Bug 47616

Summary:	amd64-microcode: Multiple issues (4.3)
Product:	UCS	Reporter:	Philipp Hahn <hahn>
Component:	Security updates	Assignee:	Quality Assurance <qa>
Status:	CLOSED FIXED	QA Contact:	Philipp Hahn <hahn>
Severity:	normal
Priority:	P3
Version:	UCS 4.3
Target Milestone:	UCS 4.3-1-errata
Hardware:	All
OS:	Linux
What kind of report is it?:	Security Issue	What type of bug is this?:	---
Who will be affected by this bug?:	---	How will those affected feel about the bug?:	---
User Pain:		Enterprise Customer affected?:
School Customer affected?:		ISV affected?:
Waiting Support:		Flags outvoted (downgraded) after PO Review:
Ticket number:		Bug group (optional):
Max CVSS v3 score:	5.6 (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N)

Description Philipp Hahn

2018-08-20 10:36:18 CEST

New Debian amd64-microcode 3.20180524.1~bpo9+1 fixes:
This update addresses the following issue:
* cpu: speculative execution branch target injection

CVE-2017-5715 hw: cpu: speculative execution branch target injection

Comment 1 Quality Assurance

2018-08-20 15:57:46 CEST

--- mirror/ftp/4.3/unmaintained/4.3-0/source/amd64-microcode_3.20160316.3.dsc
+++ apt/ucs_4.3-0-errata4.3-1/source/amd64-microcode_3.20180524.1~bpo9+1.dsc
@@ -1,3 +1,50 @@
+3.20180524.1~bpo9+1 [Mon, 28 May 2018 08:09:01 -0300] Henrique de Moraes Holschuh <hmh@debian.org>:
+
+  * Rebuild for stretch-backports (no changes)
+
+3.20180524.1 [Fri, 25 May 2018 15:38:22 -0300] Henrique de Moraes Holschuh <hmh@debian.org>:
+
+  * New microcode update packages from AMD upstream:
+    + Re-added Microcodes:
+      sig 0x00610f01, patch id 0x06001119, 2012-07-13
+  * This update avoids regressing sig 0x610f01 processors on systems with
+    outdated firmware by adding back exactly the same microcode patch that was
+    present before [for these processors].  It does not implement Spectre-v2
+    mitigation for these processors.
+  * README: update for new release
+
+3.20180515.1 [Sat, 19 May 2018 13:51:06 -0300] Henrique de Moraes Holschuh <hmh@debian.org>:
+
+  * New microcode update packages from AMD upstream:
+    + New Microcodes:
+      sig 0x00800f12, patch id 0x08001227, 2018-02-09
+    + Updated Microcodes:
+      sig 0x00600f12, patch id 0x0600063e, 2018-02-07
+      sig 0x00600f20, patch id 0x06000852, 2018-02-06
+    + Removed Microcodes:
+      sig 0x00610f01, patch id 0x06001119, 2012-07-13
+  * Adds Spectre v2 (CVE-2017-5715) microcode-based mitigation support,
+    plus other unspecified fixes/updates.
+  * README, debian/copyright: update for new release
+
+3.20171205.2 [Fri, 04 May 2018 07:51:40 -0300] Henrique de Moraes Holschuh <hmh@debian.org>:
+
+  * debian/control: update Vcs-* fields for salsa.debian.org
+
+3.20171205.1 [Mon, 08 Jan 2018 12:19:57 -0200] Henrique de Moraes Holschuh <hmh@debian.org>:
+
+  * New microcode updates (closes: #886382):
+    sig 0x00800f12, patch id 0x08001213, 2017-12-05
+    Thanks to SuSE for distributing these ahead of AMD's official release!
+  * Add IBPB support for family 17h AMD processors (CVE-2017-5715)
+  * README: describe source for faml17h microcode update
+  * Upload to unstable to match IBPB microcode support on Intel in Debian
+    unstable.
+  * WARNING: requires at least kernel 4.15, 4.14.13, 4.9.76, 4.4.111 (or a
+    backport of commit f4e9b7af0cd58dd039a0fb2cd67d57cea4889abf
+    "x86/microcode/AMD: Add support for fam17h microcode loading") otherwise
+    it will not be applied to the processor.
+
 3.20160316.3 [Tue, 29 Nov 2016 23:54:53 -0200] Henrique de Moraes Holschuh <hmh@debian.org>:
 
   * initramfs: Make the early initramfs reproducible (closes: #845194)

<http://10.200.17.11/4.3-1/#2848291106724770359>

Comment 2 Philipp Hahn

2018-08-20 15:57:57 CEST

OK: yaml
OK: errata-announce
OK: patch
OK: piuparts

[4.3-1] 0e19a25a8a Bug #47616: amd64-microcode_3.20180524.1~bpo9+1
 doc/errata/staging/amd64-microcode.yaml | 12 ++++++++++++
 1 file changed, 12 insertions(+)

Comment 3 Arvid Requate

2018-08-22 14:26:27 CEST

<http://errata.software-univention.de/ucs/4.3/204.html>