Bug#954023: stretch-pu: package amd64-microcode/3.20181128.1~deb9u1

[Henrique de Moraes Holschuh <hmh@debian.org>]

On Sat, 21 Mar 2020, Adam D. Barratt wrote:
> On Sun, 2020-03-15 at 21:37 +0100, Anton Gladky wrote:
> > I have prepared an update for amd64-microcode for Debian Stretch,
> > which fixes CVE-2017-5715. Please see an attached debdiff.
> > 
> > This is the newer upstream version, which fixes CVE-2017-5715.
> > Security team marked this CVE for Stretch as <no-dsa> [1].
> 
> Do you have any input / thoughts on this proposed update?

The microcode might be safe enough, we don't have regressions reported
against the lastest one (which is just a revert by AMD of an update that
did cause regressions when not applied through UEFI).

But that's with recent kernels.

I have no idea about the kernel codepaths it might activate, though, if
new MSRs are exposed.

-- 
  Henrique Holschuh