Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.1743 intel-microcode security update 16 May 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: intel-microcode Publisher: Debian Operating System: Debian GNU/Linux 9 Impact/Access: Access Privileged Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2019-11091 CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 Reference: ASB-2019.0138 ESB-2019.1723 ESB-2019.1710.2 ESB-2019.1708 ESB-2019.1705 Original Bulletin: http://www.debian.org/security/2019/dsa-4447 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-4447-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 15, 2019 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : intel-microcode CVE ID : CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 This update ships updated CPU microcode for most types of Intel CPUs. It provides mitigations for the MSBDS, MFBDS, MLPDS and MDSUM hardware vulnerabilities. To fully resolve these vulnerabilities it is also necessary to update the Linux kernel packages as released in DSA 4444. For the stable distribution (stretch), these problems have been fixed in version 3.20190514.1~deb9u1. We recommend that you upgrade your intel-microcode packages. For the detailed security status of intel-microcode please refer to its security tracker page at: https://security-tracker.debian.org/tracker/intel-microcode Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlzb2WsACgkQEMKTtsN8 TjZ+PBAAqVaw+/6ZsLEwj4aPlI0XrDP1MEWLHSFyOpOluNKaHSfCR1MopjdmSykT 91es+HCLISwbpuhPy8a+rPEZnSwnQczuXJITMVnW0Z9noUvTf/BnN/dAdwTa8Ka8 DkhBnvmc5gOkdcG7il+PaI1byZ5/6S+znqhDiN4VSZg3h1LhJMk9h9kUjQS+W6uC qA4JGdJsqeQShngE8njGetwCaf29+e2OQ3RfuDp+6XgsQln2ZOi7r69Bj5VmH5jB yYzMMp8n0jMKelzqP9HtniL/P/75foDhQrP95k8gFaeRaLTEIb0NNLP1JpiaVKtn +c+1yMN6R7JG86AOlNOq/xUHv3pkuP9i2PBEga/956nQZf9g9/5tc6/K0dgHl4Yx zn1SKQrKdXVqtvYx6boh3cPqoJ99W32GijQHr2N8ezjdmW7SHMGtpnSVO88nDbH4 JVdxVhtY4JCsDJxYIwb6T4p3TSGIzN0T7y5/YqItqObmblLpg8jASWNkrepH3jqY a9swwMelQTsop5LFTwgYbTznXSEE+AorFTc+hOvScR4ZSr8kPVK/nf/m+h5Zj68B Lx/nnOQZFYySrNBKMfMLCXmrmMWP3ZavMiiEJL4GbWfNFAEJH4P+2UwsjwyEVW3h NrRAdm0MqsY86tHBWmDGhNMYjShKm/vG5mMpWg5r3AG3IhG1x/U= =PWZK - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXNyz4WaOgq3Tt24GAQgUYQ//TvaUXY3JUB1llx2eX8MUZ00gDvqPt1L1 ZeUiT+rb5Isd/14mBDOLXcpqX1H52FiwqP//LkW7hgsKCo2auzAOo64tGhs9fFAC +8krx9VR3A236KfSHt7ZYvl6gKVse0U0zCNNw1MNR6VasOa7G9Iy8IoC79XcaTf0 b0R45maXU3ZvlbPn5qu3WRhDosGpgj+4SifO7e5P2ag38THeHiYfL+9eWHHBp3JF Dnlmf2vDFvEQbO95j1JJ8S0q9euBxPyJp+v50Ng7PbmBcp1v8u3SJC79BHWPEIjN enTGMZd/XckYmZSlIx/2jEl5a70tU6WomtKw8jjzjhTVLJkR1iRLZXlnxjquuxv3 uyT9AS358D6TrqIMhLTskvVyLuQZp1ke3Dyx+UvMDGf07GtR2rBqQCRs+rutYY9P kGZAakK6+IPSg3Kd88R1+BxdPG5mxy+1sG2UpAGyLS5Y9W1GYqszBLQbYC+cs/H2 98rCnbmOP2c+Egc+AgdJcziN0SUBJOQ0uU1awWLFyWkckwTqx2TrMWIVLHVcIkxr cKUmVP+Y6xMGnfE8AKn/oLo9yYdPS19TMOKmWyfelOHDhoGuBWijbRyW8s6clRYt nbZ9BpVxKcWgllQP49RYLT2Cm5FQC+TU9c3mqkA+9mHvScVYTFM+hXAnMLBmvN/S ivxVPnbwlLM= =/0/L -----END PGP SIGNATURE-----