[Git][security-tracker-team/security-tracker][master] Updates for intel-microcode
Moritz Muehlenhoff
jmm at debian.org
Sun Aug 19 22:34:38 BST 2018
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
169ec7cd by Moritz Muehlenhoff at 2018-08-19T21:34:08Z
Updates for intel-microcode
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -31838,11 +31838,14 @@ CVE-2018-3646 (Systems with microprocessors utilizing speculative execution and
{DSA-4274-1}
- linux 4.17.15-1
- xen <unfixed>
- - intel-microcode <unfixed>
+ - intel-microcode 3.20180703.1
NOTE: https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault
NOTE: https://foreshadowattack.eu/
NOTE: https://git.kernel.org/linus/958f338e96f874a0d29442396d6adf9c1e17aa2d
NOTE: https://xenbits.xen.org/xsa/advisory-273.html
+ NOTE: Updates were already shipped with 20180703 release, but only disclosed later, see #906158
+ NOTE: The fixed version for intel-microcode designates the first batch of updates which targeted most server CPUs,
+ NOTE: later followup releases (for some desktop class CPUs) will be commented separately
CVE-2018-3645 (Escalation of privilege in all versions of the Intel Remote Keyboard ...)
NOT-FOR-US: Intel
CVE-2018-3644
@@ -31859,6 +31862,8 @@ CVE-2018-3640 (Systems with microprocessors utilizing speculative execution and
NOTE: https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability
NOTE: No software mitigations planned to be implemented in src:linux
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html
+ NOTE: The fixed version designates the first batch of updates which targeted most server CPUs,
+ NOTE: later followup releases (for some desktop class CPUs) will be commented separately
CVE-2018-3639 (Systems with microprocessors utilizing speculative execution and ...)
{DSA-4273-1 DSA-4210-1 DLA-1446-1 DLA-1423-1}
- intel-microcode 3.20180703.1
@@ -31869,6 +31874,8 @@ CVE-2018-3639 (Systems with microprocessors utilizing speculative execution and
NOTE: https://xenbits.xen.org/xsa/advisory-263.html
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1528
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html
+ NOTE: The fixed version for intel-microcode designates the first batch of updates which targeted most server CPUs,
+ NOTE: later followup releases (for some desktop class CPUs) will be commented separately
CVE-2018-3638 (Escalation of privilege in all versions of the Intel Remote Keyboard ...)
NOT-FOR-US: Intel
CVE-2018-3637
@@ -31909,11 +31916,14 @@ CVE-2018-3620 (Systems with microprocessors utilizing speculative execution and
{DSA-4274-1}
- linux 4.17.15-1
- xen <unfixed>
- - intel-microcode <unfixed>
+ - intel-microcode 3.20180703.1
+ NOTE: Updates were already shipped with 20180703 release, but only disclosed later, see #906158
NOTE: https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault
NOTE: https://foreshadowattack.eu/
NOTE: https://git.kernel.org/linus/958f338e96f874a0d29442396d6adf9c1e17aa2d
NOTE: https://xenbits.xen.org/xsa/advisory-273.html
+ NOTE: The fixed version for intel-microcode designates the first batch of updates which targeted most server CPUs,
+ NOTE: later followup releases (for some desktop class CPUs) will be commented separately
CVE-2018-3619 (Information disclosure vulnerability in storage media in systems with ...)
NOT-FOR-US: Intel
CVE-2018-3618
@@ -31923,9 +31933,11 @@ CVE-2018-3617
CVE-2018-3616
RESERVED
CVE-2018-3615 (Systems with microprocessors utilizing speculative execution and Intel ...)
- - intel-microcode <unfixed>
+ - intel-microcode 3.20180703.1
NOTE: https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault
NOTE: https://foreshadowattack.eu/
+ NOTE: The fixed version designates the first batch of updates which targeted most server CPUs,
+ NOTE: later followup releases (for some desktop class CPUs) will be commented separately
CVE-2018-3614
RESERVED
CVE-2018-3613
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/169ec7cd11b6105e557ec84918f7e83b90737e41
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/169ec7cd11b6105e557ec84918f7e83b90737e41
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180819/f7c5c8de/attachment.html>
More information about the debian-security-tracker-commits
mailing list