From owner-freebsd-security@freebsd.org Wed May 15 12:18:42 2019 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7F0D3158FD55 for ; Wed, 15 May 2019 12:18:42 +0000 (UTC) (envelope-from stephen.wall@redcom.com) Received: from smtp1.redcom.com (smtp1.redcom.com [192.86.3.143]) by mx1.freebsd.org (Postfix) with ESMTP id B1429896E5 for ; Wed, 15 May 2019 12:18:41 +0000 (UTC) (envelope-from stephen.wall@redcom.com) Received: from localhost (localhost [127.0.0.1]) by smtp1.redcom.com (Postfix) with ESMTP id 9A95CA0D4 for ; Wed, 15 May 2019 08:18:35 -0400 (EDT) X-Virus-Scanned: amavisd-new at redcom.com Received: from smtp1.redcom.com ([127.0.0.1]) by localhost (smtp1.redcom.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f4+2WZsR77hC for ; Wed, 15 May 2019 08:18:33 -0400 (EDT) Received: from pie.redcom.com (pie [192.168.33.15]) by smtp1.redcom.com (Postfix) with ESMTP id CA423A043 for ; Wed, 15 May 2019 08:18:33 -0400 (EDT) Received: from exch-02.redcom.com (exch-02.redcom.com [192.168.32.9]) by pie.redcom.com (8.11.7p1+Sun/8.10.2) with ESMTP id x4FCIXf27954 for ; Wed, 15 May 2019 08:18:33 -0400 (EDT) Received: from exch-02.redcom.com (fd00::ccaa:c259:22f8:6f4b) by exch-02.redcom.com (fd00::ccaa:c259:22f8:6f4b) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 15 May 2019 08:18:33 -0400 Received: from exch-02.redcom.com ([fe80::ccaa:c259:22f8:6f4b]) by exch-02.redcom.com ([fe80::ccaa:c259:22f8:6f4b%12]) with mapi id 15.00.1473.003; Wed, 15 May 2019 08:18:33 -0400 From: "Wall, Stephen" To: "freebsd-security@freebsd.org" Subject: RE: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-19:07.mds Thread-Topic: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-19:07.mds Thread-Index: AQHVCrc/ciY74VacHk2HoZYJsEJMo6ZsGJLQ Date: Wed, 15 May 2019 12:18:32 +0000 Message-ID: References: <20190515000302.44CBB1AB79@freefall.freebsd.org> In-Reply-To: <20190515000302.44CBB1AB79@freefall.freebsd.org> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [192.168.84.20] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Rspamd-Queue-Id: B1429896E5 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; spf=pass (mx1.freebsd.org: domain of stephen.wall@redcom.com designates 192.86.3.143 as permitted sender) smtp.mailfrom=stephen.wall@redcom.com X-Spamd-Result: default: False [-2.42 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.98)[-0.980,0]; HAS_XOIP(0.00)[]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:192.86.3.143/32]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; DMARC_NA(0.00)[redcom.com]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-0.99)[-0.991,0]; IP_SCORE(-0.01)[country: US(-0.06)]; MX_GOOD(-0.01)[smtp1.redcom.com]; NEURAL_HAM_SHORT(-0.23)[-0.227,0]; TO_DN_EQ_ADDR_ALL(0.00)[]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:46679, ipnet:192.86.3.0/24, country:US]; RCVD_COUNT_SEVEN(0.00)[7] X-Mailman-Approved-At: Wed, 15 May 2019 13:21:21 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 May 2019 12:18:42 -0000 > New CPU microcode may be available in a BIOS update from your system vend= or, > or by installing the devcpu-data package or sysutils/devcpu-data port. > Ensure that the BIOS update or devcpu-data package is dated after 2014-05= -14. >=20 > If using the package or port the microcode update can be applied at boot = time > by adding the following lines to the system's /boot/loader.conf: >=20 > cpu_microcode_load=3D"YES" > cpu_microcode_name=3D"/boot/firmware/intel-ucode.bin" Is this applicable in a virtualized environment, or only on bare metal? If not applicable in a VM, is it at least harmless? Thanks - Steve Wall