Groups | Search | Server Info | Login | Register

Groups > linux.debian.security > #5604

Re: Intel Microcode updates

From Andrew McGlashan <andrew.mcglashan@affinityvision.com.au>
Newsgroups linux.debian.security
Subject Re: Intel Microcode updates
Date 2019-06-18 20:30 +0200
Message-ID <yar1L-8aV-5@gated-at.bofh.it> (permalink)
References (2 earlier) <y7Srw-4S3-13@gated-at.bofh.it> <y7SBb-4VG-1@gated-at.bofh.it> <y7UjD-60r-9@gated-at.bofh.it> <y7Utj-64f-5@gated-at.bofh.it> <yairv-2Y4-1@gated-at.bofh.it>
Organization linux.* mail to news gateway

Show all headers | View raw

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi,

>>>> On 12/6/19 3:16 am, Holger Levsen wrote:
>>>>> On Wed, Jun 12, 2019 at 03:05:13AM +1000, Andrew McGlashan 
>>>>> wrote:
>>>>>> Exploiting the flaws needs malicious code to be running
>>>>>> on your box.  If you are in total control over all VMs
>>>>>> and processes on the box, then you should be good.
>>>>> do you use a webbrowser with javascript enabled?
>>>> Good point, yes that is another risk.
> Actually though, if you update your browser to lessen the
> granularity of time that the exploits require, it might not be an
> issue.  So, don't run an out of date browser....  is that enough?


It doesn't have to be JavaScript, it can be ANY scripting.  When it
comes to an updated browser, the exploit relies upon very precise
timing differences between operations -- if the browser won't report
timing with enough precision, then the exploit cannot work reliably if
at all (probably not at all).

Now as for TB, well, one would hope (I don't now the answer), that
they too have implemented the same fixes that Mozilla made for Firefox
to thwart the success of an exploit as well, ie have timing being less
granular to be able to perform the exploit.

Anyway, if the CPU microcode can be attained for the older CPUs, then
the licensing issue with Debian providing it is no longer a concern (I
believe).  Refer https://01.org/mcu-path-license-2018

Cheers
A.
-----BEGIN PGP SIGNATURE-----

iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCXQkrpQAKCRCoFmvLt+/i
+zHAAP4nK5G7HuNv+YzJBjb0aU4e06faITqYO4/pVxARNed8BQD/ZygkaIizLAte
0MuzlcPSQSjN04zlTUo9gxqD18ttbAE=
=21rJ
-----END PGP SIGNATURE-----

Back to linux.debian.security | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

Intel Microcode updates Russell Coker <russell@coker.com.au> - 2019-06-10 06:10 +0200
  Re: Intel Microcode updates Michael Stone <mstone@debian.org> - 2019-06-10 13:20 +0200
    Re: Intel Microcode updates Davide Prina <davide.prina@gmail.com> - 2019-06-10 19:50 +0200
      Re: Intel Microcode updates Michael Stone <mstone@debian.org> - 2019-06-10 20:40 +0200
        Re: Intel Microcode updates Davide Prina <davide.prina@gmail.com> - 2019-06-11 20:10 +0200
          Re: Intel Microcode updates Michael Stone <mstone@debian.org> - 2019-06-11 22:00 +0200
    Re: Intel Microcode updates Russell Coker <russell@coker.com.au> - 2019-06-11 14:00 +0200
  Re: Intel Microcode updates Henrique de Moraes Holschuh <hmh@debian.org> - 2019-06-11 04:20 +0200
    Re: Intel Microcode updates Russell Coker <russell@coker.com.au> - 2019-06-11 14:00 +0200
      Re: Intel Microcode updates Moritz Mühlenhoff <jmm@inutil.org> - 2019-06-11 14:30 +0200
        Re: Intel Microcode updates Henrique de Moraes Holschuh <hmh@debian.org> - 2019-06-12 17:00 +0200
          Re: Intel Microcode updates Elmar Stellnberger <estellnb@gmail.com> - 2019-06-18 13:00 +0200
            Re: Intel Microcode updates Henrique de Moraes Holschuh <hmh@debian.org> - 2019-06-23 22:30 +0200
              Re: Intel Microcode updates Elmar Stellnberger <estellnb@gmail.com> - 2019-06-23 22:40 +0200
                Re: Intel Microcode updates Henrique de Moraes Holschuh <hmh@debian.org> - 2019-06-24 04:10 +0200
              Re: Intel Microcode updates Davide Prina <davide.prina@gmail.com> - 2019-06-24 19:40 +0200
          Re: Intel Microcode updates Elmar Stellnberger <estellnb@gmail.com> - 2019-06-18 22:10 +0200
          Re: Intel Microcode updates Elmar Stellnberger <estellnb@gmail.com> - 2019-06-22 14:30 +0200
    Re: Intel Microcode updates Andrew McGlashan <andrew.mcglashan@affinityvision.com.au> - 2019-06-11 19:10 +0200
      Re: Intel Microcode updates Holger Levsen <holger@layer-acht.org> - 2019-06-11 19:20 +0200
        Re: Intel Microcode updates Andrew McGlashan <andrew.mcglashan@affinityvision.com.au> - 2019-06-11 21:10 +0200
          Re: Intel Microcode updates Andrew McGlashan <andrew.mcglashan@affinityvision.com.au> - 2019-06-11 21:20 +0200
            Re: Intel Microcode updates Elmar Stellnberger <estellnb@gmail.com> - 2019-06-18 11:20 +0200
              Re: Intel Microcode updates Andrew McGlashan <andrew.mcglashan@affinityvision.com.au> - 2019-06-18 20:30 +0200
                Re: Intel Microcode updates Rob van der Putten <rob@sput.nl> - 2019-06-20 14:40 +0200
            Re: Intel Microcode updates Elmar Stellnberger <estellnb@gmail.com> - 2019-06-18 22:10 +0200
            Re: Intel Microcode updates Elmar Stellnberger <estellnb@gmail.com> - 2019-06-22 14:30 +0200
    Re: Intel Microcode updates Davide Prina <davide.prina@gmail.com> - 2019-06-23 10:00 +0200
      Re: Intel Microcode updates Lou Poppler <LouPoppler@cableone.net> - 2019-06-24 02:20 +0200
        Re: Intel Microcode updates Davide Prina <davide.prina@gmail.com> - 2019-06-24 20:00 +0200

csiph-web