Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Please unblock package intel-microcode This is an update that adds the MDS mitigations for Sandybridge server and HEDT (Core-X). Other than those two updated microcode files, there are just changes to text files. It has been the subject of a security update (DSA 4447-2, and soon DLA 1789-2), please refer to https://security-tracker.debian.org/tracker/CVE-2019-11091 for details. diff attached (with the microcode blob changes removed for clarity). diffstat (git, ignores rename of symlink): changelog | 7 +++ debian/changelog | 106 +++++++++++++++++++++++++++++---------------------- intel-ucode/06-2d-06 |binary intel-ucode/06-2d-07 |binary releasenote | 46 ++-------------------- 5 files changed, 74 insertions(+), 85 deletions(-) unblock intel-microcode/3.20190618.1 Thank you -- Henrique Holschuh
diff --git a/changelog b/changelog index b6f59a6..f3579cf 100644 --- a/changelog +++ b/changelog @@ -1,3 +1,10 @@ +2019-06-18: + * Implements MDS mitigation (RIDL, Fallout, Zombieload), INTEL-SA-00223 + CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 + * Updated Microcodes: + sig 0x000206d6, pf_mask 0x6d, 2019-05-21, rev 0x061f, size 18432 + sig 0x000206d7, pf_mask 0x6d, 2019-05-21, rev 0x0718, size 19456 + 2019-05-14: * Implements MDS mitigation (RIDL, Fallout, Zombieload), INTEL-SA-00223 CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 diff --git a/debian/changelog b/debian/changelog index f7c67ce..ac6bfe1 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,50 +1,68 @@ +intel-microcode (3.20190618.1) unstable; urgency=medium + + * New upstream microcode datafile 20190618 + + SECURITY UPDATE + Implements MDS mitigation (RIDL, Fallout, Zombieload), INTEL-SA-00223 + CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 + for Sandybridge server and Core-X processors + + Updated Microcodes: + sig 0x000206d6, pf_mask 0x6d, 2019-05-21, rev 0x061f, size 18432 + sig 0x000206d7, pf_mask 0x6d, 2019-05-21, rev 0x0718, size 19456 + * Add some missing (minor) changelog entries to 3.20190514.1 + * Reformat 3.20190514.1 changelog entry to match rest of changelog + + -- Henrique de Moraes Holschuh <h...@debian.org> Wed, 19 Jun 2019 09:05:54 -0300 + intel-microcode (3.20190514.1) unstable; urgency=high * New upstream microcode datafile 20190514 - * SECURITY UPDATE - Implements MDS mitigation (RIDL, Fallout, Zombieload), INTEL-SA-00223 - CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 - * New Microcodes: - sig 0x00030678, pf_mask 0x02, 2019-04-22, rev 0x0838, size 52224 - sig 0x00030678, pf_mask 0x0c, 2019-04-22, rev 0x0838, size 52224 - sig 0x00030679, pf_mask 0x0f, 2019-04-23, rev 0x090c, size 52224 - sig 0x000406c3, pf_mask 0x01, 2019-04-23, rev 0x0368, size 69632 - sig 0x000406c4, pf_mask 0x01, 2019-04-23, rev 0x0411, size 68608 - sig 0x00050657, pf_mask 0xbf, 2019-02-27, rev 0x5000021, size 47104 - * Updated Microcodes: - sig 0x000206a7, pf_mask 0x12, 2019-02-17, rev 0x002f, size 12288 - sig 0x000306a9, pf_mask 0x12, 2019-02-13, rev 0x0021, size 14336 - sig 0x000306c3, pf_mask 0x32, 2019-02-26, rev 0x0027, size 23552 - sig 0x000306d4, pf_mask 0xc0, 2019-03-07, rev 0x002d, size 19456 - sig 0x000306e4, pf_mask 0xed, 2019-03-14, rev 0x042e, size 16384 - sig 0x000306e7, pf_mask 0xed, 2019-03-14, rev 0x0715, size 17408 - sig 0x000306f2, pf_mask 0x6f, 2019-03-01, rev 0x0043, size 34816 - sig 0x000306f4, pf_mask 0x80, 2019-03-01, rev 0x0014, size 18432 - sig 0x00040651, pf_mask 0x72, 2019-02-26, rev 0x0025, size 21504 - sig 0x00040661, pf_mask 0x32, 2019-02-26, rev 0x001b, size 25600 - sig 0x00040671, pf_mask 0x22, 2019-03-07, rev 0x0020, size 14336 - sig 0x000406e3, pf_mask 0xc0, 2019-04-01, rev 0x00cc, size 100352 - sig 0x000406f1, pf_mask 0xef, 2019-03-02, rev 0xb000036, size 30720 - sig 0x00050654, pf_mask 0xb7, 2019-04-02, rev 0x200005e, size 32768 - sig 0x00050662, pf_mask 0x10, 2019-03-23, rev 0x001a, size 32768 - sig 0x00050663, pf_mask 0x10, 2019-03-23, rev 0x7000017, size 24576 - sig 0x00050664, pf_mask 0x10, 2019-03-23, rev 0xf000015, size 23552 - sig 0x00050665, pf_mask 0x10, 2019-03-23, rev 0xe00000d, size 19456 - sig 0x000506c9, pf_mask 0x03, 2019-01-15, rev 0x0038, size 17408 - sig 0x000506ca, pf_mask 0x03, 2019-03-01, rev 0x0016, size 15360 - sig 0x000506e3, pf_mask 0x36, 2019-04-01, rev 0x00cc, size 100352 - sig 0x000506f1, pf_mask 0x01, 2019-03-21, rev 0x002e, size 11264 - sig 0x000706a1, pf_mask 0x01, 2019-01-02, rev 0x002e, size 73728 - sig 0x000806e9, pf_mask 0x10, 2019-04-01, rev 0x00b4, size 98304 - sig 0x000806e9, pf_mask 0xc0, 2019-04-01, rev 0x00b4, size 99328 - sig 0x000806ea, pf_mask 0xc0, 2019-04-01, rev 0x00b4, size 99328 - sig 0x000806eb, pf_mask 0xd0, 2019-03-30, rev 0x00b8, size 98304 - sig 0x000806ec, pf_mask 0x94, 2019-03-30, rev 0x00b8, size 97280 - sig 0x000906e9, pf_mask 0x2a, 2019-04-01, rev 0x00b4, size 99328 - sig 0x000906ea, pf_mask 0x22, 2019-04-01, rev 0x00b4, size 98304 - sig 0x000906eb, pf_mask 0x02, 2019-04-01, rev 0x00b4, size 99328 - sig 0x000906ec, pf_mask 0x22, 2019-02-14, rev 0x00ae, size 98304 - sig 0x000906ed, pf_mask 0x22, 2019-03-17, rev 0x00b8, size 97280 + + SECURITY UPDATE + Implements MDS mitigation (RIDL, Fallout, Zombieload), INTEL-SA-00223 + CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 + + New Microcodes: + sig 0x00030678, pf_mask 0x02, 2019-04-22, rev 0x0838, size 52224 + sig 0x00030678, pf_mask 0x0c, 2019-04-22, rev 0x0838, size 52224 + sig 0x00030679, pf_mask 0x0f, 2019-04-23, rev 0x090c, size 52224 + sig 0x000406c3, pf_mask 0x01, 2019-04-23, rev 0x0368, size 69632 + sig 0x000406c4, pf_mask 0x01, 2019-04-23, rev 0x0411, size 68608 + sig 0x00050657, pf_mask 0xbf, 2019-02-27, rev 0x5000021, size 47104 + + Updated Microcodes: + sig 0x000206a7, pf_mask 0x12, 2019-02-17, rev 0x002f, size 12288 + sig 0x000306a9, pf_mask 0x12, 2019-02-13, rev 0x0021, size 14336 + sig 0x000306c3, pf_mask 0x32, 2019-02-26, rev 0x0027, size 23552 + sig 0x000306d4, pf_mask 0xc0, 2019-03-07, rev 0x002d, size 19456 + sig 0x000306e4, pf_mask 0xed, 2019-03-14, rev 0x042e, size 16384 + sig 0x000306e7, pf_mask 0xed, 2019-03-14, rev 0x0715, size 17408 + sig 0x000306f2, pf_mask 0x6f, 2019-03-01, rev 0x0043, size 34816 + sig 0x000306f4, pf_mask 0x80, 2019-03-01, rev 0x0014, size 18432 + sig 0x00040651, pf_mask 0x72, 2019-02-26, rev 0x0025, size 21504 + sig 0x00040661, pf_mask 0x32, 2019-02-26, rev 0x001b, size 25600 + sig 0x00040671, pf_mask 0x22, 2019-03-07, rev 0x0020, size 14336 + sig 0x000406e3, pf_mask 0xc0, 2019-04-01, rev 0x00cc, size 100352 + sig 0x000406f1, pf_mask 0xef, 2019-03-02, rev 0xb000036, size 30720 + sig 0x00050654, pf_mask 0xb7, 2019-04-02, rev 0x200005e, size 32768 + sig 0x00050662, pf_mask 0x10, 2019-03-23, rev 0x001a, size 32768 + sig 0x00050663, pf_mask 0x10, 2019-03-23, rev 0x7000017, size 24576 + sig 0x00050664, pf_mask 0x10, 2019-03-23, rev 0xf000015, size 23552 + sig 0x00050665, pf_mask 0x10, 2019-03-23, rev 0xe00000d, size 19456 + sig 0x000506c9, pf_mask 0x03, 2019-01-15, rev 0x0038, size 17408 + sig 0x000506ca, pf_mask 0x03, 2019-03-01, rev 0x0016, size 15360 + sig 0x000506e3, pf_mask 0x36, 2019-04-01, rev 0x00cc, size 100352 + sig 0x000506f1, pf_mask 0x01, 2019-03-21, rev 0x002e, size 11264 + sig 0x000706a1, pf_mask 0x01, 2019-01-02, rev 0x002e, size 73728 + sig 0x000806e9, pf_mask 0x10, 2019-04-01, rev 0x00b4, size 98304 + sig 0x000806e9, pf_mask 0xc0, 2019-04-01, rev 0x00b4, size 99328 + sig 0x000806ea, pf_mask 0xc0, 2019-04-01, rev 0x00b4, size 99328 + sig 0x000806eb, pf_mask 0xd0, 2019-03-30, rev 0x00b8, size 98304 + sig 0x000806ec, pf_mask 0x94, 2019-03-30, rev 0x00b8, size 97280 + sig 0x000906e9, pf_mask 0x2a, 2019-04-01, rev 0x00b4, size 99328 + sig 0x000906ea, pf_mask 0x22, 2019-04-01, rev 0x00b4, size 98304 + sig 0x000906eb, pf_mask 0x02, 2019-04-01, rev 0x00b4, size 99328 + sig 0x000906ec, pf_mask 0x22, 2019-02-14, rev 0x00ae, size 98304 + sig 0x000906ed, pf_mask 0x22, 2019-03-17, rev 0x00b8, size 97280 + * README.Debian, control: update download/homepage URLs + * copyright: update download URL and date range + * source: update symlinks to reflect id of the latest release, 20190514 -- Henrique de Moraes Holschuh <h...@debian.org> Tue, 14 May 2019 21:49:08 -0300 diff --git a/intel-ucode/06-2d-06 b/intel-ucode/06-2d-06 index d89a291..2c9b69c 100644 Binary files a/intel-ucode/06-2d-06 and b/intel-ucode/06-2d-06 differ diff --git a/intel-ucode/06-2d-07 b/intel-ucode/06-2d-07 index 0da2b9e..52a3fb6 100644 Binary files a/intel-ucode/06-2d-07 and b/intel-ucode/06-2d-07 differ diff --git a/microcode-20190514.d b/microcode-20190618.d similarity index 100% rename from microcode-20190514.d rename to microcode-20190618.d diff --git a/releasenote b/releasenote index b5f1ea5..3c73f65 100644 --- a/releasenote +++ b/releasenote @@ -82,48 +82,12 @@ OS vendors must ensure that the late loader patches (provided in linux-kernel-patches\) are included in the distribution before packaging the BDX-ML microcode for late-loading. -== 20190514 Release == --- Updates upon 20190312 release -- +== 20190618 Release == +-- Updates upon 20190514 release -- Processor Identifier Version Products Model Stepping F-MO-S/PI Old->New ---- new platforms ---------------------------------------- -VLV C0 6-37-8/02 00000838 Atom Z series -VLV C0 6-37-8/0C 00000838 Celeron N2xxx, Pentium N35xx -VLV D0 6-37-9/0F 0000090c Atom E38xx -CHV C0 6-4c-3/01 00000368 Atom X series -CHV D0 6-4c-4/01 00000411 Atom X series -CLX-SP B1 6-55-7/bf 05000021 Xeon Scalable Gen2 + ---- updated platforms ------------------------------------ -SNB D2/G1/Q0 6-2a-7/12 0000002e->0000002f Core Gen2 -IVB E1/L1 6-3a-9/12 00000020->00000021 Core Gen3 -HSW C0 6-3c-3/32 00000025->00000027 Core Gen4 -BDW-U/Y E0/F0 6-3d-4/c0 0000002b->0000002d Core Gen5 -IVB-E/EP C1/M1/S1 6-3e-4/ed 0000042e->0000042f Core Gen3 X Series; Xeon E5 v2 -IVB-EX D1 6-3e-7/ed 00000714->00000715 Xeon E7 v2 -HSX-E/EP Cx/M1 6-3f-2/6f 00000041->00000043 Core Gen4 X series; Xeon E5 v3 -HSX-EX E0 6-3f-4/80 00000013->00000014 Xeon E7 v3 -HSW-U C0/D0 6-45-1/72 00000024->00000025 Core Gen4 -HSW-H C0 6-46-1/32 0000001a->0000001b Core Gen4 -BDW-H/E3 E0/G0 6-47-1/22 0000001e->00000020 Core Gen5 -SKL-U/Y D0/K1 6-4e-3/c0 000000c6->000000cc Core Gen6 -BDX-ML B0/M0/R0 6-4f-1/ef 0b00002e->00000036 Xeon E5/E7 v4; Core i7-69xx/68xx -SKX-SP H0/M0/U0 6-55-4/b7 0200005a->0000005e Xeon Scalable -SKX-D M1 6-55-4/b7 0200005a->0000005e Xeon D-21xx -BDX-DE V1 6-56-2/10 00000019->0000001a Xeon D-1520/40 -BDX-DE V2/3 6-56-3/10 07000016->07000017 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19 -BDX-DE Y0 6-56-4/10 0f000014->0f000015 Xeon D-1557/59/67/71/77/81/87 -BDX-NS A0 6-56-5/10 0e00000c->0e00000d Xeon D-1513N/23/33/43/53 -APL D0 6-5c-9/03 00000036->00000038 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx -SKL-H/S R0/N0 6-5e-3/36 000000c6->000000cc Core Gen6; Xeon E3 v5 -DNV B0 6-5f-1/01 00000024->0000002e Atom C Series -GLK B0 6-7a-1/01 0000002c->0000002e Pentium Silver N/J5xxx, Celeron N/J4xxx -AML-Y22 H0 6-8e-9/10 0000009e->000000b4 Core Gen8 Mobile -KBL-U/Y H0 6-8e-9/c0 0000009a->000000b4 Core Gen7 Mobile -CFL-U43e D0 6-8e-a/c0 0000009e->000000b4 Core Gen8 Mobile -WHL-U W0 6-8e-b/d0 000000a4->000000b8 Core Gen8 Mobile -WHL-U V0 6-8e-d/94 000000b2->000000b8 Core Gen8 Mobile -KBL-G/H/S/E3 B0 6-9e-9/2a 0000009a->000000b4 Core Gen7; Xeon E3 v6 -CFL-H/S/E3 U0 6-9e-a/22 000000aa->000000b4 Core Gen8 Desktop, Mobile, Xeon E -CFL-S B0 6-9e-b/02 000000aa->000000b4 Core Gen8 -CFL-H/S P0 6-9e-c/22 000000a2->000000ae Core Gen9 -CFL-H R0 6-9e-d/22 000000b0->000000b8 Core Gen9 Mobile +SNB-E/EN/EP C1/M0 6-2d-6/6d 0000061d->0000061f Xeon E3/E5, Core X +SNB-E/EN/EP C2/M1 6-2d-7/6d 00000714->00000718 Xeon E3/E5, Core X diff --git a/supplementary-ucode-20190514_BDX-ML.bin b/supplementary-ucode-20190618_BDX-ML.bin similarity index 100% rename from supplementary-ucode-20190514_BDX-ML.bin rename to supplementary-ucode-20190618_BDX-ML.bin