Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 5459-1] amd64-microcode security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 5459-1] amd64-microcode security update


Chronologisch Thread  
    < Chronologisch >       < Thread >
  • From: Salvatore Bonaccorso <carnil AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 5459-1] amd64-microcode security update
  • Date: Tue, 25 Jul 2023 21:07:11 +0000
  • Authentication-results: mail.piratenpartei.de; dkim=none; spf=none (mail.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 82.195.75.100) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"; dmarc=none
  • List-archive: https://lists.debian.org/msgid-search/E1qOPFP-001fGf-FL AT seger.debian.org
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Date:Message-Id:Subject:To:From:Reply-To:Cc:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=P8yJ+DmUKlYY1IGya/PIUFBkmuTsatHGAplSvGFfQU8=; b=sy bWLVL2/NQzms6jE+xI4E0HbLCzBeMaQXlZB2rjkuwNYbSo8IBBhs0HFaAyV8TlIxYZ6RD/9HSiB7H BCQyfoqKzTPvmD4+3l7pV5pOigJoDR483HoqDSD7AWvYbgPmrhMudby6ZdXC0xHRdfragn/eoUh6w dmgAsmvOif3hAwRS+eRH2ZJxR+OJpnImeXuO8f0z6cwWEPjkTZ++R37xszjpaSp0JZrF/+BuCo8Lj IOI9gt3y+v7i6nNfukp61gbfVm2r4bWZXLEw3WDn19YXa8esokIZzY2sIAoqfQ8WK4Q0GdH24Rcq1 1vlicJNcVbsdp1guXHjaUl+2AwL23nTw==;
  • Old-return-path: <carnil AT seger.debian.org>
  • Priority: urgent
  • Resent-date: Tue, 25 Jul 2023 21:07:38 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <aF3md5KG-eK.A.3rC.amDwkB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5459-1 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
July 25, 2023 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : amd64-microcode
CVE ID : CVE-2023-20593
Debian Bug : 1041863

Tavis Ormandy discovered that under specific microarchitectural
circumstances, a vector register in "Zen 2" CPUs may not be written to 0
correctly. This flaw allows an attacker to leak register contents across
concurrent processes, hyper threads and virtualized guests.

For details please refer to
https://lock.cmpxchg8b.com/zenbleed.html
https://github.com/google/security-research/security/advisories/GHSA-v6wh-rxpg-cmm8

The initial microcode release by AMD only provides updates for second
generation EPYC CPUs: Various Ryzen CPUs are also affected, but no
updates are available yet. Fixes will be provided in a later update once
they are released.

For more specific details and target dates please refer to the AMD
advisory at
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7008.html

For the oldstable distribution (bullseye), this problem has been fixed
in version 3.20230719.1~deb11u1. Additionally the update contains a fix
for CVE-2019-9836.

For the stable distribution (bookworm), this problem has been fixed in
version 3.20230719.1~deb12u1.
We recommend that you upgrade your amd64-microcode packages.

For the detailed security status of amd64-microcode please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/amd64-microcode

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmTAOR1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0Rncg/9Hl5y0YP0GpLU0RtfWXOKZw/TLqJ2Ia5Xn29IYZ+SQfBgS1nqpX+J9xQP
y4x8DvjRacj30IhC2wkaczkNm8FvbIiqedraVrUj9ZMmVWoQohIZWrsnwuWbZRlz
Dium6J+tFXG3azP/1rAc1bZAd0kUnc8r6jmOpluh5KpQf1+KqRUWQuVopG1N9SZC
FC7nAMhLE9E2/dITj2i4InP0CG/+uqlJO5S9rGfKaPHpTK2vjDzJr3yWGQ4yS/so
mc+l9nkHb2+UEEHDQ9HMN7A5AuYPk1vU49YOQ+FsgdFamhpchTrf/JbljCtg0WpZ
JFok1N1MizHxXQ0S5UdFYaFV//4yW7gPhnlq5hAr4G2czAaOEOZWfzNN+dRJGtvq
DNQd/B08ZqlTxEqNWZS5I3YOgITUm0pUYXPqneZsdOlMJD4/qkXn9WT6a9zo3yMU
sumxBGgaXMTV68K7qzFQTVYBMJt2vO3e8JThMClU/MRUe1lfwyCMVawsmtxrHtr0
zF/7NUZteXND9vD1fmY6b0V9Owerms9PitPmlahi3++PX3RvXcrZxC7HXFKGmEva
nYapN0Kl4TvkWhpGoZHANsjHdyle4q/DrhgEv331IA+btTVSbiesKBZhTIfdmM2G
IsaZXtP2GL6igyrPBV09Sm6YheVMc3FiENs7tTpBqyQIoARTZUQ=
=WvUu
-----END PGP SIGNATURE-----


  • [IT-SecNots] [SECURITY] [DSA 5459-1] amd64-microcode security update, Salvatore Bonaccorso, 25.07.2023

Archiv bereitgestellt durch MHonArc 2.6.24.

Seitenanfang