[ubuntu/xenial-security] amd64-microcode 3.20180524.1~ubuntu0.16.04.1 (Accepted)

Steve Beattie sbeattie at ubuntu.com
Wed Jun 20 21:14:40 UTC 2018

amd64-microcode (3.20180524.1~ubuntu0.16.04.1) xenial-security; urgency=medium

  * SECURITY UPDATE: Add Spectre Variant 2 protection for family 17h AMD
    processors (CVE-2017-5715)
    - Backport to xenial.

amd64-microcode (3.20180524.1) unstable; urgency=high

  * New microcode update packages from AMD upstream:
    + Re-added Microcodes:
      sig 0x00610f01, patch id 0x06001119, 2012-07-13
  * This update avoids regressing sig 0x610f01 processors on systems with
    outdated firmware by adding back exactly the same microcode patch that was
    present before [for these processors].  It does not implement Spectre-v2
    mitigation for these processors.
  * README: update for new release

amd64-microcode (3.20180515.1) unstable; urgency=high

  * New microcode update packages from AMD upstream:
    + New Microcodes:
      sig 0x00800f12, patch id 0x08001227, 2018-02-09
    + Updated Microcodes:
      sig 0x00600f12, patch id 0x0600063e, 2018-02-07
      sig 0x00600f20, patch id 0x06000852, 2018-02-06
    + Removed Microcodes:
      sig 0x00610f01, patch id 0x06001119, 2012-07-13
  * Adds Spectre v2 (CVE-2017-5715) microcode-based mitigation support,
    plus other unspecified fixes/updates.
  * README, debian/copyright: update for new release

amd64-microcode (3.20171205.2) unstable; urgency=medium

  * debian/control: update Vcs-* fields for salsa.debian.org

amd64-microcode (3.20171205.1) unstable; urgency=high

  * New microcode updates (closes: #886382):
    sig 0x00800f12, patch id 0x08001213, 2017-12-05
    Thanks to SuSE for distributing these ahead of AMD's official release!
  * Add IBPB support for family 17h AMD processors (CVE-2017-5715)
  * README: describe source for faml17h microcode update
  * Upload to unstable to match IBPB microcode support on Intel in Debian
  * WARNING: requires at least kernel 4.15, 4.14.13, 4.9.76, 4.4.111 (or a
    backport of commit f4e9b7af0cd58dd039a0fb2cd67d57cea4889abf
    "x86/microcode/AMD: Add support for fam17h microcode loading") otherwise
    it will not be applied to the processor.

amd64-microcode (3.20160316.3) unstable; urgency=medium

  * initramfs: Make the early initramfs reproducible (closes: #845194)
  * rules: switch to simplified dh-based build (debhelper v9)

amd64-microcode (3.20160316.2) unstable; urgency=medium

  * NEWS.debian: fix minor typo
  * debian/control, debian/compat: bump debhelper compat mode to 9
  * debian/control: bump standards version to 3.9.8 (no changes needed)
  * debian/: prefix binary-package control files with package name
  * debian/control: recommend tiny-initramfs as an alternative to
    initramfs-tools tiny-initramfs specifically supports early microcode
    updates, so it is a viable alternative to initramfs-tools
    (closes: #839882)

amd64-microcode (3.20160316.1) unstable; urgency=low

  * Bump major version number to 3: early-initramfs support
  * Support is now restricted to Linux kernel 3.14 and later.  For older
    kernels, please use the version 2 (older) branch of the package.
  * Implement early-initramfs mode, and remove normal mode
    * debian/control: add versioned recommends for initramfs-tools and
      dracut.  Note that dracut 044 is required for Linux 4.4 and later,
      otherwise dracut 040 would be enough
    * debian/default: add early mode, remove normal mode from comments
    * initramfs hook: use cpio to generate an early-initramfs with
      microcode for all processors, blacklist kernels older than 3.14,
      and remove normal mode support.
    * initramfs.init-premount: remove, not needed for early-initramfs
    * debian/rules: don't install init-premount initramfs script.
  * initramfs.hook: detect a missing microcode.ko and don't attempt to
    force_load() it.  In verbose mode, log when the microcode driver is
    modular.  For Linux 4.4 and later, skip the module loading logic
    (closes: #809444)
  * README.Debian: update for early initramfs support, and add information
    on how to disable early updates using the dis_ucode_ldr kernel boot
  * Support for x32 was enabled in debian/control for the 2.20160316.1
    upload, but the changelog did not record this by mistake.  The missing
    entry was retroactively added to debian/changelog by this upload

Date: 2018-05-29 23:56:41.650172+00:00
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Xenial-changes mailing list