From: Salvatore Bonaccorso To: debian-security-announce@lists.debian.org Subject: [SECURITY] [DSA 4701-1] intel-microcode security update ------------------------------------------------------------------------- Debian Security Advisory DSA-4701-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso June 11, 2020 https://www.debian.org/security/faq ------------------------------------------------------------------------- Package : intel-microcode CVE ID : CVE-2020-0543 CVE-2020-0548 CVE-2020-0549 This update ships updated CPU microcode for some types of Intel CPUs and provides mitigations for the Special Register Buffer Data Sampling (CVE-2020-0543), Vector Register Sampling (CVE-2020-0548) and L1D Eviction Sampling (CVE-2020-0549) hardware vulnerabilities. The microcode update for HEDT and Xeon CPUs with signature 0x50654 which was reverted in DSA 4565-2 is now included again with a fixed release. The upstream update for Skylake-U/Y (signature 0x406e3) had to be excluded from this update due to reported hangs on boot. For details refer to https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00320.html https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00329.html For the oldstable distribution (stretch), these problems have been fixed in version 3.20200609.2~deb9u1. For the stable distribution (buster), these problems have been fixed in version 3.20200609.2~deb10u1. We recommend that you upgrade your intel-microcode packages. For the detailed security status of intel-microcode please refer to its security tracker page at: https://security-tracker.debian.org/tracker/intel-microcode Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org