Home | History | Annotate | Download | only in bulletin
      1 <html devsite>
      2   <head>
      3     <title>Nexus   - 2015 11</title>
      4     <meta name="project_path" value="/_project.yaml" />
      5     <meta name="book_path" value="/_book.yaml" />
      6   </head>
      7   <body>
      8   <!--
      9       Copyright 2017 The Android Open Source Project
     10 
     11       Licensed under the Apache License, Version 2.0 (the "License");
     12       you may not use this file except in compliance with the License.
     13       You may obtain a copy of the License at
     14 
     15           http://www.apache.org/licenses/LICENSE-2.0
     16 
     17       Unless required by applicable law or agreed to in writing, software
     18       distributed under the License is distributed on an "AS IS" BASIS,
     19       WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     20       See the License for the specific language governing permissions and
     21       limitations under the License.
     22   -->
     23 
     24 
     25 
     26   <p>
     27    <em>
     28     : 2015 11 2
     29    </em>
     30   </p>
     31   <p>
     32    Google Android      
     33    Nexus     .
     34  Nexus  
     35    <a href="https://developers.google.com/android/nexus/images">
     36     Google  
     37    </a>
     38     .    LMY48X   2015 11 1   
     39   Android Marshmallow .  
     40    <a href="http://source.android.com/security/bulletin/2015-11-01.html#common_questions_and_answers">
     41        
     42    </a>
     43     .
     44   </p>
     45   <p>
     46        2015 10 5   , 
     47    48  Android  (AOSP)
     48  .      AOSP
     49     .
     50   </p>
     51   <p>
     52            
     53   , MMS      
     54         .
     55   </p>
     56   <p>
     57             
     58 . SafetyNet  Android   
     59    <a href="http://source.android.com/security/bulletin/2015-11-01.html#mitigations">
     60     Android   
     61    </a>
     62          
     63    <a href="http://source.android.com/security/enhancements/index.html">
     64     
     65    </a>
     66     .       
     67 .
     68   </p>
     69   <h2 id="security_vulnerability_summary" style="margin-bottom:0px">
     70      
     71   </h2>
     72   <hr/>
     73   <p>
     74        ,     ID(CVE),
     75    .
     76    <a href="http://source.android.com/security/overview/updates-resources.html#severity">
     77      
     78    </a>
     79             
     80          
     81  .
     82   </p>
     83   <table>
     84    <tbody>
     85     <tr>
     86      <th>
     87       
     88      </th>
     89      <th>
     90       CVE
     91      </th>
     92      <th>
     93       
     94      </th>
     95     </tr>
     96     <tr>
     97      <td>
     98            
     99      </td>
    100      <td>
    101       CVE-2015-6608
    102      </td>
    103      <td>
    104       
    105      </td>
    106     </tr>
    107     <tr>
    108      <td>
    109       libutils    
    110      </td>
    111      <td>
    112       CVE-2015-6609
    113      </td>
    114      <td>
    115       
    116      </td>
    117     </tr>
    118     <tr>
    119      <td>
    120           
    121      </td>
    122      <td>
    123       CVE-2015-6611
    124      </td>
    125      <td>
    126       
    127      </td>
    128     </tr>
    129     <tr>
    130      <td>
    131       libstagefright   
    132      </td>
    133      <td>
    134       CVE-2015-6610
    135      </td>
    136      <td>
    137       
    138      </td>
    139     </tr>
    140     <tr>
    141      <td>
    142       libmedia   
    143      </td>
    144      <td>
    145       CVE-2015-6612
    146      </td>
    147      <td>
    148       
    149      </td>
    150     </tr>
    151     <tr>
    152      <td>
    153          
    154      </td>
    155      <td>
    156       CVE-2015-6613
    157      </td>
    158      <td>
    159       
    160      </td>
    161     </tr>
    162     <tr>
    163      <td>
    164           
    165      </td>
    166      <td>
    167       CVE-2015-6614
    168      </td>
    169      <td>
    170       
    171      </td>
    172     </tr>
    173    </tbody>
    174   </table>
    175   <p>
    176    <a href="http://source.android.com/security/overview/updates-resources.html#severity">
    177      
    178    </a>
    179             
    180          
    181  .
    182   </p>
    183   <h2 id="mitigations" style="margin-bottom:0px">
    184    
    185   </h2>
    186   <hr/>
    187   <p>
    188     SafetyNet 
    189    <a href="http://source.android.com/security/enhancements/index.html">
    190     Android  
    191    </a>
    192           .    Android    
    193 .
    194   </p>
    195   <ul>
    196    <li>
    197     Android      Android  
    198   .    
    199 Android     .
    200    </li>
    201    <li>
    202     Android       
    203      SafetyNet   
    204 . Google Play      . 
    205 Google Play       
    206         . 
    207         
    208  . 
    209         
    210   .
    211    </li>
    212    <li>
    213       Google       
    214    .
    215    </li>
    216   </ul>
    217   <h2 id="acknowledgements" style="margin-bottom:0px">
    218    
    219   </h2>
    220   <hr/>
    221   <p>
    222        .
    223   </p>
    224   <ul>
    225    <li>
    226     Abhishek Arya, Oliver Chang, Martin Barbella, Chrome :
    227 CVE-2015-6608
    228    </li>
    229    <li>
    230     Copperhead Security Daniel Micay(daniel.micay (a] copperhead.co): CVE-2015-6609
    231    </li>
    232    <li>
    233     KAIST    (dkay (a] kaist.ac.kr): CVE-2015-6614
    234    </li>
    235    <li>
    236     KAIST    (hongilk (a] kaist.ac.kr): CVE-2015-6614
    237    </li>
    238    <li>
    239     Trend Micro Jack Tang(@jacktang310): CVE-2015-6611
    240    </li>
    241    <li>
    242     Trend Micro Peter Pi: CVE-2015-6611
    243    </li>
    244    <li>
    245     Google Project Zero Natalie Silvanovich: CVE-2015-6608
    246    </li>
    247    <li>
    248     KeenTeam(@K33nTeam,
    249 http://k33nteam.org/) Qidan He(@flanker_hqd). Wen Xu(@antlr7): CVE-2015-6612
    250    </li>
    251    <li>
    252     Trend Micro Seven Shen: CVE-2015-6610
    253    </li>
    254   </ul>
    255   <h2 id="security_vulnerability_details" style="margin-bottom:0px">
    256      
    257   </h2>
    258   <hr/>
    259   <p>
    260      
    261    <a href="http://source.android.com/security/bulletin/2015-11-01.html#security_vulnerability_summary">
    262       
    263    </a>
    264     
    265     .    ,    CVE,  , ,
    266        .
    267     AOSP  
    268 ID .          AOSP
    269   ID    .
    270   </p>
    271   <h3 id="remote_code_execution_vulnerabilities_in_mediaserver">
    272         
    273   </h3>
    274   <p>
    275            
    276        
    277         .
    278   </p>
    279   <p>
    280        ,  
    281    ,  MMS   
    282    .
    283   </p>
    284   <p>
    285              
    286   .   
    287     3  
    288       .
    289   </p>
    290   <table>
    291    <tbody>
    292     <tr>
    293      <th>
    294       CVE
    295      </th>
    296      <th>
    297       AOSP   
    298      </th>
    299      <th>
    300       
    301      </th>
    302      <th>
    303        
    304      </th>
    305      <th>
    306        
    307      </th>
    308     </tr>
    309     <tr>
    310      <td rowspan="6">
    311       CVE-2015-6608
    312      </td>
    313      <td>
    314       <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/8ec845c8fe0f03bc57c901bc484541bdd6a7cf80">
    315        ANDROID-19779574
    316       </a>
    317      </td>
    318      <td rowspan="3">
    319       
    320      </td>
    321      <td rowspan="3">
    322       5.0, 5.1, 6.0
    323      </td>
    324      <td rowspan="3">
    325       Google 
    326      </td>
    327     </tr>
    328     <tr>
    329      <td>
    330       <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/c6a2815eadfce62702d58b3fa3887f24c49e1864">
    331        ANDROID-23680780
    332       </a>
    333      </td>
    334     </tr>
    335     <tr>
    336      <td>
    337       <a href="https://android.googlesource.com/platform%2Fexternal%2Faac/+/b3c5a4bb8442ab3158fa1f52b790fadc64546f46">
    338        ANDROID-23876444
    339       </a>
    340      </td>
    341     </tr>
    342     <tr>
    343      <td>
    344       <a href="https://android.googlesource.com/platform%2Fexternal%2Ftremolo/+/3830d0b585ada64ee75dea6da267505b19c622fd">
    345        ANDROID-23881715
    346       </a>
    347      </td>
    348      <td>
    349       
    350      </td>
    351      <td>
    352       4.4, 5.0, 5.1, 6.0
    353      </td>
    354      <td>
    355       Google 
    356      </td>
    357     </tr>
    358     <tr>
    359      <td>
    360       <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/3878b990f7d53eae7c2cf9246b6ef2db5a049872">
    361        ANDROID-14388161
    362       </a>
    363      </td>
    364      <td>
    365       
    366      </td>
    367      <td>
    368       4.4  5.1
    369      </td>
    370      <td>
    371       Google 
    372      </td>
    373     </tr>
    374     <tr>
    375      <td>
    376       <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/f3eb82683a80341f5ac23057aab733a57963cab2">
    377        ANDROID-23658148
    378       </a>
    379      </td>
    380      <td>
    381       
    382      </td>
    383      <td>
    384       5.0, 5.1, 6.0
    385      </td>
    386      <td>
    387       Google 
    388      </td>
    389     </tr>
    390    </tbody>
    391   </table>
    392   <h3 id="remote_code_execution_vulnerability_in_libutils">
    393    libutils    
    394   </h3>
    395   <p>
    396          libutils 
    397   .       
    398         
    399 .
    400   </p>
    401   <p>
    402       API 
    403    MMS    
    404      .        
    405       . 
    406      3  
    407       .
    408   </p>
    409   <table>
    410    <tbody>
    411     <tr>
    412      <th>
    413       CVE
    414      </th>
    415      <th>
    416       AOSP   
    417      </th>
    418      <th>
    419       
    420      </th>
    421      <th>
    422        
    423      </th>
    424      <th>
    425        
    426      </th>
    427     </tr>
    428     <tr>
    429      <td>
    430       CVE-2015-6609
    431      </td>
    432      <td>
    433       <a href="https://android.googlesource.com/platform%2Fbootable%2Frecovery/+/ec63d564a86ad5b30f75aa307b4bd271f6a96a56">
    434        ANDROID-22953624
    435       </a>
    436       [
    437       <a href="https://android.googlesource.com/platform%2Fsystem%2Fcore/+/419e6c3c68413bd6dbb6872340b2ae0d69a0fd60">
    438        2
    439       </a>
    440       ]
    441      </td>
    442      <td>
    443       
    444      </td>
    445      <td>
    446       6.0 
    447      </td>
    448      <td>
    449       2015 8 3
    450      </td>
    451     </tr>
    452    </tbody>
    453   </table>
    454   <h3 id="information_disclosure_vulnerabilities_in_mediaserver">
    455        
    456   </h3>
    457   <p>
    458         
    459          
    460 .
    461   </p>
    462   <table>
    463    <tbody>
    464     <tr>
    465      <th>
    466       CVE
    467      </th>
    468      <th>
    469       AOSP   
    470      </th>
    471      <th>
    472       
    473      </th>
    474      <th>
    475        
    476      </th>
    477      <th>
    478        
    479      </th>
    480     </tr>
    481     <tr>
    482      <td rowspan="12">
    483       CVE-2015-6611
    484      </td>
    485      <td>
    486       <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/1c7719820359f4190cd4bfd1a24d521face7b4f8">
    487        ANDROID-23905951
    488       </a>
    489       [
    490       <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/3b76870d146b1350db8a2f7797e06897c8c92dc2">
    491        2
    492       </a>
    493       ]
    494 [
    495       <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/40715a2ee896edd2df4023d9f6f586977887d34c">
    496        3
    497       </a>
    498       ]
    499      </td>
    500      <td rowspan="3">
    501       
    502      </td>
    503      <td rowspan="3">
    504       6.0 
    505      </td>
    506      <td rowspan="3">
    507       2015 9 7
    508      </td>
    509     </tr>
    510     <tr>
    511      <td>
    512       ANDROID-23912202*
    513      </td>
    514     </tr>
    515     <tr>
    516      <td>
    517       ANDROID-23953967*
    518      </td>
    519     </tr>
    520     <tr>
    521      <td>
    522       <a href="https://android.googlesource.com/platform%2Fframeworks%2Fnative/+/b414255f53b560a06e642251535b019327ba0d7b">
    523        ANDROID-23696300
    524       </a>
    525      </td>
    526      <td>
    527       
    528      </td>
    529      <td>
    530       6.0 
    531      </td>
    532      <td>
    533       2015 8 31
    534      </td>
    535     </tr>
    536     <tr>
    537      <td>
    538       <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/09ed70fab1f1424971ccc105dcdf5be5ce2e2643">
    539        ANDROID-23600291
    540       </a>
    541      </td>
    542      <td>
    543       
    544      </td>
    545      <td>
    546       6.0 
    547      </td>
    548      <td>
    549       2015 8 26
    550      </td>
    551     </tr>
    552     <tr>
    553      <td>
    554       <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/892354335d49f0b9fcd10e20e0c13e3cd0f1f1cb">
    555        ANDROID-23756261
    556       </a>
    557       [
    558       <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/a946d844a77906072f5eb7093d41db465d6514bb">
    559        2
    560       </a>
    561       ]
    562      </td>
    563      <td>
    564       
    565      </td>
    566      <td>
    567       6.0 
    568      </td>
    569      <td>
    570       2015 8 26
    571      </td>
    572     </tr>
    573     <tr>
    574      <td>
    575       <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/57bed83a539535bb64a33722fb67231119cb0618">
    576        ANDROID-23540907
    577       </a>
    578       [
    579       <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/25a634427dec455b79d73562131985ae85b98c43">
    580        2
    581       </a>
    582       ]
    583      </td>
    584      <td>
    585       
    586      </td>
    587      <td>
    588       5.1 
    589      </td>
    590      <td>
    591       2015 8 25
    592      </td>
    593     </tr>
    594     <tr>
    595      <td>
    596       <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/d53aced041b7214a92b1f2fd5970d895bb9934e5">
    597        ANDROID-23541506
    598       </a>
    599      </td>
    600      <td rowspan="4">
    601       
    602      </td>
    603      <td rowspan="4">
    604       6.0 
    605      </td>
    606      <td rowspan="4">
    607       2015 8 25
    608      </td>
    609     </tr>
    610     <tr>
    611      <td>
    612       ANDROID-23284974*
    613      </td>
    614     </tr>
    615     <tr>
    616      <td>
    617       ANDROID-23542351*
    618      </td>
    619     </tr>
    620     <tr>
    621      <td>
    622       ANDROID-23542352*
    623      </td>
    624     </tr>
    625     <tr>
    626      <td>
    627       <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/0981df6e3db106bfb7a56a2b668c012fcc34dd2c">
    628        ANDROID-23515142
    629       </a>
    630      </td>
    631      <td>
    632       
    633      </td>
    634      <td>
    635       5.1 
    636      </td>
    637      <td>
    638       2015 8 19
    639      </td>
    640     </tr>
    641    </tbody>
    642   </table>
    643   <p>
    644    *       AOSP   .
    645   </p>
    646   <h3 id="elevation_of_privilege_vulnerability_in_libstagefright">
    647    libstagefright   
    648   </h3>
    649   <p>
    650    libstagefright      
    651         
    652    .   
    653        
    654   .
    655   </p>
    656   <table>
    657    <tbody>
    658     <tr>
    659      <th>
    660       CVE
    661      </th>
    662      <th>
    663       AOSP   
    664      </th>
    665      <th>
    666       
    667      </th>
    668      <th>
    669        
    670      </th>
    671      <th>
    672        
    673      </th>
    674     </tr>
    675     <tr>
    676      <td>
    677       CVE-2015-6610
    678      </td>
    679      <td>
    680       <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/d26052738f7b095b7e318c8dde7f32db0a48450c">
    681        ANDROID-23707088
    682       </a>
    683       [
    684       <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/820c105f7a4dc0971ee563caea4c9b346854a2f7">
    685        2
    686       </a>
    687       ]
    688      </td>
    689      <td>
    690       
    691      </td>
    692      <td>
    693       6.0 
    694      </td>
    695      <td>
    696       2015 8 19
    697      </td>
    698     </tr>
    699    </tbody>
    700   </table>
    701   <h3 id="elevation_of_privilege_vulnerability_in_libmedia">
    702    libmedia   
    703   </h3>
    704   <p>
    705    libmedia      
    706        
    707 .   3      
    708         .
    709   </p>
    710   <table>
    711    <tbody>
    712     <tr>
    713      <th>
    714       CVE
    715      </th>
    716      <th>
    717       AOSP   
    718      </th>
    719      <th>
    720       
    721      </th>
    722      <th>
    723        
    724      </th>
    725      <th>
    726        
    727      </th>
    728     </tr>
    729     <tr>
    730      <td>
    731       CVE-2015-6612
    732      </td>
    733      <td>
    734       <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/4b219e9e5ab237eec9931497cf10db4d78982d84">
    735        ANDROID-23540426
    736       </a>
    737      </td>
    738      <td>
    739       
    740      </td>
    741      <td>
    742       6.0 
    743      </td>
    744      <td>
    745       2015 8 23
    746      </td>
    747     </tr>
    748    </tbody>
    749   </table>
    750   <h3 id="elevation_of_privilege_vulnerability_in_bluetooth">
    751       
    752   </h3>
    753   <p>
    754           
    755      .  
    756 3     
    757    <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">
    758     
    759    </a>
    760    
    761    <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">
    762     SignatureOrSystem
    763    </a>
    764               .
    765   </p>
    766   <table>
    767    <tbody>
    768     <tr>
    769      <th>
    770       CVE
    771      </th>
    772      <th>
    773       AOSP   
    774      </th>
    775      <th>
    776       
    777      </th>
    778      <th>
    779        
    780      </th>
    781      <th>
    782        
    783      </th>
    784     </tr>
    785     <tr>
    786      <td>
    787       CVE-2015-6613
    788      </td>
    789      <td>
    790       <a href="https://android.googlesource.com/platform%2Fsystem%2Fbt/+/74dad51510f7d7b05c6617ef88168bf0bbdf3fcd">
    791        ANDROID-24371736
    792       </a>
    793      </td>
    794      <td>
    795       
    796      </td>
    797      <td>
    798       6.0
    799      </td>
    800      <td>
    801       Google 
    802      </td>
    803     </tr>
    804    </tbody>
    805   </table>
    806   <h3 id="elevation_of_privilege_vulnerability_in_telephony">
    807        
    808   </h3>
    809   <p>
    810           
    811        
    812   .       
    813         
    814 .    '
    815    <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">
    816     
    817    </a>
    818    '     
    819   .
    820   </p>
    821   <table>
    822    <tbody>
    823     <tr>
    824      <th>
    825       CVE
    826      </th>
    827      <th>
    828       AOSP   
    829      </th>
    830      <th>
    831       
    832      </th>
    833      <th>
    834        
    835      </th>
    836      <th>
    837        
    838      </th>
    839     </tr>
    840     <tr>
    841      <td>
    842       CVE-2015-6614
    843      </td>
    844      <td>
    845       <a href="https://android.googlesource.com/platform%2Fframeworks%2Fopt%2Ftelephony/+/70dd1f77873913635288e513564a6c93ae4d0a26">
    846        ANDROID-21900139
    847       </a>
    848       [
    849       <a href="https://android.googlesource.com/platform%2Fframeworks%2Fbase/+/a12044215b1148826ea9a88d5d1102378b13922f">
    850        2
    851       </a>
    852       ]
    853 [
    854       <a href="https://android.googlesource.com/platform%2Fframeworks%2Fbase/+/2b6af396ad14def9a967f62cccc87ee715823bb1">
    855        3
    856       </a>
    857       ]
    858      </td>
    859      <td>
    860       
    861      </td>
    862      <td>
    863       5.0, 5.1
    864      </td>
    865      <td>
    866       2015 6 8
    867      </td>
    868     </tr>
    869    </tbody>
    870   </table>
    871   <h3 id="common_questions_and_answers">
    872       
    873   </h3>
    874   <p>
    875               
    876  .
    877   </p>
    878   <p>
    879    <strong>
    880     1.          ?
    881    </strong>
    882   </p>
    883   <p>
    884     LMY48X   2015 11 1     
    885 Android Marshmallow   .       
    886    <a href="https://support.google.com/nexus/answer/4457705">
    887     Nexus 
    888    </a>
    889     .  
    890          .
    891 [ro.build.version.security_patch]:[2015-11-01]
    892   </p>
    893   <h2 id="revisions" style="margin-bottom:0px">
    894    
    895   </h2>
    896   <hr/>
    897   <ul>
    898    <li>
    899     2015 11 2:  
    900    </li>
    901   </ul>
    902  </div>
    903  <div class="content-footer-sac" itemscope="" itemtype="http://schema.org/SiteNavigationElement">
    904   <div class="layout-content-col col-9" style="padding-top:4px">
    905   </div>
    906   <div class="paging-links layout-content-col col-4">
    907   </div>
    908  </div>
    909 </div>
    910 
    911   </body>
    912 </html>
    913