[SECURITY] [DSA 4565-1] intel-microcode security update

2019-11-1306:05:34

lists.debian.org

6.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

JSON

Debian Security Advisory DSA-4565-1 [email protected]
https://www.debian.org/security/ Salvatore Bonaccorso
November 13, 2019 https://www.debian.org/security/faq

Package : intel-microcode
CVE ID : CVE-2019-11135 CVE-2019-11139

This update ships updated CPU microcode for some types of Intel CPUs. In
particular it provides mitigations for the TAA (TSX Asynchronous Abort)
vulnerability. For affected CPUs, to fully mitigate the vulnerability it
is also necessary to update the Linux kernel packages as released in DSA
4564-1.

For the oldstable distribution (stretch), these problems have been fixed
in version 3.20191112.1~deb9u1.

For the stable distribution (buster), these problems have been fixed in
version 3.20191112.1~deb10u1.

We recommend that you upgrade your intel-microcode packages.

For the detailed security status of intel-microcode please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/intel-microcode

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian8i386efi-modules-3.16.0-10-686-pae-di< 3.16.76-1efi-modules-3.16.0-10-686-pae-di_3.16.76-1_i386.deb
Debian9mipsjfs-modules-4.9.0-11-octeon-di< 4.9.189-3+deb9u2jfs-modules-4.9.0-11-octeon-di_4.9.189-3+deb9u2_mips.deb
Debian9armellinux-compiler-gcc-6-arm< 4.9.189-3+deb9u2linux-compiler-gcc-6-arm_4.9.189-3+deb9u2_armel.deb
Debian8i386multipath-modules-3.16.0-10-686-pae-di< 3.16.76-1multipath-modules-3.16.0-10-686-pae-di_3.16.76-1_i386.deb
Debian10armellinux-cpupower< 4.19.67-2+deb10u2linux-cpupower_4.19.67-2+deb10u2_armel.deb
Debian10ppc64ellibbpf-dev< 4.19.67-2+deb10u2libbpf-dev_4.19.67-2+deb10u2_ppc64el.deb
Debian8armhfext4-modules-3.16.0-10-armmp-di< 3.16.76-1ext4-modules-3.16.0-10-armmp-di_3.16.76-1_armhf.deb
Debian9mips64elppp-modules-4.9.0-11-5kc-malta-di< 4.9.189-3+deb9u2ppp-modules-4.9.0-11-5kc-malta-di_4.9.189-3+deb9u2_mips64el.deb
Debian8armellinux-perf-4.9< 4.9.189-3+deb9u2~deb8u1linux-perf-4.9_4.9.189-3+deb9u2~deb8u1_armel.deb
Debian8i386ppp-modules-3.16.0-10-686-pae-di< 3.16.76-1ppp-modules-3.16.0-10-686-pae-di_3.16.76-1_i386.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	i386	efi-modules-3.16.0-10-686-pae-di	< 3.16.76-1	efi-modules-3.16.0-10-686-pae-di_3.16.76-1_i386.deb
Debian	9	mips	jfs-modules-4.9.0-11-octeon-di	< 4.9.189-3+deb9u2	jfs-modules-4.9.0-11-octeon-di_4.9.189-3+deb9u2_mips.deb
Debian	9	armel	linux-compiler-gcc-6-arm	< 4.9.189-3+deb9u2	linux-compiler-gcc-6-arm_4.9.189-3+deb9u2_armel.deb
Debian	8	i386	multipath-modules-3.16.0-10-686-pae-di	< 3.16.76-1	multipath-modules-3.16.0-10-686-pae-di_3.16.76-1_i386.deb
Debian	10	armel	linux-cpupower	< 4.19.67-2+deb10u2	linux-cpupower_4.19.67-2+deb10u2_armel.deb
Debian	10	ppc64el	libbpf-dev	< 4.19.67-2+deb10u2	libbpf-dev_4.19.67-2+deb10u2_ppc64el.deb
Debian	8	armhf	ext4-modules-3.16.0-10-armmp-di	< 3.16.76-1	ext4-modules-3.16.0-10-armmp-di_3.16.76-1_armhf.deb
Debian	9	mips64el	ppp-modules-4.9.0-11-5kc-malta-di	< 4.9.189-3+deb9u2	ppp-modules-4.9.0-11-5kc-malta-di_4.9.189-3+deb9u2_mips64el.deb
Debian	8	armel	linux-perf-4.9	< 4.9.189-3+deb9u2~deb8u1	linux-perf-4.9_4.9.189-3+deb9u2~deb8u1_armel.deb
Debian	8	i386	ppp-modules-3.16.0-10-686-pae-di	< 3.16.76-1	ppp-modules-3.16.0-10-686-pae-di_3.16.76-1_i386.deb