Univention Bugzilla – Bug 46489
intel-microcode: Spectre Variant 2: branch target injection [BTI] (4.3)
Last modified: 2019-04-11 19:24:53 CEST
CVE-2017-5715 hw: cpu: speculative execution branch target injection Operating systems like Windows running as VM in Qemu might need the new IBRS/IBPB features to protect themselves from hostile user level processes. (Linux does not need it when compiled with Retpoline). We should provide an updated package "intel-microcode". - Debian packaged 2018-01-08, which was later on recalled by Intel. - Currently Debian does not have a newer version prepared: <https://packages.debian.org/search?keywords=intel-microcode&searchon=sourcenames&suite=all§ion=all> - There is 2018-03 from Intel: <https://newsroom.intel.com/wp-content/uploads/sites/11/2018/03/microcode-update-guidance.pdf> The µCode update by itself is not enough; Qemu (and libvirt and maybe UVMM) also need an update: * <https://www.qemu.org/2018/02/14/qemu-2-11-1-and-spectre-update/> * <https://www.qemu.org/2018/01/04/spectre/> * <https://usn.ubuntu.com/usn/usn-3560-1/> * <https://usn.ubuntu.com/usn/usn-3561-1/> This should be done by a separate bug. Also see Bug #45064 for another issue requiring a µCode update.
Probably not required any more? ============================================================================== root@backup11:~# apt-cache policy intel-microcode intel-microcode: Installiert: 3.20180425.1 Installationskandidat: 3.20180425.1 Versionstabelle: *** 3.20180425.1 500 500 http://updates.software-univention.de/4.2/maintained 4.2-4/amd64/ Packages 100 /var/lib/dpkg/status 3.20170707.1~deb9u1 500 500 http://updates.software-univention.de/4.3/maintained 4.3-0/amd64/ Packages ==============================================================================
According to <http://xen1.knut.univention.de:8000/packages/source/intel-microcode/> we already released at least 2017-07-07 for UCS-4.2 and UCS-4.3: 3.20180425.1 4.2-3/errata, 4.2-4 3.20170707.1~deb9u1 4.3-0 3.20180703.2 is currently in the pipeline.