1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 5459-1] amd64-microcode security update

    From Salvatore Bonaccorso@21:1/5 to All on Tue Jul 25 23:10:01 2023
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-5459-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso
    July 25, 2023 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : amd64-microcode
    CVE ID : CVE-2023-20593
    Debian Bug : 1041863

    Tavis Ormandy discovered that under specific microarchitectural
    circumstances, a vector register in "Zen 2" CPUs may not be written to 0 correctly. This flaw allows an attacker to leak register contents across concurrent processes, hyper threads and virtualized guests.

    For details please refer to
    https://lock.cmpxchg8b.com/zenbleed.html https://github.com/google/security-research/security/advisories/GHSA-v6wh-rxpg-cmm8

    The initial microcode release by AMD only provides updates for second generation EPYC CPUs: Various Ryzen CPUs are also affected, but no
    updates are available yet. Fixes will be provided in a later update once
    they are released.

    For more specific details and target dates please refer to the AMD
    advisory at https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7008.html

    For the oldstable distribution (bullseye), this problem has been fixed
    in version 3.20230719.1~deb11u1. Additionally the update contains a fix
    for CVE-2019-9836.

    For the stable distribution (bookworm), this problem has been fixed in
    version 3.20230719.1~deb12u1.
    We recommend that you upgrade your amd64-microcode packages.

    For the detailed security status of amd64-microcode please refer to
    its security tracker page at: https://security-tracker.debian.org/tracker/amd64-microcode

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org
    -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmTAOR1fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Rncg/9Hl5y0YP0GpLU0RtfWXOKZw/TLqJ2Ia5Xn29IYZ+SQfBgS1nqpX+J9xQP y4x8DvjRacj30IhC2wkaczkNm8FvbIiqedraVrUj9ZMmVWoQohIZWrsnwuWbZRlz Dium6J+tFXG3azP/1rAc1bZAd0kUnc8r6jmOpluh5KpQf1+KqRUWQuVopG1N9SZC FC7nAMhLE9E2/dITj2i4InP0CG/+uqlJO5S9rGfKaPHpTK2vjDzJr3yWGQ4yS/so mc+l9nkHb2+UEEHDQ9HMN7A5AuYPk1vU49YOQ+FsgdFamhpchTrf/JbljCtg0WpZ JFok1N1MizHxXQ0S5UdFYaFV//4yW7gPhnlq5hAr4G2czAaOEOZWfzNN+dRJGtvq DNQd/B08ZqlTxEqNWZS5I3YOgITUm0pUYXPqneZsdOlMJD4/qkXn9WT6a9zo3yMU sumxBGgaXMTV68K7qzFQTVYBMJt2vO3e8JThMClU/MRUe1lfwyCMVawsmtxrHtr0 zF/7NUZteXND9vD1fmY6b0V9Owerms9PitPmlahi3++PX3RvXcrZxC7HXFKGmEva nYapN0Kl4TvkWhpGoZHANsjHdyle4q/DrhgEv331IA+btTVSbiesKBZhTIfdmM2G IsaZXtP2GL6igyrPBV09Sm6YheVMc3FiENs7tTpBqyQIoARTZUQ=
    =WvUu
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)