diff options
Diffstat (limited to 'en/security/bulletin/2017-12-01.html')
-rw-r--r-- | en/security/bulletin/2017-12-01.html | 58 |
1 files changed, 32 insertions, 26 deletions
diff --git a/en/security/bulletin/2017-12-01.html b/en/security/bulletin/2017-12-01.html index c841d979..9f2c9b60 100644 --- a/en/security/bulletin/2017-12-01.html +++ b/en/security/bulletin/2017-12-01.html @@ -21,7 +21,7 @@ limitations under the License. --> -<p><em>Published December 4, 2017</em> +<p><em>Published December 4, 2017 | Updated December 6, 2017</em> </p> <p> @@ -33,10 +33,9 @@ your Android version</a>. </p> <p> Android partners are notified of all issues at least a month before publication. -Source code patches for these issues will be released to the Android Open Source -Project (AOSP) repository in the next 48 hours. We will revise this bulletin -with the AOSP links when they are available. -</p> +Source code patches for these issues have been released to the Android Open +Source Project (AOSP) repository and linked from this bulletin. This bulletin +also includes links to patches outside of AOSP.</p> <p> The most severe of these issues is a critical security vulnerability in Media framework that could enable a remote attacker using a specially crafted file to @@ -116,21 +115,21 @@ additional permissions.</p> </tr> <tr> <td>CVE-2017-0807</td> - <td>A-35056974</td> + <td>A-35056974<a href="#asterisk">*</a></td> <td>EoP</td> <td>High</td> <td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> </tr> <tr> <td>CVE-2017-0870</td> - <td>A-62134807</td> + <td><a href="https://android.googlesource.com/platform/frameworks/minikin/+/22758c3312ada2cf9579c9c379875e3c7eb4b1f7">A-62134807</a></td> <td>EoP</td> <td>High</td> <td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0</td> </tr> <tr> <td>CVE-2017-0871</td> - <td>A-65281159</td> + <td><a href="https://android.googlesource.com/platform/frameworks/base/+/8e151bf8999345399208d54663f103921ae5e1c6">A-65281159</a></td> <td>EoP</td> <td>High</td> <td>8.0</td> @@ -158,77 +157,79 @@ a privileged process.</p> </tr> <tr> <td>CVE-2017-0872</td> - <td>A-65290323</td> + <td><a href="https://android.googlesource.com/platform/external/skia/+/7a3ba537f7456b4870a983cd9e0a09bb3d478efc">A-65290323</a></td> <td>RCE</td> <td>Critical</td> <td>7.0, 7.1.1, 7.1.2, 8.0</td> </tr> <tr> <td>CVE-2017-0876</td> - <td>A-64964675</td> + <td>A-64964675<a href="#asterisk">*</a></td> <td>RCE</td> <td>Critical</td> <td>6.0</td> </tr> <tr> <td>CVE-2017-0877</td> - <td>A-66372937</td> + <td>A-66372937<a href="#asterisk">*</a></td> <td>RCE</td> <td>Critical</td> <td>6.0</td> </tr> <tr> <td>CVE-2017-0878</td> - <td>A-65186291</td> + <td><a href="https://android.googlesource.com/platform/external/libhevc/+/a963ba6ac200ee4222ba4faa7137a69144ba668a">A-65186291</a></td> <td>RCE</td> <td>Critical</td> <td>8.0</td> </tr> <tr> <td>CVE-2017-13151</td> - <td>A-63874456</td> + <td><a href="https://android.googlesource.com/platform/external/libmpeg2/+/4262d8eeee23d169ab0a141f103592f7172d95bc">A-63874456</a></td> <td>RCE</td> <td>Critical</td> <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0</td> </tr> <tr> <td>CVE-2017-13153</td> - <td>A-65280854</td> + <td><a href="https://android.googlesource.com/platform/frameworks/av/+/969f2c97f04a0570a23d4d94b6f0a0642d2224cb">A-65280854</a></td> <td>EoP</td> <td>High</td> <td>8.0</td> </tr> <tr> <td>CVE-2017-0837</td> - <td>A-64340921</td> + <td><a href="https://android.googlesource.com/platform/frameworks/av/+/f759b8c4bcce2d3b3d45551be461f04297fa2bd3">A-64340921</a> + [<a href="https://android.googlesource.com/platform/frameworks/av/+/0957621867279da792808e43144f0c2b670d4c6c">2</a>]</td> <td>EoP</td> <td>High</td> <td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0</td> </tr> <tr> <td>CVE-2017-0873</td> - <td>A-63316255</td> + <td><a href="https://android.googlesource.com/platform/external/libmpeg2/+/d1a1d7b88203a240488633e3a9b4cde231c3c4e3">A-63316255</a></td> <td>DoS</td> <td>High</td> <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0</td> </tr> <tr> <td>CVE-2017-0874</td> - <td>A-63315932</td> + <td><a href="https://android.googlesource.com/platform/external/libavc/+/252628cffba8702e36b98c193bcd2fe67d8237ee">A-63315932</a></td> <td>DoS</td> <td>High</td> <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0</td> </tr> <tr> <td>CVE-2017-0880</td> - <td>A-65646012</td> + <td><a href="https://android.googlesource.com/platform/external/skia/+/67f9bd2acfd17f64a33ae8ad14806a0c93b921d8">A-65646012</a> + [<a href="https://android.googlesource.com/platform/frameworks/base/+/adb5e0ba6d532c0d52b3bf89a1dbec4e3e7a6fd6">2</a>]</td> <td>DoS</td> <td>High</td> <td>7.0, 7.1.1, 7.1.2</td> </tr> <tr> <td>CVE-2017-13148</td> - <td>A-65717533</td> + <td><a href="https://android.googlesource.com/platform/external/libmpeg2/+/60c4d957db5e18da39ec943f15171547b53305d6">A-65717533</a></td> <td>DoS</td> <td>High</td> <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0</td> @@ -256,35 +257,35 @@ process.</p> </tr> <tr> <td>CVE-2017-13160</td> - <td>A-37160362</td> + <td><a href="https://android.googlesource.com/platform/system/bt/+/68a1cf1a9de115b66bececf892588075595b263f">A-37160362</a></td> <td>RCE</td> <td>Critical</td> <td>7.0, 7.1.1, 7.1.2, 8.0</td> </tr> <tr> <td>CVE-2017-13156</td> - <td>A-64211847</td> + <td><a href="https://android.googlesource.com/platform/system/core/+/9dced1626219d47c75a9d37156ed7baeef8f6403">A-64211847</a></td> <td>EoP</td> <td>High</td> <td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0</td> </tr> <tr> <td>CVE-2017-13157</td> - <td>A-32990341</td> + <td><a href="https://android.googlesource.com/platform/frameworks/base/+/dba1bb07e04b51b1bd0a1251711781e731ce9524">A-32990341</a></td> <td>ID</td> <td>High</td> <td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0</td> </tr> <tr> <td>CVE-2017-13158</td> - <td>A-32879915</td> + <td><a href="https://android.googlesource.com/platform/frameworks/base/+/dba1bb07e04b51b1bd0a1251711781e731ce9524">A-32879915</a></td> <td>ID</td> <td>High</td> <td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0</td> </tr> <tr> <td>CVE-2017-13159</td> - <td>A-32879772</td> + <td><a href="https://android.googlesource.com/platform/packages/apps/Settings/+/b5e93969a5e0c3a3f07e068dbc763cdd995a0e21">A-32879772</a></td> <td>ID</td> <td>High</td> <td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0</td> @@ -452,10 +453,10 @@ a privileged process.</p> <table> <col width="17%"> - <col width="19%"> + <col width="21%"> <col width="9%"> <col width="14%"> - <col width="39%"> + <col width="37%"> <tr> <th>CVE</th> <th>References</th> @@ -797,5 +798,10 @@ of other fixes on their devices through their own security websites, such as the <td>December 4, 2017</td> <td>Bulletin published.</td> </tr> + <tr> + <td>1.1</td> + <td>December 6, 2017</td> + <td>Bulletin revised to include AOSP links.</td> + </tr> </table> </body></html> |