[ol7_latest] AAVMF-1:1.7.1-3.el7.noarch

Name:	AAVMF
Epoch:	1
Version:	1.7.1
Release:	3.el7
Architecture:	noarch
Group:	Applications/Emulators
Size:	958440525
License:	BSD
RPM:	AAVMF-1.7.1-3.el7.noarch.rpm
Source RPM:	edk2-1.7.1-3.el7.src.rpm
Build Date:	Thu Oct 17 2024
Build Host:	build-ol7-aarch64.oracle.com
Vendor:	Oracle
URL:	http://www.tianocore.org
Summary:	UEFI Firmware for aarch64 virtual machines
Description:	UEFI Firmware for aarch64 virtual machines

Changelog (Show File list) (Show related packages)

Mon Sep 09 2024 Aaron Young <aaron.young@oracle.com>

- Create new 1.7.1 release for OL7 which includes the following fixed CVEs:
- EDK2: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access [Orabug: 36990130] {CVE-2024-1298}
- EDK2: In the Linux kernel before 6.9, an untrusted hypervisor can inject virtual interrupt 29 (#VC) at any point in time and can trigger its handler. [Orabug: 36990244] {CVE-2024-25742}
- EDK2: EDK2’s Network Package is susceptible to a predictable TCP Initial Sequence Number. [Orabug: 36990198] {CVE-2023-45236}
- EDK2: EDK2’s Network Package is susceptible to a predictable TCP Initial Sequence Number. [Orabug: 36990210] {CVE-2023-45237}

Tue Feb 27 2024 Aaron Young <aaron.young@oracle.com>

- Create new 1.7.0 release for OL7 which includes the following fixed CVEs:
  {CVE-2023-45229} {CVE-2023-45230} {CVE-2023-45231} {CVE-2023-45232} {CVE-2023-45233} {CVE-2023-45234} {CVE-2023-45235} {CVE-2022-36763} {CVE-2022-36764} {CVE-2022-36765}
- Update to OpenSSL 3.0.10 which includes the following fixed CVEs:
  {CVE-2023-2975} {CVE-2023-1255} {CVE-2023-0401} {CVE-2023-0217} {CVE-2023-0216} {CVE-2023-0215} {CVE-2022-4203} {CVE-2022-3996} {CVE-2022-3602} {CVE-2022-3786} {CVE-2022-3358} {CVE-2022-2274} {CVE-2022-1473} {CVE-2022-1434} {CVE-2022-1343} {CVE-2021-4044} {CVE-2021-23839}

Tue Aug 22 2023 Aaron Young <aaron.young@oracle.com>
```
- Create new 1.6.6.cvm release for OL7
```

Mon Aug 21 2023 Aaron Young <aaron.young@oracle.com>

- Create new 1.6.6 release for OL7 which includes the following fixed CVEs:
  {CVE-2019-14560}
- Update to OpenSSL 1.1.1v which includes the following fixed CVEs:
  {CVE-2023-3817} {CVE-2023-3446} {CVE-2023-2650} {CVE-2023-0465} {CVE-2023-0466} {CVE-2023-0464} {CVE-2023-0286} {CVE-2023-0215} {CVE-2022-4450} {CVE-2022-4304} {CVE-2022-2097} {CVE-2022-2068} {CVE-2022-1292} {CVE-2022-0778} {CVE-2021-4160} {CVE-2021-3712} {CVE-2021-3711} {CVE-2021-3450} {CVE-2021-3449} {CVE-2021-23841} {CVE-2021-23840} {CVE-2020-1971} {CVE-2020-1967} {CVE-2019-1551} {CVE-2019-1563} {CVE-2019-1549} {CVE-2019-1547} {CVE-2019-1552} {CVE-2019-1543} {CVE-2018-0734} {CVE-2018-0735}

Tue Jun 13 2023 Aaron Young <aaron.young@oracle.com>
```
- Create new 1.6.5.cvm release for OL7
```

Mon Feb 27 2023 Aaron Young <aaron.young@oracle.com>

- Create new 1.6.4.cvm release for OL7 which includes the following fixed CVEs:
  {CVE-2021-38578}

Tue Jun 28 2022 Aaron Young <aaron.young@oracle.com>
```
- Create new 1.6.3 release for OL7
```
Wed Jun 01 2022 Aaron Young <aaron.young@oracle.com>
```
- Create new 1.6.2 release for OL7
```
Wed May 11 2022 Aaron Young <aaron.young@oracle.com>
```
- Create new 1.6.1 release for OL7
```

Wed Apr 06 2022 Aaron Young <aaron.young@oracle.com>

- Create new 1.6.0 release for OL7 which includes the following fixed CVEs:
  {CVE-2022-0778}