Bug#1043381: marked as done (amd64-microcode: Followups for 4th Gen AMD EPYC processors for CVE-2023-20569 / AMD Inception)

Debian Bug Tracking System Thu, 10 Aug 2023 06:51:16 -0700

Your message dated Thu, 10 Aug 2023 13:50:27 +0000
with message-id <e1qu63x-0023es...@fasolo.debian.org>
and subject line Bug#1043381: fixed in amd64-microcode 3.20230808.1.1
has caused the Debian Bug report #1043381,
regarding amd64-microcode: Followups for 4th Gen AMD EPYC processors for 
CVE-2023-20569 / AMD Inception
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1043381: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1043381
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: amd64-microcode
Version: 3.20230719.1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Control: found -1 3.20230414.1
Control: found -1 3.20230719.1~deb12u1  
Control: found -1 3.20191218.1
Control: found -1 3.20230719.1~deb11u1

Hi Henrique,

From
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7005.html
we did fortunately covered the 3rd Gen AMD EPYC processors microcode
updates for CVE-2023-20569 already with the previous done update:

amd64-microcode (3.20230719.1) unstable; urgency=high

  * Update package data from linux-firmware 20230625-39-g59fbffa9:
    * Fixes for CVE-2023-20593 "Zenbleed" on AMD Zen2 processors
      (closes: #1041863)
    * New Microcode patches:
      + Family=0x17 Model=0xa0 Stepping=0x00: Patch=0x08a00008
    * Updated Microcode patches:
      + Family=0x17 Model=0x31 Stepping=0x00: Patch=0x0830107a
      + Family=0x19 Model=0x01 Stepping=0x00: Patch=0x0a001079
      + Family=0x19 Model=0x01 Stepping=0x01: Patch=0x0a0011d1
      + Family=0x19 Model=0x01 Stepping=0x02: Patch=0x0a001234
  * README: update for new release

 -- Henrique de Moraes Holschuh <h...@debian.org>  Mon, 24 Jul 2023 13:07:34 
-0300

(and so in {bookworm,bullseye,buster}-security as well).

There was a microcode followup today as
https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=f2eb058afc57348cde66852272d6bf11da1eef8f
which followups for the 4th Gen AMD EPYC processors, Genoa
(Family=0x19 Model=0x11) and Bergamo (Family=0x19 Model=0xa0).

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Source: amd64-microcode
Source-Version: 3.20230808.1.1
Done: Henrique de Moraes Holschuh <h...@debian.org>

We believe that the bug you reported is fixed in the latest version of
amd64-microcode, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1043...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Henrique de Moraes Holschuh <h...@debian.org> (supplier of updated 
amd64-microcode package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 10 Aug 2023 10:18:38 -0300
Source: amd64-microcode
Architecture: source
Version: 3.20230808.1.1
Distribution: unstable
Urgency: high
Maintainer: Henrique de Moraes Holschuh <h...@debian.org>
Changed-By: Henrique de Moraes Holschuh <h...@debian.org>
Closes: 1043381
Changes:
 amd64-microcode (3.20230808.1.1) unstable; urgency=high
 .
   * Update package data from linux-firmware 20230804-6-gf2eb058a
     * Fixes for CVE-2023-20569 "AMD Inception" on AMD Zen4 processors
     (closes: #1043381)
   * WARNING: for proper operation on AMD Genoa and Bergamo processors,
     either up-to-date BIOS (with AGESA 1.0.0.8 or newer) or up-to-date
     Linux kernels (minimal versions on each active Linux stable branch:
     v4.19.289 v5.4.250 v5.10.187 v5.15.120 v6.1.37 v6.3.11 v6.4.1)
     are *required*
   * New Microcode patches:
     +  Family=0x19 Model=0x11 Stepping=0x01: Patch=0x0a10113e
     +  Family=0x19 Model=0x11 Stepping=0x02: Patch=0x0a10123e
     +  Family=0x19 Model=0xa0 Stepping=0x02: Patch=0x0aa00212
     +  Family=0x19 Model=0xa0 Stepping=0x01: Patch=0x0aa00116
   * README: update for new release
   * debian/NEWS: AMD Genoa/Bergamo kernel version restrictions
   * debian/changelog: update entry for release 3.20230719.1, noting
     that it included fixes for "AMD Inception" for Zen3 processors.
     We did not know about AMD Inception at the time, but we always
     include all available microcode updates when issuing a new
     package, so we lucked out.
   * debian/changelog: correct some information in 3.20230808.1
     entry and reupload as 3.20230808.1.1.  There's no Zenbleed
     for Zen4... oops!
Checksums-Sha1:
 1d7f93fa4bc7fd862e47a29c0e4171238f91823f 1703 
amd64-microcode_3.20230808.1.1.dsc
 dc2f0c2b8fbb6708421bf58a1461081aebb165c1 142020 
amd64-microcode_3.20230808.1.1.tar.xz
 987c522340a2d3e268fa1e883c20d11a627865c8 6558 
amd64-microcode_3.20230808.1.1_amd64.buildinfo
Checksums-Sha256:
 6dfb663c4cadd2c12c28bae4eb45ad6ebc385826a385bf13c1288f3e7c96cf5f 1703 
amd64-microcode_3.20230808.1.1.dsc
 3233f0ddfba0822642d4121583f28236490892e97dabfe7094cd985712651f8f 142020 
amd64-microcode_3.20230808.1.1.tar.xz
 8f9aa27438dda87f4ba54aeacd17326f992480ccb9b97bdf39ce968858a5b430 6558 
amd64-microcode_3.20230808.1.1_amd64.buildinfo
Files:
 f1adac63a7e613918973b729764c5da7 1703 non-free-firmware/admin standard 
amd64-microcode_3.20230808.1.1.dsc
 1c0e26240f2ee3707c9b24288520cdeb 142020 non-free-firmware/admin standard 
amd64-microcode_3.20230808.1.1.tar.xz
 6663d0da8c4379bc185190407b3ccbe8 6558 non-free-firmware/admin standard 
amd64-microcode_3.20230808.1.1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEIXEYtQeAQUHyKjs9TkVcVzAplOQFAmTU5WgACgkQTkVcVzAp
lORL8hAAzzbf+LHK6RBzcI0eu4fNuYsygxIsOxDKFZTTutBsPavP6e8PVFUjIlCs
UyB3BEq386X56qRejQKISqO5sbQSZULlo+A8Z/0Q9ogHGCngWFuoVQm/Gzjg5Q+D
aLK7PlKVjKRW/Iu3RGLHl870R//CtIhC9+aQ+oBoKWcB3v+gYCd85MYut5v0GzqL
f23lzKeVZ0T738vI9HghjVjQrpfPNSQwB7jj2Eqp+LPo/3yzlI+8lAOv3PoDkDaC
axmJJKBNiHo2yv7w8XuTt8erbrvRuI17U9FaIeB8LWxELCRzTJ1AqfAdC9e1B32M
7J0wrXqJfP0PhgVJ6RkMs0RLSibZzdLt9Fxp2AUN4kODP7J4aT6l3WqOydAVpYYi
sO755Wobj+WZvm3h4OVXyChcFzv4vnBI7uMtesV04uofSmWHM3b23NU11BPRV/2F
0+Swjk32uZird+d14b8F7Zvyd+lO45B16KaiwWenzRSFnchq1nNcOLwISIKS1OnJ
ZECNA1yNtHTua3Br7iCb+YkizVrwhG5Dcn4X6xQhPy2UPdcc9Llf9Yi1PdhzTI37
HjPSns6bqLNDzABhUO0Zg4xr6whtrxl7IyQ6TxYWlMI3jxP+yfN9dhgU605I+uRq
BtBMrBlfe5tCLkp7AsDdVXnJ12M5SCHrZK6DwQNy5lllgbZkhMk=
=OIZj
-----END PGP SIGNATURE-----

--- End Message ---

Bug#1043381: marked as done (amd64-microcode: Followups for 4th Gen AMD EPYC processors for CVE-2023-20569 / AMD Inception)

Reply via email to