Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2019.1743
intel-microcode security update
16 May 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: intel-microcode
Publisher: Debian
Operating System: Debian GNU/Linux 9
Impact/Access: Access Privileged Data -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2019-11091 CVE-2018-12130 CVE-2018-12127
CVE-2018-12126
Reference: ASB-2019.0138
ESB-2019.1723
ESB-2019.1710.2
ESB-2019.1708
ESB-2019.1705
Original Bulletin:
http://www.debian.org/security/2019/dsa-4447
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-4447-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
May 15, 2019 https://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : intel-microcode
CVE ID : CVE-2018-12126 CVE-2018-12127 CVE-2018-12130
CVE-2019-11091
This update ships updated CPU microcode for most types of Intel CPUs. It
provides mitigations for the MSBDS, MFBDS, MLPDS and MDSUM hardware
vulnerabilities.
To fully resolve these vulnerabilities it is also necessary to update
the Linux kernel packages as released in DSA 4444.
For the stable distribution (stretch), these problems have been fixed in
version 3.20190514.1~deb9u1.
We recommend that you upgrade your intel-microcode packages.
For the detailed security status of intel-microcode please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/intel-microcode
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlzb2WsACgkQEMKTtsN8
TjZ+PBAAqVaw+/6ZsLEwj4aPlI0XrDP1MEWLHSFyOpOluNKaHSfCR1MopjdmSykT
91es+HCLISwbpuhPy8a+rPEZnSwnQczuXJITMVnW0Z9noUvTf/BnN/dAdwTa8Ka8
DkhBnvmc5gOkdcG7il+PaI1byZ5/6S+znqhDiN4VSZg3h1LhJMk9h9kUjQS+W6uC
qA4JGdJsqeQShngE8njGetwCaf29+e2OQ3RfuDp+6XgsQln2ZOi7r69Bj5VmH5jB
yYzMMp8n0jMKelzqP9HtniL/P/75foDhQrP95k8gFaeRaLTEIb0NNLP1JpiaVKtn
+c+1yMN6R7JG86AOlNOq/xUHv3pkuP9i2PBEga/956nQZf9g9/5tc6/K0dgHl4Yx
zn1SKQrKdXVqtvYx6boh3cPqoJ99W32GijQHr2N8ezjdmW7SHMGtpnSVO88nDbH4
JVdxVhtY4JCsDJxYIwb6T4p3TSGIzN0T7y5/YqItqObmblLpg8jASWNkrepH3jqY
a9swwMelQTsop5LFTwgYbTznXSEE+AorFTc+hOvScR4ZSr8kPVK/nf/m+h5Zj68B
Lx/nnOQZFYySrNBKMfMLCXmrmMWP3ZavMiiEJL4GbWfNFAEJH4P+2UwsjwyEVW3h
NrRAdm0MqsY86tHBWmDGhNMYjShKm/vG5mMpWg5r3AG3IhG1x/U=
=PWZK
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXNyz4WaOgq3Tt24GAQgUYQ//TvaUXY3JUB1llx2eX8MUZ00gDvqPt1L1
ZeUiT+rb5Isd/14mBDOLXcpqX1H52FiwqP//LkW7hgsKCo2auzAOo64tGhs9fFAC
+8krx9VR3A236KfSHt7ZYvl6gKVse0U0zCNNw1MNR6VasOa7G9Iy8IoC79XcaTf0
b0R45maXU3ZvlbPn5qu3WRhDosGpgj+4SifO7e5P2ag38THeHiYfL+9eWHHBp3JF
Dnlmf2vDFvEQbO95j1JJ8S0q9euBxPyJp+v50Ng7PbmBcp1v8u3SJC79BHWPEIjN
enTGMZd/XckYmZSlIx/2jEl5a70tU6WomtKw8jjzjhTVLJkR1iRLZXlnxjquuxv3
uyT9AS358D6TrqIMhLTskvVyLuQZp1ke3Dyx+UvMDGf07GtR2rBqQCRs+rutYY9P
kGZAakK6+IPSg3Kd88R1+BxdPG5mxy+1sG2UpAGyLS5Y9W1GYqszBLQbYC+cs/H2
98rCnbmOP2c+Egc+AgdJcziN0SUBJOQ0uU1awWLFyWkckwTqx2TrMWIVLHVcIkxr
cKUmVP+Y6xMGnfE8AKn/oLo9yYdPS19TMOKmWyfelOHDhoGuBWijbRyW8s6clRYt
nbZ9BpVxKcWgllQP49RYLT2Cm5FQC+TU9c3mqkA+9mHvScVYTFM+hXAnMLBmvN/S
ivxVPnbwlLM=
=/0/L
-----END PGP SIGNATURE-----