Re: Intel Microcode updates
On Sun, 23 Jun 2019, Elmar Stellnberger wrote: > As I read from the latest comments the microcode updates for Core 2 systems > are officially shipped by Intel via the internet though Intel denies this in Maybe you should fetch the Intel official release yourself and check it out yourself. -- Henrique Holschuh
Re: Intel Microcode updates
I am only guessing, but I think a possible explanation which resolves this conundrum might be this: The latest release page is saying that the latest microcode package contains the latest microcode for this Core2 processor, which is the version last updated on 2010-09-28. Not changed, but still made available in the 20190312 standard microcodes blob. Maybe, only guessing. On Sun, 2019-06-23 at 09:55 +0200, Davide Prina wrote: > On 11/06/19 04:19, Henrique de Moraes Holschuh wrote: > > On Mon, 10 Jun 2019, Russell Coker wrote: > > > model name : Intel(R) Core(TM)2 Quad CPUQ9505 @ 2.83GHz > > Intel upstream decided to not distribute it, for whatever reason. The > > Core2 will not get any fixes for MDS either (nor will Nehalem and > > Westmere). > > ok, I have read that also, but in the latest release page[¹] > it tell you that Intel® Core™2 Quad Processor is supported by the latest > microcode (Version: 20190312 (Latest)). > > But if I do a > # dmesg | grep microcode > [0.00] microcode: microcode updated early to revision 0xa0b, > date = 2010-09-28 > > $ dpkg -l intel-microcode > ii intel-microcode 3.20190618.1~deb9u1 > > So Intel tell you, in the "press", that your CPU is not supported; in > the microcode official page, it tell you that your CPU is supported... > and the microcode is installed on my PC, but not loaded... something is > wrong, or I don't have understand. > > > It is easy enough to source that microcode update if you look for it, > > and you can just drop it on /usr/share/misc/intel-microcode.bin with > > intel-microcode installed, and update the initramfs. It will pick the > > extra microcode up. > > in the page [¹] there is not a download link, but a .txt file that tell > you do download from github[²] and here there is exactly what I have in: > $ dpkg -L intel-microcode > > and not the intel-microcode.bin you talk about > > Am I missing something? > > Ciao > Davide > > [¹] > https://downloadcenter.intel.com/download/28727/Linux-Processor-Microcode-Data-File?product=35428 > > [²] > https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files >
[SECURITY] [DSA 4470-1] pdns security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4470-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff June 23, 2019 https://www.debian.org/security/faq - - Package: pdns CVE ID : CVE-2019-10162 CVE-2019-10163 Two vulnerabilities have been discovered in pdns, an authoritative DNS server which may result in denial of service via malformed zone records and excessive NOTIFY packets in a master/slave setup. For the stable distribution (stretch), these problems have been fixed in version 4.0.3-1+deb9u5. We recommend that you upgrade your pdns packages. For the detailed security status of pdns please refer to its security tracker page at: https://security-tracker.debian.org/tracker/pdns Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl0P6LYACgkQEMKTtsN8 Tjbi2RAAqjNYSOlZ5W/yfVxGPO5OiyC8XojhGPuPdVmByyCDTqzgPtZftKHxXfD2 0sdc5/NM7ZNC/3brzRrVlMVRm7/bJvPloeDAGb8bnSzge9Nzz9FB7zcQxc5fdaqA pn7/++FWXDmOVy2NEObcerk/SodAWDpVfmIZP6kH3aIeGs0WrUA/cusmV+C94kgv 6XVJ3IW2dsIQrHvkoBMi4TJg5PrIHW0RruuJHlUSUgTusZ3XQS+hd93dciK7E+an xi0yB5oA6Mb/vw7DzlBRQfkgMiG6p9YRTgXwBdvrxqEVkNYpq9G/xH+nUdE6rDqt M3bG5tUMGCdtywwmwaSGXvkv6/5puPkMRpJIyTeVQTVYMbOgWyovC5sB5T8JytyD tW7qpbv/Mbhw0mmh0m8KoWnegNQhTTn8d3IKCxalB9JYpw3zhkHmfQW79lBRtqCy SvJEhkOVW7yhsWCl+HjKMXphsPST/oeKP3vJx4ET+4n58OfOt9Fm7rx406g2sY2o NsUwTdF3GDD00v0iuF+Vcm2nA6Qj6dOAXlp4kZygjFbDao4iF6lzY4KGDYS/Pn5Z kB4g58ShfWkAE+/WAvF8QVNcICnlI3l9SxwR2NiY/x6O53vkYBWeiJP/OvRQhlPQ Kw4enCb3qrjgb6jMNDPBMe8TjMh92sEqiXPQBy57OcStAjcfxfI= =nUCz -END PGP SIGNATURE-
[SECURITY] [DSA 4467-2] vim regression update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4467-2 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff June 23, 2019 https://www.debian.org/security/faq - - Package: vim CVE ID : CVE-2019-12735 The update for vim released as DSA 4467-1 introduced a regression which broke syntax highlighting in some circumstances. Updated vim packages are now available to correct this issue. For the stable distribution (stretch), this problem has been fixed in version 8.0.0197-4+deb9u3. We recommend that you upgrade your vim packages. For the detailed security status of vim please refer to its security tracker page at: https://security-tracker.debian.org/tracker/vim Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl0P5xcACgkQEMKTtsN8 TjZMbRAAoaZnTeE4PA4rwiKWhZ3SdmIIS3PHBJQbApopgyJLOGDfJzbIAaZ1MmDA vyqJJuYLY9rJq0J3Qual7hQP8OZiDUWBVdemWg0O32BVb70Kt+BuwkVl20aBlI/S nsPp9SnLC9k/sMtPo5VOQVfEHrvJp5+FiWGG9+V1JbgyS0qRX+pQhDlpzbyOxgGL Mb7gqyZC9NBe00OtFdO64S2gEg+sGhhW9kfyhYeX6a+E5mo6Q6SAdoYOvmTAz5sa FW1f3qbQzLfS5W5QEBc6k2FElXGcI68LGs67ou/FwCQO6Y0pHuzTvTGJ1UrWMpFQ vrjg6AOgipTYbWlsxn/tumoqsk+6iB68lqdYK9ukE3V9OTw+cJkkUrpAFtH41NGX xHnbncm2pPaN+hpiSLSPq83cWou6B6CB96zwmDk80Z13++nLq0EYYvMAcEC0wmyM fyUqaIcdFKUml/WSl11seznxEEku9+bZSmPOcDKNGympQVzugrBU9EfV9zqAGqjQ xiKLZCa7Ia0j0DJwxv7liiNEpUzaoMIRBNpBXqeryOMEZO1Mv9QxSTwA2rwwoNFG 1uueK6K1HpaTz1pR7cDNKW+NIAlT748Cty9iVRYU38oILYiYcaPHtZoQ/vA/1ZMA RGIrLc0d2W2EpSUgtLBAlI3qNsO8/VSz2DBmnEJOl9PEtinMhyE= =NLOL -END PGP SIGNATURE-
Re: Intel Microcode updates
If it is already described in the readme (I did not get this from the comments) then I´d consider that a good solution. I did not know. I will have to do that on my own in a short while because I still have many Core 2 systems. As I read from the latest comments the microcode updates for Core 2 systems are officially shipped by Intel via the internet though Intel denies this in another place apparently for marketing purposes. If this is really true I guess the update should be shipped by the usual means as for later CPUs. Am 23.06.19 um 22:28 schrieb Henrique de Moraes Holschuh: On Tue, 18 Jun 2019, Elmar Stellnberger wrote: Perhaps you could add a bash script that does automatically download the microcode like f.i. winetricks does with windows code. That way one could be more sure to use the right url for it. I also still have quite a lot of Core 2 computers and would thus profit from such a provision. I can add it as an example, sure, if someone writes one that is good enough to share and sends it as a *whishlist* bug to the BTS with the patch. But I fear it will be pointless. The README already tells you how to do it yourself, and people won't read it, why would them find about an example downloader script? I have been quite clear enough in my reply below about microcode updates sourced from random places, so such a downloader would *HAVE* to download from the official microcode updates distribution, anyway. Am 12.06.19 um 16:52 schrieb Henrique de Moraes Holschuh: (BCC'd to #929073 to avoid dragging the BTS into this thread). On Tue, 11 Jun 2019, Moritz Mühlenhoff wrote: Russell Coker schrieb: Should it be regarded as a bug in the intel-microcode package that it doesn't have this update that is "easy enough to source"? Or do you mean "easy to get but not licensed for distribution"? This is covered by #929073, which links to a PDF by Intel (which documents that Intel won't ship an update for your CPU). I'd like to add that: We do not, and will not, distribute in non-free's intel-microcode anything we did not get from Intel (or from someone else who got it from Intel with permission to redistribute). This ensures all microcode updates we distribute in non-free are under a license that allows redistribution. Note that, as long as there are very good reasons to do so, I am willing to distribute microcode updates that are no longer being distributed[1], since we did receive it with an appropriate license that allows redistribution in the first place. Also, one can place whatever microcode updates they got from wherever to /usr/share/misc/intel-microcode*.bin at their own risk and responsibility, and the intel-microcode package will attempt to use it. [1] as in: "they were being distributed by Intel on the Linux microcode update package in the past, and for more than one release of Intel's microcode update package".
Re: Intel Microcode updates
On Tue, 18 Jun 2019, Elmar Stellnberger wrote: > Perhaps you could add a bash script that does automatically download the > microcode like f.i. winetricks does with windows code. That way one could be > more sure to use the right url for it. I also still have quite a lot of Core > 2 computers and would thus profit from such a provision. I can add it as an example, sure, if someone writes one that is good enough to share and sends it as a *whishlist* bug to the BTS with the patch. But I fear it will be pointless. The README already tells you how to do it yourself, and people won't read it, why would them find about an example downloader script? I have been quite clear enough in my reply below about microcode updates sourced from random places, so such a downloader would *HAVE* to download from the official microcode updates distribution, anyway. > Am 12.06.19 um 16:52 schrieb Henrique de Moraes Holschuh: > > (BCC'd to #929073 to avoid dragging the BTS into this thread). > > > > On Tue, 11 Jun 2019, Moritz Mühlenhoff wrote: > > > Russell Coker schrieb: > > > > Should it be regarded as a bug in the intel-microcode package that it > > > > doesn't > > > > have this update that is "easy enough to source"? Or do you mean "easy > > > > to get > > > > but not licensed for distribution"? > > > This is covered by #929073, which links to a PDF by Intel (which documents > > > that Intel won't ship an update for your CPU). > > I'd like to add that: > > > > We do not, and will not, distribute in non-free's intel-microcode > > anything we did not get from Intel (or from someone else who got it from > > Intel with permission to redistribute). This ensures all microcode > > updates we distribute in non-free are under a license that allows > > redistribution. > > > > Note that, as long as there are very good reasons to do so, I am willing > > to distribute microcode updates that are no longer being distributed[1], > > since we did receive it with an appropriate license that allows > > redistribution in the first place. > > > > Also, one can place whatever microcode updates they got from wherever to > > /usr/share/misc/intel-microcode*.bin at their own risk and > > responsibility, and the intel-microcode package will attempt to use it. > > > > [1] as in: "they were being distributed by Intel on the Linux microcode > > update package in the past, and for more than one release of Intel's > > microcode update package". -- Henrique Holschuh
Re: Intel Microcode updates
On 11/06/19 04:19, Henrique de Moraes Holschuh wrote: On Mon, 10 Jun 2019, Russell Coker wrote: model name : Intel(R) Core(TM)2 Quad CPUQ9505 @ 2.83GHz Intel upstream decided to not distribute it, for whatever reason. The Core2 will not get any fixes for MDS either (nor will Nehalem and Westmere). ok, I have read that also, but in the latest release page[¹] it tell you that Intel® Core™2 Quad Processor is supported by the latest microcode (Version: 20190312 (Latest)). But if I do a # dmesg | grep microcode [0.00] microcode: microcode updated early to revision 0xa0b, date = 2010-09-28 $ dpkg -l intel-microcode ii intel-microcode 3.20190618.1~deb9u1 So Intel tell you, in the "press", that your CPU is not supported; in the microcode official page, it tell you that your CPU is supported... and the microcode is installed on my PC, but not loaded... something is wrong, or I don't have understand. It is easy enough to source that microcode update if you look for it, and you can just drop it on /usr/share/misc/intel-microcode.bin with intel-microcode installed, and update the initramfs. It will pick the extra microcode up. in the page [¹] there is not a download link, but a .txt file that tell you do download from github[²] and here there is exactly what I have in: $ dpkg -L intel-microcode and not the intel-microcode.bin you talk about Am I missing something? Ciao Davide [¹] https://downloadcenter.intel.com/download/28727/Linux-Processor-Microcode-Data-File?product=35428 [²] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files