Univention Bugzilla – Bug 47826
intel-microcode: Multiple issues (4.3)
Last modified: 2018-09-18 09:53:58 CEST
New Debian intel-microcode 3.20180807a.1~deb9u1 fixes: This update addresses the following issues: * cpu: speculative store bypass (CVE-2018-3639) * cpu: speculative register load (CVE-2018-3640)
--- mirror/ftp/4.2/unmaintained/4.2-4/source/intel-microcode_3.20180425.1.dsc +++ apt/ucs_4.3-0-errata4.3-2/source/intel-microcode_3.20180807a.1~deb9u1.dsc @@ -1,3 +1,108 @@ +3.20180807a.1~deb9u1 [Sat, 15 Sep 2018 00:53:22 -0300] Henrique de Moraes Holschuh <hmh@debian.org>: + + * Upload to Debian stretch (no changes) + * Security fixes: + Intel SA-00161, CVE-2018-3615, CVE-2018-3620, CVE-2018-3646 + Intel SA-00115, CVE-2018-3639, CVE-2018-3640 + Intel SA-00088, CVE-2017-5753, CVE-2017-5754 + +3.20180807a.1 [Fri, 24 Aug 2018 08:53:53 -0300] Henrique de Moraes Holschuh <hmh@debian.org>: + + [ Henrique de Moraes Holschuh ] + * New upstream microcode datafile 20180807a + (closes: #906158, #906160, #903135, #903141) + + New Microcodes: + sig 0x000206c2, pf_mask 0x03, 2018-05-08, rev 0x001f, size 11264 + sig 0x000206e6, pf_mask 0x04, 2018-05-15, rev 0x000d, size 9216 + sig 0x000506c2, pf_mask 0x01, 2018-05-11, rev 0x0014, size 15360 + sig 0x000506ca, pf_mask 0x03, 2018-05-11, rev 0x000c, size 14336 + sig 0x000506f1, pf_mask 0x01, 2018-05-11, rev 0x0024, size 10240 + + Updated Microcodes: + sig 0x000106a5, pf_mask 0x03, 2018-05-11, rev 0x001d, size 12288 + sig 0x000106e5, pf_mask 0x13, 2018-05-08, rev 0x000a, size 9216 + sig 0x00020652, pf_mask 0x12, 2018-05-08, rev 0x0011, size 9216 + sig 0x00020655, pf_mask 0x92, 2018-04-23, rev 0x0007, size 4096 + sig 0x000206a7, pf_mask 0x12, 2018-04-10, rev 0x002e, size 12288 + sig 0x000206f2, pf_mask 0x05, 2018-05-16, rev 0x003b, size 14336 + sig 0x000306a9, pf_mask 0x12, 2018-04-10, rev 0x0020, size 13312 + sig 0x000306c3, pf_mask 0x32, 2018-04-02, rev 0x0025, size 23552 + sig 0x000306d4, pf_mask 0xc0, 2018-03-22, rev 0x002b, size 18432 + sig 0x00040651, pf_mask 0x72, 2018-04-02, rev 0x0024, size 22528 + sig 0x00040661, pf_mask 0x32, 2018-04-02, rev 0x001a, size 25600 + sig 0x00040671, pf_mask 0x22, 2018-04-03, rev 0x001e, size 13312 + sig 0x000406e3, pf_mask 0xc0, 2018-04-17, rev 0x00c6, size 99328 + sig 0x00050662, pf_mask 0x10, 2018-05-25, rev 0x0017, size 31744 + sig 0x00050663, pf_mask 0x10, 2018-04-20, rev 0x7000013, size 22528 + sig 0x00050664, pf_mask 0x10, 2018-04-20, rev 0xf000012, size 22528 + sig 0x000506c9, pf_mask 0x03, 2018-05-11, rev 0x0032, size 16384 + sig 0x000506e3, pf_mask 0x36, 2018-04-17, rev 0x00c6, size 99328 + sig 0x000706a1, pf_mask 0x01, 2018-05-22, rev 0x0028, size 73728 + sig 0x000806e9, pf_mask 0xc0, 2018-03-24, rev 0x008e, size 98304 + sig 0x000806ea, pf_mask 0xc0, 2018-05-15, rev 0x0096, size 98304 + sig 0x000906e9, pf_mask 0x2a, 2018-03-24, rev 0x008e, size 98304 + sig 0x000906ea, pf_mask 0x22, 2018-05-02, rev 0x0096, size 97280 + sig 0x000906eb, pf_mask 0x02, 2018-03-24, rev 0x008e, size 98304 + + Implements L1D_FLUSH support (L1TF "Foreshadow/-NG" mitigation) + Intel SA-00161, CVE-2018-3615, CVE-2018-3620, CVE-2018-3646 + + Implements SSBD support (Spectre v4 mitigation), + Disable speculation for (some) RDMSR/WRMSR (Spectre v3a fix) + Intel SA-00115, CVE-2018-3639, CVE-2018-3640 + + Implements IBRS/IBPB/STIPB support, Spectre v2 mitigation for older + processors with signatures 0x106a5, 0x106e5, 0x20652, 0x20655. + Intel SA-0088, CVE-2017-5753, CVE-2017-5754 + * source: update symlinks to reflect id of the latest release, 20180807a + * debian/intel-microcode.docs: ship license and releasenote upstream files. + * debian/changelog: update entry for 3.20180703.1 with L1TF information + + [ Julian Andres Klode ] + * initramfs: include all microcode for MODULES=most. + Default to early instead of auto, and install all of the microcode, + not just the one matching the current CPU, if MODULES=most is set + in the initramfs-tools config (LP: #1778738) + +3.20180703.2~deb9u1 [Tue, 14 Aug 2018 23:30:11 -0300] Henrique de Moraes Holschuh <hmh@debian.org>: + + * Upload to Debian stretch (no changes) + Security-fix: CVE-2018-3639, CVE-2018-3640 + +3.20180703.2 [Thu, 05 Jul 2018 14:26:36 -0300] Henrique de Moraes Holschuh <hmh@debian.org>: + + * source: fix badly named symlink that resulted in most microcode + updates not being shipped in the binary package. Oops! + +3.20180703.1 [Thu, 05 Jul 2018 10:03:53 -0300] Henrique de Moraes Holschuh <hmh@debian.org>: + + * New upstream microcode data file 20180703 (closes: #903018) + + Updated Microcodes: + sig 0x000206d6, pf_mask 0x6d, 2018-05-08, rev 0x061d, size 18432 + sig 0x000206d7, pf_mask 0x6d, 2018-05-08, rev 0x0714, size 19456 + sig 0x000306e4, pf_mask 0xed, 2018-04-25, rev 0x042d, size 15360 + sig 0x000306e7, pf_mask 0xed, 2018-04-25, rev 0x0714, size 17408 + sig 0x000306f2, pf_mask 0x6f, 2018-04-20, rev 0x003d, size 33792 + sig 0x000306f4, pf_mask 0x80, 2018-04-20, rev 0x0012, size 17408 + sig 0x000406f1, pf_mask 0xef, 2018-04-19, rev 0xb00002e, size 28672 + sig 0x00050654, pf_mask 0xb7, 2018-05-15, rev 0x200004d, size 31744 + sig 0x00050665, pf_mask 0x10, 2018-04-20, rev 0xe00000a, size 18432 + + First batch of fixes for: Intel SA-00115, CVE-2018-3639, CVE-2018-3640, + Intel SA-00161, CVE-2018-3615, CVE-2018-3620, CVE-2018-3646 + + Implements L1D_FLUSH support (L1TF "Foreshadow/-NG" mitigation), + SSBD support (Spectre-v4 mitigation) and fix Spectre-v3a for: + Sandybridge server, Ivy Bridge server, Haswell server, Skylake server, + Broadwell server, a few HEDT Core i7/i9 models that are actually gimped + server dies. + * source: update symlinks to reflect id of the latest release, 20180703 + +3.20180425.1~deb9u1 [Fri, 18 May 2018 09:15:59 -0300] Henrique de Moraes Holschuh <hmh@debian.org>: + + * Upload to Debian stretch (no changes) + * RELEASE MANAGER INFORMATION: This update deploys the microcode side fix + for CVE-2017-5715 (Spectre v2). On the more recent processors, it also + fixes other unspecified errata. This microcode update pack has been + extensively tested in Debian unstable, testing, strech-backports and + jessie-backports. It has been extensively deployed by other distributions + to their stable branches without causing any issues, with one notable + exception (a distro-specific kernel bug, already fixed by that distro). + 3.20180425.1 [Wed, 02 May 2018 16:48:44 -0300] Henrique de Moraes Holschuh <hmh@debian.org>: * New upstream microcode data file 20180425 (closes: #897443, #895878) <http://10.200.17.11/4.3-2/#2715859937401324511>
*** Bug 47827 has been marked as a duplicate of this bug. ***
http://errata.software-univention.de/ucs/4.3/219.html *** This bug has been marked as a duplicate of bug 47669 ***