[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[Debian 6 Squeeze] ANNOUNCEMENT: Intel processor microcode security update

THIS ANNOUNCEMENT IS ONLY MEANINGFUL FOR PEOPLE USING DEBIAN 6 (SQUEEZE)
ON COMPUTERS WITH INTEL PROCESSORS.  IT DOES NOT APPLY TO THE MORE RECENT
DEBIAN RELEASES.


A new Intel microcode update is available for Debian 6 (codename Squeeze).

This microcode update is considered a security update.  Users of the newer
versions of Debian (stable/Wheezy, testing/Jessie, unstable) have already
received it.

For technical reasons, Debian 6 (Squeeze) will receive intel-microcode
updates only through squeeze-backports, and only after the same update has
been accepted into Debian stable, and pushed out into a Debian stable point
release.

INSTRUCTIONS ON HOW TO INSTALL THE UPDATE ARE AVAILABLE AT THE LAST PART OF
THIS MESSAGE.

This microcode update release contains fixes for a number of severe issues
on a large number of Intel system processor models produced in the last
five years.  Some of the issues fixed by this update address severe
security risks.

Details about some of the issues fixed by this microcode update, about
microcode updates in general, and about microcode update packages can be
found on previous emails on this thread, at:

https://lists.debian.org/debian-user/2013/09/msg00126.html
https://lists.debian.org/debian-user/2013/09/msg01300.html

Do not expect further announcements about intel-microcode updates, this is
an exception due to the known security nature of this update, and due to
the nonstandard process required to install it for the first time.


Installing the squeeze-backports microcode update:

Manual action by the system administrator is required to enable
squeeze-backports in apt's "source.list", and install the backported
intel-microcode and iucode-tool packages for the first time.

After the manual installation of the first update, apt will remember that
it has to get further updates from squeeze-backports.

Please refer to http://backports.debian.org/Instructions/ for general
details on how to use squeeze-backports, and below for step-by-step
simplified instructions.


First install procedure:
------------------------

1. Enable squeeze-backports in /etc/apt/sources.list, adding:

   deb http://YOURMIRROR.debian.org/debian-backports squeeze-backports main contrib non-free

   notice that you need to enable both "contrib" (for the iucode-tool
   package) and "non-free" (for the intel-microcode package).

   This is safe.  In Debian's default configuration, squeeze-backports
   packages are only installed by direct request (-t option of apt-get,
   or by explicitly selecting the version from backports in aptitude).

   It will NOT cause your whole system to be updated to squeeze-backports.

2. apt-get update

3. apt-get --purge remove intel-microcode microcode.ctl

4. apt-get -t squeeze-backports install intel-microcode iucode-tool

   (notice that we had to explictly request that packages from
   squeeze-backports were to be used in step 4).


Update procedure:
-----------------

Once installed, packages from squeeze-backports will be handled
automatically when you update the system.  The system remembers which
packages came from squeeze-backports, and looks there for updates.

1. apt-get update
2. apt-get upgrade (or safe-upgrade, or dist-upgrade)

A new microcode update is already available in Debian unstable, and should
make it to squeeze-backports in about four to six months.

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh
Reply to: