it-securitynotifies AT lists.piratenpartei.de
Betreff: Sicherheitsankündigungen
Listenarchiv
- From: Salvatore Bonaccorso <carnil AT debian.org>
- To: debian-security-announce AT lists.debian.org
- Subject: [IT-SecNots] [SECURITY] [DSA 5462-1] linux security update
- Date: Sun, 30 Jul 2023 07:30:29 +0000
- Authentication-results: mail.piratenpartei.de; dkim=none; spf=none (mail.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 82.195.75.100) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"; dmarc=none
- List-archive: https://lists.debian.org/msgid-search/E1qQ0sn-00EAEc-Dz AT seger.debian.org
- List-id: <debian-security-announce.lists.debian.org>
- List-url: <http://lists.debian.org/debian-security-announce/>
- Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Date:Message-Id:Subject:To:From:Reply-To:Cc:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=S3mXohPZiVPy3qAHMneqKobi6QRT1Lobd8LCLFqfhis=; b=Yy 5io3DnbA91idDCUuctZSF8cikqa76MyhLYuoDVvvxwYurNjPIu4sFGorkf4pS6oxVo7E/BmCJdq0U rp9sOI4tz9TB70z0u/QPlNott42/OI44BoFmgpDITqpYEYDaeoFFbib1raaQmeAgpkk1emMNnuvnt YvVNGuFVtJsnXs05lKKd47zNj+Ek9Sg1HnhHyhg3Sprlo9sm1kjekjYfnUTKVsAnF0eWB2EiQSWES /c92klpCJCAfuQqlZNKBpwe7qqKgJhaUiUkHNc+V3Eue0IDkNOA+aGMH6H9+94cpDyhwPKY102gat u9xx2VefL7YoQpr99UfZZSJ4JrOFo3GQ==;
- Old-return-path: <carnil AT seger.debian.org>
- Priority: urgent
- Resent-date: Sun, 30 Jul 2023 07:30:55 +0000 (UTC)
- Resent-from: debian-security-announce AT lists.debian.org
- Resent-message-id: <-peV12BncsF.A.TYH.vGhxkB@bendel>
- Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5462-1 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
July 30, 2023 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : linux
CVE ID : CVE-2023-20593
Tavis Ormandy discovered that under specific microarchitectural
circumstances, a vector register in AMD "Zen 2" CPUs may not be
written to 0 correctly. This flaw allows an attacker to leak
sensitive information across concurrent processes, hyper threads
and virtualized guests.
For details please refer to
<https://lock.cmpxchg8b.com/zenbleed.html> and
<https://github.com/google/security-research/security/advisories/GHSA-v6wh-rxpg-cmm8>.
This issue can also be mitigated by a microcode update through the
amd64-microcode package or a system firmware (BIOS/UEFI) update.
However, the initial microcode release by AMD only provides
updates for second generation EPYC CPUs. Various Ryzen CPUs are
also affected, but no updates are available yet.
For the stable distribution (bookworm), this problem has been fixed in
version 6.1.38-2.
We recommend that you upgrade your linux packages.
For the detailed security status of linux please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/linux
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmTGCyRfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0Tjjw//SsbN4RnQHqV1G0XVWxApVK1DYoKw6+tHxkkf301jV2abDMcIO1keVNol
gc2yENQyzeoGd++eBqO0MD9GnvrbutT6n7wChuyvB7bzFDQQA6hJHLcFLkKYA3D1
6yFgczWL0Tx7wcrpKU9gVMWAe928VE4hJGVd6nFF02YS0GF8voY/ymiCqbuQA05f
LOmeHNIWyzulBG0qNwQE6HT6s6LkLMCZAawpe3D85cE6exFWRDKJhxKY8GcZvJDV
8G80Ik1xYAQ6Q5HqwxUr2Rp0sN7a8SghF817Sn/Bx6ahvej61ZTgDn7QhKLkGwu2
/DOnMcKwKd9WB7gS9T4YLd6rNOPCL4J5P06ia4/JbocExIu19pEEfQvb7gf5PVl3
994DykFy9ByKiXYh91U9QNyKaBZSjMFeN9Mg8FbbuwZGLLNACkhZc72JK4yKsxTq
5cucuVBzwbwvvrK63h3YVDyOv8vRiI/jquxOMehsrSGOuaHpd2VduQdnS0ayKjqX
STOKNRMA+GGjIoNdLyfe9HDlm3ztwsjrxoO0eXqWjUc7EA6KOfsF7NLFju2YXEt9
80Yr6kCS5/IukkhZBAP4GwV4mLKG1yZ7vzwb15pAihvtw7UFrrzifkcL0yPf7Cx8
wVtTUdl+5Y4Dfy+i9/LT0sY4fVEKfZZoXnDV733vxTTKKNQSpFk=
=ceVi
-----END PGP SIGNATURE-----
- [IT-SecNots] [SECURITY] [DSA 5462-1] linux security update, Salvatore Bonaccorso, 30.07.2023
Archiv bereitgestellt durch MHonArc 2.6.24.