Univention Bugzilla – Full Text Bug Listing |
Summary: | intel-microcode: Multiple issues (4.3) | ||
---|---|---|---|
Product: | UCS | Reporter: | Quality Assurance <qa> |
Component: | Security updates | Assignee: | Quality Assurance <qa> |
Status: | CLOSED FIXED | QA Contact: | Philipp Hahn <hahn> |
Severity: | normal | ||
Priority: | P3 | ||
Version: | UCS 4.3 | ||
Target Milestone: | UCS 4.3-3-errata | ||
Hardware: | All | ||
OS: | Linux | ||
What kind of report is it?: | Security Issue | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: | 5.6 (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N) |
Description
Quality Assurance
2019-02-26 11:46:46 CET
--- mirror/ftp/4.3/unmaintained/4.3-2/source/intel-microcode_3.20180807a.1~bpo9+1.dsc +++ apt/ucs_4.3-0-errata4.3-3/source/intel-microcode_3.20180807a.2~deb9u1.dsc @@ -1,6 +1,43 @@ -3.20180807a.1~bpo9+1 [Sat, 25 Aug 2018 16:20:52 -0300] Henrique de Moraes Holschuh <hmh@debian.org>: +3.20180807a.2~deb9u1 [Sun, 27 Jan 2019 13:07:47 -0200] Henrique de Moraes Holschuh <hmh@debian.org>: - * Rebuild for stretch-backports (no changes) + * Release managers: + This update is being distributed by Debian in unstable, testing and + jessie- and stretch-backports since 2018-10-30 without issues, and by + most distros since 2018-08/2018-09, with no known reports of + regressions on Westmere EP processors (Spectre mitigations are very + expensive on Nehalem and Westmere, though). + * SECURITY FIX: this update adds the accumulated fixes for Westmere EP + (signature 0x206c2) from nearly a decade, including but likely not + limited to: + + Implements L1D_FLUSH support (L1TF "Foreshadow/-NG" mitigation) + Intel SA-00161, CVE-2018-3615, CVE-2018-3620, CVE-2018-3646 + + Implements SSBD support (Spectre v4 mitigation), + Disable speculation for (some) RDMSR/WRMSR (Spectre v3a fix) + Intel SA-00115, CVE-2018-3639, CVE-2018-3640 + + Implements IBRS/IBPB/STIPB support, Spectre v2 mitigation. + Intel SA-0088, CVE-2017-5753, CVE-2017-5754 + + Very likely implements LAPIC sinkhole fix + + Fixes AAK167/BT248: Virtual APIC accesses with 32-bit PAE paging + may cause system crash + * This Westmere EP microcode update has been explicitly approved by + Intel for general distribution by operating systems, refer to the + changelog entry for 3.20180807a.2 below + +3.20180807a.2 [Tue, 23 Oct 2018 19:52:40 -0300] Henrique de Moraes Holschuh <hmh@debian.org>: + + * Makefile: unblacklist 0x206c2 (Westmere EP) + According to pragyansri.pathi@intel.com, on message to LP#1795594 + on 2018-10-09, we can ship 0x206c2 updates without restrictions. + Also, there are no reports in the field about this update causing + issues (closes: #907402) (LP: #1795594) + +3.20180807a.1~deb9u1 [Sat, 15 Sep 2018 00:53:22 -0300] Henrique de Moraes Holschuh <hmh@debian.org>: + + * Upload to Debian stretch (no changes) + * Security fixes: + Intel SA-00161, CVE-2018-3615, CVE-2018-3620, CVE-2018-3646 + Intel SA-00115, CVE-2018-3639, CVE-2018-3640 + Intel SA-00088, CVE-2017-5753, CVE-2017-5754 3.20180807a.1 [Fri, 24 Aug 2018 08:53:53 -0300] Henrique de Moraes Holschuh <hmh@debian.org>: <http://10.200.17.11/4.3-3/#5332533354987862424> OK: yaml OK: announce_errata OK: patch OK: piuparts [4.3-3] 198b88a210 Bug #48781: intel-microcode 3.20180807a.2~deb9u1 doc/errata/staging/intel-microcode.yaml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) |