3.20190514.0ubuntu0 actually contains version 20190507 Release

Bug #1829745 reported by Niklas Edmundsson on 2019-05-20
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
intel-microcode (Ubuntu)
Undecided
Steve Beattie

Bug Description

intel-microcode 3.20190514.0ubuntu0 contents does not match https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files but rather seems to be version 20190507 according to the package releasenote. At least the Bionic and Xenial packages are affected.

This is confirmed by the fact that the Pentium N35xx microcode update needed for the MDS flaws is missing on a laptop with a N3540 CPU.

https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/tree/master/intel-ucode has an update file named 06-37-08 and this file is indeed missing in the Ubuntu package.

The other files listed as new platforms in the Intel releasenote are also missing, ie 06-37-09, 06-4c-03 and 06-4c-04.

Please remake the Ubuntu intel-microcode 20190514 packages, this time including the actual Intel 20190514 upstream files...

information type: Private Security → Public Security
Steve Beattie (sbeattie) wrote :

Hi, thanks for the report, the 0514 release was supposed to be unchanged from the 0507 beta, but was not.

There is also supposed to be an update for Sandy Bridge forthcoming.

Changed in intel-microcode (Ubuntu):
status: New → In Progress
assignee: nobody → Steve Beattie (sbeattie)
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package intel-microcode - 3.20190514.0ubuntu0.16.04.2

---------------
intel-microcode (3.20190514.0ubuntu0.16.04.2) xenial-security; urgency=medium

  * Update to final 20190514 microcode update. (LP: #1829745)
    - CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
    + New Microcodes:
      sig 0x00030678, pf_mask 0x02, 2016.04-22, rev 0x0838, size 52224
      sig 0x00030678, pf_mask 0x0c, 2016.04-22, rev 0x0838, size 52224
      sig 0x00030679, pf_mask 0x0f, 2016.04-23, rev 0x090c, size 52224
      sig 0x000406c3, pf_mask 0x01, 2016.04-23, rev 0x0368, size 69632
      sig 0x000406c4, pf_mask 0x01, 2016.04-23, rev 0x0411, size 68608
    + Add MDS mitigation support for Cherry Trail and Bay Trail
      processor families.

  [ Dimitri John Ledkov ]
  * Do not override preset defaults from auto-exported conf snippets
    loaded by initramfs-tools. This thus allows other hooks, or
    alternative confdir override the built-in defaults at mkinitramfs
    time. Specifically to support generating installer/golden/bare-metal
    initrds with all microcodes for any hardware.

 -- Steve Beattie <email address hidden> Mon, 20 May 2019 22:08:04 -0700

Changed in intel-microcode (Ubuntu):
status: In Progress → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package intel-microcode - 3.20190514.0ubuntu0.18.10.2

---------------
intel-microcode (3.20190514.0ubuntu0.18.10.2) cosmic-security; urgency=medium

  * Update to final 20190514 microcode update. (LP: #1829745)
    - CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
    + New Microcodes:
      sig 0x00030678, pf_mask 0x02, 2018.10-22, rev 0x0838, size 52224
      sig 0x00030678, pf_mask 0x0c, 2018.10-22, rev 0x0838, size 52224
      sig 0x00030679, pf_mask 0x0f, 2018.10-23, rev 0x090c, size 52224
      sig 0x000406c3, pf_mask 0x01, 2018.10-23, rev 0x0368, size 69632
      sig 0x000406c4, pf_mask 0x01, 2018.10-23, rev 0x0411, size 68608
    + Add MDS mitigation support for Cherry Trail and Bay Trail
      processor families.

  [ Dimitri John Ledkov ]
  * Do not override preset defaults from auto-exported conf snippets
    loaded by initramfs-tools. This thus allows other hooks, or
    alternative confdir override the built-in defaults at mkinitramfs
    time. Specifically to support generating installer/golden/bare-metal
    initrds with all microcodes for any hardware.

 -- Steve Beattie <email address hidden> Mon, 20 May 2019 22:08:04 -0700

Changed in intel-microcode (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers