issue during writeback in presence of memory reclaim
    • Fix CIFS trailing characters

Amazon Linux 2 2.0.20200917.0 Update

Major Updates:
No major changes.

Updated packages: kernel-4.14.193-149.317.amzn2.x86_64, kernel-devel-4.14.193-149.317.amzn2.x86_64, kernel-headers-4.14.193-149.317.amzn2.x86_64, kernel-tools-4.14.193-149.317.amzn2.x86_64, libmetalink-0.1.3-13.amzn2.x86_64, python-2.7.18-1.amzn2.0.2.x86_64, python-devel-2.7.18-1.amzn2.0.2.x86_64, python-libs-2.7.18-1.amzn2.0.2.x86_64

Kernel update:
no update

Amazon Linux 2 2.0.20200904.0 Update

Major Updates:

This update primarily contains an update for two kernel CVEs as well as a fix for CVE-2019-20907 in python 2.7.18.

Updated packages:

kernel-devel-4.14.193-149.317.amzn2.x86_64
kernel-tools-4.14.193-149.317.amzn2.x86_64
python-devel-2.7.18-1.amzn2.0.2.x86_64

Kernel update:

  • Rebase Kernel to upstream stable 4.14.193
  • Updated EFA to ver 1.9.0g
  • CVEs fixed
    • CVE-2020-16166 [random32: update the net random state on interrupt and activity]
    • CVE-2020-14386 [net/packet: fix overflow in tpacket_rcv]
Amazon linux ami install docker centos

Amazon Linux 2 - 2.0.20200824.0 Update

Major Updates: This release contains security updates for gettext, python2-rsa, and python. We have also included the updated AWS CLI, and a bug fix for the amazon-linux-extras utility to no longer recommend deprecated topics.

Updated packages: amazon-linux-extras-1.6.12-1.amzn2.noarch amazon-linux-extras-yum-plugin-1.6.12-1.amzn2.noarch awscli-1.18.107-1.amzn2.0.1.noarch ca-certificates-2019.2.32-76.amzn2.0.3.noarch gettext-0.19.8.1-3.amzn2.x86_64 gettext-libs-0.19.8.1-3.amzn2.x86_64 kernel-4.14.192-147.314.amzn2.x86_64 kernel-tools-4.14.192-147.314.amzn2.x86_64 kpatch-runtime-0.8.0-4.amzn2.noarch python-2.7.18-1.amzn2.0.1.x86_64 python-devel-2.7.18-1.amzn2.0.1.x86_64 python-libs-2.7.18-1.amzn2.0.1.x86_64 python2-botocore-1.17.31-1.amzn2.0.1.noarch python2-rsa-3.4.1-1.amzn2.0.1.noarch tzdata-2020a-1.amzn2.noarch

Kernel update:

  • Rebase kernel to upstream stable 4.14.192
  • Include Nitro Enclave module
  • CVEs fixed
    • CVE-2017-18232 [kernel: Mishandling mutex within libsas allowing local Denial of Service]
    • CVE-2018-10323 [kernel: Invalid pointer dereference in xfs_bmapi_write() when mounting and operating on crafted xfs image allows denial of service]
    • CVE-2018-8043 [kernel: NULL pointer dereference in drivers/net/phy/mdio-bcm-unimac.c:unimac_mdio_probe() can lead to denial of service]
    • CVE-2019-18808 [kernel: memory leak in ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c]
    • CVE-2019-19054 [kernel: A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c allows attackers to cause a DoS]
    • CVE-2019-19061 [kernel: A memory leak in the adis_update_scan_mode_burst() function in drivers/iio/imu/adis_buffer.c allows for a DoS]
    • CVE-2019-19073 [kernel: Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel (DOS)]
    • CVE-2019-19074 [kernel: a memory leak in the ath9k management function in allows local DoS]
    • CVE-2019-3016 [kernel: kvm: Information leak within a KVM guest]
    • CVE-2019-9445 [kernel: out of bounds read due to missing bounds check in F2FS driver leads to local information disclosure]
    • CVE-2020-10781 [kernel: zram sysfs resource consumption]
    • CVE-2020-12655 [kernel: sync of excessive duration via an XFS v5 image with crafted metadata]
    • CVE-2020-15393 [kernel: memory leak in usbtest_disconnect function in drivers/usb/misc/usbtest.c]
  • Fix memory leak in network device registration [net: fix memleak in register_netdevice()]
  • Fix system hang when simultaneously onlining/offlining block queues [blk-mq: fix hang caused by freeze/unfreeze sequence]
  • Fix build error in kunit tests [kunit: fix failure to build without printk]
  • Fix build error in xfs [xfs: fix string handling in label get/set functions]

Amazon Linux 2 - 2.0.20200722.0 Update

Major Updates:

This update contains security updates for libxml2 and thunderbird as well as a dependency bug fix for system-rpm-config.

Updated packages: kernel-4.14.186-146.268.amzn2, libxml2-2.9.1-6.amzn2.4.1, qemu-3.1.0-8.amzn2.0.3, system-rpm-config-9.1.0-76.amzn2.0.10, thunderbird-68.10.0-1.amzn2

Kernel update:

  • Rebase kernel to upstream stable 4.14.186
  • Update ENA module to version 2.2.10g
  • CVEs fixed
    • CVE-2018-20669 [make 'user_access_begin()' do 'access_ok()']
    • CVE-2019-19462 [kernel/relay.c: handle alloc_percpu returning NULL in relay_open]
    • CVE-2020-0543 [addressed in microcode]
    • CVE-2020-10732 [fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()]
    • CVE-2020-10757 [mm: Fix mremap not considering huge pmd devmap]
    • CVE-2020-10766 [x86/speculation: Prepare for per task indirect branch speculation control]
    • CVE-2020-10767 [x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS]
    • CVE-2020-10768 [x86/speculation: PR_SPEC_FORCE_DISABLE enforcement for indirect branches]
    • CVE-2020-12771 [bcache: fix potential deadlock problem in btree_gc_coalesce]
    • CVE-2020-12888 [vfio-pci: Invalidate mmaps and block MMIO access on disabled memory]
  • Fix disallowing holes in swap files [iomap: don't allow holes in swapfiles]
  • Fix populating cache information [ACPI/PPTT: Handle architecturally unknown cache types]
  • Fix memory leaks in vfio/pci [vfio/pci: fix memory leaks in alloc_perm_bits()]
  • Fix error handling in btrfs [btrfs: fix error handling when submitting direct I/O bio]
  • Fix race leading to null pointer dereference in ext4 [ext4: fix race between ext4_sync_parent() and rename()]
  • Fix null pointer dereference in ext4 [ext4: fix error pointer dereference]
  • Fix memory leak in slub allocator [mm/slub: fix a memory leak in sysfs_slab_add()]

Amazon Linux 2 - 6/17/2020 Update

Major Updates:

  • Python 2.7 updated to most recent upstream version - 2.7.18.
    • Amazon Linux will continue to provide security fixes to Python 2.7 according to our Amazon Linux 2 support timeline. See Amazon Linux 2 FAQs.
  • ca-certificates fix for Sectigo intermediate CA expiration
    • See this forum thread for more details.
  • New Kernel with fixes for five CVEs (see below)

Updated packages: amazon-linux-extras-1.6.11-1,bind-export-libs-9.11.4-9,ca-certificates-2019.2.32-76,cloud-init-19.3-3,freetype-2.8-14,gdisk-0.8.10-3,glib2-2.56.1-5,kernel-4.14.181-140.257,libicu-50.2-4,libpng-1.5.13-7,python-2.7.18-1,python-devel-2.7.18-1,python-libs-2.7.18-1,python2-rpm-4.11.3-40,rpm-4.11.3-40,rpm-build-libs-4.11.3-40,rpm-libs-4.11.3-40,rpm-plugin-systemd-inhibit-4.11.3-40,selinux-policy-3.13.1-192,selinux-policy-targeted-3.13.1-192,yum-3.4.3-1

Kernel update:

  • Re-based kernel to upstream stable 4.14.181
  • Updated ENA module to version 2.2.8
  • CVEs fixed
    • CVE-2019-19319 [ext4: protect journal inode's blocks using block_validity]
    • CVE-2020-10751 [selinux: properly handle multiple messages in selinux_netlink_send()]
    • CVE-2020-1749 [net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup]
    • CVE-2019-19768 [blktrace: Protect q->blk_trace with RCU]
    • CVE-2020-12770 [scsi: sg: add sg_remove_request in sg_write]
  • Fix for a deadlock condition in xen-blkfront [xen-blkfront: Delay flush till queue lock dropped]
  • Fix for ORC unwinding [x86/unwind/orc: Fix unwind_get_return_address_ptr() for inactive tasks]

Amazon Linux 2 - 5/29/2020 Update

Major updates:

  • Kernel includes fix for Important ALAS: https://alas.aws.amazon.com/AL2/ALAS-2020-1425.html
  • Amazon Linux 2 Customers are encouraged to try out Kernel Live Patching Public Preview which would apply CVE fixes without a reboot. See https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/al2-live-patching.html

Updated packages: aws-cfn-bootstrap-1.4-32.amzn2.0.1, awscli-1.16.300-1.amzn2.0.2, bind-export-libs-9.11.4-9.P2.amzn2.0.3, bind-libs-9.11.4-9.P2.amzn2.0.3, bind-libs-lite-9.11.4-9.P2.amzn2.0.3. bind-license-9.11.4-9.P2.amzn2.0.3, bind-utils-9.11.4-9.P2.amzn2.0.3, freeglut-3.0.0-8.amzn2, freetype-2.8-14.amzn2, gdisk-0.8.10-3.amzn2, glib2-2.56.1-5.amzn2.0.1, gnupg2-2.0.22-5.amzn2.0.4, kernel-4.14.177-139.254.amzn2, kernel-tools-4.14.177-139.254.amzn2, langtable-0.0.31-4.amzn2, langtable-data-0.0.31-4, langtable-python-0.0.31-4, libX11-1.6.7-2.amzn2, libX11-common-1.6.7-2.amzn2, libXfont2-2.0.3-1.amzn2, libXrandr-1.5.1-2.amzn2.0.3, libdrm-2.4.97-2.amzn2, libfastjson-0.99.4-3.amzn2, libglvnd-1.0.1-0.1.git5baa1e5.amzn2.0.1, libglvnd-egl-1.0.1-0.1.git5baa1e5.amzn2.0.1, libglvnd-gles-1.0.1-0.1.git5baa1e5.amzn2.0.1, libglvnd-glx-1.0.1-0.1.git5baa1e5.amzn2.0.1, libicu-50.2-4.amzn2, libpng-1.5.13-7.amzn2.0.2, libtirpc-0.2.4-0.16.amzn2, libwayland-client-1.17.0-1.amzn2, libwayland-server-1.17.0-1.amzn2, mesa-libEGL-18.3.4-5.amzn2.0.1, mesa-libGL-18.3.4-5.amzn2.0.1, mesa-libgbm-18.3.4-5.amzn2.0.1, mesa-libglapi-18.3.4-5.amzn2.0.1, microcode_ctl-2.1-47.amzn2.0.6, openssl-1.0.2k-19.amzn2.0.3, openssl-libs-1.0.2k-19.amzn2.0.3, python-pillow-2.0.0-20.gitd1c6db8.amzn2.0.1, python2-rpm-4.11.3-40.amzn2.0.4, rpm-4.11.3-40.amzn2.0.4, rpm-build-libs-4.11.3-40.amzn2.0.4, rpm-libs-4.11.3-40.amzn2.0.4, rpm-plugin-systemd-inhibit-4.11.3-40.amzn2.0.4, selinux-policy-3.13.1-192.amzn2.6.1, selinux-policy-targeted-3.13.1-192.amzn2.6.1, sudo-1.8.23-4.amzn2.2, xorg-x11-server-Xorg-1.20.4-7.amzn2.0.2, xorg-x11-server-common-1.20.4-7.amzn2.0.2, yum-3.4.3-158.amzn2.0.4

Kernel update:

  1. Re-based Kernel to upstream stable 4.14.177
  2. CVE fixes
    • CVE-2020-10711 [netlabel: cope with NULL catmap]
    • CVE-2020-12826 [Extend exec_id to 64bits]
    • CVE-2020-12657 [block, bfq: fix use-after-free in bfq_idle_slice_timer_body]
    • CVE-2020-11565 [mm: mempolicy: require at least one nodeid for MPOL_PREFERRED]
    • CVE-2020-8648 [vt: selection, close sel_buffer race]
    • CVE-2020-1094 [vhost: Check docket sk_family instead of call getname]
    • CVE-2020-8649 [vgacon: Fix a UAF in vgacon_invert_region]
    • CVE-2020-8647 [vgacon: Fix a UAF in vgacon_invert_region]
    • CVE-2020-8648 [vt: selection, close sel_buffer race]
  3. Divide by zero scheduler fix
  4. Enabled L2TP in the configuration

Amazon Linux 2 - 7/18/2019 Update

An AWS-optimized Linux kernel 4.19 is now available in Amazon Linux 2 Extras channel in addition to the 4.14 kernel that receives long-term support. You can install and use the 4.19 kernel by running sudo amazon-linux-extras install kernel-ng and rebooting your instance.

Docker

Amazon Linux 2 - 6/27/2019 Update

Amazon EC2 Instance Connect is enabled by default

EC2 Instance Connect provides a simple and secure way to connect to your instances using Secure Shell (SSH). To disable the feature follow the steps to Uninstall EC2 Instance Connect.

Amazon Linux 2 - 5/23/2019 Update

NVIDIA GPU support: Amazon Linux 2 AMIs with NVIDIA GPU drivers pre-installed and pre-configured for use on P and G instance families are available on AWS Marketplace.

Amazon Linux 2 - 05/14/2019 Update

A new systemd service is added to launch on boot. The service will submit the host public keys for identity validation to support an upcoming feature for connecting to EC2 instances.

Amazon Linux 2 - 03/13/2019 Update

Docker

This update fixes incorrect permissions for some system files https://alas.aws.amazon.com/AL2/ALAS-2019-1175.html

Install Docker On Amazon Linux Ami

Amazon Linux 2 - 11/26/2018 Update

A1 support: Amazon Linux 2 is supported for use on A1 instances

Amazon Linux 2 - 11/19/2018 Update

ENA driver updates:

An ENA driver update that introduces Low Latency Queues (LLQ) for improved average and tail latencies. The update also adds support for receive checksum offload that improves CPU utilization.

Amazon Linux 2 - 10/31/2018 Update

OpenSSH daemon configuration file /etc/ssh/sshd_config updates

The OpenSSH daemon configuration file /etc/ssh/sshd_config has been updated. The AuthorizedKeysCommand value is configured to point to a customized script, /opt/aws/bin/curl_authorized_keys to support an upcoming feature to read SSH public keys; from the EC2 instance metadata during the SSH connection process.

Amazon Linux 2 - 9/25/2018 Update

Support for 32-bit Libraries: Amazon Linux 2 now supports 32-bit libraries and compatibility packages, which enables customers to run 32-bit applications on Amazon Linux 2. You can run 'yum update' on an Amazon Linux 2 instance to get the full 32-bit support. An updated Amazon Linux 2 AMI with full 32-bit support will also be available in the coming days.

Amazon Linux Ami Install Docker Virtualbox

Bug Fixes and Package Updates: This release also contains bug fixes and updates for several Amazon Linux 2 packages from their upstream projects.