Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.2537 intel-microcode security update 27 July 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: intel-microcode Publisher: Debian Operating System: Debian GNU/Linux Impact/Access: Increased Privileges -- Existing Account Access Confidential Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2020-24513 CVE-2020-24512 CVE-2020-24511 CVE-2020-24489 Reference: ESB-2021.2258 ESB-2021.2243 Original Bulletin: https://lists.debian.org/debian-lts-announce/2021/07/msg00022.html - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - - ----------------------------------------------------------------------- Debian LTS Advisory DLA-2718-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Utkarsh Gupta July 23, 2021 https://wiki.debian.org/LTS - - ----------------------------------------------------------------------- Package : intel-microcode Version : 3.20210608.2~deb9u2 CVE ID : CVE-2020-24489 CVE-2020-24511 CVE-2020-24512 CVE-2020-24513 This update ships updated CPU microcode for some types of Intel CPUs and provides mitigations for security vulnerabilities which could result in privilege escalation in combination with VT-d and various side channel attacks. For Debian 9 stretch, these problems have been fixed in version 3.20210608.2~deb9u2. Please note that one of the processors is not receiving this update and so the users of 0x906ea processors that don't have Intel Wireless on-board can use the package from the buster-security, instead. We recommend that you upgrade your intel-microcode packages. For the detailed security status of intel-microcode please refer to its security tracker page at: https://security-tracker.debian.org/tracker/intel-microcode Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmD+bJIACgkQgj6WdgbD S5ZCuA/+OIKeQYxCKSf7o0oxCUZC1/BiKlVggJhX4zOsW4tGLjlKEb9B9yDXD7uS zRg8LFuS5OdVHgZ5wR4f9HsV0AsWi0moM1J+QZZkwh2Oaf7KoRxbXLZl407F3tVl yJY89Q95RjM30E2YDgoHBnOnOkknebMI2/1bYC4YLOnQNzFCh/GCvwyOX2YdZ0Rg kP3t6/2chcyaBFRYKMjRSiJVrFp03N+xmvoLtsAEhIaomwBXGBTCqLrcFAnB7av6 vYNQzi4OTBdCKg5g9c5yxCtIAaty2d7pqkRIUHU8Wn3bpv6FkdTudpEAp3XADKSB ZhZSFo3V9LLVdD089GYrhQapl6Z74cCoJMar5unE9wuybVSxycvn6CAfU+lwlfqA fjBgh9/+Ue/fyqHAYDBdJA0uIwBN3Bnh/P9ISCdfzobG4MYuW+GFqFHgClqQ5WGN zDMM/dkSkqQvVrQ5AJdrt//WVmnO1qbEn6Gyc0wdlu/kpE72jKdA1fbLlgU6oRvE qDzc7wPfMtou042TkOk6ztFwRaF3Rul7ayBekCUvyDCI2us6EXaQcEyOu0z6C3hi gjQVMYWh0TMv4A2UgO4ST+Fz6y3c+uWLRUuQsQ9bx9I2SvaVfeAnBx8COxizty/8 DOeo90dGTywRiLtdBQC14v8FXcSvSy7VsQU8JJjhGWfJWyIsKzk= =ilUe - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYP9d9uNLKJtyKPYoAQjxow//WuE6/pA6M51LqiO/4WjfAAJprbi58YGi 8Xco0d9RzC2BdFPoLTFM2k/fIO/4opM6yMM7sIWI8M+c13M8hPzhMdcvIiMsiHWY yEIkafeBIgpyJ10OngF1guFXYJ6ZKNCzXmKLkRyRWjZiWufq6tAsQbeZ+6RprxYh 3hoKVfwfk/hVjp5rqD6r3n99e41Jia+jspourqwptk1IS6ckKKBUtOY+Ccxk/SWQ 4jk6nvcCZDpkQpqgiQxcuDP2WlqlL+hPYHbXN9w3QrQSZgyXa8+LuAOaqWG3W/N5 SpR26p9FjTBJxY6Wd8xUedrPOewF4HZMBHKB7run8g2dwdYtTvwFCs8nFw81cBQE HmTbRklTiaflmjNa/SkjVgZEZUhOhG3x0jdkKzSLI/3fGZOQCMpYEHk9bGKZ0SYa oWeI8T5pWxs9AKz+2xGrHLCJ3AKRJ7uxWZwi/4HsUH69f9/MWGE73N++2Z4IhPnh 2CcU9X4u17wHzE4RC0KcJ3nKMV0CgXCbaSZMA77msibqT5Tekde0sfXf3aqsD85t Yl5I09LgXkoKXJ1W3PyF+79FSiiGf3Ro6ZnUz3Gz4BmfynSNtnjfrXYPSXiS06hX uzadXYw31JU/y9WccywxnF0Qg1VOtrAHt+45168wHMXGijQNp+qYMNsYA4F4MLbb nnRHS6OJB0Q= =Nrc2 -----END PGP SIGNATURE-----