Univention Bugzilla – Bug 48781
intel-microcode: Multiple issues (4.3)
Last modified: 2019-02-27 13:29:26 CET
New Debian intel-microcode 3.20180807a.2~deb9u1 fixes: This update addresses the following issues: * cpu: speculative store bypass (CVE-2018-3639) * cpu: speculative register load (CVE-2018-3640)
--- mirror/ftp/4.3/unmaintained/4.3-2/source/intel-microcode_3.20180807a.1~bpo9+1.dsc +++ apt/ucs_4.3-0-errata4.3-3/source/intel-microcode_3.20180807a.2~deb9u1.dsc @@ -1,6 +1,43 @@ -3.20180807a.1~bpo9+1 [Sat, 25 Aug 2018 16:20:52 -0300] Henrique de Moraes Holschuh <hmh@debian.org>: +3.20180807a.2~deb9u1 [Sun, 27 Jan 2019 13:07:47 -0200] Henrique de Moraes Holschuh <hmh@debian.org>: - * Rebuild for stretch-backports (no changes) + * Release managers: + This update is being distributed by Debian in unstable, testing and + jessie- and stretch-backports since 2018-10-30 without issues, and by + most distros since 2018-08/2018-09, with no known reports of + regressions on Westmere EP processors (Spectre mitigations are very + expensive on Nehalem and Westmere, though). + * SECURITY FIX: this update adds the accumulated fixes for Westmere EP + (signature 0x206c2) from nearly a decade, including but likely not + limited to: + + Implements L1D_FLUSH support (L1TF "Foreshadow/-NG" mitigation) + Intel SA-00161, CVE-2018-3615, CVE-2018-3620, CVE-2018-3646 + + Implements SSBD support (Spectre v4 mitigation), + Disable speculation for (some) RDMSR/WRMSR (Spectre v3a fix) + Intel SA-00115, CVE-2018-3639, CVE-2018-3640 + + Implements IBRS/IBPB/STIPB support, Spectre v2 mitigation. + Intel SA-0088, CVE-2017-5753, CVE-2017-5754 + + Very likely implements LAPIC sinkhole fix + + Fixes AAK167/BT248: Virtual APIC accesses with 32-bit PAE paging + may cause system crash + * This Westmere EP microcode update has been explicitly approved by + Intel for general distribution by operating systems, refer to the + changelog entry for 3.20180807a.2 below + +3.20180807a.2 [Tue, 23 Oct 2018 19:52:40 -0300] Henrique de Moraes Holschuh <hmh@debian.org>: + + * Makefile: unblacklist 0x206c2 (Westmere EP) + According to pragyansri.pathi@intel.com, on message to LP#1795594 + on 2018-10-09, we can ship 0x206c2 updates without restrictions. + Also, there are no reports in the field about this update causing + issues (closes: #907402) (LP: #1795594) + +3.20180807a.1~deb9u1 [Sat, 15 Sep 2018 00:53:22 -0300] Henrique de Moraes Holschuh <hmh@debian.org>: + + * Upload to Debian stretch (no changes) + * Security fixes: + Intel SA-00161, CVE-2018-3615, CVE-2018-3620, CVE-2018-3646 + Intel SA-00115, CVE-2018-3639, CVE-2018-3640 + Intel SA-00088, CVE-2017-5753, CVE-2017-5754 3.20180807a.1 [Fri, 24 Aug 2018 08:53:53 -0300] Henrique de Moraes Holschuh <hmh@debian.org>: <http://10.200.17.11/4.3-3/#5332533354987862424>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.3-3] 198b88a210 Bug #48781: intel-microcode 3.20180807a.2~deb9u1 doc/errata/staging/intel-microcode.yaml | 14 ++++++++++++++ 1 file changed, 14 insertions(+)
<http://errata.software-univention.de/ucs/4.3/437.html>