Bug 47669 - intel-microcode: Multiple issues (4.3)
intel-microcode: Multiple issues (4.3)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.3
All Linux
: P3 normal (vote)
: UCS 4.3-1-errata
Assigned To: Quality Assurance
Philipp Hahn
:
: 47826 (view as bug list)
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-08-27 09:51 CEST by Philipp Hahn
Modified: 2018-09-17 15:08 CEST (History)
1 user (show)

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score: 5.8 (CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Philipp Hahn univentionstaff 2018-08-27 09:51:07 CEST
New Debian intel-microcode 3.20180807a.1~bpo9+1 fixes:
This update addresses the following issues:
* Spectre Variant 3a: Rogue System Register Read (RSRE) (CVE-2018-3640)
* Spectre Variant 4: speculative store bypass (SSB) (CVE-2018-3639)
* Foreshadow, L1 Terminal Fault (CVE-2018-3615, CVE-2018-3620, CVE-2018-3646)

CVE-2018-3646 CVE-2018-3620 Kernel: hw: cpu: L1 terminal fault (L1TF)
CVE-2018-3640 hw: cpu: speculative register load
CVE-2018-3639 hw: cpu: speculative store bypass
CVE-2018-3615
CVE-2018-3646 Kernel: hw: cpu: L1 terminal fault (L1TF)
Comment 1 Quality Assurance univentionstaff 2018-08-27 10:01:24 CEST
--- mirror/ftp/4.3/unmaintained/component/4.3-1-errata/source/intel-microcode_3.20180703.2~deb9u1.dsc
+++ apt/ucs_4.3-0-errata4.3-1/source/intel-microcode_3.20180807a.1~bpo9+1.dsc
@@ -1,7 +1,64 @@
-3.20180703.2~deb9u1 [Tue, 14 Aug 2018 23:30:11 -0300] Henrique de Moraes Holschuh <hmh@debian.org>:
+3.20180807a.1~bpo9+1 [Sat, 25 Aug 2018 16:20:52 -0300] Henrique de Moraes Holschuh <hmh@debian.org>:
 
-  * Upload to Debian stretch (no changes)
-    Security-fix: CVE-2018-3639, CVE-2018-3640
+  * Rebuild for stretch-backports (no changes)
+
+3.20180807a.1 [Fri, 24 Aug 2018 08:53:53 -0300] Henrique de Moraes Holschuh <hmh@debian.org>:
+
+  [ Henrique de Moraes Holschuh ]
+  * New upstream microcode datafile 20180807a
+    (closes: #906158, #906160, #903135, #903141)
+    + New Microcodes:
+      sig 0x000206c2, pf_mask 0x03, 2018-05-08, rev 0x001f, size 11264
+      sig 0x000206e6, pf_mask 0x04, 2018-05-15, rev 0x000d, size 9216
+      sig 0x000506c2, pf_mask 0x01, 2018-05-11, rev 0x0014, size 15360
+      sig 0x000506ca, pf_mask 0x03, 2018-05-11, rev 0x000c, size 14336
+      sig 0x000506f1, pf_mask 0x01, 2018-05-11, rev 0x0024, size 10240
+    + Updated Microcodes:
+      sig 0x000106a5, pf_mask 0x03, 2018-05-11, rev 0x001d, size 12288
+      sig 0x000106e5, pf_mask 0x13, 2018-05-08, rev 0x000a, size 9216
+      sig 0x00020652, pf_mask 0x12, 2018-05-08, rev 0x0011, size 9216
+      sig 0x00020655, pf_mask 0x92, 2018-04-23, rev 0x0007, size 4096
+      sig 0x000206a7, pf_mask 0x12, 2018-04-10, rev 0x002e, size 12288
+      sig 0x000206f2, pf_mask 0x05, 2018-05-16, rev 0x003b, size 14336
+      sig 0x000306a9, pf_mask 0x12, 2018-04-10, rev 0x0020, size 13312
+      sig 0x000306c3, pf_mask 0x32, 2018-04-02, rev 0x0025, size 23552
+      sig 0x000306d4, pf_mask 0xc0, 2018-03-22, rev 0x002b, size 18432
+      sig 0x00040651, pf_mask 0x72, 2018-04-02, rev 0x0024, size 22528
+      sig 0x00040661, pf_mask 0x32, 2018-04-02, rev 0x001a, size 25600
+      sig 0x00040671, pf_mask 0x22, 2018-04-03, rev 0x001e, size 13312
+      sig 0x000406e3, pf_mask 0xc0, 2018-04-17, rev 0x00c6, size 99328
+      sig 0x00050662, pf_mask 0x10, 2018-05-25, rev 0x0017, size 31744
+      sig 0x00050663, pf_mask 0x10, 2018-04-20, rev 0x7000013, size 22528
+      sig 0x00050664, pf_mask 0x10, 2018-04-20, rev 0xf000012, size 22528
+      sig 0x000506c9, pf_mask 0x03, 2018-05-11, rev 0x0032, size 16384
+      sig 0x000506e3, pf_mask 0x36, 2018-04-17, rev 0x00c6, size 99328
+      sig 0x000706a1, pf_mask 0x01, 2018-05-22, rev 0x0028, size 73728
+      sig 0x000806e9, pf_mask 0xc0, 2018-03-24, rev 0x008e, size 98304
+      sig 0x000806ea, pf_mask 0xc0, 2018-05-15, rev 0x0096, size 98304
+      sig 0x000906e9, pf_mask 0x2a, 2018-03-24, rev 0x008e, size 98304
+      sig 0x000906ea, pf_mask 0x22, 2018-05-02, rev 0x0096, size 97280
+      sig 0x000906eb, pf_mask 0x02, 2018-03-24, rev 0x008e, size 98304
+    + Implements L1D_FLUSH support (L1TF "Foreshadow/-NG" mitigation)
+      Intel SA-00161, CVE-2018-3615, CVE-2018-3620, CVE-2018-3646
+    + Implements SSBD support (Spectre v4 mitigation),
+      Disable speculation for (some) RDMSR/WRMSR (Spectre v3a fix)
+      Intel SA-00115, CVE-2018-3639, CVE-2018-3640
+    + Implements IBRS/IBPB/STIPB support, Spectre v2 mitigation for older
+      processors with signatures 0x106a5, 0x106e5, 0x20652, 0x20655.
+      Intel SA-0088, CVE-2017-5753, CVE-2017-5754
+  * source: update symlinks to reflect id of the latest release, 20180807a
+  * debian/intel-microcode.docs: ship license and releasenote upstream files.
+  * debian/changelog: update entry for 3.20180703.1 with L1TF information
+
+  [ Julian Andres Klode ]
+  * initramfs: include all microcode for MODULES=most.
+    Default to early instead of auto, and install all of the microcode,
+    not just the one matching the current CPU, if MODULES=most is set
+    in the initramfs-tools config (LP: #1778738)
+
+3.20180703.2~bpo9+1 [Mon, 09 Jul 2018 18:23:38 -0300] Henrique de Moraes Holschuh <hmh@debian.org>:
+
+  * Rebuild for stretch-backports (no changes)
 
 3.20180703.2 [Thu, 05 Jul 2018 14:26:36 -0300] Henrique de Moraes Holschuh <hmh@debian.org>:
 

<http://10.200.17.11/4.3-1/#3982990439936454757>
Comment 2 Philipp Hahn univentionstaff 2018-08-27 10:23:33 CEST
OK: yaml
OK: announce_errata
OK: patch
OK: piuparts

[4.3-1] 3cd0ef7fb6 Bug #47669: intel-microcode_3.20180807a.1~bpo9+1
 doc/errata/staging/intel-microcode.yaml | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
Comment 3 Arvid Requate univentionstaff 2018-08-29 12:49:47 CEST
<http://errata.software-univention.de/ucs/4.3/219.html>
Comment 4 Philipp Hahn univentionstaff 2018-09-17 15:08:54 CEST
*** Bug 47826 has been marked as a duplicate of this bug. ***