ZombieLoad, RIDL, Fallout, MDS mitigations

Started by s3ns0r, May 15, 2019, 05:19:49 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 15, 2019, 05:19:49 AM
Hello,
FreeBSD just updated the devcpu-data port which has the recent Intel Microcode
updates for those 4 vulnerabilities:
https://www.freshports.org/sysutils/devcpu-data/

How does OPNSense handles microcode updates?

The only thing I found about this was this open issue:
https://github.com/opnsense/plugins/issues/1137

Do we have to add it manually or is there a better way addressing this?
I can probably hack around this and backport patches from FreeBSD and devcpu-data manually
but it will break future updates and is a totally ugly solution.

On systems like OPNsense such vulnerabilities should be addressed with more priority
since many of us run them as virtual appliances, partially with untrusted guests on the same physical CPU.

May 15, 2019, 08:39:43 AM #1
There are two threads in this forum when you search for "devcpu-data". The first one is this topic. The other one holds the answer to your question.


Cheers,
Franco
Print
Go Up Pages1
User actions