diff options
| author | Android Partner Docs <noreply@android.com> | 2018-07-02 22:04:20 -0700 |
|---|---|---|
| committer | Clay Murphy <claym@google.com> | 2018-07-02 22:54:25 -0700 |
| commit | ae1a64f7c44664473c34f98bd1cf7f73308e5690 (patch) | |
| tree | 16e1c81c8fcc762e3ed21fd67f59cf0d64d3be5c | |
| parent | 0f8b4d96661fce8e3d83deaa0283b6745e5fcf0f (diff) | |
| download | source.android.com-ae1a64f7c44664473c34f98bd1cf7f73308e5690.tar.gz | |
Docs: Changes to source.android.com
- 203064863 Devsite localized content from translation request 946904. by Android Partner Docs <noreply@android.com>
- 203031181 Add 2018-07 tags. by Android Partner Docs <noreply@android.com>
- 202968884 July 2018 Android and Pixel bulletins by Danielle Roberts <daroberts@google.com>
- 202968311 Devsite localized content from translation request 946303. by Android Partner Docs <noreply@android.com>
- 202968298 Devsite localized content from translation request 941622. by Android Partner Docs <noreply@android.com>
- 202968290 Devsite localized content from translation request 946301. by Android Partner Docs <noreply@android.com>
- 202658249 Devsite localized content from translation request 940578. by Android Partner Docs <noreply@android.com>
PiperOrigin-RevId: 203064863
Change-Id: I26b77840ecd900e26a274cd59fe3c686778fd81e
22 files changed, 1507 insertions, 150 deletions
diff --git a/en/security/_toc.yaml b/en/security/_toc.yaml index bb9d4e02..f21fb735 100644 --- a/en/security/_toc.yaml +++ b/en/security/_toc.yaml @@ -47,6 +47,8 @@ toc: section: - title: 2018 Bulletins section: + - title: July + path: /security/bulletin/2018-07-01 - title: June path: /security/bulletin/2018-06-01 - title: May @@ -137,6 +139,8 @@ toc: path: /security/bulletin/pixel/index - title: 2018 Bulletins section: + - title: July + path: /security/bulletin/pixel/2018-07-01 - title: June path: /security/bulletin/pixel/2018-06-01 - title: May diff --git a/en/security/bulletin/2018-07-01.html b/en/security/bulletin/2018-07-01.html new file mode 100644 index 00000000..c368b104 --- /dev/null +++ b/en/security/bulletin/2018-07-01.html @@ -0,0 +1,698 @@ +<html devsite> + <head> + <title>Android Security Bulletin—July 2018</title> + <meta name="project_path" value="/_project.yaml" /> + <meta name="book_path" value="/_book.yaml" /> + </head> + <body> + <!-- + Copyright 2018 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + //www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> +<p><em>Published July 2, 2018</em></p> + +<p> +The Android Security Bulletin contains details of security vulnerabilities +affecting Android devices. Security patch levels of 2018-07-05 or later address +all of these issues. To learn how to check a device's security patch level, see +<a href="https://support.google.com/pixelphone/answer/4457705">Check and update +your Android version</a>. +</p> +<p> +Android partners are notified of all issues at least a month before publication. +Source code patches for these issues will be released to the Android Open Source +Project (AOSP) repository in the next 48 hours. We will revise this bulletin +with the AOSP links when they are available. +</p> +<p> +The most severe of these issues is a critical security vulnerability in Media +framework that could enable a remote attacker using a specially crafted file to +execute arbitrary code within the context of a privileged process. The +<a href="/security/overview/updates-resources.html#severity">severity +assessment</a> is based on the effect that exploiting the vulnerability would +possibly have on an affected device, assuming the platform and service +mitigations are turned off for development purposes or if successfully bypassed. +</p> +<p> +We have had no reports of active customer exploitation or abuse of these newly +reported issues. Refer to the +<a href="#mitigations">Android and Google Play Protect mitigations</a> +section for details on the +<a href="/security/enhancements/index.html">Android security platform protections</a> +and Google Play Protect, which improve the security of the Android platform. +</p> +<p class="note"> +<strong>Note:</strong> Information on the latest over-the-air update (OTA) and +firmware images for Google devices is available in the +<a href="/security/bulletin/pixel/2018-07-01.html">July 2018 +Pixel / Nexus Security Bulletin</a>. +</p> + +<h2 id="mitigations">Android and Google service mitigations</h2> +<p> +This is a summary of the mitigations provided by the +<a href="/security/enhancements/index.html">Android security platform</a> +and service protections such as +<a href="https://www.android.com/play-protect">Google Play Protect</a>. +These capabilities reduce the likelihood that security vulnerabilities +could be successfully exploited on Android. +</p> +<ul> +<li>Exploitation for many issues on Android is made more difficult by +enhancements in newer versions of the Android platform. We encourage all users +to update to the latest version of Android where possible.</li> +<li>The Android security team actively monitors for abuse through +<a href="https://www.android.com/play-protect">Google Play Protect</a> +and warns users about +<a href="/security/reports/Google_Android_Security_PHA_classifications.pdf">Potentially +Harmful Applications</a>. Google Play Protect is enabled by default on devices +with <a href="http://www.android.com/gms">Google Mobile Services</a>, and is +especially important for users who install apps from outside of Google +Play.</li> +</ul> +<h2 id="2018-07-01-details">2018-07-01 security patch level vulnerability details</h2> +<p> +In the sections below, we provide details for each of the security +vulnerabilities that apply to the 2018-07-01 patch level. Vulnerabilities are +grouped under the component that they affect. There is a description of the +issue and a table with the CVE, associated references, +<a href="#type">type of vulnerability</a>, +<a href="/security/overview/updates-resources.html#severity">severity</a>, +and updated AOSP versions (where applicable). When available, we link the public +change that addressed the issue to the bug ID, like the AOSP change list. When +multiple changes relate to a single bug, additional references are linked to +numbers following the bug ID. +</p> + +<h3 id="framework">Framework</h3> +<p>The most severe vulnerability in this section could enable a remote attacker +using a specially crafted pac file to execute arbitrary code within the context +of a privileged process.</p> + +<table> + <col width="21%"> + <col width="21%"> + <col width="14%"> + <col width="14%"> + <col width="30%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Updated AOSP versions</th> + </tr> + <tr> + <td>CVE-2018-9433</td> + <td>A-38196219</td> + <td>RCE</td> + <td>Critical</td> + <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2018-9410</td> + <td>A-77822336</td> + <td>ID</td> + <td>High</td> + <td>8.0, 8.1</td> + </tr> +</table> + + +<h3 id="media-framework">Media framework</h3> +<p>The most severe vulnerability in this section could enable a remote attacker +using a specially crafted file to execute arbitrary code within the context of +a privileged process.</p> + +<table> + <col width="21%"> + <col width="21%"> + <col width="14%"> + <col width="14%"> + <col width="30%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Updated AOSP versions</th> + </tr> + <tr> + <td>CVE-2018-9411</td> + <td>A-79376389</td> + <td>RCE</td> + <td>Critical</td> + <td>8.0, 8.1</td> + </tr> + <tr> + <td>CVE-2018-9424</td> + <td>A-76221123</td> + <td>EoP</td> + <td>High</td> + <td>8.0, 8.1</td> + </tr> + <tr> + <td>CVE-2018-9428</td> + <td>A-74122779</td> + <td>EoP</td> + <td>High</td> + <td>8.1</td> + </tr> + <tr> + <td>CVE-2018-9412</td> + <td>A-78029004</td> + <td>DoS</td> + <td>High</td> + <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td> + </tr> + <tr> + <td>CVE-2018-9421</td> + <td>A-77237570</td> + <td>ID</td> + <td>High</td> + <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td> + </tr> +</table> + + +<h3 id="system">System</h3> +<p>The most severe vulnerability in this section could enable a remote attacker +using a specially crafted file to execute arbitrary code within the context of +a privileged process.</p> + +<table> + <col width="21%"> + <col width="21%"> + <col width="14%"> + <col width="14%"> + <col width="30%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Updated AOSP versions</th> + </tr> + <tr> + <td>CVE-2018-9365</td> + <td>A-74121126</td> + <td>RCE</td> + <td>Critical</td> + <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td> + </tr> + <tr> + <td>CVE-2018-9432</td> + <td>A-73173182</td> + <td>EoP</td> + <td>High</td> + <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td> + </tr> + <tr> + <td>CVE-2018-9420</td> + <td>A-77238656</td> + <td>ID</td> + <td>High</td> + <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td> + </tr> + <tr> + <td>CVE-2018-9419</td> + <td>A-74121659</td> + <td>ID</td> + <td>High</td> + <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1</td> + </tr> +</table> + + +<h2 id="2018-07-05-details">2018-07-05 security patch level vulnerability details</h2> +<p> +In the sections below, we provide details for each of the security +vulnerabilities that apply to the 2018-07-05 patch level. Vulnerabilities are +grouped under the component that they affect and include details such as the +CVE, associated references, <a href="#type">type of vulnerability</a>, +<a href="/security/overview/updates-resources.html#severity">severity</a>, +component (where applicable), and updated AOSP versions (where applicable). When +available, we link the public change that addressed the issue to the bug ID, +like the AOSP change list. When multiple changes relate to a single bug, +additional references are linked to numbers following the bug ID. +</p> + +<h3 id="kernel-components">Kernel components</h3> +<p>The most severe vulnerability in this section could enable a local malicious +application to execute arbitrary code within the context of a privileged +process.</p> + +<table> + <col width="21%"> + <col width="21%"> + <col width="14%"> + <col width="14%"> + <col width="30%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Component</th> + </tr> + <tr> + <td>CVE-2018-5703</td> + <td>A-73543437<br> + <a href="https://patchwork.ozlabs.org/patch/801530/">Upstream kernel</a></td> + <td>EoP</td> + <td>High</td> + <td>IPV6 stack</td> + </tr> + <tr> + <td>CVE-2018-9422</td> + <td>A-74250718<br> + <a href="https://patchwork.kernel.org/patch/8265111/">Upstream kernel</a></td> + <td>EoP</td> + <td>High</td> + <td>futex</td> + </tr> + <tr> + <td>CVE-2018-9417</td> + <td>A-74447444*<br> + Upstream kernel<a href="#asterisk">*</a></td> + <td>EoP</td> + <td>High</td> + <td>USB driver</td> + </tr> + <tr> + <td>CVE-2018-6927</td> + <td>A-76106267<br> + <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fbe0e839d1e22d88810f3ee3e2f1479be4c0aa4a">Upstream kernel</a></td> + <td>EoP</td> + <td>High</td> + <td>futex</td> + </tr> +</table> + + +<h3 id="qualcomm-components">Qualcomm components</h3> +<p>The most severe vulnerability in this section could enable a proximate +attacker using a specially crafted file to execute arbitrary code within the +context of a privileged process.</p> + +<table> + <col width="21%"> + <col width="21%"> + <col width="14%"> + <col width="14%"> + <col width="30%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Component</th> + </tr> +<tr> + <td>CVE-2018-5872</td> + <td>A-77528138<br> + <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qca-wifi-host-cmn/commit/?id=7d65c1b32df795d4e95cdf2cfb624126f5125220">QC-CR#2183014</a></td> + <td>RCE</td> + <td>Critical</td> + <td>WLAN</td> + </tr> + <tr> + <td>CVE-2018-5855</td> + <td>A-77527719<br> + <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qca-wifi-host-cmn/commit/?id=61f4a467177afc23bdc1944ec61e52bed156c104">QC-CR#2181685</a></td> + <td>ID</td> + <td>High</td> + <td>WLAN</td> + </tr> + <tr> + <td>CVE-2017-13077, CVE-2017-13078</td> + <td>A-78285557<br> + <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=5c671a69c57ce4fd84f0eaf082b336a49d0cf5dd">QC-CR#2133114</a></td> + <td>ID</td> + <td>High</td> + <td>WLAN</td> + </tr> + <tr> + <td>CVE-2018-5873</td> + <td>A-77528487<br> + <a href="https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=34742aaf7cb16c95edba4a7afed6d2c4fa7e434b">QC-CR#2166382</a></td> + <td>EoP</td> + <td>High</td> + <td>nsfs</td> + </tr> + <tr> + <td>CVE-2018-5838</td> + <td>A-63146462<a href="#asterisk">*</a><br> + QC-CR#2151011</td> + <td>EoP</td> + <td>High</td> + <td>OpenGL ES driver</td> + </tr> + <tr> + <td>CVE-2018-3586</td> + <td>A-63165135<a href="#asterisk">*</a><br> + QC-CR#2139538<br> + QC-CR#2073777</td> + <td>RCE</td> + <td>High</td> + <td>ADSPRPC heap manager</td> + </tr> +</table> + + +<h3 id="qualcomm-closed-source-components">Qualcomm closed-source components</h3> +<p>These vulnerabilities affect Qualcomm components and are described in +further detail in the appropriate Qualcomm AMSS security bulletin or security +alert. The severity assessment of these issues is provided directly by Qualcomm.</p> + +<table> + <col width="21%"> + <col width="21%"> + <col width="14%"> + <col width="14%"> + <col width="30%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Component</th> + </tr> + <tr> + <td>CVE-2017-18171</td> + <td>A-78240792<a href="#asterisk">*</a></td> + <td>N/A</td> + <td>Critical</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2017-18277</td> + <td>A-78240715<a href="#asterisk">*</a></td> + <td>N/A</td> + <td>High</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2017-18172</td> + <td>A-78240449<a href="#asterisk">*</a></td> + <td>N/A</td> + <td>High</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2017-18170</td> + <td>A-78240612<a href="#asterisk">*</a></td> + <td>N/A</td> + <td>High</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2017-15841</td> + <td>A-78240794<a href="#asterisk">*</a></td> + <td>N/A</td> + <td>High</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2017-18173</td> + <td>A-78240199<a href="#asterisk">*</a></td> + <td>N/A</td> + <td>High</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2017-18278</td> + <td>A-78240071<a href="#asterisk">*</a></td> + <td>N/A</td> + <td>High</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2016-2108</td> + <td>A-78240736<a href="#asterisk">*</a></td> + <td>N/A</td> + <td>Critical</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2017-18275</td> + <td>A-78242049<a href="#asterisk">*</a></td> + <td>N/A</td> + <td>High</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2017-18279</td> + <td>A-78241971<a href="#asterisk">*</a></td> + <td>N/A</td> + <td>High</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2017-18274</td> + <td>A-78241834<a href="#asterisk">*</a></td> + <td>N/A</td> + <td>High</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2017-18276</td> + <td>A-78241375<a href="#asterisk">*</a></td> + <td>N/A</td> + <td>High</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2017-18131</td> + <td>A-68989823<a href="#asterisk">*</a></td> + <td>N/A</td> + <td>High</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2018-11259</td> + <td>A-72951265<a href="#asterisk">*</a></td> + <td>N/A</td> + <td>Critical</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2018-11258</td> + <td>A-72951054<a href="#asterisk">*</a></td> + <td>N/A</td> + <td>High</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2018-11257</td> + <td>A-74235874<a href="#asterisk">*</a></td> + <td>N/A</td> + <td>Critical</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2018-5837</td> + <td>A-74236406<a href="#asterisk">*</a></td> + <td>N/A</td> + <td>High</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2018-5876</td> + <td>A-77485022<a href="#asterisk">*</a></td> + <td>N/A</td> + <td>Critical</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2018-5875</td> + <td>A-77485183<a href="#asterisk">*</a></td> + <td>N/A</td> + <td>Critical</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2018-5874</td> + <td>A-77485139<a href="#asterisk">*</a></td> + <td>N/A</td> + <td>Critical</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2018-5882</td> + <td>A-77483830<a href="#asterisk">*</a></td> + <td>N/A</td> + <td>High</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2018-5878</td> + <td>A-77484449<a href="#asterisk">*</a></td> + <td>N/A</td> + <td>High</td> + <td>Closed-source component</td> + </tr> +</table> + +<h2 id="common-questions-and-answers">Common questions and answers</h2> +<p>This section answers common questions that may occur after reading this bulletin.</p> +<p><strong>1. How do I determine if my device is updated to address these issues?</strong></p> +<p>To learn how to check a device's security patch level, see +<a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Check +and update your Android version</a>.</p> +<ul> +<li>Security patch levels of 2018-07-01 or later address all issues associated +with the 2018-07-01 security patch level.</li> +<li>Security patch levels of 2018-07-05 or later address all issues associated +with the 2018-07-05 security patch level and all previous patch levels.</li> +</ul> +<p>Device manufacturers that include these updates should set the patch string level to:</p> +<ul> + <li>[ro.build.version.security_patch]:[2018-07-01]</li> + <li>[ro.build.version.security_patch]:[2018-07-05]</li> +</ul> +<p><strong>2. Why does this bulletin have two security patch levels?</strong></p> +<p> +This bulletin has two security patch levels so that Android partners have the +flexibility to fix a subset of vulnerabilities that are similar across all +Android devices more quickly. Android partners are encouraged to fix all issues +in this bulletin and use the latest security patch level. +</p> +<ul> +<li>Devices that use the 2018-07-01 security patch level must include all issues +associated with that security patch level, as well as fixes for all issues +reported in previous security bulletins.</li> +<li>Devices that use the security patch level of 2018-07-05 or newer must +include all applicable patches in this (and previous) security +bulletins.</li> +</ul> +<p> +Partners are encouraged to bundle the fixes for all issues they are addressing +in a single update. +</p> +<p id="type"> +<strong>3. What do the entries in the <em>Type</em> column mean?</strong> +</p> +<p> +Entries in the <em>Type</em> column of the vulnerability details table reference +the classification of the security vulnerability. +</p> +<table> + <col width="25%"> + <col width="75%"> + <tr> + <th>Abbreviation</th> + <th>Definition</th> + </tr> + <tr> + <td>RCE</td> + <td>Remote code execution</td> + </tr> + <tr> + <td>EoP</td> + <td>Elevation of privilege</td> + </tr> + <tr> + <td>ID</td> + <td>Information disclosure</td> + </tr> + <tr> + <td>DoS</td> + <td>Denial of service</td> + </tr> + <tr> + <td>N/A</td> + <td>Classification not available</td> + </tr> +</table> +<p> +<strong>4. What do the entries in the <em>References</em> column mean?</strong> +</p> +<p> +Entries under the <em>References</em> column of the vulnerability details table +may contain a prefix identifying the organization to which the reference value belongs. +</p> +<table> + <col width="25%"> + <col width="75%"> + <tr> + <th>Prefix</th> + <th>Reference</th> + </tr> + <tr> + <td>A-</td> + <td>Android bug ID</td> + </tr> + <tr> + <td>QC-</td> + <td>Qualcomm reference number</td> + </tr> + <tr> + <td>M-</td> + <td>MediaTek reference number</td> + </tr> + <tr> + <td>N-</td> + <td>NVIDIA reference number</td> + </tr> + <tr> + <td>B-</td> + <td>Broadcom reference number</td> + </tr> +</table> +<p id="asterisk"> +<strong>5. What does a * next to the Android bug ID in the <em>References</em> +column mean?</strong> +</p> +<p> +Issues that are not publicly available have a * next to the Android bug ID in +the <em>References</em> column. The update for that issue is generally contained +in the latest binary drivers for Pixel / Nexus devices available from the +<a href="https://developers.google.com/android/drivers">Google Developer site</a>. +</p> +<p> +<strong>6. Why are security vulnerabilities split between this bulletin and +device/partner security bulletins, such as the Pixel / Nexus bulletin?</strong> +</p> +<p> +Security vulnerabilities that are documented in this security bulletin are +required in order to declare the latest security patch level on Android devices. +Additional security vulnerabilities that are documented in the +device / partner security bulletins are not required for declaring +a security patch level. Android device and chipset manufacturers are encouraged +to document the presence of other fixes on their devices through their own security +websites, such as the +<a href="https://security.samsungmobile.com/securityUpdate.smsb">Samsung</a>, +<a href="https://lgsecurity.lge.com/security_updates.html">LGE</a>, or +<a href="/security/bulletin/pixel/">Pixel / Nexus</a> +security bulletins. +</p> +<h2 id="versions">Versions</h2> +<table> + <col width="25%"> + <col width="25%"> + <col width="50%"> + <tr> + <th>Version</th> + <th>Date</th> + <th>Notes</th> + </tr> + <tr> + <td>1.0</td> + <td>July 2, 2018</td> + <td>Bulletin published.</td> + </tr> +</table> +</body></html> + diff --git a/en/security/bulletin/2018.html b/en/security/bulletin/2018.html index 5fc185d6..23d7f45f 100644 --- a/en/security/bulletin/2018.html +++ b/en/security/bulletin/2018.html @@ -37,6 +37,22 @@ of all bulletins, see the <a href="/security/bulletin/index.html">Android Securi <th>Security patch level</th> </tr> <tr> + <td><a href="/security/bulletin/2018-07-01.html">July 2018</a></td> + <td>Coming soon + <!-- + <a href="/security/bulletin/2018-07-01.html">English</a> / + <a href="/security/bulletin/2018-07-01.html?hl=ja">日本語</a> / + <a href="/security/bulletin/2018-07-01.html?hl=ko">한국어</a> / + <a href="/security/bulletin/2018-07-01.html?hl=ru">ру́сский</a> / + <a href="/security/bulletin/2018-07-01.html?hl=zh-cn">中文 (中国)</a> / + <a href="/security/bulletin/2018-07-01.html?hl=zh-tw">中文 (台灣)</a> + --> + </td> + <td>July 2, 2018</td> + <td>2018-07-01<br> + 2018-07-05</td> + </tr> + <tr> <td><a href="/security/bulletin/2018-06-01.html">June 2018</a></td> <td> <a href="/security/bulletin/2018-06-01.html">English</a> / diff --git a/en/security/bulletin/index.html b/en/security/bulletin/index.html index 17d6cc2e..68baf356 100644 --- a/en/security/bulletin/index.html +++ b/en/security/bulletin/index.html @@ -69,6 +69,22 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <th>Security patch level</th> </tr> <tr> + <td><a href="/security/bulletin/2018-07-01.html">July 2018</a></td> + <td>Coming soon + <!-- + <a href="/security/bulletin/2018-07-01.html">English</a> / + <a href="/security/bulletin/2018-07-01.html?hl=ja">日本語</a> / + <a href="/security/bulletin/2018-07-01.html?hl=ko">한국어</a> / + <a href="/security/bulletin/2018-07-01.html?hl=ru">ру́сский</a> / + <a href="/security/bulletin/2018-07-01.html?hl=zh-cn">中文 (中国)</a> / + <a href="/security/bulletin/2018-07-01.html?hl=zh-tw">中文 (台灣)</a> + --> + </td> + <td>July 2, 2018</td> + <td>2018-07-01<br> + 2018-07-05</td> + </tr> + <tr> <td><a href="/security/bulletin/2018-06-01.html">June 2018</a></td> <td> <a href="/security/bulletin/2018-06-01.html">English</a> / @@ -81,6 +97,7 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <td>June 4, 2018</td> <td>2018-06-01<br> 2018-06-05</td> + </tr> <tr> <td><a href="/security/bulletin/2018-05-01.html">May 2018</a></td> <td> diff --git a/en/security/bulletin/pixel/2018-07-01.html b/en/security/bulletin/pixel/2018-07-01.html new file mode 100644 index 00000000..9adab9c2 --- /dev/null +++ b/en/security/bulletin/pixel/2018-07-01.html @@ -0,0 +1,509 @@ +<html devsite> + <head> + <title>Pixel / Nexus Security Bulletin—July 2018</title> + <meta name="project_path" value="/_project.yaml" /> + <meta name="book_path" value="/_book.yaml" /> + </head> + <body> + <!-- + Copyright 2018 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + //www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> + +<p><em>Published July 2, 2018</em></p> + +<p> +The Pixel / Nexus Security Bulletin contains details of security +vulnerabilities and functional improvements affecting +<a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">supported +Google Pixel and Nexus devices</a> (Google devices). +For Google devices, security patch levels of 2018-07-05 or later address all +issues in this bulletin and all issues in the July 2018 Android Security +Bulletin. To learn how to check a device's security patch level, see +<a href="https://support.google.com/pixelphone/answer/4457705">Check & update your +Android version</a>. +</p> +<p> +All supported Google devices will receive an update to the 2018-07-05 patch +level. We encourage all customers to accept these updates to their devices. +</p> +<p class="note"> +<strong>Note:</strong> The Google device firmware images are available on the +<a href="https://developers.google.com/android/images">Google Developer +site</a>. +</p> + +<h2 id="announcements">Announcements</h2> +<p>In addition to the security vulnerabilities described in the July 2018 +Android Security Bulletin, Pixel and Nexus devices also contain patches for the +security vulnerabilities described below. Partners were notified of these issues +at least a month ago and may choose to incorporate them as part of their device +updates.</p> + +<h2 id="security-patches">Security patches</h2> +<p> +Vulnerabilities are grouped under the component that they affect. There is a +description of the issue and a table with the CVE, associated references, +<a href="#type">type of vulnerability</a>, +<a href="https://source.android.com/security/overview/updates-resources.html#severity">severity</a>, +and updated Android Open Source Project (AOSP) versions (where applicable). When +available, we link the public change that addressed the issue to the bug ID, +like the AOSP change list. When multiple changes relate to a single bug, +additional references are linked to numbers following the bug ID. +</p> + +<h3 id="framework">Framework</h3> + +<table> + <col width="21%"> + <col width="21%"> + <col width="14%"> + <col width="14%"> + <col width="30%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Updated AOSP versions</th> + </tr> + <tr> + <td>CVE-2018-9426</td> + <td>A-79148652</td> + <td>ID</td> + <td>Moderate</td> + <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1</td> + </tr> + <tr> + <td>CVE-2018-9376</td> + <td>A-69981755</td> + <td>EoP</td> + <td>Moderate</td> + <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td> + </tr> + <tr> + <td>CVE-2018-9434</td> + <td>A-29833520</td> + <td>ID</td> + <td>Moderate</td> + <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td> + </tr> +</table> + + +<h3 id="media-framework">Media framework</h3> + +<table> + <col width="21%"> + <col width="21%"> + <col width="14%"> + <col width="14%"> + <col width="30%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Updated AOSP versions</th> + </tr> + <tr> + <td>CVE-2018-9429</td> + <td>A-73927042</td> + <td>ID</td> + <td>Moderate</td> + <td>8.1</td> + </tr> + <tr> + <td>CVE-2018-9423</td> + <td>A-77599438</td> + <td>ID</td> + <td>Moderate</td> + <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1</td> + </tr> +</table> + + +<h3 id="system">System</h3> + +<table> + <col width="21%"> + <col width="21%"> + <col width="14%"> + <col width="14%"> + <col width="30%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Updated AOSP versions</th> + </tr> + <tr> + <td>CVE-2018-9413</td> + <td>A-73782082</td> + <td>RCE</td> + <td>Moderate</td> + <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1</td> + </tr> + <tr> + <td>CVE-2018-9418</td> + <td>A-73824150</td> + <td>RCE</td> + <td>Moderate</td> + <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1</td> + </tr> + <tr> + <td>CVE-2018-9430</td> + <td>A-73963551</td> + <td>RCE</td> + <td>Moderate</td> + <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td> + </tr> + <tr> + <td>CVE-2018-9414</td> + <td>A-78787521</td> + <td>EoP</td> + <td>Moderate</td> + <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td> + </tr> + <tr> + <td>CVE-2018-9431</td> + <td>A-77600924</td> + <td>EoP</td> + <td>Moderate</td> + <td>8.0, 8.1</td> + </tr> +</table> + + +<h3 id="kernel-components">Kernel components</h3> + +<table> + <col width="21%"> + <col width="21%"> + <col width="14%"> + <col width="14%"> + <col width="30%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Component</th> + </tr> + <tr> + <td>CVE-2018-9416</td> + <td>A-75300370<a href="#asterisk">*</a></td> + <td>EoP</td> + <td>Moderate</td> + <td>SCSI driver</td> + </tr> + + <tr> + <td>CVE-2018-9415</td> + <td>A-69129004<br> + <a href="https://patchwork.kernel.org/patch/9946759/">Upstream kernel</a></td> + <td>EoP</td> + <td>Moderate</td> + <td>AMBA driver</td> + </tr> + + <tr> + <td>CVE-2018-7995</td> + <td>A-77694092<br> +<a href="https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=b3b7c4795ccab5be71f080774c45bbbcc75c2aaf">Upstream kernel</a></td> + <td>EoP</td> + <td>Moderate</td> + <td>mcheck</td> + </tr> + + <tr> + <td>CVE-2018-1065</td> + <td>A-76206188<br> +<a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=57ebd808a97d7c5b1e1afb937c2db22beba3c1f8">Upstream kernel</a></td> + <td>EoP</td> + <td>Moderate</td> + <td>netfilter</td> + </tr> + + <tr> + <td>CVE-2017-1821</td> + <td>A-76874268<br> +<a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=27463ad99f738ed93c7c8b3e2e5bc8c4853a2ff2">Upstream kernel</a></td> + <td>EoP</td> + <td>Moderate</td> + <td>Ethernet</td> + </tr> + + <tr> + <td>CVE-2017-1000</td> + <td>A-68806309<br> +<a href="https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=85f1bd9a7b5a79d5baa8bf44af19658f7bf77bfa">Upstream kernel</a></td> + <td>EoP</td> + <td>Moderate</td> + <td>Linux kernel</td> + </tr> +</table> + + +<h3 id="qualcomm-components">Qualcomm components</h3> + +<table> + <col width="21%"> + <col width="21%"> + <col width="14%"> + <col width="14%"> + <col width="30%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Component</th> + </tr> + <tr> + <td>CVE-2018-5865</td> + <td>A-77528512<br> + <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=8fb4202e3bb8cfbbb9f9f0e8695891c9971cfcc2">QC-CR#2179937</a></td> + <td>ID</td> + <td>Moderate</td> + <td>fwlog</td> + </tr> + <tr> + <td>CVE-2018-5864</td> + <td>A-77528805<br> + <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=9c042f7827e0d21e5b93c04b418bca0230de91dc">QC-CR#2170392</a></td> + <td>ID</td> + <td>Moderate</td> + <td>WMA</td> + </tr> + <tr> + <td>CVE-2018-11304</td> + <td>A-73242483<a href="#asterisk">*</a><br> + QC-CR#2209291</td> + <td>EoP</td> + <td>Moderate</td> + <td>Sound driver</td> + </tr> + <tr> + <td>CVE-2018-5907</td> + <td>A-72710411<a href="#asterisk">*</a><br> + QC-CR#2209291</td> + <td>EoP</td> + <td>Moderate</td> + <td>sound driver</td> + </tr> + <tr> + <td>CVE-2018-5862</td> + <td>A-77528300<br> + <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=41ad3f76792e08a84962a0b8e9cfb1ba6c4c9ca6">QC-CR#2153343</a></td> + <td>EoP</td> + <td>Moderate</td> + <td>WLAN</td> + </tr> + <tr> + <td>CVE-2018-5859</td> + <td>A-77527701<br> + <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=36400a7fa3753028a3bf89a9cdb28c5e25693c59">QC-CR#2146486</a></td> + <td>EoP</td> + <td>Moderate</td> + <td>Video driver</td> + </tr> + <tr> + <td>CVE-2018-5858</td> + <td>A-77528653<br> + <a href="https://source.codeaurora.org/quic/la/platform/vendor/opensource/audio-kernel/commit/?id=78193fa06b267c1d6582e5e6f9fb779cf067015e">QC-CR#2174725</a> + [<a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=cd1f0cdd4715e8eae4066bd34df2eef4cf94bd7f">2</a>]</td> + <td>EoP</td> + <td>Moderate</td> + <td>Audio</td> + </tr> + <tr> + <td>CVE-2018-3570</td> + <td>A-72956998<br> + <a href="https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=5f3b521525689671f2925a49121d0abe28a0a398">QC-CR#2149165</a></td> + <td>EoP</td> + <td>Moderate</td> + <td>cpuidle driver</td> + </tr> + <tr> + <td>CVE-2017-15851</td> + <td>A-38258851<a href="#asterisk">*</a><br> + QC-CR#2078155</td> + <td>EoP</td> + <td>Moderate</td> + <td>Camerav2</td> + </tr> + <tr> + <td>CVE-2017-0606</td> + <td>A-34088848<a href="#asterisk">*</a><br> + QC-CR#2148210<br> + QC-CR#2022490</td> + <td>EoP</td> + <td>Moderate</td> + <td>/dev/voice_svc driver</td> + </tr> +</table> + +<h2 id="functional-patches">Functional patches</h2> +<p> +These updates are included for affected Pixel devices to address functionality +issues not related to the security of Pixel devices. The table includes +associated references; the affected category, such as Bluetooth or mobile data; +improvements; and affected devices. +</p> + +<table> + <tr> + <th>References</th> + <th>Category</th> + <th>Improvements</th> + <th>Devices</th> + </tr> + <tr> + <td>A-73204553</td> + <td>Connectivity</td> + <td>Improve consistency of Wi-Fi connections with certain routers</td> + <td>Pixel 2, Pixel 2 XL</td> + </tr> +</table> + +<h2 id="common-questions-and-answers">Common questions and answers</h2> +<p> +This section answers common questions that may occur after reading this +bulletin. +</p> +<p> +<strong>1. How do I determine if my device is updated to address these issues? +</strong> +</p> +<p> +Security patch levels of 2018-07-05 or later address all issues associated with +the 2018-07-05 security patch level and all previous patch levels. To learn how +to check a device's security patch level, read the instructions on the <a +href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel +and Nexus update schedule</a>. +</p> +<p id="type"> +<strong>2. What do the entries in the <em>Type</em> column mean?</strong> +</p> +<p> +Entries in the <em>Type</em> column of the vulnerability details table reference +the classification of the security vulnerability. +</p> +<table> + <col width="25%"> + <col width="75%"> + <tr> + <th>Abbreviation</th> + <th>Definition</th> + </tr> + <tr> + <td>RCE</td> + <td>Remote code execution</td> + </tr> + <tr> + <td>EoP</td> + <td>Elevation of privilege</td> + </tr> + <tr> + <td>ID</td> + <td>Information disclosure</td> + </tr> + <tr> + <td>DoS</td> + <td>Denial of service</td> + </tr> + <tr> + <td>N/A</td> + <td>Classification not available</td> + </tr> +</table> +<p> +<strong>3. What do the entries in the <em>References</em> column mean?</strong> +</p> +<p> +Entries under the <em>References</em> column of the vulnerability details table +may contain a prefix identifying the organization to which the reference value +belongs. +</p> +<table> + <col width="25%"> + <col width="75%"> + <tr> + <th>Prefix</th> + <th>Reference</th> + </tr> + <tr> + <td>A-</td> + <td>Android bug ID</td> + </tr> + <tr> + <td>QC-</td> + <td>Qualcomm reference number</td> + </tr> + <tr> + <td>M-</td> + <td>MediaTek reference number</td> + </tr> + <tr> + <td>N-</td> + <td>NVIDIA reference number</td> + </tr> + <tr> + <td>B-</td> + <td>Broadcom reference number</td> + </tr> +</table> +<p id="asterisk"> +<strong>4. What does a * next to the Android bug ID in the <em>References</em> +column mean?</strong> +</p> +<p> +Issues that are not publicly available have a * next to the Android bug ID in +the <em>References</em> column. The update for that issue is generally contained +in the latest binary drivers for Pixel / Nexus devices available +from the <a href="https://developers.google.com/android/nexus/drivers">Google +Developer site</a>. +</p> +<p> +<strong>5. Why are security vulnerabilities split between this bulletin and the +Android Security Bulletins?</strong> +</p> +<p> +Security vulnerabilities that are documented in the Android Security Bulletins +are required in order to declare the latest security patch level on Android +devices. Additional security vulnerabilities, such as those documented in this +bulletin are not required for declaring a security patch level. +</p> +<h2 id="versions">Versions</h2> +<table> + <col width="25%"> + <col width="25%"> + <col width="50%"> + <tr> + <th>Version</th> + <th>Date</th> + <th>Notes</th> + </tr> + <tr> + <td>1.0</td> + <td>July 2, 2018</td> + <td>Bulletin published.</td> + </tr> +</table> + + </body> +</html> + diff --git a/en/security/bulletin/pixel/2018.html b/en/security/bulletin/pixel/2018.html index f78661eb..f41c9438 100644 --- a/en/security/bulletin/pixel/2018.html +++ b/en/security/bulletin/pixel/2018.html @@ -39,6 +39,21 @@ Bulletins</a> homepage.</p> <th>Security patch level</th> </tr> <tr> + <td><a href="/security/bulletin/pixel/2018-07-01.html">July 2018</a></td> + <td>Coming soon + <!-- + <a href="/security/bulletin/pixel/2018-07-01.html">English</a> / + <a href="/security/bulletin/pixel/2018-07-01.html?hl=ja">日本語</a> / + <a href="/security/bulletin/pixel/2018-07-01.html?hl=ko">한국어</a> / + <a href="/security/bulletin/pixel/2018-07-01.html?hl=ru">ру́сский</a> / + <a href="/security/bulletin/pixel/2018-07-01.html?hl=zh-cn">中文 (中国)</a> / + <a href="/security/bulletin/pixel/2018-07-01.html?hl=zh-tw">中文 (台灣)</a> + --> + </td> + <td>July 2, 2018</td> + <td>2018-07-05</td> + </tr> + <tr> <td><a href="/security/bulletin/pixel/2018-06-01.html">June 2018</a></td> <td> <a href="/security/bulletin/pixel/2018-06-01.html">English</a> / @@ -84,9 +99,7 @@ Bulletins</a> homepage.</p> <a href="/security/bulletin/pixel/2018-03-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/pixel/2018-03-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/pixel/2018-03-01.html?hl=ru">ру́сский</a> / - <!-- <a href="/security/bulletin/pixel/2018-03-01.html?hl=zh-cn">中文 (中国)</a> / - --> <a href="/security/bulletin/pixel/2018-03-01.html?hl=zh-tw">中文 (台灣)</a> </td> <td>March 2018</td> diff --git a/en/security/bulletin/pixel/index.html b/en/security/bulletin/pixel/index.html index 3d7100a8..146f4b33 100644 --- a/en/security/bulletin/pixel/index.html +++ b/en/security/bulletin/pixel/index.html @@ -59,6 +59,21 @@ AOSP 24–48 hours after the Pixel / Nexus bulletin is release <th>Security patch level</th> </tr> <tr> + <td><a href="/security/bulletin/pixel/2018-07-01.html">July 2018</a></td> + <td>Coming soon + <!-- + <a href="/security/bulletin/pixel/2018-07-01.html">English</a> / + <a href="/security/bulletin/pixel/2018-07-01.html?hl=ja">日本語</a> / + <a href="/security/bulletin/pixel/2018-07-01.html?hl=ko">한국어</a> / + <a href="/security/bulletin/pixel/2018-07-01.html?hl=ru">ру́сский</a> / + <a href="/security/bulletin/pixel/2018-07-01.html?hl=zh-cn">中文 (中国)</a> / + <a href="/security/bulletin/pixel/2018-07-01.html?hl=zh-tw">中文 (台灣)</a> + --> + </td> + <td>July 2, 2018</td> + <td>2018-07-05</td> + </tr> + <tr> <td><a href="/security/bulletin/pixel/2018-06-01.html">June 2018</a></td> <td> <a href="/security/bulletin/pixel/2018-06-01.html">English</a> / diff --git a/en/security/overview/acknowledgements.html b/en/security/overview/acknowledgements.html index a3934fee..5db2794e 100644 --- a/en/security/overview/acknowledgements.html +++ b/en/security/overview/acknowledgements.html @@ -37,6 +37,85 @@ Rewards</a> program.</p> <p>In 2018, the security acknowledgements are listed by month. In prior years, acknowledgements were listed together.</p> +<h4 id="july-2018">July</h4> + <table> + <col width="70%"> + <col width="30%"> + <tr> + <th>Researchers</th> + <th>CVEs</th> + </tr> + <tr> + <td>Baozeng Ding (丁保增) + (<a href="https://twitter.com/sploving1">@sploving</a>) + of Pandora Lab, Ali Security</td> + <td>CVE-2018-9422</td> + </tr> + <tr> + <td>Billy Lau of Android Security Research</td> + <td>CVE-2018-9416</td> + </tr> + <tr> + <td>Cusas of L.O. Team</td> + <td>CVE-2018-9412</td> + </tr> + <tr> + <td>En He (<a href="https://twitter.com/heeeeen4x">@heeeeen4x</a>) and + Bo Liu of <a href="http://www.ms509.com">MS509Team</a></td> + <td>CVE-2018-9432, CVE-2018-9414</td> + </tr> + <tr> + <td>Guang Gong of Alpha Team, Qihoo 360 Technology Co. Ltd.</td> + <td>CVE-2018-9433</td> + </tr> + <tr> + <td>Jann Horn of Google Project Zero</td> + <td>CVE-2018-9434</td> + </tr> + <tr> + <td>Jianjun Dai (<a href="https://twitter.com/Jioun_dai">@Jioun_dai</a>) and + Guang Gong (<a href="https://twitter.com/oldfresher">@oldfresher</a>) + of Alpha Team, Qihoo 360 Technology Co. Ltd.</td> + <td>CVE-2018-9418, CVE-2018-9413, CVE-2018-9365</td> + </tr> + <tr> + <td>Nathan Crandall (<a href="https://twitter.com/natecray">@natecray</a>) + of Tesla's Product Security Team</td> + <td>CVE-2017-0606</td> + </tr> + <tr> + <td>niky1235 (<a href="mailto:jiych.guru@gmail.com">jiych.guru@gmail.com</a>, + <a href="https://twitter.com/jiych_guru">@jiych_guru</a>)</td> + <td>CVE-2018-9423</td> + </tr> + <tr> + <td>Scott Bauer + (<a href="https://twitter.com/ScottyBauer1">@ScottyBauer1</a>)</td> + <td>CVE-2018-9430</td> + </tr> + <tr> + <td>Tamir Zahavi-Brunner + <a href="https://twitter.com/tamir_zb">(@tamir_zb</a>) + of Zimperium zLabs Team</td> + <td>CVE-2018-9411</td> + </tr> + <tr> + <td>Tencent Blade Team</td> + <td>CVE-2018-9421, CVE-2018-9420</td> + </tr> + <tr> + <td>Yonggang Guo (<a href="https://twitter.com/guoygang">@guoygang</a>) + of IceSword Lab, Qihoo 360 Technology Co. Ltd.</td> + <td>CVE-2018-9415</td> + </tr> + <tr> + <td>Zinuo Han (<a href="http://weibo.com/ele7enxxh">weibo.com/ele7enxxh</a>) + of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd.</td> + <td>CVE-2018-9410, CVE-2018-9424, CVE-2018-9431</td> + </tr> +</table> + + <h4 id="june-2018">June</h4> <table> <col width="70%"> @@ -46,32 +125,26 @@ acknowledgements were listed together.</p> <th>CVEs</th> </tr> <tr> - <td>Baozeng Ding (丁保增) (<a href="https://twitter.com/sploving1">@sploving1</a>), - Pandora Lab of Ali Security - </td> - <td>CVE-2018-5857, CVE-2018-9389 - </td> + <td>Baozeng Ding (丁保增) (<a href="https://twitter.com/sploving1">@sploving1</a>) + of Pandora Lab, Ali Security</td> + <td>CVE-2018-5857, CVE-2018-9389</td> </tr> <tr> - <td>Daniel Kachakil of IOActive - </td> - <td>CVE-2018-9375 - </td> + <td>Daniel Kachakil of IOActive</td> + <td>CVE-2018-9375</td> </tr> <tr> - <td>Elphet and Gong Guang of Alpha Team, Qihoo 360 Technology Co. Ltd. - </td> - <td>CVE-2018-9348 - </td> + <td>Elphet and Gong Guang of Alpha Team, Qihoo 360 Technology Co. Ltd.</td> + <td>CVE-2018-9348</td> </tr> <tr> <td>Hao Chen and Guang Gong of Alpha Team, Qihoo 360 Technology Co. Ltd.</td> - <td>CVE-2018-5899 - </td> + <td>CVE-2018-5899</td> </tr> <tr> - <td>Jianjun Dai (<a href="https://twitter.com/Jioun_dai">@Jioun_dai</a>) and Guang Gong - (<a href="https://twitter.com/oldfresher">@oldfresher</a>) of Alpha Team,<br /> + <td>Jianjun Dai (<a href="https://twitter.com/Jioun_dai">@Jioun_dai</a>) + and Guang Gong + (<a href="https://twitter.com/oldfresher">@oldfresher</a>) of Alpha Team, Qihoo 360 Technology Co. Ltd</td> <td>CVE-2018-9381, CVE-2018-9358,<br /> CVE-2018-9359, CVE-2018-9360,<br /> @@ -79,110 +152,79 @@ acknowledgements were listed together.</p> CVE-2018-9356</td> </tr> <tr> - <td>joe0x20@gmail.com - </td> - <td>CVE-2018-5898 - </td> + <td>joe0x20@gmail.com</td> + <td>CVE-2018-5898</td> </tr> <tr> <td><a href="https://www.linkedin.com/in/jose-maria-ariel-martinez-juarez-7910a189/"> - Jose Martinez</a> - </td> - <td>CVE-2018-5146 - </td> + Jose Martinez</a></td> + <td>CVE-2018-5146</td> </tr> <tr> - <td>Julien Thomas (<a href="https://twitter.com/julien_thomas">@Julien_Thomas</a>) of - <a href="http://protektoid.com/">Protektoid.com</a> - </td> - <td>CVE-2018-9374 - </td> + <td>Julien Thomas (<a href="https://twitter.com/julien_thomas">@Julien_Thomas</a>) + of <a href="http://protektoid.com/">Protektoid.com</a></td> + <td>CVE-2018-9374</td> </tr> <tr> - <td><a href="https://github.com/michalbednarski">Michał Bednarski</a> - </td> - <td>CVE-2018-9339 - </td> + <td><a href="https://github.com/michalbednarski">Michał Bednarski</a></td> + <td>CVE-2018-9339</td> </tr> <tr> <td>Mingjian Zhou (周明建) - (<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>) - of C0RE Team - </td> - <td>CVE-2018-9344 - </td> + (<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>) + of C0RE Team</td> + <td>CVE-2018-9344</td> </tr> <tr> - <td>Niky1235 (<a href="https://twitter.com/jiych_guru">@jiych_guru</a>) - </td> - <td>CVE-2017-13230, CVE-2018-9347 - </td> + <td>Niky1235 (<a href="https://twitter.com/jiych_guru">@jiych_guru</a>)</td> + <td>CVE-2017-13230, CVE-2018-9347</td> </tr> <tr> <td>Pengfei Ding (丁鹏飞), Chenfu Bao (包沉浮), and Lenx Wei (韦韬)<br /> - of Baidu X-Lab (百度安全实验室) - </td> - <td>CVE-2018-5832 - </td> + of Baidu X-Lab (百度安全实验室)</td> + <td>CVE-2018-5832</td> </tr> <tr> - <td>Qing Dong of 360 Beaconlab - </td> - <td>CVE-2018-9386 - </td> + <td>Qing Dong of 360 Beaconlab</td> + <td>CVE-2018-9386</td> </tr> <tr> - <td>Scott Bauer (<a href="https://twitter.com/ScottyBauer1">@ScottyBauer1</a>) - </td> + <td>Scott Bauer (<a href="https://twitter.com/ScottyBauer1">@ScottyBauer1</a>)</td> <td>CVE-2018-9388, CVE-2018-9355,<br /> - CVE-2018-9380 - </td> + CVE-2018-9380</td> </tr> <tr> <td><a href="https://github.com/stze">Stephan Zeisberg</a> of - <a href="https://srlabs.de/">Security Research Labs</a> - </td> + <a href="https://srlabs.de/">Security Research Labs</a></td> <td>CVE-2018-9350, CVE-2018-9352,<br /> - CVE-2018-9353, CVE-2018-9341 - </td> + CVE-2018-9353, CVE-2018-9341</td> </tr> <tr> - <td>Tencent Blade Team - </td> - <td>CVE-2018-9345, CVE-2018-9346 - </td> + <td>Tencent Blade Team</td> + <td>CVE-2018-9345, CVE-2018-9346</td> </tr> <tr> - <td>Yonggang Guo (<a href="https://twitter.com/guoygang">@guoygang</a>) - of IceSword Lab, Qihoo 360 Technology Co. Ltd. - </td> - <td>CVE-2017-0564 - </td> + <td>Yonggang Guo (<a href="https://twitter.com/guoygang">@guoygang</a>) + of IceSword Lab, Qihoo 360 Technology Co. Ltd.</td> + <td>CVE-2017-0564</td> </tr> <tr> - <td>Yuan-Tsung Lo of C0RE Team - </td> - <td>CVE-2017-13079, CVE-2017-13081 - </td> + <td>Yuan-Tsung Lo of C0RE Team</td> + <td>CVE-2017-13079, CVE-2017-13081</td> </tr> <tr> - <td>华为移动安全实验室的钱育波 - </td> - <td>CVE-2018-9363 - </td> + <td>华为移动安全实验室的钱育波</td> + <td>CVE-2018-9363</td> </tr> <tr> <td>Zinuo Han of Chengdu Security Response Center, - Qihoo 360 Technology Co. Ltd. - </td> + Qihoo 360 Technology Co. Ltd.</td> <td>CVE-2018-9340, CVE-2018-9338,<br /> - CVE-2018-9378 - </td> + CVE-2018-9378</td> </tr> </table> - - <h4 id="may-2018">May</h4> +<h4 id="may-2018">May</h4> <table> <col width="70%"> <col width="30%"> diff --git a/en/setup/start/build-numbers.html b/en/setup/start/build-numbers.html index 842d8f1a..13536d4e 100644 --- a/en/setup/start/build-numbers.html +++ b/en/setup/start/build-numbers.html @@ -235,6 +235,48 @@ following table. </thead> <tbody> <tr> + <td>OPM6.171019.030.E1</td> + <td>android-8.1.0_r41</td> + <td>Oreo</td> + <td>Nexus 5X and Nexus 6P</td> + </tr> + <tr> + <td>OPM4.171019.021.R1</td> + <td>android-8.1.0_r40</td> + <td>Oreo</td> + <td>Pixel 2 XL</td> + </tr> + <tr> + <td>OPM4.171019.021.Q1</td> + <td>android-8.1.0_r39</td> + <td>Oreo</td> + <td>Pixel 2</td> + </tr> + <tr> + <td>OPM4.171019.021.P1</td> + <td>android-8.1.0_r38</td> + <td>Oreo</td> + <td>Pixel, Pixel XL</td> + </tr> + <tr> + <td>OPM4.171019.021.N1</td> + <td>android-8.1.0_r37</td> + <td>Oreo</td> + <td>Pixel C</td> + </tr> + <tr> + <td>OPM2.171026.006.H1</td> + <td>android-8.1.0_r36</td> + <td>Oreo</td> + <td>Pixel 2 XL</td> + </tr> + <tr> + <td>OPM2.171026.006.G1</td> + <td>android-8.1.0_r35</td> + <td>Oreo</td> + <td>Pixel 2</td> + </tr> + <tr> <td>OPM6.171019.030.B1</td> <td>android-8.1.0_r33</td> <td>Oreo</td> diff --git a/ja/security/bulletin/2018-02-01.html b/ja/security/bulletin/2018-02-01.html index 6d169c52..0ed3af47 100644 --- a/ja/security/bulletin/2018-02-01.html +++ b/ja/security/bulletin/2018-02-01.html @@ -462,7 +462,7 @@ QC-CR#2114187</a></td> <strong>4. 「参照<em></em>」列の項目はどういう意味ですか?</strong> </p> <p> -脆弱性の詳細の表で「参照<em></em>」列に記載されている内容には、参照の値が属している組織を示した接頭辞が含まれている場合があります。 +脆弱性の詳細の表で「参照<em></em>」列に記載した項目には、その参照番号が属す組織を示す接頭辞が含まれる場合があります。 </p> <table> <colgroup><col width="25%" /> @@ -499,7 +499,7 @@ QC-CR#2114187</a></td> 公開されていない問題には、「参照<em></em>」列の Android バグ ID の横に「*」を付けています。この問題のアップデートは、通常、<a href="https://developers.google.com/android/nexus/drivers">Google デベロッパー サイト</a>から入手できる Nexus 端末用最新バイナリ ドライバに含まれています。 </p> <p> -<strong>6. セキュリティの脆弱性が、この公開情報と端末やパートナーのセキュリティに関する公開情報(Pixel / Nexus のセキュリティに関する公開情報など)に分かれているのはなぜですか?</strong> +<strong>6. セキュリティの脆弱性が、この公開情報と端末やパートナーのセキュリティに関する公開情報(Pixel / Nexus のセキュリティに関する公開情報など)に分けられているのはなぜですか?</strong> </p> <p> Android 搭載端末の最新のセキュリティ パッチレベルを宣言するためには、このセキュリティに関する公開情報に掲載されているセキュリティの脆弱性への対処が必要です。それ以外の、端末やパートナーのセキュリティに関する公開情報に掲載されているセキュリティの脆弱性への対処は必須ではありません。<a href="https://security.samsungmobile.com/securityUpdate.smsb">Samsung</a>、<a href="https://lgsecurity.lge.com/security_updates.html">LGE</a> などの Android 搭載端末やチップセットのメーカーには、自社の端末に関して他にも修正がある場合は、自社のセキュリティ関連のウェブサイトや <a href="/security/bulletin/pixel/">Pixel / Nexus</a> のセキュリティに関する公開情報にその情報を掲載することが推奨されています。 diff --git a/ja/security/bulletin/pixel/2018-01-01.html b/ja/security/bulletin/pixel/2018-01-01.html index 8f245126..2de9562c 100644 --- a/ja/security/bulletin/pixel/2018-01-01.html +++ b/ja/security/bulletin/pixel/2018-01-01.html @@ -513,8 +513,7 @@ QC-CR#2072966</a></td> <td>A-67713104<br /> <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=57377acfed328757da280f4adf1c300f0b032422"> QC-CR#2057144</a> - [<a href="https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=e9492b99156137cf533722eea6ba8846d424c800"> -2</a>]</td> + [<a href="https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=e9492b99156137cf533722eea6ba8846d424c800">2</a>]</td> <td>EoP</td> <td>中</td> <td>グラフィックス ドライバ</td> @@ -629,7 +628,7 @@ QC-CR#2078342</a></td> <h2 id="functional-updates">機能の更新</h2> <p> -影響を受ける Pixel 端末には、セキュリティ関連以外の機能の問題に対処する下記のアップデートが組み込まれています。関連する参照先、影響を受けるカテゴリ(Bluetooth やモバイルデータなど)、問題の概要を下記の表にまとめています。 +影響を受ける Pixel 端末には、セキュリティ関連以外の機能の問題に対処する下記のアップデートが組み込まれています。関連する参照先、影響を受けるカテゴリ(Bluetooth やモバイルデータなど)、改善内容を下記の表にまとめています。 </p> <table> <tbody><tr> @@ -661,7 +660,7 @@ QC-CR#2078342</a></td> セキュリティ パッチレベル 2018-01-05 以降では、セキュリティ パッチレベル 2018-01-05、およびそれ以前のすべてのパッチレベルに関連するすべての問題に対処しています。端末のセキュリティ パッチレベルを確認する方法については、<a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel および Nexus のアップデート スケジュール</a>に記載されている手順をご覧ください。 </p> <p id="type"> -<strong>2. 「タイプ」<em></em>列の項目はどういう意味ですか?</strong> +<strong>2. 「タイプ<em></em>」列の項目はどういう意味ですか?</strong> </p> <p> 脆弱性の詳細の表で「タイプ<em></em>」列に記載した項目は、セキュリティの脆弱性の分類を示しています。 @@ -695,10 +694,10 @@ QC-CR#2078342</a></td> </tr> </tbody></table> <p> -<strong>3. 「参照」<em></em>列の項目はどういう意味ですか?</strong> +<strong>3. 「参照<em></em>」列の項目はどういう意味ですか?</strong> </p> <p> -脆弱性の詳細の表で「参照<em></em>」列に記載されている内容には、参照の値が属している組織を示した接頭辞が含まれている場合があります。 +脆弱性の詳細の表で「参照<em></em>」列に記載した項目には、その参照番号が属す組織を示す接頭辞が含まれる場合があります。 </p> <table> <colgroup><col width="25%" /> diff --git a/ko/security/bulletin/2018-02-01.html b/ko/security/bulletin/2018-02-01.html index 3b735077..2967345d 100644 --- a/ko/security/bulletin/2018-02-01.html +++ b/ko/security/bulletin/2018-02-01.html @@ -45,7 +45,7 @@ AOSP 외부에 있는 패치로 연결되는 링크도 포함되어 있습니다 <p> 실제 고객이 새로 보고된 이러한 문제로 인해 악용당했다는 신고는 접수되지 않았습니다. Android 플랫폼의 보안을 개선하는 -<a href="/security/enhancements/index.html">Android보안 플랫폼 보호</a> +<a href="/security/enhancements/index.html">Android 보안 플랫폼 보호</a> 및 Google Play 프로텍트에 관해 자세히 알아보려면 <a href="#mitigations">Android 및 Google Play 프로텍트 완화</a> 섹션을 참조하세요. </p> @@ -67,7 +67,8 @@ AOSP 외부에 있는 패치로 연결되는 링크도 포함되어 있습니다 악용하기가 더욱 어려워졌습니다. 가능하다면 모든 사용자는 최신 버전의 Android로 업데이트하는 것이 좋습니다.</li> <li>Android 보안팀에서는 <a href="https://www.android.com/play-protect">Google Play 프로텍트</a>를 통해 악용사례를 적극적으로 모니터링하고 -<a href="/security/reports/Google_Android_Security_PHA_classifications.pdf">유해할 수 있는애플리케이션</a> +<a href="/security/reports/Google_Android_Security_PHA_classifications.pdf">유해할 수 있는 +애플리케이션</a> 에 관해 사용자에게 경고를 보냅니다. Google Play 프로텍트는 <a href="http://www.android.com/gms">Google 모바일 서비스</a>가 적용된 기기에 기본적으로 사용 설정되어 있으며 Google Play 외부에서 가져온 앱을 설치하는 사용자에게 @@ -78,7 +79,9 @@ Google Play 외부에서 가져온 앱을 설치하는 사용자에게 다음 섹션에서는 2018-02-01 패치 수준에 적용되는 각 보안 취약성에 관해 자세히 알아볼 수 있습니다. 취약성은 영향을 받는 구성요소 아래에 분류되어 있습니다. 여기에는 문제 설명 및 CVE, -관련 참조, <a href="#type">취약성 유형</a>, <a href="/security/overview/updates-resources.html#severity">심각도</a>, 업데이트된 AOSP 버전(해당하는 경우)이 +관련 참조, <a href="#type">취약성 유형</a>, +<a href="/security/overview/updates-resources.html#severity">심각도</a>, +업데이트된 AOSP 버전(해당하는 경우)이 포함된 표가 제시됩니다. 가능한 경우 AOSP 변경사항 목록과 같이 문제를 해결한 공개 변경사항을 버그 ID에 연결합니다. 하나의 버그와 관련된 변경사항이 여러 개인 경우 추가 참조가 버그 ID 다음에 오는 @@ -531,7 +534,7 @@ Qualcomm AMSS 보안 게시판 또는 보안 알림에 자세히 설명되어 <td>서비스 거부</td> </tr> <tr> - <td>해당 없음</td> + <td>N/A</td> <td>분류 없음</td> </tr> </tbody></table> diff --git a/ko/security/bulletin/pixel/2018-01-01.html b/ko/security/bulletin/pixel/2018-01-01.html index 20231cd7..154fa65b 100644 --- a/ko/security/bulletin/pixel/2018-01-01.html +++ b/ko/security/bulletin/pixel/2018-01-01.html @@ -36,8 +36,7 @@ Android 보안 게시판</a>의 모든 문제를 해결했습니다. 기기의 업데이트됩니다. 모든 고객은 기기에서 이 업데이트를 수락하는 것이 좋습니다. </p> <p class="note"> -<strong>참고:</strong> Google 기기 펌웨어 이미지는 -<a href="https://developers.google.com/android/nexus/images">Google 개발자 사이트</a> +<strong>참고:</strong> Google 기기 펌웨어 이미지는 <a href="https://developers.google.com/android/nexus/images">Google 개발자 사이트</a> 에 있습니다. </p> <h2 id="announcements">공지사항</h2> @@ -50,11 +49,9 @@ Pixel 및 Nexus 기기에는 아래 설명된 보안 취약성과 관련된 </p> <h2 id="security-patches">보안 패치</h2> <p> -취약성은 영향을 받는 구성요소 아래에 분류되어 있습니다. 여기에는 -문제 설명 및 CVE, 관련 참조, -<a href="#type">취약성 유형</a>, -<a href="/security/overview/updates-resources.html#severity">심각도</a>, -업데이트된 Android 오픈소스 프로젝트(AOSP) 버전(해당하는 경우)이 포함된 표가 제시됩니다. 가능한 +취약성은 영향을 받는 구성요소 아래에 분류되어 있습니다. 여기에는 문제 설명 및 CVE, +관련 참조, <a href="#type">취약성 유형</a>, <a href="/security/overview/updates-resources.html#severity">심각도</a>, 업데이트된 Android 오픈소스 프로젝트(AOSP) +버전(해당하는 경우)이 포함된 표가 제시됩니다. 가능한 경우 AOSP 변경사항 목록과 같이 문제를 해결한 공개 변경사항을 버그 ID에 연결합니다. 하나의 버그와 관련된 변경사항이 여러 개인 경우 추가 참조가 버그 ID 다음에 오는 번호에 연결됩니다. @@ -650,8 +647,7 @@ QC-CR#2078342</a></td> <h2 id="functional-updates">기능 업데이트</h2> <p> -다음 업데이트는 영향을 받은 Pixel 기기에서 Pixel 기기의 보안과 -관련되지 않은 기능 문제를 해결하기 위해 포함되었습니다. 표에는 블루투스나 +다음 업데이트는 영향을 받은 Pixel 기기에서 Pixel 기기의 보안과 관련되지 않은 기능 문제를 해결하기 위해 포함되었습니다. 표에는 블루투스나 모바일 데이터 등 영향을 받은 카테고리 및 문제 요약과 같은 관련 참조 사항이 포함되어 있습니다. </p> @@ -719,7 +715,7 @@ QC-CR#2078342</a></td> <td>서비스 거부</td> </tr> <tr> - <td>해당 없음</td> + <td>N/A</td> <td>분류 없음</td> </tr> </tbody></table> diff --git a/zh-cn/_book.yaml b/zh-cn/_book.yaml index e28e8bb4..5ce6f8ce 100644 --- a/zh-cn/_book.yaml +++ b/zh-cn/_book.yaml @@ -317,8 +317,6 @@ upper_tabs: title: 硬件抽象层 (HAL) - path: /devices/architecture/hal-types title: HAL 类型 - - path: /devices/architecture/treble - title: Treble - section: - path: /devices/architecture/kernel/ title: 概览 diff --git a/zh-cn/compatibility/cts/camera-its-box.html b/zh-cn/compatibility/cts/camera-its-box.html index 3efdb652..df251f9b 100644 --- a/zh-cn/compatibility/cts/camera-its-box.html +++ b/zh-cn/compatibility/cts/camera-its-box.html @@ -136,7 +136,7 @@ python tools/run_all_tests.py device=FA6BM0305016 chart=5811000011 camera=1 scen </ul> <h3 id="scenes-0-4">运行场景 5</h3> -<p>场景 5 需要进行特殊设置并具有特定光线(有关详情,请参阅 CTS 验证程序下载内容中的 CameraITS.pdf 文档)。您可以单独运行场景 5(在盒子外部)以并行测试两部设备。</p> +<p>场景 5 需要进行特殊设置以获得特定光线(有关详情,请参阅 CTS 验证程序中的 CameraITS.pdf 文档,您可以在<a href="/compatibility/cts/downloads">兼容性测试套件下载内容</a>中进行下载)。您可以单独运行场景 5(在盒子外部)以并行测试两部设备。</p> <ul> <li>在两部设备上为前置和后置摄像头并行运行场景 5:<pre class="devsite-terminal devsite-click-to-copy"> python tools/run_parallel_tests.py device0=FA6BM0305016 device1=FA6BM0305439 chart=5811000011 scenes=5 diff --git a/zh-cn/compatibility/cts/downloads.html b/zh-cn/compatibility/cts/downloads.html index ab9c8bd8..648d9035 100644 --- a/zh-cn/compatibility/cts/downloads.html +++ b/zh-cn/compatibility/cts/downloads.html @@ -23,48 +23,53 @@ <p>感谢您对 Android 兼容性计划的关注!您可以通过以下链接访问关于该计划的重要文档和信息。随着 CTS 的更新,此网页上会陆续添加新的版本。CTS 版本在链接名称中由 R<数字> 表示。</p> <h2 id="android-81">Android 8.1</h2> -<p>Android 8.1 是代号为 Oreo-MR1 的开发里程碑版本。以下测试的源代码可以与开源代码树中的“android-cts-8.1_r5”标记同步。</p> +<p>Android 8.1 是代号为 Oreo-MR1 的开发里程碑版本。 +以下测试的源代码可以与开源代码树中的“android-cts-8.1_r6”标记同步。</p> <ul> -<li><a href="https://dl.google.com/dl/android/cts/android-cts-8.1_r5-linux_x86-arm.zip">Android 8.1 R5 兼容性测试套件 (CTS) - ARM</a></li> -<li><a href="https://dl.google.com/dl/android/cts/android-cts-8.1_r5-linux_x86-x86.zip">Android 8.1 R5 兼容性测试套件 (CTS) - x86</a></li> -<li><a href="https://dl.google.com/dl/android/cts/android-cts-verifier-8.1_r5-linux_x86-arm.zip">Android 8.1 R5 CTS 验证程序 - ARM</a></li> -<li><a href="https://dl.google.com/dl/android/cts/android-cts-verifier-8.1_r5-linux_x86-x86.zip">Android 8.1 R5 CTS 验证程序 - x86</a></li> +<li><a href="https://dl.google.com/dl/android/cts/android-cts-8.1_r6-linux_x86-arm.zip">Android 8.1 R6 兼容性测试套件 (CTS) - ARM</a></li> +<li><a href="https://dl.google.com/dl/android/cts/android-cts-8.1_r6-linux_x86-x86.zip">Android 8.1 R6 兼容性测试套件 (CTS) - x86</a></li> +<li><a href="https://dl.google.com/dl/android/cts/android-cts-verifier-8.1_r6-linux_x86-arm.zip">Android 8.1 R6 CTS 验证程序 - ARM</a></li> +<li><a href="https://dl.google.com/dl/android/cts/android-cts-verifier-8.1_r6-linux_x86-x86.zip">Android 8.1 R6 CTS 验证程序 - x86</a></li> </ul> <h2 id="android-80">Android 8.0</h2> -<p>Android 8.0 是代号为 Oreo 的开发里程碑版本。以下测试的源代码可以与开源代码树中的“android-cts-8.0_r9”标记同步。</p> +<p>Android 8.0 是代号为 Oreo 的开发里程碑版本。 +以下测试的源代码可以与开源代码树中的“android-cts-8.0_r10”标记同步。</p> <ul> -<li><a href="https://dl.google.com/dl/android/cts/android-cts-8.0_r9-linux_x86-arm.zip">Android 8.0 R9 兼容性测试套件 (CTS) - ARM</a></li> -<li><a href="https://dl.google.com/dl/android/cts/android-cts-8.0_r9-linux_x86-x86.zip">Android 8.0 R9 兼容性测试套件 (CTS) - x86</a></li> -<li><a href="https://dl.google.com/dl/android/cts/android-cts-verifier-8.0_r9-linux_x86-arm.zip">Android 8.0 R9 CTS 验证程序 - ARM</a></li> -<li><a href="https://dl.google.com/dl/android/cts/android-cts-verifier-8.0_r9-linux_x86-x86.zip">Android 8.0 R9 CTS 验证程序 - x86</a></li> +<li><a href="https://dl.google.com/dl/android/cts/android-cts-8.0_r10-linux_x86-arm.zip">Android 8.0 R10 兼容性测试套件 (CTS) - ARM</a></li> +<li><a href="https://dl.google.com/dl/android/cts/android-cts-8.0_r10-linux_x86-x86.zip">Android 8.0 R10 兼容性测试套件 (CTS) - x86</a></li> +<li><a href="https://dl.google.com/dl/android/cts/android-cts-verifier-8.0_r10-linux_x86-arm.zip">Android 8.0 R10 兼容性测试套件 - ARM</a></li> +<li><a href="https://dl.google.com/dl/android/cts/android-cts-verifier-8.0_r10-linux_x86-x86.zip">Android 8.0 R10 CTS 验证程序 - x86</a></li> </ul> <h2 id="android-71">Android 7.1</h2> -<p>Android 7.1 是代号为 Nougat-MR1 的开发里程碑版本。以下测试的源代码可以与开源代码树中的“android-cts-7.1_r17”标记同步。</p> +<p>Android 7.1 是代号为 Nougat-MR1 的开发里程碑版本。 +以下测试的源代码可以与开源代码树中的“android-cts-7.1_r18”标记同步。</p> <ul> -<li><a href="https://dl.google.com/dl/android/cts/android-cts-7.1_r17-linux_x86-arm.zip">Android 7.1 R17 兼容性测试套件 (CTS) - ARM</a></li> -<li><a href="https://dl.google.com/dl/android/cts/android-cts-7.1_r17-linux_x86-x86.zip">Android 7.1 R17 兼容性测试套件 (CTS) - x86</a></li> -<li><a href="https://dl.google.com/dl/android/cts/android-cts-verifier-7.1_r17-linux_x86-arm.zip">Android 7.1 R17 CTS 验证程序 - ARM</a></li> -<li><a href="https://dl.google.com/dl/android/cts/android-cts-verifier-7.1_r17-linux_x86-x86.zip">Android 7.1 R17 CTS 验证程序 - x86</a></li> +<li><a href="https://dl.google.com/dl/android/cts/android-cts-7.1_r18-linux_x86-arm.zip">Android 7.1 R18 兼容性测试套件 (CTS) - ARM</a></li> +<li><a href="https://dl.google.com/dl/android/cts/android-cts-7.1_r18-linux_x86-x86.zip">Android 7.1 R18 兼容性测试套件 (CTS) - x86</a></li> +<li><a href="https://dl.google.com/dl/android/cts/android-cts-verifier-7.1_r18-linux_x86-arm.zip">Android 7.1 R18 CTS 验证程序 - ARM</a></li> +<li><a href="https://dl.google.com/dl/android/cts/android-cts-verifier-7.1_r18-linux_x86-x86.zip">Android 7.1 R18 CTS 验证程序 - x86</a></li> </ul> <h2 id="android-70">Android 7.0</h2> -<p>Android 7.0 是代号为 Nougat 的开发里程碑版本。以下测试的源代码可以与开源代码树中的“android-cts-7.0_r21”标记同步。</p> +<p>Android 7.0 是代号为 Nougat 的开发里程碑版本。 +以下测试的源代码可以与开源代码树中的“android-cts-7.0_r22”标记同步。</p> <ul> -<li><a href="https://dl.google.com/dl/android/cts/android-cts-7.0_r21-linux_x86-arm.zip">Android 7.0 R21 兼容性测试套件 (CTS) - ARM</a></li> -<li><a href="https://dl.google.com/dl/android/cts/android-cts-7.0_r21-linux_x86-x86.zip">Android 7.0 R21 兼容性测试套件 (CTS) - x86</a></li> -<li><a href="https://dl.google.com/dl/android/cts/android-cts-verifier-7.0_r21-linux_x86-arm.zip">Android 7.0 R21 CTS 验证程序 - ARM</a></li> -<li><a href="https://dl.google.com/dl/android/cts/android-cts-verifier-7.0_r21-linux_x86-x86.zip">Android 7.0 R21 CTS 验证程序 - x86</a></li> +<li><a href="https://dl.google.com/dl/android/cts/android-cts-7.0_r22-linux_x86-arm.zip">Android 7.0 R22 兼容性测试套件 (CTS) - ARM</a></li> +<li><a href="https://dl.google.com/dl/android/cts/android-cts-7.0_r22-linux_x86-x86.zip">Android 7.0 R22 兼容性测试套件 (CTS) - x86</a></li> +<li><a href="https://dl.google.com/dl/android/cts/android-cts-verifier-7.0_r22-linux_x86-arm.zip">Android 7.0 R22 CTS 验证程序 - ARM</a></li> +<li><a href="https://dl.google.com/dl/android/cts/android-cts-verifier-7.0_r22-linux_x86-x86.zip">Android 7.0 R22 CTS 验证程序 - x86</a></li> </ul> <h2 id="android-60">Android 6.0</h2> -<p>Android 6.0 是代号为 Marshmallow 的开发里程碑版本。以下测试的源代码可以与开源代码树中的“android-cts-6.0_r28”标记同步。</p> +<p>Android 6.0 是代号为 Marshmallow 的开发里程碑版本。 +以下测试的源代码可以与开源代码树中的“android-cts-6.0_r29”标记同步。</p> <ul> -<li><a href="https://dl.google.com/dl/android/cts/android-cts-6.0_r28-linux_x86-arm.zip">Android 6.0 R28 兼容性测试套件 (CTS) - ARM</a></li> -<li><a href="https://dl.google.com/dl/android/cts/android-cts-6.0_r28-linux_x86-x86.zip">Android 6.0 R28 兼容性测试套件 (CTS) - x86</a></li> -<li><a href="https://dl.google.com/dl/android/cts/android-cts-verifier-6.0_r28-linux_x86-arm.zip">Android 6.0 R28 CTS 验证程序 - ARM</a></li> -<li><a href="https://dl.google.com/dl/android/cts/android-cts-verifier-6.0_r28-linux_x86-x86.zip">Android 6.0 R28 CTS 验证程序 - x86</a></li> +<li><a href="https://dl.google.com/dl/android/cts/android-cts-6.0_r29-linux_x86-arm.zip">Android 6.0 R29 兼容性测试套件 (CTS) - ARM</a></li> +<li><a href="https://dl.google.com/dl/android/cts/android-cts-6.0_r29-linux_x86-x86.zip">Android 6.0 R29 兼容性测试套件 (CTS) - x86</a></li> +<li><a href="https://dl.google.com/dl/android/cts/android-cts-verifier-6.0_r29-linux_x86-arm.zip">Android 6.0 R29 CTS 验证程序 - ARM</a></li> +<li><a href="https://dl.google.com/dl/android/cts/android-cts-verifier-6.0_r29-linux_x86-x86.zip">Android 6.0 R29 CTS 验证程序 - x86</a></li> </ul> <h2 id="android-51">Android 5.1</h2> diff --git a/zh-cn/compatibility/cts/run.html b/zh-cn/compatibility/cts/run.html index 3e76be11..80561dd0 100644 --- a/zh-cn/compatibility/cts/run.html +++ b/zh-cn/compatibility/cts/run.html @@ -28,7 +28,7 @@ <li>至少连接一个设备。 </li><li>在开始运行 CTS 时,按<strong>主屏幕</strong>按钮将设备设置为显示主屏幕。</li><li>当设备在运行测试时,它不能用于执行任何其他任务,并且必须保持静止状态(以免触发传感器活动),同时要让相机指向某个可以聚焦的对象。 </li><li>在运行 CTS 时,不要按设备上的任何键。按测试设备上的键或触摸其屏幕会干扰正在运行的测试,并且可能导致测试失败。 - </li><li><em></em>通过运行解压缩 CTS 包所得的文件夹中的 cts-tradefed 脚本(例如 <code>$ ./android-cts/tools/cts-tradefed</code>)来启动 CTS 控制台。 + </li><li><em></em>通过运行解压缩 CTS 包所得文件夹中的 cts-tradefed 脚本(例如 <code>$ ./android-cts/tools/cts-tradefed</code>)来启动 CTS 控制台。 </li><li>通过附加以下命令启动默认测试计划(包含所有测试包):<code>run cts --plan CTS</code>。这将启动测试兼容性所需的所有 CTS 测试。 <ul> diff --git a/zh-cn/compatibility/cts/usb-audio.html b/zh-cn/compatibility/cts/usb-audio.html index 7346a463..271dc236 100644 --- a/zh-cn/compatibility/cts/usb-audio.html +++ b/zh-cn/compatibility/cts/usb-audio.html @@ -21,7 +21,7 @@ --> <p> -针对 <a href="/compatibility/cts/">Android USB 音频</a>的几项 <a href="/devices/audio/usb">Android 兼容性测试套件 (CTS)</a> 测试需要人为干预并连接 USB 音频外设。我们为此实现了额外的 CTS 验证程序测试。 +针对 <a href="/devices/audio/usb">Android USB 音频</a>的几项 <a href="/compatibility/cts/">Android 兼容性测试套件 (CTS)</a> 测试需要人为干预并连接 USB 音频外设。我们为此实现了额外的 CTS 验证程序测试。 本文档介绍了这些测试的要求和协议。 </p> diff --git a/zh-cn/compatibility/vts/performance.html b/zh-cn/compatibility/vts/performance.html index 5ac607fc..c09e72a6 100644 --- a/zh-cn/compatibility/vts/performance.html +++ b/zh-cn/compatibility/vts/performance.html @@ -295,7 +295,7 @@ BM_sendVec_binderize/8 69974 ns 32700 ns 21296 <p>每个客户端进程都会与其专用的服务器进程配对,且每一对都可能会独立调度到任何 CPU。不过,只要同步标记是 <code>honor</code>,事务期间应该就不会出现 CPU 迁移的情况。</p> <p>确保系统没有过载!虽然过载系统中延迟较高是正常现象,但是针对过载系统的测试结果并不能提供有用的信息。要测试压力较高的系统,请使用 <code>-pair -#cpu-1</code>(或谨慎使用 <code>-pair #cpu</code>)。使用 <code><em>n</em> > #cpu</code> 的 <code>-pair <em>n</em></code> 进行测试会使系统过载,并生成无用信息。</p> +#cpu-1</code>(或谨慎使用 <code>-pair #cpu</code>)。使用 <code>-pair <em>n</em></code> 和 <code><em>n</em> > #cpu</code> 进行测试会导致系统过载,并生成无用信息。</p> <h4 id="deadline-values">指定截止时间值</h4> <p>经过大量用户场景测试(在合格产品上运行延迟测试),我们决定将 2.5 毫秒定为需要满足的截止时间要求。对于具有更高要求的新应用(如每秒 1000 张照片),此截止时间值将发生变化。</p> diff --git a/zh-cn/setup/contribute/index.html b/zh-cn/setup/contribute/index.html index 1a7695f4..115feb68 100644 --- a/zh-cn/setup/contribute/index.html +++ b/zh-cn/setup/contribute/index.html @@ -35,6 +35,6 @@ <h2 id="contribute-to-the-code">贡献代码</h2> <p>代码是一切的基础。我们很乐意审核您提交的任何更改,因此请检查我们的源代码,找出错误或功能方面的可改进之处,然后开始编码。请注意,您提交的补丁程序越小、越有针对性,就越方便我们进行审核。</p> -<p>要开始帮助改进 Android,您可以通过左侧的链接了解<a href="life-of-a-patch.html">补丁程序的生命周期</a>、<code>git</code>、<code>repo</code> 以及其他工具。您还可以在我们的 <a href="https://android-review.googlesource.com/">Gerrit 服务器</a>上查看所有贡献的动态。如果您在此过程中需要帮助,可以加入我们的<a href="../community.html">论坛</a>。</p> +<p>要开始帮助改进 Android,您可以通过左侧的链接了解<a href="life-of-a-patch.html">补丁程序的生命周期</a>、<code>git</code>、<code>repo</code> 以及其他工具。您还可以在我们的 <a href="https://android-review.googlesource.com/">Gerrit 服务器</a>上查看所有贡献的动态。请注意,Android 的某些部分需要您<a href="submit-patches.html#upstream-projects">将补丁程序提交到上游项目</a>。如果您在此过程中需要帮助,可以加入我们的<a href="../community.html">论坛</a>。</p> </body></html>
\ No newline at end of file diff --git a/zh-tw/security/bulletin/2018-02-01.html b/zh-tw/security/bulletin/2018-02-01.html index 750f46b5..e91e11a7 100644 --- a/zh-tw/security/bulletin/2018-02-01.html +++ b/zh-tw/security/bulletin/2018-02-01.html @@ -26,12 +26,12 @@ <p> Android 的合作夥伴至少會提前一個月收到公告中所有問題的相關通知。這些問題的原始碼修補程式已發佈到 Android 開放原始碼計劃 (AOSP) 存放區中,且公告中亦提供相關連結。此外,本公告也提供 Android 開放原始碼計劃以外的修補程式連結。</p> <p> -在這些問題中,最嚴重的就是媒體架構中「最高」等級的安全性漏洞。遠端攻擊者可利用這類漏洞,在獲得授權的程序環境內透過特製檔案執行任何程式碼。<a href="/security/overview/updates-resources.html#severity">嚴重程度評定標準</a>是假設平台與服務的因應防護措施基於開發作業的需求而被關閉,或是遭到有心人士破解,然後推算當有人惡意運用漏洞時,使用者的裝置會受到多大的影響,據此評定漏洞的嚴重程度。 +在這些問題中,最嚴重的就是媒體架構中嚴重程度「最高」的安全性漏洞。遠端攻擊者可利用這類漏洞,在獲得授權的程序環境內透過特製檔案執行任何程式碼。<a href="/security/overview/updates-resources.html#severity">嚴重程度評定標準</a>是假設平台與服務的因應防護措施基於開發作業的需求而被關閉,或是遭到有心人士破解,然後推算當有人惡意運用漏洞時,使用者的裝置會受到多大的影響,據此評定漏洞的嚴重程度。 </p> -<p>針對這些新發現的漏洞,我們目前尚未收到任何客戶回報相關的漏洞濫用案例。如果想進一步瞭解 <a href="#mitigations">Android 安全性平台防護措施</a>和 Google Play 安全防護機制如何加強 Android 平台的安全性,請參閱 <a href="/security/enhancements/index.html">Android 和 Google Play 安全防護機制所提供的因應措施</a>。 +<p>針對這些新發現的漏洞,我們目前尚未收到任何客戶回報相關的漏洞濫用案例。如果想進一步瞭解 <a href="/security/enhancements/index.html">Android 安全性平台防護措施</a>和 Google Play 安全防護機制如何加強 Android 平台的安全性,請參閱 <a href="#mitigations">Android 和 Google Play 安全防護機制所提供的因應措施</a>。 </p> <p class="note"> -<strong>注意:</strong><a href="/security/bulletin/pixel/2018-02-01">2018 年 2 月 Pixel/Nexus 安全性公告</a>提供了和 Google 裝置的最新無線下載更新 (OTA) 與韌體映像檔有關的資訊。 +<strong>注意:</strong><a href="/security/bulletin/pixel/2018-02-01">2018 年 2 月所發佈的 Pixel/Nexus 安全性公告</a>,針對 Google 裝置提供最新無線下載更新 (OTA) 和韌體映像檔的相關資訊。 </p> <h2 id="mitigations">Android 和 Google 服務問題因應措施</h2> <p> @@ -433,7 +433,7 @@ QC-CR#2114187</a></td> <colgroup><col width="25%" /> <col width="75%" /> </colgroup><tbody><tr> - <th>縮寫</th> + <th>縮寫詞</th> <th>定義</th> </tr> <tr> @@ -495,7 +495,7 @@ QC-CR#2114187</a></td> <strong>5.「參考資料」<em></em>欄中 Android 錯誤 ID 旁邊的星號 (*) 代表什麼意義?</strong> </p> <p> -在「參考資料」<em></em>欄中 Android 錯誤 ID 旁邊標上星號 (*) 代表該問題並未公開,相關的更新通常是直接整合在最新的 Nexus 裝置專用驅動程式的安裝檔中。您可以前往 <a href="https://developers.google.com/android/nexus/drivers">Google Developers 網站</a>下載這些驅動程式。 +在「參考資料」<em></em>欄中的 Android 錯誤 ID 旁邊標上星號 (*) 代表該問題並未公開,相關的更新通常是直接整合在最新的 Nexus 裝置專用驅動程式的安裝檔中。您可以前往 <a href="https://developers.google.com/android/nexus/drivers">Google Developers 網站</a>下載這些驅動程式。 </p> <p> <strong>6. 為什麼安全性漏洞會分別刊載在這份安全性公告和裝置/合作夥伴安全性公告 (例如 Pixel/Nexus 公告)?</strong> diff --git a/zh-tw/security/bulletin/pixel/2018-01-01.html b/zh-tw/security/bulletin/pixel/2018-01-01.html index 51d39c5b..cbfbc942 100644 --- a/zh-tw/security/bulletin/pixel/2018-01-01.html +++ b/zh-tw/security/bulletin/pixel/2018-01-01.html @@ -559,7 +559,7 @@ QC-CR#2037019</a></td> QC-CR#2078272</a></td> <td>EoP</td> <td>中</td> - <td>開機載入器</td> + <td>系統啟動載入程式</td> </tr> <tr> <td>CVE-2017-14869</td> @@ -568,7 +568,7 @@ QC-CR#2078272</a></td> QC-CR#2061498</a></td> <td>ID</td> <td>中</td> - <td>開機載入器</td> + <td>系統啟動載入程式</td> </tr> <tr> <td>CVE-2017-11066</td> @@ -656,19 +656,19 @@ QC-CR#2078342</a></td> </strong> </p> <p> -2018-01-05 之後的安全性修補程式等級完全解決了與 2018-01-05 安全性修補程式等級及所有先前修補程式等級相關的問題。請參閱 <a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel 與 Nexus 更新時間表</a>中的操作說明,瞭解如何查看裝置的安全性修補程式等級。 +2018-01-05 之後的安全性修補程式等級已解決了所有與 2018-01-05 安全性修補程式等級及所有先前修補程式等級相關的問題。請參閱 <a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel 與 Nexus 更新時間表</a>中的操作說明,瞭解如何查看裝置的安全性修補程式等級。 </p> <p id="type"> <strong>2.「類型」<em></em>欄中的項目代表什麼意義?</strong> </p> <p> -資安漏洞詳情表格中「類型」<em></em>欄中的項目代表的是安全性漏洞的類別。 +資安漏洞詳情表格中「類型」<em></em>欄內的項目代表的是安全性漏洞的類別。 </p> <table> <colgroup><col width="25%" /> <col width="75%" /> </colgroup><tbody><tr> - <th>縮寫詞</th> + <th>縮寫</th> <th>定義</th> </tr> <tr> @@ -727,10 +727,10 @@ QC-CR#2078342</a></td> </tr> </tbody></table> <p id="asterisk"> -<strong>4.「參考資料」<em></em>欄中 Android 錯誤 ID 旁邊的星號 (*) 代表什麼意義?</strong> +<strong>4. 「參考資料」<em></em>欄中 Android 錯誤 ID 旁邊的星號 (*) 代表什麼意義?</strong> </p> <p> -在「參考資料」<em></em>欄中 Android 錯誤 ID 旁邊標上星號 (*) 代表該問題並未公開,相關的更新通常是直接整合在最新的 Nexus 裝置專用驅動程式的安裝檔中。您可以前往 <a href="https://developers.google.com/android/nexus/drivers">Google Developers 網站</a>下載這些驅動程式。 +在「參考資料」<em></em>欄中的 Android 錯誤 ID 旁邊標上星號 (*) 代表該問題並未公開,相關的更新通常是直接整合在最新的 Nexus 裝置專用驅動程式的安裝檔中。您可以前往 <a href="https://developers.google.com/android/nexus/drivers">Google Developers 網站</a>下載這些驅動程式。 </p> <p> <strong>5. 為什麼安全性漏洞會分別刊載在這份安全性公告和 Android 安全性公告?</strong> |