Mon Jul 24 22:07:56 UTC 202320230724220756_15.0

patches/packages/kernel-firmware-20230724_59fbffa-noarch-1.txz:  Upgraded.
  AMD microcode updated to fix a use-after-free in AMD Zen2 processors.
  From Tavis Ormandy's annoucement of the issue:
    "The practical result here is that you can spy on the registers of other
    processes. No system calls or privileges are required.
    It works across virtual machines and affects all operating systems.
    I have written a poc for this issue that's fast enough to reconstruct
    keys and passwords as users log in."
  For more information, see:
    https://seclists.org/oss-sec/2023/q3/59
    https://www.cve.org/CVERecord?id=CVE-2023-20593
  (* Security fix *)

1 files changed, 14 insertions, 0 deletions

diff --git a/ChangeLog.txt b/ChangeLog.txt
index 70e66e53c..e5a1803c3 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -1,3 +1,17 @@
+Mon Jul 24 22:07:56 UTC 2023
+patches/packages/kernel-firmware-20230724_59fbffa-noarch-1.txz:  Upgraded.
+  AMD microcode updated to fix a use-after-free in AMD Zen2 processors.
+  From Tavis Ormandy's annoucement of the issue:
+    "The practical result here is that you can spy on the registers of other
+    processes. No system calls or privileges are required.
+    It works across virtual machines and affects all operating systems.
+    I have written a poc for this issue that's fast enough to reconstruct
+    keys and passwords as users log in."
+  For more information, see:
+    https://seclists.org/oss-sec/2023/q3/59
+    https://www.cve.org/CVERecord?id=CVE-2023-20593
+  (* Security fix *)
++--------------------------+
 Mon Jul 24 00:17:18 UTC 2023
 patches/packages/whois-5.5.18-x86_64-1_slack15.0.txz:  Upgraded.
   Updated the .ga TLD server.