Date: Wed, 15 May 2019 18:02:16 +0000 (UTC) From: Gordon Tetlow <gordon@FreeBSD.org> To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r53029 - head/share/security/advisories Message-ID: <201905151802.x4FI2Glv058138@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: gordon (src committer) Date: Wed May 15 18:02:16 2019 New Revision: 53029 URL: https://svnweb.freebsd.org/changeset/doc/53029 Log: Update version of MDS advisory Approved by: so Modified: head/share/security/advisories/FreeBSD-SA-19:07.mds.asc Modified: head/share/security/advisories/FreeBSD-SA-19:07.mds.asc ============================================================================== --- head/share/security/advisories/FreeBSD-SA-19:07.mds.asc Wed May 15 15:23:23 2019 (r53028) +++ head/share/security/advisories/FreeBSD-SA-19:07.mds.asc Wed May 15 18:02:16 2019 (r53029) @@ -24,6 +24,13 @@ For general information regarding FreeBSD Security Adv including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>. +0. Revision history + +v1.0 2019-05-14 Initial release. +v1.1 2019-05-15 Fixed date on microcode update package. +v1.2 2019-05-15 Userland startup microcode update details added. + Add language specifying which manufacturers is affected. + I. Background Modern processors make use of speculative execution, an optimization @@ -45,11 +52,14 @@ IV. Workaround No workaround is available. +Only Intel x86 based processors are affected. x86 processors from other +manufacturers (eg, AMD) are not believed to be vulnerable. + Systems with users or processors in different trust domains should disable Hyper-Threading by setting the machdep.hyperthreading_allowed tunable to 0: # echo 'machdep.hyperthreading_allowed=0 >> /boot/loader.conf' -# shutdown +# shutdown -r +10min "Security update" V. Solution @@ -63,15 +73,18 @@ New CPU microcode may be available in a BIOS update fr or by installing the devcpu-data package or sysutils/devcpu-data port. Ensure that the BIOS update or devcpu-data package is dated after 2019-05-14. -If using the package or port the microcode update can be applied at boot time -by adding the following lines to the system's /boot/loader.conf: +If using the package or port the Intel microcode update can be applied at +boot time (only on FreeBSD 12 and later) by adding the following lines to the +system's /boot/loader.conf: cpu_microcode_load="YES" cpu_microcode_name="/boot/firmware/intel-ucode.bin" -Microcode updates can also be applied while the system is running. See -cpucontrol(8) for details. +To automatically load microcode during userland startup (supported on all +FreeBSD versions), add the following to /etc/rc.conf: +microcode_update_enable="YES" + 1) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 @@ -180,19 +193,19 @@ The latest revision of this advisory is available at <URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-19:07.mds.asc> -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlzcFgRfFIAAAAAALgAo +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlzcU9dfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n -5cLmcw//cAwFw1SkYL3uFd0nTTnIltrzwTkMkxAFRjsxN5XxOJDEVJfygFHzlFhr -TxiFRN+QdE5NQt7HWDB7d1BXnmnIRiL6dqrrL+odPNeh9Wsh3Ft6NUxn8I6/wC4g -O77VYLj5OdhYT6D9PnbIucDBSdNH555Tfmz0eTDY24iVmWw7c1GfYozpl1cEk/Bh -+jgMH5rQZ30v7dKANGTeF0pQeAZaK9NZBWb86NlSy+FYyDu7KS1oEms4hGdQosYU -ZEBVV4uxBVFx3RRQuZM3z/+M9GrpliyHKGmNBX97u975oQ1k66pK6r1lxp+odVoa -UO0YROQ/pepOVmutNHz+8Y953qLaaolNwy+SxpqkEDhjlD6sbwV+ErqbfoCuEnsb -N0a7t52VEqkd3Cnivrd6dJpGtNsYPhruSXIXjRrKhI1fOnJbC/cw1as7WwXx5TdM -471ErTqZuNAcwAUT7Ve7kxNpWk+Lii2lprf+YfrZRk7pqcgmiMurIBAcKys7Skb/ -dCGMckAU9hiUZMmiNuxV33m233zmRB7otHnHSXmmm9/SKCGeUw/OSKugtHGQ/6gJ -2ZQkWCPrL71CRwMzBRtwSCvG6YfTYIZ1gw48r2JzUGg11Urj2pXqRlYGNT7YGHGF -EOKQqSsU9I4CBfI9munJkNJI+Fpghnjpx2lK5w3rbcnkJI9CDzc= -=jH3H +5cKG7Q//XEf1kFc8JABZtSQT5XEP+J/CKMF+W+CqVmV6vLNimOeWVaw5BBWbtbhI +7BENuQRw2NcUbwrhwR+KYKWUN0rF0VQOk+m8JMYQxTu1WQfI9J8HDTXjmp1mfrx4 +CbEjHuHCvGjezdURR0GIfAfkMjfDUEPEq05svPrEFIh2s4QagF7V2gunwNgprXJV +ZzlA2IEUCx2KFbgbPjIJDY7ED0/VXrNeZU9G4R4t9+QSD2r21cF4kax8DLi5Rtz4 +ducXhT5dG+reZXye6c+eryJvjBPEwI9zHth0xLMGHDJUeLAOUkZpNsciuEeNu96O +1EkGqYBKpJGcvsYBnYM0mD2Z23khqxEHWArIluJeVkdezlvREB42nLHQ9oin3opH +ojdh57lkppQqVZ9GTHqQLRVbawiC7oNNWzoYq+ANSReqiIkpPCC3z3NsGDo1oYLK +suMOAtxwPe6qq2Q9voN5lgHNR5w/x2uKxdYx8G8C40ynoFb1W1dQNdGVtmfRpvO5 +lvZGWNsmxWBrlYlm8onpulw1WsPgOp9TmhIAO1IZHVhgsaoF9i1hu/BumOTjiQo0 +Md4IiGAdPkU7nC3MjDm9jsD+bC6GaXwXkyryi1bpNE2feXVg4lvznyah2wQR2VVq ++R3H0+iTHCOS9fEvWWpRIZWL2AfU78O+c/go9ZqqQvGAxVR/UwM= +=pDA1 -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201905151802.x4FI2Glv058138>