Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.1754 [DLA 1789-1] intel-microcode security update 16 May 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: intel-microcode Publisher: Debian Operating System: Debian GNU/Linux 8 Impact/Access: Access Privileged Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2019-11091 CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 Reference: ASB-2019.0138 ESB-2019.1743 ESB-2019.1723 ESB-2019.1708 Original Bulletin: https://lists.debian.org/debian-lts-announce/2019/05/msg00018.html - --------------------------BEGIN INCLUDED TEXT-------------------- Package : intel-microcode Version : 3.20190514.1~deb8u1 CVE ID : CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 Debian Bug : 929007 This update ships updated CPU microcode for most types of Intel CPUs. It provides microcode support to implement mitigations for the MSBDS, MFBDS, MLPDS and MDSUM hardware vulnerabilities. To fully resolve these vulnerabilities it is also necessary to update the Linux kernel packages. Please refer to DLA-1787-1 for the Linux kernel updates required to mitigate these hardware vulnerabilities on Intel processors. For Debian 8 "Jessie", these problems have been fixed in version 3.20190514.1~deb8u1 of the intel-microcode package, and also by the Linux kernel package updates described in DLA-1787-1. We recommend that you upgrade your intel-microcode packages, and Linux kernel packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS For the detailed security status of intel-microcode please refer to its security tracker page at: https://security-tracker.debian.org/tracker/intel-microcode - --=20 Henrique Holschuh - --6g7vk5hrraolrs56 Content-Type: application/pgp-signature; name="signature.asc" - -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEMr8sdJFqJgkTTH+qsZwaZk2P+bEFAlzc038ACgkQsZwaZk2P +bHBtg//XUqPJAYeQmTdfEPNCkMrMXtmR7/XcHkOt9HoJqd5+78jiVeVP8BXhi2I jtngkJhaWJ6YYzavfi8JhrhJTuhCAGvr07DtJbT70rHpgJDDyATwvQqw5lDq+Wvv TJOeSSxlB4sJCDRrhBPLeWaAestirtCw/yCQvR3Dji0bnHqA+MHMWdKwd5TouIK5 0zAcnkKvPOmMWOTYocIv5xUX4rhEScAhQ05gcEBoSPwnG4lVQV4xugtV7SAVtqC2 lq1gbyFD6pleeWv9lx1I0jjgMU+TGcRGNCS6tzUeHu7L29MjJPeITrZ3jSaQs9R4 /BGkVLHe8JLX+XbBqMpzXSd181A5P98HLCnRJBteDOvh8zlnfso0BFbvmnpUZEEN fXM6+B4kwRomfzsgq2rhsT8q5xs+le4rn6eRYXjx4Gt0mbNI1oxINBGG1aE4yRaz 9kQs070Mclncrm8942rUkNSO32F8RbD+J0L4znexJE3pKSoZW/owOXN9DZS6QKCj yfC12d1q2F9CVq7WkJ/dtHt2OHmhBJrjmETfs9iZlV+L4rgcnuPN0ZLKJHyrOMQf jiNgv6INVRGRcXsDbW6QPKzwYIRS7BiJ5WCeP4UmCPnVgqsCfuD9m3y/ZDYdSiFM fqt2ECnfuBGWPbfAbWP0QicJVf2iWw6OpsfYLu575ctKSN2VVxw= =41s0 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXNz5e2aOgq3Tt24GAQjmsg/+I1Uwn6Fo5l86ZcThI61+uSIqG+qYBZAM igojYoYikcxbnBprswlItZF9qliRwE+Neq2dAIs045uKYWYkdjauLcZhwUpCyx9l Sq1t/gcW2h+hlgUn/6tMQ1mZa9ttcAtWQn/l+9+RP4c2lVeR6gkwzwUUUMkUyrfE XCCR2+tazMuyIW0+f54c+RuEOooytQ5NHeYE1uR9vP/8h499q/dWrTi+IgD6Q30F 4EgJ1cDHd6P5Akk5cmUCMVwQUVdX6pCVixJGDxor1ke949VUZh5RPUnJx06Rm0wO O9pyujd/Kzwb66N/x835UK36eVFbzGXnSJ0Vd6qOUAVPRd4mRnSJIn17RwUWJuIX HE82GqR0tIY4T5ehPXfrVfBjWIst0YnuQylpLPjPhKfCp0Z7LDhh/no9UOmD4eOn gIHkfloZkUQx9Hdd4g1zBomrXAAqpzj1OBIPXK2jhy8Seyt78BN/XV/DAcR8Kgi9 B1s+1X+Wqj97pbfPN4+jluhJKE6x19/rnx+W15yPc9Yjh7/2QOTLfkxru4bEgxle xJLQaOJeza1rtXtOk0QExZ04gmoUeZtvPaxSDGSMt7hJAtXZDk8QOFZexxwl/Ye0 GNkVvE9+OJnBPvv+3q3CurUWCp3+JRNRwxjbcL3LPjCHHhuO59fKb0Ntp2+gla3P Wdle3EnUChw= =nasb -----END PGP SIGNATURE-----