diff --git a/.gitignore b/.gitignore
index 23c20b3..c4fca8e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,3 @@
 SOURCES/06-2d-07
 SOURCES/06-55-04
-SOURCES/microcode-20200508.tar.gz
+SOURCES/microcode-20200602.tar.gz
diff --git a/.microcode_ctl.metadata b/.microcode_ctl.metadata
index 449b5ee..5e26097 100644
--- a/.microcode_ctl.metadata
+++ b/.microcode_ctl.metadata
@@ -1,3 +1,3 @@
 bcf2173cd3dd499c37defbc2533703cfa6ec2430 SOURCES/06-2d-07
 2e405644a145de0f55517b6a9de118eec8ec1e5a SOURCES/06-55-04
-773599d13ebe640749768d630357ca60cb52b5ee SOURCES/microcode-20200508.tar.gz
+ea699fd62ba3625062cae60d4a657fa11822b372 SOURCES/microcode-20200602.tar.gz
diff --git a/SOURCES/06-2d-07_readme b/SOURCES/06-2d-07_readme
index 18c676d..2a9f5ec 100644
--- a/SOURCES/06-2d-07_readme
+++ b/SOURCES/06-2d-07_readme
@@ -12,6 +12,7 @@ For the reference, SHA1 checksums of 06-2d-07 microcode files containing
 microcode revisions in question are listed below:
  * 06-2d-07, revision 0x714: bcf2173cd3dd499c37defbc2533703cfa6ec2430
  * 06-2d-07, revision 0x718: 837cfebbfc09b911151dfd179082ad99cf87e85d
+ * 06-2d-07, revision 0x71a: 4512c8149e63e5ed15f45005d7fb5be0041f66f6
 
 Please contact your system vendor for a BIOS/firmware update that contains
 the latest microcode version.  For the information regarding microcode versions
diff --git a/SOURCES/check_caveats b/SOURCES/check_caveats
index c7f0e8a..f43fb4a 100755
--- a/SOURCES/check_caveats
+++ b/SOURCES/check_caveats
@@ -621,19 +621,19 @@ for cfg in $(echo "${configs}"); do
 	# Note that the model filter check is done inside check_pci_config_val
 	# based on the 'mode=' parameter.
 	if [ -n "$cfg_pci" ]; then
-		pci_res=0
-		pci_line=
-		while read -r pci_line; do
-			[ -n "$pci_line" ] || continue
-			pci_res=$(check_pci_config_val "$pci_line" "$match_model")
-			[ "x$pci_res" = x0 ] || break
-		done <<- EOF
-		$cfg_pci
-		EOF
-
-		[ "x$pci_res" = x0 ] || {
-			debug "PCI configuration word check '$pci_line' " \
-			      "failed (with return code $pci_res)"
+		pci_line="$(printf "%s\n" "$cfg_pci" | while read -r pci_line; do
+				[ -n "$pci_line" ] || continue
+				pci_res=$(check_pci_config_val "$pci_line" \
+							       "$match_model")
+				[ 0 != "$pci_res" ] || continue
+				echo "$pci_res $pci_line"
+				break
+			done
+			echo "0 ")"
+
+		[ -z "${pci_line#* }" ] || {
+			debug "PCI configuration word check '${pci_line#* }'" \
+			      "failed (with return code ${pci_line%% *})"
 			fail
 			continue
 		}
diff --git a/SOURCES/gen_provides.sh b/SOURCES/gen_provides.sh
index f963bf6..5e2a2a4 100755
--- a/SOURCES/gen_provides.sh
+++ b/SOURCES/gen_provides.sh
@@ -21,31 +21,75 @@ for f in $(grep -E '/intel-ucode.*/[0-9a-f][0-9a-f]-[0-9a-f][0-9a-f]-[0-9a-f][0-
 	ucode_fname="$ucode_caveat/$ucode"
 	file_sz="$(stat -c "%s" "$f")"
 	skip=0
+	ext_hdr=0
+	ext_sig_cnt=0
+	ext_sig_pos=0
+	next_skip=0
 
+	# Microcode header format description:
+	# https://gitlab.com/iucode-tool/iucode-tool/blob/master/intel_microcode.c
 	while :; do
 		[ "$skip" -lt "$file_sz" ] || break
 
-		# Microcode header format description:
-		# https://gitlab.com/iucode-tool/iucode-tool/blob/master/intel_microcode.c
-		IFS=' ' read hdrver rev \
-		       date_y date_d date_m \
-		       cpuid cksum ldrver \
-		       pf_mask datasz totalsz <<- EOF
-		$(hexdump -s "$skip" -n 36 \
-			-e '"" 1/4 "%u " 1/4 "%#x " \
-		               1/2 "%04x " 1/1 "%02x " 1/1 "%02x " \
-			       1/4 "%08x " 1/4 "%x " 1/4 "%#x " \
-			       1/4 "%u " 1/4 "%u " 1/4 "%u" "\n"' "$f")
-		EOF
-
-		[ 0 != "$datasz" ] || datasz=2000
-		[ 0 != "$totalsz" ] || totalsz=2048
-
-		# TODO: add some sanity/safety checks here.  As of now, there's
-		#       a (pretty fragile) assumption that all the matched files
-		#       are valid Intel microcode files in the expected format.
-
-		skip=$((skip + totalsz))
+		# Do we parse ext_sig table or another microcode header?
+		if [ 0 != "$next_skip" ]; then
+			# Check whether we should abort ext_sig table parsing
+			[ \( "${skip}" -lt "${next_skip}" \) -a \
+			  \( "${ext_sig_pos}" -lt "${ext_sig_cnt}" \) ] || {
+				skip="${next_skip}"
+				next_skip=0
+				continue
+			}
+
+			# ext_sig, 12 bytes in size
+			IFS=' ' read cpuid pf_mask <<- EOF
+			$(hexdump -s "$skip" -n 8 \
+				-e '"" 1/4 "%08x " 1/4 "%u" "\n"' "$f")
+			EOF
+
+			skip="$((skip + 12))"
+			ext_sig_pos="$((ext_sig_pos + 1))"
+		else
+			# Microcode header, 48 bytes, last 3 fields reserved
+			IFS=' ' read hdrver rev \
+			       date_y date_d date_m \
+			       cpuid cksum ldrver \
+			       pf_mask datasz totalsz <<- EOF
+			$(hexdump -s "$skip" -n 36 \
+				-e '"" 1/4 "%u " 1/4 "%#x " \
+			               1/2 "%04x " 1/1 "%02x " 1/1 "%02x " \
+				       1/4 "%08x " 1/4 "%x " 1/4 "%#x " \
+				       1/4 "%u " 1/4 "%u " 1/4 "%u" "\n"' "$f")
+			EOF
+
+			[ 0 != "$datasz" ] || datasz=2000
+			[ 0 != "$totalsz" ] || totalsz=2048
+
+			# TODO: add some sanity/safety checks here.  As of now,
+			#       there's a (pretty fragile) assumption that all
+			#       the matched files are valid Intel microcode
+			#       files in the expected format.
+
+			# ext_sig table is after the microcode payload,
+			# check for its presence
+			if [ 48 -lt "$((totalsz - datasz))" ]; then
+				next_skip="$((skip + totalsz))"
+				skip="$((skip + datasz + 48))"
+				ext_sig_pos=0
+
+				# ext_sig table header, 20 bytes in size,
+				# last 3 fields are reserved.
+				IFS=' ' read ext_sig_cnt  <<- EOF
+				$(hexdump -s "$skip" -n 4 \
+					-e '"" 1/4 "%u" "\n"' "$f")
+				EOF
+
+				skip="$((skip + 20))"
+			else
+				skip="$((skip + totalsz))"
+				next_skip=0
+			fi
+		fi
 
 		#[ -n "$rev" ] || continue
 
diff --git a/SPECS/microcode_ctl.spec b/SPECS/microcode_ctl.spec
index 343e7af..13bae31 100644
--- a/SPECS/microcode_ctl.spec
+++ b/SPECS/microcode_ctl.spec
@@ -1,4 +1,4 @@
-%define intel_ucode_version 20200508
+%define intel_ucode_version 20200602
 %global debug_package %{nil}
 
 %define caveat_dir %{_datarootdir}/microcode_ctl/ucode_with_caveats
@@ -13,7 +13,7 @@
 Summary:        CPU microcode updates for Intel x86 processors
 Name:           microcode_ctl
 Version:        %{intel_ucode_version}
-Release:        1%{?dist}
+Release:        2%{?dist}
 Epoch:          4
 License:        CC0 and Redistributable, no modification permitted
 URL:            https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files
@@ -420,6 +420,60 @@ rm -rf %{buildroot}
 
 
 %changelog
+* Thu Jun 04 2020 Eugene Syromiatnikov <esyr@redhat.com> - 4:20200602-2
+- Avoid temporary file creation, used for here-documents in check_caveats
+  (#1839163).
+
+* Wed Jun 03 2020 Eugene Syromiatnikov <esyr@redhat.com> - 4:20200602-1
+- Update Intel CPU microcode to microcode-20200602 release, addresses
+  CVE-2020-0543, CVE-2020-0548, CVE-2020-0549 (#1795354, #1795356, #1827184):
+  - Update of 06-3c-03/0x32 (HSW C0) microcode from revision 0x27 up to 0x28;
+  - Update of 06-3d-04/0xc0 (BDW-U/Y E0/F0) microcode from revision 0x2e
+    up to 0x2f;
+  - Update of 06-45-01/0x72 (HSW-U C0/D0) microcode from revision 0x25
+    up to 0x26;
+  - Update of 06-46-01/0x32 (HSW-H C0) microcode from revision 0x1b up to 0x1c;
+  - Update of 06-47-01/0x22 (BDW-H/Xeon E3 E0/G0) microcode from revision 0x21
+    up to 0x22;
+  - Update of 06-4e-03/0xc0 (SKL-U/Y D0) microcode from revision 0xd6
+    up to 0xdc;
+  - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000151
+    up to 0x1000157;
+  - Update of 06-55-04/0xb7 (SKX-SP H0/M0/U0, SKX-D M1) microcode
+    (in intel-06-55-04/intel-ucode/06-55-04) from revision 0x2000065
+    up to 0x2006906;
+  - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x400002c
+    up to 0x4002f01;
+  - Update of 06-55-07/0xbf (CLX-SP B1) microcode from revision 0x500002c
+    up to 0x5002f01;
+  - Update of 06-5e-03/0x36 (SKL-H/S R0/N0) microcode from revision 0xd6
+    up to 0xdc;
+  - Update of 06-8e-09/0x10 (AML-Y22 H0) microcode from revision 0xca
+    up to 0xd6;
+  - Update of 06-8e-09/0xc0 (KBL-U/Y H0) microcode from revision 0xca
+    up to 0xd6;
+  - Update of 06-8e-0a/0xc0 (CFL-U43e D0) microcode from revision 0xca
+    up to 0xd6;
+  - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode from revision 0xca
+    up to 0xd6;
+  - Update of 06-8e-0c/0x94 (AML-Y42 V0, CML-Y42 V0, WHL-U V0) microcode
+    from revision 0xca up to 0xd6;
+  - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode from revision
+    0xca up to 0xd6;
+  - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E3 U0) microcode from revision 0xca
+    up to 0xd6;
+  - Update of 06-9e-0b/0x02 (CFL-S B0) microcode from revision 0xca up to 0xd6;
+  - Update of 06-9e-0c/0x22 (CFL-H/S P0) microcode from revision 0xca
+    up to 0xd6;
+  - Update of 06-9e-0d/0x22 (CFL-H R0) microcode from revision 0xca up to 0xd6.
+
+* Fri May 22 2020 Eugene Syromiatnikov <esyr@redhat.com> - 4:20200520-1
+- Update Intel CPU microcode to microcode-20200520 release (#1783103):
+  - Update of 06-2d-06/0x6d (SNB-E/EN/EP C1/M0) microcode from revision 0x61f
+    up to 0x621;
+  - Update of 06-2d-07/0x6d (SNB-E/EN/EP C2/M1) microcode from revision 0x718
+    up to 0x71a.
+
 * Tue May 12 2020 Eugene Syromiatnikov <esyr@redhat.com> - 4:20200508-1
 - Update Intel CPU microcode to microcode-20200508 release (#1783103):
   - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x46