Date: Mon, 15 Apr 2024 14:56:03 +0100 From: Martin Simmons <martin@lispworks.com> To: =?iso-8859-2?Q?Marek_Anio=B3a?= <man130117@outlook.com> Cc: freebsd-security@freebsd.org Subject: Re: cpu-microcode-intel-20231114 Message-ID: <202404151356.43FDu3d7023044@higson.cam.lispworks.com> In-Reply-To: <AM5PR03MB296289896D3D652DA041DDC7A8092@AM5PR03MB2962.eurprd03.prod.outlook.com> (message from =?iso-8859-2?Q?Marek_Anio=B3a?= on Mon, 15 Apr 2024 09:09:57 %2B0000) References: <AM5PR03MB296289896D3D652DA041DDC7A8092@AM5PR03MB2962.eurprd03.prod.outlook.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>>>>> On Mon, 15 Apr 2024 09:09:57 +0000, =?iso-8859-2?Q?Marek Anio=B3a?= said: > > As of 13 March 2024. "pkg audit" reports the following vulnerabilities in FreeBSD 13.3-RELEASE-p1: > > cpu-microcode-intel-20231114 is vulnerable: > Intel processors - multiple vulnerabilities > CVE: CVE-2023-43490 > CVE: CVE-2023-22655 > CVE: CVE-2023-28746 > CVE: CVE-2023-38575 > CVE: CVE-2023-39368 > WWW: https://vuxml.FreeBSD.org/freebsd/b6dd9d93-e09b-11ee-92fc-1c697a616631.html > > Found 1 issue(s) in 1 installed package(s). > > The website https://www.freshports.org/sysutils/cpu-microcode-intel/ shows that an update to the package appeared the day before (2024-03-12), but the BINARY package providing THE UPDATE IS STILL NOT AVAILABLE! > > Should this be the case? > Or, should I update the microcode in some other way? pkg search cpu-microcode-intel says the latest version is called cpu-microcode-intel-20240312. I don't know why these packages have dates in their names so they don't upgrade automatically.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202404151356.43FDu3d7023044>