Bug#1055962: marked as done (intel-microcode: CVE-2023-23583: INTEL-SA-00950)

[Debian Bug Tracking System]

Your message dated Fri, 24 Nov 2023 14:32:09 +0000
with message-id <e1r6xe1-00c7hy...@fasolo.debian.org>
and subject line Bug#1055962: fixed in intel-microcode 3.20231114.1~deb12u1
has caused the Debian Bug report #1055962,
regarding intel-microcode: CVE-2023-23583: INTEL-SA-00950
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1055962: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055962
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: intel-microcode
Version: 3.20230808.1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Control: found -1 3.20230808.1~deb12u1
Control: found -1 3.20230808.1~deb11u1

Hi,

The following vulnerability was published for intel-microcode.

CVE-2023-23583[0]:
| Sequence of processor instructions leads to unexpected behavior for
| some Intel(R) Processors may allow an authenticated user to
| potentially enable escalation of privilege and/or information
| disclosure and/or denial of service via local access.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-23583
    https://www.cve.org/CVERecord?id=CVE-2023-23583
[1] 
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00950.html

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Source: intel-microcode
Source-Version: 3.20231114.1~deb12u1
Done: Henrique de Moraes Holschuh <h...@debian.org>

We believe that the bug you reported is fixed in the latest version of
intel-microcode, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1055...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Henrique de Moraes Holschuh <h...@debian.org> (supplier of updated 
intel-microcode package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 18 Nov 2023 16:13:39 -0300
Source: intel-microcode
Architecture: source
Version: 3.20231114.1~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: Henrique de Moraes Holschuh <h...@debian.org>
Changed-By: Henrique de Moraes Holschuh <h...@debian.org>
Closes: 1055962
Changes:
 intel-microcode (3.20231114.1~deb12u1) bookworm-security; urgency=high
 .
   * Build for bookworm (no changes)
 .
 intel-microcode (3.20231114.1) unstable; urgency=medium
 .
   * New upstream microcode datafile 20231114 (closes: #1055962)
     Mitigations for "reptar", INTEL-SA-00950 (CVE-2023-23583)
     Sequence of processor instructions leads to unexpected behavior for some
     Intel(R) Processors, may allow an authenticated user to potentially enable
     escalation of privilege and/or information disclosure and/or denial of
     service via local access.
     Note: "reptar" on 4th gen Xeon Scalable (sig 0x806f8 pfm 0x87), 12th gen
     Core mobile (sig 0x906a4 pfm 0x80), 13th gen Core desktop (sig 0xb0671 pfm
     0x01) were already mitigated by a previous microcode update.
   * Fixes for unspecified functional issues
   * Updated microcodes:
     sig 0x000606a6, pf_mask 0x87, 2023-09-01, rev 0xd0003b9, size 299008
     sig 0x000606c1, pf_mask 0x10, 2023-09-08, rev 0x1000268, size 290816
     sig 0x000706e5, pf_mask 0x80, 2023-09-03, rev 0x00c2, size 113664
     sig 0x000806c1, pf_mask 0x80, 2023-09-07, rev 0x00b4, size 111616
     sig 0x000806c2, pf_mask 0xc2, 2023-09-07, rev 0x0034, size 98304
     sig 0x000806d1, pf_mask 0xc2, 2023-09-07, rev 0x004e, size 104448
     sig 0x000806f8, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0, size 572416
     sig 0x000806f8, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0
     sig 0x000806f7, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0
     sig 0x000806f6, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0
     sig 0x000806f5, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0
     sig 0x000806f4, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0
     sig 0x000806f8, pf_mask 0x10, 2023-06-26, rev 0x2c000290, size 605184
     sig 0x000806f8, pf_mask 0x10, 2023-06-26, rev 0x2c000290
     sig 0x000806f6, pf_mask 0x10, 2023-06-26, rev 0x2c000290
     sig 0x000806f5, pf_mask 0x10, 2023-06-26, rev 0x2c000290
     sig 0x000806f4, pf_mask 0x10, 2023-06-26, rev 0x2c000290
     sig 0x00090672, pf_mask 0x07, 2023-06-07, rev 0x0032, size 222208
     sig 0x00090672, pf_mask 0x07, 2023-06-07, rev 0x0032
     sig 0x00090675, pf_mask 0x07, 2023-06-07, rev 0x0032
     sig 0x000b06f2, pf_mask 0x07, 2023-06-07, rev 0x0032
     sig 0x000b06f5, pf_mask 0x07, 2023-06-07, rev 0x0032
     sig 0x000906a3, pf_mask 0x80, 2023-06-07, rev 0x0430, size 220160
     sig 0x000906a3, pf_mask 0x80, 2023-06-07, rev 0x0430
     sig 0x000906a4, pf_mask 0x80, 2023-06-07, rev 0x0430
     sig 0x000906a4, pf_mask 0x40, 2023-05-05, rev 0x0005, size 117760
     sig 0x000a0671, pf_mask 0x02, 2023-09-03, rev 0x005d, size 104448
     sig 0x000b0671, pf_mask 0x32, 2023-08-29, rev 0x011d, size 210944
     sig 0x000b06a2, pf_mask 0xe0, 2023-08-30, rev 0x411c, size 216064
     sig 0x000b06a2, pf_mask 0xe0, 2023-08-30, rev 0x411c
     sig 0x000b06a3, pf_mask 0xe0, 2023-08-30, rev 0x411c
     sig 0x000b06e0, pf_mask 0x11, 2023-06-26, rev 0x0012, size 136192
   * Updated 2023-08-08 changelog entry with reptar information
   * source: update symlinks to reflect id of the latest release, 20231114
Checksums-Sha1:
 6e99c9e4db98cf4b939267e56066b17d66371fd1 1830 
intel-microcode_3.20231114.1~deb12u1.dsc
 cf4747bfbb78c8ba2f80ccb5594b0f37911e1fa5 6776840 
intel-microcode_3.20231114.1~deb12u1.tar.xz
 9f50ea9e040a37ab20d10e9f509266b08371f150 6130 
intel-microcode_3.20231114.1~deb12u1_amd64.buildinfo
Checksums-Sha256:
 70297531aed34078c403327eb9fd18b0afa1a6503c36a57a3599fb9b6ac0b99e 1830 
intel-microcode_3.20231114.1~deb12u1.dsc
 606fdc88a3e15034121730e86d84e55cec98b5cfb747d31af277a0eeaa9c202d 6776840 
intel-microcode_3.20231114.1~deb12u1.tar.xz
 ef16fdd8df042582704b123fab960304978f47f4e7cb3f1caa7299ef838c032b 6130 
intel-microcode_3.20231114.1~deb12u1_amd64.buildinfo
Files:
 2ef535e1f487305bc353adcf523a0e17 1830 non-free-firmware/admin standard 
intel-microcode_3.20231114.1~deb12u1.dsc
 8dc8466131323dc0aadfcd5cb18d77b1 6776840 non-free-firmware/admin standard 
intel-microcode_3.20231114.1~deb12u1.tar.xz
 925867af9eec5fbba696fbafe0f0a390 6130 non-free-firmware/admin standard 
intel-microcode_3.20231114.1~deb12u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEIXEYtQeAQUHyKjs9TkVcVzAplOQFAmVZFx8ACgkQTkVcVzAp
lOSwag//d/sbtdL15o2ihXz+rG5Xo+Dbs4k1sxn6ec82d4GVc9wQmnJru9g4l0Mi
pi29ftFfNxc1f7jZNARXfrbnC6pOXJyr8MUBIKl+IvW6LBY0tAgQYu7MiJyshDmZ
yG8FFRw+AKCefCuXEh1CdfoAD09QOB+FIwjf2+ulwv3WoCgnIe1GyTvOlxvrU51n
GnM0ZjaWdXgOLuSZZbLeYda1wIon/tHw5YtSZxMecnXEafvOyVkckXE07xjQTbq9
4Fo3epiXlgGLbfORh8xKsWxZ8WIWO+9zUiTqsDZrPf54Vxss0sdUp1YEzh1ELd7m
F+Wf2xe3tVnEkNxSbmd03fLoyT0rP1iq8xkKgWsFwl/hbeRG54LEpek3kEpwh1aw
fAlnDngI2MnSHkKa7/R0PKdxZSeNozxZotDE8QN07OFnplnbUlkzNT/OCQpLpvBs
GP2u9zuPPbuagoE85dwZMdnGVTpliX5+oP9u6HXjzLG/V/MY8Iey/voAgQH4oCZ4
jtlPfHd7kMu5ByygfsJ9VdreQLVAFXKWa7IOhnlwPaP+CxxXtSXSL9xGhPfedcFE
5aMzhsYP+3px4CntM1nnIHUDwdeA1vTZDEUBeSZxstbOURIlbdLPyq6dJMg/l87S
4zjSljDpiZNeCvgOIUFiIrBFPhQhOSotnnEDdcTkkXDna+tqP6o=
=gUkI
-----END PGP SIGNATURE-----

--- End Message ---