Re: cpu-microcode-intel-20231114

Reply: Marek_Anio�a : "Re: cpu-microcode-intel-20231114"
Reply: patpro_a_patpro.net: "Re: cpu-microcode-intel-20231114"
In reply to: Marek_Anio�a : "cpu-microcode-intel-20231114"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Martin Simmons <martin_at_lispworks.com>
Date: Mon, 15 Apr 2024 13:56:03 UTC

>>>>> On Mon, 15 Apr 2024 09:09:57 +0000, =?iso-8859-2?Q?Marek Anio=B3a?= said:
> 
> As of 13 March 2024. "pkg audit" reports the following vulnerabilities in FreeBSD 13.3-RELEASE-p1:
> 
> cpu-microcode-intel-20231114 is vulnerable:
>   Intel processors - multiple vulnerabilities
>   CVE: CVE-2023-43490
>   CVE: CVE-2023-22655
>   CVE: CVE-2023-28746
>   CVE: CVE-2023-38575
>   CVE: CVE-2023-39368
>   WWW: https://vuxml.FreeBSD.org/freebsd/b6dd9d93-e09b-11ee-92fc-1c697a616631.html
> 
> Found 1 issue(s) in 1 installed package(s).
> 
> The website https://www.freshports.org/sysutils/cpu-microcode-intel/ shows that an update to the package appeared the day before (2024-03-12), but the BINARY package providing THE UPDATE IS STILL NOT AVAILABLE!
> 
> Should this be the case?
> Or, should I update the microcode in some other way?

pkg search cpu-microcode-intel says the latest version is called
cpu-microcode-intel-20240312.  I don't know why these packages have dates in
their names so they don't upgrade automatically.