Bug#1055962: marked as done (intel-microcode: CVE-2023-23583: INTEL-SA-00950)

[Debian Bug Tracking System]

Your message dated Wed, 13 Dec 2023 07:02:49 +0000
with message-id <e1rdjgb-009x9v...@fasolo.debian.org>
and subject line Bug#1055962: fixed in intel-microcode 3.20231114.1~deb11u1
has caused the Debian Bug report #1055962,
regarding intel-microcode: CVE-2023-23583: INTEL-SA-00950
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1055962: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055962
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: intel-microcode
Version: 3.20230808.1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Control: found -1 3.20230808.1~deb12u1
Control: found -1 3.20230808.1~deb11u1

Hi,

The following vulnerability was published for intel-microcode.

CVE-2023-23583[0]:
| Sequence of processor instructions leads to unexpected behavior for
| some Intel(R) Processors may allow an authenticated user to
| potentially enable escalation of privilege and/or information
| disclosure and/or denial of service via local access.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-23583
    https://www.cve.org/CVERecord?id=CVE-2023-23583
[1] 
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00950.html

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Source: intel-microcode
Source-Version: 3.20231114.1~deb11u1
Done: Henrique de Moraes Holschuh <h...@debian.org>

We believe that the bug you reported is fixed in the latest version of
intel-microcode, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1055...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Henrique de Moraes Holschuh <h...@debian.org> (supplier of updated 
intel-microcode package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 18 Nov 2023 16:47:51 -0300
Source: intel-microcode
Architecture: source
Version: 3.20231114.1~deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Henrique de Moraes Holschuh <h...@debian.org>
Changed-By: Henrique de Moraes Holschuh <h...@debian.org>
Closes: 1055962
Changes:
 intel-microcode (3.20231114.1~deb11u1) bullseye-security; urgency=high
 .
   * Backport to Debian Bullseye
   * debian/control: revert non-free-firmware change
 .
 intel-microcode (3.20231114.1) unstable; urgency=medium
 .
   * New upstream microcode datafile 20231114 (closes: #1055962)
     Mitigations for "reptar", INTEL-SA-00950 (CVE-2023-23583)
     Sequence of processor instructions leads to unexpected behavior for some
     Intel(R) Processors, may allow an authenticated user to potentially enable
     escalation of privilege and/or information disclosure and/or denial of
     service via local access.
     Note: "reptar" on 4th gen Xeon Scalable (sig 0x806f8 pfm 0x87), 12th gen
     Core mobile (sig 0x906a4 pfm 0x80), 13th gen Core desktop (sig 0xb0671 pfm
     0x01) were already mitigated by a previous microcode update.
   * Fixes for unspecified functional issues
   * Updated microcodes:
     sig 0x000606a6, pf_mask 0x87, 2023-09-01, rev 0xd0003b9, size 299008
     sig 0x000606c1, pf_mask 0x10, 2023-09-08, rev 0x1000268, size 290816
     sig 0x000706e5, pf_mask 0x80, 2023-09-03, rev 0x00c2, size 113664
     sig 0x000806c1, pf_mask 0x80, 2023-09-07, rev 0x00b4, size 111616
     sig 0x000806c2, pf_mask 0xc2, 2023-09-07, rev 0x0034, size 98304
     sig 0x000806d1, pf_mask 0xc2, 2023-09-07, rev 0x004e, size 104448
     sig 0x000806f8, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0, size 572416
     sig 0x000806f8, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0
     sig 0x000806f7, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0
     sig 0x000806f6, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0
     sig 0x000806f5, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0
     sig 0x000806f4, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0
     sig 0x000806f8, pf_mask 0x10, 2023-06-26, rev 0x2c000290, size 605184
     sig 0x000806f8, pf_mask 0x10, 2023-06-26, rev 0x2c000290
     sig 0x000806f6, pf_mask 0x10, 2023-06-26, rev 0x2c000290
     sig 0x000806f5, pf_mask 0x10, 2023-06-26, rev 0x2c000290
     sig 0x000806f4, pf_mask 0x10, 2023-06-26, rev 0x2c000290
     sig 0x00090672, pf_mask 0x07, 2023-06-07, rev 0x0032, size 222208
     sig 0x00090672, pf_mask 0x07, 2023-06-07, rev 0x0032
     sig 0x00090675, pf_mask 0x07, 2023-06-07, rev 0x0032
     sig 0x000b06f2, pf_mask 0x07, 2023-06-07, rev 0x0032
     sig 0x000b06f5, pf_mask 0x07, 2023-06-07, rev 0x0032
     sig 0x000906a3, pf_mask 0x80, 2023-06-07, rev 0x0430, size 220160
     sig 0x000906a3, pf_mask 0x80, 2023-06-07, rev 0x0430
     sig 0x000906a4, pf_mask 0x80, 2023-06-07, rev 0x0430
     sig 0x000906a4, pf_mask 0x40, 2023-05-05, rev 0x0005, size 117760
     sig 0x000a0671, pf_mask 0x02, 2023-09-03, rev 0x005d, size 104448
     sig 0x000b0671, pf_mask 0x32, 2023-08-29, rev 0x011d, size 210944
     sig 0x000b06a2, pf_mask 0xe0, 2023-08-30, rev 0x411c, size 216064
     sig 0x000b06a2, pf_mask 0xe0, 2023-08-30, rev 0x411c
     sig 0x000b06a3, pf_mask 0xe0, 2023-08-30, rev 0x411c
     sig 0x000b06e0, pf_mask 0x11, 2023-06-26, rev 0x0012, size 136192
   * Updated 2023-08-08 changelog entry with reptar information
   * source: update symlinks to reflect id of the latest release, 20231114
Checksums-Sha1:
 a1b00ff42e170951b9ece061b650014952407218 1821 
intel-microcode_3.20231114.1~deb11u1.dsc
 4c6a2b963d35edf8f70c0e290a941c50e458aaee 6781728 
intel-microcode_3.20231114.1~deb11u1.tar.xz
 45a305c5c64b66c0b87bbfe87186a37726accc20 6095 
intel-microcode_3.20231114.1~deb11u1_amd64.buildinfo
Checksums-Sha256:
 1b762d0c1622b6bd7d14f98b13611cc98cf9bf02c61ea3b57ac8890211361d39 1821 
intel-microcode_3.20231114.1~deb11u1.dsc
 b95a39c42b0b28cd42a17d97cee3b4a1673e45437c5c2462aed9581a421414bf 6781728 
intel-microcode_3.20231114.1~deb11u1.tar.xz
 4a2e44ded1a06afa2909157e6c2891efd382573c10789f1c5102b4151043c45a 6095 
intel-microcode_3.20231114.1~deb11u1_amd64.buildinfo
Files:
 006198c969050d972b7fa61d313ff532 1821 non-free/admin standard 
intel-microcode_3.20231114.1~deb11u1.dsc
 f2c38e54d3675ac9a4ec86e002db1c3f 6781728 non-free/admin standard 
intel-microcode_3.20231114.1~deb11u1.tar.xz
 78d9f17463e973bdd0c09e08ef679e25 6095 non-free/admin standard 
intel-microcode_3.20231114.1~deb11u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEIXEYtQeAQUHyKjs9TkVcVzAplOQFAmVZFxwACgkQTkVcVzAp
lOStww//S5jA7ASUF1eE/aaSq+RJSzr0fbhRPpJfNuwzE1pjH0G2XkCeSt6ecs/M
z3IWTZp5dPPkX78aDlYl6cn+r7uG8QodvWfb3Xc4QA0Ff32hmLS9jjNoFzwXucLy
S6wHTnAyktcNwx4bdycRtSQ/6BJFKyAkBcdS4b9k8yLUPLBLjiQTlnIiSoMasxeC
833APiGs+JTYdSlUs6dGDhSKibSqzmGZxXLAeimVURUcLO3DZZJDTF9M6i66d/5p
QKzMz79qAxM6o77IOjtrWFzPq8Piqa+a36ZHMeX+dg8kQR3/TX7DubD2hsmwL9eK
XwZ6inxIfbpBusgF4hqq2F2JqYcYXH96aasfIXraX+MbwkzuQx496Z7XUA9CxX6r
4Ysp3jTEFSrRdEOAzDlTPQTALr6uZdrFlN3oWsyLmmIsaDqK09SLH6nCqxSviDJm
O7aMayB/amfLL9dc0BlSYY/14teasvsJWzHWtF9J2Hin8/vWy7ij57OAI5QlMIfQ
Tv807WdaYC2ctl6P00K6/vQUJ6afopQ2D9L+nLENKVKPNIJcM1htlVG/GIerl+2h
aAbL1nlkWOHcXwfAzjxZ4bQRxenp7E82NGeRU5MSnmpRu/8GFgo/Or2GffR97NsV
wer0Z2NMFofsmFg+wKi7tN219H/++04r9IKTOkkHksVYL7wJvOw=
=V5j6
-----END PGP SIGNATURE-----

--- End Message ---