Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 15 Apr 2024 14:27:50 +0000
From:      patpro@patpro.net
To:        "=?utf-8?B?TWFyZWsgQW5pb8WCYQ==?=" <man130117@outlook.com>, "Martin Simmons" <martin@lispworks.com>
Cc:        freebsd-security@freebsd.org
Subject:   Re: cpu-microcode-intel-20231114
Message-ID:  <5e6baf3fd3926c1f0de47da98318f978@patpro.net>
In-Reply-To: <VI1PR03MB2973A21EFD376EBA669F9275A8092@VI1PR03MB2973.eurprd03.prod.outlook.com>
References:  <VI1PR03MB2973A21EFD376EBA669F9275A8092@VI1PR03MB2973.eurprd03.prod.outlook.com> <AM5PR03MB296289896D3D652DA041DDC7A8092@AM5PR03MB2962.eurprd03.prod.outlook.com> <202404151356.43FDu3d7023044@higson.cam.lispworks.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
hi

$ cat  /usr/local/etc/pkg/repos/FreeBSD.conf=20
FreeBSD:=20{
  url: "pkg+http://pkg.FreeBSD.org/${ABI}/latest",
  mirror_type: "srv",
  enabled: yes
}


$ pkg search cpu-microcode-intel
cpu-microcode-intel-20240312   Intel CPU microcode updates




April 15, 2024 4:19 PM, "Marek Anio=C5=82a" <man130117@outlook.com> wrote=
:

> No, it only shows the old version:
>=20
>=20~ # pkg search cpu-microcode-intel
> cpu-microcode-intel-20231114   Intel CPU microcode updates
> ~ #
>=20
>=20The latest version (20240312) is not available.
>=20
>=20From: Martin Simmons <martin@lispworks.com>
> Sent: Monday, April 15, 2024 15:56
> To: Marek Anio=C5=82a <man130117@outlook.com>
> Cc: freebsd-security@freebsd.org <freebsd-security@freebsd.org>
> Subject: Re: cpu-microcode-intel-20231114
>=20
>>=20On Mon, 15 Apr 2024 09:09:57 +0000, =3D?iso-8859-2?Q?Marek Anio=3DB3=
a?=3D said:
>>=20
>>=20As of 13 March 2024. "pkg audit" reports the following vulnerabiliti=
es in FreeBSD 13.3-RELEASE-p1:
>>=20
>>=20cpu-microcode-intel-20231114 is vulnerable:
>> Intel processors - multiple vulnerabilities
>> CVE: CVE-2023-43490
>> CVE: CVE-2023-22655
>> CVE: CVE-2023-28746
>> CVE: CVE-2023-38575
>> CVE: CVE-2023-39368
>> WWW: https://vuxml.FreeBSD.org/freebsd/b6dd9d93-e09b-11ee-92fc-1c697a6=
16631.html
>>=20
>>=20Found 1 issue(s) in 1 installed package(s).
>>=20
>>=20The website https://www.freshports.org/sysutils/cpu-microcode-intel =
shows that an update to the
>> package appeared the day before (2024-03-12), but the BINARY package p=
roviding THE UPDATE IS STILL
>> NOT AVAILABLE!
>>=20
>>=20Should this be the case?
>> Or, should I update the microcode in some other way?
>=20
>=20pkg search cpu-microcode-intel says the latest version is called
> cpu-microcode-intel-20240312.  I don't know why these packages have dat=
es in
> their names so they don't upgrade automatically.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5e6baf3fd3926c1f0de47da98318f978>