Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.4013 microcode_ctl security, bug fix, and enhancement update 12 November 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: microcode_ctl Publisher: Red Hat Operating System: Red Hat Impact/Access: Access Confidential Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2020-8698 CVE-2020-8696 CVE-2020-8695 Reference: ESB-2020.3964 ESB-2020.3959 Original Bulletin: https://access.redhat.com/errata/RHSA-2020:5083 https://access.redhat.com/errata/RHSA-2020:5084 https://access.redhat.com/errata/RHSA-2020:5085 Comment: This bulletin contains three (3) Red Hat security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: microcode_ctl security, bug fix, and enhancement update Advisory ID: RHSA-2020:5083-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:5083 Issue date: 2020-11-11 CVE Names: CVE-2020-8695 CVE-2020-8696 CVE-2020-8698 ===================================================================== 1. Summary: An update for microcode_ctl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: Security Fix(es): * hw: Information disclosure issue in Intel SGX via RAPL interface (CVE-2020-8695) * hw: Vector Register Leakage-Active (CVE-2020-8696) * hw: Fast forward store predictor (CVE-2020-8698) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) and Enhancement(s): * Update Intel CPU microcode to microcode-20201027 release, addresses: - Addition of 06-55-0b/0xbf (CPX-SP A1) microcode at revision 0x700001e; - Addition of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode at revision 0x68; - Addition of 06-a5-02/0x20 (CML-H R1) microcode at revision 0xe0; - Addition of 06-a5-03/0x22 (CML-S 6+2 G1) microcode at revision 0xe0; - Addition of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode at revision 0xe0; - Addition of 06-a6-01/0x80 (CML-U 6+2 v2 K0) microcode at revision 0xe0; - Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode (in intel-06-4e-03/intel-ucode/06-4e-03) from revision 0xdc up to 0xe2; - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006906 up to 0x2006a08; - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode (in intel-06-5e-03/intel-ucode/06-5e-03) from revision 0xdc up to 0xe2; - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up to 0xde; - Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up to 0xde; - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0a) from revision 0xd6 up to 0xe0; - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0b) from revision 0xd6 up to 0xde; - Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0c) from revision 0xd6 up to 0xde; - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-09) from revision 0xd6 up to 0xde; - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0a) from revision 0xd6 up to 0xde; - Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0b) from revision 0xd6 up to 0xde; - Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0c) from revision 0xd6 up to 0xde; - Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0d) from revision 0xd6 up to 0xde; - Update of 06-3f-02/0x6f (HSX-E/EN/EP/EP 4S C0/C1/M1/R2) microcode from revision 0x43 up to 0x44; - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000157 up to 0x1000159; - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x4002f01 up to 0x4003003; - Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision 0x5002f01 up to 0x5003003; - Update of 06-5c-09/0x03 (APL D0) microcode from revision 0x38 up to 0x40; - Update of 06-5c-0a/0x03 (APL B1/F1) microcode from revision 0x16 up to 0x1e; - Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x16 up to 0x18; - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x78 up to 0xa0; - Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xca up to 0xe0. * Add README file to the documentation directory. * Add publicly-sourced codenames list to supply to gen_provides.sh; update the latter to handle the somewhat different format. * Add SUMMARY.intel-ucode file containing metadata information from the microcode file headers. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1828583 - CVE-2020-8695 hw: Information disclosure issue in Intel SGX via RAPL interface 1890355 - CVE-2020-8696 hw: Vector Register Leakage-Active 1890356 - CVE-2020-8698 hw: Fast forward store predictor 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: microcode_ctl-2.1-73.2.el7_9.src.rpm x86_64: microcode_ctl-2.1-73.2.el7_9.x86_64.rpm microcode_ctl-debuginfo-2.1-73.2.el7_9.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: microcode_ctl-2.1-73.2.el7_9.src.rpm x86_64: microcode_ctl-2.1-73.2.el7_9.x86_64.rpm microcode_ctl-debuginfo-2.1-73.2.el7_9.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: microcode_ctl-2.1-73.2.el7_9.src.rpm x86_64: microcode_ctl-2.1-73.2.el7_9.x86_64.rpm microcode_ctl-debuginfo-2.1-73.2.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: microcode_ctl-2.1-73.2.el7_9.src.rpm x86_64: microcode_ctl-2.1-73.2.el7_9.x86_64.rpm microcode_ctl-debuginfo-2.1-73.2.el7_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-8695 https://access.redhat.com/security/cve/CVE-2020-8696 https://access.redhat.com/security/cve/CVE-2020-8698 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX6u5e9zjgjWX9erEAQhS2w//XY9dsHxAskbXzXCnV/QpdwvKL1glZTKc D65UhdvhV73GetVID08E/nSw7hf93dSHmUJPvcyT4qoM+XbWtF11ocO5sS/qM+eH 1IKrC6aLYWCg3xAL0NVF5RCRciEjpHVFHfEQ1HvK5a3OC6e8yNc3lVlspXCFV8Dy PSMMarLgv8iDg86jvXYubosvZ+N1NTm7B7ufpoGkb502thhYxc/auU4wiZZp8iyF iFnC3zGsdhJ9Z8XSKIWZ7e1p2hVlaXuk47SaKOd/2Vw3LTXmKyLWDjoGr4+PRneC rTz/K/cuMkTGfq9FECUCq+2ftMnJkuJkagj5FCrdYUjeBM7G4H7DxvG2BXICYqJ3 U8Al+RC2AXcKajTk9kwkgmKeZmkSUmahv3y6O2bxPOshEzHJb6nbzjZYut51QgMR zL0z2SJyhQccTBsb7JFUhMz1YZnliP4rR0lrhSgt6tL5pdWDz53CQjzbgR2lY7Xf yHfI/9p0d4lyqNreGz6KlsRa/Y73ijj6TCFTpuPqORAAmkQxbvoAEIicxWaFWBIr hAIyyk+D2XqcQ3rkaAeWVu8zkiW/zMVNR77MuRh5JtAL5XsJhPdfUwbtq8o/RL8u qnb7vPoVSdtapN14KZciKwzQPUwcXGnCH7XasjFOArKO0wZojCOf3cOOk3dX1QnW N94XaKae/xE= =65kD - -----END PGP SIGNATURE----- - -------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: microcode_ctl security, bug fix, and enhancement update Advisory ID: RHSA-2020:5084-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:5084 Issue date: 2020-11-11 CVE Names: CVE-2020-8696 CVE-2020-8698 ===================================================================== 1. Summary: An update for microcode_ctl is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Security Fix(es): * hw: Vector Register Leakage-Active (CVE-2020-8696) * hw: Fast forward store predictor (CVE-2020-8698) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) and Enhancement(s): * Update Intel CPU microcode to microcode-20201027 release, addresses: - Addition of 06-55-0b/0xbf (CPX-SP A1) microcode at revision 0x700001e; - Addition of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode at revision 0x68; - Addition of 06-a5-02/0x20 (CML-H R1) microcode at revision 0xe0; - Addition of 06-a5-03/0x22 (CML-S 6+2 G1) microcode at revision 0xe0; - Addition of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode at revision 0xe0; - Addition of 06-a6-01/0x80 (CML-U 6+2 v2 K0) microcode at revision 0xe0; - Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode (in intel-06-4e-03/intel-ucode/06-4e-03) from revision 0xdc up to 0xe2; - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006906 up to 0x2006a08; - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode (in intel-06-5e-03/intel-ucode/06-5e-03) from revision 0xdc up to 0xe2; - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up to 0xde; - Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up to 0xde; - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0a) from revision 0xd6 up to 0xe0; - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0b) from revision 0xd6 up to 0xde; - Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0c) from revision 0xd6 up to 0xde; - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-09) from revision 0xd6 up to 0xde; - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0a) from revision 0xd6 up to 0xde; - Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0b) from revision 0xd6 up to 0xde; - Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0c) from revision 0xd6 up to 0xde; - Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0d) from revision 0xd6 up to 0xde; - Update of 06-3f-02/0x6f (HSX-E/EN/EP/EP 4S C0/C1/M1/R2) microcode from revision 0x43 up to 0x44; - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000157 up to 0x1000159; - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x4002f01 up to 0x4003003; - Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision 0x5002f01 up to 0x5003003; - Update of 06-5c-09/0x03 (APL D0) microcode from revision 0x38 up to 0x40; - Update of 06-5c-0a/0x03 (APL B1/F1) microcode from revision 0x16 up to 0x1e; - Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x16 up to 0x18; - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x78 up to 0xa0; - Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xca up to 0xe0. * Add README file to the documentation directory. * Add publicly-sourced codenames list to supply to gen_provides.sh; update the latter to handle the somewhat different format. * Add SUMMARY.intel-ucode file containing metadata information from the microcode file headers. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1890355 - CVE-2020-8696 hw: Vector Register Leakage-Active 1890356 - CVE-2020-8698 hw: Fast forward store predictor 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: microcode_ctl-1.17-33.31.el6_10.src.rpm i386: microcode_ctl-1.17-33.31.el6_10.i686.rpm microcode_ctl-debuginfo-1.17-33.31.el6_10.i686.rpm x86_64: microcode_ctl-1.17-33.31.el6_10.x86_64.rpm microcode_ctl-debuginfo-1.17-33.31.el6_10.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: microcode_ctl-1.17-33.31.el6_10.src.rpm x86_64: microcode_ctl-1.17-33.31.el6_10.x86_64.rpm microcode_ctl-debuginfo-1.17-33.31.el6_10.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: microcode_ctl-1.17-33.31.el6_10.src.rpm i386: microcode_ctl-1.17-33.31.el6_10.i686.rpm microcode_ctl-debuginfo-1.17-33.31.el6_10.i686.rpm x86_64: microcode_ctl-1.17-33.31.el6_10.x86_64.rpm microcode_ctl-debuginfo-1.17-33.31.el6_10.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: microcode_ctl-1.17-33.31.el6_10.src.rpm i386: microcode_ctl-1.17-33.31.el6_10.i686.rpm microcode_ctl-debuginfo-1.17-33.31.el6_10.i686.rpm x86_64: microcode_ctl-1.17-33.31.el6_10.x86_64.rpm microcode_ctl-debuginfo-1.17-33.31.el6_10.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-8696 https://access.redhat.com/security/cve/CVE-2020-8698 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX6u2b9zjgjWX9erEAQhZfw/+IDGKZlA69hUC7R0gs7Dz/vAVYSsdlVqc qZrgun56CqyDhBo7WEKxyepOPJN16rg6IDOacgNX1KNAhO/pHZ+evg2LzC/5hS0U uogKdGxKXo36Kh1fLkobVrXJbIvFKl/d7FfxIYjlQQmRuosOagB5UcDlq8KJNx70 C677nWnQsgf5vMHcW57CYBoz+db8+/7kpCMJJy7WNg+TvBivqtNWNK4DSiQK1EE6 1Y7FjXHRe87TCiXl7XOsfvms0wjqO/xl8nv6kNJK693K1/vSP+uhGBvBmVfmbkTR drzAmCh1or2yU5R7BSbVkeayIaCTy3qfwNGjl7PQjXUSoobPTe8j2VzfihLKJIu0 VAzLMUcanX4vRZ8xAkoh6tg0Dvgh7xruwKVICI21GLH0FhueGWBbgYvRSXBsP5/s /qhrpG6C+p+smH+f6JphUzSdNUQQZvBFDvMuH3/rIys7EDtcfFmApV8htQ+PyCN5 XH8JtTIukOHcIXjD9gy4zXZzCcBTdR0dU7/kKnTHz4kjAh7x5Npql0kcQcQ6GqKV o4j7H5E3IGEjLf38NZwRtDXp1665bUIiP/xqbjyliEGPElt0EZu1cv8qQdAXW6P9 ECdyTn/hLJuO6Znq/O92pa/Kfijz3urlU0cWM7sYfAMjY+K9kJxXfzyt0eIK2ebY Ooj5sQjxcBo= =PGx2 - -----END PGP SIGNATURE----- - -------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: microcode_ctl security, bug fix and enhancement update Advisory ID: RHSA-2020:5085-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:5085 Issue date: 2020-11-11 CVE Names: CVE-2020-8695 CVE-2020-8696 CVE-2020-8698 ===================================================================== 1. Summary: An update for microcode_ctl is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux BaseOS (v. 8) - x86_64 3. Description: Security Fix(es): * hw: Information disclosure issue in Intel SGX via RAPL interface (CVE-2020-8695) * hw: Vector Register Leakage-Active (CVE-2020-8696) * hw: Fast forward store predictor (CVE-2020-8698) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) and Enhancement(s): * Update Intel CPU microcode to microcode-20201027 release, addresses: - Addition of 06-55-0b/0xbf (CPX-SP A1) microcode at revision 0x700001e; - Addition of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode at revision 0x68; - Addition of 06-a5-02/0x20 (CML-H R1) microcode at revision 0xe0; - Addition of 06-a5-03/0x22 (CML-S 6+2 G1) microcode at revision 0xe0; - Addition of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode at revision 0xe0; - Addition of 06-a6-01/0x80 (CML-U 6+2 v2 K0) microcode at revision 0xe0; - Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode (in intel-06-4e-03/intel-ucode/06-4e-03) from revision 0xdc up to 0xe2; - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006906 up to 0x2006a08; - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode (in intel-06-5e-03/intel-ucode/06-5e-03) from revision 0xdc up to 0xe2; - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up to 0xde; - Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up to 0xde; - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0a) from revision 0xd6 up to 0xe0; - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0b) from revision 0xd6 up to 0xde; - Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0c) from revision 0xd6 up to 0xde; - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-09) from revision 0xd6 up to 0xde; - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0a) from revision 0xd6 up to 0xde; - Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0b) from revision 0xd6 up to 0xde; - Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0c) from revision 0xd6 up to 0xde; - Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0d) from revision 0xd6 up to 0xde; - Update of 06-3f-02/0x6f (HSX-E/EN/EP/EP 4S C0/C1/M1/R2) microcode from revision 0x43 up to 0x44; - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000157 up to 0x1000159; - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x4002f01 up to 0x4003003; - Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision 0x5002f01 up to 0x5003003; - Update of 06-5c-09/0x03 (APL D0) microcode from revision 0x38 up to 0x40; - Update of 06-5c-0a/0x03 (APL B1/F1) microcode from revision 0x16 up to 0x1e; - Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x16 up to 0x18; - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x78 up to 0xa0; - Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xca up to 0xe0. * Add README file to the documentation directory. * Add publicly-sourced codenames list to supply to gen_provides.sh; update the latter to handle the somewhat different format. * Add SUMMARY.intel-ucode file containing metadata information from the microcode file headers. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1828583 - CVE-2020-8695 hw: Information disclosure issue in Intel SGX via RAPL interface 1890355 - CVE-2020-8696 hw: Vector Register Leakage-Active 1890356 - CVE-2020-8698 hw: Fast forward store predictor 6. Package List: Red Hat Enterprise Linux BaseOS (v. 8): Source: microcode_ctl-20200609-2.20201027.1.el8_3.src.rpm x86_64: microcode_ctl-20200609-2.20201027.1.el8_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-8695 https://access.redhat.com/security/cve/CVE-2020-8696 https://access.redhat.com/security/cve/CVE-2020-8698 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX6uzYtzjgjWX9erEAQjrYRAAoYb5l5Ux9dSqnIuFcZt3XULhm04Ulecy 4zzqk+Tt1Z51KqH9gx6JF/soWtNHASn+r06JgCOXBuFu0UxDHO8vvB4n5mxHFfBG GGRc4WRBxvVF7UJ953/PXjvLOMSRorQKJy1GSiI5in7obUOaZ5BjC5J0N7eaufgy /C0vm8Ws+DqxyDMlmQZHsH+Se8pezmT9ap2RJQd4LBBXZ1dkdbphENukX0t+VQT7 d5FjU0Z3H1mUyqLukeNun057ktkgU378TNKN7Zuwi6bWLTckjfJ6Z1qfru5K6zYX Kczjxxnq+/M3ZA80jAzhFewzOvFGEObouhA9K1tbrhVLvwA8tS3Yl2YmlVyN7pf/ N3mP1BC1oW1G4NZvnJcmp9Aq9GsMc1SI2UZK9TAoRBtRyh8+xkKBMs9lm3pHLpbd M7Tht/VEA8QR/JekkjTKnZY1oc+NWhckpR9j5RaZPoqEQ1/6H0SZotKeQlmdM8fy dCmaWN+jdTU3pfKyGXhtZSpo56Zm//r7vvV8HNiHLBBxPlBHW9oj5T3vsh7ScV1R bDdUSYT3F6AjBXtUg+B0aUguFI3BKdvRjmDB2W39v/R2enpH2itV8guWZlejf7Vp Vv738SmTAy/P9y5McnYT8b4trZzMHIz2vhGtiz+hBiIPgnnjRcpnDkPo3ObVgX5j hnU5+sOg/5k= =uwzZ - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBX6x/PuNLKJtyKPYoAQgyVBAAq1B1KWRBFdLDJqynAJMfL5pTXW2R5/JI EKDURPjCF+z8ZmmIyRltzaeaxQPCkfPAm4A+feBCdFjEoFIKjI37FxHiDj4pWxt7 R/NSM4l++zA0x2Tzstv9XfaCYDaC09IzK/Qyq9gKmxrCzewkSAlFOtPIOiyjiuSM I7a/BAX0rIWfjdZuxiTkQqYMgj7/UJVIKrzQfkrNNHQ++8KbMI8ewysEpnPlVgcR g3fmFmsl3zCpSybDiEkg2GlFgLXKBWArFq9luFSObWYrBJ4qcXcR3gmMW7g4BfHO FgfTwssu8iLTV4qPQQjf3ZmTyhVt9bn4aL8D+CbFn0tAcr1JVuhu9Mw3S8jDAGGi qqJasDgzb3reWy6iqpC+zKIU/IOl28NPawhCxuZ7TvsSORO5bg7xl/PEefyp3JJ4 elmhbC+EKLJvxhfGn20C9Vno1P1ZfwMBtRMvlC3zCTBbwtue3D5eQy432UnToeED cjJt7MEHoaEqZTtEDIt+I7TBrEK3oTlZBwiVy4VL7pSlYmzrn9OolIRuoaOOack4 CpLSWrUB1d7pGcwkLKOtFF34vTzz719ogccL5StmGCvR0Mw7rWhGe7QCut/WfwGy 7hjLiXExH+yMRX6oV2GsPOpv2in3Pn1zLm4AzewRomZved6TOVbcFmkRT72qSBJ2 quhlOYoA2fQ= =fKrW -----END PGP SIGNATURE-----