Henrique de Moraes Holschuh
2024-12-07 18:40:02 UTC
Package: release.debian.org
Severity: normal
Tags: bookworm
User: ***@packages.debian.org
Usertags: pu
[ Reason ]
As requested by the security team, I would like to bring the microcode
update level for Intel processors in Bookworm to match what we have in Sid
and Trixie.
This fixes:
- Mitigations for INTEL-SA-01101 (CVE-2024-21853)
- Mitigations for INTEL-SA-01079 (CVE-2024-23918)
- Updated mitigations for INTEL-SA-01097 (CVE-2024-24968)
- Mitigations for INTEL-SA-01103 (CVE-2024-23984)
* Other unspecified functional issues on several processors
There are no releavant issues reported on this microcode update,
considering the version of intel-microcode already available as security
updates for Bookworm.
[ Impact ]
If this update is not approved, owners of most recent "client" Intel
processors and a few server processors will depend on UEFI updates to be
protected from the issues listed above.
[ Tests ]
There were no bug reports from users of Debian sid or Trixie, these
packages have been tested there since 2024-11-14 (sid), 2024-11-20
(trixie).
[ Risks ]
Unknown, but not believed to be any different from other Intel microcode
updates.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Changes ]
As per the debdiff, only documentation changes, package documentation
changes, and the binary blob change from upstream.
changelog | 66 ++++++++++++++++++++++++++++++++++++---
debian/changelog | 86 +++++++++++++++++++++++++++++++++++++++++++++++----
intel-ucode/06-8f-05 |binary
intel-ucode/06-8f-06 |binary
intel-ucode/06-8f-07 |binary
intel-ucode/06-8f-08 |binary
intel-ucode/06-97-02 |binary
intel-ucode/06-97-05 |binary
intel-ucode/06-9a-03 |binary
intel-ucode/06-9a-04 |binary
intel-ucode/06-aa-04 |binary
intel-ucode/06-b7-01 |binary
intel-ucode/06-ba-02 |binary
intel-ucode/06-ba-03 |binary
intel-ucode/06-ba-08 |binary
intel-ucode/06-bf-02 |binary
intel-ucode/06-bf-05 |binary
intel-ucode/06-cf-01 |binary
intel-ucode/06-cf-02 |binary
releasenote.md | 72 ++++++++++++++++++++++++++++++++++++++++++
20 files changed, 213 insertions(+), 11 deletions(-)
[ Other info ]
The package version with "~" is needed to guarantee smooth updates to
the next debian release.
Severity: normal
Tags: bookworm
User: ***@packages.debian.org
Usertags: pu
[ Reason ]
As requested by the security team, I would like to bring the microcode
update level for Intel processors in Bookworm to match what we have in Sid
and Trixie.
This fixes:
- Mitigations for INTEL-SA-01101 (CVE-2024-21853)
- Mitigations for INTEL-SA-01079 (CVE-2024-23918)
- Updated mitigations for INTEL-SA-01097 (CVE-2024-24968)
- Mitigations for INTEL-SA-01103 (CVE-2024-23984)
* Other unspecified functional issues on several processors
There are no releavant issues reported on this microcode update,
considering the version of intel-microcode already available as security
updates for Bookworm.
[ Impact ]
If this update is not approved, owners of most recent "client" Intel
processors and a few server processors will depend on UEFI updates to be
protected from the issues listed above.
[ Tests ]
There were no bug reports from users of Debian sid or Trixie, these
packages have been tested there since 2024-11-14 (sid), 2024-11-20
(trixie).
[ Risks ]
Unknown, but not believed to be any different from other Intel microcode
updates.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Changes ]
As per the debdiff, only documentation changes, package documentation
changes, and the binary blob change from upstream.
changelog | 66 ++++++++++++++++++++++++++++++++++++---
debian/changelog | 86 +++++++++++++++++++++++++++++++++++++++++++++++----
intel-ucode/06-8f-05 |binary
intel-ucode/06-8f-06 |binary
intel-ucode/06-8f-07 |binary
intel-ucode/06-8f-08 |binary
intel-ucode/06-97-02 |binary
intel-ucode/06-97-05 |binary
intel-ucode/06-9a-03 |binary
intel-ucode/06-9a-04 |binary
intel-ucode/06-aa-04 |binary
intel-ucode/06-b7-01 |binary
intel-ucode/06-ba-02 |binary
intel-ucode/06-ba-03 |binary
intel-ucode/06-ba-08 |binary
intel-ucode/06-bf-02 |binary
intel-ucode/06-bf-05 |binary
intel-ucode/06-cf-01 |binary
intel-ucode/06-cf-02 |binary
releasenote.md | 72 ++++++++++++++++++++++++++++++++++++++++++
20 files changed, 213 insertions(+), 11 deletions(-)
[ Other info ]
The package version with "~" is needed to guarantee smooth updates to
the next debian release.
--
Henrique Holschuh
Henrique Holschuh