ELA-362-1 intel-microcode security update

multiple vulnerabilities

2021-02-13
Packageintel-microcode
Version3.20201118.1~deb8u1
Related CVEs CVE-2020-8695 CVE-2020-8696 CVE-2020-8698

CVE-2020-8695

Observable discrepancy in the RAPL interface for some
Intel(R) Processors may allow a privileged user to
potentially enable information disclosure via local access.

CVE-2020-8696

Improper removal of sensitive information before storage
or transfer in some Intel(R) Processors may allow an
authenticated user to potentially enable information
disclosure via local access.

CVE-2020-8698

Improper isolation of shared resources in some
Intel(R) Processors may allow an authenticated user to
potentially enable information disclosure via local access.

For Debian 8 jessie, these problems have been fixed in version 3.20201118.1~deb8u1.

We recommend that you upgrade your intel-microcode packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/