Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2019.1754
[DLA 1789-1] intel-microcode security update
16 May 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: intel-microcode
Publisher: Debian
Operating System: Debian GNU/Linux 8
Impact/Access: Access Privileged Data -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2019-11091 CVE-2018-12130 CVE-2018-12127
CVE-2018-12126
Reference: ASB-2019.0138
ESB-2019.1743
ESB-2019.1723
ESB-2019.1708
Original Bulletin:
https://lists.debian.org/debian-lts-announce/2019/05/msg00018.html
- --------------------------BEGIN INCLUDED TEXT--------------------
Package : intel-microcode
Version : 3.20190514.1~deb8u1
CVE ID : CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091
Debian Bug : 929007
This update ships updated CPU microcode for most types of Intel CPUs. It
provides microcode support to implement mitigations for the MSBDS,
MFBDS, MLPDS and MDSUM hardware vulnerabilities.
To fully resolve these vulnerabilities it is also necessary to update
the Linux kernel packages. Please refer to DLA-1787-1 for the Linux
kernel updates required to mitigate these hardware vulnerabilities on
Intel processors.
For Debian 8 "Jessie", these problems have been fixed in version
3.20190514.1~deb8u1 of the intel-microcode package, and also by the
Linux kernel package updates described in DLA-1787-1.
We recommend that you upgrade your intel-microcode packages, and Linux
kernel packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be found
at: https://wiki.debian.org/LTS
For the detailed security status of intel-microcode please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/intel-microcode
- --=20
Henrique Holschuh
- --6g7vk5hrraolrs56
Content-Type: application/pgp-signature; name="signature.asc"
- -----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEMr8sdJFqJgkTTH+qsZwaZk2P+bEFAlzc038ACgkQsZwaZk2P
+bHBtg//XUqPJAYeQmTdfEPNCkMrMXtmR7/XcHkOt9HoJqd5+78jiVeVP8BXhi2I
jtngkJhaWJ6YYzavfi8JhrhJTuhCAGvr07DtJbT70rHpgJDDyATwvQqw5lDq+Wvv
TJOeSSxlB4sJCDRrhBPLeWaAestirtCw/yCQvR3Dji0bnHqA+MHMWdKwd5TouIK5
0zAcnkKvPOmMWOTYocIv5xUX4rhEScAhQ05gcEBoSPwnG4lVQV4xugtV7SAVtqC2
lq1gbyFD6pleeWv9lx1I0jjgMU+TGcRGNCS6tzUeHu7L29MjJPeITrZ3jSaQs9R4
/BGkVLHe8JLX+XbBqMpzXSd181A5P98HLCnRJBteDOvh8zlnfso0BFbvmnpUZEEN
fXM6+B4kwRomfzsgq2rhsT8q5xs+le4rn6eRYXjx4Gt0mbNI1oxINBGG1aE4yRaz
9kQs070Mclncrm8942rUkNSO32F8RbD+J0L4znexJE3pKSoZW/owOXN9DZS6QKCj
yfC12d1q2F9CVq7WkJ/dtHt2OHmhBJrjmETfs9iZlV+L4rgcnuPN0ZLKJHyrOMQf
jiNgv6INVRGRcXsDbW6QPKzwYIRS7BiJ5WCeP4UmCPnVgqsCfuD9m3y/ZDYdSiFM
fqt2ECnfuBGWPbfAbWP0QicJVf2iWw6OpsfYLu575ctKSN2VVxw=
=41s0
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXNz5e2aOgq3Tt24GAQjmsg/+I1Uwn6Fo5l86ZcThI61+uSIqG+qYBZAM
igojYoYikcxbnBprswlItZF9qliRwE+Neq2dAIs045uKYWYkdjauLcZhwUpCyx9l
Sq1t/gcW2h+hlgUn/6tMQ1mZa9ttcAtWQn/l+9+RP4c2lVeR6gkwzwUUUMkUyrfE
XCCR2+tazMuyIW0+f54c+RuEOooytQ5NHeYE1uR9vP/8h499q/dWrTi+IgD6Q30F
4EgJ1cDHd6P5Akk5cmUCMVwQUVdX6pCVixJGDxor1ke949VUZh5RPUnJx06Rm0wO
O9pyujd/Kzwb66N/x835UK36eVFbzGXnSJ0Vd6qOUAVPRd4mRnSJIn17RwUWJuIX
HE82GqR0tIY4T5ehPXfrVfBjWIst0YnuQylpLPjPhKfCp0Z7LDhh/no9UOmD4eOn
gIHkfloZkUQx9Hdd4g1zBomrXAAqpzj1OBIPXK2jhy8Seyt78BN/XV/DAcR8Kgi9
B1s+1X+Wqj97pbfPN4+jluhJKE6x19/rnx+W15yPc9Yjh7/2QOTLfkxru4bEgxle
xJLQaOJeza1rtXtOk0QExZ04gmoUeZtvPaxSDGSMt7hJAtXZDk8QOFZexxwl/Ye0
GNkVvE9+OJnBPvv+3q3CurUWCp3+JRNRwxjbcL3LPjCHHhuO59fKb0Ntp2+gla3P
Wdle3EnUChw=
=nasb
-----END PGP SIGNATURE-----