Hello Elmar,
I feel it is best to be very clear on this: I will *not* add automatic
downloading of Intel microcode updates from unofficial place.
The reasons are:
1. License issues. Non-negotiable. And this has been covered in this
half-a-decade-old thread that raised from the grave, so I
On 24/06/19 01:57, Lou Poppler wrote:
I am only guessing, but I think a possible explanation which resolves this
conundrum might be this: The latest release page is saying that the latest
microcode package contains the latest microcode for this Core2 processor, which
is the version last updated
On 23/06/19 22:28, Henrique de Moraes Holschuh wrote:
The README already tells you how to do
it yourself, and people won't read it, why would them find about an
example downloader script?
$ zless /usr/share/doc/intel-microcode/README.Debian.gz
[...]
Custom Linux kernels must be built with init
On Sun, 23 Jun 2019, Elmar Stellnberger wrote:
> As I read from the latest comments the microcode updates for Core 2 systems
> are officially shipped by Intel via the internet though Intel denies this in
Maybe you should fetch the Intel official release yourself and check it
out yourself.
--
H
I am only guessing, but I think a possible explanation which resolves this
conundrum might be this: The latest release page is saying that the latest
microcode package contains the latest microcode for this Core2 processor, which
is the version last updated on 2010-09-28. Not changed, but still m
If it is already described in the readme (I did not get this from the
comments) then I´d consider that a good solution.
I did not know. I will have to do that on my own in a short while
because I still have many Core 2 systems.
As I read from the latest comments the microcode updates for Core
On Tue, 18 Jun 2019, Elmar Stellnberger wrote:
> Perhaps you could add a bash script that does automatically download the
> microcode like f.i. winetricks does with windows code. That way one could be
> more sure to use the right url for it. I also still have quite a lot of Core
> 2 computers and w
On 11/06/19 04:19, Henrique de Moraes Holschuh wrote:
On Mon, 10 Jun 2019, Russell Coker wrote:
model name : Intel(R) Core(TM)2 Quad CPUQ9505 @ 2.83GHz
Intel upstream decided to not distribute it, for whatever reason. The
Core2 will not get any fixes for MDS either (nor will Nehale
Perhaps you could add a bash script that does automatically download the
microcode like f.i. winetricks does with windows code. That way one
could be more sure to use the right url for it. I also still have quite
a lot of Core 2 computers and would thus profit from such a provision.
Am 12.06.1
Just because you disable Javascript in your browser I would not trust
that you will be save from arbitrary code execution. I am using
Thunderbird as an email client and it has the same intrusion problem as
the browsers running Javascript. The arbitrary binary code execution
problem does to my
Hi there
On 18/06/2019 20:21, Andrew McGlashan wrote:
It doesn't have to be JavaScript, it can be ANY scripting.
Or any code.
The whole idea of running software you don't know anything about is insane.
When it
comes to an updated browser, the exploit relies upon very precise
timing differ
Perhaps you could add a bash script that does automatically download the
microcode like f.i. winetricks does with windows code. That way one
could be more sure to use the right url for it. I also still have quite
a lot of Core 2 computers and would thus profit from such a provision.
Am 12.06.1
Just because you disable Javascript in your browser I would not trust
that you will be save from arbitrary code execution. I am using
Thunderbird as an email client and it has the same intrusion problem as
the browsers running Javascript. The arbitrary binary code execution
problem does to my
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
On 12/6/19 3:16 am, Holger Levsen wrote:
> On Wed, Jun 12, 2019 at 03:05:13AM +1000, Andrew McGlashan
> wrote:
>> Exploiting the flaws needs malicious code to be running
>> on your box. If you are in total control over all
Perhaps you could add a bash script that does automatically download the
microcode like f.i. winetricks does with windows code. That way one
could be more sure to use the right url for it. I also still have quite
a lot of Core 2 computers and would thus profit from such a provision.
Am 12.06.1
Just because you disable Javascript in your browser I would not trust
that you will be save from arbitrary code execution. I am using
Thunderbird as an email client and it has the same intrusion problem as
the browsers running Javascript. The arbitrary binary code execution
problem does to my
(BCC'd to #929073 to avoid dragging the BTS into this thread).
On Tue, 11 Jun 2019, Moritz Mühlenhoff wrote:
> Russell Coker schrieb:
> > Should it be regarded as a bug in the intel-microcode package that it
> > doesn't
> > have this update that is "easy enough to source"? Or do you mean "easy
On Tue, Jun 11, 2019 at 08:00:49PM +0200, Davide Prina wrote:
On 10/06/19 20:31, Michael Stone wrote:
On Mon, Jun 10, 2019 at 07:46:47PM +0200, Davide Prina wrote:
On 10/06/19 13:16, Michael Stone wrote:
Your CPU is not supported my Intel, so you either accept the
risk or buy a new one.
you
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
> On 12/6/19 3:16 am, Holger Levsen wrote:
>> On Wed, Jun 12, 2019 at 03:05:13AM +1000, Andrew McGlashan
>> wrote:
>>> Exploiting the flaws needs malicious code to be running on your
>>> box. If you are in total control over all VMs and proces
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
On 12/6/19 3:16 am, Holger Levsen wrote:
> On Wed, Jun 12, 2019 at 03:05:13AM +1000, Andrew McGlashan wrote:
>> Exploiting the flaws needs malicious code to be running on your
>> box. If you are in total control over all VMs and processes on
On 10/06/19 20:31, Michael Stone wrote:
On Mon, Jun 10, 2019 at 07:46:47PM +0200, Davide Prina wrote:
On 10/06/19 13:16, Michael Stone wrote:
Your CPU is not supported my Intel, so you either accept the risk or
buy a new one.
you have another choice: disable the SMP & C. and all mitigation fo
On Wed, Jun 12, 2019 at 03:05:13AM +1000, Andrew McGlashan wrote:
> Exploiting the flaws needs malicious code to be running on your box. If
> you are in total control over all VMs and processes on the box, then you
> should be good.
do you use a webbrowser with javascript enabled?
--
tschau,
Hi Russell,
On 11/6/19 12:19 pm, Henrique de Moraes Holschuh wrote:
> On Mon, 10 Jun 2019, Russell Coker wrote:
>> model name : Intel(R) Core(TM)2 Quad CPUQ9505 @ 2.83GHz
The first thing to think about with all of these problems is, are you
/really/ affected ie, are you at risk?
No
Russell Coker schrieb:
> Should it be regarded as a bug in the intel-microcode package that it doesn't
> have this update that is "easy enough to source"? Or do you mean "easy to
> get
> but not licensed for distribution"?
This is covered by #929073, which links to a PDF by Intel (which docum
On Monday, 10 June 2019 9:16:02 PM AEST Michael Stone wrote:
> Your CPU is not supported my Intel, so you either accept the risk or buy
> a new one. (Note that the latest version of the microcode is from
> 2015--long before any of these speculative execution vulnerabilities
> were mitigated.) Yours
On Tuesday, 11 June 2019 12:19:14 PM AEST Henrique de Moraes Holschuh wrote:
> On Mon, 10 Jun 2019, Russell Coker wrote:
> > model name : Intel(R) Core(TM)2 Quad CPUQ9505 @ 2.83GHz
> >
> > On a system with the above CPU running Debian/Testing I get the following
> > results from the spec
On Mon, 10 Jun 2019, Russell Coker wrote:
> model name : Intel(R) Core(TM)2 Quad CPUQ9505 @ 2.83GHz
>
> On a system with the above CPU running Debian/Testing I get the following
> results from the spectre-meltdown-checker script. Is this a bug in the intel-
> microcode package that the
On Mon, Jun 10, 2019 at 07:46:47PM +0200, Davide Prina wrote:
On 10/06/19 13:16, Michael Stone wrote:
Your CPU is not supported my Intel, so you either accept the risk or
buy a new one.
you have another choice: disable the SMP & C. and all mitigation form Linux
That's not correct, but will s
On 10/06/19 13:16, Michael Stone wrote:
On Mon, Jun 10, 2019 at 02:01:25PM +1000, Russell Coker wrote:
I just discovered the spectre-meltdown-checker package
model name : Intel(R) Core(TM)2 Quad CPU Q9505 @ 2.83GHz
Your CPU is not supported my Intel, so you either accept the risk o
On Mon, Jun 10, 2019 at 02:01:25PM +1000, Russell Coker wrote:
I just discovered the spectre-meltdown-checker package (thanks Sylvestre for
packaging this).
model name : Intel(R) Core(TM)2 Quad CPUQ9505 @ 2.83GHz
On a system with the above CPU running Debian/Testing I get the followin
I just discovered the spectre-meltdown-checker package (thanks Sylvestre for
packaging this).
model name : Intel(R) Core(TM)2 Quad CPUQ9505 @ 2.83GHz
On a system with the above CPU running Debian/Testing I get the following
results from the spectre-meltdown-checker script. Is this a
31 matches
Mail list logo
