Debian Security Advisory

DLA-1789-1 intel-microcode -- LTS security update

Date Reported:
15 May 2019
Affected Packages:
intel-microcode
Vulnerable:
Yes
Security database references:
In the Debian bugtracking system: Bug 929007.
In Mitre's CVE dictionary: CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091.
More information:

This update ships updated CPU microcode for most types of Intel CPUs. It provides microcode support for the kernel to implement mitigations for the MSBDS, MFBDS, MLPDS and MDSUM hardware vulnerabilities.

To fully resolve these vulnerabilities it is also necessary to update the Linux kernel packages, which is the subject of DLA-1787-1.

For Debian 8 Jessie, these problems have been fixed in version 3.20190514.1~deb8u1 of the intel-microcode package, and also by the Linux kernel updates described in DLA-1787-1.

We recommend that you upgrade your intel-microcode packages, and Linux kernel packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS

For the detailed security status of intel-microcode please refer to its security tracker page at: https://security-tracker.debian.org/tracker/intel-microcode