diff options
| author | Android Partner Docs <noreply@android.com> | 2017-08-08 22:11:29 +0000 |
|---|---|---|
| committer | android-build-merger <android-build-merger@google.com> | 2017-08-08 22:11:29 +0000 |
| commit | 57d0f681ef46b0861ff49cbc73236a090e700b38 (patch) | |
| tree | 408af15c222605ea08da054cc896280d8e961815 /en | |
| parent | ad5d7a990f7ebb1d597b7272c42c64d987763a58 (diff) | |
| parent | 55fed4ebbe155f2242e91c2effa3acad3e15089f (diff) | |
| download | source.android.com-57d0f681ef46b0861ff49cbc73236a090e700b38.tar.gz | |
Merge "Docs: Changes to source.android.com" am: de85065c0a am: 8b3ca300c3 am: 64d4b344b4
am: 55fed4ebbe
Change-Id: Iede40dffb7b45b2d5071aa927bf71df9ce70b36d
Diffstat (limited to 'en')
| -rw-r--r-- | en/_index.yaml | 29 | ||||
| -rw-r--r-- | en/devices/_toc-interfaces.yaml | 6 | ||||
| -rw-r--r-- | en/devices/_toc-tech.yaml | 4 | ||||
| -rw-r--r-- | en/devices/graphics/run-tests.html | 2 | ||||
| -rw-r--r-- | en/devices/tech/ota/ab_updates.html | 68 | ||||
| -rw-r--r-- | en/devices/tech/test_infra/tradefed/full_example.html | 2 | ||||
| -rw-r--r-- | en/devices/tech/test_infra/tradefed/fundamentals/lifecycle.html | 2 | ||||
| -rw-r--r-- | en/security/_toc.yaml | 2 | ||||
| -rw-r--r-- | en/security/bulletin/2015.html | 6 | ||||
| -rw-r--r-- | en/security/bulletin/2016.html | 6 | ||||
| -rw-r--r-- | en/security/bulletin/2017-08-01.html | 967 | ||||
| -rw-r--r-- | en/security/bulletin/2017.html | 22 | ||||
| -rw-r--r-- | en/security/bulletin/index.html | 22 | ||||
| -rw-r--r-- | en/security/overview/acknowledgements.html | 13 | ||||
| -rw-r--r-- | en/source/build-numbers.html | 54 | ||||
| -rw-r--r-- | en/source/initializing.html | 4 |
16 files changed, 1139 insertions, 70 deletions
diff --git a/en/_index.yaml b/en/_index.yaml index f29c1678..d9ff3100 100644 --- a/en/_index.yaml +++ b/en/_index.yaml @@ -60,6 +60,20 @@ landing_page: image_path: /images/android_stack.png - heading: News items: + - heading: A/B Update Enhancements + description: > + A/B updates have been improved to stream updates in order to minimize + resource contention and user interruption. + buttons: + - label: August 3rd, 2017 + path: /devices/tech/ota/ab_updates + - heading: Customize the TV App + description: > + Live TV is a reference TV app designed for Android television devices. + Learn about the supported customization options for Live TV. + buttons: + - label: August 1st, 2017 + path: /devices/tv/customize-tv-app - heading: Neonkey SensorHub description: > To develop ContextHub features that use new sensors or LEDs, you can use @@ -67,21 +81,6 @@ landing_page: buttons: - label: July 27th, 2017 path: /source/devices#neonkey - - heading: Revised ART Configuration and JIT Compilation - description: > - The Android runtime (ART) configuration and JIT compilation - instructions have been updated to reflect the Android O release. - buttons: - - label: July 12th, 2017 - path: /devices/tech/dalvik/configure - - heading: July Android Security Bulletin - description: > - The July 2017 Android Security Bulletin has been published along with - links to associated fixes and new build numbers to support the July - Android security release. - buttons: - - label: July 6th, 2017 - path: /security/bulletin/2017-07-01 - classname: devsite-landing-row-100 tf-row-centered items: - buttons: diff --git a/en/devices/_toc-interfaces.yaml b/en/devices/_toc-interfaces.yaml index f5cbbbc9..388219bc 100644 --- a/en/devices/_toc-interfaces.yaml +++ b/en/devices/_toc-interfaces.yaml @@ -9,6 +9,12 @@ toc: path: /devices/architecture/hal - title: Treble path: /devices/architecture/treble + - title: Kernel + section: + - title: Configuration + path: /devices/tech/config/kernel + - title: Network Tests + path: /devices/tech/config/kernel_network_tests - title: Audio section: - title: Overview diff --git a/en/devices/_toc-tech.yaml b/en/devices/_toc-tech.yaml index fda6c38d..f2e27d7a 100644 --- a/en/devices/_toc-tech.yaml +++ b/en/devices/_toc-tech.yaml @@ -29,10 +29,6 @@ toc: path: /devices/tech/config/connect_tests - title: File DAC Configuration path: /devices/tech/config/filesystem - - title: Kernel Configuration - path: /devices/tech/config/kernel - - title: Kernel Network Tests - path: /devices/tech/config/kernel_network_tests - title: Low RAM path: /devices/tech/config/low-ram - title: Namespaces for Libraries diff --git a/en/devices/graphics/run-tests.html b/en/devices/graphics/run-tests.html index 124d7eb7..0eb83d00 100644 --- a/en/devices/graphics/run-tests.html +++ b/en/devices/graphics/run-tests.html @@ -174,7 +174,7 @@ The following table lists the GLES2- and GLES3-specific arguments. </tr> <tr> <td><code>--deqp-gl-config-name=<name></code></td> - <td><p>Run tests for a named GL configuration. Interpretation is + <td>Run tests for a named GL configuration. Interpretation is platform-dependent. For EGL, the format is <code>rgb(a)<bits>d<bits>s<bits></code>. For example, a value of <code>rgb888s8</code> will select the first configuration where the diff --git a/en/devices/tech/ota/ab_updates.html b/en/devices/tech/ota/ab_updates.html index 55fb3d7b..fee00bc2 100644 --- a/en/devices/tech/ota/ab_updates.html +++ b/en/devices/tech/ota/ab_updates.html @@ -206,21 +206,24 @@ factory reset </li> </ul> - -<h3 id="update-engine-source">Update Engine source</h3> -<p>The source to update_engine is in system/update_engine. The A/B OTA dexopt -files are split between installd and package manager:</p> + <h3 id="update-engine-source">Update Engine source</h3> + +<p>The source to <code>update_engine</code> is in <code><a + class="external-link" target="_blank" href="https://android.googlesource.com/platform/system/update_engine/">system/update_engine</a></code>. + The A/B OTA dexopt files are split between installd and package manager:</p> <ul> - <li>frameworks/native/cmd/installd/ota* --- the postinstall script, the - binary for chroot, the installd clone that calls dex2oat, the post-OTA - move-artifacts script, the rc file for the move script.</li> - <li>frameworks/base/service/core/java/com/android/server/pm/OtaDexoptService.java - (plus OtaDexoptShellCommand) is the package manager side that will prepare + <li><code><a class="external-link" target="_blank" href="https://android.googlesource.com/platform/frameworks/native/+/master/cmds/installd/">frameworks/native/cmds/installd/</a></code>ota* +--- the postinstall script, the binary for chroot, the installd clone +that calls dex2oat, the post-OTA move-artifacts script, the rc file for +the move script.</li> + <li><code><a class="external-link" target="_blank" + href="https://android.googlesource.com/platform/frameworks/base/+/master/services/core/java/com/android/server/pm/OtaDexoptService.java">frameworks/base/services/core/java/com/android/server/pm/OtaDexoptService.java</a></code> + (plus <code><a class="external-link" target="_blank" href="https://android.googlesource.com/platform/frameworks/base/+/master/services/core/java/com/android/server/pm/OtaDexoptShellCommand.java">OtaDexoptShellCommand</a></code>) is the package manager side that will prepare all the dex2oat commands for the apps</li> </ul> -<p>A working example can be found in <a href="https://android.googlesource.com/device/google/marlin/+/nougat-dr1-release/device-common.mk">/device/google/marlin/device-common.mk</a>.</p> +<p>A working example can be found in <code><a class="external-link" target="_blank" href="https://android.googlesource.com/device/google/marlin/+/nougat-dr1-release/device-common.mk">/device/google/marlin/device-common.mk</a></code>.</p> <h2 id="life-of-an-a-b-update">Life of an A/B update</h2> @@ -243,7 +246,7 @@ files are split between installd and package manager:</p> would need to: <ol> <li>on the server, identify the update is streaming (or just assume all are)</li> - <li>on the client, make the correct call to update_engine for streaming</li> + <li>on the client, make the correct call to <code>update_engine</code> for streaming</li> </ol> <p> @@ -417,9 +420,9 @@ files are split between installd and package manager:</p> </li> <li> Implement the <code>boot_control</code> HAL - (<a class="external-link nowrap" target="_blank" + (<code><a class="external-link nowrap" target="_blank" href="https://android.googlesource.com/platform/hardware/libhardware/+/master/include/hardware/boot_control.h" - >/platform/hardware/libhardware/include/hardware/boot_control.h</a>) + >hardware/libhardware/include/hardware/boot_control.h</a></code>) </li> <li>Implement the state machine as shown in Figure 1:</li> </ul> @@ -430,18 +433,18 @@ files are split between installd and package manager:</p> <p> The boot control HAL can be tested using the - <a class="external-link" target="_blank" + <code><a class="external-link" target="_blank" href="https://android.googlesource.com/platform/system/extras/+/master/bootctl/" - ><code>/platform/system/extras/bootctl</code></a> utility. + >system/extras/bootctl</a></code> utility. </p> <p>Some tests have been implemented for Brillo:</p> <ul> <li> - <a class="external-link nowrap" target="_blank" + <code><a class="external-link nowrap" target="_blank" href="https://android.googlesource.com/platform/system/extras/+/refs/heads/master/tests/bootloader/" - >/platform/system/extras/tests/bootloader/</a> + >system/extras/tests/bootloader/</a></code> </li> <li> <a class="external-link nowrap" target="_blank" @@ -537,7 +540,7 @@ Android: 7e4333f9bba00adfe0ede979e28ed1920492b40f: X509.RSA 0492b40f [] </p> <p> For non-A/B updates, the recovery partition contains the code used to apply - updates. A/B updates are applied by update_engine running in the regular + updates. A/B updates are applied by <code>update_engine</code> running in the regular booted system image. There is still a recovery mode used to implement factory data reset and sideloading of update packages, which is where the name "recovery" came from. The code and data for recovery mode is stored in the @@ -577,7 +580,7 @@ partitions to which A/B applies.</p> </li> </ul> <p>For an example, see:<br> - <a href="https://android.googlesource.com/device/google/marlin/+/android-7.1.0_r1/device-common.mk">/device/google/marlin/+/android-7.1.0_r1/device-common.mk</a></p> +<code><a href="https://android.googlesource.com/device/google/marlin/+/android-7.1.0_r1/device-common.mk">/device/google/marlin/+/android-7.1.0_r1/device-common.mk</a></code></p> <p>Optionally, conduct the post-install (but pre-reboot) dex2oat step described within the <a href="#compilation">Compilation</a> section.</p> @@ -1030,8 +1033,8 @@ against the new dex files to generate the new odex files. This happens while the old system is still running, and so the old and new odex files are both on <code>/data</code> at the same time.</p> -<p>The code in OtaDexoptService (<a - href="https://android.googlesource.com/platform/frameworks/base/+/nougat-mr1-release/services/core/java/com/android/server/pm/OtaDexoptService.java#200">/platform/frameworks/base/+/nougat-mr1-release/services/core/java/com/android/server/pm/OtaDexoptService.java#200</a>) +<p>The code in OtaDexoptService (<code><a + href="https://android.googlesource.com/platform/frameworks/base/+/nougat-mr1-release/services/core/java/com/android/server/pm/OtaDexoptService.java#200">frameworks/base/+/nougat-mr1-release/services/core/java/com/android/server/pm/OtaDexoptService.java#200</a></code>) calls <code>getAvailableSpace</code> before optimizing each package to avoid over-filling <code>/data</code>. Note that <em>available</em> here is still conservative: it's the amount of space left <em>before</em> hitting the usual @@ -1046,11 +1049,11 @@ every odex file.</p> until the device has rebooted into the new system and no longer need the old system's odex files.</p> -<p>The PackageManager handles this: (<a - href="https://android.googlesource.com/platform/frameworks/base/+/nougat-mr1-release/services/core/java/com/android/server/pm/PackageManagerService.java#7215">/platform/frameworks/base/+/nougat-mr1-release/services/core/java/com/android/server/pm/PackageManagerService.java#7215</a>).</p> +<p>The PackageManager handles this: (<code><a + href="https://android.googlesource.com/platform/frameworks/base/+/nougat-mr1-release/services/core/java/com/android/server/pm/PackageManagerService.java#7215">frameworks/base/+/nougat-mr1-release/services/core/java/com/android/server/pm/PackageManagerService.java#7215</a></code>).</p> -<p>Once the new system has successfully booted, <code>installd</code> (<a - href="https://android.googlesource.com/platform/frameworks/native/+/nougat-mr1-release/cmds/installd/commands.cpp#2192">/platform/frameworks/native/+/nougat-mr1-release/cmds/installd/commands.cpp#2192</a>) +<p>Once the new system has successfully booted, <code>installd</code> (<code><a + href="https://android.googlesource.com/platform/frameworks/native/+/nougat-mr1-release/cmds/installd/commands.cpp#2192">frameworks/native/+/nougat-mr1-release/cmds/installd/commands.cpp#2192</a></code>) can remove the odex files that were used by the old system, returning the device back to the steady state where there's only one copy.</p> @@ -1087,8 +1090,8 @@ affect users or reviewers who get their device from the factory, because in that case the B partition is available.) Thanks to the JIT compiler, we also don't need to recompile <em>everything</em>, so it's not as bad as you might think. It's also possible to mark apps as requiring ahead-of-time compilation -using <code>coreApp="true"</code> in the manifest: (<a - href="https://android.googlesource.com/platform/frameworks/base/+/nougat-mr1-release/packages/SystemUI/AndroidManifest.xml#23">/platform/frameworks/base/+/nougat-mr1-release/packages/SystemUI/AndroidManifest.xml#23</a>)</p> +using <code>coreApp="true"</code> in the manifest: (<code><a + href="https://android.googlesource.com/platform/frameworks/base/+/nougat-mr1-release/packages/SystemUI/AndroidManifest.xml#23">frameworks/base/+/nougat-mr1-release/packages/SystemUI/AndroidManifest.xml#23</a></code>)</p> <p>This is currently used by system_server because it's not allowed to JIT for security reasons.</p> @@ -1183,14 +1186,15 @@ all that code is in AOSP (as mentioned above); but it's GmsCore that decides <em>what</em> and <em>when</em> to apply.</p> <p>If you’re not using GmsCore, you can write your own replacement using the same -platform APIs. The platform Java API for controlling update_engine is <code>android.os.UpdateEngine</code>:</p> -<a - href="https://android.googlesource.com/platform/frameworks/base/+/master/core/java/android/os/UpdateEngine.java">/platform/frameworks/base/core/java/android/os/UpdateEngine.java</a> +platform APIs. The platform Java API for controlling <code>update_engine</code> +is <code>android.os.UpdateEngine</code>:</p> +<code><a class="external-link" target="_blank" + href="https://android.googlesource.com/platform/frameworks/base/+/master/core/java/android/os/UpdateEngine.java">frameworks/base/core/java/android/os/UpdateEngine.java</a></code> <p>Callers can provide an <code>UpdateEngineCallback</code> to be notified of status updates:</p> -<a - href="https://android.googlesource.com/platform/frameworks/base/+/master/core/java/android/os/UpdateEngineCallback.java">/platform/frameworks/base/+/master/core/java/android/os/UpdateEngineCallback.java</a> +<code><a class="external-link" target="_blank" + href="https://android.googlesource.com/platform/frameworks/base/+/master/core/java/android/os/UpdateEngineCallback.java">frameworks/base/+/master/core/java/android/os/UpdateEngineCallback.java</a></code> <p>See the reference files for the core classes to use the interface.</p> diff --git a/en/devices/tech/test_infra/tradefed/full_example.html b/en/devices/tech/test_infra/tradefed/full_example.html index 32b6b28f..0d3574e1 100644 --- a/en/devices/tech/test_infra/tradefed/full_example.html +++ b/en/devices/tech/test_infra/tradefed/full_example.html @@ -353,7 +353,7 @@ tf> run example/helloworld </pre> <p>By default, tradefed -<a href"/reference/com/android/tradefed/log/StdoutLogger.html">outputs host log +<a href="/reference/com/android/tradefed/log/StdoutLogger.html">outputs host log messages to stdout</a>. TF also includes a log implementation that writes messages to a file: <a href="/reference/com/android/tradefed/log/FileLogger.html">FileLogger</a>. diff --git a/en/devices/tech/test_infra/tradefed/fundamentals/lifecycle.html b/en/devices/tech/test_infra/tradefed/fundamentals/lifecycle.html index a46bb22c..2926b14c 100644 --- a/en/devices/tech/test_infra/tradefed/fundamentals/lifecycle.html +++ b/en/devices/tech/test_infra/tradefed/fundamentals/lifecycle.html @@ -53,7 +53,7 @@ different Test Invocation Listener to store the test results in a database. A t might be designed run that test continuously from a test lab somewhere.</p> <p>It's convenient to note here that a Configuration along with its command-line arguments (as -provided by the Test Runner) is known as a <b>Command</b>. When TF takes pairs a Command with an +provided by the Test Runner) is known as a <b>Command</b>. When TF pairs a Command with an <code>ITestDevice</code> and executes it, the subsequent object is known as an <b>Invocation</b>. In short, an Invocation encompasses a complete TF test execution, across its entire lifecycle.</p> diff --git a/en/security/_toc.yaml b/en/security/_toc.yaml index c9c9e46e..2d20e410 100644 --- a/en/security/_toc.yaml +++ b/en/security/_toc.yaml @@ -37,6 +37,8 @@ toc: path: /security/advisory/ - title: 2017 Bulletins section: + - title: August + path: /security/bulletin/2017-08-01 - title: July path: /security/bulletin/2017-07-01 - title: June diff --git a/en/security/bulletin/2015.html b/en/security/bulletin/2015.html index 55577812..380764f3 100644 --- a/en/security/bulletin/2015.html +++ b/en/security/bulletin/2015.html @@ -28,10 +28,10 @@ please see the <a href="index.html">Android Security Bulletins</a> homepage.</p> <table> + <col width="15%"> + <col width="49%"> + <col width="17%"> <col width="19%"> - <col width="35%"> - <col width="23%"> - <col width="23%"> <tr> <th>Bulletin</th> <th>Languages</th> diff --git a/en/security/bulletin/2016.html b/en/security/bulletin/2016.html index de2f358e..6f8782f2 100644 --- a/en/security/bulletin/2016.html +++ b/en/security/bulletin/2016.html @@ -26,10 +26,10 @@ of all bulletins, see the <a href="index.html">Android Security Bulletins</a> homepage.</p> <table> + <col width="15%"> + <col width="49%"> + <col width="17%"> <col width="19%"> - <col width="35%"> - <col width="23%"> - <col width="23%"> <tr> <th>Bulletin</th> <th>Languages</th> diff --git a/en/security/bulletin/2017-08-01.html b/en/security/bulletin/2017-08-01.html new file mode 100644 index 00000000..51299a7c --- /dev/null +++ b/en/security/bulletin/2017-08-01.html @@ -0,0 +1,967 @@ +<html devsite> + <head> + <title>Android Security Bulletin—August 2017</title> + <meta name="project_path" value="/_project.yaml" /> + <meta name="book_path" value="/_book.yaml" /> + </head> + <body> + <!-- + Copyright 2017 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + //www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> +<p><em>Published August 7, 2017</em></p> + +<p>The Android Security Bulletin contains details of security vulnerabilities +affecting Android devices. Security patch levels of August 05, 2017 or later +address all of these issues. Refer to the <a +href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel +and Nexus update schedule</a> to learn how to check a device's security patch +level.</p> + +<p>Partners were notified of the issues described in the bulletin at least a month +ago. Source code patches for these issues will be released to the Android Open +Source Project (AOSP) repository in the next 48 hours. We will revise this +bulletin with the AOSP links when they are available. This bulletin also +includes links to patches outside of AOSP.</p> + +<p>The most severe of these issues is a critical security vulnerability in media +framework that could enable a remote attacker using a specially crafted file to +execute arbitrary code within the context of a privileged process. The <a +href="/security/overview/updates-resources.html#severity">severity +assessment</a> is based on the effect that exploiting the vulnerability would +possibly have on an affected device, assuming the platform and service +mitigations are turned off for development purposes or if successfully bypassed.</p> + +<p>We have had no reports of active customer exploitation or abuse of these newly +reported issues. Refer to the <a href="#mitigations">Android and Google Play +Protect mitigations</a> section for details on the <a +href="/security/enhancements/index.html">Android +security platform protections</a> and Google Play Protect, which improve the +security of the Android platform.</p> + +<p>We encourage all customers to accept these updates to their devices.</p> + +<p class="note"><strong>Note:</strong> Information on the latest over-the-air update (OTA) and +firmware images for Google devices is available in the <a +href="#google-device-updates">Google device updates</a> section.</p> + +<h2 id="announcements">Announcements</h2> +<ul> + <li>This bulletin has two security patch level strings to provide Android + partners with the flexibility to more quickly fix a subset of vulnerabilities + that are similar across all Android devices. See <a + href="#questions">Common questions and answers</a> for + additional information: + <ul> + <li><strong>2017-08-01</strong>: Partial security patch level string. This + security patch level string indicates that all issues associated with 2017-08-01 + (and all previous security patch level strings) are addressed.</li> + <li><strong>2017-08-05</strong>: Complete security patch level string. This + security patch level string indicates that all issues associated with 2017-08-01 + and 2017-08-05 (and all previous security patch level strings) are + addressed.</li> + </ul> + </li> +</ul> + +<h2 id="mitigations">Android and Google Play Protect mitigations</h2> + +<p>This is a summary of the mitigations provided by the <a +href="/security/enhancements/index.html">Android +security platform</a> and service protections such as <a +href="https://www.android.com/play-protect">Google Play Protect</a>. These +capabilities reduce the likelihood that security vulnerabilities could be +successfully exploited on Android.</p> +<ul> + <li>Exploitation for many issues on Android is made more difficult by + enhancements in newer versions of the Android platform. We encourage all users + to update to the latest version of Android where possible.</li> + <li>The Android security team actively monitors for abuse through <a + href="https://www.android.com/play-protect">Google Play Protect</a> and warns + users about + <a href="/security/reports/Google_Android_Security_PHA_classifications.pdf">Potentially + Harmful Applications</a>. Google Play Protect is enabled by default on devices + with <a href="http://www.android.com/gms">Google Mobile Services</a>, and is + especially important for users who install apps from outside of Google Play.</li> +</ul> + +<h2 id="2017-08-01-details">2017-08-01 security patch level—Vulnerability details</h2> + +<p>In the sections below, we provide details for each of the security +vulnerabilities that apply to the 2017-08-01 patch level. Vulnerabilities are +grouped under the component that they affect. There is a description of the +issue and a table with the CVE, associated references, <a +href="#type">type of vulnerability</a>, <a +href="/security/overview/updates-resources.html#severity">severity</a>, +and updated AOSP versions (where applicable). When available, we link the public +change that addressed the issue to the bug ID, like the AOSP change list. When +multiple changes relate to a single bug, additional references are linked to +numbers following the bug ID.</p> + +<h3 id="framework">Framework</h3> +<p>The most severe vulnerability in this section could enable a local malicious +application using a specially crafted file to execute arbitrary code within the +context of a privileged process.</p> + +<table> + <col width="17%"> + <col width="19%"> + <col width="9%"> + <col width="14%"> + <col width="39%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Updated AOSP versions</th> + </tr> + <tr> + <td>CVE-2017-0712</td> + <td>A-37207928</td> + <td>EoP</td> + <td>Moderate</td> + <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> + </tr> +</table> +<h3 id="libraries">Libraries</h3> +<p>The most severe vulnerability in this section could enable a remote attacker +using a specially crafted file to execute arbitrary code within the context of +an unprivileged process.</p> + +<table> + <col width="17%"> + <col width="19%"> + <col width="9%"> + <col width="14%"> + <col width="39%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Updated AOSP versions</th> + </tr> + <tr> + <td>CVE-2017-0713</td> + <td>A-32096780</td> + <td>RCE</td> + <td>High</td> + <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> + </tr> +</table> + +<h3 id="media-framework">Media framework</h3> +<p>The most severe vulnerability in this section could enable a remote attacker +using a specially crafted file to execute arbitrary code within the context of a +privileged process.</p> + +<table> + <col width="17%"> + <col width="19%"> + <col width="9%"> + <col width="14%"> + <col width="39%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Updated AOSP versions</th> + </tr> + <tr> + <td>CVE-2017-0714</td> + <td>A-36492637</td> + <td>RCE</td> + <td>Critical</td> + <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2017-0715</td> + <td>A-36998372</td> + <td>RCE</td> + <td>Critical</td> + <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2017-0716</td> + <td>A-37203196</td> + <td>RCE</td> + <td>Critical</td> + <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2017-0718</td> + <td>A-37273547</td> + <td>RCE</td> + <td>Critical</td> + <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2017-0719</td> + <td>A-37273673</td> + <td>RCE</td> + <td>Critical</td> + <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2017-0720</td> + <td>A-37430213</td> + <td>RCE</td> + <td>Critical</td> + <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2017-0721</td> + <td>A-37561455</td> + <td>RCE</td> + <td>Critical</td> + <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2017-0722</td> + <td>A-37660827</td> + <td>RCE</td> + <td>Critical</td> + <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2017-0723</td> + <td>A-37968755</td> + <td>RCE</td> + <td>Critical</td> + <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2017-0745</td> + <td>A-37079296</td> + <td>RCE</td> + <td>Critical</td> + <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2017-0724</td> + <td>A-36819262</td> + <td>DoS</td> + <td>High</td> + <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2017-0725</td> + <td>A-37627194</td> + <td>DoS</td> + <td>High</td> + <td>7.0, 7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2017-0726</td> + <td>A-36389123</td> + <td>DoS</td> + <td>High</td> + <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2017-0727</td> + <td>A-33004354</td> + <td>EoP</td> + <td>High</td> + <td>7.0, 7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2017-0728</td> + <td>A-37469795</td> + <td>DoS</td> + <td>High</td> + <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2017-0729</td> + <td>A-37710346</td> + <td>EoP</td> + <td>High</td> + <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2017-0730</td> + <td>A-36279112</td> + <td>DoS</td> + <td>High</td> + <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2017-0731</td> + <td>A-36075363</td> + <td>EoP</td> + <td>High</td> + <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2017-0732</td> + <td>A-37504237</td> + <td>EoP</td> + <td>High</td> + <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2017-0733</td> + <td>A-38391487</td> + <td>DoS</td> + <td>High</td> + <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2017-0734</td> + <td>A-38014992</td> + <td>DoS</td> + <td>High</td> + <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2017-0735</td> + <td>A-38239864</td> + <td>DoS</td> + <td>High</td> + <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2017-0736</td> + <td>A-38487564</td> + <td>DoS</td> + <td>High</td> + <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2017-0737</td> + <td>A-37563942</td> + <td>EoP</td> + <td>High</td> + <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2017-0738</td> + <td>A-37563371</td> + <td>ID</td> + <td>Moderate</td> + <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2017-0739</td> + <td>A-37712181</td> + <td>ID</td> + <td>Moderate</td> + <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> + </tr> +</table> +<h2 id="2017-08-05-details">2017-08-05 +security patch level—Vulnerability details</h2> +<p>In the sections below, we provide details for each of the security +vulnerabilities that apply to the 2017-08-05 patch level. Vulnerabilities are +grouped under the component that they affect and include details such as the +CVE, associated references, <a href="#type">type of +vulnerability</a>, <a +href="/security/overview/updates-resources.html#severity">severity</a>, +component (where applicable), and updated AOSP versions (where applicable). When +available, we link the public change that addressed the issue to the bug ID, +like the AOSP change list. When multiple changes relate to a single bug, +additional references are linked to numbers following the bug ID.</p> + +<h3 id="broadcom-components">Broadcom components</h3> +<p>The most severe vulnerability in this section could enable a remote attacker +using a specially crafted file to execute arbitrary code within the context of +an unprivileged process.</p> + +<table> + <col width="17%"> + <col width="19%"> + <col width="9%"> + <col width="14%"> + <col width="39%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Component</th> + </tr> + <tr> + <td>CVE-2017-0740</td> + <td>A-37168488<a href="#asterisk">*</a><br /> + B-RB#116402</td> + <td>RCE</td> + <td>Moderate</td> + <td>Networking driver</td> + </tr> +</table> +<h3 id="kernel-components">Kernel components</h3> +<p>The most severe vulnerability in this section could enable a local malicious +application to execute arbitrary code within the context of a privileged +process.</p> + +<table> + <col width="17%"> + <col width="19%"> + <col width="9%"> + <col width="14%"> + <col width="39%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Component</th> + </tr> + <tr> + <td>CVE-2017-10661</td> + <td>A-36266767<br /> +<a href="https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=1e38da300e1e395a15048b0af1e5305bd91402f6">Upstream +kernel</a></td> + <td>EoP</td> + <td>High</td> + <td>File system</td> + </tr> + <tr> + <td>CVE-2017-0750</td> + <td>A-36817013<a href="#asterisk">*</a></td> + <td>EoP</td> + <td>Moderate</td> + <td>File system</td> + </tr> + <tr> + <td>CVE-2017-10662</td> + <td>A-36815012<br /> +<a href="https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=b9dd46188edc2f0d1f37328637860bb65a771124">Upstream +kernel</a></td> + <td>EoP</td> + <td>Moderate</td> + <td>File system</td> + </tr> + <tr> + <td>CVE-2017-10663</td> + <td>A-36588520<br /> +<a href="https://sourceforge.net/p/linux-f2fs/mailman/message/35835945/">Upstream +kernel</a></td> + <td>EoP</td> + <td>Moderate</td> + <td>File System</td> + </tr> + <tr> + <td>CVE-2017-0749</td> + <td>A-36007735<a href="#asterisk">*</a></td> + <td>EoP</td> + <td>Moderate</td> + <td>Linux kernel</td> + </tr> +</table> +<h3 id="mediatek-components">MediaTek components</h3> +<p>The most severe vulnerability in this section could enable a local malicious +application to execute arbitrary code within the context of a privileged +process.</p> + +<table> + <col width="17%"> + <col width="19%"> + <col width="9%"> + <col width="14%"> + <col width="39%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Component</th> + </tr> + <tr> + <td>CVE-2017-0741</td> + <td>A-32458601<a href="#asterisk">*</a><br /> + M-ALPS03007523</td> + <td>EoP</td> + <td>High</td> + <td>GPU driver</td> + </tr> + <tr> + <td>CVE-2017-0742</td> + <td>A-36074857<a href="#asterisk">*</a><br /> + M-ALPS03275524</td> + <td>EoP</td> + <td>Moderate</td> + <td>Video driver</td> + </tr> +</table> +<h3 id="qualcomm-components">Qualcomm components</h3> +<p>The most severe vulnerability in this section could enable a local malicious +application to execute arbitrary code within the context of a privileged +process.</p> + +<table> + <col width="17%"> + <col width="19%"> + <col width="9%"> + <col width="14%"> + <col width="39%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Component</th> + </tr> + <tr> + <td>CVE-2017-0746</td> + <td>A-35467471<a href="#asterisk">*</a><br /> + QC-CR#2029392</td> + <td>EoP</td> + <td>Moderate</td> + <td>IPA driver</td> + </tr> + <tr> + <td>CVE-2017-0747</td> + <td>A-32524214<a href="#asterisk">*</a><br /> + QC-CR#2044821</td> + <td>EoP</td> + <td>Moderate</td> + <td>Proprietary Component</td> + </tr> + <tr> + <td>CVE-2017-9678</td> + <td>A-35258962<a href="#asterisk">*</a><br /> + QC-CR#2028228</td> + <td>EoP</td> + <td>Moderate</td> + <td>Video driver</td> + </tr> + <tr> + <td>CVE-2017-9691</td> + <td>A-33842910<a href="#asterisk">*</a><br /> + QC-CR#1116560</td> + <td>EoP</td> + <td>Moderate</td> + <td>MobiCore driver (Trustonic)</td> + </tr> + <tr> + <td>CVE-2017-9684</td> + <td>A-35136547<a href="#asterisk">*</a><br /> + QC-CR#2037524</td> + <td>EoP</td> + <td>Moderate</td> + <td>USB driver</td> + </tr> + <tr> + <td>CVE-2017-9682</td> + <td>A-36491445<a href="#asterisk">*</a><br /> + QC-CR#2030434</td> + <td>ID</td> + <td>Moderate</td> + <td>GPU driver</td> + </tr> +</table> + +<h2 id="google-device-updates">Google device updates</h2> +<p>This table contains the security patch level in the latest over-the-air update +(OTA) and firmware images for Google devices. The Google device firmware images +are available on the <a +href="https://developers.google.com/android/nexus/images">Google Developer +site</a>.</p> + +<table> + <tr> + <th>Google device</th> + <th>Security patch level</th> + </tr> + <tr> + <td>Pixel / Pixel XL</td> + <td>August 05, 2017</td> + </tr> + <tr> + <td>Nexus 5X</td> + <td>August 05, 2017</td> + </tr> + <tr> + <td>Nexus 6</td> + <td>August 05, 2017</td> + </tr> + <tr> + <td>Nexus 6P</td> + <td>August 05, 2017</td> + </tr> + <tr> + <td>Nexus 9</td> + <td>August 05, 2017</td> + </tr> + <tr> + <td>Nexus Player</td> + <td>August 05, 2017</td> + </tr> + <tr> + <td>Pixel C</td> + <td>August 05, 2017</td> + </tr> +</table> +<p>Google device updates also contain patches for these security +vulnerabilities, if applicable:</p> + +<table> + <col width="17%"> + <col width="19%"> + <col width="9%"> + <col width="14%"> + <col width="39%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Component</th> + </tr> + <tr> + <td>CVE-2017-0744</td> + <td>A-34112726<a href="#asterisk">*</a><br /> + N-CVE-2017-0744</td> + <td>EoP</td> + <td>Low</td> + <td>Sound driver</td> + </tr> + <tr> + <td>CVE-2017-9679</td> + <td>A-35644510<a href="#asterisk">*</a><br /> + QC-CR#2029409</td> + <td>ID</td> + <td>Low</td> + <td>SoC driver</td> + </tr> + <tr> + <td>CVE-2017-9680</td> + <td>A-35764241<a href="#asterisk">*</a><br /> + QC-CR#2030137</td> + <td>ID</td> + <td>Low</td> + <td>SoC driver</td> + </tr> + <tr> + <td>CVE-2017-0748</td> + <td>A-35764875<a href="#asterisk">*</a><br /> + QC-CR#2029798</td> + <td>ID</td> + <td>Low</td> + <td>Audio driver</td> + </tr> + <tr> + <td>CVE-2017-9681</td> + <td>A-36386593<a href="#asterisk">*</a><br /> + QC-CR#2030426</td> + <td>ID</td> + <td>Low</td> + <td>Radio driver</td> + </tr> + <tr> + <td>CVE-2017-9693</td> + <td>A-36817798<a href="#asterisk">*</a><br /> + QC-CR#2044820</td> + <td>ID</td> + <td>Low</td> + <td>Networking driver</td> + </tr> + <tr> + <td>CVE-2017-9694</td> + <td>A-36818198<a href="#asterisk">*</a><br /> + QC-CR#2045470</td> + <td>ID</td> + <td>Low</td> + <td>Networking driver</td> + </tr> + <tr> + <td>CVE-2017-0751</td> + <td>A-36591162<a href="#asterisk">*</a><br /> + QC-CR#2045061</td> + <td>EoP</td> + <td>Low</td> + <td>QCE driver</td> + </tr> + <tr> + <td>CVE-2017-9692</td> + <td>A-36731152<a href="#asterisk">*</a><br /> + QC-CR#2021707</td> + <td>DoS</td> + <td>Low</td> + <td>Graphics driver</td> + </tr> +</table> +<h2 id="acknowledgements">Acknowledgements</h2> +<p>We would like to thank these researchers for their contributions:</p> + +<table> + <col width="17%"> + <col width="83%"> + <tr> + <th>CVEs</th> + <th>Researchers</th> + </tr> + <tr> + <td>CVE-2017-0741, CVE-2017-0742, CVE-2017-0751</td> + <td>Baozeng Ding (<a href="https://twitter.com/sploving1">@sploving</a>), +Chengming Yang, and Yang Song of Alibaba Mobile Security Group</td> + </tr> + <tr> + <td>CVE-2017-9682</td> + <td>Billy Lau of Android Security</td> + </tr> + <tr> + <td>CVE-2017-0739</td> + <td><a href="mailto:shaodacheng2016@gmail.com">Dacheng Shao</a>, Hongli Han +(<a href="https://twitter.com/HexB1n">@HexB1n</a>), Mingjian Zhou (<a +href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>), and Xuxian Jiang +of <a href="http://c0reteam.org">C0RE Team</a></td> + </tr> + <tr> + <td>CVE-2017-9691, CVE-2017-0744</td> + <td>Gengjia Chen (<a +href="https://twitter.com/chengjia4574">@chengjia4574</a>) and <a +href="http://weibo.com/jfpan">pjf</a> of IceSword Lab, Qihoo 360 Technology Co. +Ltd.</td> + </tr> + <tr> + <td>CVE-2017-0727</td> + <td>Guang Gong (龚广) (<a +href="https://twitter.com/oldfresher">@oldfresher</a>) of Alpha Team, Qihoo 360 +Technology Co. Ltd.</td> + </tr> + <tr> + <td>CVE-2017-0737</td> + <td><a href="mailto:arnow117@gmail.com">Hanxiang Wen</a>, Mingjian Zhou (<a +href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>), and Xuxian Jiang +of <a href="http://c0reteam.org">C0RE Team</a></td> + </tr> + <tr> + <td>CVE-2017-0748</td> + <td>Hao Chen and Guang Gong of Alpha Team of Qihoo 360 Technology Co. Ltd.</td> + </tr> + <tr> + <td>CVE-2017-0731</td> + <td>Hongli Han (<a href="https://twitter.com/HexB1n">@HexB1n</a>), Mingjian +Zhou (<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>), and +Xuxian Jiang of <a href="http://c0reteam.org">C0RE Team</a></td> + </tr> + <tr> + <td>CVE-2017-9679</td> + <td>Nathan Crandall (<a href="https://twitter.com/natecray">@natecray</a>) of +Tesla's Product Security Team</td> + </tr> + <tr> + <td>CVE-2017-0726</td> + <td><a href="mailto:jiych.guru@gmail.com">Niky1235</a> (<a +href="https://twitter.com/jiych_guru">@jiych_guru</a>)</td> + </tr> + <tr> + <td>CVE-2017-9684, CVE-2017-9694, CVE-2017-9693, CVE-2017-9681, + CVE-2017-0738, CVE-2017-0728</td> + <td>Pengfei Ding (丁鹏飞), Chenfu Bao (包沉浮), and Lenx Wei (韦韬) of Baidu X-Lab +(百度安全实验室)</td> + </tr> + <tr> + <td>CVE-2017-9680</td> + <td><a href="https://twitter.com/ScottyBauer1">Scott Bauer</a></td> + </tr> + <tr> + <td>CVE-2017-0724</td> + <td>Seven Shen (<a href="https://twitter.com/lingtongshen">@lingtongshen</a>) +of TrendMicro</td> + </tr> + <tr> + <td>CVE-2017-0732</td> + <td>Timothy Becker of CSS Inc.</td> + </tr> + <tr> + <td>CVE-2017-10661</td> + <td>Tong Lin (<a +href="mailto:segfault5514@gmail.com">segfault5514@gmail.com</a>), Yuan-Tsung Lo +(<a href="mailto:computernik@gmail.com">computernik@gmail.com</a>), and Xuxian +Jiang of <a href="http://c0reteam.org">C0RE Team</a></td> + </tr> + <tr> + <td>CVE-2017-0712</td> + <td>Valerio Costamagna (<a href="https://twitter.com/vaio_co">@vaio_co</a>) +and Marco Bartoli (<a href="https://twitter.com/wsxarcher">@wsxarcher</a>)</td> + </tr> + <tr> + <td>CVE-2017-0716</td> + <td>Vasily Vasiliev</td> + </tr> + <tr> + <td>CVE-2017-0750, CVE-2017-0713, CVE-2017-0715, CVE-2017-10662CVE-2017-10663</td> + <td>V.E.O (<a href="https://twitter.com/vysea">@VYSEa</a>) of <a +href="http://blog.trendmicro.com/trendlabs-security-intelligence/category/mobile/">Mobile +Threat Response Team</a>, <a href="http://www.trendmicro.com">Trend Micro</a></td> + </tr> + <tr> + <td>CVE-2017-9678</td> + <td>Yan Zhou of Eagleye team, SCC, Huawei</td> + </tr> + <tr> + <td>CVE-2017-0749, CVE-2017-0746</td> + <td>Yonggang Guo (<a href="https://twitter.com/guoygang">@guoygang</a>) of +IceSword Lab, Qihoo 360 Technology Co. Ltd.</td> + </tr> + <tr> + <td>CVE-2017-0729</td> + <td>Yongke Wang of <a href="http://xlab.tencent.com">Tencent's Xuanwu +Lab</a></td> + </tr> + <tr> + <td>CVE-2017-0714, CVE-2017-0719, CVE-2017-0718, CVE-2017-0722, + CVE-2017-0725, CVE-2017-0720</td> + <td><a href="http://weibo.com/ele7enxxh">Zinuo Han</a> of Chengdu Security +Response Center, Qihoo 360 Technology Co. Ltd. and Ao Wang (<a +href="http://twitter.com/ArayzSegment">@ArayzSegment</a>) of <a +href="http://www.pwnzen.com/">Pangu Team</a></td> + </tr> + <tr> + <td>CVE-2017-0745</td> + <td><a href="http://weibo.com/ele7enxxh">Zinuo Han</a> of Chengdu Security +Response Center, Qihoo 360 Technology Co. Ltd.</td> + </tr> +</table> +<h2 id="questions">Common questions and answers</h2> +<p>This section answers common questions that may occur after reading this +bulletin.</p> + +<p><strong>1. How do I determine if my device is updated to address these issues? +</strong></p> + +<p>To learn how to check a device's security patch level, read the instructions on +the <a +href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel +and Nexus update schedule</a>.</p> +<ul> + <li>Security patch levels of 2017-08-01 or later address all issues associated + with the 2017-08-01 security patch level.</li> + <li>Security patch levels of 2017-08-05 or later address all issues associated + with the 2017-08-05 security patch level and all previous patch levels. + </li> +</ul> +<p>Device manufacturers that include these updates should set the patch string +level to:</p> +<ul> + <li>[ro.build.version.security_patch]:[2017-08-01]</li> + <li>[ro.build.version.security_patch]:[2017-08-05]</li> +</ul> +<p><strong>2. Why does this bulletin have two security patch levels?</strong></p> + +<p>This bulletin has two security patch levels so that Android partners have the +flexibility to fix a subset of vulnerabilities that are similar across all +Android devices more quickly. Android partners are encouraged to fix all issues +in this bulletin and use the latest security patch level.</p> +<ul> + <li>Devices that use the August 01, 2017 security patch level must include all + issues associated with that security patch level, as well as fixes for all + issues reported in previous security bulletins.</li> + <li>Devices that use the security patch level of August 05, 2017 or newer must + include all applicable patches in this (and previous) security + bulletins.</li> +</ul> +<p>Partners are encouraged to bundle the fixes for all issues they are addressing +in a single update.</p> + +<p id="type"><strong>3. What do the entries in the <em>Type</em> column mean?</strong></p> + +<p>Entries in the <em>Type</em> column of the vulnerability details table reference +the classification of the security vulnerability.</p> + +<table> + <col width="25%"> + <col width="75%"> + <tr> + <th>Abbreviation</th> + <th>Definition</th> + </tr> + <tr> + <td>RCE</td> + <td>Remote code execution</td> + </tr> + <tr> + <td>EoP</td> + <td>Elevation of privilege</td> + </tr> + <tr> + <td>ID</td> + <td>Information disclosure</td> + </tr> + <tr> + <td>DoS</td> + <td>Denial of service</td> + </tr> + <tr> + <td>N/A</td> + <td>Classification not available</td> + </tr> +</table> +<p><strong>4. What do the entries in the <em>References</em> column mean?</strong></p> + +<p>Entries under the <em>References</em> column of the vulnerability details table +may contain a prefix identifying the organization to which the reference value +belongs.</p> + +<table> + <col width="25%"> + <col width="75%"> + <tr> + <th>Prefix</th> + <th>Reference</th> + </tr> + <tr> + <td>A-</td> + <td>Android bug ID</td> + </tr> + <tr> + <td>QC-</td> + <td>Qualcomm reference number</td> + </tr> + <tr> + <td>M-</td> + <td>MediaTek reference number</td> + </tr> + <tr> + <td>N-</td> + <td>NVIDIA reference number</td> + </tr> + <tr> + <td>B-</td> + <td>Broadcom reference number</td> + </tr> +</table> +<p id="asterisk"><strong>5. What does a * next to the Android bug ID in the <em>References</em> +column mean?</strong></p> + +<p>Issues that are not publicly available have a <a href="#asterisk">*</a> next to the Android bug ID in +the <em>References</em> column. The update for that issue is generally contained +in the latest binary drivers for Nexus devices available from the <a +href="https://developers.google.com/android/nexus/drivers">Google Developer +site</a>.</p> + +<h2 id="versions">Versions</h2> +<table> + <col width="25%"> + <col width="25%"> + <col width="50%"> + <tr> + <th>Version</th> + <th>Date</th> + <th>Notes</th> + </tr> + <tr> + <td>1.0</td> + <td>August 7, 2017</td> + <td>Bulletin published.</td> + </tr> +</table> +</body> +</html> diff --git a/en/security/bulletin/2017.html b/en/security/bulletin/2017.html index 0e158344..c4d18c4b 100644 --- a/en/security/bulletin/2017.html +++ b/en/security/bulletin/2017.html @@ -26,10 +26,10 @@ of all bulletins, see the <a href="index.html">Android Security Bulletins</a> homepage.</p> <table> + <col width="15%"> + <col width="49%"> + <col width="17%"> <col width="19%"> - <col width="35%"> - <col width="23%"> - <col width="23%"> <tr> <th>Bulletin</th> <th>Languages</th> @@ -37,6 +37,22 @@ of all bulletins, see the <a href="index.html">Android Security Bulletins</a> ho <th>Security patch level</th> </tr> <tr> + <td><a href="2017-08-01.html">August 2017</a></td> + <td>Coming soon + <!-- + <a href="/security/bulletin/2017-08-01.html">English</a> / + <a href="/security/bulletin/2017-08-01.html?hl=ja">日本語</a> / + <a href="/security/bulletin/2017-08-01.html?hl=ko">한국어</a> / + <a href="/security/bulletin/2017-08-01.html?hl=ru">ру́сский</a> / + <a href="/security/bulletin/2017-08-01.html?hl=zh-cn">中文 (中国)</a> / + <a href="/security/bulletin/2017-08-01.html?hl=zh-tw">中文 (台灣)</a> + --> + </td> + <td>August 7, 2017</td> + <td>2017-08-01<br> + 2017-08-05</td> + </tr> + <tr> <td><a href="2017-07-01.html">July 2017</a></td> <td> <a href="/security/bulletin/2017-07-01.html">English</a> / diff --git a/en/security/bulletin/index.html b/en/security/bulletin/index.html index 99879218..e14f60e7 100644 --- a/en/security/bulletin/index.html +++ b/en/security/bulletin/index.html @@ -65,10 +65,10 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <h3 id="bulletins">Bulletins</h3> <table> + <col width="15%"> + <col width="49%"> + <col width="17%"> <col width="19%"> - <col width="35%"> - <col width="23%"> - <col width="23%"> <tr> <th>Bulletin</th> <th>Languages</th> @@ -76,6 +76,22 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <th>Security patch level</th> </tr> <tr> + <td><a href="/security/bulletin/2017-08-01.html">August 2017</a></td> + <td>Coming soon + <!-- + <a href="/security/bulletin/2017-08-01.html">English</a> / + <a href="/security/bulletin/2017-08-01.html?hl=ja">日本語</a> / + <a href="/security/bulletin/2017-08-01.html?hl=ko">한국어</a> / + <a href="/security/bulletin/2017-08-01.html?hl=ru">ру́сский</a> / + <a href="/security/bulletin/2017-08-01.html?hl=zh-cn">中文 (中国)</a> / + <a href="/security/bulletin/2017-08-01.html?hl=zh-tw">中文 (台灣)</a> + --> + </td> + <td>August 7, 2017</td> + <td>2017-08-01<br> + 2017-08-05</td> + </tr> + <tr> <td><a href="/security/bulletin/2017-07-01.html">July 2017</a></td> <td> <a href="/security/bulletin/2017-07-01.html">English</a> / diff --git a/en/security/overview/acknowledgements.html b/en/security/overview/acknowledgements.html index 8870b84c..53994b0e 100644 --- a/en/security/overview/acknowledgements.html +++ b/en/security/overview/acknowledgements.html @@ -50,7 +50,8 @@ Rewards</a> program.</p> <p>Dr. Asaf Shabtai of Ben Gurion University Cyber Lab</p> -<p>Baozeng Ding of Alibaba Mobile Security Group</p> +<p>Baozeng Ding (<a href="https://twitter.com/sploving1">@sploving</a>) +of Alibaba Mobile Security Group</p> <p>Ben Actis (<a href="https://twitter.com/ben_ra">@Ben_RA</a>)</p> @@ -164,9 +165,11 @@ of <a href="http://c0reteam.org">C0RE Team</a></p> <p>Makoto Onuki of Google</p> +<p>Marco Bartoli (<a href="https://twitter.com/wsxarcher">@wsxarcher</a>)</p> + <p><a href="mailto:salyzyn@android.com">Mark Salyzyn</a> of Google</p> -<p>Max Spector of Google:</p> +<p>Max Spector of Google</p> <p>Michael Goberman of IBM Security X-Force</p> @@ -250,6 +253,8 @@ of <a href="http://c0reteam.org">C0RE Team</a></p> <p>Uma Sankar Pradhan (<a href="https://twitter.com/umasankar_iitd">@umasankar_iitd</a>)</p> +<p>Valerio Costamagna (<a href="https://twitter.com/vaio_co">@vaio_co</a>)</p> + <p>Vasily Vasiliev</p> <p>V.E.O (<a href="https://twitter.com/vysea">@VYSEa</a>) of Mobile Threat @@ -279,6 +284,8 @@ of <a href="http://c0reteam.org">C0RE Team</a></p> <p>Xuxian Jiang of <a href="http://c0reteam.org">C0RE Team</a></p> +<p>Yan Zhou of Eagleye team, SCC, Huawei</p> + <p><a href="mailto:bigwyfone@gmail.com">Yanfeng Wang</a> of <a href="http://c0reteam.org">C0RE Team</a></p> @@ -297,6 +304,8 @@ of <a href="http://c0reteam.org">C0RE Team</a></p> <p>Yonggang Guo (<a href="https://twitter.com/guoygang">@guoygang</a>) of IceSword Lab, Qihoo 360 Technology Co. Ltd.</p> +<p>Yongke Wang of <a href="http://xlab.tencent.com">Tencent's Xuanwu Lab</a></p> + <p>Dr. Yossi Oren of Ben Gurion University Cyber Lab</p> <p>Yu Pan of Vulpecker Team, Qihoo 360 Technology Co. Ltd</p> diff --git a/en/source/build-numbers.html b/en/source/build-numbers.html index 1374d2e1..ef099f77 100644 --- a/en/source/build-numbers.html +++ b/en/source/build-numbers.html @@ -197,6 +197,36 @@ site:</p> </thead> <tbody> <tr> + <td>NZH54D</td> + <td>android-7.1.2_r33</td> + <td>Nougat</td> + <td>Pixel XL, Pixel</td> + </tr> + <tr> + <td>NKG47S</td> + <td>android-7.1.2_r32</td> + <td>Nougat</td> + <td>Pixel XL, Pixel</td> + </tr> + <tr> + <td>NHG47Q</td> + <td>android-7.1.2_r30</td> + <td>Nougat</td> + <td>Pixel XL, Pixel</td> + </tr> + <tr> + <td>NJH47F</td> + <td>android-7.1.2_r29</td> + <td>Nougat</td> + <td>Pixel XL, Pixel</td> + </tr> + <tr> + <td>N2G48C</td> + <td>android-7.1.2_r28</td> + <td>Nougat</td> + <td>Nexus 5X, Nexus 6P, Nexus Player, Pixel C</td> + </tr> + <tr> <td>NZH54B</td> <td>android-7.1.2_r27</td> <td>Nougat</td> @@ -330,6 +360,30 @@ site:</p> <td>Pixel C</td> </tr> <tr> + <td>N8I11B</td> + <td>android-7.1.1_r50</td> + <td>Nougat</td> + <td>Nexus 6</td> + </tr> + <tr> + <td>N9F27H</td> + <td>android-7.1.1_r49</td> + <td>Nougat</td> + <td>Nexus 9 (volantis)</td> + </tr> + <tr> + <td>N6F27I</td> + <td>android-7.1.1_r48</td> + <td>Nougat</td> + <td>Nexus 6</td> + </tr> + <tr> + <td>N4F27K</td> + <td>android-7.1.1_r47</td> + <td>Nougat</td> + <td>Nexus 9 (volantisg)</td> + </tr> + <tr> <td>N9F27F</td> <td>android-7.1.1_r46</td> <td>Nougat</td> diff --git a/en/source/initializing.html b/en/source/initializing.html index e2236185..430bb4b0 100644 --- a/en/source/initializing.html +++ b/en/source/initializing.html @@ -165,7 +165,7 @@ sudo apt-get install git gnupg flex bison gperf build-essential zip curl zlib1g- <p>On Ubuntu 10.10:</p> -<preclass="devsite-terminal devsite-click-to-copy"> +<pre class="devsite-terminal devsite-click-to-copy"> sudo ln -s /usr/lib32/mesa/libGL.so.1 /usr/lib32/mesa/libGL.so </pre> @@ -275,7 +275,7 @@ directory, you can add helper functions to your <code>~/.bash_profile</code>:</p <ul> <li> -To mount the image when you execute <code>mountAndroid</code>:</p> +To mount the image when you execute <code>mountAndroid</code>: <pre class="devsite-click-to-copy"> # mount the android file image |