Thanks for filing this issue. As far as I can tell on the Intel page linked above, the CVEs were issued against vulnerabilities in the Manageability Engine, Server Platform Service, and the Trusted Execution Engine.
I believe the intel-microcode package only contains microcode for the CPU, and doesn't contain firmware for the ME, SPS and TXE. To update those components, you need to apply firmware updates from the computer manufacturer. I am removing the references to CVEs from this bug. If you disagree with my assessment, please comment below. Thanks! ** CVE removed: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5705 ** CVE removed: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5708 ** CVE removed: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5711 ** CVE removed: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5712 ** Summary changed: - intel released new microcode fixing several CVE's related to the ME + intel released new microcode ** Description changed: - Intel released a new microcode file (https://downloadcenter.intel.com/download/27337/Linux-Processor-Microcode-Data-File) which fixes several cve's (CVE-2017-5705, CVE-2017-5708, CVE-2017-5711 and CVE-2017-5712, see https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr). + Intel released a new microcode file (https://downloadcenter.intel.com/download/27337/Linux-Processor-Microcode-Data-File). I think this warrents a new version of the intel-microcode package. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1733582 Title: intel released new microcode To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+bug/1733582/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
