14 DAY TRIAL // The Debian Project released an updated Intel microcode firmware for users of the Debian GNU/Linux 9 "Stretch" operating system series to mitigate two of the latest Spectre vulnerabilities on more Intel CPUs.
Last month, on August 16, Debian's Moritz Muehlenhoff announced the availability of an Intel microcode update that provided Speculative Store Bypass Disable (SSBD) support needed to address both the Spectre Variant 4 and Spectre Variant 3a security vulnerabilities.
However, the Intel microcode update released last month was available only for some types of Intel CPUs, so now the Debian Project released an updated version that implements SSBD support for additional Intel CPU models to mitigate both Spectre V4 and V3a on Debian GNU/Linux 9 "Stretch" systems.
"This update ships updated CPU microcode for additional models of Intel CPUs which were not yet covered by the Intel microcode update released as DSA-4273-1 (and thus provides SSBD support (needed to address "Spectre v4") and fixes for "Spectre v3a"))," writes Moritz Muehlenhoff in a mailing list announcement.
Users are urged to update their systems immediately
The Debian Project urges all users of the Debian GNU/Linux 9 "Stretch" operating system series using Intel CPUs to update the microcode firmware to version 3.20180807a.1~deb9u1, which can be downloaded immediately from the main archives. Also, to fully mitigate the two Spectre vulnerabilities, users will also have to install the latest kernel update.
Known widely as Spectre Variant 3a (CVE-2018-3640) "Rogue System Register Read" and Spectre Variant 4 CVE-2018-3639 "Speculative Store Bypass" side-channel vulnerabilities may allow attackers to obtain access to sensitive information on vulnerable systems. They are severe flaws and need to be patched as soon as possible.