From nobody Mon Apr 15 14:27:46 2024 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VJ8dx5q7zz5GhWx for ; Mon, 15 Apr 2024 14:27:49 +0000 (UTC) (envelope-from infoomatic@gmx.at) Received: from mout.gmx.net (mout.gmx.net [212.227.17.20]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "mout.gmx.net", Issuer "Telekom Security ServerID OV Class 2 CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4VJ8dw5WNtz4fKS for ; Mon, 15 Apr 2024 14:27:48 +0000 (UTC) (envelope-from infoomatic@gmx.at) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmx.at header.s=s31663417 header.b=W44BixdE; dmarc=pass (policy=quarantine) header.from=gmx.at; spf=pass (mx1.freebsd.org: domain of infoomatic@gmx.at designates 212.227.17.20 as permitted sender) smtp.mailfrom=infoomatic@gmx.at DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmx.at; s=s31663417; t=1713191267; x=1713796067; i=infoomatic@gmx.at; bh=5Cjp1bG48ylPOlS1FkxFA2dQg6kcoTuk8EcMoCOKeyQ=; h=X-UI-Sender-Class:Message-ID:Date:MIME-Version:Subject:To: References:From:In-Reply-To:Content-Type: Content-Transfer-Encoding:cc:content-transfer-encoding: content-type:date:from:message-id:mime-version:reply-to:subject: to; b=W44BixdEzjf3Fw+ABQAkp9YsPbFMKGl25fTAzmGiQhT5V1mf31wPQyhefuOTRflG cBinHTYMqpzGknQUiCKHgU8ZSS/hokWSo45cpaBHhwY5rJw2Q6Xr+o56My5dCbGjk 9pm8rut/DIDp9WPnEWf2Ye6bDFtvHiFSR3MXPC77POvA1asfNpUjSBkL0DdiCTdjo rF+izX4irFkq4BQ5IECPjkZZJXP8harQYjWKQXB1XIpYdGvh8hk8WBgXYx7wIiBP8 agwDni3RMKe06IpIRdMNYKoVovOkdm1/OiITvpBg+yOx88gjytrBhiByqNX3rHssx C5et3ldYMWqLSHWYyw== X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a Received: from [10.0.1.209] ([178.114.176.9]) by mail.gmx.net (mrgmx104 [212.227.17.168]) with ESMTPSA (Nemesis) id 1MBlxM-1s1pst0nQS-00CDnf for ; Mon, 15 Apr 2024 16:27:47 +0200 Message-ID: <202633d8-b51c-4f8e-8426-f42a8a79c99d@gmx.at> Date: Mon, 15 Apr 2024 16:27:46 +0200 List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: cpu-microcode-intel-20231114 To: freebsd-security@freebsd.org References: <202404151356.43FDu3d7023044@higson.cam.lispworks.com> Content-Language: en-US From: infoomatic In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable X-Provags-ID: V03:K1:HjK9PpHbY3Ua1BxJOS/CjZSLW2ykL04l8GtIoz3tGMXjEvQ6OfT GVvtX9um93EDWDdDilj052CHT0Y9x3FZIwh7lq0zrHWLvGOOc90VcnBWhwSvtmQiPUh2ZOj XTPFxFhQp1vpzJI9CFvnmhponizvKNIkUcrwPqbL2ZPtLHzTTqt1XfsszZa3mNRhkpnHKgw uliea/Y6jnpc0QplUSw0w== X-Spam-Flag: NO UI-OutboundReport: notjunk:1;M01:P0:GcQX/H/OrLo=;Ku37ZIav9JSYF3obDKv7OlE0EHM HfI4MJBs6Xhxzi/Ry6ipec/1uDNTNPzqChKEECh/EbGn/okzUVfruCERiII4Y5NyS8Tz86Vsg w609ngVv1tqV+5+ZDgISIHbQGzSaPHHtUNglTHmFecAJnqjhB7G2UmxuzlXNUCCmrfWb6HkEi PglIehmiaX3NFfBWb+s783Cl8tepCxlnQLNS24CqeNzCzi/W8is/xbLntMnl4z50oraBh09a5 eq83sqaQZ3uEeZIOp2Zcj//VU/ayDcpVGJd7aLc7WnAlcAg9rtyCIn1FcICPo0HhAjTUkjPFa ZgBlRtEnABVQ/96V2JafqXxNKEqbW3AJwyDiC/7OCY+Olbr0FNkXsVT9ZgS3rkvg5Uk4TAU2K i79N2DCuyGIInDroCeZ1bAQbhbIKtWcnta2Cu8tC3zY/v7xLdnw3EW0TQCLWFQkm21mgZ5/ba xFu20lcUZiJDewPv6PPbNN1VrFMkWh8d3oKEiyucdjnW0UxesdBS2MnwZPDJo/evT3Hx0RLfH aVNZ3EVEgUfAeOjG68hnHMurCBvTptg1nYCLegnlzAi6Au3FvP83FCQ7d1rUUEtLOWgdJBtnx WXR2C8ZmO4bUuuOGk09rgJYlsT6rQxUBbUEiqu+AUWu8x/0KPCqHahk3Iq//8zjzZOp8n030v nxqaZQSAc2fFO7AGS7qc1m3v7m8HN8lSL5xm1Om5Xkh2B8e0/NUPouO1A2VolmE0rRatYjQ9V PampQOQKxCeYCFnGXAwgraZ8pd5xSIW3TfeBTM3z274wcf5FQ9PxdqYb3Kghcz5+LF5SrA/mK b7KLuzzolVJgnLb6sYGqdCQHskgFsWoo329sw4bN3ZDxs= X-Spamd-Bar: -- X-Spamd-Result: default: False [-2.65 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; DMARC_POLICY_ALLOW(-0.50)[gmx.at,quarantine]; NEURAL_SPAM_SHORT(0.34)[0.341]; R_DKIM_ALLOW(-0.20)[gmx.at:s=s31663417]; R_SPF_ALLOW(-0.20)[+a:mout.gmx.net]; RCVD_IN_DNSWL_LOW(-0.10)[212.227.17.20:from]; MIME_GOOD(-0.10)[text/plain]; ONCE_RECEIVED(0.10)[]; XM_UA_NO_VERSION(0.01)[]; RCVD_TLS_ALL(0.00)[]; FROM_HAS_DN(0.00)[]; ARC_NA(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_TRACE(0.00)[0:+]; RCPT_COUNT_ONE(0.00)[1]; DKIM_TRACE(0.00)[gmx.at:+]; RCVD_COUNT_ONE(0.00)[1]; ASN(0.00)[asn:8560, ipnet:212.227.0.0/16, country:DE]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; TO_DN_NONE(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; FREEMAIL_FROM(0.00)[gmx.at]; MLMMJ_DEST(0.00)[freebsd-security@freebsd.org]; RWL_MAILSPIKE_POSSIBLE(0.00)[212.227.17.20:from]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmx.at] X-Rspamd-Queue-Id: 4VJ8dw5WNtz4fKS pkg update -f refreshes fetches your package catalogue (latest or quarterly - see /etc/pkg/FreeBSD.conf). After that you should be able to upgrade the package. Regards, Robert On 15.04.24 16:19, Marek Anio=C5=82a wrote: > No, it only shows the old version: > > =C2=A0 ~ # pkg search cpu-microcode-intel > =C2=A0 cpu-microcode-intel-20231114 =C2=A0 Intel CPU microcode updates > =C2=A0 ~ # > > The latest version (20240312) is not available. > > > > From:=C2=A0Martin Simmons > Sent:=C2=A0Monday, April 15, 2024 15:56 > To:=C2=A0Marek Anio=C5=82a > Cc:=C2=A0freebsd-security@freebsd.org > Subject:=C2=A0Re: cpu-microcode-intel-20231114 > >>>>>> On Mon, 15 Apr 2024 09:09:57 +0000, =3D?iso-8859-2?Q?Marek Anio=3DB= 3a?=3D said: >> >> As of 13 March 2024. "pkg audit" reports the following vulnerabilities = in FreeBSD 13.3-RELEASE-p1: >> >> cpu-microcode-intel-20231114 is vulnerable: >> =C2=A0 Intel processors - multiple vulnerabilities >> =C2=A0 CVE: CVE-2023-43490 >> =C2=A0 CVE: CVE-2023-22655 >> =C2=A0 CVE: CVE-2023-28746 >> =C2=A0 CVE: CVE-2023-38575 >> =C2=A0 CVE: CVE-2023-39368 >> =C2=A0 WWW: https://vuxml.FreeBSD.org/freebsd/b6dd9d93-e09b-11ee-92fc-= 1c697a616631.html >> >> Found 1 issue(s) in 1 installed package(s). >> >> The website https://www.freshports.org/sysutils/cpu-microcode-intel/=C2= =A0shows that an update to the package appeared the day before (2024-03-12= ), but the BINARY package providing THE UPDATE IS STILL NOT AVAILABLE! >> >> Should this be the case? >> Or, should I update the microcode in some other way? > > pkg search cpu-microcode-intel says the latest version is called > cpu-microcode-intel-20240312.=C2=A0 I don't know why these packages have= dates in > their names so they don't upgrade automatically.