Univention Bugzilla – Bug 50488
intel-microcode: Multiple issues (4.4)
Last modified: 2019-11-13 16:04:46 CET
New Debian intel-microcode 3.20191112.1~deb9u1 fixes: This update addresses the following issues: * TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135) * voltage modulation technical advisory (CVE-2019-11139)
--- mirror/ftp/4.4/unmaintained/4.4-1/source/intel-microcode_3.20190618.1~deb9u1.dsc +++ apt/ucs_4.4-0-errata4.4-2/source/intel-microcode_3.20191112.1~deb9u1.dsc @@ -1,3 +1,69 @@ +3.20191112.1~deb9u1 [Wed, 13 Nov 2019 00:02:12 -0300] Henrique de Moraes Holschuh <hmh@debian.org>: + + * Rebuild for stretch-security (no changes) + * Refer to DSA-4565-1 for details. + +3.20191112.1 [Tue, 12 Nov 2019 23:21:54 -0300] Henrique de Moraes Holschuh <hmh@debian.org>: + + * New upstream microcode datafile 20191112 + + SECURITY UPDATE + - Implements MDS mitigation (TSX TAA), INTEL-SA-00270, CVE-2019-11135 + - Implements TA Indirect Sharing mitigation, and improves the + MDS mitigation (VERW) + - Fixes FIVR (Xeon Voltage Modulation) vulnerability, INTEL-SA-00271, + CVE-2019-11139 + - Fixes SGX vulnerabilities and errata (including CVE-2019-0117) + + CRITICAL ERRATA FIXES + - Fixes Jcc conditional jump macro-fusion erratum (Skylake+, except + Ice Lake), causes a 0-3% typical perforance hit (can be as bad + as 10%). But ensures the processor will actually jump where it + should, so don't even *dream* of not applying this fix. + - Fixes AVX SHUF* instruction implementation flaw erratum + + Removed Microcodes: + sig 0x000906ec, pf_mask 0x22, 2019-02-14, rev 0x00ae, size 98304 + + New Microcodes: + sig 0x000406d8, pf_mask 0x01, 2019-09-16, rev 0x012d, size 84992 + sig 0x00050656, pf_mask 0xbf, 2019-09-05, rev 0x400002c, size 51200 + sig 0x00060663, pf_mask 0x80, 2018-04-17, rev 0x002a, size 87040 + sig 0x000706a8, pf_mask 0x01, 2019-08-29, rev 0x0016, size 74752 + sig 0x000706e5, pf_mask 0x80, 2019-09-05, rev 0x0046, size 102400 + sig 0x000a0660, pf_mask 0x80, 2019-08-27, rev 0x00c6, size 91136 + + Updated Microcodes: + sig 0x000406e3, pf_mask 0xc0, 2019-08-14, rev 0x00d4, size 101376 + sig 0x00050654, pf_mask 0xb7, 2019-09-05, rev 0x2000065, size 34816 + sig 0x00050657, pf_mask 0xbf, 2019-09-05, rev 0x500002c, size 51200 + sig 0x000506e3, pf_mask 0x36, 2019-08-14, rev 0x00d4, size 101376 + sig 0x000706a1, pf_mask 0x01, 2019-08-28, rev 0x0032, size 73728 + sig 0x000806e9, pf_mask 0x10, 2019-08-14, rev 0x00c6, size 99328 + sig 0x000806e9, pf_mask 0xc0, 2019-08-14, rev 0x00c6, size 100352 + sig 0x000806ea, pf_mask 0xc0, 2019-08-14, rev 0x00c6, size 99328 + sig 0x000806eb, pf_mask 0xd0, 2019-08-14, rev 0x00c6, size 100352 + sig 0x000806ec, pf_mask 0x94, 2019-08-14, rev 0x00c6, size 100352 + sig 0x000906e9, pf_mask 0x2a, 2019-08-14, rev 0x00c6, size 100352 + sig 0x000906ea, pf_mask 0x22, 2019-08-14, rev 0x00c6, size 99328 + sig 0x000906eb, pf_mask 0x02, 2019-08-14, rev 0x00c6, size 100352 + sig 0x000906ed, pf_mask 0x22, 2019-08-14, rev 0x00c6, size 99328 + + Updated Microcodes (previously removed): + sig 0x00050653, pf_mask 0x97, 2019-09-09, rev 0x1000151, size 32768 + +3.20190918.1 [Thu, 19 Sep 2019 00:38:50 -0300] Henrique de Moraes Holschuh <hmh@debian.org>: + + * New upstream microcode datafile 20190918 + + SECURITY UPDATE + *Might* contain mitigations for INTEL-SA-00247 (RAMBleed), given + the set of processors being updated. + + Updated Microcodes: + sig 0x000306d4, pf_mask 0xc0, 2019-06-13, rev 0x002e, size 19456 + sig 0x000306f4, pf_mask 0x80, 2019-06-17, rev 0x0016, size 18432 + sig 0x00040671, pf_mask 0x22, 2019-06-13, rev 0x0021, size 14336 + sig 0x000406f1, pf_mask 0xef, 2019-06-18, rev 0xb000038, size 30720 + sig 0x00050654, pf_mask 0xb7, 2019-07-31, rev 0x2000064, size 33792 + sig 0x00050657, pf_mask 0xbf, 2019-08-12, rev 0x500002b, size 51200 + sig 0x00050662, pf_mask 0x10, 2019-06-17, rev 0x001c, size 32768 + sig 0x00050663, pf_mask 0x10, 2019-06-17, rev 0x7000019, size 24576 + sig 0x00050664, pf_mask 0x10, 2019-06-17, rev 0xf000017, size 24576 + sig 0x00050665, pf_mask 0x10, 2019-06-17, rev 0xe00000f, size 19456 + 3.20190618.1~deb9u1 [Wed, 19 Jun 2019 09:27:39 -0300] Henrique de Moraes Holschuh <hmh@debian.org>: * Rebuild for stretch-security (no changes) <http://10.200.17.11/4.4-2/#3591732912185003196>
OK: yaml OK: announce_errata OK: patch OK: piuparts OK: grep . /sys/devices/system/cpu/vulnerabilities/* OK: dmesg [4.4-2] 21efa64d22 Bug #50486: linux 4.9.189-3+deb9u2 Bug #50488: intel-microcode 3.20191112.1~deb9u1 doc/errata/staging/intel-microcode.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) [4.4-2] 2b982f4311 Bug #50488: intel-microcode 3.20191112.1~deb9u1 doc/errata/staging/intel-microcode.yaml | 14 ++++++++++++++ 1 file changed, 14 insertions(+)
<http://errata.software-univention.de/ucs/4.4/344.html>