Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock
Please unblock package intel-microcode
This is an update that adds the MDS mitigations for Sandybridge server
and HEDT (Core-X). Other than those two updated microcode files, there
are just changes to text files.
It has been the subject of a security update (DSA 4447-2, and soon DLA
1789-2), please refer to
https://security-tracker.debian.org/tracker/CVE-2019-11091
for details.
diff attached (with the microcode blob changes removed for clarity).
diffstat (git, ignores rename of symlink):
changelog | 7 +++
debian/changelog | 106 +++++++++++++++++++++++++++++----------------------
intel-ucode/06-2d-06 |binary
intel-ucode/06-2d-07 |binary
releasenote | 46 ++--------------------
5 files changed, 74 insertions(+), 85 deletions(-)
unblock intel-microcode/3.20190618.1
Thank you
--
Henrique Holschuh
diff --git a/changelog b/changelog
index b6f59a6..f3579cf 100644
--- a/changelog
+++ b/changelog
@@ -1,3 +1,10 @@
+2019-06-18:
+ * Implements MDS mitigation (RIDL, Fallout, Zombieload), INTEL-SA-00223
+ CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
+ * Updated Microcodes:
+ sig 0x000206d6, pf_mask 0x6d, 2019-05-21, rev 0x061f, size 18432
+ sig 0x000206d7, pf_mask 0x6d, 2019-05-21, rev 0x0718, size 19456
+
2019-05-14:
* Implements MDS mitigation (RIDL, Fallout, Zombieload), INTEL-SA-00223
CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
diff --git a/debian/changelog b/debian/changelog
index f7c67ce..ac6bfe1 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,50 +1,68 @@
+intel-microcode (3.20190618.1) unstable; urgency=medium
+
+ * New upstream microcode datafile 20190618
+ + SECURITY UPDATE
+ Implements MDS mitigation (RIDL, Fallout, Zombieload), INTEL-SA-00223
+ CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
+ for Sandybridge server and Core-X processors
+ + Updated Microcodes:
+ sig 0x000206d6, pf_mask 0x6d, 2019-05-21, rev 0x061f, size 18432
+ sig 0x000206d7, pf_mask 0x6d, 2019-05-21, rev 0x0718, size 19456
+ * Add some missing (minor) changelog entries to 3.20190514.1
+ * Reformat 3.20190514.1 changelog entry to match rest of changelog
+
+ -- Henrique de Moraes Holschuh <h...@debian.org> Wed, 19 Jun 2019 09:05:54
-0300
+
intel-microcode (3.20190514.1) unstable; urgency=high
* New upstream microcode datafile 20190514
- * SECURITY UPDATE
- Implements MDS mitigation (RIDL, Fallout, Zombieload), INTEL-SA-00223
- CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
- * New Microcodes:
- sig 0x00030678, pf_mask 0x02, 2019-04-22, rev 0x0838, size 52224
- sig 0x00030678, pf_mask 0x0c, 2019-04-22, rev 0x0838, size 52224
- sig 0x00030679, pf_mask 0x0f, 2019-04-23, rev 0x090c, size 52224
- sig 0x000406c3, pf_mask 0x01, 2019-04-23, rev 0x0368, size 69632
- sig 0x000406c4, pf_mask 0x01, 2019-04-23, rev 0x0411, size 68608
- sig 0x00050657, pf_mask 0xbf, 2019-02-27, rev 0x5000021, size 47104
- * Updated Microcodes:
- sig 0x000206a7, pf_mask 0x12, 2019-02-17, rev 0x002f, size 12288
- sig 0x000306a9, pf_mask 0x12, 2019-02-13, rev 0x0021, size 14336
- sig 0x000306c3, pf_mask 0x32, 2019-02-26, rev 0x0027, size 23552
- sig 0x000306d4, pf_mask 0xc0, 2019-03-07, rev 0x002d, size 19456
- sig 0x000306e4, pf_mask 0xed, 2019-03-14, rev 0x042e, size 16384
- sig 0x000306e7, pf_mask 0xed, 2019-03-14, rev 0x0715, size 17408
- sig 0x000306f2, pf_mask 0x6f, 2019-03-01, rev 0x0043, size 34816
- sig 0x000306f4, pf_mask 0x80, 2019-03-01, rev 0x0014, size 18432
- sig 0x00040651, pf_mask 0x72, 2019-02-26, rev 0x0025, size 21504
- sig 0x00040661, pf_mask 0x32, 2019-02-26, rev 0x001b, size 25600
- sig 0x00040671, pf_mask 0x22, 2019-03-07, rev 0x0020, size 14336
- sig 0x000406e3, pf_mask 0xc0, 2019-04-01, rev 0x00cc, size 100352
- sig 0x000406f1, pf_mask 0xef, 2019-03-02, rev 0xb000036, size 30720
- sig 0x00050654, pf_mask 0xb7, 2019-04-02, rev 0x200005e, size 32768
- sig 0x00050662, pf_mask 0x10, 2019-03-23, rev 0x001a, size 32768
- sig 0x00050663, pf_mask 0x10, 2019-03-23, rev 0x7000017, size 24576
- sig 0x00050664, pf_mask 0x10, 2019-03-23, rev 0xf000015, size 23552
- sig 0x00050665, pf_mask 0x10, 2019-03-23, rev 0xe00000d, size 19456
- sig 0x000506c9, pf_mask 0x03, 2019-01-15, rev 0x0038, size 17408
- sig 0x000506ca, pf_mask 0x03, 2019-03-01, rev 0x0016, size 15360
- sig 0x000506e3, pf_mask 0x36, 2019-04-01, rev 0x00cc, size 100352
- sig 0x000506f1, pf_mask 0x01, 2019-03-21, rev 0x002e, size 11264
- sig 0x000706a1, pf_mask 0x01, 2019-01-02, rev 0x002e, size 73728
- sig 0x000806e9, pf_mask 0x10, 2019-04-01, rev 0x00b4, size 98304
- sig 0x000806e9, pf_mask 0xc0, 2019-04-01, rev 0x00b4, size 99328
- sig 0x000806ea, pf_mask 0xc0, 2019-04-01, rev 0x00b4, size 99328
- sig 0x000806eb, pf_mask 0xd0, 2019-03-30, rev 0x00b8, size 98304
- sig 0x000806ec, pf_mask 0x94, 2019-03-30, rev 0x00b8, size 97280
- sig 0x000906e9, pf_mask 0x2a, 2019-04-01, rev 0x00b4, size 99328
- sig 0x000906ea, pf_mask 0x22, 2019-04-01, rev 0x00b4, size 98304
- sig 0x000906eb, pf_mask 0x02, 2019-04-01, rev 0x00b4, size 99328
- sig 0x000906ec, pf_mask 0x22, 2019-02-14, rev 0x00ae, size 98304
- sig 0x000906ed, pf_mask 0x22, 2019-03-17, rev 0x00b8, size 97280
+ + SECURITY UPDATE
+ Implements MDS mitigation (RIDL, Fallout, Zombieload), INTEL-SA-00223
+ CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
+ + New Microcodes:
+ sig 0x00030678, pf_mask 0x02, 2019-04-22, rev 0x0838, size 52224
+ sig 0x00030678, pf_mask 0x0c, 2019-04-22, rev 0x0838, size 52224
+ sig 0x00030679, pf_mask 0x0f, 2019-04-23, rev 0x090c, size 52224
+ sig 0x000406c3, pf_mask 0x01, 2019-04-23, rev 0x0368, size 69632
+ sig 0x000406c4, pf_mask 0x01, 2019-04-23, rev 0x0411, size 68608
+ sig 0x00050657, pf_mask 0xbf, 2019-02-27, rev 0x5000021, size 47104
+ + Updated Microcodes:
+ sig 0x000206a7, pf_mask 0x12, 2019-02-17, rev 0x002f, size 12288
+ sig 0x000306a9, pf_mask 0x12, 2019-02-13, rev 0x0021, size 14336
+ sig 0x000306c3, pf_mask 0x32, 2019-02-26, rev 0x0027, size 23552
+ sig 0x000306d4, pf_mask 0xc0, 2019-03-07, rev 0x002d, size 19456
+ sig 0x000306e4, pf_mask 0xed, 2019-03-14, rev 0x042e, size 16384
+ sig 0x000306e7, pf_mask 0xed, 2019-03-14, rev 0x0715, size 17408
+ sig 0x000306f2, pf_mask 0x6f, 2019-03-01, rev 0x0043, size 34816
+ sig 0x000306f4, pf_mask 0x80, 2019-03-01, rev 0x0014, size 18432
+ sig 0x00040651, pf_mask 0x72, 2019-02-26, rev 0x0025, size 21504
+ sig 0x00040661, pf_mask 0x32, 2019-02-26, rev 0x001b, size 25600
+ sig 0x00040671, pf_mask 0x22, 2019-03-07, rev 0x0020, size 14336
+ sig 0x000406e3, pf_mask 0xc0, 2019-04-01, rev 0x00cc, size 100352
+ sig 0x000406f1, pf_mask 0xef, 2019-03-02, rev 0xb000036, size 30720
+ sig 0x00050654, pf_mask 0xb7, 2019-04-02, rev 0x200005e, size 32768
+ sig 0x00050662, pf_mask 0x10, 2019-03-23, rev 0x001a, size 32768
+ sig 0x00050663, pf_mask 0x10, 2019-03-23, rev 0x7000017, size 24576
+ sig 0x00050664, pf_mask 0x10, 2019-03-23, rev 0xf000015, size 23552
+ sig 0x00050665, pf_mask 0x10, 2019-03-23, rev 0xe00000d, size 19456
+ sig 0x000506c9, pf_mask 0x03, 2019-01-15, rev 0x0038, size 17408
+ sig 0x000506ca, pf_mask 0x03, 2019-03-01, rev 0x0016, size 15360
+ sig 0x000506e3, pf_mask 0x36, 2019-04-01, rev 0x00cc, size 100352
+ sig 0x000506f1, pf_mask 0x01, 2019-03-21, rev 0x002e, size 11264
+ sig 0x000706a1, pf_mask 0x01, 2019-01-02, rev 0x002e, size 73728
+ sig 0x000806e9, pf_mask 0x10, 2019-04-01, rev 0x00b4, size 98304
+ sig 0x000806e9, pf_mask 0xc0, 2019-04-01, rev 0x00b4, size 99328
+ sig 0x000806ea, pf_mask 0xc0, 2019-04-01, rev 0x00b4, size 99328
+ sig 0x000806eb, pf_mask 0xd0, 2019-03-30, rev 0x00b8, size 98304
+ sig 0x000806ec, pf_mask 0x94, 2019-03-30, rev 0x00b8, size 97280
+ sig 0x000906e9, pf_mask 0x2a, 2019-04-01, rev 0x00b4, size 99328
+ sig 0x000906ea, pf_mask 0x22, 2019-04-01, rev 0x00b4, size 98304
+ sig 0x000906eb, pf_mask 0x02, 2019-04-01, rev 0x00b4, size 99328
+ sig 0x000906ec, pf_mask 0x22, 2019-02-14, rev 0x00ae, size 98304
+ sig 0x000906ed, pf_mask 0x22, 2019-03-17, rev 0x00b8, size 97280
+ * README.Debian, control: update download/homepage URLs
+ * copyright: update download URL and date range
+ * source: update symlinks to reflect id of the latest release, 20190514
-- Henrique de Moraes Holschuh <h...@debian.org> Tue, 14 May 2019 21:49:08
-0300
diff --git a/intel-ucode/06-2d-06 b/intel-ucode/06-2d-06
index d89a291..2c9b69c 100644
Binary files a/intel-ucode/06-2d-06 and b/intel-ucode/06-2d-06 differ
diff --git a/intel-ucode/06-2d-07 b/intel-ucode/06-2d-07
index 0da2b9e..52a3fb6 100644
Binary files a/intel-ucode/06-2d-07 and b/intel-ucode/06-2d-07 differ
diff --git a/microcode-20190514.d b/microcode-20190618.d
similarity index 100%
rename from microcode-20190514.d
rename to microcode-20190618.d
diff --git a/releasenote b/releasenote
index b5f1ea5..3c73f65 100644
--- a/releasenote
+++ b/releasenote
@@ -82,48 +82,12 @@ OS vendors must ensure that the late loader patches
(provided in
linux-kernel-patches\) are included in the distribution before packaging the
BDX-ML microcode for late-loading.
-== 20190514 Release ==
--- Updates upon 20190312 release --
+== 20190618 Release ==
+-- Updates upon 20190514 release --
Processor Identifier Version Products
Model Stepping F-MO-S/PI Old->New
---- new platforms ----------------------------------------
-VLV C0 6-37-8/02 00000838 Atom Z series
-VLV C0 6-37-8/0C 00000838 Celeron N2xxx, Pentium N35xx
-VLV D0 6-37-9/0F 0000090c Atom E38xx
-CHV C0 6-4c-3/01 00000368 Atom X series
-CHV D0 6-4c-4/01 00000411 Atom X series
-CLX-SP B1 6-55-7/bf 05000021 Xeon Scalable Gen2
+
---- updated platforms ------------------------------------
-SNB D2/G1/Q0 6-2a-7/12 0000002e->0000002f Core Gen2
-IVB E1/L1 6-3a-9/12 00000020->00000021 Core Gen3
-HSW C0 6-3c-3/32 00000025->00000027 Core Gen4
-BDW-U/Y E0/F0 6-3d-4/c0 0000002b->0000002d Core Gen5
-IVB-E/EP C1/M1/S1 6-3e-4/ed 0000042e->0000042f Core Gen3 X Series; Xeon E5
v2
-IVB-EX D1 6-3e-7/ed 00000714->00000715 Xeon E7 v2
-HSX-E/EP Cx/M1 6-3f-2/6f 00000041->00000043 Core Gen4 X series; Xeon E5
v3
-HSX-EX E0 6-3f-4/80 00000013->00000014 Xeon E7 v3
-HSW-U C0/D0 6-45-1/72 00000024->00000025 Core Gen4
-HSW-H C0 6-46-1/32 0000001a->0000001b Core Gen4
-BDW-H/E3 E0/G0 6-47-1/22 0000001e->00000020 Core Gen5
-SKL-U/Y D0/K1 6-4e-3/c0 000000c6->000000cc Core Gen6
-BDX-ML B0/M0/R0 6-4f-1/ef 0b00002e->00000036 Xeon E5/E7 v4; Core
i7-69xx/68xx
-SKX-SP H0/M0/U0 6-55-4/b7 0200005a->0000005e Xeon Scalable
-SKX-D M1 6-55-4/b7 0200005a->0000005e Xeon D-21xx
-BDX-DE V1 6-56-2/10 00000019->0000001a Xeon D-1520/40
-BDX-DE V2/3 6-56-3/10 07000016->07000017 Xeon
D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19
-BDX-DE Y0 6-56-4/10 0f000014->0f000015 Xeon
D-1557/59/67/71/77/81/87
-BDX-NS A0 6-56-5/10 0e00000c->0e00000d Xeon D-1513N/23/33/43/53
-APL D0 6-5c-9/03 00000036->00000038 Pentium N/J4xxx, Celeron
N/J3xxx, Atom x5/7-E39xx
-SKL-H/S R0/N0 6-5e-3/36 000000c6->000000cc Core Gen6; Xeon E3 v5
-DNV B0 6-5f-1/01 00000024->0000002e Atom C Series
-GLK B0 6-7a-1/01 0000002c->0000002e Pentium Silver N/J5xxx,
Celeron N/J4xxx
-AML-Y22 H0 6-8e-9/10 0000009e->000000b4 Core Gen8 Mobile
-KBL-U/Y H0 6-8e-9/c0 0000009a->000000b4 Core Gen7 Mobile
-CFL-U43e D0 6-8e-a/c0 0000009e->000000b4 Core Gen8 Mobile
-WHL-U W0 6-8e-b/d0 000000a4->000000b8 Core Gen8 Mobile
-WHL-U V0 6-8e-d/94 000000b2->000000b8 Core Gen8 Mobile
-KBL-G/H/S/E3 B0 6-9e-9/2a 0000009a->000000b4 Core Gen7; Xeon E3 v6
-CFL-H/S/E3 U0 6-9e-a/22 000000aa->000000b4 Core Gen8 Desktop, Mobile,
Xeon E
-CFL-S B0 6-9e-b/02 000000aa->000000b4 Core Gen8
-CFL-H/S P0 6-9e-c/22 000000a2->000000ae Core Gen9
-CFL-H R0 6-9e-d/22 000000b0->000000b8 Core Gen9 Mobile
+SNB-E/EN/EP C1/M0 6-2d-6/6d 0000061d->0000061f Xeon E3/E5, Core X
+SNB-E/EN/EP C2/M1 6-2d-7/6d 00000714->00000718 Xeon E3/E5, Core X
diff --git a/supplementary-ucode-20190514_BDX-ML.bin
b/supplementary-ucode-20190618_BDX-ML.bin
similarity index 100%
rename from supplementary-ucode-20190514_BDX-ML.bin
rename to supplementary-ucode-20190618_BDX-ML.bin
