From nobody Mon Apr 15 14:27:50 2024 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VJ8f86zY5z5GhZS for ; Mon, 15 Apr 2024 14:28:00 +0000 (UTC) (envelope-from patpro@patpro.net) Received: from rack.patpro.net (rack.patpro.net [193.30.227.216]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature ECDSA (P-256) client-digest SHA256) (Client CN "patpro.net", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4VJ8f81JTlz4fS4 for ; Mon, 15 Apr 2024 14:28:00 +0000 (UTC) (envelope-from patpro@patpro.net) Authentication-Results: mx1.freebsd.org; none Received: from mail.patpro.net (localhost [IPv6:::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (Client did not present a certificate) by rack.patpro.net (Postfix) with ESMTPSA id 41E58BD6C; Mon, 15 Apr 2024 16:27:50 +0200 (CEST) ARC-Filter: OpenARC Filter v1.0.0 rack.patpro.net 41E58BD6C ARC-Seal: i=1; a=rsa-sha256; d=patpro.net; s=openarc-20230616; t=1713191270; cv=none; b=I8MH1L8QuND60BvhuzBQg2sq3Bmq7A9SVBCbm35c+PH/TbaKNHFY/bfZ9cvOTpiA1iF7je8Ro4qlhFwiniQLTU9T/YJt7WBTHDvBL1W2czzib6Imk+aOl/lWLPB37b+e9XNYBe+dIGWSMvn72vCV6wcmfCEqvJGHN2cfa7bKTJw= ARC-Message-Signature: i=1; a=rsa-sha256; d=patpro.net; s=openarc-20230616; t=1713191270; c=relaxed/simple; bh=De/Lk5guH+Mz8ryawxvhuFyVOwbOo57d07hMngmyQp8=; h=DKIM-Signature:MIME-Version:Date:Content-Type: Content-Transfer-Encoding:X-Mailer:From:Message-ID:Subject:To:Cc: In-Reply-To:References; b=DyAGJzZ3XsixRMtKg62Dt52TkQ869UlTFwVH/V7TgzGwVXPQF6rw12ONou4k+iltkMwAnc4zjIvzNlOFioSaUfKw5BmMOl71b+wxiG2Md2zF8GZaoV9Gr5TMRxCWDUZBEgBMjLkPa3Yv+K23qSFzT+KYs5aqwwTH8JvUTMnDs04= ARC-Authentication-Results: i=1; rack.patpro.net DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=patpro.net; s=202403-3b90cc35; t=1713191270; bh=De/Lk5guH+Mz8ryawxvhuFyVOwbOo57d07hMngmyQp8=; h=Date:From:Subject:To:Cc:In-Reply-To:References; b=DJR5H6YJrx1323eF02NYsvVN+Ghqotd4gP6oKjrwu/tE1J/ZAbieJDVeMVcDCbKZE 72Ldsg9DX3DqLEz9BaNAFEnbzqnikwejqMwSYapt7FZ5T+mWXnOnJseQi4dxwbxelT 7rA5b2odOoyRE1ne2TjPxqECOim9qlKkMAkIvxzW26SJAuHLxdK7DeHcf0SJ82dn3J Ur/Q9cxWOHQieuVoqgRVSvBLjLpRkONuR6eVE+QOLXZ/qyOxOV01cFGu3kiq2J6TBl jS8TJQ82EBcnu9x4xUnEyiJsJ4zTOpkrEyF4NCyYJ8NDgJSoGLz+b6qwBX0ISqB8Gl 6R+gAfaW9dcAQ== List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org MIME-Version: 1.0 Date: Mon, 15 Apr 2024 14:27:50 +0000 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Mailer: RainLoop/1.17.0 From: patpro@patpro.net Message-ID: <5e6baf3fd3926c1f0de47da98318f978@patpro.net> Subject: Re: cpu-microcode-intel-20231114 To: "=?utf-8?B?TWFyZWsgQW5pb8WCYQ==?=" , "Martin Simmons" Cc: freebsd-security@freebsd.org In-Reply-To: References: <202404151356.43FDu3d7023044@higson.cam.lispworks.com> X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:29608, ipnet:193.30.224.0/22, country:FR] X-Rspamd-Queue-Id: 4VJ8f81JTlz4fS4 hi $ cat /usr/local/etc/pkg/repos/FreeBSD.conf=20 FreeBSD:=20{ url: "pkg+http://pkg.FreeBSD.org/${ABI}/latest", mirror_type: "srv", enabled: yes } $ pkg search cpu-microcode-intel cpu-microcode-intel-20240312 Intel CPU microcode updates April 15, 2024 4:19 PM, "Marek Anio=C5=82a" wrote= : > No, it only shows the old version: >=20 >=20~ # pkg search cpu-microcode-intel > cpu-microcode-intel-20231114 Intel CPU microcode updates > ~ # >=20 >=20The latest version (20240312) is not available. >=20 >=20From: Martin Simmons > Sent: Monday, April 15, 2024 15:56 > To: Marek Anio=C5=82a > Cc: freebsd-security@freebsd.org > Subject: Re: cpu-microcode-intel-20231114 >=20 >>=20On Mon, 15 Apr 2024 09:09:57 +0000, =3D?iso-8859-2?Q?Marek Anio=3DB3= a?=3D said: >>=20 >>=20As of 13 March 2024. "pkg audit" reports the following vulnerabiliti= es in FreeBSD 13.3-RELEASE-p1: >>=20 >>=20cpu-microcode-intel-20231114 is vulnerable: >> Intel processors - multiple vulnerabilities >> CVE: CVE-2023-43490 >> CVE: CVE-2023-22655 >> CVE: CVE-2023-28746 >> CVE: CVE-2023-38575 >> CVE: CVE-2023-39368 >> WWW: https://vuxml.FreeBSD.org/freebsd/b6dd9d93-e09b-11ee-92fc-1c697a6= 16631.html >>=20 >>=20Found 1 issue(s) in 1 installed package(s). >>=20 >>=20The website https://www.freshports.org/sysutils/cpu-microcode-intel = shows that an update to the >> package appeared the day before (2024-03-12), but the BINARY package p= roviding THE UPDATE IS STILL >> NOT AVAILABLE! >>=20 >>=20Should this be the case? >> Or, should I update the microcode in some other way? >=20 >=20pkg search cpu-microcode-intel says the latest version is called > cpu-microcode-intel-20240312. I don't know why these packages have dat= es in > their names so they don't upgrade automatically.