xref: /docs/source.android.com/ko/security/bulletin/2015-11-01.html

<html devsite>
  <head>
    <title>Nexus   - 2015 11</title>
    <meta name="project_path" value="/_project.yaml" />
    <meta name="book_path" value="/_book.yaml" />
  </head>
  <body>
  <!--
      Copyright 2017 The Android Open Source Project

      Licensed under the Apache License, Version 2.0 (the "License");
      you may not use this file except in compliance with the License.
      You may obtain a copy of the License at

          http://www.apache.org/licenses/LICENSE-2.0

      Unless required by applicable law or agreed to in writing, software
      distributed under the License is distributed on an "AS IS" BASIS,
      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
      See the License for the specific language governing permissions and
      limitations under the License.
  -->



  <p>
   <em>
    : 2015 11 2
   </em>
  </p>
  <p>
   Google Android      
   Nexus     .
 Nexus  
   <a href="https://developers.google.com/android/nexus/images">
    Google  
   </a>
    .    LMY48X   2015 11 1   
  Android Marshmallow .  
   <a href="http://source.android.com/security/bulletin/2015-11-01.html#common_questions_and_answers">
       
   </a>
    .
  </p>
  <p>
       2015 10 5   , 
   48  Android  (AOSP)
 .      AOSP
    .
  </p>
  <p>
           
  , MMS      
        .
  </p>
  <p>
            
. SafetyNet  Android   
   <a href="http://source.android.com/security/bulletin/2015-11-01.html#mitigations">
    Android   
   </a>
         
   <a href="http://source.android.com/security/enhancements/index.html">
    
   </a>
    .       
.
  </p>
  <h2 id="security_vulnerability_summary" style="margin-bottom:0px">
     
  </h2>
  <hr/>
  <p>
       ,     ID(CVE),
   .
   <a href="http://source.android.com/security/overview/updates-resources.html#severity">
     
   </a>
            
         
 .
  </p>
  <table>
   <tbody>
    <tr>
     <th>
      
     </th>
     <th>
      CVE
     </th>
     <th>
      
     </th>
    </tr>
    <tr>
     <td>
           
     </td>
     <td>
      CVE-2015-6608
     </td>
     <td>
      
     </td>
    </tr>
    <tr>
     <td>
      libutils    
     </td>
     <td>
      CVE-2015-6609
     </td>
     <td>
      
     </td>
    </tr>
    <tr>
     <td>
          
     </td>
     <td>
      CVE-2015-6611
     </td>
     <td>
      
     </td>
    </tr>
    <tr>
     <td>
      libstagefright   
     </td>
     <td>
      CVE-2015-6610
     </td>
     <td>
      
     </td>
    </tr>
    <tr>
     <td>
      libmedia   
     </td>
     <td>
      CVE-2015-6612
     </td>
     <td>
      
     </td>
    </tr>
    <tr>
     <td>
         
     </td>
     <td>
      CVE-2015-6613
     </td>
     <td>
      
     </td>
    </tr>
    <tr>
     <td>
          
     </td>
     <td>
      CVE-2015-6614
     </td>
     <td>
      
     </td>
    </tr>
   </tbody>
  </table>
  <p>
   <a href="http://source.android.com/security/overview/updates-resources.html#severity">
     
   </a>
            
         
 .
  </p>
  <h2 id="mitigations" style="margin-bottom:0px">
   
  </h2>
  <hr/>
  <p>
    SafetyNet 
   <a href="http://source.android.com/security/enhancements/index.html">
    Android  
   </a>
          .    Android    
.
  </p>
  <ul>
   <li>
    Android      Android  
  .    
Android     .
   </li>
   <li>
    Android       
     SafetyNet   
. Google Play      . 
Google Play       
        . 
        
 . 
        
  .
   </li>
   <li>
      Google       
   .
   </li>
  </ul>
  <h2 id="acknowledgements" style="margin-bottom:0px">
   
  </h2>
  <hr/>
  <p>
       .
  </p>
  <ul>
   <li>
    Abhishek Arya, Oliver Chang, Martin Barbella, Chrome :
CVE-2015-6608
   </li>
   <li>
    Copperhead Security Daniel Micay(daniel.micay (a] copperhead.co): CVE-2015-6609
   </li>
   <li>
    KAIST    (dkay (a] kaist.ac.kr): CVE-2015-6614
   </li>
   <li>
    KAIST    (hongilk (a] kaist.ac.kr): CVE-2015-6614
   </li>
   <li>
    Trend Micro Jack Tang(@jacktang310): CVE-2015-6611
   </li>
   <li>
    Trend Micro Peter Pi: CVE-2015-6611
   </li>
   <li>
    Google Project Zero Natalie Silvanovich: CVE-2015-6608
   </li>
   <li>
    KeenTeam(@K33nTeam,
http://k33nteam.org/) Qidan He(@flanker_hqd). Wen Xu(@antlr7): CVE-2015-6612
   </li>
   <li>
    Trend Micro Seven Shen: CVE-2015-6610
   </li>
  </ul>
  <h2 id="security_vulnerability_details" style="margin-bottom:0px">
     
  </h2>
  <hr/>
  <p>
     
   <a href="http://source.android.com/security/bulletin/2015-11-01.html#security_vulnerability_summary">
      
   </a>
    
    .    ,    CVE,  , ,
       .
    AOSP  
ID .          AOSP
  ID    .
  </p>
  <h3 id="remote_code_execution_vulnerabilities_in_mediaserver">
        
  </h3>
  <p>
           
       
        .
  </p>
  <p>
       ,  
   ,  MMS   
   .
  </p>
  <p>
             
  .   
    3  
      .
  </p>
  <table>
   <tbody>
    <tr>
     <th>
      CVE
     </th>
     <th>
      AOSP   
     </th>
     <th>
      
     </th>
     <th>
       
     </th>
     <th>
       
     </th>
    </tr>
    <tr>
     <td rowspan="6">
      CVE-2015-6608
     </td>
     <td>
      <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/8ec845c8fe0f03bc57c901bc484541bdd6a7cf80">
       ANDROID-19779574
      </a>
     </td>
     <td rowspan="3">
      
     </td>
     <td rowspan="3">
      5.0, 5.1, 6.0
     </td>
     <td rowspan="3">
      Google 
     </td>
    </tr>
    <tr>
     <td>
      <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/c6a2815eadfce62702d58b3fa3887f24c49e1864">
       ANDROID-23680780
      </a>
     </td>
    </tr>
    <tr>
     <td>
      <a href="https://android.googlesource.com/platform%2Fexternal%2Faac/+/b3c5a4bb8442ab3158fa1f52b790fadc64546f46">
       ANDROID-23876444
      </a>
     </td>
    </tr>
    <tr>
     <td>
      <a href="https://android.googlesource.com/platform%2Fexternal%2Ftremolo/+/3830d0b585ada64ee75dea6da267505b19c622fd">
       ANDROID-23881715
      </a>
     </td>
     <td>
      
     </td>
     <td>
      4.4, 5.0, 5.1, 6.0
     </td>
     <td>
      Google 
     </td>
    </tr>
    <tr>
     <td>
      <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/3878b990f7d53eae7c2cf9246b6ef2db5a049872">
       ANDROID-14388161
      </a>
     </td>
     <td>
      
     </td>
     <td>
      4.4  5.1
     </td>
     <td>
      Google 
     </td>
    </tr>
    <tr>
     <td>
      <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/f3eb82683a80341f5ac23057aab733a57963cab2">
       ANDROID-23658148
      </a>
     </td>
     <td>
      
     </td>
     <td>
      5.0, 5.1, 6.0
     </td>
     <td>
      Google 
     </td>
    </tr>
   </tbody>
  </table>
  <h3 id="remote_code_execution_vulnerability_in_libutils">
   libutils    
  </h3>
  <p>
         libutils 
  .       
        
.
  </p>
  <p>
      API 
   MMS    
     .        
      . 
     3  
      .
  </p>
  <table>
   <tbody>
    <tr>
     <th>
      CVE
     </th>
     <th>
      AOSP   
     </th>
     <th>
      
     </th>
     <th>
       
     </th>
     <th>
       
     </th>
    </tr>
    <tr>
     <td>
      CVE-2015-6609
     </td>
     <td>
      <a href="https://android.googlesource.com/platform%2Fbootable%2Frecovery/+/ec63d564a86ad5b30f75aa307b4bd271f6a96a56">
       ANDROID-22953624
      </a>
      [
      <a href="https://android.googlesource.com/platform%2Fsystem%2Fcore/+/419e6c3c68413bd6dbb6872340b2ae0d69a0fd60">
       2
      </a>
      ]
     </td>
     <td>
      
     </td>
     <td>
      6.0 
     </td>
     <td>
      2015 8 3
     </td>
    </tr>
   </tbody>
  </table>
  <h3 id="information_disclosure_vulnerabilities_in_mediaserver">
       
  </h3>
  <p>
        
         
.
  </p>
  <table>
   <tbody>
    <tr>
     <th>
      CVE
     </th>
     <th>
      AOSP   
     </th>
     <th>
      
     </th>
     <th>
       
     </th>
     <th>
       
     </th>
    </tr>
    <tr>
     <td rowspan="12">
      CVE-2015-6611
     </td>
     <td>
      <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/1c7719820359f4190cd4bfd1a24d521face7b4f8">
       ANDROID-23905951
      </a>
      [
      <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/3b76870d146b1350db8a2f7797e06897c8c92dc2">
       2
      </a>
      ]
[
      <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/40715a2ee896edd2df4023d9f6f586977887d34c">
       3
      </a>
      ]
     </td>
     <td rowspan="3">
      
     </td>
     <td rowspan="3">
      6.0 
     </td>
     <td rowspan="3">
      2015 9 7
     </td>
    </tr>
    <tr>
     <td>
      ANDROID-23912202*
     </td>
    </tr>
    <tr>
     <td>
      ANDROID-23953967*
     </td>
    </tr>
    <tr>
     <td>
      <a href="https://android.googlesource.com/platform%2Fframeworks%2Fnative/+/b414255f53b560a06e642251535b019327ba0d7b">
       ANDROID-23696300
      </a>
     </td>
     <td>
      
     </td>
     <td>
      6.0 
     </td>
     <td>
      2015 8 31
     </td>
    </tr>
    <tr>
     <td>
      <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/09ed70fab1f1424971ccc105dcdf5be5ce2e2643">
       ANDROID-23600291
      </a>
     </td>
     <td>
      
     </td>
     <td>
      6.0 
     </td>
     <td>
      2015 8 26
     </td>
    </tr>
    <tr>
     <td>
      <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/892354335d49f0b9fcd10e20e0c13e3cd0f1f1cb">
       ANDROID-23756261
      </a>
      [
      <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/a946d844a77906072f5eb7093d41db465d6514bb">
       2
      </a>
      ]
     </td>
     <td>
      
     </td>
     <td>
      6.0 
     </td>
     <td>
      2015 8 26
     </td>
    </tr>
    <tr>
     <td>
      <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/57bed83a539535bb64a33722fb67231119cb0618">
       ANDROID-23540907
      </a>
      [
      <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/25a634427dec455b79d73562131985ae85b98c43">
       2
      </a>
      ]
     </td>
     <td>
      
     </td>
     <td>
      5.1 
     </td>
     <td>
      2015 8 25
     </td>
    </tr>
    <tr>
     <td>
      <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/d53aced041b7214a92b1f2fd5970d895bb9934e5">
       ANDROID-23541506
      </a>
     </td>
     <td rowspan="4">
      
     </td>
     <td rowspan="4">
      6.0 
     </td>
     <td rowspan="4">
      2015 8 25
     </td>
    </tr>
    <tr>
     <td>
      ANDROID-23284974*
     </td>
    </tr>
    <tr>
     <td>
      ANDROID-23542351*
     </td>
    </tr>
    <tr>
     <td>
      ANDROID-23542352*
     </td>
    </tr>
    <tr>
     <td>
      <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/0981df6e3db106bfb7a56a2b668c012fcc34dd2c">
       ANDROID-23515142
      </a>
     </td>
     <td>
      
     </td>
     <td>
      5.1 
     </td>
     <td>
      2015 8 19
     </td>
    </tr>
   </tbody>
  </table>
  <p>
   *       AOSP   .
  </p>
  <h3 id="elevation_of_privilege_vulnerability_in_libstagefright">
   libstagefright   
  </h3>
  <p>
   libstagefright      
        
   .   
       
  .
  </p>
  <table>
   <tbody>
    <tr>
     <th>
      CVE
     </th>
     <th>
      AOSP   
     </th>
     <th>
      
     </th>
     <th>
       
     </th>
     <th>
       
     </th>
    </tr>
    <tr>
     <td>
      CVE-2015-6610
     </td>
     <td>
      <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/d26052738f7b095b7e318c8dde7f32db0a48450c">
       ANDROID-23707088
      </a>
      [
      <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/820c105f7a4dc0971ee563caea4c9b346854a2f7">
       2
      </a>
      ]
     </td>
     <td>
      
     </td>
     <td>
      6.0 
     </td>
     <td>
      2015 8 19
     </td>
    </tr>
   </tbody>
  </table>
  <h3 id="elevation_of_privilege_vulnerability_in_libmedia">
   libmedia   
  </h3>
  <p>
   libmedia      
       
.   3      
        .
  </p>
  <table>
   <tbody>
    <tr>
     <th>
      CVE
     </th>
     <th>
      AOSP   
     </th>
     <th>
      
     </th>
     <th>
       
     </th>
     <th>
       
     </th>
    </tr>
    <tr>
     <td>
      CVE-2015-6612
     </td>
     <td>
      <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/4b219e9e5ab237eec9931497cf10db4d78982d84">
       ANDROID-23540426
      </a>
     </td>
     <td>
      
     </td>
     <td>
      6.0 
     </td>
     <td>
      2015 8 23
     </td>
    </tr>
   </tbody>
  </table>
  <h3 id="elevation_of_privilege_vulnerability_in_bluetooth">
      
  </h3>
  <p>
          
     .  
3     
   <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">
    
   </a>
   
   <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">
    SignatureOrSystem
   </a>
              .
  </p>
  <table>
   <tbody>
    <tr>
     <th>
      CVE
     </th>
     <th>
      AOSP   
     </th>
     <th>
      
     </th>
     <th>
       
     </th>
     <th>
       
     </th>
    </tr>
    <tr>
     <td>
      CVE-2015-6613
     </td>
     <td>
      <a href="https://android.googlesource.com/platform%2Fsystem%2Fbt/+/74dad51510f7d7b05c6617ef88168bf0bbdf3fcd">
       ANDROID-24371736
      </a>
     </td>
     <td>
      
     </td>
     <td>
      6.0
     </td>
     <td>
      Google 
     </td>
    </tr>
   </tbody>
  </table>
  <h3 id="elevation_of_privilege_vulnerability_in_telephony">
       
  </h3>
  <p>
          
       
  .       
        
.    '
   <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">
    
   </a>
   '     
  .
  </p>
  <table>
   <tbody>
    <tr>
     <th>
      CVE
     </th>
     <th>
      AOSP   
     </th>
     <th>
      
     </th>
     <th>
       
     </th>
     <th>
       
     </th>
    </tr>
    <tr>
     <td>
      CVE-2015-6614
     </td>
     <td>
      <a href="https://android.googlesource.com/platform%2Fframeworks%2Fopt%2Ftelephony/+/70dd1f77873913635288e513564a6c93ae4d0a26">
       ANDROID-21900139
      </a>
      [
      <a href="https://android.googlesource.com/platform%2Fframeworks%2Fbase/+/a12044215b1148826ea9a88d5d1102378b13922f">
       2
      </a>
      ]
[
      <a href="https://android.googlesource.com/platform%2Fframeworks%2Fbase/+/2b6af396ad14def9a967f62cccc87ee715823bb1">
       3
      </a>
      ]
     </td>
     <td>
      
     </td>
     <td>
      5.0, 5.1
     </td>
     <td>
      2015 6 8
     </td>
    </tr>
   </tbody>
  </table>
  <h3 id="common_questions_and_answers">
      
  </h3>
  <p>
              
 .
  </p>
  <p>
   <strong>
    1.          ?
   </strong>
  </p>
  <p>
    LMY48X   2015 11 1     
Android Marshmallow   .       
   <a href="https://support.google.com/nexus/answer/4457705">
    Nexus 
   </a>
    .  
         .
[ro.build.version.security_patch]:[2015-11-01]
  </p>
  <h2 id="revisions" style="margin-bottom:0px">
   
  </h2>
  <hr/>
  <ul>
   <li>
    2015 11 2:  
   </li>
  </ul>
 </div>
 <div class="content-footer-sac" itemscope="" itemtype="http://schema.org/SiteNavigationElement">
  <div class="layout-content-col col-9" style="padding-top:4px">
  </div>
  <div class="paging-links layout-content-col col-4">
  </div>
 </div>
</div>

  </body>
</html>