Show Posts
1
General Discussion / ZombieLoad, RIDL, Fallout, MDS mitigations
« on: May 15, 2019, 05:19:49 am »
Hello,
FreeBSD just updated the devcpu-data port which has the recent Intel Microcode
updates for those 4 vulnerabilities:
https://www.freshports.org/sysutils/devcpu-data/
How does OPNSense handles microcode updates?
The only thing I found about this was this open issue:
https://github.com/opnsense/plugins/issues/1137
Do we have to add it manually or is there a better way addressing this?
I can probably hack around this and backport patches from FreeBSD and devcpu-data manually
but it will break future updates and is a totally ugly solution.
On systems like OPNsense such vulnerabilities should be addressed with more priority
since many of us run them as virtual appliances, partially with untrusted guests on the same physical CPU.
FreeBSD just updated the devcpu-data port which has the recent Intel Microcode
updates for those 4 vulnerabilities:
https://www.freshports.org/sysutils/devcpu-data/
How does OPNSense handles microcode updates?
The only thing I found about this was this open issue:
https://github.com/opnsense/plugins/issues/1137
Do we have to add it manually or is there a better way addressing this?
I can probably hack around this and backport patches from FreeBSD and devcpu-data manually
but it will break future updates and is a totally ugly solution.
On systems like OPNsense such vulnerabilities should be addressed with more priority
since many of us run them as virtual appliances, partially with untrusted guests on the same physical CPU.