Comment 1 Quality Assurance 2024-09-02 10:00:24 CEST

--- mirror/ftp/pool/main/i/intel-microcode/intel-microcode_3.20240312.1~deb10u1.dsc
+++ apt/ucs_5.0-0-errata5.0-8/source/intel-microcode_3.20240813.1~deb10u1.dsc
@@ -1,3 +1,125 @@
+3.20240813.1~deb10u1 [Thu, 22 Aug 2024 01:58:10 +0200] Daniel Leidert <dleidert@debian.org>:
+
+  * Non-maintainer upload by the LTS Security Team.
+  * No-change upload of the bullseye version, rebuilt for buster (LTS),
+    Please consult the changelog entries 3.20240813.1 and 3.20240813.1~deb11u1
+    for details.
+  * Adresses CVE-2024-24853 CVE-2024-25939 CVE-2024-24980 CVE-2023-42667
+             CVE-2023-49141 CVE-2023-45733 CVE-2023-46103 CVE-2023-45745
+             CVE-2023-47855 (closes: #1078742).
+
+3.20240813.1~deb11u1 [Mon, 19 Aug 2024 22:26:47 -0300] Henrique de Moraes Holschuh <hmh@debian.org>:
+
+  * Build for bullseye (no changes from 3.20240813.1)
+
+3.20240813.1 [Thu, 15 Aug 2024 14:41:50 -0300] Henrique de Moraes Holschuh <hmh@debian.org>:
+
+  * New upstream microcode datafile 20240813 (closes: #1078742)
+    - Mitigations for INTEL-SA-01083 (CVE-2024-24853)
+      Incorrect behavior order in transition between executive monitor and SMI
+      transfer monitor (STM) in some Intel Processors may allow a privileged
+      user to potentially enable escalation of privilege via local access.
+    - Mitigations for INTEL-SA-01118 (CVE-2024-25939)
+      Mirrored regions with different values in 3rd Generation Intel Xeon
+      Scalable Processors may allow a privileged user to potentially enable
+      denial of service via local access.
+    - Mitigations for INTEL-SA-01100 (CVE-2024-24980)
+      Protection mechanism failure in some 3rd, 4th, and 5th Generation Intel
+      Xeon Processors may allow a privileged user to potentially enable
+      escalation of privilege via local access.
+    - Mitigations for INTEL-SA-01038 (CVE-2023-42667)
+      Improper isolation in the Intel Core Ultra Processor stream cache
+      mechanism may allow an authenticated user to potentially enable
+      escalation of privilege via local access.
+    - Mitigations for INTEL-SA-01046 (CVE-2023-49141)
+      Improper isolation in some Intel® Processors stream cache mechanism may
+      allow an authenticated user to potentially enable escalation of
+      privilege via local access.
+    - Fix for unspecified functional issues on several processor models
+  * Updated microcodes:
+    sig 0x00050657, pf_mask 0xbf, 2024-03-01, rev 0x5003707, size 39936
+    sig 0x0005065b, pf_mask 0xbf, 2024-04-01, rev 0x7002904, size 30720
+    sig 0x000606a6, pf_mask 0x87, 2024-04-01, rev 0xd0003e7, size 308224
+    sig 0x000606c1, pf_mask 0x10, 2024-04-03, rev 0x10002b0, size 300032
+    sig 0x000706e5, pf_mask 0x80, 2024-02-15, rev 0x00c6, size 114688
+    sig 0x000806c1, pf_mask 0x80, 2024-02-15, rev 0x00b8, size 112640
+    sig 0x000806c2, pf_mask 0xc2, 2024-02-15, rev 0x0038, size 99328
+    sig 0x000806d1, pf_mask 0xc2, 2024-02-15, rev 0x0052, size 104448
+    sig 0x000806e9, pf_mask 0xc0, 2024-02-01, rev 0x00f6, size 106496
+    sig 0x000806e9, pf_mask 0x10, 2024-02-01, rev 0x00f6, size 106496
+    sig 0x000806ea, pf_mask 0xc0, 2024-02-01, rev 0x00f6, size 105472
+    sig 0x000806eb, pf_mask 0xd0, 2024-02-01, rev 0x00f6, size 106496
+    sig 0x000806ec, pf_mask 0x94, 2024-02-05, rev 0x00fc, size 106496
+    sig 0x00090661, pf_mask 0x01, 2024-04-05, rev 0x001a, size 20480
+    sig 0x000906ea, pf_mask 0x22, 2024-02-01, rev 0x00f8, size 105472
+    sig 0x000906eb, pf_mask 0x02, 2024-02-01, rev 0x00f6, size 106496
+    sig 0x000906ec, pf_mask 0x22, 2024-02-01, rev 0x00f8, size 106496
+    sig 0x000906ed, pf_mask 0x22, 2024-02-05, rev 0x0100, size 106496
+    sig 0x000a0652, pf_mask 0x20, 2024-02-01, rev 0x00fc, size 97280
+    sig 0x000a0653, pf_mask 0x22, 2024-02-01, rev 0x00fc, size 98304
+    sig 0x000a0655, pf_mask 0x22, 2024-02-01, rev 0x00fc, size 97280
+    sig 0x000a0660, pf_mask 0x80, 2024-02-01, rev 0x00fe, size 97280
+    sig 0x000a0661, pf_mask 0x80, 2024-02-01, rev 0x00fc, size 97280
+    sig 0x000a0671, pf_mask 0x02, 2024-03-07, rev 0x0062, size 108544
+    sig 0x000a06a4, pf_mask 0xe6, 2024-04-15, rev 0x001e, size 137216
+  * source: update symlinks to reflect id of the latest release, 20240813
+  * postinst, postrm: switch to dpkg-trigger to run update-initramfs
+
+3.20240531.1 [Sat, 01 Jun 2024 11:49:47 -0300] Henrique de Moraes Holschuh <hmh@debian.org>:
+
+  * New upstream microcode datafile 20240531
+    * Fix unspecified functional issues on Pentium Silver N/J5xxx,
+      Celeron N/J4xxx
+    * Updated Microcodes:
+      sig 0x000706a1, pf_mask 0x01, 2024-04-19, rev 0x0042, size 76800
+  * source: update symlinks to reflect id of the latest release, 20240531
+
+3.20240514.1~deb11u1 [Wed, 29 May 2024 23:31:29 -0300] Henrique de Moraes Holschuh <hmh@debian.org>:
+
+  * Backport to Debian Bullseye
+  * debian/control: revert non-free-firmware change
+
+3.20240514.1 [Thu, 16 May 2024 21:40:52 -0300] Henrique de Moraes Holschuh <hmh@debian.org>:
+
+  * New upstream microcode datafile 20240514 
+    * Mitigations for INTEL-SA-01051 (CVE-2023-45733)
+      Hardware logic contains race conditions in some Intel Processors may
+      allow an authenticated user to potentially enable partial information
+      disclosure via local access.
+    * Mitigations for INTEL-SA-01052 (CVE-2023-46103)
+      Sequence of processor instructions leads to unexpected behavior in
+      Intel Core Ultra Processors may allow an authenticated user to
+      potentially enable denial of service via local access.
+    * Mitigations for INTEL-SA-01036 (CVE-2023-45745,  CVE-2023-47855)
+      Improper input validation in some Intel TDX module software before
+      version 1.5.05.46.698 may allow a privileged user to potentially enable
+      escalation of privilege via local access.
+    * Fix for unspecified functional issues on 4th gen and 5th gen Xeon
+      Scalable, 12th, 13th and 14th gen Intel Core processors, as well as for
+      Core i3 N-series processors.
+    * Updated microcodes:
+      sig 0x000806f8, pf_mask 0x87, 2024-02-05, rev 0x2b0005c0, size 581632
+      sig 0x000806f7, pf_mask 0x87, 2024-02-05, rev 0x2b0005c0
+      sig 0x000806f6, pf_mask 0x87, 2024-02-05, rev 0x2b0005c0
+      sig 0x000806f5, pf_mask 0x87, 2024-02-05, rev 0x2b0005c0
+      sig 0x000806f4, pf_mask 0x87, 2024-02-05, rev 0x2b0005c0
+      sig 0x000806f8, pf_mask 0x10, 2024-02-05, rev 0x2c000390, size 614400
+      sig 0x000806f6, pf_mask 0x10, 2024-02-05, rev 0x2c000390
+      sig 0x000806f5, pf_mask 0x10, 2024-02-05, rev 0x2c000390
+      sig 0x000806f4, pf_mask 0x10, 2024-02-05, rev 0x2c000390
+      sig 0x00090672, pf_mask 0x07, 2023-12-05, rev 0x0035, size 224256
+      sig 0x00090675, pf_mask 0x07, 2023-12-05, rev 0x0035
+      sig 0x000b06f2, pf_mask 0x07, 2023-12-05, rev 0x0035
+      sig 0x000b06f5, pf_mask 0x07, 2023-12-05, rev 0x0035
+      sig 0x000906a3, pf_mask 0x80, 2023-12-05, rev 0x0433, size 222208
+      sig 0x000906a4, pf_mask 0x80, 2023-12-05, rev 0x0433
+      sig 0x000906a4, pf_mask 0x40, 2023-12-07, rev 0x0007, size 119808
+      sig 0x000b0671, pf_mask 0x32, 2024-01-25, rev 0x0123, size 215040
+      sig 0x000b06e0, pf_mask 0x11, 2023-12-07, rev 0x0017, size 138240
+      sig 0x000c06f2, pf_mask 0x87, 2024-02-05, rev 0x21000230, size 552960
+      sig 0x000c06f1, pf_mask 0x87, 2024-02-05, rev 0x21000230
+  * source: update symlinks to reflect id of the latest release, 20240514
+
 3.20240312.1~deb10u1 [Sat, 04 May 2024 16:16:32 +0200] Tobias Frost <tobi@debian.org>:
 
   * Non-maintainer upload by the LTS Security Team.

<http://piuparts.knut.univention.de/5.0-8/#9082096591144153387>

Comment 2 Julia Bremer 2024-09-04 15:25:48 CEST

OK: bug
OK: yaml
OK: announce_errata
OK: jenkins
OK: piuparts
Verified

Comment 3 Julia Bremer 2024-09-04 17:51:24 CEST

<https://errata.software-univention.de/#/?erratum=5.0x1112>