xref: /docs/source.android.com/ja/security/bulletin/2015-09-01.html

<html devsite>
  <head>
    <title>Nexus  - 2015  9 </title>
    <meta name="project_path" value="/_project.yaml" />
    <meta name="book_path" value="/_book.yaml" />
  </head>
  <body>
  <!--
      Copyright 2017 The Android Open Source Project

      Licensed under the Apache License, Version 2.0 (the "License");
      you may not use this file except in compliance with the License.
      You may obtain a copy of the License at

          http://www.apache.org/licenses/LICENSE-2.0

      Unless required by applicable law or agreed to in writing, software
      distributed under the License is distributed on an "AS IS" BASIS,
      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
      See the License for the specific language governing permissions and
      limitations under the License.
  -->



  <p>
   <em>
    2015  9  9 
   </em>
  </p>
  <p>
   Android Nexus  OTA LMY48M Nexus Android  AOSP 
  </p>
  <p>
   Nexus  
   <a href="https://developers.google.com/android/nexus/images">
    Google  
   </a>
   LMY48M  2015  8  13 
  </p>
  <p>
   CVE-2015-3636
   <a href="http://source.android.com/security/enhancements/index.html">
    Android  
   </a>
    SafetyNet 
   <a href="http://source.android.com/security/bulletin/2015-09-01.html#mitigations">
    
   </a>
   Android 
  </p>
  <p>
   2  CVE-2015-3864  CVE-2015-3686
  </p>
  <h2 id="security_vulnerability_summary" style="margin-bottom:0px">
   
  </h2>
  <hr/>
  <p>
   CVE
   <a href="http://source.android.com/security/overview/updates-resources.html#severity">
    
   </a>
   
  </p>
  <table>
   <tbody>
    <tr>
     <th>
      
     </th>
     <th>
      CVE
     </th>
     <th>
      
     </th>
    </tr>
    <tr>
     <td>
      
     </td>
     <td>
      CVE-2015-3864
     </td>
     <td>
      
     </td>
    </tr>
    <tr>
     <td>
      
     </td>
     <td>
      CVE-2015-3636
     </td>
     <td>
      
     </td>
    </tr>
    <tr>
     <td>
      Binder 
     </td>
     <td>
      CVE-2015-3845
      <br/>
      CVE-2015-1528
     </td>
     <td>
      
     </td>
    </tr>
    <tr>
     <td>
      
     </td>
     <td>
      CVE-2015-3863
     </td>
     <td>
      
     </td>
    </tr>
    <tr>
     <td>
      Region 
     </td>
     <td>
      CVE-2015-3849
     </td>
     <td>
      
     </td>
    </tr>
    <tr>
     <td>
      SMS 
     </td>
     <td>
      CVE-2015-3858
     </td>
     <td>
      
     </td>
    </tr>
    <tr>
     <td>
      Lockscreen 
     </td>
     <td>
      CVE-2015-3860
     </td>
     <td>
      
     </td>
    </tr>
    <tr>
     <td>
      
     </td>
     <td>
      CVE-2015-3861
     </td>
     <td>
      
     </td>
    </tr>
   </tbody>
  </table>
  <h2 id="mitigations" style="margin-bottom:0px">
   
  </h2>
  <hr/>
  <p>
   
   <a href="http://source.android.com/security/enhancements">
    Android  
   </a>
    SafetyNet Android 
  </p>
  <ul>
   <li>
    Android Android  Android 
   </li>
   <li>
    Android   SafetyNet  Google Play Google Play 
   </li>
   <li>
    Google  
   </li>
  </ul>
  <h2 id="acknowledgements" style="margin-bottom:0px">
   
  </h2>
  <hr/>
  <p>
   
  </p>
  <ul>
   <li>
    Exodus Intelligence  Jordan Gruskovnjak@jgrusko: CVE-2015-3864
   </li>
   <li>
    Micha Bednarski: CVE-2015-3845
   </li>
   <li>
    Qihoo 360 Technology Co. Ltd  Guang Gong@oldfresher: CVE-2015-1528
   </li>
   <li>
    Brennan Lautner: CVE-2015-3863
   </li>
   <li>
    jgor@indiecom: CVE-2015-3860
   </li>
   <li>
    Trend Micro Inc.  Wish Wu@wish_wu: CVE-2015-3861
   </li>
  </ul>
  <h2 id="security_vulnerability_details" style="margin-bottom:0px">
   
  </h2>
  <hr/>
  <p>
   
   <a href="http://source.android.com/security/bulletin/2015-09-01.html#security_vulnerability_summary">
    
   </a>
   CVE ID  AOSP  ID  AOSP 
  </p>
  <h3 id="remote_code_execution_vulnerability_in_mediaserver">
   
  </h3>
  <p>
    
  </p>
  <p>
      MMS 
  </p>
  <p>
   
  </p>
  <p>
    CVE-2015-3824ANDROID-20923261 
  </p>
  <table>
   <tbody>
    <tr>
     <th>
      CVE
     </th>
     <th>
       AOSP 
     </th>
     <th>
      
     </th>
     <th>
      
     </th>
    </tr>
    <tr>
     <td>
      CVE-2015-3864
     </td>
     <td>
      <a href="https://android.googlesource.com/platform/frameworks/av/+/6fe85f7e15203e48df2cc3e8e1c4bc6ad49dc968">
       ANDROID-23034759
      </a>
     </td>
     <td>
      
     </td>
     <td>
      5.1 
     </td>
    </tr>
   </tbody>
  </table>
  <h3 id="elevation_privilege_vulnerability_in_kernel">
   
  </h3>
  <p>
   Linux  ping 
  </p>
  <p>
    
  </p>
  <p>
    2015  5  1 
  </p>
  <table>
   <tbody>
    <tr>
     <th>
      CVE
     </th>
     <th>
       AOSP 
     </th>
     <th>
      
     </th>
     <th>
      
     </th>
    </tr>
    <tr>
     <td>
      CVE-2015-3636
     </td>
     <td>
      <a href="https://github.com/torvalds/linux/commit/a134f083e79f">
       ANDROID-20770158
      </a>
     </td>
     <td>
      
     </td>
     <td>
      5.1 
     </td>
    </tr>
   </tbody>
  </table>
  <h3 id="elevation_of_privilege_vulnerability_in_binder">
   Binder 
  </h3>
  <p>
   Binder 
  </p>
  <p>
   
  </p>
  <table>
   <tbody>
    <tr>
     <th>
      CVE
     </th>
     <th>
       AOSP 
     </th>
     <th>
      
     </th>
     <th>
      
     </th>
    </tr>
    <tr>
     <td>
      CVE-2015-3845
     </td>
     <td>
      <a href="https://android.googlesource.com/platform/frameworks/native/+/e68cbc3e9e66df4231e70efa3e9c41abc12aea20">
       ANDROID-17312693
      </a>
     </td>
     <td>
      
     </td>
     <td>
      5.1 
     </td>
    </tr>
    <tr>
     <td>
      CVE-2015-1528
     </td>
     <td>
      <a href="https://android.googlesource.com/platform/frameworks/native/+/7dcd0ec9c91688cfa3f679804ba6e132f9811254">
       ANDROID-19334482
      </a>
      [
      <a href="https://android.googlesource.com/platform/system/core/+/e8c62fb484151f76ab88b1d5130f38de24ac8c14">
       2
      </a>
      ]
     </td>
     <td>
      
     </td>
     <td>
      5.1 
     </td>
    </tr>
   </tbody>
  </table>
  <h3 id="elevation_of_privilege_vulnerability_in_keystore">
   
  </h3>
  <p>
   
  </p>
  <p>
   
  </p>
  <table>
   <tbody>
    <tr>
     <th>
      CVE
     </th>
     <th>
       AOSP 
     </th>
     <th>
      
     </th>
     <th>
      
     </th>
    </tr>
    <tr>
     <td>
      CVE-2015-3863
     </td>
     <td>
      <a href="https://android.googlesource.com/platform/system/security/+/bb9f4392c2f1b11be3acdc1737828274ff1ec55b">
       ANDROID-22802399
      </a>
     </td>
     <td>
      
     </td>
     <td>
      5.1 
     </td>
    </tr>
   </tbody>
  </table>
  <h3 id="elevation_of_privilege_vulnerability_in_region">
   Region 
  </h3>
  <p>
   Region 
  </p>
  <p>
   
  </p>
  <table>
   <tbody>
    <tr>
     <th>
      CVE
     </th>
     <th>
       AOSP 
     </th>
     <th>
      
     </th>
     <th>
      
     </th>
    </tr>
    <tr>
     <td>
      CVE-2015-3849
     </td>
     <td>
      <a href="https://android.googlesource.com/platform/frameworks/base/+/4cff1f49ff95d990d6c2614da5d5a23d02145885">
       ANDROID-20883006
      </a>
      [
      <a href="https://android.googlesource.com/platform/frameworks/base/+/1e72dc7a3074cd0b44d89afbf39bbf5000ef7cc3">
       2
      </a>
      ]
     </td>
     <td>
      
     </td>
     <td>
      5.1 
     </td>
    </tr>
   </tbody>
  </table>
  <h3 id="elevation_of_privilege_vulnerability_in_sms_enables_notification_bypass">
   SMS 
  </h3>
  <p>
   Android  SMS  SMS  SMS 
  </p>
  <p>
   
  </p>
  <table>
   <tbody>
    <tr>
     <th>
      CVE
     </th>
     <th>
       AOSP 
     </th>
     <th>
      
     </th>
     <th>
      
     </th>
    </tr>
    <tr>
     <td>
      CVE-2015-3858
     </td>
     <td>
      <a href="https://android.googlesource.com/platform/frameworks/opt/telephony/+/df31d37d285dde9911b699837c351aed2320b586">
       ANDROID-22314646
      </a>
     </td>
     <td>
      
     </td>
     <td>
      5.1 
     </td>
    </tr>
   </tbody>
  </table>
  <h3 id="elevation_of_privilege_vulnerability_in_lockscreen">
   Lockscreen 
  </h3>
  <p>
   Lockscreen Android 5.0  5.1  4.4  
  </p>
  <p>
   SMS 
  </p>
  <table>
   <tbody>
    <tr>
     <th>
      CVE
     </th>
     <th>
       AOSP 
     </th>
     <th>
      
     </th>
     <th>
      
     </th>
    </tr>
    <tr>
     <td>
      CVE-2015-3860
     </td>
     <td>
      <a href="https://android.googlesource.com/platform/frameworks/base/+/8fba7e6931245a17215e0e740e78b45f6b66d590">
       ANDROID-22214934
      </a>
     </td>
     <td>
      
     </td>
     <td>
      5.1  5.0
     </td>
    </tr>
   </tbody>
  </table>
  <h3 id="denial_of_service_vulnerability_in_mediaserver">
   
  </h3>
  <p>
   
  </p>
  <p>
    MMS 
  </p>
  <table>
   <tbody>
    <tr>
     <th>
      CVE
     </th>
     <th>
       AOSP 
     </th>
     <th>
      
     </th>
     <th>
      
     </th>
    </tr>
    <tr>
     <td>
      CVE-2015-3861
     </td>
     <td>
      <a href="https://android.googlesource.com/platform/frameworks/av/+/304ef91624e12661e7e35c2c0c235da84a73e9c0">
       ANDROID-21296336
      </a>
     </td>
     <td>
      
     </td>
     <td>
      5.1 
     </td>
    </tr>
   </tbody>
  </table>
 </div>
 <div class="content-footer-sac" itemscope="" itemtype="http://schema.org/SiteNavigationElement">
  <div class="layout-content-col col-9" style="padding-top:4px">
  </div>
  <div class="paging-links layout-content-col col-4">
  </div>
 </div>
</div>

  </body>
</html>