subject:"Bug#1068082\: bullseye\-pu\: package intel\-microcode\/3.20240312.1\~deb11u1"

Bug#1068082: bullseye-pu: package intel-microcode/3.20240312.1~deb11u1

2024-05-02 Thread Henrique de Moraes Holschuh

On Mon, Apr 22, 2024, at 13:58, Jonathan Wiltshire wrote:
> Control: tag -1 confirmed
>
> On Sat, Mar 30, 2024 at 07:50:45AM -0300, Henrique de Moraes Holschuh wrote:
>> As requested by the security team, I would like to bring the microcode
>> update level for Intel processors in Bullseye and Bookworm to match what
>> we have in Sid and Trixie.  This is the bug report for Bullseye, a
>> separate one will be filled for Bookmorm.
>
> Please go ahead.

Uploaded!

Thank you!

-- 
  Henrique de Moraes Holschuh

Processed: Re: Bug#1068082: bullseye-pu: package intel-microcode/3.20240312.1~deb11u1

2024-04-22 Thread Debian Bug Tracking System

Processing control commands:

> tag -1 confirmed
Bug #1068082 [release.debian.org] bullseye-pu: package 
intel-microcode/3.20240312.1~deb11u1
Bug #1068083 [release.debian.org] bullseye-pu: package 
intel-microcode/3.20240312.1~deb11u1
Added tag(s) confirmed.
Added tag(s) confirmed.

-- 
1068082: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068082
1068083: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068083
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1068082: bullseye-pu: package intel-microcode/3.20240312.1~deb11u1

2024-04-22 Thread Jonathan Wiltshire

Control: tag -1 confirmed

On Sat, Mar 30, 2024 at 07:50:45AM -0300, Henrique de Moraes Holschuh wrote:
> As requested by the security team, I would like to bring the microcode
> update level for Intel processors in Bullseye and Bookworm to match what
> we have in Sid and Trixie.  This is the bug report for Bullseye, a
> separate one will be filled for Bookmorm.

Please go ahead.

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1

Bug#1068082: bullseye-pu: package intel-microcode/3.20240312.1~deb11u1

2024-03-30 Thread Henrique de Moraes Holschuh

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu

(duplicate submission, this one is signed. sorry about that!)

[ Reason ]

As requested by the security team, I would like to bring the microcode
update level for Intel processors in Bullseye and Bookworm to match what
we have in Sid and Trixie.  This is the bug report for Bullseye, a
separate one will be filled for Bookmorm.

This fixes:
* Several CVEs in many Intel processors
  - Mitigations for INTEL-SA-INTEL-SA-00972 (CVE-2023-39368)
  - Mitigations for INTEL-SA-INTEL-SA-00982 (CVE-2023-38575)
  - Mitigations for INTEL-SA-INTEL-SA-00898 (CVE-2023-28746), aka RFDS
  - Mitigations for INTEL-SA-INTEL-SA-00960 (CVE-2023-22655), aka TECRA
  - Mitigations for INTEL-SA-INTEL-SA-01045 (CVE-2023-43490)
* Other unspecified functional issues on many processors

There are no releavant issues reported on this microcode update,
considering the version of intel-microcode already available as security
updates for bookworm and bullseye.

[ Impact ]

If this update is not approved, owners of most recent "client" Intel
processors and a few server processors will depend on UEFI updates to be
protected against RFDS as well as the other issues listed above.

[ Tests ]

There were no bug reports from users of Debian sid or Trixie, these
packages have been tested there since 2024-03-13 (sid), 2024-03-18
(trixie).

[ Risks ]

Unknown, but not believed to be any different from other Intel microcode
updates.

Linux kernel updates related to the RFDS microcode update fixes are
either already available in Bookworm and Bullseye, or have already been
requested as spu's.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]

As per the debdiff, only documentation changes, package documentation
changes, and the binary blob change from upstream.

Diffstat:
 b/changelog|   77 +++
 b/debian/changelog |   89 +
 b/intel-ucode/06-55-03 |binary
 b/intel-ucode/06-55-06 |binary
 b/intel-ucode/06-55-07 |binary
 b/intel-ucode/06-55-0b |binary
 b/intel-ucode/06-56-05 |binary
 b/intel-ucode/06-5f-01 |binary
 b/intel-ucode/06-6a-06 |binary
 b/intel-ucode/06-6c-01 |binary
 b/intel-ucode/06-7a-01 |binary
 b/intel-ucode/06-7a-08 |binary
 b/intel-ucode/06-7e-05 |binary
 b/intel-ucode/06-8c-01 |binary
 b/intel-ucode/06-8c-02 |binary
 b/intel-ucode/06-8d-01 |binary
 b/intel-ucode/06-8e-0c |binary
 b/intel-ucode/06-8f-05 |binary
 b/intel-ucode/06-8f-06 |binary
 b/intel-ucode/06-8f-07 |binary
 b/intel-ucode/06-8f-08 |binary
 b/intel-ucode/06-96-01 |binary
 b/intel-ucode/06-97-02 |binary
 b/intel-ucode/06-97-05 |binary
 b/intel-ucode/06-9a-03 |binary
 b/intel-ucode/06-9a-04 |binary
 b/intel-ucode/06-9c-00 |binary
 b/intel-ucode/06-9e-09 |binary
 b/intel-ucode/06-9e-0a |binary
 b/intel-ucode/06-9e-0c |binary
 b/intel-ucode/06-9e-0d |binary
 b/intel-ucode/06-a5-02 |binary
 b/intel-ucode/06-a5-03 |binary
 b/intel-ucode/06-a5-05 |binary
 b/intel-ucode/06-a6-00 |binary
 b/intel-ucode/06-a6-01 |binary
 b/intel-ucode/06-a7-01 |binary
 b/intel-ucode/06-aa-04 |binary
 b/intel-ucode/06-b7-01 |binary
 b/intel-ucode/06-ba-02 |binary
 b/intel-ucode/06-ba-03 |binary
 b/intel-ucode/06-ba-08 |binary
 b/intel-ucode/06-be-00 |binary
 b/intel-ucode/06-bf-02 |binary
 b/intel-ucode/06-bf-05 |binary
 b/intel-ucode/06-cf-01 |binary
 b/intel-ucode/06-cf-02 |binary
 b/releasenote.md   |   96 +
 49 files changed, 262 insertions(+)

[ Other info ]

The package version with "~" is needed to guarantee smooth updates to
the next debian release.

-- 
  Henrique Holschuh
diff --git a/changelog b/changelog
index cbf9f66..fe44e7e 100644
--- a/changelog
+++ b/changelog
@@ -1,3 +1,80 @@
+2024-03-12:
+  * New upstream microcode datafile 20240312
+- Mitigations for INTEL-SA-INTEL-SA-00972 (CVE-2023-39368):
+  Protection mechanism failure of bus lock regulator for some Intel
+  Processors may allow an unauthenticated user to potentially enable
+  denial of service via network access.
+- Mitigations for INTEL-SA-INTEL-SA-00982 (CVE-2023-38575):
+  Non-transparent sharing of return predictor targets between contexts in
+  some Intel Processors may allow an authorized user to potentially
+  enable information disclosure via local access.  Affects SGX as well.
+- Mitigations for INTEL-SA-INTEL-SA-00898 (CVE-2023-28746), aka RFDS:
+  Information exposure through microarchitectural state after transient
+  execution from some register files for some Intel Atom Processors and
+  E-cores of Intel Core Processors may allow an authenticated user to
+  potentially enable information disclosure via local access.

Bug#1068082: bullseye-pu: package intel-microcode/3.20240312.1~deb11u1

Processed: Re: Bug#1068082: bullseye-pu: package intel-microcode/3.20240312.1~deb11u1

Bug#1068082: bullseye-pu: package intel-microcode/3.20240312.1~deb11u1

Bug#1068082: bullseye-pu: package intel-microcode/3.20240312.1~deb11u1

4 matches

Site Navigation

Mail list logo

Footer information