[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2148-1] amd64-microcode security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : amd64-microcode
Version        : 3.20181128.1~deb8u1
CVE ID         : CVE-2017-5715
Debian Bug     : 886382


It was discovered that systems with microprocessors utilizing
speculative execution and indirect branch prediction may allow
unauthorized disclosure of information to an attacker with local
user access via a side-channel analysis (Spectre v2).
Multiple fixes were done already in Linux kernel, intel-microcode etc.
This fix adds amd-microcode-based IBPB support.

For Debian 8 "Jessie", this problem has been fixed in version
3.20181128.1~deb8u1.

We recommend that you upgrade your amd64-microcode package.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequent

Regards,

Anton
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAl51H84ACgkQ0+Fzg8+n
/wZvjw//dgFzx6McqaXwd9ydzqxrvxIXxiNU3yYQKEZ6NxTjMHSrrPBCCKWfy36d
lvjzK40Krmn1Q7YSae122YWi/4Sk5S5Y3QTgGD+QHrhQ1AYoyCmbRL3t+drntvVU
lCKv/3VKlLA+E9UX3w5ZKRxOHSoiIbliJ+k8q2PbgruttOX3RJLEtzv3bjUCBsmf
uO5WS/fZt5ia8Qrsk8xZ4uBnF3GgmfUDVaR8Pl9oBIcesBZUqZb0mL73NoGsdIyJ
vKN9h14c+3JujOgMu+GFJ8nNUl8KvLHU3RjXpIK0Ov/PiTykiZed+h2KkA07scJe
gmrbOQsZa53/PJUS4/PT+Nk7UaQh9UPxb3Ipw7QfiOcHY5h17zSwipVmo3nyeftC
N/3khJLQhmiwTl4ejGVcR6PEdF+Gh0Ry9K196BqXwjnsoly+HYKmEARNsVygxQlR
GnN2MG+tTCZMjo6tDv8sV5Lsmmjj6/5UEATZaDxLalRRlbNpXRAAd15sxWQCCFPC
FIx1xaEvlqvkqNvjtudcwDvVv/8c/vYvilzmdTz63WQrP00VPo3SVdpASuIMbBDP
D38D4WtYrwUgKWPI1Vb8aiJAPNhPUzLiSzT1/rC3AZ+BmX3IiFtLXLly+33p5voo
acpXt/Fh0ufCnjhsxLaTgkkdksTucmMf0JwE+bzDmWgZFq5hjLM=
=HLKx
-----END PGP SIGNATURE-----


Reply to: