1 <html devsite> 2 <head> 3 <title>Nexus - 2015 11 </title> 4 <meta name="project_path" value="/_project.yaml" /> 5 <meta name="book_path" value="/_book.yaml" /> 6 </head> 7 <body> 8 <!-- 9 Copyright 2017 The Android Open Source Project 10 11 Licensed under the Apache License, Version 2.0 (the "License"); 12 you may not use this file except in compliance with the License. 13 You may obtain a copy of the License at 14 15 http://www.apache.org/licenses/LICENSE-2.0 16 17 Unless required by applicable law or agreed to in writing, software 18 distributed under the License is distributed on an "AS IS" BASIS, 19 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 20 See the License for the specific language governing permissions and 21 limitations under the License. 22 --> 23 24 25 26 <p> 27 <em> 28 2015 11 2 29 </em> 30 </p> 31 <p> 32 Android (OTA) Nexus 33 <a href="https://developers.google.com/android/nexus/images"> 34 Google Developers 35 </a> 36 Nexus 2015 11 1 LMY48X Android Lollipop Android Marshmallow 37 <a href="http://source.android.com/security/bulletin/2015-11-01.html#common_questions_and_answers"> 38 39 </a> 40 41 </p> 42 <p> 43 2015 10 5 48 Android (AOSP) AOSP 44 </p> 45 <p> 46 47 </p> 48 <p> 49 50 <a href="http://source.android.com/security/bulletin/2015-11-01.html#mitigations"> 51 52 </a> 53 54 <a href="http://source.android.com/security/enhancements/index.html"> 55 Android 56 </a> 57 SafetyNet Android 58 </p> 59 <h2 id="security_vulnerability_summary" style="margin-bottom:0px"> 60 61 </h2> 62 <hr/> 63 <p> 64 CVE 65 <a href="http://source.android.com/security/overview/updates-resources.html#severity"> 66 67 </a> 68 69 </p> 70 <table> 71 <tbody> 72 <tr> 73 <th> 74 75 </th> 76 <th> 77 CVE 78 </th> 79 <th> 80 81 </th> 82 </tr> 83 <tr> 84 <td> 85 Mediaserver 86 </td> 87 <td> 88 CVE-2015-6608 89 </td> 90 <td> 91 92 </td> 93 </tr> 94 <tr> 95 <td> 96 libutils 97 </td> 98 <td> 99 CVE-2015-6609 100 </td> 101 <td> 102 103 </td> 104 </tr> 105 <tr> 106 <td> 107 Mediaserver 108 </td> 109 <td> 110 CVE-2015-6611 111 </td> 112 <td> 113 114 </td> 115 </tr> 116 <tr> 117 <td> 118 libstagefright 119 </td> 120 <td> 121 CVE-2015-6610 122 </td> 123 <td> 124 125 </td> 126 </tr> 127 <tr> 128 <td> 129 libmedia 130 </td> 131 <td> 132 CVE-2015-6612 133 </td> 134 <td> 135 136 </td> 137 </tr> 138 <tr> 139 <td> 140 141 </td> 142 <td> 143 CVE-2015-6613 144 </td> 145 <td> 146 147 </td> 148 </tr> 149 <tr> 150 <td> 151 Telephony 152 </td> 153 <td> 154 CVE-2015-6614 155 </td> 156 <td> 157 158 </td> 159 </tr> 160 </tbody> 161 </table> 162 <p> 163 <a href="http://source.android.com/security/overview/updates-resources.html#severity"> 164 165 </a> 166 167 </p> 168 <h2 id="mitigations" style="margin-bottom:0px"> 169 170 </h2> 171 <hr/> 172 <p> 173 174 <a href="http://source.android.com/security/enhancements/index.html"> 175 Android 176 </a> 177 SafetyNet Android 178 </p> 179 <ul> 180 <li> 181 Android Android Android 182 </li> 183 <li> 184 Android SafetyNet Google Play Root Google Play Root 185 </li> 186 <li> 187 Google Messenger mediaserver 188 </li> 189 </ul> 190 <h2 id="acknowledgements" style="margin-bottom:0px"> 191 192 </h2> 193 <hr/> 194 <p> 195 196 </p> 197 <ul> 198 <li> 199 Google Chrome Abhishek AryaOliver Chang Martin BarbellaCVE-2015-6608 200 </li> 201 <li> 202 Copperhead Security Daniel Micay (daniel.micay (a] copperhead.co)CVE-2015-6609 203 </li> 204 <li> 205 (System Security Lab, KAIST) Dongkwan Kim (dkay (a] kaist.ac.kr)CVE-2015-6614 206 </li> 207 <li> 208 (System Security Lab, KAIST) Hongil Kim (hongilk (a] kaist.ac.kr)CVE-2015-6614 209 </li> 210 <li> 211 (Trend Micro) Jack Tang (@jacktang310)CVE-2015-6611 212 </li> 213 <li> 214 (Trend Micro) Peter PiCVE-2015-6611 215 </li> 216 <li> 217 Google Project Zero Natalie SilvanovichCVE-2015-6608 218 </li> 219 <li> 220 (KeenTeam)@K33nTeamhttp://k33nteam.org/ Qidan He (@flanker_hqd) Wen Xu (@antlr7)CVE-2015-6612 221 </li> 222 <li> 223 (Trend Micro) Seven ShenCVE-2015-6610 224 </li> 225 </ul> 226 <h2 id="security_vulnerability_details" style="margin-bottom:0px"> 227 228 </h2> 229 <hr/> 230 <p> 231 232 <a href="http://source.android.com/security/bulletin/2015-11-01.html#security_vulnerability_summary"> 233 234 </a> 235 CVE Bug Bug ID AOSP Bug Bug ID AOSP 236 </p> 237 <h3 id="remote_code_execution_vulnerabilities_in_mediaserver"> 238 Mediaserver 239 </h3> 240 <p> 241 mediaserver mediaserver 242 </p> 243 <p> 244 245 </p> 246 <p> 247 mediaserver mediaserver 248 </p> 249 <table> 250 <tbody> 251 <tr> 252 <th> 253 CVE 254 </th> 255 <th> 256 Bug AOSP 257 </th> 258 <th> 259 260 </th> 261 <th> 262 263 </th> 264 <th> 265 266 </th> 267 </tr> 268 <tr> 269 <td rowspan="6"> 270 CVE-2015-6608 271 </td> 272 <td> 273 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/8ec845c8fe0f03bc57c901bc484541bdd6a7cf80"> 274 ANDROID-19779574 275 </a> 276 </td> 277 <td rowspan="3"> 278 279 </td> 280 <td rowspan="3"> 281 5.05.16.0 282 </td> 283 <td rowspan="3"> 284 Google 285 </td> 286 </tr> 287 <tr> 288 <td> 289 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/c6a2815eadfce62702d58b3fa3887f24c49e1864"> 290 ANDROID-23680780 291 </a> 292 </td> 293 </tr> 294 <tr> 295 <td> 296 <a href="https://android.googlesource.com/platform%2Fexternal%2Faac/+/b3c5a4bb8442ab3158fa1f52b790fadc64546f46"> 297 ANDROID-23876444 298 </a> 299 </td> 300 </tr> 301 <tr> 302 <td> 303 <a href="https://android.googlesource.com/platform%2Fexternal%2Ftremolo/+/3830d0b585ada64ee75dea6da267505b19c622fd"> 304 ANDROID-23881715 305 </a> 306 </td> 307 <td> 308 309 </td> 310 <td> 311 4.45.05.16.0 312 </td> 313 <td> 314 Google 315 </td> 316 </tr> 317 <tr> 318 <td> 319 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/3878b990f7d53eae7c2cf9246b6ef2db5a049872"> 320 ANDROID-14388161 321 </a> 322 </td> 323 <td> 324 325 </td> 326 <td> 327 4.4 5.1 328 </td> 329 <td> 330 Google 331 </td> 332 </tr> 333 <tr> 334 <td> 335 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/f3eb82683a80341f5ac23057aab733a57963cab2"> 336 ANDROID-23658148 337 </a> 338 </td> 339 <td> 340 341 </td> 342 <td> 343 5.05.16.0 344 </td> 345 <td> 346 Google 347 </td> 348 </tr> 349 </tbody> 350 </table> 351 <h3 id="remote_code_execution_vulnerability_in_libutils"> 352 libutils 353 </h3> 354 <p> 355 libutils 356 </p> 357 <p> 358 API 359 </p> 360 <table> 361 <tbody> 362 <tr> 363 <th> 364 CVE 365 </th> 366 <th> 367 Bug AOSP 368 </th> 369 <th> 370 371 </th> 372 <th> 373 374 </th> 375 <th> 376 377 </th> 378 </tr> 379 <tr> 380 <td> 381 CVE-2015-6609 382 </td> 383 <td> 384 <a href="https://android.googlesource.com/platform%2Fbootable%2Frecovery/+/ec63d564a86ad5b30f75aa307b4bd271f6a96a56"> 385 ANDROID-22953624 386 </a> 387 [ 388 <a href="https://android.googlesource.com/platform%2Fsystem%2Fcore/+/419e6c3c68413bd6dbb6872340b2ae0d69a0fd60"> 389 2 390 </a> 391 ] 392 </td> 393 <td> 394 395 </td> 396 <td> 397 6.0 398 </td> 399 <td> 400 2015 8 3 401 </td> 402 </tr> 403 </tbody> 404 </table> 405 <h3 id="information_disclosure_vulnerabilities_in_mediaserver"> 406 Mediaserver 407 </h3> 408 <p> 409 mediaserver 410 </p> 411 <table> 412 <tbody> 413 <tr> 414 <th> 415 CVE 416 </th> 417 <th> 418 Bug AOSP 419 </th> 420 <th> 421 422 </th> 423 <th> 424 425 </th> 426 <th> 427 428 </th> 429 </tr> 430 <tr> 431 <td rowspan="12"> 432 CVE-2015-6611 433 </td> 434 <td> 435 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/1c7719820359f4190cd4bfd1a24d521face7b4f8"> 436 ANDROID-23905951 437 </a> 438 [ 439 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/3b76870d146b1350db8a2f7797e06897c8c92dc2"> 440 2 441 </a> 442 ] [ 443 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/40715a2ee896edd2df4023d9f6f586977887d34c"> 444 3 445 </a> 446 ] 447 </td> 448 <td rowspan="3"> 449 450 </td> 451 <td rowspan="3"> 452 6.0 453 </td> 454 <td rowspan="3"> 455 2015 9 7 456 </td> 457 </tr> 458 <tr> 459 <td> 460 ANDROID-23912202* 461 </td> 462 </tr> 463 <tr> 464 <td> 465 ANDROID-23953967* 466 </td> 467 </tr> 468 <tr> 469 <td> 470 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fnative/+/b414255f53b560a06e642251535b019327ba0d7b"> 471 ANDROID-23696300 472 </a> 473 </td> 474 <td> 475 476 </td> 477 <td> 478 6.0 479 </td> 480 <td> 481 2015 8 31 482 </td> 483 </tr> 484 <tr> 485 <td> 486 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/09ed70fab1f1424971ccc105dcdf5be5ce2e2643"> 487 ANDROID-23600291 488 </a> 489 </td> 490 <td> 491 492 </td> 493 <td> 494 6.0 495 </td> 496 <td> 497 2015 8 26 498 </td> 499 </tr> 500 <tr> 501 <td> 502 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/892354335d49f0b9fcd10e20e0c13e3cd0f1f1cb"> 503 ANDROID-23756261 504 </a> 505 [ 506 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/a946d844a77906072f5eb7093d41db465d6514bb"> 507 2 508 </a> 509 ] 510 </td> 511 <td> 512 513 </td> 514 <td> 515 6.0 516 </td> 517 <td> 518 2015 8 26 519 </td> 520 </tr> 521 <tr> 522 <td> 523 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/57bed83a539535bb64a33722fb67231119cb0618"> 524 ANDROID-23540907 525 </a> 526 [ 527 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/25a634427dec455b79d73562131985ae85b98c43"> 528 2 529 </a> 530 ] 531 </td> 532 <td> 533 534 </td> 535 <td> 536 5.1 537 </td> 538 <td> 539 2015 8 25 540 </td> 541 </tr> 542 <tr> 543 <td> 544 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/d53aced041b7214a92b1f2fd5970d895bb9934e5"> 545 ANDROID-23541506 546 </a> 547 </td> 548 <td rowspan="4"> 549 550 </td> 551 <td rowspan="4"> 552 6.0 553 </td> 554 <td rowspan="4"> 555 2015 8 25 556 </td> 557 </tr> 558 <tr> 559 <td> 560 ANDROID-23284974* 561 </td> 562 </tr> 563 <tr> 564 <td> 565 ANDROID-23542351* 566 </td> 567 </tr> 568 <tr> 569 <td> 570 ANDROID-23542352* 571 </td> 572 </tr> 573 <tr> 574 <td> 575 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/0981df6e3db106bfb7a56a2b668c012fcc34dd2c"> 576 ANDROID-23515142 577 </a> 578 </td> 579 <td> 580 581 </td> 582 <td> 583 5.1 584 </td> 585 <td> 586 2015 8 19 587 </td> 588 </tr> 589 </tbody> 590 </table> 591 <p> 592 * Bug AOSP 593 </p> 594 <h3 id="elevation_of_privilege_vulnerability_in_libstagefright"> 595 libstagefright 596 </h3> 597 <p> 598 libstagefright mediaserver 599 </p> 600 <table> 601 <tbody> 602 <tr> 603 <th> 604 CVE 605 </th> 606 <th> 607 Bug AOSP 608 </th> 609 <th> 610 611 </th> 612 <th> 613 614 </th> 615 <th> 616 617 </th> 618 </tr> 619 <tr> 620 <td> 621 CVE-2015-6610 622 </td> 623 <td> 624 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/d26052738f7b095b7e318c8dde7f32db0a48450c"> 625 ANDROID-23707088 626 </a> 627 [ 628 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/820c105f7a4dc0971ee563caea4c9b346854a2f7"> 629 2 630 </a> 631 ] 632 </td> 633 <td> 634 635 </td> 636 <td> 637 6.0 638 </td> 639 <td> 640 2015 8 19 641 </td> 642 </tr> 643 </tbody> 644 </table> 645 <h3 id="elevation_of_privilege_vulnerability_in_libmedia"> 646 libmedia 647 </h3> 648 <p> 649 libmedia mediaserver 650 </p> 651 <table> 652 <tbody> 653 <tr> 654 <th> 655 CVE 656 </th> 657 <th> 658 Bug AOSP 659 </th> 660 <th> 661 662 </th> 663 <th> 664 665 </th> 666 <th> 667 668 </th> 669 </tr> 670 <tr> 671 <td> 672 CVE-2015-6612 673 </td> 674 <td> 675 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/4b219e9e5ab237eec9931497cf10db4d78982d84"> 676 ANDROID-23540426 677 </a> 678 </td> 679 <td> 680 681 </td> 682 <td> 683 6.0 684 </td> 685 <td> 686 2015 8 23 687 </td> 688 </tr> 689 </tbody> 690 </table> 691 <h3 id="elevation_of_privilege_vulnerability_in_bluetooth"> 692 693 </h3> 694 <p> 695 696 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"> 697 Signature 698 </a> 699 700 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"> 701 SignatureOrSystem 702 </a> 703 704 </p> 705 <table> 706 <tbody> 707 <tr> 708 <th> 709 CVE 710 </th> 711 <th> 712 Bug AOSP 713 </th> 714 <th> 715 716 </th> 717 <th> 718 719 </th> 720 <th> 721 722 </th> 723 </tr> 724 <tr> 725 <td> 726 CVE-2015-6613 727 </td> 728 <td> 729 <a href="https://android.googlesource.com/platform%2Fsystem%2Fbt/+/74dad51510f7d7b05c6617ef88168bf0bbdf3fcd"> 730 ANDROID-24371736 731 </a> 732 </td> 733 <td> 734 735 </td> 736 <td> 737 6.0 738 </td> 739 <td> 740 Google 741 </td> 742 </tr> 743 </tbody> 744 </table> 745 <h3 id="elevation_of_privilege_vulnerability_in_telephony"> 746 Telephony 747 </h3> 748 <p> 749 Telephony 750 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"> 751 752 </a> 753 754 </p> 755 <table> 756 <tbody> 757 <tr> 758 <th> 759 CVE 760 </th> 761 <th> 762 Bug AOSP 763 </th> 764 <th> 765 766 </th> 767 <th> 768 769 </th> 770 <th> 771 772 </th> 773 </tr> 774 <tr> 775 <td> 776 CVE-2015-6614 777 </td> 778 <td> 779 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fopt%2Ftelephony/+/70dd1f77873913635288e513564a6c93ae4d0a26"> 780 ANDROID-21900139 781 </a> 782 [ 783 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fbase/+/a12044215b1148826ea9a88d5d1102378b13922f"> 784 2 785 </a> 786 ][ 787 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fbase/+/2b6af396ad14def9a967f62cccc87ee715823bb1"> 788 3 789 </a> 790 ] 791 </td> 792 <td> 793 794 </td> 795 <td> 796 5.05.1 797 </td> 798 <td> 799 2015 6 8 800 </td> 801 </tr> 802 </tbody> 803 </table> 804 <h3 id="common_questions_and_answers"> 805 806 </h3> 807 <p> 808 809 </p> 810 <p> 811 <strong> 812 1. 813 </strong> 814 </p> 815 <p> 816 2015 11 1 LMY48X Android Lollipop Android Marshmallow 817 <a href="https://support.google.com/nexus/answer/4457705"> 818 Nexus 819 </a> 820 [ro.build.version.security_patch]:[2015-11-01] 821 </p> 822 <h2 id="revisions" style="margin-bottom:0px"> 823 824 </h2> 825 <hr/> 826 <ul> 827 <li> 828 2015 11 2 829 </li> 830 </ul> 831 </div> 832 <div class="content-footer-sac" itemscope="" itemtype="http://schema.org/SiteNavigationElement"> 833 <div class="layout-content-col col-9" style="padding-top:4px"> 834 </div> 835 <div class="paging-links layout-content-col col-4"> 836 </div> 837 </div> 838 </div> 839 840 </body> 841 </html> 842