Bug 47606 - intel-microcode: Multiple issues (4.3)
intel-microcode: Multiple issues (4.3)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.3
All Linux
: P3 normal (vote)
: UCS 4.3-1-errata
Assigned To: Quality Assurance
Philipp Hahn
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-08-17 12:52 CEST by Quality Assurance
Modified: 2018-08-22 14:26 CEST (History)
0 users

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score: 5.6 (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Quality Assurance univentionstaff 2018-08-17 12:52:10 CEST
New Debian intel-microcode 3.20180703.2~deb9u1 fixes:
This update addresses the following issues:
* cpu: speculative store bypass (CVE-2018-3639)
* cpu: speculative register load (CVE-2018-3640)
Comment 1 Quality Assurance univentionstaff 2018-08-17 13:20:04 CEST
--- mirror/ftp/4.2/unmaintained/4.2-4/source/intel-microcode_3.20180425.1.dsc
+++ apt/ucs_4.3-0-errata4.3-1/source/intel-microcode_3.20180703.2~deb9u1.dsc
@@ -1,3 +1,44 @@
+3.20180703.2~deb9u1 [Tue, 14 Aug 2018 23:30:11 -0300] Henrique de Moraes Holschuh <hmh@debian.org>:
+
+  * Upload to Debian stretch (no changes)
+    Security-fix: CVE-2018-3639, CVE-2018-3640
+
+3.20180703.2 [Thu, 05 Jul 2018 14:26:36 -0300] Henrique de Moraes Holschuh <hmh@debian.org>:
+
+  * source: fix badly named symlink that resulted in most microcode
+    updates not being shipped in the binary package.  Oops!
+
+3.20180703.1 [Thu, 05 Jul 2018 10:03:53 -0300] Henrique de Moraes Holschuh <hmh@debian.org>:
+
+  * New upstream microcode data file 20180703 (closes: #903018)
+    + Updated Microcodes:
+      sig 0x000206d6, pf_mask 0x6d, 2018-05-08, rev 0x061d, size 18432
+      sig 0x000206d7, pf_mask 0x6d, 2018-05-08, rev 0x0714, size 19456
+      sig 0x000306e4, pf_mask 0xed, 2018-04-25, rev 0x042d, size 15360
+      sig 0x000306e7, pf_mask 0xed, 2018-04-25, rev 0x0714, size 17408
+      sig 0x000306f2, pf_mask 0x6f, 2018-04-20, rev 0x003d, size 33792
+      sig 0x000306f4, pf_mask 0x80, 2018-04-20, rev 0x0012, size 17408
+      sig 0x000406f1, pf_mask 0xef, 2018-04-19, rev 0xb00002e, size 28672
+      sig 0x00050654, pf_mask 0xb7, 2018-05-15, rev 0x200004d, size 31744
+      sig 0x00050665, pf_mask 0x10, 2018-04-20, rev 0xe00000a, size 18432
+    + First batch of fixes for: Intel SA-00115, CVE-2018-3639, CVE-2018-3640
+    + SSBD support (Spectre-v4 mitigation) and fix Spectre-v3a for:
+      Sandybridge server, Ivy Bridge server, Haswell server, Skylake server,
+      Broadwell server, a few HEDT Core i7/i9 models that are actually gimped
+      server dies.
+  * source: update symlinks to reflect id of the latest release, 20180703
+
+3.20180425.1~deb9u1 [Fri, 18 May 2018 09:15:59 -0300] Henrique de Moraes Holschuh <hmh@debian.org>:
+
+  * Upload to Debian stretch (no changes)
+  * RELEASE MANAGER INFORMATION: This update deploys the microcode side fix
+    for CVE-2017-5715 (Spectre v2).  On the more recent processors, it also
+    fixes other unspecified errata.  This microcode update pack has been
+    extensively tested in Debian unstable, testing, strech-backports and
+    jessie-backports.  It has been extensively deployed by other distributions
+    to their stable branches without causing any issues, with one notable
+    exception (a distro-specific kernel bug, already fixed by that distro).
+
 3.20180425.1 [Wed, 02 May 2018 16:48:44 -0300] Henrique de Moraes Holschuh <hmh@debian.org>:
 
   * New upstream microcode data file 20180425 (closes: #897443, #895878)

<http://10.200.17.11/4.3-1/#5888936795346485777>
Comment 2 Philipp Hahn univentionstaff 2018-08-17 13:24:23 CEST
OK: yaml
OK: errata-announce
OK: patch
OK: piuparts

[4.3-1] 4588b467a1 Bug #47606: intel-microcode 3.20180703.2~deb9u1
 doc/errata/staging/intel-microcode.yaml | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
Comment 3 Arvid Requate univentionstaff 2018-08-22 14:26:26 CEST
<http://errata.software-univention.de/ucs/4.3/205.html>