Home | History | Annotate | Download | only in bulletin
      1 <html devsite>
      2   <head>
      3     <title>Nexus  - 2016  1 </title>
      4     <meta name="project_path" value="/_project.yaml" />
      5     <meta name="book_path" value="/_book.yaml" />
      6   </head>
      7   <body>
      8   <!--
      9       Copyright 2017 The Android Open Source Project
     10 
     11       Licensed under the Apache License, Version 2.0 (the "License");
     12       you may not use this file except in compliance with the License.
     13       You may obtain a copy of the License at
     14 
     15           http://www.apache.org/licenses/LICENSE-2.0
     16 
     17       Unless required by applicable law or agreed to in writing, software
     18       distributed under the License is distributed on an "AS IS" BASIS,
     19       WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     20       See the License for the specific language governing permissions and
     21       limitations under the License.
     22   -->
     23 
     24 
     25 
     26 <p><em>2016  3  7  | 2016  3  8 </em></p>
     27 
     28 <p> Android  (OTA)  Nexus  <a href="https://developers.google.com/android/nexus/images">Google Developers </a> Nexus  2016  3  1  LMY49H  Android L  Android M  <a href="https://support.google.com/nexus/answer/4457705">Nexus </a></p>
     29 
     30 <p> 2016  2  1  48  Android  (AOSP)  AOSP </p>
     31 
     32 <p></p>
     33 
     34 <p><a href="#mitigations"></a> <a href="/security/enhancements/index.html">Android </a> SafetyNet Android </p>
     35 
     36 <h2 id="security_vulnerability_summary"></h2>
     37 
     38 <p> CVE<a href="/security/overview/updates-resources.html#severity"></a></p>
     39 <table>
     40  <tr>
     41     <th></th>
     42     <th>CVE</th>
     43     <th></th>
     44  </tr>
     45  <tr>
     46     <td>Mediaserver </td>
     47     <td>CVE-2016-0815<br>CVE-2016-0816</td>
     48     <td></td>
     49  </tr>
     50  <tr>
     51     <td>libvpx </td>
     52     <td>CVE-2016-1621</td>
     53     <td></td>
     54  </tr>
     55  <tr>
     56     <td>Conscrypt </td>
     57     <td>CVE-2016-0818</td>
     58     <td></td>
     59  </tr>
     60  <tr>
     61     <td>Qualcomm <br></td>
     62     <td>CVE-2016-0819</td>
     63     <td></td>
     64  </tr>
     65  <tr>
     66     <td>MediaTek WLAN </td>
     67     <td>CVE-2016-0820</td>
     68     <td></td>
     69  </tr>
     70  <tr>
     71     <td>Keyring </td>
     72     <td>CVE-2016-0728</td>
     73     <td></td>
     74  </tr>
     75  <tr>
     76     <td></td>
     77     <td>CVE-2016-0821</td>
     78     <td></td>
     79  </tr>
     80  <tr>
     81     <td>MediaTek </td>
     82     <td>CVE-2016-0822</td>
     83     <td></td>
     84  </tr>
     85  <tr>
     86     <td></td>
     87     <td>CVE-2016-0823</td>
     88     <td></td>
     89  </tr>
     90  <tr>
     91     <td>libstagefright </td>
     92     <td>CVE-2016-0824</td>
     93     <td></td>
     94  </tr>
     95  <tr>
     96     <td>Widevine </td>
     97     <td>CVE-2016-0825</td>
     98     <td></td>
     99  </tr>
    100  <tr>
    101     <td>Mediaserver </td>
    102     <td>CVE-2016-0826<br>CVE-2016-0827</td>
    103     <td></td>
    104  </tr>
    105  <tr>
    106     <td>Mediaserver </td>
    107     <td>CVE-2016-0828<br>CVE-2016-0829</td>
    108     <td></td>
    109  </tr>
    110  <tr>
    111     <td></td>
    112     <td>CVE-2016-0830</td>
    113     <td></td>
    114  </tr>
    115  <tr>
    116     <td>Telephony </td>
    117     <td>CVE-2016-0831</td>
    118     <td></td>
    119  </tr>
    120  <tr>
    121     <td></td>
    122     <td>CVE-2016-0832</td>
    123     <td></td>
    124  </tr>
    125 </table>
    126 
    127 
    128 <h3 id="mitigations"></h3>
    129 
    130 
    131 <p> <a href="/security/enhancements/index.html">Android </a> SafetyNet Android </p>
    132 
    133 <ul>
    134   <li> Android  Android  Android
    135   <li>Android  SafetyNet Google Play  Root  Google Play  Root 
    136   <li> Google  Messenger  mediaserver 
    137 </li></li></li></ul>
    138 
    139 <h3 id="acknowledgements"></h3>
    140 
    141 
    142 <p></p>
    143 
    144 <ul>
    145   <li> Google Chrome  Abhishek AryaOliver Chang  Martin BarbellaCVE-2016-0815<li> CENSUS S.A.  Anestis Bechtsoudis (<a href="https://twitter.com/anestisb">@anestisb</a>)CVE-2016-0816CVE-2016-0824<li> Android  Chad BrubakerCVE-2016-0818<li> Google Project Zero  Mark BrandCVE-2016-0820<li> <a href="http://www.360safe.com"> 360</a>  <a href="http://c0reteam.org">C0RE </a> Mingjian Zhou (<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>)Chiachih Wu (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>)  Xuxian JiangCVE-2016-0826<li>  (Trend Micro)  Peter Pi (<a href="https://twitter.com/heisecode">@heisecode</a>)CVE-2016-0827CVE-2016-0828CVE-2016-0829<li> Scott Bauer<a href="mailto:sbauer (a] eng.utah.edu">sbauer (a] eng.utah.edu</a><a href="mailto:sbauer (a] plzdonthack.me">sbauer (a] plzdonthack.me</a>CVE-2016-0822<li>  (Trend Micro Inc.)  (<a href="https://twitter.com/@wish_wu">@wish_wu</a>)CVE-2016-0819<li>  Yongzheng Wu  Tieyan LiCVE-2016-0831<li>  Su Mon Kywe  Yingjiu LiCVE-2016-0831<li> Android  Zach Riggle (<a href="https://twitter.com/@ebeip90">@ebeip90</a>)CVE-2016-0821</li></li></li></li></li></li></li></li></li></li></li></ul>
    146 
    147 <h2 id="security_vulnerability_details"></h2>
    148 
    149 
    150 <p><a href="#security_vulnerability_summary"></a> CVE Bug Bug ID  AOSP  Bug  Bug ID  AOSP </p>
    151 
    152 <h3 id="remote_code_execution_vulnerability_in_mediaserver">Mediaserver </h3>
    153 
    154 
    155 <p> mediaserver  mediaserver </p>
    156 
    157 <p></p>
    158 
    159 <p> mediaserver mediaserver </p>
    160 <table>
    161  <tr>
    162     <th>CVE</th>
    163     <th>Bug AOSP </th>
    164     <th></th>
    165     <th></th>
    166     <th></th>
    167  </tr>
    168  <tr>
    169     <td>CVE-2016-0815</td>
    170     <td><a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/5403587a74aee2fb57076528c3927851531c8afb">ANDROID-26365349</a>
    171     </td>
    172     <td></td>
    173     <td>4.4.45.0.25.1.16.06.0.1</td>
    174     <td>Google </td>
    175  </tr>
    176  <tr>
    177     <td>CVE-2016-0816</td>
    178     <td><a href="https://android.googlesource.com/platform/external/libavc/+/4a524d3a8ae9aa20c36430008e6bd429443f8f1d">ANDROID-25928803</a>
    179     </td>
    180     <td></td>
    181     <td>6.06.0.1</td>
    182     <td>Google </td>
    183  </tr>
    184 </table>
    185 
    186 
    187 <h3 id="remote_code_execution_vulnerabilities_in_libvpx">libvpx </h3>
    188 
    189 
    190 <p> mediaserver  mediaserver </p>
    191 
    192 <p></p>
    193 
    194 <p> mediaserver mediaserver </p>
    195 <table>
    196  <tr>
    197     <th>CVE</th>
    198     <th>Bug AOSP </th>
    199     <th></th>
    200     <th></th>
    201     <th></th>
    202  </tr>
    203  <tr>
    204     <td>CVE-2016-1621</td>
    205     <td><a href="https://android.googlesource.com/platform/frameworks/av/+/5a6788730acfc6fd8f4a6ef89d2c376572a26b55">ANDROID-23452792</a><a href="https://android.googlesource.com/platform/external/libvpx/+/04839626ed859623901ebd3a5fd483982186b59d">[2]</a><a href="https://android.googlesource.com/platform/external/libvpx/+/5a9753fca56f0eeb9f61e342b2fccffc364f9426">[3]</a>
    206     </td>
    207     <td></td>
    208     <td>4.4.45.0.25.1.16.0</td>
    209     <td>Google </td>
    210  </tr>
    211 </table>
    212 
    213 
    214 <h3 id="elevation_of_privilege_in_conscrypt">Conscrypt </h3>
    215 
    216 <p>Conscrypt  (CA) </p>
    217 
    218 <table>
    219  <tr>
    220     <th>CVE</th>
    221     <th>Bug AOSP </th>
    222     <th></th>
    223     <th></th>
    224     <th></th>
    225  </tr>
    226  <tr>
    227     <td>CVE-2016-0818</td>
    228     <td><a href="https://android.googlesource.com/platform/external/conscrypt/+/c4ab1b959280413fb11bf4fd7f6b4c2ba38bd779">ANDROID-26232830</a><a href="https://android.googlesource.com/platform/external/conscrypt/+/4c9f9c2201116acf790fca25af43995d29980ee0">[2]</a>
    229     </td>
    230     <td></td>
    231     <td>4.4.45.0.25.1.16.06.0.1</td>
    232     <td>Google </td>
    233  </tr>
    234 </table>
    235 
    236 
    237 <h3 id="elevation_of_privilege_vulnerability_in_the_qualcomm_performance_component">Qualcomm </h3>
    238 
    239 
    240 <p>Qualcomm </p>
    241 <table>
    242  <tr>
    243     <th>CVE</th>
    244     <th>Bug</th>
    245     <th></th>
    246     <th></th>
    247     <th></th>
    248  </tr>
    249  <tr>
    250     <td>CVE-2016-0819</td>
    251     <td>ANDROID-25364034*</td>
    252     <td></td>
    253     <td>4.4.45.0.25.1.16.06.0.1</td>
    254     <td>2015  10  29 </td>
    255  </tr>
    256 </table>
    257 
    258 
    259 <p>* AOSP <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> Nexus </p>
    260 
    261 <h3 id="elevation_of_privilege_vulnerability_in_mediatek_wi-fi_kernel_driver">MediaTek WLAN </h3>
    262 
    263 
    264 <p>MediaTek WLAN </p>
    265 <table>
    266  <tr>
    267     <th>CVE</th>
    268     <th>Bug</th>
    269     <th></th>
    270     <th></th>
    271     <th></th>
    272  </tr>
    273  <tr>
    274     <td>CVE-2016-0820</td>
    275     <td>ANDROID-26267358*</td>
    276     <td></td>
    277     <td>6.0.1</td>
    278     <td>2015  12  18 </td>
    279  </tr>
    280 </table>
    281 
    282 
    283 <p>* AOSP <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> Nexus </p>
    284 
    285 <h3 id="elevation_of_privilege_vulnerability_in_kernel_keyring_component"> Keyring </h3>
    286 
    287 
    288 <p> Keyring  Android 5.0 SELinux </p>
    289 
    290 <p><strong></strong>AOSP <a href="https://android.googlesource.com/kernel/common/+/8a8431507f8f5910db5ac85b72dbdc4ed8f6b308">4.1</a><a href="https://android.googlesource.com/kernel/common/+/ba8bb5774ca7b1acc314c98638cf678ce0beb19a">3.18</a><a href="https://android.googlesource.com/kernel/common/+/93faf7ad3d603c33b33e49318e81cf00f3a24a73">3.14</a>  <a href="https://android.googlesource.com/kernel/common/+/9fc5f368bb89b65b591c4f800dfbcc7432e49de5">3.10</a></p>
    291 <table>
    292  <tr>
    293     <th>CVE</th>
    294     <th>Bug</th>
    295     <th></th>
    296     <th></th>
    297     <th></th>
    298  </tr>
    299  <tr>
    300     <td>CVE-2016-0728</td>
    301     <td>ANDROID-26636379 </td>
    302     <td></td>
    303     <td>4.4.45.0.25.1.16.06.0.1</td>
    304     <td>2016  1  11 </td>
    305  </tr>
    306 </table>
    307 
    308 
    309 <h3 id="mitigation_bypass_vulnerability_in_the_kernel"></h3>
    310 
    311 
    312 <p></p>
    313 
    314 <p><strong></strong><a href="https://github.com/torvalds/linux/commit/8a5e5e02fc83aaf67053ab53b359af08c6c49aaf"> Linux Upstream</a> </p>
    315 
    316 <table>
    317  <tr>
    318     <th>CVE</th>
    319     <th>Bug</th>
    320     <th></th>
    321     <th></th>
    322     <th></th>
    323  </tr>
    324  <tr>
    325     <td>CVE-2016-0821</td>
    326     <td>ANDROID-26186802</td>
    327     <td></td>
    328     <td>6.0.1</td>
    329     <td>Google </td>
    330  </tr>
    331 </table>
    332 
    333 
    334 <h3 id="elevation_of_privilege_in_mediatek_connectivity_kernel_driver">MediaTek </h3>
    335 
    336 
    337 <p>MediaTek  Bug  conn_launcher 
    338 </p>
    339 <table>
    340  <tr>
    341     <th>CVE</th>
    342     <th>Bug</th>
    343     <th></th>
    344     <th></th>
    345     <th></th>
    346  </tr>
    347  <tr>
    348     <td>CVE-2016-0822</td>
    349     <td>ANDROID-25873324*</td>
    350     <td></td>
    351     <td>6.0.1</td>
    352     <td>2015  11  24 </td>
    353  </tr>
    354 </table>
    355 
    356 
    357 <p>* AOSP <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> Nexus </p>
    358 
    359 <h3 id="information_disclosure_vulnerability_in_kernel"></h3>
    360 
    361 
    362 <p> ASLR</p>
    363 
    364 <p><strong></strong><a href="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ab676b7d6fbf4b294bf198fb27ade5b0e865c7ce"> Linux Upstream</a> </p>
    365 <table>
    366  <tr>
    367     <th>CVE</th>
    368     <th>Bug</th>
    369     <th></th>
    370     <th></th>
    371     <th></th>
    372  </tr>
    373  <tr>
    374     <td>CVE-2016-0823</td>
    375     <td>ANDROID-25739721*</td>
    376     <td></td>
    377     <td>6.0.1</td>
    378     <td>Google </td>
    379  </tr>
    380 </table>
    381 <p>* AOSP <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> Nexus </p>
    382 
    383 <h3 id="information_disclosure_vulnerability_in_libstagefright">libstagefright </h3>
    384 
    385 
    386 <p>libstagefright  <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a>  <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> </p>
    387 <table>
    388  <tr>
    389     <th>CVE</th>
    390     <th>Bug AOSP </th>
    391     <th></th>
    392     <th></th>
    393     <th></th>
    394  </tr>
    395  <tr>
    396     <td>CVE-2016-0824</td>
    397     <td><a href="https://android.googlesource.com/platform/external/libmpeg2/+/ffab15eb80630dc799eb410855c93525b75233c3">ANDROID-25765591</a>
    398     </td>
    399     <td></td>
    400     <td>6.06.0.1</td>
    401     <td>2015  11  18 </td>
    402  </tr>
    403 </table>
    404 
    405 
    406 <h3 id="information_disclosure_vulnerability_in_widevine">Widevine </h3>
    407 
    408 
    409 <p>Widevine  TrustZone  <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a>  <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> </p>
    410 <table>
    411  <tr>
    412     <th>CVE</th>
    413     <th>Bug</th>
    414     <th></th>
    415     <th></th>
    416     <th></th>
    417  </tr>
    418  <tr>
    419     <td>CVE-2016-0825</td>
    420     <td>ANDROID-20860039*</td>
    421     <td></td>
    422     <td>6.0.1</td>
    423     <td>Google </td>
    424  </tr>
    425 </table>
    426 
    427 
    428 <p>* AOSP <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> Nexus </p>
    429 
    430 <h3 id="elevation_of_privilege_vulnerability_in_mediaserver">Mediaserver </h3>
    431 
    432 
    433 <p>Mediaserver  <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a>  <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> </p>
    434 <table>
    435  <tr>
    436     <th>CVE</th>
    437     <th>Bug AOSP </th>
    438     <th></th>
    439     <th></th>
    440     <th></th>
    441  </tr>
    442  <tr>
    443     <td>CVE-2016-0826</td>
    444     <td><a href="https://android.googlesource.com/platform/frameworks/av/+/c9ab2b0bb05a7e19fb057e79b36e232809d70122">ANDROID-26265403</a><a href="https://android.googlesource.com/platform/frameworks/av/+/899823966e78552bb6dfd7772403a4f91471d2b0">[2]</a>
    445     </td>
    446     <td></td>
    447     <td>4.4.45.0.25.1.16.06.0.1</td>
    448     <td>2015  12  17 </td>
    449  </tr>
    450  <tr>
    451     <td>CVE-2016-0827</td>
    452     <td><a href="https://android.googlesource.com/platform/frameworks/av/+/9e29523b9537983b4c4b205ff868d0b3bca0383b">ANDROID-26347509</a></td>
    453     <td></td>
    454     <td>4.4.45.0.25.1.16.06.0.1</td>
    455     <td>2015  12  28 </td>
    456  </tr>
    457 </table>
    458 
    459 
    460 <h3 id="information_disclosure_vulnerability_in_mediaserver">Mediaserver </h3>
    461 
    462 
    463 <p>mediaserver  <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a>  <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> </p>
    464 <table>
    465  <tr>
    466     <th>CVE</th>
    467     <th>Bug AOSP </th>
    468     <th></th>
    469     <th></th>
    470     <th></th>
    471  </tr>
    472  <tr>
    473     <td>CVE-2016-0828</td>
    474     <td><a href="https://android.googlesource.com/platform/frameworks/native/+/dded8fdbb700d6cc498debc69a780915bc34d755">ANDROID-26338113</a>
    475     </td>
    476     <td></td>
    477     <td>5.0.25.1.16.06.0.1</td>
    478     <td>2015  12  27 </td>
    479  </tr>
    480  <tr>
    481     <td>CVE-2016-0829</td>
    482     <td><a href="https://android.googlesource.com/platform/frameworks/native/+/d06421fd37fbb7fd07002e6738fac3a223cb1a62">ANDROID-26338109</a></td>
    483     <td></td>
    484     <td>4.4.45.0.25.1.16.06.0.1</td>
    485     <td>2015  12  27 </td>
    486  </tr>
    487 </table>
    488 
    489 
    490 <h3 id="remote_denial_of_service_vulnerability_in_bluetooth"></h3>
    491 
    492 
    493 <p></p>
    494 <table>
    495  <tr>
    496     <th>CVE</th>
    497     <th>Bug AOSP </th>
    498     <th></th>
    499     <th></th>
    500     <th></th>
    501  </tr>
    502  <tr>
    503     <td>CVE-2016-0830</td>
    504     <td><a href="https://android.googlesource.com/platform/system/bt/+/d77f1999ecece56c1cbb333f4ddc26f0b5bac2c5">ANDROID-26071376</a></td>
    505     <td></td>
    506     <td>6.06.0.1</td>
    507     <td>Google </td>
    508  </tr>
    509 </table>
    510 
    511 
    512 <h3 id="information_disclosure_vulnerability_in_telephony">Telephony </h3>
    513 
    514 
    515 <p>Telephony </p>
    516 <table>
    517  <tr>
    518     <th>CVE</th>
    519     <th>Bug AOSP </th>
    520     <th></th>
    521     <th></th>
    522     <th></th>
    523  </tr>
    524  <tr>
    525     <td>CVE-2016-0831</td>
    526     <td><a href="https://android.googlesource.com/platform/frameworks/opt/telephony/+/79eecef63f3ea99688333c19e22813f54d4a31b1">ANDROID-25778215</a></td>
    527     <td></td>
    528     <td>5.0.25.1.16.06.0.1</td>
    529     <td>2015  11  16 </td>
    530  </tr>
    531 </table>
    532 
    533 
    534 <h3 id="elevation_of_privilege_vulnerability_in_setup_wizard"></h3>
    535 
    536 
    537 <p></p>
    538 <table>
    539  <tr>
    540     <th>CVE</th>
    541     <th>Bug</th>
    542     <th></th>
    543     <th></th>
    544     <th></th>
    545  </tr>
    546  <tr>
    547     <td>CVE-2016-0832</td>
    548     <td>ANDROID-25955042*</td>
    549     <td></td>
    550     <td>5.1.16.06.0.1</td>
    551     <td>Google </td>
    552  </tr>
    553 </table>
    554 
    555 
    556 <p>* </p>
    557 
    558 <h2 id="common_questions_and_answers"></h2>
    559 
    560 
    561 <p></p>
    562 
    563 <p><strong>1. </strong></p>
    564 
    565 <p> 2016  3  1  LMY49H  Android L  Android 6.0  <a href="https://support.google.com/nexus/answer/4457705">Nexus </a> [ro.build.version.security_patch]:[2016-03-01]</p>
    566 
    567 <h2 id="revisions"></h2>
    568 
    569 
    570 <ul>
    571   <li>2016  3  7 
    572   <li>2016  3  8  AOSP 
    573 </li></li></ul>
    574 
    575   </body>
    576 </html>
    577