Debian Long Term Support / LTS Security Information / 2019 / Security Information -- DLA-1789-2 intel-microcode

Debian Security Advisory

DLA-1789-2 intel-microcode -- LTS security update

Date Reported:

20 Jun 2019

Affected Packages:

intel-microcode

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 929073.
In Mitre's CVE dictionary: CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091.

More information:

DLA-1789-1 shipped updated CPU microcode for most types of Intel CPUs as mitigations for the MSBDS, MFBDS, MLPDS and MDSUM hardware vulnerabilities.

This update provides additional support for some Sandybridge server and Core-X CPUs which were not covered in the original May microcode release. For a list of specific CPU models now supported please refer to the entries listed under CPUID 206D6 and 206D7 at https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf

For Debian 8 Jessie, these problems have been fixed in version 3.20190618.1~deb8u1 of the intel-microcode package.

We recommend that you upgrade your intel-microcode packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS

For the detailed security status of intel-microcode please refer to its security tracker page at: https://security-tracker.debian.org/tracker/intel-microcode