[ubuntu/trusty-security] intel-microcode 3.20180807a.0ubuntu0.14.04.1 (Accepted)

Steve Beattie sbeattie at ubuntu.com
Mon Aug 27 16:15:32 UTC 2018


intel-microcode (3.20180807a.0ubuntu0.14.04.1) trusty-security; urgency=medium

  * SECURITY UPDATE: New upstream microcode update to provide L1D cache
    flush support to mitigate L1TF (CVE-2018-3646)
    - New Microcodes:
      sig 0x000206e6, pf_mask 0x04, 2018-05-15, rev 0x000d, size 9216
      sig 0x000506c2, pf_mask 0x01, 2018-05-11, rev 0x0014, size 15360
      sig 0x000506ca, pf_mask 0x03, 2018-05-11, rev 0x000c, size 14336
      sig 0x000506f1, pf_mask 0x01, 2018-05-11, rev 0x0024, size 10240
    - Updated Microcodes:
      sig 0x000106a5, pf_mask 0x03, 2018-05-11, rev 0x001d, size 12288
      sig 0x000106e5, pf_mask 0x13, 2018-05-08, rev 0x000a, size 9216
      sig 0x00020652, pf_mask 0x12, 2018-05-08, rev 0x0011, size 9216
      sig 0x00020655, pf_mask 0x92, 2018-04-23, rev 0x0007, size 4096
      sig 0x000206a7, pf_mask 0x12, 2018-04-10, rev 0x002e, size 12288
      sig 0x000206f2, pf_mask 0x05, 2018-05-16, rev 0x003b, size 14336
      sig 0x000306a9, pf_mask 0x12, 2018-04-10, rev 0x0020, size 13312
      sig 0x000306c3, pf_mask 0x32, 2018-04-02, rev 0x0025, size 23552
      sig 0x000306d4, pf_mask 0xc0, 2018-03-22, rev 0x002b, size 18432
      sig 0x00040651, pf_mask 0x72, 2018-04-02, rev 0x0024, size 22528
      sig 0x00040661, pf_mask 0x32, 2018-04-02, rev 0x001a, size 25600
      sig 0x00040671, pf_mask 0x22, 2018-04-03, rev 0x001e, size 13312
      sig 0x000406e3, pf_mask 0xc0, 2018-04-17, rev 0x00c6, size 99328
      sig 0x00050662, pf_mask 0x10, 2018-05-25, rev 0x0017, size 31744
      sig 0x00050663, pf_mask 0x10, 2018-04-20, rev 0x7000013, size 22528
      sig 0x00050664, pf_mask 0x10, 2018-04-20, rev 0xf000012, size 22528
      sig 0x000506c9, pf_mask 0x03, 2018-05-11, rev 0x0032, size 16384
      sig 0x000506e3, pf_mask 0x36, 2018-04-17, rev 0x00c6, size 99328
      sig 0x000706a1, pf_mask 0x01, 2018-05-22, rev 0x0028, size 73728
      sig 0x000806e9, pf_mask 0xc0, 2018-03-24, rev 0x008e, size 98304
      sig 0x000806ea, pf_mask 0xc0, 2018-05-15, rev 0x0096, size 98304
      sig 0x000906e9, pf_mask 0x2a, 2018-03-24, rev 0x008e, size 98304
      sig 0x000906ea, pf_mask 0x22, 2018-05-02, rev 0x0096, size 97280
      sig 0x000906eb, pf_mask 0x02, 2018-03-24, rev 0x008e, size 98304
    - Added back upstream but blacklisted by packaging due to the issues
      around addressing Intel SA-00030:
      sig 0x000206c2, pf_mask 0x03, 2018-05-08, rev 0x001f, size 11264
  * Remaining changes from Debian:
    - debian/initramfs.hook: Default to early instead of auto, and
      install all of the microcode, not just the one matching the
      current CPU, if MODULES=most is set in the initramfs-tools config

intel-microcode (3.20180703.2ubuntu1) cosmic; urgency=low

  * Merge from Debian unstable (LP: #1783385).  Remaining changes:
    - debian/initramfs.hook: Default to early instead of auto, and
      install all of the microcode, not just the one matching the
      current CPU, if MODULES=most is set in the initramfs-tools config

intel-microcode (3.20180703.2) unstable; urgency=medium

  * source: fix badly named symlink that resulted in most microcode
    updates not being shipped in the binary package.  Oops!

intel-microcode (3.20180703.1) unstable; urgency=medium

  * New upstream microcode data file 20180703 (closes: #903018)
    + Updated Microcodes:
      sig 0x000206d6, pf_mask 0x6d, 2018-05-08, rev 0x061d, size 18432
      sig 0x000206d7, pf_mask 0x6d, 2018-05-08, rev 0x0714, size 19456
      sig 0x000306e4, pf_mask 0xed, 2018-04-25, rev 0x042d, size 15360
      sig 0x000306e7, pf_mask 0xed, 2018-04-25, rev 0x0714, size 17408
      sig 0x000306f2, pf_mask 0x6f, 2018-04-20, rev 0x003d, size 33792
      sig 0x000306f4, pf_mask 0x80, 2018-04-20, rev 0x0012, size 17408
      sig 0x000406f1, pf_mask 0xef, 2018-04-19, rev 0xb00002e, size 28672
      sig 0x00050654, pf_mask 0xb7, 2018-05-15, rev 0x200004d, size 31744
      sig 0x00050665, pf_mask 0x10, 2018-04-20, rev 0xe00000a, size 18432
    + First batch of fixes for: Intel SA-00115, CVE-2018-3639, CVE-2018-3640
    + SSBD support (Spectre-v4 mitigation) and fix Spectre-v3a for:
      Sandybridge server, Ivy Bridge server, Haswell server, Skylake server,
      Broadwell server, a few HEDT Core i7/i9 models that are actually gimped
      server dies.
  * source: update symlinks to reflect id of the latest release, 20180703

intel-microcode (3.20180425.1ubuntu1) cosmic; urgency=medium

  * Default to early instead of auto, and install all of the microcode,
    not just the one matching the current CPU, if MODULES=most is set
    in the initramfs-tools config (LP: #1778738)

intel-microcode (3.20180425.1) unstable; urgency=medium

  * New upstream microcode data file 20180425 (closes: #897443, #895878)
    + Updated Microcodes:
      sig 0x000406f1, pf_mask 0xef, 2018-03-21, rev 0xb00002c, size 27648
      sig 0x000706a1, pf_mask 0x01, 2017-12-26, rev 0x0022, size 73728
    + Implements IBRS/IBPB/STIPB support, Spectre-v2 mitigation
    + Note that sig 0x000604f1 has been blacklisted from late-loading
      since Debian release 3.20171117.1.
  * source: remove undesired list files from microcode directories
  * source: switch to microcode-<id>.d/ since Intel dropped .dat
    support.

intel-microcode (3.20180425.1~ubuntu0.18.04.1) bionic-security; urgency=medium

  * SECURITY UPDATE: New upstream microcode data file 20180425 to
    provide IBRS/IBPB/STIBP microcode support for Spectre variant 2 mitigation
    for Pentium Silver N/J5xxx, Celeron N/J4xxx (sig 0x000706a1) and
    Xeon E5/E7 v4; Core i7-69xx/68xx (sig 0x000406f1) (LP: #1769043)
    - merge from Debian.

intel-microcode (3.20180425.1) unstable; urgency=medium

  * New upstream microcode data file 20180425 (closes: #897443, #895878)
    + Updated Microcodes:
      sig 0x000406f1, pf_mask 0xef, 2018-03-21, rev 0xb00002c, size 27648
      sig 0x000706a1, pf_mask 0x01, 2017-12-26, rev 0x0022, size 73728
    + Implements IBRS/IBPB/STIPB support, Spectre-v2 mitigation
    + Note that sig 0x000604f1 has been blacklisted from late-loading
      since Debian release 3.20171117.1.
  * source: remove undesired list files from microcode directories
  * source: switch to microcode-<id>.d/ since Intel dropped .dat
    support.

Date: 2018-08-24 19:40:12.710700+00:00
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
https://launchpad.net/ubuntu/+source/intel-microcode/3.20180807a.0ubuntu0.14.04.1
-------------- next part --------------
Sorry, changesfile not available.


More information about the Trusty-changes mailing list