cpu-microcode-intel-20231114

Reply: Martin Simmons : "Re: cpu-microcode-intel-20231114"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Marek_Anioła <man130117_at_outlook.com>
Date: Mon, 15 Apr 2024 09:09:57 UTC

As of 13 March 2024. "pkg audit" reports the following vulnerabilities in FreeBSD 13.3-RELEASE-p1:

cpu-microcode-intel-20231114 is vulnerable:
  Intel processors - multiple vulnerabilities
  CVE: CVE-2023-43490
  CVE: CVE-2023-22655
  CVE: CVE-2023-28746
  CVE: CVE-2023-38575
  CVE: CVE-2023-39368
  WWW: https://vuxml.FreeBSD.org/freebsd/b6dd9d93-e09b-11ee-92fc-1c697a616631.html

Found 1 issue(s) in 1 installed package(s).

The website https://www.freshports.org/sysutils/cpu-microcode-intel/ shows that an update to the package appeared the day before (2024-03-12), but the BINARY package providing THE UPDATE IS STILL NOT AVAILABLE!

Should this be the case?
Or, should I update the microcode in some other way?

Marek Anioła