aboutsummaryrefslogtreecommitdiff
path: root/en/security/bulletin/2017-12-01.html
diff options
context:
space:
mode:
Diffstat (limited to 'en/security/bulletin/2017-12-01.html')
-rw-r--r--en/security/bulletin/2017-12-01.html58
1 files changed, 32 insertions, 26 deletions
diff --git a/en/security/bulletin/2017-12-01.html b/en/security/bulletin/2017-12-01.html
index c841d979..9f2c9b60 100644
--- a/en/security/bulletin/2017-12-01.html
+++ b/en/security/bulletin/2017-12-01.html
@@ -21,7 +21,7 @@
limitations under the License.
-->
-<p><em>Published December 4, 2017</em>
+<p><em>Published December 4, 2017 | Updated December 6, 2017</em>
</p>
<p>
@@ -33,10 +33,9 @@ your Android version</a>.
</p>
<p>
Android partners are notified of all issues at least a month before publication.
-Source code patches for these issues will be released to the Android Open Source
-Project (AOSP) repository in the next 48 hours. We will revise this bulletin
-with the AOSP links when they are available.
-</p>
+Source code patches for these issues have been released to the Android Open
+Source Project (AOSP) repository and linked from this bulletin. This bulletin
+also includes links to patches outside of AOSP.</p>
<p>
The most severe of these issues is a critical security vulnerability in Media
framework that could enable a remote attacker using a specially crafted file to
@@ -116,21 +115,21 @@ additional permissions.</p>
</tr>
<tr>
<td>CVE-2017-0807</td>
- <td>A-35056974</td>
+ <td>A-35056974<a href="#asterisk">*</a></td>
<td>EoP</td>
<td>High</td>
<td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td>
</tr>
<tr>
<td>CVE-2017-0870</td>
- <td>A-62134807</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/minikin/+/22758c3312ada2cf9579c9c379875e3c7eb4b1f7">A-62134807</a></td>
<td>EoP</td>
<td>High</td>
<td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0</td>
</tr>
<tr>
<td>CVE-2017-0871</td>
- <td>A-65281159</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/base/+/8e151bf8999345399208d54663f103921ae5e1c6">A-65281159</a></td>
<td>EoP</td>
<td>High</td>
<td>8.0</td>
@@ -158,77 +157,79 @@ a privileged process.</p>
</tr>
<tr>
<td>CVE-2017-0872</td>
- <td>A-65290323</td>
+ <td><a href="https://android.googlesource.com/platform/external/skia/+/7a3ba537f7456b4870a983cd9e0a09bb3d478efc">A-65290323</a></td>
<td>RCE</td>
<td>Critical</td>
<td>7.0, 7.1.1, 7.1.2, 8.0</td>
</tr>
<tr>
<td>CVE-2017-0876</td>
- <td>A-64964675</td>
+ <td>A-64964675<a href="#asterisk">*</a></td>
<td>RCE</td>
<td>Critical</td>
<td>6.0</td>
</tr>
<tr>
<td>CVE-2017-0877</td>
- <td>A-66372937</td>
+ <td>A-66372937<a href="#asterisk">*</a></td>
<td>RCE</td>
<td>Critical</td>
<td>6.0</td>
</tr>
<tr>
<td>CVE-2017-0878</td>
- <td>A-65186291</td>
+ <td><a href="https://android.googlesource.com/platform/external/libhevc/+/a963ba6ac200ee4222ba4faa7137a69144ba668a">A-65186291</a></td>
<td>RCE</td>
<td>Critical</td>
<td>8.0</td>
</tr>
<tr>
<td>CVE-2017-13151</td>
- <td>A-63874456</td>
+ <td><a href="https://android.googlesource.com/platform/external/libmpeg2/+/4262d8eeee23d169ab0a141f103592f7172d95bc">A-63874456</a></td>
<td>RCE</td>
<td>Critical</td>
<td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0</td>
</tr>
<tr>
<td>CVE-2017-13153</td>
- <td>A-65280854</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/av/+/969f2c97f04a0570a23d4d94b6f0a0642d2224cb">A-65280854</a></td>
<td>EoP</td>
<td>High</td>
<td>8.0</td>
</tr>
<tr>
<td>CVE-2017-0837</td>
- <td>A-64340921</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/av/+/f759b8c4bcce2d3b3d45551be461f04297fa2bd3">A-64340921</a>
+ [<a href="https://android.googlesource.com/platform/frameworks/av/+/0957621867279da792808e43144f0c2b670d4c6c">2</a>]</td>
<td>EoP</td>
<td>High</td>
<td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0</td>
</tr>
<tr>
<td>CVE-2017-0873</td>
- <td>A-63316255</td>
+ <td><a href="https://android.googlesource.com/platform/external/libmpeg2/+/d1a1d7b88203a240488633e3a9b4cde231c3c4e3">A-63316255</a></td>
<td>DoS</td>
<td>High</td>
<td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0</td>
</tr>
<tr>
<td>CVE-2017-0874</td>
- <td>A-63315932</td>
+ <td><a href="https://android.googlesource.com/platform/external/libavc/+/252628cffba8702e36b98c193bcd2fe67d8237ee">A-63315932</a></td>
<td>DoS</td>
<td>High</td>
<td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0</td>
</tr>
<tr>
<td>CVE-2017-0880</td>
- <td>A-65646012</td>
+ <td><a href="https://android.googlesource.com/platform/external/skia/+/67f9bd2acfd17f64a33ae8ad14806a0c93b921d8">A-65646012</a>
+ [<a href="https://android.googlesource.com/platform/frameworks/base/+/adb5e0ba6d532c0d52b3bf89a1dbec4e3e7a6fd6">2</a>]</td>
<td>DoS</td>
<td>High</td>
<td>7.0, 7.1.1, 7.1.2</td>
</tr>
<tr>
<td>CVE-2017-13148</td>
- <td>A-65717533</td>
+ <td><a href="https://android.googlesource.com/platform/external/libmpeg2/+/60c4d957db5e18da39ec943f15171547b53305d6">A-65717533</a></td>
<td>DoS</td>
<td>High</td>
<td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0</td>
@@ -256,35 +257,35 @@ process.</p>
</tr>
<tr>
<td>CVE-2017-13160</td>
- <td>A-37160362</td>
+ <td><a href="https://android.googlesource.com/platform/system/bt/+/68a1cf1a9de115b66bececf892588075595b263f">A-37160362</a></td>
<td>RCE</td>
<td>Critical</td>
<td>7.0, 7.1.1, 7.1.2, 8.0</td>
</tr>
<tr>
<td>CVE-2017-13156</td>
- <td>A-64211847</td>
+ <td><a href="https://android.googlesource.com/platform/system/core/+/9dced1626219d47c75a9d37156ed7baeef8f6403">A-64211847</a></td>
<td>EoP</td>
<td>High</td>
<td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0</td>
</tr>
<tr>
<td>CVE-2017-13157</td>
- <td>A-32990341</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/base/+/dba1bb07e04b51b1bd0a1251711781e731ce9524">A-32990341</a></td>
<td>ID</td>
<td>High</td>
<td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0</td>
</tr>
<tr>
<td>CVE-2017-13158</td>
- <td>A-32879915</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/base/+/dba1bb07e04b51b1bd0a1251711781e731ce9524">A-32879915</a></td>
<td>ID</td>
<td>High</td>
<td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0</td>
</tr>
<tr>
<td>CVE-2017-13159</td>
- <td>A-32879772</td>
+ <td><a href="https://android.googlesource.com/platform/packages/apps/Settings/+/b5e93969a5e0c3a3f07e068dbc763cdd995a0e21">A-32879772</a></td>
<td>ID</td>
<td>High</td>
<td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0</td>
@@ -452,10 +453,10 @@ a privileged process.</p>
<table>
<col width="17%">
- <col width="19%">
+ <col width="21%">
<col width="9%">
<col width="14%">
- <col width="39%">
+ <col width="37%">
<tr>
<th>CVE</th>
<th>References</th>
@@ -797,5 +798,10 @@ of other fixes on their devices through their own security websites, such as the
<td>December 4, 2017</td>
<td>Bulletin published.</td>
</tr>
+ <tr>
+ <td>1.1</td>
+ <td>December 6, 2017</td>
+ <td>Bulletin revised to include AOSP links.</td>
+ </tr>
</table>
</body></html>
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-07 06:08:13 +0000