Announcement

**Guest** · 27 January 2018, 10:23 AM

InsideJob 'upgrade' was a poor choice of keyword that's been made some 15 years ago, they can't change it now as it would break for bunch of people and there are no compelling reasons to do so (rename 'upgrade' and 'update' which should really be 'update' and 'sync').

Downgrading packages is typically done for good reasons and after long discussion in distro channels, e.g. something broke. Generally distro package maintainers 'know better' than users.

Originally posted by ubuntu.pkgs.org

2018-01-22 - Marc Deslauriers <[email protected]> intel-microcode (3.20180108.0+really20170707ubuntu17.10.1) artful-security; urgency=medium * Revert to 20170707 version of microcode because of regressions on certain hardware. (LP: #1742933)

Originally posted by usn.ubuntu.com

USN-3531-1 updated Intel microcode to the 20180108 release. Regressions
were discovered in the microcode updates which could cause system
instability on certain hardware platforms. At the request of Intel, we have
reverted to the previous packaged microcode version, the 20170707 release.

E.g. 'safest' thing to do here is to downgarde and wait for intel to update the microcode package. IIRC they already did this in some form because I remember somebody else complaining about CPU specific microcodes being downgraded in Intel microcode package.

**dungeon** · 27 January 2018, 05:31 PM

Originally posted by InsideJob View Post

Oh, BTW, Intel's mitigated microcode "works fine for me" ™ on my Skylake lappy. Maybe if they stopped deploying stealth DOWNGRADES when I say APT UPGRADE they'd make more progress.

Code:

apt policy intel-microcode
intel-microcode:
Installed: 3.20180108.0~ubuntu17.10.1
Candidate: 3.20180108.0+really20170707ubuntu17.10.1
Version table:
3.20180108.0+really20170707ubuntu17.10.1 500
500 http://us.archive.ubuntu.com/ubuntu artful-updates/main amd64 Packages
500 http://security.ubuntu.com/ubuntu artful-security/main amd64 Packages
*** 3.20180108.0~ubuntu17.10.1 100
100 /var/lib/dpkg/status
3.20170707.1 500
500 http://us.archive.ubuntu.com/ubuntu artful/restricted amd64 Packages

"Upgrade" wasn't a request I made for Ubuntu management to approve... so I had to apt-mark hold the package.

It was reverted back in Debian too as posted by Intel advisory on january 22 (go to Intel site where you can't now find these 20180108 firmwares latest is reverted back there too to 20171117), where they said how they found root cause of reported reboots and fixes will be next week in beta form, etc...

Probably some CPU were not affected by sudden reboots by these firmwares, but many are... today Intel pushed new update on Windows and again these are only in beta form and so on:

https://security-center.intel.com/ad...nguageid=en-fr

For most users – An automatic update available via the Microsoft® Update Catalog which disables ‘Spectre’ variant 2 (CVE 2017-5715) mitigations without a BIOS update. This update supports Windows 7 (SP1), Windows 8.1, and all versions of Windows 10 - client and server
1. For advanced users – refer to the following Knowledge Base (KB) articles
a) KB4073119: IT Pro Guidance

b) KB4072698: Server Guidance
Both of these options eliminate the risk of reboot or other unpredictable system behavior associated with the original microcode update and retain mitigations for ‘Spectre’ variant 1 and ‘Meltdown’ variant 3 until new microcode can be loaded on the system.

AFAIU this they today just disabled Spectre v2 mitigations for machines without BIOS update

until new microcodes came in... so everthing is fine and not fine in the same time, to be continued...

Announcement

Ubuntu 16.04.4 LTS Delayed Due To Spectre & Meltdown

Ubuntu 16.04.4 LTS Delayed Due To Spectre & Meltdown

Comment

Comment