Univention Bugzilla – Bug 47669
intel-microcode: Multiple issues (4.3)
Last modified: 2018-09-17 15:08:54 CEST
New Debian intel-microcode 3.20180807a.1~bpo9+1 fixes: This update addresses the following issues: * Spectre Variant 3a: Rogue System Register Read (RSRE) (CVE-2018-3640) * Spectre Variant 4: speculative store bypass (SSB) (CVE-2018-3639) * Foreshadow, L1 Terminal Fault (CVE-2018-3615, CVE-2018-3620, CVE-2018-3646) CVE-2018-3646 CVE-2018-3620 Kernel: hw: cpu: L1 terminal fault (L1TF) CVE-2018-3640 hw: cpu: speculative register load CVE-2018-3639 hw: cpu: speculative store bypass CVE-2018-3615 CVE-2018-3646 Kernel: hw: cpu: L1 terminal fault (L1TF)
--- mirror/ftp/4.3/unmaintained/component/4.3-1-errata/source/intel-microcode_3.20180703.2~deb9u1.dsc +++ apt/ucs_4.3-0-errata4.3-1/source/intel-microcode_3.20180807a.1~bpo9+1.dsc @@ -1,7 +1,64 @@ -3.20180703.2~deb9u1 [Tue, 14 Aug 2018 23:30:11 -0300] Henrique de Moraes Holschuh <hmh@debian.org>: +3.20180807a.1~bpo9+1 [Sat, 25 Aug 2018 16:20:52 -0300] Henrique de Moraes Holschuh <hmh@debian.org>: - * Upload to Debian stretch (no changes) - Security-fix: CVE-2018-3639, CVE-2018-3640 + * Rebuild for stretch-backports (no changes) + +3.20180807a.1 [Fri, 24 Aug 2018 08:53:53 -0300] Henrique de Moraes Holschuh <hmh@debian.org>: + + [ Henrique de Moraes Holschuh ] + * New upstream microcode datafile 20180807a + (closes: #906158, #906160, #903135, #903141) + + New Microcodes: + sig 0x000206c2, pf_mask 0x03, 2018-05-08, rev 0x001f, size 11264 + sig 0x000206e6, pf_mask 0x04, 2018-05-15, rev 0x000d, size 9216 + sig 0x000506c2, pf_mask 0x01, 2018-05-11, rev 0x0014, size 15360 + sig 0x000506ca, pf_mask 0x03, 2018-05-11, rev 0x000c, size 14336 + sig 0x000506f1, pf_mask 0x01, 2018-05-11, rev 0x0024, size 10240 + + Updated Microcodes: + sig 0x000106a5, pf_mask 0x03, 2018-05-11, rev 0x001d, size 12288 + sig 0x000106e5, pf_mask 0x13, 2018-05-08, rev 0x000a, size 9216 + sig 0x00020652, pf_mask 0x12, 2018-05-08, rev 0x0011, size 9216 + sig 0x00020655, pf_mask 0x92, 2018-04-23, rev 0x0007, size 4096 + sig 0x000206a7, pf_mask 0x12, 2018-04-10, rev 0x002e, size 12288 + sig 0x000206f2, pf_mask 0x05, 2018-05-16, rev 0x003b, size 14336 + sig 0x000306a9, pf_mask 0x12, 2018-04-10, rev 0x0020, size 13312 + sig 0x000306c3, pf_mask 0x32, 2018-04-02, rev 0x0025, size 23552 + sig 0x000306d4, pf_mask 0xc0, 2018-03-22, rev 0x002b, size 18432 + sig 0x00040651, pf_mask 0x72, 2018-04-02, rev 0x0024, size 22528 + sig 0x00040661, pf_mask 0x32, 2018-04-02, rev 0x001a, size 25600 + sig 0x00040671, pf_mask 0x22, 2018-04-03, rev 0x001e, size 13312 + sig 0x000406e3, pf_mask 0xc0, 2018-04-17, rev 0x00c6, size 99328 + sig 0x00050662, pf_mask 0x10, 2018-05-25, rev 0x0017, size 31744 + sig 0x00050663, pf_mask 0x10, 2018-04-20, rev 0x7000013, size 22528 + sig 0x00050664, pf_mask 0x10, 2018-04-20, rev 0xf000012, size 22528 + sig 0x000506c9, pf_mask 0x03, 2018-05-11, rev 0x0032, size 16384 + sig 0x000506e3, pf_mask 0x36, 2018-04-17, rev 0x00c6, size 99328 + sig 0x000706a1, pf_mask 0x01, 2018-05-22, rev 0x0028, size 73728 + sig 0x000806e9, pf_mask 0xc0, 2018-03-24, rev 0x008e, size 98304 + sig 0x000806ea, pf_mask 0xc0, 2018-05-15, rev 0x0096, size 98304 + sig 0x000906e9, pf_mask 0x2a, 2018-03-24, rev 0x008e, size 98304 + sig 0x000906ea, pf_mask 0x22, 2018-05-02, rev 0x0096, size 97280 + sig 0x000906eb, pf_mask 0x02, 2018-03-24, rev 0x008e, size 98304 + + Implements L1D_FLUSH support (L1TF "Foreshadow/-NG" mitigation) + Intel SA-00161, CVE-2018-3615, CVE-2018-3620, CVE-2018-3646 + + Implements SSBD support (Spectre v4 mitigation), + Disable speculation for (some) RDMSR/WRMSR (Spectre v3a fix) + Intel SA-00115, CVE-2018-3639, CVE-2018-3640 + + Implements IBRS/IBPB/STIPB support, Spectre v2 mitigation for older + processors with signatures 0x106a5, 0x106e5, 0x20652, 0x20655. + Intel SA-0088, CVE-2017-5753, CVE-2017-5754 + * source: update symlinks to reflect id of the latest release, 20180807a + * debian/intel-microcode.docs: ship license and releasenote upstream files. + * debian/changelog: update entry for 3.20180703.1 with L1TF information + + [ Julian Andres Klode ] + * initramfs: include all microcode for MODULES=most. + Default to early instead of auto, and install all of the microcode, + not just the one matching the current CPU, if MODULES=most is set + in the initramfs-tools config (LP: #1778738) + +3.20180703.2~bpo9+1 [Mon, 09 Jul 2018 18:23:38 -0300] Henrique de Moraes Holschuh <hmh@debian.org>: + + * Rebuild for stretch-backports (no changes) 3.20180703.2 [Thu, 05 Jul 2018 14:26:36 -0300] Henrique de Moraes Holschuh <hmh@debian.org>: <http://10.200.17.11/4.3-1/#3982990439936454757>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.3-1] 3cd0ef7fb6 Bug #47669: intel-microcode_3.20180807a.1~bpo9+1 doc/errata/staging/intel-microcode.yaml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+)
<http://errata.software-univention.de/ucs/4.3/219.html>
*** Bug 47826 has been marked as a duplicate of this bug. ***