Home | History | Annotate | Download | only in bulletin 
      1 <html devsite>
      2   <head>
      3     <title>Nexus  - 2015  11 </title>
      4     <meta name="project_path" value="/_project.yaml" />
      5     <meta name="book_path" value="/_book.yaml" />
      6   </head>
      7   <body>
      8   <!--
      9       Copyright 2017 The Android Open Source Project
     10 
     11       Licensed under the Apache License, Version 2.0 (the "License");
     12       you may not use this file except in compliance with the License.
     13       You may obtain a copy of the License at
     14 
     15           http://www.apache.org/licenses/LICENSE-2.0
     16 
     17       Unless required by applicable law or agreed to in writing, software
     18       distributed under the License is distributed on an "AS IS" BASIS,
     19       WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     20       See the License for the specific language governing permissions and
     21       limitations under the License.
     22   -->
     23 
     24 
     25 
     26   <p>
     27    <em>
     28     2015  11  2 
     29    </em>
     30   </p>
     31   <p>
     32    Google  Android  (OTA) 
     33  Nexus 
     34 Nexus 
     35    <a href="https://developers.google.com/android/nexus/images">
     36     Google 
     37    </a>
     38    LMY48X  Android Marshmallow  2015  11  1 
     39 
     40    <a href="http://source.android.com/security/bulletin/2015-11-01.html#common_questions_and_answers">
     41     
     42    </a>
     43    
     44   </p>
     45   <p>
     46     2015  10  5 
     47  48  Android 
     48  (AOSP)  AOSP 
     49 
     50   </p>
     51   <p>
     52    
     53 
     54 
     55   </p>
     56   <p>
     57    
     58    <a href="http://source.android.com/security/enhancements/index.html">
     59     Android 
     60    </a>
     61     ( SafetyNet)  Android 
     62    <a href="http://source.android.com/security/bulletin/2015-11-01.html#mitigations">
     63     
     64    </a>
     65    
     66   </p>
     67   <h2 id="security_vulnerability_summary" style="margin-bottom:0px">
     68    
     69   </h2>
     70   <hr/>
     71   <p>
     72     (CVE) 
     73    <a href="http://source.android.com/security/overview/updates-resources.html#severity ">
     74     
     75    </a>
     76    
     77   </p>
     78   <table>
     79    <tbody>
     80     <tr>
     81      <th>
     82       
     83      </th>
     84      <th>
     85       CVE
     86      </th>
     87      <th>
     88       
     89      </th>
     90     </tr>
     91     <tr>
     92      <td>
     93       
     94      </td>
     95      <td>
     96       CVE-2015-6608
     97      </td>
     98      <td>
     99       
    100      </td>
    101     </tr>
    102     <tr>
    103      <td>
    104       libutils 
    105      </td>
    106      <td>
    107       CVE-2015-6609
    108      </td>
    109      <td>
    110       
    111      </td>
    112     </tr>
    113     <tr>
    114      <td>
    115       
    116      </td>
    117      <td>
    118       CVE-2015-6611
    119      </td>
    120      <td>
    121       
    122      </td>
    123     </tr>
    124     <tr>
    125      <td>
    126       libstagefright 
    127      </td>
    128      <td>
    129       CVE-2015-6610
    130      </td>
    131      <td>
    132       
    133      </td>
    134     </tr>
    135     <tr>
    136      <td>
    137       libmedia 
    138      </td>
    139      <td>
    140       CVE-2015-6612
    141      </td>
    142      <td>
    143       
    144      </td>
    145     </tr>
    146     <tr>
    147      <td>
    148       
    149      </td>
    150      <td>
    151       CVE-2015-6613
    152      </td>
    153      <td>
    154       
    155      </td>
    156     </tr>
    157     <tr>
    158      <td>
    159       
    160      </td>
    161      <td>
    162       CVE-2015-6614
    163      </td>
    164      <td>
    165       
    166      </td>
    167     </tr>
    168    </tbody>
    169   </table>
    170   <p>
    171    <a href="http://source.android.com/security/overview/updates-resources.html#severity ">
    172     
    173    </a>
    174    
    175   </p>
    176   <h2 id="mitigations" style="margin-bottom:0px">
    177    
    178   </h2>
    179   <hr/>
    180   <p>
    181    
    182    <a href="http://source.android.com/security/enhancements/index.html">
    183     Android 
    184    </a>
    185     SafetyNet 
    186  Android 
    187 
    188   </p>
    189   <ul>
    190    <li>
    191     Android 
    192  Android 
    193  Android
    194    </li>
    195    <li>
    196     Android  SafetyNet 
    197 
    198 Google Play  Root 
    199  Google Play 
    200  Root 
    201 
    202 
    203 
    204 
    205    </li>
    206    <li>
    207     Google Hangouts  Messenger 
    208 
    209    </li>
    210   </ul>
    211   <h2 id="acknowledgements" style="margin-bottom:0px">
    212    
    213   </h2>
    214   <hr/>
    215   <p>
    216    
    217   </p>
    218   <ul>
    219    <li>
    220     Google Chrome  Abhishek AryaOliver Chang  Martin Barbella
    221 CVE-2015-6608
    222    </li>
    223    <li>
    224     Copperhead Security  Daniel Micay (daniel.micay (a] copperhead.co)CVE-2015-6609
    225    </li>
    226    <li>
    227      Dongkwan Kim (dkay (a] kaist.ac.kr)CVE-2015-6614
    228    </li>
    229    <li>
    230      Hongil Kim (hongilk (a] kaist.ac.kr)CVE-2015-6614
    231    </li>
    232    <li>
    233      Jack Tang (@jacktang310)CVE-2015-6611
    234    </li>
    235    <li>
    236      Peter PiCVE-2015-6611
    237    </li>
    238    <li>
    239     Google Project Zero  Natalie SilvanovichCVE-2015-6608
    240    </li>
    241    <li>
    242      (@K33nTeamhttp://k33nteam.org/)  Qidan He (@flanker_hqd) 
    243  Wen Xu (@antlr7)CVE-2015-6612
    244    </li>
    245    <li>
    246      Seven ShenCVE-2015-6610
    247    </li>
    248   </ul>
    249   <h2 id="security_vulnerability_details" style="margin-bottom:0px">
    250    
    251   </h2>
    252   <hr/>
    253   <p>
    254    
    255    <a href="http://source.android.com/security/bulletin/2015-11-01.html#security_vulnerability_summary">
    256     
    257    </a>
    258    
    259 
    260  CVE
    261  AOSP  commit
    262  commit  AOSP 
    263 
    264   </p>
    265   <h3 id="remote_code_execution_vulnerabilities_in_mediaserver">
    266    
    267   </h3>
    268   <p>
    269    
    270 
    271 
    272   </p>
    273   <p>
    274    
    275 
    276 
    277   </p>
    278   <p>
    279    
    280 
    281 
    282 
    283   </p>
    284   <table>
    285    <tbody>
    286     <tr>
    287      <th>
    288       CVE
    289      </th>
    290      <th>
    291        ( AOSP )
    292      </th>
    293      <th>
    294       
    295      </th>
    296      <th>
    297       
    298      </th>
    299      <th>
    300       
    301      </th>
    302     </tr>
    303     <tr>
    304      <td rowspan="6">
    305       CVE-2015-6608
    306      </td>
    307      <td>
    308       <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/8ec845c8fe0f03bc57c901bc484541bdd6a7cf80">
    309        ANDROID-19779574
    310       </a>
    311      </td>
    312      <td rowspan="3">
    313       
    314      </td>
    315      <td rowspan="3">
    316       5.05.16.0
    317      </td>
    318      <td rowspan="3">
    319       Google 
    320      </td>
    321     </tr>
    322     <tr>
    323      <td>
    324       <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/c6a2815eadfce62702d58b3fa3887f24c49e1864">
    325        ANDROID-23680780
    326       </a>
    327      </td>
    328     </tr>
    329     <tr>
    330      <td>
    331       <a href="https://android.googlesource.com/platform%2Fexternal%2Faac/+/b3c5a4bb8442ab3158fa1f52b790fadc64546f46">
    332        ANDROID-23876444
    333       </a>
    334      </td>
    335     </tr>
    336     <tr>
    337      <td>
    338       <a href="https://android.googlesource.com/platform%2Fexternal%2Ftremolo/+/3830d0b585ada64ee75dea6da267505b19c622fd">
    339        ANDROID-23881715
    340       </a>
    341      </td>
    342      <td>
    343       
    344      </td>
    345      <td>
    346       4.45.05.16.0
    347      </td>
    348      <td>
    349       Google 
    350      </td>
    351     </tr>
    352     <tr>
    353      <td>
    354       <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/3878b990f7d53eae7c2cf9246b6ef2db5a049872">
    355        ANDROID-14388161
    356       </a>
    357      </td>
    358      <td>
    359       
    360      </td>
    361      <td>
    362       4.4  5.1
    363      </td>
    364      <td>
    365       Google 
    366      </td>
    367     </tr>
    368     <tr>
    369      <td>
    370       <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/f3eb82683a80341f5ac23057aab733a57963cab2">
    371        ANDROID-23658148
    372       </a>
    373      </td>
    374      <td>
    375       
    376      </td>
    377      <td>
    378       5.05.16.0
    379      </td>
    380      <td>
    381       Google 
    382      </td>
    383     </tr>
    384    </tbody>
    385   </table>
    386   <h3 id="remote_code_execution_vulnerability_in_libutils">
    387    libutils 
    388   </h3>
    389   <p>
    390    libutils () 
    391 
    392 
    393 
    394   </p>
    395   <p>
    396     API 
    397 
    398 
    399 
    400 
    401 
    402   </p>
    403   <table>
    404    <tbody>
    405     <tr>
    406      <th>
    407       CVE
    408      </th>
    409      <th>
    410        ( AOSP )
    411      </th>
    412      <th>
    413       
    414      </th>
    415      <th>
    416       
    417      </th>
    418      <th>
    419       
    420      </th>
    421     </tr>
    422     <tr>
    423      <td>
    424       CVE-2015-6609
    425      </td>
    426      <td>
    427       <a href="https://android.googlesource.com/platform%2Fbootable%2Frecovery/+/ec63d564a86ad5b30f75aa307b4bd271f6a96a56">
    428        ANDROID-22953624
    429       </a>
    430       [
    431       <a href="https://android.googlesource.com/platform%2Fsystem%2Fcore/+/419e6c3c68413bd6dbb6872340b2ae0d69a0fd60">
    432        2
    433       </a>
    434       ]
    435      </td>
    436      <td>
    437       
    438      </td>
    439      <td>
    440       6.0 
    441      </td>
    442      <td>
    443       2015  8  3 
    444      </td>
    445     </tr>
    446    </tbody>
    447   </table>
    448   <h3 id="information_disclosure_vulnerabilities_in_mediaserver">
    449    
    450   </h3>
    451   <p>
    452    
    453 
    454 
    455   </p>
    456   <table>
    457    <tbody>
    458     <tr>
    459      <th>
    460       CVE
    461      </th>
    462      <th>
    463        ( AOSP )
    464      </th>
    465      <th>
    466       
    467      </th>
    468      <th>
    469       
    470      </th>
    471      <th>
    472       
    473      </th>
    474     </tr>
    475     <tr>
    476      <td rowspan="12">
    477       CVE-2015-6611
    478      </td>
    479      <td>
    480       <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/1c7719820359f4190cd4bfd1a24d521face7b4f8">
    481        ANDROID-23905951
    482       </a>
    483       [
    484       <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/3b76870d146b1350db8a2f7797e06897c8c92dc2">
    485        2
    486       </a>
    487       ]
    488 [
    489       <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/40715a2ee896edd2df4023d9f6f586977887d34c">
    490        3
    491       </a>
    492       ]
    493      </td>
    494      <td rowspan="3">
    495       
    496      </td>
    497      <td rowspan="3">
    498       6.0 
    499      </td>
    500      <td rowspan="3">
    501       2015  9  7 
    502      </td>
    503     </tr>
    504     <tr>
    505      <td>
    506       ANDROID-23912202*
    507      </td>
    508     </tr>
    509     <tr>
    510      <td>
    511       ANDROID-23953967*
    512      </td>
    513     </tr>
    514     <tr>
    515      <td>
    516       <a href="https://android.googlesource.com/platform%2Fframeworks%2Fnative/+/b414255f53b560a06e642251535b019327ba0d7b">
    517        ANDROID-23696300
    518       </a>
    519      </td>
    520      <td>
    521       
    522      </td>
    523      <td>
    524       6.0 
    525      </td>
    526      <td>
    527       2015  8  31 
    528      </td>
    529     </tr>
    530     <tr>
    531      <td>
    532       <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/09ed70fab1f1424971ccc105dcdf5be5ce2e2643">
    533        ANDROID-23600291
    534       </a>
    535      </td>
    536      <td>
    537       
    538      </td>
    539      <td>
    540       6.0 
    541      </td>
    542      <td>
    543       2015  8  26 
    544      </td>
    545     </tr>
    546     <tr>
    547      <td>
    548       <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/892354335d49f0b9fcd10e20e0c13e3cd0f1f1cb">
    549        ANDROID-23756261
    550       </a>
    551       [
    552       <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/a946d844a77906072f5eb7093d41db465d6514bb">
    553        2
    554       </a>
    555       ]
    556      </td>
    557      <td>
    558       
    559      </td>
    560      <td>
    561       6.0 
    562      </td>
    563      <td>
    564       2015  8  26 
    565      </td>
    566     </tr>
    567     <tr>
    568      <td>
    569       <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/57bed83a539535bb64a33722fb67231119cb0618">
    570        ANDROID-23540907
    571       </a>
    572       [
    573       <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/25a634427dec455b79d73562131985ae85b98c43">
    574        2
    575       </a>
    576       ]
    577      </td>
    578      <td>
    579       
    580      </td>
    581      <td>
    582       5.1 
    583      </td>
    584      <td>
    585       2015  8  25 
    586      </td>
    587     </tr>
    588     <tr>
    589      <td>
    590       <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/d53aced041b7214a92b1f2fd5970d895bb9934e5">
    591        ANDROID-23541506
    592       </a>
    593      </td>
    594      <td rowspan="4">
    595       
    596      </td>
    597      <td rowspan="4">
    598       6.0 
    599      </td>
    600      <td rowspan="4">
    601       2015  8  25 
    602      </td>
    603     </tr>
    604     <tr>
    605      <td>
    606       ANDROID-23284974*
    607      </td>
    608     </tr>
    609     <tr>
    610      <td>
    611       ANDROID-23542351*
    612      </td>
    613     </tr>
    614     <tr>
    615      <td>
    616       ANDROID-23542352*
    617      </td>
    618     </tr>
    619     <tr>
    620      <td>
    621       <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/0981df6e3db106bfb7a56a2b668c012fcc34dd2c">
    622        ANDROID-23515142
    623       </a>
    624      </td>
    625      <td>
    626       
    627      </td>
    628      <td>
    629       5.1 
    630      </td>
    631      <td>
    632       2015  8  19 
    633      </td>
    634     </tr>
    635    </tbody>
    636   </table>
    637   <p>
    638    *  AOSP 
    639   </p>
    640   <h3 id="elevation_of_privilege_vulnerability_in_libstagefright">
    641    libstagefright 
    642   </h3>
    643   <p>
    644    libstagefright 
    645 
    646 
    647 
    648 
    649   </p>
    650   <table>
    651    <tbody>
    652     <tr>
    653      <th>
    654       CVE
    655      </th>
    656      <th>
    657        ( AOSP )
    658      </th>
    659      <th>
    660       
    661      </th>
    662      <th>
    663       
    664      </th>
    665      <th>
    666       
    667      </th>
    668     </tr>
    669     <tr>
    670      <td>
    671       CVE-2015-6610
    672      </td>
    673      <td>
    674       <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/d26052738f7b095b7e318c8dde7f32db0a48450c">
    675        ANDROID-23707088
    676       </a>
    677       [
    678       <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/820c105f7a4dc0971ee563caea4c9b346854a2f7">
    679        2
    680       </a>
    681       ]
    682      </td>
    683      <td>
    684       
    685      </td>
    686      <td>
    687       6.0 
    688      </td>
    689      <td>
    690       2015  8  19 
    691      </td>
    692     </tr>
    693    </tbody>
    694   </table>
    695   <h3 id="elevation_of_privilege_vulnerability_in_libmedia">
    696    libmedia 
    697   </h3>
    698   <p>
    699    libmedia 
    700 
    701 
    702 
    703   </p>
    704   <table>
    705    <tbody>
    706     <tr>
    707      <th>
    708       CVE
    709      </th>
    710      <th>
    711        ( AOSP )
    712      </th>
    713      <th>
    714       
    715      </th>
    716      <th>
    717       
    718      </th>
    719      <th>
    720       
    721      </th>
    722     </tr>
    723     <tr>
    724      <td>
    725       CVE-2015-6612
    726      </td>
    727      <td>
    728       <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/4b219e9e5ab237eec9931497cf10db4d78982d84">
    729        ANDROID-23540426
    730       </a>
    731      </td>
    732      <td>
    733       
    734      </td>
    735      <td>
    736       6.0 
    737      </td>
    738      <td>
    739       2015  8  23 
    740      </td>
    741     </tr>
    742    </tbody>
    743   </table>
    744   <h3 id="elevation_of_privilege_vulnerability_in_bluetooth">
    745    
    746   </h3>
    747   <p>
    748    
    749 
    750  (
    751    <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">
    752     Signature
    753    </a>
    754    
    755    <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">
    756     SignatureOrSystem
    757    </a>
    758    )
    759   </p>
    760   <table>
    761    <tbody>
    762     <tr>
    763      <th>
    764       CVE
    765      </th>
    766      <th>
    767        ( AOSP )
    768      </th>
    769      <th>
    770       
    771      </th>
    772      <th>
    773       
    774      </th>
    775      <th>
    776       
    777      </th>
    778     </tr>
    779     <tr>
    780      <td>
    781       CVE-2015-6613
    782      </td>
    783      <td>
    784       <a href="https://android.googlesource.com/platform%2Fsystem%2Fbt/+/74dad51510f7d7b05c6617ef88168bf0bbdf3fcd">
    785        ANDROID-24371736
    786       </a>
    787      </td>
    788      <td>
    789       
    790      </td>
    791      <td>
    792       6.0
    793      </td>
    794      <td>
    795       Google 
    796      </td>
    797     </tr>
    798    </tbody>
    799   </table>
    800   <h3 id="elevation_of_privilege_vulnerability_in_telephony">
    801    
    802   </h3>
    803   <p>
    804    
    805 
    806 
    807 
    808 
    809    <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">
    810     
    811    </a>
    812    
    813 
    814   </p>
    815   <table>
    816    <tbody>
    817     <tr>
    818      <th>
    819       CVE
    820      </th>
    821      <th>
    822        ( AOSP )
    823      </th>
    824      <th>
    825       
    826      </th>
    827      <th>
    828       
    829      </th>
    830      <th>
    831       
    832      </th>
    833     </tr>
    834     <tr>
    835      <td>
    836       CVE-2015-6614
    837      </td>
    838      <td>
    839       <a href="https://android.googlesource.com/platform%2Fframeworks%2Fopt%2Ftelephony/+/70dd1f77873913635288e513564a6c93ae4d0a26">
    840        ANDROID-21900139
    841       </a>
    842       [
    843       <a href="https://android.googlesource.com/platform%2Fframeworks%2Fbase/+/a12044215b1148826ea9a88d5d1102378b13922f">
    844        2
    845       </a>
    846       ]
    847 [
    848       <a href="https://android.googlesource.com/platform%2Fframeworks%2Fbase/+/2b6af396ad14def9a967f62cccc87ee715823bb1">
    849        3
    850       </a>
    851       ]
    852      </td>
    853      <td>
    854       
    855      </td>
    856      <td>
    857       5.05.1
    858      </td>
    859      <td>
    860       2015  6  8 
    861      </td>
    862     </tr>
    863    </tbody>
    864   </table>
    865   <h3 id="common_questions_and_answers">
    866    
    867   </h3>
    868   <p>
    869    
    870 
    871   </p>
    872   <p>
    873    <strong>
    874     1. 
    875    </strong>
    876   </p>
    877   <p>
    878    LMY48X  Android Marshmallow  2015  11  1 
    879 
    880    <a href="https://support.google.com/nexus/answer/4457705">
    881     Nexus 
    882    </a>
    883    
    884 
    885 [ro.build.version.security_patch]:[2015-11-01]
    886   </p>
    887   <h2 id="revisions" style="margin-bottom:0px">
    888    
    889   </h2>
    890   <hr/>
    891   <ul>
    892    <li>
    893     2015  11  2 
    894    </li>
    895   </ul>
    896  </div>
    897  <div class="content-footer-sac" itemscope="" itemtype="http://schema.org/SiteNavigationElement">
    898   <div class="layout-content-col col-9" style="padding-top:4px">
    899   </div>
    900   <div class="paging-links layout-content-col col-4">
    901   </div>
    902  </div>
    903 </div>
    904 
    905   </body>
    906 </html>
    907