Bug 47616 - amd64-microcode: Multiple issues (4.3)
amd64-microcode: Multiple issues (4.3)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.3
All Linux
: P3 normal (vote)
: UCS 4.3-1-errata
Assigned To: Quality Assurance
Philipp Hahn
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-08-20 10:36 CEST by Philipp Hahn
Modified: 2018-08-22 14:26 CEST (History)
0 users

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score: 5.6 (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Philipp Hahn univentionstaff 2018-08-20 10:36:18 CEST
New Debian amd64-microcode 3.20180524.1~bpo9+1 fixes:
This update addresses the following issue:
* cpu: speculative execution branch target injection

CVE-2017-5715 hw: cpu: speculative execution branch target injection
Comment 1 Quality Assurance univentionstaff 2018-08-20 15:57:46 CEST
--- mirror/ftp/4.3/unmaintained/4.3-0/source/amd64-microcode_3.20160316.3.dsc
+++ apt/ucs_4.3-0-errata4.3-1/source/amd64-microcode_3.20180524.1~bpo9+1.dsc
@@ -1,3 +1,50 @@
+3.20180524.1~bpo9+1 [Mon, 28 May 2018 08:09:01 -0300] Henrique de Moraes Holschuh <hmh@debian.org>:
+
+  * Rebuild for stretch-backports (no changes)
+
+3.20180524.1 [Fri, 25 May 2018 15:38:22 -0300] Henrique de Moraes Holschuh <hmh@debian.org>:
+
+  * New microcode update packages from AMD upstream:
+    + Re-added Microcodes:
+      sig 0x00610f01, patch id 0x06001119, 2012-07-13
+  * This update avoids regressing sig 0x610f01 processors on systems with
+    outdated firmware by adding back exactly the same microcode patch that was
+    present before [for these processors].  It does not implement Spectre-v2
+    mitigation for these processors.
+  * README: update for new release
+
+3.20180515.1 [Sat, 19 May 2018 13:51:06 -0300] Henrique de Moraes Holschuh <hmh@debian.org>:
+
+  * New microcode update packages from AMD upstream:
+    + New Microcodes:
+      sig 0x00800f12, patch id 0x08001227, 2018-02-09
+    + Updated Microcodes:
+      sig 0x00600f12, patch id 0x0600063e, 2018-02-07
+      sig 0x00600f20, patch id 0x06000852, 2018-02-06
+    + Removed Microcodes:
+      sig 0x00610f01, patch id 0x06001119, 2012-07-13
+  * Adds Spectre v2 (CVE-2017-5715) microcode-based mitigation support,
+    plus other unspecified fixes/updates.
+  * README, debian/copyright: update for new release
+
+3.20171205.2 [Fri, 04 May 2018 07:51:40 -0300] Henrique de Moraes Holschuh <hmh@debian.org>:
+
+  * debian/control: update Vcs-* fields for salsa.debian.org
+
+3.20171205.1 [Mon, 08 Jan 2018 12:19:57 -0200] Henrique de Moraes Holschuh <hmh@debian.org>:
+
+  * New microcode updates (closes: #886382):
+    sig 0x00800f12, patch id 0x08001213, 2017-12-05
+    Thanks to SuSE for distributing these ahead of AMD's official release!
+  * Add IBPB support for family 17h AMD processors (CVE-2017-5715)
+  * README: describe source for faml17h microcode update
+  * Upload to unstable to match IBPB microcode support on Intel in Debian
+    unstable.
+  * WARNING: requires at least kernel 4.15, 4.14.13, 4.9.76, 4.4.111 (or a
+    backport of commit f4e9b7af0cd58dd039a0fb2cd67d57cea4889abf
+    "x86/microcode/AMD: Add support for fam17h microcode loading") otherwise
+    it will not be applied to the processor.
+
 3.20160316.3 [Tue, 29 Nov 2016 23:54:53 -0200] Henrique de Moraes Holschuh <hmh@debian.org>:
 
   * initramfs: Make the early initramfs reproducible (closes: #845194)

<http://10.200.17.11/4.3-1/#2848291106724770359>
Comment 2 Philipp Hahn univentionstaff 2018-08-20 15:57:57 CEST
OK: yaml
OK: errata-announce
OK: patch
OK: piuparts

[4.3-1] 0e19a25a8a Bug #47616: amd64-microcode_3.20180524.1~bpo9+1
 doc/errata/staging/amd64-microcode.yaml | 12 ++++++++++++
 1 file changed, 12 insertions(+)
Comment 3 Arvid Requate univentionstaff 2018-08-22 14:26:27 CEST
<http://errata.software-univention.de/ucs/4.3/204.html>