Univention Bugzilla – Bug 47606
intel-microcode: Multiple issues (4.3)
Last modified: 2018-08-22 14:26:26 CEST
New Debian intel-microcode 3.20180703.2~deb9u1 fixes: This update addresses the following issues: * cpu: speculative store bypass (CVE-2018-3639) * cpu: speculative register load (CVE-2018-3640)
--- mirror/ftp/4.2/unmaintained/4.2-4/source/intel-microcode_3.20180425.1.dsc +++ apt/ucs_4.3-0-errata4.3-1/source/intel-microcode_3.20180703.2~deb9u1.dsc @@ -1,3 +1,44 @@ +3.20180703.2~deb9u1 [Tue, 14 Aug 2018 23:30:11 -0300] Henrique de Moraes Holschuh <hmh@debian.org>: + + * Upload to Debian stretch (no changes) + Security-fix: CVE-2018-3639, CVE-2018-3640 + +3.20180703.2 [Thu, 05 Jul 2018 14:26:36 -0300] Henrique de Moraes Holschuh <hmh@debian.org>: + + * source: fix badly named symlink that resulted in most microcode + updates not being shipped in the binary package. Oops! + +3.20180703.1 [Thu, 05 Jul 2018 10:03:53 -0300] Henrique de Moraes Holschuh <hmh@debian.org>: + + * New upstream microcode data file 20180703 (closes: #903018) + + Updated Microcodes: + sig 0x000206d6, pf_mask 0x6d, 2018-05-08, rev 0x061d, size 18432 + sig 0x000206d7, pf_mask 0x6d, 2018-05-08, rev 0x0714, size 19456 + sig 0x000306e4, pf_mask 0xed, 2018-04-25, rev 0x042d, size 15360 + sig 0x000306e7, pf_mask 0xed, 2018-04-25, rev 0x0714, size 17408 + sig 0x000306f2, pf_mask 0x6f, 2018-04-20, rev 0x003d, size 33792 + sig 0x000306f4, pf_mask 0x80, 2018-04-20, rev 0x0012, size 17408 + sig 0x000406f1, pf_mask 0xef, 2018-04-19, rev 0xb00002e, size 28672 + sig 0x00050654, pf_mask 0xb7, 2018-05-15, rev 0x200004d, size 31744 + sig 0x00050665, pf_mask 0x10, 2018-04-20, rev 0xe00000a, size 18432 + + First batch of fixes for: Intel SA-00115, CVE-2018-3639, CVE-2018-3640 + + SSBD support (Spectre-v4 mitigation) and fix Spectre-v3a for: + Sandybridge server, Ivy Bridge server, Haswell server, Skylake server, + Broadwell server, a few HEDT Core i7/i9 models that are actually gimped + server dies. + * source: update symlinks to reflect id of the latest release, 20180703 + +3.20180425.1~deb9u1 [Fri, 18 May 2018 09:15:59 -0300] Henrique de Moraes Holschuh <hmh@debian.org>: + + * Upload to Debian stretch (no changes) + * RELEASE MANAGER INFORMATION: This update deploys the microcode side fix + for CVE-2017-5715 (Spectre v2). On the more recent processors, it also + fixes other unspecified errata. This microcode update pack has been + extensively tested in Debian unstable, testing, strech-backports and + jessie-backports. It has been extensively deployed by other distributions + to their stable branches without causing any issues, with one notable + exception (a distro-specific kernel bug, already fixed by that distro). + 3.20180425.1 [Wed, 02 May 2018 16:48:44 -0300] Henrique de Moraes Holschuh <hmh@debian.org>: * New upstream microcode data file 20180425 (closes: #897443, #895878) <http://10.200.17.11/4.3-1/#5888936795346485777>
OK: yaml OK: errata-announce OK: patch OK: piuparts [4.3-1] 4588b467a1 Bug #47606: intel-microcode 3.20180703.2~deb9u1 doc/errata/staging/intel-microcode.yaml | 14 ++++++++++++++ 1 file changed, 14 insertions(+)
<http://errata.software-univention.de/ucs/4.3/205.html>