You can find product details on the Amazon Linux AMI page.

Amazon Linux 2018.03.0.20210408.0 Update

Major Updates:

  • iptables has been updated form 1.4.18 to 1.4.21

Updated Packages:

+amazon-ssm-agent-3.0.529.0-1.amzn1.x86_64
+iptables-1.4.21-34.33.amzn1.x86_64
+kernel-4.14.225-121.362.amzn1.x86_64
+kernel-devel-4.14.225-121.362.amzn1.x86_64
+kernel-headers-4.14.225-121.362.amzn1.x86_64
+kernel-tools-4.14.225-121.362.amzn1.x86_64
+libmnl-1.0.3-4.2.amzn1.x86_64
+libnetfilter_conntrack-1.0.4-1.7.amzn1.x86_64
+libnfnetlink-1.0.1-1.3.amzn1.x86_64
+openssh-7.4p1-21.75.amzn1.x86_64
+openssh-clients-7.4p1-21.75.amzn1.x86_64
+openssh-server-7.4p1-21.75.amzn1.x86_64
+python27-setuptools-36.2.7-1.35.amzn1.noarch
+screen-4.0.3-19.7.amzn1.x86_64

Amazon Linux 2018.03.0.20210319.0 Update

Major Updates:

  • No major updates. Reminder that AL1 is in Maintenance Support.

Updated Packages:

+bind-libs-9.8.2-0.68.rc1.86.amzn1.x86_64
+bind-utils-9.8.2-0.68.rc1.86.amzn1.x86_64
+cloud-init-0.7.6-43.23.amzn1.noarch
+ec2-net-utils-0.7-43.5.amzn1.noarch
+ec2-utils-0.7-43.5.amzn1.noarch
+grub-0.97-94.32.amzn1.x86_64
+kernel-4.14.225-121.357.amzn1.x86_64
+kernel-devel-4.14.225-121.357.amzn1.x86_64
+kernel-headers-4.14.225-121.357.amzn1.x86_64
+kernel-tools-4.14.225-121.357.amzn1.x86_64
+python27-pyliblzma-0.5.3-11.7.amzn1.x86_64
+yum-3.4.3-150.72.amzn1.noarch

Kernel Update:

  • Rebase kernel to upstream stable 4.14.225
  • CVEs Fixed:
    • CVE-2021-26930 [xen-blkback: fix error handling in xen_blkbk_map()]
    • CVE-2021-26931 [xen-blkback: don't "handle" error by BUG()]
    • CVE-2021-26932 [Xen/x86: don't bail early from clear_foreign_p2m_mapping()]
    • CVE-2021-27363 [scsi: iscsi: Restrict sessions and handles to admin capabilities]
    • CVE-2021-27364 [scsi: iscsi: Restrict sessions and handles to admin capabilities]
    • CVE-2021-27365 [scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE]
    • CVE-2021-28038 [Xen/gnttab: handle p2m update errors on a per-slot basis]
  • Amazon Features & Backports:
    • arm64: kaslr: Refactor early init command line parsing
    • arm64: Extend the kernel command line from the bootloader
    • arm64: Export acpi_psci_use_hvc() symbol
    • hwrng: Add Gravition RNG driver
    • iommu/vt-d: Skip TE disabling on quirky gfx dedicated iommu
    • x86/x2apic: Mark set_x2apic_phys_mode() as init
    • x86/apic: Deinline x2apic functions
    • x86/apic: Fix x2apic enablement without interrupt remapping
    • x86/msi: Only use high bits of MSI address for DMAR unit
    • x86/io_apic: Reevaluate vector configuration on activate()
    • x86/ioapic: Handle Extended Destination ID field in RTE
    • x86/apic: Support 15 bits of APIC ID in MSI where availabl
    • x86/kvm: Reserve KVM_FEATURE_MSI_EXT_DEST_ID
    • x86/kvm: Enable 15-bit extension when KVM_FEATURE_MSI_EXT_DEST_ID detected
    • arm64: HWCAP: add support for AT_HWCAP2
    • arm64: HWCAP: encapsulate elf_hwcap
    • arm64: Implement archrandom.h for ARMv8.5-RNG
    • mm: memcontrol: fix NR_WRITEBACK leak in memcg and system stats
    • mm: memcg: make sure memory.events is uptodate when waking pollers
    • mem_cgroup: make sure moving_account, move_lock_task and stat_cpu in the same cacheline
    • mm: fix oom_kill event handling
    • mm: writeback: use exact memcg dirty counts
  • Other Fixes:
    • net_sched: reject silly cell_log in qdisc_get_rtab()
    • x86: always_inline {rd,wr}msr()
    • net: lapb: Copy the skb before sending a packet
    • ipv4: fix race condition between route lookup and invalidation
    • mm: hugetlb: fix a race between isolating and freeing page
    • mm: hugetlb: remove VM_BUG_ON_PAGE from page_huge_active
    • mm: thp: fix MADV_REMOVE deadlock on shmem THP
    • x86/apic: Add extra serialization for non-serializing MSRs
    • iommu/vt-d: Do not use flush-queue when caching-mode is on
    • fgraph: Initialize tracing_graph_pause at task creation
    • ARM: ensure the signal page contains defined contents
    • kvm: check tlbs_dirty directly
    • ext4: fix potential htree index checksum corruption
    • mm/memory.c: fix potential pte_unmap_unlock pte error
    • mm/hugetlb: fix potential double free in hugetlb_register_node() error path
    • arm64: Add missing ISB after invalidating TLB in primary_switch
    • mm/rmap: fix potential pte_unmap on an not mapped pte
    • x86/reboot: Force all cpus to exit VMX root if VMX is supported
    • mm: hugetlb: fix a race between freeing and dissolving the page
    • arm64 module: set plt* section addresses to 0x0
    • xfs: Fix assert failure in xfs_setattr_size()

Amazon Linux 2018.03.0.20210224.0 Update

Major Updates: None

Updated Packages:

+kernel-4.14.219-119.340.amzn1.x86_64
+kernel-devel-4.14.219-119.340.amzn1.x86_64
+kernel-headers-4.14.219-119.340.amzn1.x86_64
+kernel-tools-4.14.219-119.340.amzn1.x86_64
+openssl-1.0.2k-16.153.amzn1.x86_64
+python27-2.7.18-2.141.amzn1.x86_64
+python27-devel-2.7.18-2.141.amzn1.x86_64
+python27-libs-2.7.18-2.141.amzn1.x86_64

Kernel Update:

  • Rebase kernel to upstream stable 4.14.219
  • CVEs Fixed:
    • CVE-2020-28374 [scsi: target: Fix XCOPY NAA identifier lookup]
    • CVE-2021-3178 [nfsd4: readdirplus shouldn't return parent of export]
    • CVE-2020-27825 [tracing: Fix race in trace_open and buffer resize call]
    • CVE-2021-3347 [futex: Ensure the correct return value from futex_lock_pi()]
    • CVE-2021-3348 [nbd: freeze the queue while we're adding connections]
  • Backported Fixes:
    • NFS: Do uncached readdir when we're seeking a cookie in an empty page cache
  • Other Fixes:
    • virtio_net: Fix recursive call to cpus_read_lock()
    • net-sysfs: take the rtnl lock when storing xps_cpus
    • net: ethernet: ti: cpts: fix ethtool output when no ptp_clock registered
    • vhost_net: fix ubuf refcount incorrectly when sendmsg fails
    • net-sysfs: take the rtnl lock when accessing xps_cpus_map and num_tc
    • crypto: ecdh - avoid buffer overflow in ecdh_set_secret()
    • x86/mm: Fix leak of pmd ptlock
    • KVM: x86: fix shift out of bounds reported by UBSAN
    • net: ip: always refragment ip defragmented packets
    • x86/resctrl: Use an IPI instead of task_work_add() to update PQR_ASSOC MSR
    • x86/resctrl: Don't move a task to the same resource group
    • cpufreq: powernow-k8: pass policy rather than use cpufreq_cpu_get()
    • iommu/intel: Fix memleak in intel_irq_remapping_alloc
    • KVM: arm64: Don't access PMCR_EL0 when no PMU is available
    • mm/hugetlb: fix potential missing huge page size info
    • dm snapshot: flush merged data before committing metadata
    • ext4: fix bug for rename with RENAME_WHITEOUT
    • NFS4: Fix use-after-free in trace_event_raw_event_nfs4_set_lock
    • ext4: fix superblock checksum failure when setting password salt
    • mm, slub: consider rest of partial list if acquire_slab() fails
    • rxrpc: Fix handling of an unsupported token type in rxrpc_read()
    • tipc: fix NULL deref in tipc_link_xmit()
    • net: use skb_list_del_init() to remove from RX sublists
    • net: introduce skb_list_walk_safe for skb segment walking
    • dm: avoid filesystem lookup in dm_get_dev_t()
    • skbuff: back tiny skbs with kmalloc() in __netdev_alloc_skb() too
    • tracing: Fix race in trace_open and buffer resize call
    • x86/boot/compressed: Disable relocation relaxation
    • nbd: freeze the queue while we're adding connections
    • KVM: x86: get smi pending status correctly
    • x86/entry/64/compat: Preserve r8-r11 in int $0x80
    • x86/entry/64/compat: Fix x86/entry/64/compat: Preserve r8-r11 in int $0x80

Amazon Linux 2018.03.0.20210126.0 Update

Major Updates: None

Updated Packages:
+bind-libs-9.8.2-0.68.rc1.85.amzn1.x86_64
+bind-utils-9.8.2-0.68.rc1.85.amzn1.x86_64
+ca-certificates-2018.2.22-65.1.23.amzn1.noarch
+e2fsprogs-1.43.5-2.44.amzn1.x86_64
+e2fsprogs-libs-1.43.5-2.44.amzn1.x86_64
+ec2-net-utils-0.7-2.4.amzn1.noarch
+ec2-utils-0.7-2.4.amzn1.noarch
+expat-2.1.0-12.24.amzn1.x86_64
+gnupg2-2.0.28-2.34.amzn1.x86_64
+kernel-4.14.214-118.339.amzn1.x86_64
+kernel-devel-4.14.214-118.339.amzn1.x86_64
+kernel-headers-4.14.214-118.339.amzn1.x86_64
+kernel-tools-4.14.214-118.339.amzn1.x86_64
+libblkid-2.23.2-63.33.amzn1.x86_64
+libcom_err-1.43.5-2.44.amzn1.x86_64
+libepoxy-1.2-3.3.amzn1.x86_64
+libevdev-1.4.5-2.4.amzn1.x86_64
+libmount-2.23.2-63.33.amzn1.x86_64
+libsmartcols-2.23.2-63.33.amzn1.x86_64
+libss-1.43.5-2.44.amzn1.x86_64
+libuuid-2.23.2-63.33.amzn1.x86_64
+libX11-1.6.0-2.2.13.amzn1.x86_64
+libX11-common-1.6.0-2.2.13.amzn1.x86_64
+libxslt-1.1.28-6.15.amzn1.x86_64
+mtdev-1.1.2-5.4.amzn1.x86_64
+python27-pip-9.0.3-1.28.amzn1.noarch
+python27-setuptools-36.2.7-1.34.amzn1.noarch
+ruby20-2.0.0.648-2.39.amzn1.x86_64
+ruby20-irb-2.0.0.648-2.39.amzn1.noarch
+ruby20-libs-2.0.0.648-2.39.amzn1.x86_64
+rubygem20-bigdecimal-1.2.0-2.39.amzn1.x86_64
+rubygem20-psych-2.0.0-2.39.amzn1.x86_64
+rubygems20-2.0.14.1-2.39.amzn1.noarch
+sudo-1.8.23-9.56.amzn1.x86_64
+system-release-2018.03-0.2.noarch
+tzdata-2020d-2.76.amzn1.noarch
+tzdata-java-2020d-2.76.amzn1.noarch
+util-linux-2.23.2-63.33.amzn1.x86_64
+vim-common-8.0.0503-1.47.amzn1.x86_64
+vim-enhanced-8.0.0503-1.47.amzn1.x86_64
+vim-filesystem-8.0.0503-1.47.amzn1.x86_64
+vim-minimal-8.0.0503-1.47.amzn1.x86_64
+xorg-x11-drv-evdev-2.9.2-1.7.amzn1.x86_64
+xorg-x11-drv-vesa-2.3.4-1.8.amzn1.x86_64
+xorg-x11-drv-void-1.4.1-1.8.amzn1.x86_64
+xorg-x11-server-common-1.17.4-18.43.amzn1.x86_64
+xorg-x11-server-Xorg-1.17.4-18.43.amzn1.x86_64

Kernel Update

  •  Rebase kernel to upstream stable 4.14.214
  • CVEs Fixed:
    • CVE-2019-19813 [btrfs: inode: Verify inode mode to avoid NULL pointer dereference]
    • CVE-2019-19816 [btrfs: inode: Verify inode mode to avoid NULL pointer dereference]
    • CVE-2020-29661 [tty: Fix ->pgrp locking in tiocspgrp()]
    • CVE-2020-29660 [tty: Fix ->session locking]
    • CVE-2020-27830 [speakup: Reject setting the speakup line discipline outside of speakup]
    • CVE-2020-27815 [jfs: Fix array index bounds check in dbAdjTree]
    • CVE-2020-29568 [xen/xenbus: Allow watches discard events before queueing]
    • CVE-2020-29569 [xen-blkback: set ring->xenblkd to NULL after kthread_stop()]
  • Backported Fixes:
    • SMB3: Add support for getting and setting SACLs
      Add SMB 2 support for getting and setting SACLs
  • Other Fixes:
    • mm: memcontrol: fix excessive complexity in memory.stat reporting
    • PCI: Fix pci_slot_release() NULL pointer dereference
    • ext4: fix deadlock with fs freezing and EA inodes
    • ext4: fix a memory leak of ext4_free_data
    • sched/deadline: Fix sched_dl_global_validate()
    • cifs: fix potential use-after-free in cifs_echo_request()
    • btrfs: fix return value mixup in btrfs_get_extent
    • btrfs: fix lockdep splat when reading qgroup config on mount

Amazon Linux 2018.03.0.20201209.1 Update 

Major Updates: Security updates to curl, openssl, and python27.

Updated packages:

curl-7.61.1-12.95.amzn1.x86_64
kernel-4.14.203-116.332.amzn1.x86_64
kernel-tools-4.14.203-116.332.amzn1.x86_64
libcurl-7.61.1-12.95.amzn1.x86_64
openssl-1.0.2k-16.152.amzn1.x86_64
python27-2.7.18-2.140.amzn1.x86_64
python27-devel-2.7.18-2.140.amzn1.x86_64
python27-libs-2.7.18-2.140.amzn1.x86_64

Kernel update

  • Rebase kernel to upstream stable 4.14.203
  • CVEs Fixed:
    • CVE-2020-12352 [Bluetooth: A2MP: Fix not initializing all members]
    • CVE-2020-12351 [Bluetooth: L2CAP: Fix calling sk_filter on non-socket based channel]
    • CVE-2020-24490 [Bluetooth: fix kernel oops in store_pending_adv_report]
    • CVE-2020-25211 [netfilter: ctnetlink: add a range check for l3/l4 protonum]
    • CVE-2020-0423 [binder: fix UAF when releasing todo list]
    • CVE-2020-14386 [net/packet: fix overflow in tpacket_rcv]
  •  Other fixes:
    • Soft lockup Issue during writeback in presence of memory reclaim
    • Fix CIFS trailing characters

Amazon Linux 2018.03.0.20201028.0 Update

Major Updates: None

Updated packages:
amazon-ssm-agent: 2.3.1319.0-1. → 3.0.161.0-1.
aws-cfn-bootstrap: 1.4-32.23. → 1.4-34.24.
kernel: 4.14.193-113.317. → 4.14.200-116.320.
kernel-devel: 4.14.193-113.317. → 4.14.200-116.320.
kernel-headers: 4.14.193-113.317. → 4.14.200-116.320.
kernel-tools: 4.14.193-113.317. → 4.14.200-116.320.
libxml2: 2.9.1-6.4.40. → 2.9.1-6.4.41.
libxml2-python27: 2.9.1-6.4.40. → 2.9.1-6.4.41.
ntp: 4.2.8p12-1.41. → 4.2.8p15-1.44.
ntpdate: 4.2.8p12-1.41. → 4.2.8p15-1.44.
rpm: 4.11.3-40.77. → 4.11.3-40.78.
rpm-build-libs: 4.11.3-40.77. → 4.11.3-40.78.
rpm-libs: 4.11.3-40.77. → 4.11.3-40.78.
rpm-python27: 4.11.3-40.77. → 4.11.3-40.78.
tzdata: 2019c-1.73. → 2020a-1.75.
tzdata-java: 2019c-1.73. → 2020a-1.75.tzdata-2019c.173.amzn1.noarch → tzdata-2020a-1.75.amzn1.noarch

Kernel update:

  • Rebase kernel to upstream stable 4.14.200
  • CVEs Fixed:
    • CVE-2019-19448 [btrfs: only search for left_info if there is no right_info in try_merge_free_space]
    • CVE-2020-25212 [nfs: Fix getxattr kernel panic and memory overflow]
    • CVE-2020-14331 [vgacon: Fix for missing check in scrollback handling]
    • CVE-2020-14314 [ext4: fix potential negative array index in do_split()]
    • CVE-2020-25285 [mm/hugetlb: fix a race between hugetlb sysctl handlers]
    • CVE-2020-25641 [block: allow for_each_bvec to support zero len bvec]
    • CVE-2020-25211 [netfilter: ctnetlink: add a range check for l3/l4 protonum]
    • CVE-2020-12888 [vfio-pci: Invalidate mmaps and block MMIO access on disabled memory]
    • CVE-2020-25284 [rbd: require global CAP_SYS_ADMIN for mapping and unmapping]
    • CVE-2020-14390 [fbcon: remove soft scrollback code]
    • CVE-2020-25645 [geneve: add transport ports in route lookup for geneve]
  • Other fixes:
    • nfs: optimise readdir cache page invalidation
    • nfs: Fix security label length not being reset

Amazon Linux 2018.03.0.20200918.0 Update

Major Updates:
removed aws-api-tools-ec2-1.7.3.0-2.1.amzn1.noarch

Updated packages:
tzdata-2019c.173.amzn1.noarch → tzdata-2020a-1.75.amzn1.noarch, tzdata-java-2019c-1.73.amzn1.noarch → tzdata-java-2020a-1.75.amzn1.noarch

Kernel update:
no update

Amazon Linux - 2018.03.0.20200904.0 Update

Major Updates:

Update to AWS CLI, as well as CVE fixes for kernel, ruby, and python. Also contains a fix for rpm usage on systems which ulimit for file descriptors is greater than 1024.

Updated packages:

aws-cli-1.18.107-1.55.amzn1.noarch kernel-4.14.193-113.317.amzn1.x86_64 kernel-devel-4.14.193-113.317.amzn1.x86_64 kernel-headers-4.14.193-113.317.amzn1.x86_64 kernel-tools-4.14.193-113.317.amzn1.x86_64 libxml2-2.9.1-6.4.40.amzn1.x86_64 libxml2-python27-2.9.1-6.4.40.amzn1.x86_64 python27-2.7.18-2.139.amzn1.x86_64 python27-botocore-1.17.31-1.72.amzn1.noarch python27-devel-2.7.18-2.139.amzn1.x86_64 python27-libs-2.7.18-2.139.amzn1.x86_64 python27-rsa-3.4.1-1.9.amzn1.noarch rpm-4.11.3-40.77.amzn1.x86_64 rpm-build-libs-4.11.3-40.77.amzn1.x86_64 rpm-libs-4.11.3-40.77.amzn1.x86_64 rpm-python27-4.11.3-40.77.amzn1.x86_64 ruby20-2.0.0.648-1.33.amzn1.x86_64 ruby20-irb-2.0.0.648-1.33.amzn1.noarch ruby20-libs-2.0.0.648-1.33.amzn1.x86_64 rubygem20-bigdecimal-1.2.0-1.33.amzn1.x86_64 rubygem20-json-1.8.3-1.53.amzn1.x86_64 rubygem20-psych-2.0.0-1.33.amzn1.x86_64 rubygems20-2.0.14.1-1.33.amzn1.noarch

Kernel update:

  • Rebase Kernel to upstream stable 4.14.193
  • Updated EFA to ver 1.9.0g
  • CVEs fixed
    • CVE-2020-16166 [random32: update the net random state on interrupt and activity]
    • CVE-2020-14386 [net/packet: fix overflow in tpacket_rcv]

Amazon Linux - 2018.03.0.20200716.0 Update

Major Updates:

This AMI release comes with an updated aws-apitools-ec2 package which displays a warning as per the deprecation plan published at https://forums.aws.amazon.com/ann.jspa?annID=7804

Updated Packages: a, amazon-ssm-agent-2.3.1319.0-1.amzn1.x86_64, aws-apitools-ec2-1.7.3.0-2.1.amzn1.noarch, bash-4.2.46-34.43.amzn1.x86_64, initscripts-9.03.58-1.40.amzn1.x86_64, kernel-4.14.186-110.268 (tel:14186110268).amzn1.x86_64, kernel-tools-4.14.186-110.268 (tel:14186110268).amzn1.x86_64, ibcgroup-0.40.rc1-5.15.amzn1.x86_64, microcode_ctl-2.1-47.39.amzn1.x86_64

Kernel update:

  • Rebase kernel to upstream stable 4.14.186
  • Update ENA module to version 2.2.10
  • CVEs fixed
    • CVE-2018-20669 [make 'user_access_begin()' do 'access_ok()']
    • CVE-2019-19462 [kernel/relay.c: handle alloc_percpu returning NULL in relay_open]
    • CVE-2020-0543 [addressed in microcode]
    • CVE-2020-10732 [fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()]
    • CVE-2020-10757 [mm: Fix mremap not considering huge pmd devmap]
    • CVE-2020-10766 [x86/speculation: Prepare for per task indirect branch speculation control]
    • CVE-2020-10767 [x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS]
    • CVE-2020-10768 [x86/speculation: PR_SPEC_FORCE_DISABLE enforcement for indirect branches]
    • CVE-2020-12771 [bcache: fix potential deadlock problem in btree_gc_coalesce]
    • CVE-2020-12888 [vfio-pci: Invalidate mmaps and block MMIO access on disabled memory]
  • Fix disallowing holes in swap files [iomap: don't allow holes in swapfiles]
  • Fix populating cache information [ACPI/PPTT: Handle architecturally unknown cache types]
  • Fix memory leaks in vfio/pci [vfio/pci: fix memory leaks in alloc_perm_bits()]
  • Fix error handling in btrfs [btrfs: fix error handling when submitting direct I/O bio]
  • Fix race leading to null pointer dereference in ext4 [ext4: fix race between ext4_sync_parent() and rename()]
  • Fix null pointer dereference in ext4 [ext4: fix error pointer dereference]
  • Fix memory leak in slub allocator [mm/slub: fix a memory leak in sysfs_slab_add()]

Amazon Linux - 2018.03.0.20200602.1 Update

Major Updates:

Updated packages: aws-cfn-bootstrap-1.4-32.23.amzn1, bind-libs-9.8.2-0.68.rc1.64.amzn1, bind-utils-9.8.2-0.68.rc1.64.amzn1, ca-certificates-2018.2.22-65.1.22.amzn1, kernel-4.14.181-108.257.amzn1, kernel-devel-4.14.181-108.257.amzn1, kernel-headers-4.14.181-108.257.amzn1, kernel-tools-4.14.181-108.257.amzn1, krb5-libs-1.15.1-46.48.amzn1, python27-2.7.18-1.137.amzn1, python27-devel-2.7.18-1.137.amzn1, python27-libs-2.7.18-1.137.amzn1

Kernel update:

  • Re-based kernel to upstream stable 4.14.181
  • Updated ENA module to version 2.2.8
  • CVE’s fixed
    • CVE-2019-19319 [ext4: protect journal inode's blocks using block_validity]
    • CVE-2020-10751 [selinux: properly handle multiple messages in selinux_netlink_send()]
    • CVE-2020-1749 [net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup]
    • CVE-2019-19768 [blktrace: Protect q->blk_trace with RCU]
    • CVE-2020-12770 [scsi: sg: add sg_remove_request in sg_write]
  • Fix for a deadlock condition in xen-blkfront [xen-blkfront: Delay flush till queue lock dropped]
  • Fix for ORC unwinding [x86/unwind/orc: Fix unwind_get_return_address_ptr() for inactive tasks]

Amazon Linux AMI - 2018.03.0.20200514 Update

Major updates:

Updated packages: aws-cli-1.18.13-1.54.amzn1, cloud-init-0.7.6-2.20.amzn1, ec2-net-utils-0.7-1.3.amzn1, ec2-utils-0.7-1.3.amzn1, expat-2.1.0-11.22.amzn1, java-1.7.0-openjdk-1.7.0.261-2.6.22.1.83.amzn1, kernel-4.14.177-107.254, libicu-50.2-4.0, libtirpc-0.2.4-0.16.15, python27-botocore-1.15.13-1.71, python27-colorama-0.4.1-4.8, yum-3.4.3-150.71

Kernel update: 

  1. Re-based Kernel to upstream stable 4.14.177
  2. CVE’s fixed
  3. CVE-2020-10711 [netlabel: cope with NULL catmap]
  4. CVE-2020-12826 [Extend exec_id to 64bits]
  5. CVE-2020-12657 [block, bfq: fix use-after-free in bfq_idle_slice_timer_body]
  6. CVE-2020-11565 [mm: mempolicy: require at least one nodeid for MPOL_PREFERRED]
  7. CVE-2020-8648 [vt: selection, close sel_buffer race]
  8. CVE-2020-1094 [vhost: Check docket sk_family instead of call getname]
  9. CVE-2020-8649 [vgacon: Fix a UAF in vgacon_invert_region]
  10. CVE-2020-8647 [vgacon: Fix a UAF in vgacon_invert_region]
  11. CVE-2020-8648 [vt: selection, close sel_buffer race]
  12. Divide by zero scheduler fix

11/19/2018 Update

ENA driver updates: An ENA driver update that introduces Low Latency Queues (LLQ) for improved average and tail latencies. The update also adds support for receive checksum offload that improves CPU utilization.

The primary differences in between Amazon Linux AMI 2017.09 and Amazon Linux AMI 2018.03 is the inclusion of a newer kernel - Linux Kernel 4.14.

AWS Systems Manager Patch Manager support Amazon Linux AMI. This enables automated patching of fleets of Amazon Linux AMI EC2 instances. It can scan instances for missing patches and automatically install all missing patches.

To upgrade to Amazon Linux AMI 2018.03 from Amazon Linux AMI 2011.09 or later, run sudo yum clean all followed by sudo yum update. When the upgrade is complete, reboot your instance.

The Amazon Linux AMI repositories provided updates that allow you to roll from one version of the Amazon Linux AMI to the next.

gcc44

java-1.6.0-openjdk

mysql51

openssl097a

php53

php54

php55

php70 

postgresql8

python26

ruby18 r

uby19

ruby21

ruby22

tomcat6

Subscribe to Amazon Linux AMI Notifications