Security update for ucode-intel SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:0066-1 Final 1 1 2018-01-11T10:51:39Z current 2018-01-11T10:51:39Z 2018-01-11T10:51:39Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for ucode-intel This update for ucode-intel fixes the following issues: Update to Intel CPU Microcode version 20180108 (boo#1075262) - The pre-released microcode fixing some important security issues is now officially published (and included in the added tarball). New firmware updates since last version (20170707) are available for these Intel processors: - IVT C0 (06-3e-04:ed) 428->42a - SKL-U/Y D0 (06-4e-03:c0) ba->c2 - BDW-U/Y E/F (06-3d-04:c0) 25->28 - HSW-ULT Cx/Dx (06-45-01:72) 20->21 - Crystalwell Cx (06-46-01:32) 17->18 - BDW-H E/G (06-47-01:22) 17->1b - HSX-EX E0 (06-3f-04:80) 0f->10 - SKL-H/S R0 (06-5e-03:36) ba->c2 - HSW Cx/Dx (06-3c-03:32) 22->23 - HSX C0 (06-3f-02:6f) 3a->3b - BDX-DE V0/V1 (06-56-02:10) 0f->14 - BDX-DE V2 (06-56-03:10) 700000d->7000011 - KBL-U/Y H0 (06-8e-09:c0) 62->80 - KBL Y0 / CFL D0 (06-8e-0a:c0) 70->80 - KBL-H/S B0 (06-9e-09:2a) 5e->80 - CFL U0 (06-9e-0a:22) 70->80 - CFL B0 (06-9e-0b:02) 72->80 - SKX H0 (06-55-04:b7) 2000035->200003c - GLK B0 (06-7a-01:01) 1e->22 The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00031.html E-Mail link for openSUSE-SU-2018:0066-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.2 openSUSE Leap 42.3 ucode-intel-20180108-16.1 ucode-intel-blob-20180108-16.1 ucode-intel-debuginfo-20180108-16.1 ucode-intel-debugsource-20180108-16.1 ucode-intel-20180108-16.1 as a component of openSUSE Leap 42.2 ucode-intel-20180108-16.1 as a component of openSUSE Leap 42.3 ucode-intel-blob-20180108-16.1 as a component of openSUSE Leap 42.2 ucode-intel-blob-20180108-16.1 as a component of openSUSE Leap 42.3 ucode-intel-debuginfo-20180108-16.1 as a component of openSUSE Leap 42.2 ucode-intel-debuginfo-20180108-16.1 as a component of openSUSE Leap 42.3 ucode-intel-debugsource-20180108-16.1 as a component of openSUSE Leap 42.2 ucode-intel-debugsource-20180108-16.1 as a component of openSUSE Leap 42.3 Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. CVE-2017-5715 openSUSE Leap 42.2:ucode-intel-20180108-16.1 openSUSE Leap 42.2:ucode-intel-blob-20180108-16.1 openSUSE Leap 42.2:ucode-intel-debuginfo-20180108-16.1 openSUSE Leap 42.2:ucode-intel-debugsource-20180108-16.1 openSUSE Leap 42.3:ucode-intel-20180108-16.1 openSUSE Leap 42.3:ucode-intel-blob-20180108-16.1 openSUSE Leap 42.3:ucode-intel-debuginfo-20180108-16.1 openSUSE Leap 42.3:ucode-intel-debugsource-20180108-16.1 critical 4.7 AV:L/AC:M/Au:N/C:C/I:N/A:N Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00031.html https://www.suse.com/security/cve/CVE-2017-5715.html CVE-2017-5715 https://bugzilla.suse.com/1068032 SUSE Bug 1068032 https://bugzilla.suse.com/1074562 SUSE Bug 1074562 https://bugzilla.suse.com/1074578 SUSE Bug 1074578 https://bugzilla.suse.com/1074701 SUSE Bug 1074701 https://bugzilla.suse.com/1074919 SUSE Bug 1074919 https://bugzilla.suse.com/1075006 SUSE Bug 1075006 https://bugzilla.suse.com/1075007 SUSE Bug 1075007 https://bugzilla.suse.com/1075419 SUSE Bug 1075419