Home | History | Annotate | Download | only in bulletin
      1 <html devsite>
      2   <head>
      3     <title>Nexus  - 2016  3 </title>
      4     <meta name="project_path" value="/_project.yaml" />
      5     <meta name="book_path" value="/_book.yaml" />
      6   </head>
      7   <body>
      8   <!--
      9       Copyright 2017 The Android Open Source Project
     10 
     11       Licensed under the Apache License, Version 2.0 (the "License");
     12       you may not use this file except in compliance with the License.
     13       You may obtain a copy of the License at
     14 
     15           http://www.apache.org/licenses/LICENSE-2.0
     16 
     17       Unless required by applicable law or agreed to in writing, software
     18       distributed under the License is distributed on an "AS IS" BASIS,
     19       WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     20       See the License for the specific language governing permissions and
     21       limitations under the License.
     22   -->
     23 
     24 
     25 
     26 <p><em>2016  3  7  | 2016  3  8 </em></p>
     27 
     28 <p>Google  Android  OTA 
     29  Nexus Nexus 
     30  <a href="https://developers.google.com/android/nexus/images">Google Developers </a>
     31 LMY49H  Android M ( 2016  3  1 ) 
     32 
     33 <a href="https://support.google.com/nexus/answer/4457705">Nexus </a>
     34 </p>
     35 
     36 <p> 2016  2  1 
     37  48 
     38 Android  (AOSP)  AOSP 
     39 </p>
     40 
     41 <p>
     42 
     43 </p>
     44 
     45 <p>
     46  <a href="/security/enhancements/index.html">Android </a>
     47  ( SafetyNet) 
     48  Android <a href="#mitigations"></a>
     49 </p>
     50 
     51 <h2 id="security_vulnerability_summary"></h2>
     52 
     53 <p> (CVE) 
     54 <a href="/security/overview/updates-resources.html#severity"></a>
     55 
     56 
     57 </p>
     58 <table>
     59  <tr>
     60     <th></th>
     61     <th>CVE</th>
     62     <th></th>
     63  </tr>
     64  <tr>
     65     <td></td>
     66     <td>CVE-2016-0815<br>
     67         CVE-2016-0816</td>
     68     <td></td>
     69  </tr>
     70  <tr>
     71     <td>libvpx </td>
     72     <td>CVE-2016-1621</td>
     73     <td></td>
     74  </tr>
     75  <tr>
     76     <td>Conscrypt </td>
     77     <td>CVE-2016-0818</td>
     78     <td></td>
     79  </tr>
     80  <tr>
     81     <td>Qualcomm <br>
     82         </td>
     83     <td>CVE-2016-0819</td>
     84     <td></td>
     85  </tr>
     86  <tr>
     87     <td>MediaTek Wi-Fi </td>
     88     <td>CVE-2016-0820</td>
     89     <td></td>
     90  </tr>
     91  <tr>
     92     <td>Keyring </td>
     93     <td>CVE-2016-0728</td>
     94     <td></td>
     95  </tr>
     96  <tr>
     97     <td></td>
     98     <td>CVE-2016-0821</td>
     99     <td></td>
    100  </tr>
    101  <tr>
    102     <td>MediaTek </td>
    103     <td>CVE-2016-0822</td>
    104     <td></td>
    105  </tr>
    106  <tr>
    107     <td></td>
    108     <td>CVE-2016-0823</td>
    109     <td></td>
    110  </tr>
    111  <tr>
    112     <td>libstagefright </td>
    113     <td>CVE-2016-0824</td>
    114     <td></td>
    115  </tr>
    116  <tr>
    117     <td>Widevine </td>
    118     <td>CVE-2016-0825</td>
    119     <td></td>
    120  </tr>
    121  <tr>
    122     <td></td>
    123     <td>CVE-2016-0826<br>
    124         CVE-2016-0827</td>
    125     <td></td>
    126  </tr>
    127  <tr>
    128     <td></td>
    129     <td>CVE-2016-0828<br>
    130         CVE-2016-0829</td>
    131     <td></td>
    132  </tr>
    133  <tr>
    134     <td></td>
    135     <td>CVE-2016-0830</td>
    136     <td></td>
    137  </tr>
    138  <tr>
    139     <td></td>
    140     <td>CVE-2016-0831</td>
    141     <td></td>
    142  </tr>
    143  <tr>
    144     <td></td>
    145     <td>CVE-2016-0832</td>
    146     <td></td>
    147  </tr>
    148 </table>
    149 
    150 
    151 <h3 id="mitigations"></h3>
    152 
    153 
    154 <p> <a href="/security/enhancements/index.html">Android </a> SafetyNet 
    155 
    156  Android 
    157 
    158 </p>
    159 
    160 <ul>
    161   <li>Android 
    162  Android 
    163  Android
    164   <li>Android  SafetyNet 
    165 
    166 Google Play  Root 
    167  Google Play 
    168  Root 
    169 
    170 
    171 
    172   <li>Google Hangouts  Messenger 
    173 
    174 </li></li></li></ul>
    175 
    176 <h3 id="acknowledgements"></h3>
    177 
    178 
    179 <p></p>
    180 
    181 <ul>
    182   <li> Google Chrome  Abhishek AryaOliver Chang  Martin Barbella
    183 CVE-2016-0815
    184   <li> CENSUS S.A.  Anestis Bechtsoudis (<a href="https://twitter.com/anestisb">@anestisb</a>)CVE-2016-0816CVE-2016-0824
    185   <li> Android  Chad BrubakerCVE-2016-0818
    186   <li> Google Project Zero  Mark BrandCVE-2016-0820
    187   <li> <a href="http://www.360safe.com"> 360</a>  <a href="http://c0reteam.org">C0RE </a> Mingjian Zhou (<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>)Chiachih Wu (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>)  Xuxian JiangCVE-2016-0826
    188   <li>  Peter Pi (<a href="https://twitter.com/heisecode">@heisecode</a>)CVE-2016-0827CVE-2016-0828CVE-2016-0829
    189   <li> Scott Bauer (<a href="mailto:sbauer (a] eng.utah.edu">sbauer (a] eng.utah.edu</a><a href="mailto:sbauer (a] plzdonthack.me">sbauer (a] plzdonthack.me</a>)CVE-2016-0822
    190   <li>  Wish Wu (<a href="https://twitter.com/@wish_wu">@wish_wu</a>)CVE-2016-0819
    191   <li>  Yongzheng Wu  Tieyan LiCVE-2016-0831
    192   <li>  Su Mon Kywe  Yingjiu LiCVE-2016-0831
    193   <li> Android  Zach Riggle (<a href="https://twitter.com/@ebeip90">@ebeip90</a>)CVE-2016-0821
    194 </li></li></li></li></li></li></li></li></li></li></li></ul>
    195 
    196 <h2 id="security_vulnerability_details"></h2>
    197 
    198 
    199 <p><a href="#security_vulnerability_summary"></a>
    200 
    201  CVE
    202  AOSP 
    203 
    204  AOSP </p>
    205 
    206 <h3 id="remote_code_execution_vulnerability_in_mediaserver"></h3>
    207 
    208 
    209 <p>
    210 
    211 </p>
    212 
    213 <p>
    214 
    215 </p>
    216 
    217 <p>
    218 
    219 
    220 </p>
    221 <table>
    222  <tr>
    223     <th>CVE</th>
    224     <th> ( AOSP )</th>
    225     <th></th>
    226     <th></th>
    227     <th></th>
    228  </tr>
    229  <tr>
    230     <td>CVE-2016-0815</td>
    231     <td><a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/5403587a74aee2fb57076528c3927851531c8afb">ANDROID-26365349</a>
    232     </td>
    233     <td></td>
    234     <td>4.4.45.0.25.1.16.06.0.1</td>
    235     <td>Google </td>
    236  </tr>
    237  <tr>
    238     <td>CVE-2016-0816</td>
    239     <td><a href="https://android.googlesource.com/platform/external/libavc/+/4a524d3a8ae9aa20c36430008e6bd429443f8f1d">ANDROID-25928803</a>
    240     </td>
    241     <td></td>
    242     <td>6.06.0.1</td>
    243     <td>Google </td>
    244  </tr>
    245 </table>
    246 
    247 
    248 <h3 id="remote_code_execution_vulnerabilities_in_libvpx">libvpx </h3>
    249 
    250 
    251 <p>
    252 
    253 </p>
    254 
    255 <p>
    256 
    257 </p>
    258 
    259 <p>
    260 
    261 
    262 </p>
    263 <table>
    264  <tr>
    265     <th>CVE</th>
    266     <th> ( AOSP )</th>
    267     <th></th>
    268     <th></th>
    269     <th></th>
    270  </tr>
    271  <tr>
    272     <td>CVE-2016-1621</td>
    273     <td><a href="https://android.googlesource.com/platform/frameworks/av/+/5a6788730acfc6fd8f4a6ef89d2c376572a26b55">ANDROID-23452792</a>
    274         <a href="https://android.googlesource.com/platform/external/libvpx/+/04839626ed859623901ebd3a5fd483982186b59d">[2]</a>
    275         <a href="https://android.googlesource.com/platform/external/libvpx/+/5a9753fca56f0eeb9f61e342b2fccffc364f9426">[3]</a>
    276     </td>
    277     <td></td>
    278     <td>4.4.45.0.25.1.16.0</td>
    279     <td>Google </td>
    280  </tr>
    281 </table>
    282 
    283 
    284 <h3 id="elevation_of_privilege_in_conscrypt">Conscrypt </h3>
    285 
    286 <p>Conscrypt  (CA) </p>
    287 
    288 <table>
    289  <tr>
    290     <th>CVE</th>
    291     <th> ( AOSP )</th>
    292     <th></th>
    293     <th></th>
    294     <th></th>
    295  </tr>
    296  <tr>
    297     <td>CVE-2016-0818</td>
    298     <td><a href="https://android.googlesource.com/platform/external/conscrypt/+/c4ab1b959280413fb11bf4fd7f6b4c2ba38bd779">ANDROID-26232830</a>
    299         <a href="https://android.googlesource.com/platform/external/conscrypt/+/4c9f9c2201116acf790fca25af43995d29980ee0">[2]</a>
    300     </td>
    301     <td></td>
    302     <td>4.4.45.0.25.1.16.06.0.1</td>
    303     <td>Google </td>
    304  </tr>
    305 </table>
    306 
    307 
    308 <h3 id="elevation_of_privilege_vulnerability_in_the_qualcomm_performance_component">Qualcomm </h3>
    309 
    310 
    311 <p>Qualcomm 
    312 
    313  (Re-flash) 
    314 </p>
    315 <table>
    316  <tr>
    317     <th>CVE</th>
    318     <th></th>
    319     <th></th>
    320     <th></th>
    321     <th></th>
    322  </tr>
    323  <tr>
    324     <td>CVE-2016-0819</td>
    325     <td>ANDROID-25364034*</td>
    326     <td></td>
    327     <td>4.4.45.0.25.1.16.06.0.1</td>
    328     <td>2015  10  29 </td>
    329  </tr>
    330 </table>
    331 
    332 
    333 <p>*  AOSP  Nexus  <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a></p>
    334 
    335 <h3 id="elevation_of_privilege_vulnerability_in_mediatek_wi-fi_kernel_driver">MediaTek Wi-Fi </h3>
    336 
    337 
    338 <p> MediaTek Wi-Fi 
    339 
    340 
    341 </p>
    342 <table>
    343  <tr>
    344     <th>CVE</th>
    345     <th></th>
    346     <th></th>
    347     <th></th>
    348     <th></th>
    349  </tr>
    350  <tr>
    351     <td>CVE-2016-0820</td>
    352     <td>ANDROID-26267358*</td>
    353     <td></td>
    354     <td>6.0.1</td>
    355     <td>2015  12  18 </td>
    356  </tr>
    357 </table>
    358 
    359 
    360 <p>*  AOSP  Nexus  <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a></p>
    361 
    362 <h3 id="elevation_of_privilege_vulnerability_in_kernel_keyring_component"> Keyring </h3>
    363 
    364 
    365 <p> Keyring 
    366 
    367 
    368  (Re-flash) 
    369  Android 5.0 
    370 SELinux 
    371 </p>
    372 
    373 <p><strong></strong>AOSP 
    374 <a href="https://android.googlesource.com/kernel/common/+/8a8431507f8f5910db5ac85b72dbdc4ed8f6b308">4.1</a>
    375 <a href="https://android.googlesource.com/kernel/common/+/ba8bb5774ca7b1acc314c98638cf678ce0beb19a">3.18</a>
    376 <a href="https://android.googlesource.com/kernel/common/+/93faf7ad3d603c33b33e49318e81cf00f3a24a73">3.14</a> 
    377  <a href="https://android.googlesource.com/kernel/common/+/9fc5f368bb89b65b591c4f800dfbcc7432e49de5">3.10</a></p>
    378 <table>
    379  <tr>
    380     <th>CVE</th>
    381     <th></th>
    382     <th></th>
    383     <th></th>
    384     <th></th>
    385  </tr>
    386  <tr>
    387     <td>CVE-2016-0728</td>
    388     <td>ANDROID-26636379 </td>
    389     <td></td>
    390     <td>4.4.45.0.25.1.16.06.0.1</td>
    391     <td>2016  1  11 </td>
    392  </tr>
    393 </table>
    394 
    395 
    396 <h3 id="mitigation_bypass_vulnerability_in_the_kernel"></h3>
    397 
    398 
    399 <p>
    400 
    401 
    402 
    403 </p>
    404 
    405 <p><strong></strong>
    406 <a href="https://github.com/torvalds/linux/commit/8a5e5e02fc83aaf67053ab53b359af08c6c49aaf"> Linux Upstream</a> </p>
    407 
    408 <table>
    409  <tr>
    410     <th>CVE</th>
    411     <th></th>
    412     <th></th>
    413     <th></th>
    414     <th></th>
    415  </tr>
    416  <tr>
    417     <td>CVE-2016-0821</td>
    418     <td>ANDROID-26186802</td>
    419     <td></td>
    420     <td>6.0.1</td>
    421     <td>Google </td>
    422  </tr>
    423 </table>
    424 
    425 
    426 <h3 id="elevation_of_privilege_in_mediatek_connectivity_kernel_driver">MediaTek </h3>
    427 
    428 
    429 <p>MediaTek 
    430 
    431 
    432 
    433  conn_launcher 
    434 </p>
    435 <table>
    436  <tr>
    437     <th>CVE</th>
    438     <th></th>
    439     <th></th>
    440     <th></th>
    441     <th></th>
    442  </tr>
    443  <tr>
    444     <td>CVE-2016-0822</td>
    445     <td>ANDROID-25873324*</td>
    446     <td></td>
    447     <td>6.0.1</td>
    448     <td>2015  11  24 </td>
    449  </tr>
    450 </table>
    451 
    452 
    453 <p>*  AOSP  Nexus  <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a></p>
    454 
    455 <h3 id="information_disclosure_vulnerability_in_kernel"></h3>
    456 
    457 
    458 <p>
    459 
    460 
    461  ( ASLR)
    462 </p>
    463 
    464 <p><strong></strong>
    465 <a href="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ab676b7d6fbf4b294bf198fb27ade5b0e865c7ce"> Linux Upstream</a> </p>
    466 <table>
    467  <tr>
    468     <th>CVE</th>
    469     <th></th>
    470     <th></th>
    471     <th></th>
    472     <th></th>
    473  </tr>
    474  <tr>
    475     <td>CVE-2016-0823</td>
    476     <td>ANDROID-25739721*</td>
    477     <td></td>
    478     <td>6.0.1</td>
    479     <td>Google </td>
    480  </tr>
    481 </table>
    482 <p>*  AOSP  Nexus  <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a></p>
    483 
    484 <h3 id="information_disclosure_vulnerability_in_libstagefright">libstagefright </h3>
    485 
    486 
    487 <p>libstagefright 
    488 
    489 
    490  ( <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a>  <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> )</p>
    491 <table>
    492  <tr>
    493     <th>CVE</th>
    494     <th> ( AOSP )</th>
    495     <th></th>
    496     <th></th>
    497     <th></th>
    498  </tr>
    499  <tr>
    500     <td>CVE-2016-0824</td>
    501     <td><a href="https://android.googlesource.com/platform/external/libmpeg2/+/ffab15eb80630dc799eb410855c93525b75233c3">ANDROID-25765591</a>
    502     </td>
    503     <td></td>
    504     <td>6.06.0.1</td>
    505     <td>2015  11  18 </td>
    506  </tr>
    507 </table>
    508 
    509 
    510 <h3 id="information_disclosure_vulnerability_in_widevine">Widevine </h3>
    511 
    512 
    513 <p>Widevine Trusted Application 
    514  TrustZone 
    515 
    516  ( 
    517 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a>  
    518 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> 
    519 )</p>
    520 <table>
    521  <tr>
    522     <th>CVE</th>
    523     <th></th>
    524     <th></th>
    525     <th></th>
    526     <th></th>
    527  </tr>
    528  <tr>
    529     <td>CVE-2016-0825</td>
    530     <td>ANDROID-20860039*</td>
    531     <td></td>
    532     <td>6.0.1</td>
    533     <td>Google </td>
    534  </tr>
    535 </table>
    536 
    537 
    538 <p>*  AOSP  Nexus  <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a></p>
    539 
    540 <h3 id="elevation_of_privilege_vulnerability_in_mediaserver"></h3>
    541 
    542 
    543 <p>
    544 
    545 
    546  ( <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a>  <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> )</p>
    547 <table>
    548  <tr>
    549     <th>CVE</th>
    550     <th> ( AOSP )</th>
    551     <th></th>
    552     <th></th>
    553     <th></th>
    554  </tr>
    555  <tr>
    556     <td>CVE-2016-0826</td>
    557     <td><a href="https://android.googlesource.com/platform/frameworks/av/+/c9ab2b0bb05a7e19fb057e79b36e232809d70122">ANDROID-26265403</a> 
    558         <a href="https://android.googlesource.com/platform/frameworks/av/+/899823966e78552bb6dfd7772403a4f91471d2b0">[2]</a>
    559     </td>
    560     <td></td>
    561     <td>4.4.45.0.25.1.16.06.0.1</td>
    562     <td>2015  12  17 </td>
    563  </tr>
    564  <tr>
    565     <td>CVE-2016-0827</td>
    566     <td><a href="https://android.googlesource.com/platform/frameworks/av/+/9e29523b9537983b4c4b205ff868d0b3bca0383b">ANDROID-26347509</a></td>
    567     <td></td>
    568     <td>4.4.45.0.25.1.16.06.0.1</td>
    569     <td>2015  12  28 </td>
    570  </tr>
    571 </table>
    572 
    573 
    574 <h3 id="information_disclosure_vulnerability_in_mediaserver"></h3>
    575 
    576 
    577 <p>
    578 
    579 
    580  ( <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a>  <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> )</p>
    581 <table>
    582  <tr>
    583     <th>CVE</th>
    584     <th> ( AOSP )</th>
    585     <th></th>
    586     <th></th>
    587     <th></th>
    588  </tr>
    589  <tr>
    590     <td>CVE-2016-0828</td>
    591     <td><a href="https://android.googlesource.com/platform/frameworks/native/+/dded8fdbb700d6cc498debc69a780915bc34d755">ANDROID-26338113</a>
    592     </td>
    593     <td></td>
    594     <td>5.0.25.1.16.06.0.1</td>
    595     <td>2015  12  27 </td>
    596  </tr>
    597  <tr>
    598     <td>CVE-2016-0829</td>
    599     <td><a href="https://android.googlesource.com/platform/frameworks/native/+/d06421fd37fbb7fd07002e6738fac3a223cb1a62">ANDROID-26338109</a></td>
    600     <td></td>
    601     <td>4.4.45.0.25.1.16.06.0.1</td>
    602     <td>2015  12  27 </td>
    603  </tr>
    604 </table>
    605 
    606 
    607 <h3 id="remote_denial_of_service_vulnerability_in_bluetooth"></h3>
    608 
    609 
    610 <p>
    611 
    612 
    613 
    614 
    615  (Flash) </p>
    616 <table>
    617  <tr>
    618     <th>CVE</th>
    619     <th> ( AOSP )</th>
    620     <th></th>
    621     <th></th>
    622     <th></th>
    623  </tr>
    624  <tr>
    625     <td>CVE-2016-0830</td>
    626     <td><a href="https://android.googlesource.com/platform/system/bt/+/d77f1999ecece56c1cbb333f4ddc26f0b5bac2c5">ANDROID-26071376</a></td>
    627     <td></td>
    628     <td>6.06.0.1</td>
    629     <td>Google </td>
    630  </tr>
    631 </table>
    632 
    633 
    634 <h3 id="information_disclosure_vulnerability_in_telephony"></h3>
    635 
    636 
    637 <p>
    638 
    639 
    640 </p>
    641 <table>
    642  <tr>
    643     <th>CVE</th>
    644     <th> ( AOSP )</th>
    645     <th></th>
    646     <th></th>
    647     <th></th>
    648  </tr>
    649  <tr>
    650     <td>CVE-2016-0831</td>
    651     <td><a href="https://android.googlesource.com/platform/frameworks/opt/telephony/+/79eecef63f3ea99688333c19e22813f54d4a31b1">ANDROID-25778215</a></td>
    652     <td></td>
    653     <td>5.0.25.1.16.06.0.1</td>
    654     <td>2015  11  16 </td>
    655  </tr>
    656 </table>
    657 
    658 
    659 <h3 id="elevation_of_privilege_vulnerability_in_setup_wizard"></h3>
    660 
    661 
    662 <p>
    663 
    664 
    665 </p>
    666 <table>
    667  <tr>
    668     <th>CVE</th>
    669     <th></th>
    670     <th></th>
    671     <th></th>
    672     <th></th>
    673  </tr>
    674  <tr>
    675     <td>CVE-2016-0832</td>
    676     <td>ANDROID-25955042*</td>
    677     <td></td>
    678     <td>5.1.16.06.0.1</td>
    679     <td>Google </td>
    680  </tr>
    681 </table>
    682 
    683 
    684 <p>* </p>
    685 
    686 <h2 id="common_questions_and_answers"></h2>
    687 
    688 
    689 <p>
    690 </p>
    691 
    692 <p><strong>1. </strong></p>
    693 
    694 <p>LMY49H  Android 6.0 ( 2016  3 
    695  1 )  <a href="https://support.google.com/nexus/answer/4457705">Nexus </a>
    696 
    697 [ro.build.version.security_patch]:[2016-03-01]</p>
    698 
    699 <h2 id="revisions"></h2>
    700 
    701 
    702 <ul>
    703   <li> 2016  3  7 
    704   <li> 2016  3  8  AOSP 
    705 </li></li></ul>
    706 
    707   </body>
    708 </html>
    709