[Bug 1783385] Re: intel-microcode: update to 20180703 drop
This bug was fixed in the package intel-microcode - 3.20180807a.0ubuntu0.14.04.1 --- intel-microcode (3.20180807a.0ubuntu0.14.04.1) trusty-security; urgency=medium * SECURITY UPDATE: New upstream microcode update to provide L1D cache flush support to mitigate L1TF (CVE-2018-3646) - New Microcodes: sig 0x000206e6, pf_mask 0x04, 2018-05-15, rev 0x000d, size 9216 sig 0x000506c2, pf_mask 0x01, 2018-05-11, rev 0x0014, size 15360 sig 0x000506ca, pf_mask 0x03, 2018-05-11, rev 0x000c, size 14336 sig 0x000506f1, pf_mask 0x01, 2018-05-11, rev 0x0024, size 10240 - Updated Microcodes: sig 0x000106a5, pf_mask 0x03, 2018-05-11, rev 0x001d, size 12288 sig 0x000106e5, pf_mask 0x13, 2018-05-08, rev 0x000a, size 9216 sig 0x00020652, pf_mask 0x12, 2018-05-08, rev 0x0011, size 9216 sig 0x00020655, pf_mask 0x92, 2018-04-23, rev 0x0007, size 4096 sig 0x000206a7, pf_mask 0x12, 2018-04-10, rev 0x002e, size 12288 sig 0x000206f2, pf_mask 0x05, 2018-05-16, rev 0x003b, size 14336 sig 0x000306a9, pf_mask 0x12, 2018-04-10, rev 0x0020, size 13312 sig 0x000306c3, pf_mask 0x32, 2018-04-02, rev 0x0025, size 23552 sig 0x000306d4, pf_mask 0xc0, 2018-03-22, rev 0x002b, size 18432 sig 0x00040651, pf_mask 0x72, 2018-04-02, rev 0x0024, size 22528 sig 0x00040661, pf_mask 0x32, 2018-04-02, rev 0x001a, size 25600 sig 0x00040671, pf_mask 0x22, 2018-04-03, rev 0x001e, size 13312 sig 0x000406e3, pf_mask 0xc0, 2018-04-17, rev 0x00c6, size 99328 sig 0x00050662, pf_mask 0x10, 2018-05-25, rev 0x0017, size 31744 sig 0x00050663, pf_mask 0x10, 2018-04-20, rev 0x713, size 22528 sig 0x00050664, pf_mask 0x10, 2018-04-20, rev 0xf12, size 22528 sig 0x000506c9, pf_mask 0x03, 2018-05-11, rev 0x0032, size 16384 sig 0x000506e3, pf_mask 0x36, 2018-04-17, rev 0x00c6, size 99328 sig 0x000706a1, pf_mask 0x01, 2018-05-22, rev 0x0028, size 73728 sig 0x000806e9, pf_mask 0xc0, 2018-03-24, rev 0x008e, size 98304 sig 0x000806ea, pf_mask 0xc0, 2018-05-15, rev 0x0096, size 98304 sig 0x000906e9, pf_mask 0x2a, 2018-03-24, rev 0x008e, size 98304 sig 0x000906ea, pf_mask 0x22, 2018-05-02, rev 0x0096, size 97280 sig 0x000906eb, pf_mask 0x02, 2018-03-24, rev 0x008e, size 98304 - Added back upstream but blacklisted by packaging due to the issues around addressing Intel SA-00030: sig 0x000206c2, pf_mask 0x03, 2018-05-08, rev 0x001f, size 11264 * Remaining changes from Debian: - debian/initramfs.hook: Default to early instead of auto, and install all of the microcode, not just the one matching the current CPU, if MODULES=most is set in the initramfs-tools config intel-microcode (3.20180703.2ubuntu1) cosmic; urgency=low * Merge from Debian unstable (LP: #1783385). Remaining changes: - debian/initramfs.hook: Default to early instead of auto, and install all of the microcode, not just the one matching the current CPU, if MODULES=most is set in the initramfs-tools config intel-microcode (3.20180703.2) unstable; urgency=medium * source: fix badly named symlink that resulted in most microcode updates not being shipped in the binary package. Oops! intel-microcode (3.20180703.1) unstable; urgency=medium * New upstream microcode data file 20180703 (closes: #903018) + Updated Microcodes: sig 0x000206d6, pf_mask 0x6d, 2018-05-08, rev 0x061d, size 18432 sig 0x000206d7, pf_mask 0x6d, 2018-05-08, rev 0x0714, size 19456 sig 0x000306e4, pf_mask 0xed, 2018-04-25, rev 0x042d, size 15360 sig 0x000306e7, pf_mask 0xed, 2018-04-25, rev 0x0714, size 17408 sig 0x000306f2, pf_mask 0x6f, 2018-04-20, rev 0x003d, size 33792 sig 0x000306f4, pf_mask 0x80, 2018-04-20, rev 0x0012, size 17408 sig 0x000406f1, pf_mask 0xef, 2018-04-19, rev 0xb2e, size 28672 sig 0x00050654, pf_mask 0xb7, 2018-05-15, rev 0x24d, size 31744 sig 0x00050665, pf_mask 0x10, 2018-04-20, rev 0xe0a, size 18432 + First batch of fixes for: Intel SA-00115, CVE-2018-3639, CVE-2018-3640 + SSBD support (Spectre-v4 mitigation) and fix Spectre-v3a for: Sandybridge server, Ivy Bridge server, Haswell server, Skylake server, Broadwell server, a few HEDT Core i7/i9 models that are actually gimped server dies. * source: update symlinks to reflect id of the latest release, 20180703 -- Steve Beattie Fri, 24 Aug 2018 12:09:28 -0700 ** Changed in: intel-microcode (Ubuntu Trusty) Status: In Progress => Fix Released ** Changed in: intel-microcode (Ubuntu Bionic) Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1783385 Title: intel-microcode: update to 20180703 drop To manage notifications about this bug go to:
[Bug 1783385] Re: intel-microcode: update to 20180703 drop
This bug was fixed in the package intel-microcode - 3.20180807a.0ubuntu0.18.04.1 --- intel-microcode (3.20180807a.0ubuntu0.18.04.1) bionic-security; urgency=medium * SECURITY UPDATE: New upstream microcode update to provide L1D cache flush support to mitigate L1TF (CVE-2018-3646) - New Microcodes: sig 0x000206e6, pf_mask 0x04, 2018-05-15, rev 0x000d, size 9216 sig 0x000506c2, pf_mask 0x01, 2018-05-11, rev 0x0014, size 15360 sig 0x000506ca, pf_mask 0x03, 2018-05-11, rev 0x000c, size 14336 sig 0x000506f1, pf_mask 0x01, 2018-05-11, rev 0x0024, size 10240 - Updated Microcodes: sig 0x000106a5, pf_mask 0x03, 2018-05-11, rev 0x001d, size 12288 sig 0x000106e5, pf_mask 0x13, 2018-05-08, rev 0x000a, size 9216 sig 0x00020652, pf_mask 0x12, 2018-05-08, rev 0x0011, size 9216 sig 0x00020655, pf_mask 0x92, 2018-04-23, rev 0x0007, size 4096 sig 0x000206a7, pf_mask 0x12, 2018-04-10, rev 0x002e, size 12288 sig 0x000206f2, pf_mask 0x05, 2018-05-16, rev 0x003b, size 14336 sig 0x000306a9, pf_mask 0x12, 2018-04-10, rev 0x0020, size 13312 sig 0x000306c3, pf_mask 0x32, 2018-04-02, rev 0x0025, size 23552 sig 0x000306d4, pf_mask 0xc0, 2018-03-22, rev 0x002b, size 18432 sig 0x00040651, pf_mask 0x72, 2018-04-02, rev 0x0024, size 22528 sig 0x00040661, pf_mask 0x32, 2018-04-02, rev 0x001a, size 25600 sig 0x00040671, pf_mask 0x22, 2018-04-03, rev 0x001e, size 13312 sig 0x000406e3, pf_mask 0xc0, 2018-04-17, rev 0x00c6, size 99328 sig 0x00050662, pf_mask 0x10, 2018-05-25, rev 0x0017, size 31744 sig 0x00050663, pf_mask 0x10, 2018-04-20, rev 0x713, size 22528 sig 0x00050664, pf_mask 0x10, 2018-04-20, rev 0xf12, size 22528 sig 0x000506c9, pf_mask 0x03, 2018-05-11, rev 0x0032, size 16384 sig 0x000506e3, pf_mask 0x36, 2018-04-17, rev 0x00c6, size 99328 sig 0x000706a1, pf_mask 0x01, 2018-05-22, rev 0x0028, size 73728 sig 0x000806e9, pf_mask 0xc0, 2018-03-24, rev 0x008e, size 98304 sig 0x000806ea, pf_mask 0xc0, 2018-05-15, rev 0x0096, size 98304 sig 0x000906e9, pf_mask 0x2a, 2018-03-24, rev 0x008e, size 98304 sig 0x000906ea, pf_mask 0x22, 2018-05-02, rev 0x0096, size 97280 sig 0x000906eb, pf_mask 0x02, 2018-03-24, rev 0x008e, size 98304 - Added back upstream but blacklisted by packaging due to the issues around addressing Intel SA-00030: sig 0x000206c2, pf_mask 0x03, 2018-05-08, rev 0x001f, size 11264 * Remaining changes from Debian: - debian/initramfs.hook: Default to early instead of auto, and install all of the microcode, not just the one matching the current CPU, if MODULES=most is set in the initramfs-tools config intel-microcode (3.20180703.2ubuntu1) cosmic; urgency=low * Merge from Debian unstable (LP: #1783385). Remaining changes: - debian/initramfs.hook: Default to early instead of auto, and install all of the microcode, not just the one matching the current CPU, if MODULES=most is set in the initramfs-tools config intel-microcode (3.20180703.2) unstable; urgency=medium * source: fix badly named symlink that resulted in most microcode updates not being shipped in the binary package. Oops! intel-microcode (3.20180703.1) unstable; urgency=medium * New upstream microcode data file 20180703 (closes: #903018) + Updated Microcodes: sig 0x000206d6, pf_mask 0x6d, 2018-05-08, rev 0x061d, size 18432 sig 0x000206d7, pf_mask 0x6d, 2018-05-08, rev 0x0714, size 19456 sig 0x000306e4, pf_mask 0xed, 2018-04-25, rev 0x042d, size 15360 sig 0x000306e7, pf_mask 0xed, 2018-04-25, rev 0x0714, size 17408 sig 0x000306f2, pf_mask 0x6f, 2018-04-20, rev 0x003d, size 33792 sig 0x000306f4, pf_mask 0x80, 2018-04-20, rev 0x0012, size 17408 sig 0x000406f1, pf_mask 0xef, 2018-04-19, rev 0xb2e, size 28672 sig 0x00050654, pf_mask 0xb7, 2018-05-15, rev 0x24d, size 31744 sig 0x00050665, pf_mask 0x10, 2018-04-20, rev 0xe0a, size 18432 + First batch of fixes for: Intel SA-00115, CVE-2018-3639, CVE-2018-3640 + SSBD support (Spectre-v4 mitigation) and fix Spectre-v3a for: Sandybridge server, Ivy Bridge server, Haswell server, Skylake server, Broadwell server, a few HEDT Core i7/i9 models that are actually gimped server dies. * source: update symlinks to reflect id of the latest release, 20180703 -- Steve Beattie Fri, 24 Aug 2018 10:38:29 -0700 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1783385 Title: intel-microcode: update to 20180703 drop To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+bug/1783385/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1783385] Re: intel-microcode: update to 20180703 drop
This bug was fixed in the package intel-microcode - 3.20180807a.0ubuntu0.16.04.1 --- intel-microcode (3.20180807a.0ubuntu0.16.04.1) xenial-security; urgency=medium * SECURITY UPDATE: New upstream microcode update to provide L1D cache flush support to mitigate L1TF (CVE-2018-3646) - New Microcodes: sig 0x000206e6, pf_mask 0x04, 2018-05-15, rev 0x000d, size 9216 sig 0x000506c2, pf_mask 0x01, 2018-05-11, rev 0x0014, size 15360 sig 0x000506ca, pf_mask 0x03, 2018-05-11, rev 0x000c, size 14336 sig 0x000506f1, pf_mask 0x01, 2018-05-11, rev 0x0024, size 10240 - Updated Microcodes: sig 0x000106a5, pf_mask 0x03, 2018-05-11, rev 0x001d, size 12288 sig 0x000106e5, pf_mask 0x13, 2018-05-08, rev 0x000a, size 9216 sig 0x00020652, pf_mask 0x12, 2018-05-08, rev 0x0011, size 9216 sig 0x00020655, pf_mask 0x92, 2018-04-23, rev 0x0007, size 4096 sig 0x000206a7, pf_mask 0x12, 2018-04-10, rev 0x002e, size 12288 sig 0x000206f2, pf_mask 0x05, 2018-05-16, rev 0x003b, size 14336 sig 0x000306a9, pf_mask 0x12, 2018-04-10, rev 0x0020, size 13312 sig 0x000306c3, pf_mask 0x32, 2018-04-02, rev 0x0025, size 23552 sig 0x000306d4, pf_mask 0xc0, 2018-03-22, rev 0x002b, size 18432 sig 0x00040651, pf_mask 0x72, 2018-04-02, rev 0x0024, size 22528 sig 0x00040661, pf_mask 0x32, 2018-04-02, rev 0x001a, size 25600 sig 0x00040671, pf_mask 0x22, 2018-04-03, rev 0x001e, size 13312 sig 0x000406e3, pf_mask 0xc0, 2018-04-17, rev 0x00c6, size 99328 sig 0x00050662, pf_mask 0x10, 2018-05-25, rev 0x0017, size 31744 sig 0x00050663, pf_mask 0x10, 2018-04-20, rev 0x713, size 22528 sig 0x00050664, pf_mask 0x10, 2018-04-20, rev 0xf12, size 22528 sig 0x000506c9, pf_mask 0x03, 2018-05-11, rev 0x0032, size 16384 sig 0x000506e3, pf_mask 0x36, 2018-04-17, rev 0x00c6, size 99328 sig 0x000706a1, pf_mask 0x01, 2018-05-22, rev 0x0028, size 73728 sig 0x000806e9, pf_mask 0xc0, 2018-03-24, rev 0x008e, size 98304 sig 0x000806ea, pf_mask 0xc0, 2018-05-15, rev 0x0096, size 98304 sig 0x000906e9, pf_mask 0x2a, 2018-03-24, rev 0x008e, size 98304 sig 0x000906ea, pf_mask 0x22, 2018-05-02, rev 0x0096, size 97280 sig 0x000906eb, pf_mask 0x02, 2018-03-24, rev 0x008e, size 98304 - Added back upstream but blacklisted by packaging due to the issues around addressing Intel SA-00030: sig 0x000206c2, pf_mask 0x03, 2018-05-08, rev 0x001f, size 11264 * Remaining changes from Debian: - debian/initramfs.hook: Default to early instead of auto, and install all of the microcode, not just the one matching the current CPU, if MODULES=most is set in the initramfs-tools config intel-microcode (3.20180703.2ubuntu1) cosmic; urgency=low * Merge from Debian unstable (LP: #1783385). Remaining changes: - debian/initramfs.hook: Default to early instead of auto, and install all of the microcode, not just the one matching the current CPU, if MODULES=most is set in the initramfs-tools config intel-microcode (3.20180703.2) unstable; urgency=medium * source: fix badly named symlink that resulted in most microcode updates not being shipped in the binary package. Oops! intel-microcode (3.20180703.1) unstable; urgency=medium * New upstream microcode data file 20180703 (closes: #903018) + Updated Microcodes: sig 0x000206d6, pf_mask 0x6d, 2018-05-08, rev 0x061d, size 18432 sig 0x000206d7, pf_mask 0x6d, 2018-05-08, rev 0x0714, size 19456 sig 0x000306e4, pf_mask 0xed, 2018-04-25, rev 0x042d, size 15360 sig 0x000306e7, pf_mask 0xed, 2018-04-25, rev 0x0714, size 17408 sig 0x000306f2, pf_mask 0x6f, 2018-04-20, rev 0x003d, size 33792 sig 0x000306f4, pf_mask 0x80, 2018-04-20, rev 0x0012, size 17408 sig 0x000406f1, pf_mask 0xef, 2018-04-19, rev 0xb2e, size 28672 sig 0x00050654, pf_mask 0xb7, 2018-05-15, rev 0x24d, size 31744 sig 0x00050665, pf_mask 0x10, 2018-04-20, rev 0xe0a, size 18432 + First batch of fixes for: Intel SA-00115, CVE-2018-3639, CVE-2018-3640 + SSBD support (Spectre-v4 mitigation) and fix Spectre-v3a for: Sandybridge server, Ivy Bridge server, Haswell server, Skylake server, Broadwell server, a few HEDT Core i7/i9 models that are actually gimped server dies. * source: update symlinks to reflect id of the latest release, 20180703 -- Steve Beattie Fri, 24 Aug 2018 11:05:52 -0700 ** Changed in: intel-microcode (Ubuntu Xenial) Status: In Progress => Fix Released ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-3646 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1783385 Title: intel-microcode: update to 20180703 drop To manage notifications about this bug go to:
[Bug 1783385] Re: intel-microcode: update to 20180703 drop
As the 20180807 MCU can currently not be distributed due to licensing issues, this update is even more important as it at least provides the SSBD and L1TF fixes for server CPUs. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1783385 Title: intel-microcode: update to 20180703 drop To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+bug/1783385/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1783385] Re: intel-microcode: update to 20180703 drop
Since the L1TF has been disclosed yesterday, the update has become even more urgent. The MCU also contains the necessary mitigations for SGX as well. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1783385 Title: intel-microcode: update to 20180703 drop To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+bug/1783385/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1783385] Re: intel-microcode: update to 20180703 drop
We have been running this microcode on Xenial in production for the last month on a few hundred SNB, IVB, HSW, BDW and SKL systems without seeing any regression. Seems like Intel has gotten it right this time on the first try. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1783385 Title: intel-microcode: update to 20180703 drop To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+bug/1783385/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1783385] Re: intel-microcode: update to 20180703 drop
Any update on the testing effort? The timeline on a release? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1783385 Title: intel-microcode: update to 20180703 drop To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+bug/1783385/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1783385] Re: intel-microcode: update to 20180703 drop
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-3640 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-3639 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1783385 Title: intel-microcode: update to 20180703 drop To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+bug/1783385/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1783385] Re: intel-microcode: update to 20180703 drop
This was fixed in cosmic in https://launchpad.net/ubuntu/+source/intel- microcode/3.20180703.2ubuntu1 ; pacakge for trusty, xenial, and bionic are available for testing in the ubuntu-security-proposed ppa: https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/ . Please note that packages in this ppa are for testing only and have not been widely tested, and thus should not be used in production. Thanks. ** Changed in: intel-microcode (Ubuntu) Status: New => Fix Released ** Changed in: intel-microcode (Ubuntu Trusty) Status: New => In Progress ** Changed in: intel-microcode (Ubuntu Xenial) Status: New => In Progress ** Changed in: intel-microcode (Ubuntu Bionic) Status: New => In Progress ** Changed in: intel-microcode (Ubuntu Bionic) Assignee: (unassigned) => Steve Beattie (sbeattie) ** Changed in: intel-microcode (Ubuntu Xenial) Assignee: (unassigned) => Steve Beattie (sbeattie) ** Changed in: intel-microcode (Ubuntu Trusty) Assignee: (unassigned) => Steve Beattie (sbeattie) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1783385 Title: intel-microcode: update to 20180703 drop To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+bug/1783385/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
