Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] Heads-up: update intel-microcode on Xeon E5v2/E7v2 servers

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] Heads-up: update intel-microcode on Xeon E5v2/E7v2 servers


Chronologisch Thread 
    < Chronologisch >      < Thread >
  • From: Henrique de Moraes Holschuh <hmh AT debian.org>
  • To: debian-user AT lists.debian.org, debian-isp AT lists.debian.org
  • Subject: [IT-SecNots] Heads-up: update intel-microcode on Xeon E5v2/E7v2 servers
  • Date: Wed, 18 Jun 2014 08:53:46 -0300
  • List-archive: <https://service.piratenpartei.de/pipermail/it-securitynotifies>
  • List-id: Sicherheitsankündigungen <it-securitynotifies.lists.piratenpartei.de>
  • List-url: <http://lists.debian.org/debian-isp/>
  • Old-return-path: <hmh AT debian.org>
  • Resent-date: Wed, 18 Jun 2014 11:54:13 +0000 (UTC)
  • Resent-from: debian-isp AT lists.debian.org
  • Resent-message-id: <kVP_pNxs5S.A.FMB.l3XoTB@bendel>
  • Resent-sender: debian-isp-request AT lists.debian.org
If you have a server or workstation with Intel Xeon E5v2 or E7v2 processors,
you may need updated processor microcode to avoid erratum CA131/CF124:

CA135/CF124 Incorrect Page Translation when EPT is enabled

Problem: If EPT (Extended Page Tables) is enabled, then a complex
sequence of internal processor events may result in unexpected
page faults or use of incorrect page translations.

Implication: Due to this erratum a guest may crash or experience
unpredictable system behavior. It is possible for the BIOS to
contain a workaround for this erratum.

Make no mistake: this is a *critical* fix, and you should apply it
post-haste if you haven't done so already to any boxes with Intel Xeon E5v2
and Intel Xeon E7v2 processors. Incorrect page translations are extremely
dangerous.

Please make sure you have the latest intel-microcode package installed, and
check with your system vendor for a BIOS/EFI update.

Updated intel-microcode packages (with Intel microcode release 20140430) for
stable-backports, testing and unstable have been available for a while,
already.

A stable update for intel-microcode is already available at
wheezy-proposed-updates, and will be included in the next Wheezy stable
point release.

Squeeze LTS users will have to wait for the updated intel-microcode package
to clear the squeeze-backports policy queue, and that might well happen only
after the next stable point-release is out.

If anyone is wondering why this notice is showing up so late, and why such
an important microcode update was uploaded at low priority: Debian does not
have access to Intel partner channels, so we never get any warnings about
microcode updates. The uploads were already done (including the one for
stable and squeeze-backports) when I came across information about the
microcode update including a fix for erratum CA131.

--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh


--
To UNSUBSCRIBE, email to debian-isp-REQUEST AT lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster AT lists.debian.org
Archive: 20140618115345.GB22890 AT khazad-dum.debian.net">https://lists.debian.org/20140618115345.GB22890 AT khazad-dum.debian.net



  • [IT-SecNots] Heads-up: update intel-microcode on Xeon E5v2/E7v2 servers, Henrique de Moraes Holschuh, 18.06.2014

Archiv bereitgestellt durch MHonArc 2.6.19.

Seitenanfang