-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 25 Jan 2021 11:29:27 -0300 Source: intel-microcode Binary: intel-microcode Architecture: source Version: 3.20201118.1~deb9u1 Distribution: stretch-security Urgency: high Maintainer: Henrique de Moraes Holschuh <hmh@debian.org> Changed-By: Henrique de Moraes Holschuh <hmh@debian.org> Description: intel-microcode - Processor microcode firmware for Intel CPUs Closes: 974533 Changes: intel-microcode (3.20201118.1~deb9u1) stretch-security; urgency=high . * Rebuild for stretch LTS, with changes to avoid regressions * Stable Release Manager: this intel-microcode update *keeps the same revision* of Skylake D0/R0 microcode updates already in Debian 10; they're "downgraded" from the point of view of intel-microcode 3.20201118.1. For these two processor models, an attempt to update to revisions 0xd8 and higher can hang the system should the system firmware have a microcode revision older than 0x80 -- and revision 0x72/0x74/0x76 apparently are common enough in the field to ensure many users are affected. Refer to: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31 * Downgraded microcodes (to upstream release 20200616): sig 0x000406e3, pf_mask 0xc0, 2019-10-03, rev 0x00d6, size 101376 sig 0x000506e3, pf_mask 0x36, 2019-10-03, rev 0x00d6, size 101376 . intel-microcode (3.20201118.1) unstable; urgency=medium . * New upstream microcode datafile 20201118 * Removes a faulty microcode update from release 2020-11-10 for Tiger Lake processors. Note that Debian already had removed this specific falty microcode update on the 3.20201110.1 release * Add a microcode update for the Pentium Silver N/J5xxx and Celeron N/J4xxx which didn't make it to release 20201110, fixing security issues (INTEL-SA-00381, INTEL-SA-00389) * Updated Microcodes: sig 0x000706a1, pf_mask 0x01, 2020-06-09, rev 0x0034, size 74752 * Removed Microcodes: sig 0x000806c1, pf_mask 0x80, 2020-10-02, rev 0x0068, size 107520 . intel-microcode (3.20201110.1) unstable; urgency=medium . * New upstream microcode datafile 20201110 (closes: #974533) * Implements mitigation for CVE-2020-8696 and CVE-2020-8698, aka INTEL-SA-00381: AVX register information leakage; Fast-Forward store predictor information leakage * Implements mitigation for CVE-2020-8695, Intel SGX information disclosure via RAPL, aka INTEL-SA-00389 * Fixes critical errata on several processor models * Reintroduces SRBDS mitigations(CVE-2020-0543, INTEL-SA-00320) for Skylake-U/Y, Skylake Xeon E3 * New Microcodes sig 0x0005065b, pf_mask 0xbf, 2020-08-20, rev 0x700001e, size 27648 sig 0x000806a1, pf_mask 0x10, 2020-06-26, rev 0x0028, size 32768 sig 0x000806c1, pf_mask 0x80, 2020-10-02, rev 0x0068, size 107520 sig 0x000a0652, pf_mask 0x20, 2020-07-08, rev 0x00e0, size 93184 sig 0x000a0653, pf_mask 0x22, 2020-07-08, rev 0x00e0, size 94208 sig 0x000a0655, pf_mask 0x22, 2020-07-08, rev 0x00e0, size 93184 sig 0x000a0661, pf_mask 0x80, 2020-07-02, rev 0x00e0, size 93184 * Updated Microcodes sig 0x000306f2, pf_mask 0x6f, 2020-05-27, rev 0x0044, size 34816 sig 0x000406e3, pf_mask 0xc0, 2020-07-14, rev 0x00e2, size 105472 sig 0x00050653, pf_mask 0x97, 2020-06-18, rev 0x1000159, size 33792 sig 0x00050654, pf_mask 0xb7, 2020-06-16, rev 0x2006a08, size 35840 sig 0x00050656, pf_mask 0xbf, 2020-06-18, rev 0x4003003, size 52224 sig 0x00050657, pf_mask 0xbf, 2020-06-18, rev 0x5003003, size 52224 sig 0x000506c9, pf_mask 0x03, 2020-02-27, rev 0x0040, size 17408 sig 0x000506ca, pf_mask 0x03, 2020-02-27, rev 0x001e, size 15360 sig 0x000506e3, pf_mask 0x36, 2020-07-14, rev 0x00e2, size 105472 sig 0x000706a8, pf_mask 0x01, 2020-06-09, rev 0x0018, size 75776 sig 0x000706e5, pf_mask 0x80, 2020-07-30, rev 0x00a0, size 109568 sig 0x000806e9, pf_mask 0x10, 2020-05-27, rev 0x00de, size 104448 sig 0x000806e9, pf_mask 0xc0, 2020-05-27, rev 0x00de, size 104448 sig 0x000806ea, pf_mask 0xc0, 2020-06-17, rev 0x00e0, size 104448 sig 0x000806eb, pf_mask 0xd0, 2020-06-03, rev 0x00de, size 104448 sig 0x000806ec, pf_mask 0x94, 2020-05-18, rev 0x00de, size 104448 sig 0x000906e9, pf_mask 0x2a, 2020-05-26, rev 0x00de, size 104448 sig 0x000906ea, pf_mask 0x22, 2020-05-25, rev 0x00de, size 103424 sig 0x000906eb, pf_mask 0x02, 2020-05-25, rev 0x00de, size 104448 sig 0x000906ec, pf_mask 0x22, 2020-06-03, rev 0x00de, size 103424 sig 0x000906ed, pf_mask 0x22, 2020-05-24, rev 0x00de, size 103424 sig 0x000a0660, pf_mask 0x80, 2020-07-08, rev 0x00e0, size 94208 * 0x806c1: remove the new Tiger Lake update: causes hang on cold/warm boot https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/44 INTEL-SA-00381 AND INTEL-SA-00389 MITIGATIONS ARE THEREFORE NOT INSTALLED FOR 0x806c1 TIGER LAKE PROCESSORS by this package update. Contact your system vendor for a firmware update, or wait fo a possible fix in a future Intel microcode release. * source: update symlinks to reflect id of the latest release, 20201110 * source: ship new upstream documentation (security.md, releasenote.md) Checksums-Sha1: 4e5790d907cceed6ed8120e60968faa402ee9706 1817 intel-microcode_3.20201118.1~deb9u1.dsc 0af976496bb37f45756c5aeed41ce29626a51574 3565864 intel-microcode_3.20201118.1~deb9u1.tar.xz 04eb728f31ca7f8ad983fb252fefe0bb4f448736 6073 intel-microcode_3.20201118.1~deb9u1_amd64.buildinfo Checksums-Sha256: edd327dac4224582212f73f8209312c3086f1a00ef4a51a2dc8c4b66ea35935e 1817 intel-microcode_3.20201118.1~deb9u1.dsc 30a4c717d9e9149bcba67cea76255ea13068c01cf03c95f3f7757b7608107aaf 3565864 intel-microcode_3.20201118.1~deb9u1.tar.xz 77c7f8ef5572a63985fe04d1f425b84dd69c33d19e5f4f19a67cb4a6c5394100 6073 intel-microcode_3.20201118.1~deb9u1_amd64.buildinfo Files: c869bf60b52b49decb78acbdb33b05c6 1817 non-free/admin standard intel-microcode_3.20201118.1~deb9u1.dsc 800d092505dabbc827d94525f4db862b 3565864 non-free/admin standard intel-microcode_3.20201118.1~deb9u1.tar.xz f9cdd4219efc9183615aca1ffe1839d0 6073 non-free/admin standard intel-microcode_3.20201118.1~deb9u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEQWtPby40keG61F/9KC7xu6bDcIUFAmAdgQEACgkQKC7xu6bD cIXNfQ/+MzAEpkaMu3XG/EVAUuMYD5sZrmPhO948gQiYxLY/GIMu6ik+Kextu7fR HzVi7W0Le8Zaar6Lkj0z8B++NdrEDO66pNqSq5A5tP5JQ5iMB8JYvsbN5ig8K2Lk tNpNXiW+KTI8cnUPwgR3SkSYm4lvGzvcWyZ8ZKhUgKVePxF2yoOBMdn+CAivyny+ ckdsqiDkJ7/5DZRRU8vZc96FiNtZWeXMQ7jKhkClr3mhnRXhaGzYypR3u5/K1oS1 T1VolMh1IiZZ0kr0wSt2schidbUU+htGAZ/RDS0imOZKon1ZxL7cNyB4pRtK1jh0 t0OVSh8BKDNosMAikpP/jojEKsDXta8PdA86xEJjE5E0Bcw/50xu4DADc6/BCQOy AeDXRJvYAAYKt+d2fyp0v2H+QWz7O+meB9W2ULJxS9KWrptUNvCaay1ZLcyawOW3 chXHHf9I9QI+cVUuD/mmD5RFU8sYnCE3UqwO7WeL3FRI3etQ5iuIofK1LUgjTpoo qjUBwOpQZZhgRDNPwQCXpau8nwpdCzkvQ3su4yAaQJS8A3f+DaoGSOXsPsJ4/OGZ mnAov6v4oOa2/D5QpIEAMleblamC68WnfS9YgcvzYqA7gMljvE80aNr585pk02RL TyUu80vVeLsIJXqVNP6+v5akVBKBAKsHSNJcyeTfPp6pgbkpwGk= =jawC -----END PGP SIGNATURE-----